Deploy AWS SaaS Connectors

If you want Cohesity DataProtect as a Service to protect your AWS EC2 instances using Cohesity Snapshots, you need to set up a SaaS Connection for each AWS region where you have EC2 instances to protect. Each SaaS Connector is an m5.xlarge AWS EC2 instance.

To prepare your AWS account for Cohesity SaaS Connector deployment in a Public or Private subnet, see AWS SaaS Connector Deployment Guide.

Create AWS SaaS Connection

To create an AWS SaaS Connection:

  1. In DataProtect as a Service, navigate to Sources.

  2. Click the Actions menu (⋮) next to the AWS account and select Setup SaaS Connection.

  3. In the Configure SaaS Connection for AWS dialog, provide:

    1. Region. Select the AWS region where you have EC2 instances to protect.

    2. Number of Connectors. Enter the number of SaaS Connectors you want to deploy in the region.

      For better performance and redundancy, we recommend that you deploy at least two SaaS Connectors for each SaaS Connection. To add (or remove) a SaaS Connector, see Manage User-Deployed SaaS Connections.

    3. Subnet. Select the subnet where you want the SaaS Connectors to be launched. Using a secured public subnet is more cost-efficient than a private subnet.

    4. Network Security Groups. Select the network security group to be associated with SaaS Connectors. You can provide multiple network security groups to be associated with SaaS Connectors. Make sure the network security group follows the firewall rules.

    5. DNS: By default, 8.8.8.8 is used as the Domain Name System (DNS) server. You can optionally, remove this default value and specify the IP addresses of the DNS servers that the Cohesity DataProtect as a Service should use. Separate multiple IPs with commas. Ensure the Active Directory DNS IP address (if applicable) is listed first. Verify that the NTP servers and other entities in the system can be resolved by the specified DNS server.

    6. NTP Servers: By default, time.google.com is used as the NTP server. You can optionally remove this default value and specify the IP address or the Fully Qualified Domain Name of the NTP server(s) that must be used to synchronize the time on the Cohesity DataProtect as a Service.

    7. Tags. Specify the tags to be used for your SaaS Connectors. (Optional)

    8. To create a SaaS connection for each region in your AWS account, click Add another SaaS Connection and provide the above details.

  4. Click Create Connections.

The progress status of the AWS SaaS Connection will be displayed in the UI:

If the connection fails, then the corresponding error message is displayed.

Next > Your new AWS SaaS Connection is now available to use when you protect your AWS EC2 instances.