Recover Amazon EC2 Files and Folders

You can download or restore specific files and folders from a protected EC2 instance to either the original or an alternate EC2 instance.

Prerequisites

  • The SaaS Connector must be able to reach the target VM on port 50051 so that the SaaS Connector can push the files being recovered to the target VM using the Cohesity agent.

  • If the Cohesity Agent is to be installed as part of the recovery task in Cohesity, ensure that:

    • AWS Systems Manager Agent (SSM) access is available on the target VM. For more information, see AWS documentation.

    • The target VM is able to reach the SaaS Connector on port 443 so that the target VM can pull the agent installer from the SaaS Connector.

    For enhanced security, when installing the agent on the target EC2, Cohesity automatically deploys an X.509 certificate.

Considerations

When recovering files and folders from protected Amazon EC2 instances, remember:

  • Files and folders download is only available for EC2 Cohesity snapshots and not for AWS snapshots.

  • The maximum number of files that can be recovered is up to 100k.

  • Download of symlinks is not available.

  • Recovery of Windows symlinks is not supported.

  • Recovery of files and folders from a combination of different volumes is not supported.

Recover Amazon EC2 Files and Folders

To restore files from a Cohesity snapshot to an Amazon EC2 instance, you need an AWS SaaS Connection deployed in the target AWS region.

To recover or download your files and folders from your protected Amazon EC2 instances:

  1. In DataProtect as a Service, navigate to Sources.

  2. Click the Source name.

  3. Select Protection Status > Protected.

  4. Use the filters, search box, and views to locate and select the EC2 instances you want to recover.

    You can also use Global Search to locate, filter, and select the objects you need. Click the Global Search box at the top or type slash (/) anywhere to start your search.

  5. Click the required EC2 backed up as a Cohesity Snapshot and click the Recover Files icon for the EC2. The page with the EC2 details is displayed.

  6. Select the timeline drop-down list on the top right corner to select the snapshot and click Apply.

  7. Click the required volume to browse the file system and select the file or folder to be recovered.

    You can click Download Files to download the selected files.

  8. Click Next. The Files page is displayed.

  9. Under Recover To, select Original Server or New Server.

    • For recovery to the original EC2, you can provide the new recovery path in the Recover To field or use the Recover To Original Path option to recover to the original path on the original server.

    • For recovery to an alternate EC2, you can choose any AWS server and select a Target. Provide the new recovery path in the Recover To field.

    The recovery process will attempt to install the Cohesity Agent on the target EC2 instance using AWS SSM. If the SSM agent is not running on the target EC2 instance or if the Cohesity IAM role does not have access to send SSM commands to the target EC2 instance, then you can download the agent using the Download Cohesity Agent link and install it on the target EC2 instance before starting the recovery. For more details, see Download and Install the Cohesity Agent.

  10. Select your Recovery Options:

    • Overwrite Existing File/Folder: Enable this option to overwrite the existing files and folders. Disable this option to create the files and folders in the specified location. If a file with the same name already exists in the target location, the file is overwritten or skipped based on this selection.
      If Overwrite Existing File/Folder is enabled, recovering a file to source when the file is in use may cause the open file to be overwritten. Whether overwriting occurs depends on the application using the file.

    • Preserve File/Folder Attributes: By default, this option is enabled and the ACLs, permissions, and timestamps are preserved for all files and folders. If you disable this option, then ACLs and permissions are not preserved. If both folders and files are recovered, then folders will receive the new timestamps, but files retain their original timestamps. If recovering only files, then files will receive the new timestamps.

    • Continue on Error: Enable this option if you want to continue the recovery even if one of the objects encounters an error. By default, this option is disabled and the recovery operation will fail if one of the objects encounters an error.

    • Task Name: Change the default name of the recovery task.

  11. Click Recover.

Cohesity DataProtect as a Service begins to restore the selected Amazon EC2 files and folders.

Download and Install the Cohesity Agent

Install the Cohesity Agent on each Windows and Linux Amazon EC2 instance that you want to recover to.

Install the Cohesity Windows Agent

To download and install the Cohesity Windows Agent:

  1. Navigate to the Files page to recover the Amazon EC2 instance. To access the Files page, follow steps 1-8 in Recover Amazon EC2 Files and Folders above.

  2. Click Download Cohesity Agent and download it to the appropriate server.

  3. As an administrator with local system privileges on that server, run the executable and complete the installation wizard.

Install the Cohesity Linux Agent

The Cohesity Linux Agent is available with different installer packages, providing support on multiple Linux distributions. You’ll need to install the appropriate package (RPM, Debian, or SUSE RPM) for your Linux distribution or install the script installer package.

