Skip to main content
Druva Documentation

Deploy Phoenix AWS proxy over Intranet

Phoenix Editions: File:/cross.pngBusiness         File:/tick.png Enterprise     File:/tick.pngElite
(Purchase Separately)

Phoenix AWS proxy is an Elastic Compute Cloud (EC2) instance that runs the Phoenix disaster recovery service. It orchestrates copying data from the Phoenix Cloud to your AWS account and creates a DR copy at a frequency specified in the DR plan. The Phoenix AWS proxy runs in your AWS account. The Phoenix AWS proxy is launched in the same AWS region where the virtual machine backups are located. The EC2 instances are started in the same region for disaster recovery.

Watch the following video to know more about how to deploy Phoenix AWS proxy.


Phoenix AWS proxy setup workflow

You must first select the AWS storage region on the Phoenix Management Console and create an AWS CloudFormation stack to define the AWS resources. Phoenix uses AWS CloudFormation to automate the current manual proxy deployment processes. It also includes the prerequisites of proxy deployments, such as the creation of IAM policy and IAM role, creation of IAM instance profile, security group, and attaching the policy to the proxy, deploy proxy by registering and activating the proxy.

AWS CloudFormation provides a simple JSON-based template to define all the AWS resources that you need to deploy your infrastructure for disaster recovery and a stack to create and manage the resources. For more information, see AWS CloudFormation Concepts.

The following diagram depicts the workflow to set up the Phoenix AWS proxy and the corresponding portals to perform the setup.

Before you begin

Before you deploy Phoenix AWS proxy in the AWS customer, ensure you have created an Amazon Virtual Private Cloud. For more information, see Create VPC for AWS proxy deployment.

How do I deploy Phoenix AWS proxy

This section provides instructions for deploying the Phoenix AWS proxy using AWS CloudFormation. AWS CloudFormation automates the deployment process of creating and managing the AWS resources in the AWS environment. It also facilitates the registration and activation of the Phoenix AWS Proxy with the Phoenix Cloud.

To register and activate a Phoenix AWS proxy, you must first select an AWS region on the Phoenix Management Console and create an AWS CloudFormation Stack on the AWS Management Console. You must register the Phoenix AWS proxy in the same region as the server storage region.

Step 1: Select an AWS region on the Phoenix Management Console

  1. Log in to the Phoenix Management Console.
  2. In the Organizations section of the Phoenix Dashboard, find your organization and then click the link to the configured virtual machines as shown in the following screenshot. Upon clicking the link, you’d be navigated to the VMs page.

    As an example, there are five virtual machines enabled for backup across two different regions US west and US east and none of them have been configured for DR yet. Our goal is to enable disaster recovery for them.
  3. To begin the process of enabling DR, go to Disaster Recovery on the menu bar. You would see an initial DR page displayed if you’re configuring disaster recovery for the first time in your organization.
  4. Click Register Phoenix AWS Proxy to register the first AWS proxy.
    The proxy deployment is automated through a CloudFormation stack, which will be deployed in a specific AWS region. 
  5. On the Register Phoenix AWS Proxy page, select the AWS region where your VMware backups are stored with Phoenix. For example, us-west-2.
  6. During the data transfer from the Druva account to your account, an EBS volume is attached to the Phoenix AWS proxy and data is transferred from a Druva S3 bucket through the proxy to the EBS volume. Next, the EBS volume snapshot is saved in an S3 bucket in your account. So, these components need to be in the same region to work efficiently.
  7. Click Create CloudFormation Stack.

This takes you to the AWS Management Console. If you are logged in to the AWS Management Console, you are directed to the Quick Create Stack page. Else, you are directed to the login page of the AWS Management Console. Use your credentials to log in and the Quick Create Stack page appears.

Your DR backup site is created in your  AWS account in the AWS cloud. We are deploying the AWS proxy and installing the Druva role and policy in the same account.

  1. On the Quick Create Stack page, you should see the stack created by Phoenix in your AWS account. Review the stack for the following parameters:



    Phoenix configuration

    There are two options for Phoenix configuration, which are two different templates for deployment.

    • InfraAndProxyDeployment: To deploy infrastructure and proxy 
    • ProxyDeployment: To deploy only the proxy 

    If you’re creating our first AWS proxy, choose infrastructure and proxy deployment, which creates a role and a policy.

    Phoenix activation token

    Auto-generated and is used to authenticate the AWS proxy with the Phoenix Cloud.


    Number of AWS proxy instances to be deployed

    Network Configuration

    Select the VPC created for AWS proxy earlier and select the subnet in an availability zone. 


    We recommend that you select c5.2xlarge from the list of instance types. Of course, you can choose another instance type from the AWS range of instances but take note that this instance type must support enhanced networking. You can find the list of such instance types on the Enhanced Networking on Linux page. To know more about instance types, see Amazon EC2 Instance Types


    Configures the keys that can be used to access the AWS proxy instance via SSH, if needed.


    Set it to true because the AWS proxy is deployed in a public subnet. The AWS proxy needs to communicate with the Phoenix Cloud over the Internet.

  2. Select both the checkboxes in the Capabilities section acknowledging that AWS CloudFormation might create IAM resources with custom names and that AWS CloudFormation might require the following capability: CAPABILITY_AUTO_EXPAND.
  3. Click Create stack
  4. You should be able to view your stack on the Stacks page. Verify that your EC2 instance is running by going to the Instances page. And lastly, go back to the Phoenix Management Console, select an organization, and click Disaster Recovery. You should see the newly deployed Phoenix AWS proxy created, connected, and deployed. 

You should deploy another AWS proxy in a different availability zone for the purpose of safety and resilience.  

  1. To deploy a second proxy, repeat steps 1 through 4 with the following variations of values in the parameters.



    Phoenix configuration

    There are two options for Phoenix configuration, which are two different templates for deployment.

    • InfraAndProxyDeployment: To deploy infrastructure and proxy 
    • ProxyDeployment: To deploy only the proxy 

    Choose ProxyDeployment.

    Network Configuration

    Select the same VPC that you used for creating the first CloudFormation stack but select the subnet in a different availability zone. This ensures that the second AWS proxy is a different geographical location. 

  2. Verify that your stack, EC2 instances, and AWS proxy have successfully been created and deployed.

After you click Create stack, Amazon creates the stack with the configuration parameters you set on the Quick create stack page. Verify the status of stack creation on the Stacks page on the AWS Management Console.

  • Was this article helpful?