Protect Your Amazon EC2 Instances

Once you have registered your AWS account, you are ready to protect the EC2 instances in that account.

If you have already registered your AWS account to protect AWS RDS or AWS S3 workloads, then you must Update the Existing CloudFormation Template to update the Cohesity permissions in your AWS account.

Cohesity's Options for EC2 Backup: AWS or Cohesity Snapshot

Cohesity DataProtect as a Service provides two options for Amazon EC2 backup:

  • AWS snapshot: Cohesity DataProtect as a Service protects the EC2 instances using the native AWS snapshots and stores them in the same AWS account and region as the source EC2 instances.

  • Cohesity snapshot:Cohesity DataProtect as a Service protects the EC2 instances by ingesting the backup data to an AWS region supported by the Cohesity DataProtect as a Service. The target AWS region is the region that is selected during AWS source registration. Cohesity snapshots provide an air-gapped backup and granular file & folder level recoveries. With air-gapped backup approach, the backed up data is isolated from any network connectivity, ensuring that your data remains safe. Network connectivity is resumed only during the recovery process, minimizing the risk of ransomware attacks.

When selecting a protection policy below, you can choose to back up your EC2 instances using either approach, or both.

Considerations

  • Backing up NFS mount points mounted on EC2 instance is not supported.

  • Cohesity does not support the backup and recovery of AWS EC2 instances with UEFI Preferred boot mode.

Add Protection to Your Registered Amazon EC2 Instances

To protect your Amazon EC2 instances:

  1. In DataProtect as a Service, navigate to Sources.

  2. Find the registered AWS account and click into it.

  3. Click the EC2 tab.

  4. Use the checkboxes to select the objects for protection. To protect the whole source, click the checkbox above the column.

  5. Click the Protect icon above the checkboxes.

  6. In the New Protection dialog, select a Policy from the following snapshot options:

    • Policy (AWS snapshot)

    • Policy (Cohesity snapshot)

    You can create AWS snapshots, Cohesity snapshots, or both. If you choose to create both snapshot types, you can use either the same policy or different policies to specify the backup frequency and retention.

    If the existing policies do not meet your needs, you can create a new policy with the backup frequency and retention settings as desired.

    If you have selected Policy (Cohesity snapshot), ensure that an AWS SaaS Connection is deployed for all the AWS regions where you have instances to protect. If a region in your AWS account does not have a SaaS Connection deployed, protecting the Amazon EC2 instances in that region will fail.

    To view the SaaS Connections that are already configured, click the Actions menu () next to the registered AWS source and select Setup SaaS Connection.

  7. If you wish to change or configure any of the additional settings , select More Options and perform the below steps or else, click Protect.

  8. Under Settings, edit the Start Time if necessary.

  9. In the SLA field, define how long the administrator expects a protection run to take. Enter:

    • Full. The number of minutes you expect a full protection run, which captures all the blocks in an object, to take.

    • Incremental. The number of minutes you expect an incremental protection run, which captures only the changed blocks in an object, to take.

  10. If you need to change any of the additional settings, click the down arrow icon next to Additional Settings and click Edit.

  11. Click Protect.

Cohesity DataProtect as a Service starts backing up the Amazon EC2 instances you selected. You can monitor the status of the backup in the Activity page.

Also, the Activity tab of a specific Amazon EC2 instance shows the history of all protection runs, including the one in progress.

If you have selected both AWS snapshot and Cohesity snapshot policies, then the Activity page will display two protection runs for the objects that are being backed up:

  • Backup. The protection run created for Cohesity snapshot-based protection.

  • Backup (AWS Snapshot). The protection run created for AWS snapshot-based protection.

To learn about managing the existing protection, see Manage Existing Protection.

Additional Settings

Advance Settings Description
End Date

If you need to end protection on a specific date, enable this to select the date.
Backup Type

Available only if you have selected AWS snapshot policy. Enable Create AMI and specify how often AMI should be created. For example, for the protection, you have configured an AWS snapshot policy with backup frequency set as daily. Now if you specify to create AMI for Every 5 runs, then in a month, AMI will created for 6 protection runs.
Quiet Times Available only if the selected policy has at least one quiet time period. Toggle it ON to specify that all currently executing protection runs should abort if a quiet time period specified for the Protection Group starts. By default this toggle is OFF, which means after a protection run starts, it continues to execute even when a quiet time period specified for this protection run starts. However, a new protection run will not start during a quiet time period.

Next > When the first protection run completes, you will be ready to recover your protected Amazon EC2 instances if and when you need to.