The installer packages and Linux distributions on which the installer package is supported are:

Installer Package Linux Distribution
(Default) RPM RHEL and its click derivative
Suse RPM SUSE
Debian Ubuntu
Script Installer All supported Linux Operating Systems

The Cohesity Linux Agent has dependencies on the following packages, which must be installed on the Linux server:

Command/Package

RHEL

SUSE

CentOS

Ubuntu

Debian

rsync

rsync

rsync

rsync

rsync

rsync

mount

util-linux

util-linux

util-linux

mount

mount

lvm2

lvm2

lvm2

lvm2

lvm2

lvm2

sudo

sudo

sudo

sudo

sudo

sudo

coreutils

coreutils

coreutils

coreutils

coreutils

coreutils

util-linux

util-linux

util-linux

util-linux

util-linux

util-linux

nfs client

nfs-utils

nfs client

nfs-utils

nfs-common

nfs-common

lsof

lsof

lsof

lsof

lsof

lsof

wget

wget

wget

wget

wget

wget

Install RPM, Debian, or SUSE RPM Installer Package

To install the RPM, Debian, or SUSE installer package:

  1. Navigate to the Files page to recover the Amazon EC2 instance. To access the Files page, follow steps 1-8 in Recover Amazon EC2 Files and Folders above.

  2. Click Download Cohesity Agent. Based on your Linux distribution, from the Download Agents window, select RPM, Debian, or SUSE RPM and download it to the server you want to protect.

  3. As the root user with local system privileges on that server, change the directory to the location of the installer package.

  4. Run the following command depending on the installer package:

    Installer Package Command
    RPM

    rpm -i el-cohesity-agent-6.5.1-1.x86_64.rpm

    or

    yum localinstall ./el-cohesityagent-6.5.1-1.x86_64.rpm
    Debian dpkg -i cohesity-agent_6.5.1-1_amd64.deb
    Suse RPM rpm -i cohesity-agent-6.5.1-1.x86_64.rpm

    By default, the installation uses the root user permission for all the files, and the service is started as root. Therefore, it is necessary to add non-root users to the sudoers list by making the following changes in the /etc/sudoers file:

    <username> ALL=(ALL) NOPASSWD:ALL
    Defaults:<username> !requiretty

  5. To start the service as a non-root user, create a new user or use an existing user with sudo permission and run the following command:

    Installer Package Command
    RPM export COHESITYUSER=<username> ; rpm -i el-cohesity-agent-6.5.1-1.x86_64
    Debian COHESITYUSER=<username> dpkg -i cohesity-agent_6.5.1-1_amd64
    Suse RPM export COHESITYUSER=<username> rpm -i cohesity-agent-6.5.1-1.x86_64

  6. Provide the location details for:

    • Installation directory: /opt/cohesity

    • Log file: /var/log/cohesity

Install Script Installer Package

To install the script installer package:

  1. Navigate to the Files page to recover the Amazon EC2 instance. To access the Files page, follow steps 1-8 in Recover Amazon EC2 Files and Folders above.

  2. Click Download Cohesity Agent. In the Download Agents window, select Script Installer based on your Linux distribution, and download it to the server you want to protect.

  3. As the root user with local system privileges on that server, change the directory to the location of the installer package.

    For SLES 11 SP4, you are required to install the Agent as the root user.

  4. Make the installer executable. For example:

    chmod +x cohesity_agent_6.5.1-master_linux_x64_installer

  5. Run the executable:

    sudo cohesity_agent_6.5.1-master_linux_x64_installer -- --install

  6. Provide the location details for:

    • Installation directory: /home/<username>/cohesityagent or /root/cohesityagent

    • Log file: /home/cohesityagent/cohesityagent/logs

The Agent starts after installation completes, as follows:

  • CentOS and RedHat (distributions with the "systemd" init system): The Agent starts automatically.

  • Ubuntu (distributions with the "upstart" init system): The Agent starts automatically.

    If a Linux server's /etc/sudoers file is managed by a deployment engine such as Chef, Puppet, or others, this might affect Cohesity's interaction with servers that have the Linux Agent installed. Take the corresponding actions depending on user type:

    Agent Installation by User Type Action Required
    As the default cohesityagent user

    The Cohesity Linux Agent is installed using the cohesityagent user by default.

    For default installations, the cohesityagent user is created by the installer. During installation, the installer updates the /etc/sudoers file to allow cohesityagent sudo and no-tty sudo access.

    Ensure the following settings in the /etc/sudoers file for the cohesityagent user are preserved:

    cohesityagent  ALL=(ALL) NOPASSWD:ALL
    Defaults:cohesityagent !requiretty

    For example:

    #includedir /etc/sudoers.d
    dgoble ALL=(ALL) NOPASSWD:ALL
    cohbackup ALL=(ALL) NOPASSWD:ALL
    Defaults:cohbackup !requiretty
    As a non-default user, for example, foo Ensure the above settings in the /etc/sudoers file for the foo user are preserved by replacing the occurrences of 'cohesityagent' with 'foo'.
    As root user No changes required.