Deploy AWS SaaS Connectors

If you want Cohesity Cloud Protection Service to protect your AWS EC2 instances using Cohesity Snapshots, you need to set up a SaaS Connection for each AWS region where you have EC2 instances to protect. Each SaaS Connector is an m5.xlarge AWS EC2 instance.

To prepare your AWS account for Cohesity SaaS Connector deployment in a Public or Private subnet, see AWS SaaS Connector Deployment Guide.

Create AWS SaaS Connection

To create an AWS SaaS Connection:

In Cloud Protection Service, navigate to Sources.
Click the Actions menu (⋮) next to the AWS account and select Setup SaaS Connection.
In the Manage SaaS Connection for AWS Account: <account_name> dialog, provide:
1. Region. Select the AWS region where you have EC2 instances to protect.
2. Number of Connectors. Enter the number of SaaS Connectors you want to deploy in the region.
  
  For better performance and redundancy, we recommend that you deploy at least two SaaS Connectors for each SaaS Connection. To add (or remove) a SaaS Connector, see Manage User-Deployed SaaS Connections.
3. Autoscaling: Enable this option to automatically scale AWS SaaS Connectors within a SaaS Connection based on its load (CPU and memory consumption). When enabled, provide the following configuration details:
  - Minimum Number of Connectors: Specify the minimum number of connectors you want to deploy when the load consumption is less.
  - Maximum Number of Connectors: Specify the maximum number of connectors you want to deploy when the load consumption is high.
  - Auto-scale will not function if one or more SaaS Connectors deployed are not healthy.
  - Backup durations may be longer when SaaS Connectors are in the scaling-up phase at the start of a scheduled backup.
4. Subnet. Select the subnet where you want the SaaS Connectors to be launched. Using a secured public subnet is more cost-efficient than a private subnet.
5. Network Security Groups. Select the network security group to be associated with SaaS Connectors. You can provide multiple network security groups to be associated with SaaS Connectors. Make sure the network security group follows the firewall rules.
6. DNS: By default, 8.8.8.8 is used as the Domain Name System (DNS) server. You can optionally, remove this default value and specify the IP addresses of the DNS servers that the Cohesity Cloud Protection Service should use. Separate multiple IPs with commas. Ensure the Active Directory DNS IP address (if applicable) is listed first. Verify that the NTP servers and other entities in the system can be resolved by the specified DNS server.
7. NTP Servers: By default, time.google.com is used as the NTP server. You can optionally remove this default value and specify the IP address or the Fully Qualified Domain Name of the NTP server(s) that must be used to synchronize the time on the Cohesity Cloud Protection Service.
8. Tags. (Optional) Specify the key-value pairs (tags) to be used for your SaaS Connectors. These tags are also applied to the AMI shared by Cohesity during the SaaS deployment process.
9. To create a SaaS connection for each region in your AWS account, click Add another SaaS Connection and provide the above details.
Click Create Connections.

The progress status of the AWS SaaS Connection will be displayed in the UI:

If the connection fails, then the corresponding error message is displayed.

Next > Your new AWS SaaS Connection is now available to use when you protect your AWS EC2 instances.

Baas Documentation