Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. Cohesity Cloud Scale Technology Manual Deployment Guide for Kubernetes Clusters
  3. Section I. Configurations
  4. Prerequisites
  5. Prerequisites for Cloud Scale configuration
  6. Cloud specific settings
Cohesity Cloud Scale Technology Manual Deployment Guide for Kubernetes Clusters

Cloud specific settings

For AWS
  1. Configuration of EBS endpoint: Create VPC endpoint to EBS for reduced cost and better performance during backup from snapshot operation in AWS.

    For more information on creating AWS EBS direct interface endpoint, refer to the AWS Documentation.

  2. Configuration of S3 endpoint, for S3 as the target for backup from snapshot operations:

    If the STU configured in context of backup job is S3, the configure VPC Gateway endpoint to S3 service. For more information on how to create S3 endpoint, refer to the AWS Documentation.

  3. Permissions and role assignment: Before plugin configuration, the Kubernetes cluster requires permissions to be assigned to IAM of Primary nodepool. The IAM role must be assigned during the node pool creation as follows:

    • Create a nodepool with the name as nbupool.

    • Assign the appropriate IAM role to the nbupool nodepool.

    • If the IAM role is assigned after the plugin configuration, then restart the agent pod using the following command:

      $ Kubectl delete pod <flexsnap agent pod> -n <nbu namespace>

    Note:

    When upgrading to NetBackup version 11.0 or later, ensure that you add eks:ListNodegroups permission to the role.

  4. AWS EFS bursting mode: Considering the performance and cost, it is recommended to select the bursting mode for the volume based on EFS (AWS).

  5. Recommended PV sizes: If required the PV sizes (catalog, MSDP log PV's) can be altered after the Cloud Scale deployment.

  6. Expiring image before the default time: If required the backup image can be expired within the default 24 hours of backup from the primary pod/container by running the following command:

    # bpexpdate -backupid <backup id> [-copy <number>] [-force]

For AKS
  1. Permissions and role assignment: Before plugin configuration, the Kubernetes cluster requires permissions to be assigned to the System Managed Identity as follows:

    • Obtain the name of the infrastructure resource group for the Kubernetes cluster.

    • Enable the System Managed Identity on the identified nodepool (nbupool).

    • Assign the role having the Snapshot Manager permission.

  2. Recommended PV sizes: If required the PV sizes (catalog, MSDP log PV's) can be altered after the Cloud Scale deployment.

  3. Expiring image before the default time: If required the backup image can be expired within the default 24 hours of backup from the primary pod/container by running the following command:

    # bpexpdate -backupid <backup id> [-copy <number>] [-force]

Feedback

Was this page helpful?
Previous

Cluster specific settings

Next

Prerequisites for deploying environment operators

Feedback

Was this page helpful?