Requirements for Amazon RDS Custom for SQL Server
To protect Amazon RDS Custom for SQL Server using Cloud Protection Service:
-
The SQL Server instance must be Amazon RDS Custom for SQL Server
-
The Cohesity Agent must be installed on the underlying EC2 instance
-
The AWS SaaS Connector must be deployed in the same AWS account
Minimum Permissions
To be able to register an Amazon RDS Custom for SQL Server source, you need to first install the Cohesity Agent on that source. To install the Cohesity Agent, you can use either the LOCAL SYSTEM account or an account that:
-
Is a member of the local Windows Administrators group. For example, if qa01\tme-backup is an Active Directory user account in the data center that the backup admin plans to use, qa01\tme-backup must be part of the local Windows Administrators group on the SQL server.
-
Has Log on as a service in the User Rights Assignment on the EC2 instance to install the CohesityAgent.
-
Has the sysadmin role in the Amazon RDS Custom for SQL Server instance for transaction (T-log) log backup requirements. The sysadmin role is a Microsoft requirement that allows third-party solutions to back up transaction logs (T-logs) for full and bulk-logged recovery model databases.
Check Firewall Ports
Ensure that the ports listed in the Microsoft SQL Servers section in the Firewall Ports topic are open to allow communication between the Cohesity SaaS Connector(s) and EC2 instance.
Ensure the following connectivity between the AWS SaaS Connector and the RDS Custom EC2 instance:
| Source | Destination | Port | Protocol | Purpose |
|---|---|---|---|---|
| SaaS Connector | EC2 | 50051 | TCP | Backup operations |
| EC2 | SaaS Connector | 11113, 11117 | TCP | VDI-based backup and restore |
| SaaS Connector | SQL Server | 1433 | TCP | SQL Server traffic |
Download and Install the Agent
Install the Cohesity Agent on the underlying EC2 instances that host the Amazon RDS Custom for SQL Server databases you want to protect.
To install the Cohesity Agent:
-
In Cloud Protection Service, navigate to Sources and select Register Source > Microsoft SQL Server.
-
At the bottom of the Register a Microsoft SQL Server dialog, click Download Cohesity Agent. Make sure you download the Agent on the server you plan to protect.
-
Run the installer using one of the following:
-
The LOCAL SYSTEM account, or
-
A domain or local account that meets the minimum permissions requirements.
-
-
Wait for the Agent installation to finish. In SQL Server Management Studio (SSMS), validate that the account used to install the Cohesity Agent has SQL Server Role: sysadmin in the SQL server instances.
-
The Agent starts automatically.
Repeat the Agent installation process on each on EC2 instances that host the Amazon RDS Custom for SQL Server databases you want to protect.
Install AWS SaaS Connector
To connect to Amazon RDS Custom for SQL Server, you must use the AWS SaaS Connector(s) to establish connectivity between the RDS Custom instances and Cohesity Cloud Protection Service. The AWS SaaS Connector must be deployed in the same AWS account where the Amazon RDS Custom for SQL Server instances are hosted. For more information, see Deploy AWS SaaS Connector.
Next > Register your Microsoft SQL Server source to protect your databases!
