The N2WS management console is accessed via a web browser over HTTPS.
- When a new N2WS Server is launched, the server will automatically generate a new self-signed SSL certificate. This certificate will be used for the web application in the configuration step.
- If no other SSL certificate is uploaded to the N2WS Server, the same certificate will be used also for the main N2WS application.
- Every N2WS Server will get its own certificate.
- Since the certificate is not signed by an external Certificate Authority, you will need to approve an exception in your browser to start using N2WS.
When configuring the N2WS server, define the following settings:
- AWS Credentials for the N2WS root user.
- Time zone for the server.
- Whether to create a new CPM data volume or attach an existing one from a previous N2WS server.
- Whether to create an additional N2WS server from an existing data volume during Force Recovery Mode.
- Proxy settings. Configure proxy settings in case the N2WS server needs to connect to the Internet via a proxy. These settings will also apply to the main application.
- The port the webserver will listen on. The default is 443.
- Whether to upload an SSL certificate and a private key for the N2WS server to use. If you provide a certificate, you will also need to provide a key, which must not be protected by a passphrase.
- Register the AWS account with N2W Software. This is mandatory only for free trials but is recommended for all users. It will allow N2W Software to provide quicker and enhanced support. Registration information is not shared.
For the configuration process to work, as well as for normal N2WS operations, N2WS needs to have outbound connectivity to the Internet, for the HTTPS protocol. Assuming the N2WS server was launched in a VPC, it needs to have:
- A public IP, or
- An Elastic IP attached to it, or
- Connectivity via a NAT setup, Internet Gateway, or HTTP proxy.
If an access issue occurs, verify that the:
- The instance has Internet connectivity.
- DNS is configured properly.
- Security groups allow outbound connections for port 443 (HTTPS) or other (if you chose to use a different port).
Following are the configuration steps:
- Approve the end-user license agreement.
- Define the root user name, email, and password.
- Define the time zone of the N2WS Server and usage of data volumes.
- Fill in the rest of the information needed to complete the configuration process.
To initially be identified as the owner of this instance, you are required to type or paste the N2WS server instance ID. This is just a security precaution.
In the first step of the configuration process, you will also be required to approve the end-user license agreement.
The AWS root user (IAM User) is no longer allowed to control the operation of the N2WS server. A user with the Authentication credentials for N2WS Instance IAM Role is the only user allowed to install N2WS, log on to the system server and operate it. As in Figure 2‑1, you need to define the root user name, email, and password. This is the second step in the configuration process. The email may be used when defining Amazon Simple Notification Service (SNS) based alerts. Once created, choose to automatically add this email to the SNS topic recipients.
Also, if using the Free Trial or Bring Your Own License (BYOL) Edition, the License field is presented. Select I’m starting a free trial for a free trial. Alternatively, if your organization purchased a license directly from N2W Software, additional instructions are shown.
Note: Passwords: N2W Software does not enforce any password policy, however, it is recommended to use passwords that are difficult to guess and that are changed from time to time.
Defining Time Zone, Data Volume, Force Recovery Mode
In the third step of the configuration process, you can:
- Set the time zone of the N2WS Server.
- Choose whether to create a new data volume, or use an existing one. Your AWS credentials will be used for the data volume setup process.
- Create an additional N2WS server in recovery mode only, by choosing an existing data volume.
Configure proxy settings for the N2WS server.
As you will see in section 4.1.2, all scheduling of backup is done according to the local time of the N2WS Server. You will see all-time fields displayed by local time; however, all-time fields are stored in the N2WS database in UTC. This means that if you wish to change the time zone later, all scheduling will still work as before.
As you can see in Figure 2‑2, the choice of new or existing data volume is done here. The actual configuration of the volume will be done at the next step.
AWS credentials are required to create a new Elastic Block Storage (EBS) data volume if needed and to attach the volume to the N2WS Server instance.
- If you are using AWS Identity and Access Management (IAM) credentials that have limited permissions, these credentials need to have permissions to view EBS volumes in your account, to create new EBS volumes, and to attach volumes to instances (see section 16.3). These credentials are kept for file-level recovery later on and are used only for these purposes.
- If you assigned an IAM Role to the N2WS Server instance, and this role includes the needed permissions, select Use Instance’s IAM Role and then you will not be required to enter credentials.
New Data Volume
When creating a new data volume, the only thing you need to define is the capacity of the created volume. You also have the option to encrypt the volume, as described in section 2.5.1.
The volume is going to contain the database of N2WS’s data, plus any backup scripts or special configuration you choose to create for the backup of your servers. The backup itself is stored by AWS, so normally the data volume will not contain a large amount of data.
The default size of the data volume is 5 GiB.
- This is large enough to manage roughly 50 instances, and about 3 times as many EBS volumes.
- If your environment is larger than 50 instances, increase the volume at about the ratio of 1 GiB per 10 backed-up instances.
The new volume will be automatically created in the same AZ as the N2WS instance It will be named CPM Cloud Protection Manager Data. During the configuration process, the volume will be created and attached to the instance. The N2WS database will be created on it.
Existing Data Volume
The Existing data volume option is used if:
- You have already run N2WS and terminated the old N2WS server, but now wish to continue where you stopped.
- You are upgrading to new N2WS releases.
- You are changing some of the configuration details.
- You want to configure an additional N2WS server in recovery mode only.
The select box for choosing the volumes will show all available EBS volumes in the same AZ as the N2WS Server instance. When choosing the volumes, consider the following:
- It is important to create the instance in the AZ your volume was created in the first place.
- Another option is to create a snapshot from the original volume, and then create a volume from it in the AZ you require.
Note: Although CPM data volumes typically have a special name, it is not a requirement. If you choose a volume name that was not created by an N2WS server for an existing data volume, the application will not work.
Force Recovery Mode
You can configure an additional N2WS server, in recovery mode only, by choosing an existing data volume:
- In step 3, choose an existing volume and in the Force Recovery Mode, select Yes.
- In step 4, in the Choose existing CPM data volume list, select the volume that holds your backup records.
Note: The N2WS server configured for recovery mode will NOT:
- Perform backups.
- Copy to S3.
- Have Resource Control management.
- Perform any scheduled operations.
If the N2WS server needs an HTTP proxy to connect to the Internet, in the Connect via web proxy drop-down list, choose Enabled. Define the proxy address, port, user, and password. The proxy settings will be kept as the default for the main application.
In the fourth step, you will fill in the rest of the information needed for the configuration of the N2WS Server.
First thing you need is to finish configuring your data volume:
- If you chose to create a new volume in the previous step, you will see the screen as in Figure 2‑3.
- If you chose to use an existing volume, you will see a drop-down volume selection box instead of the capacity field as in Figure 2‑4.
If you chose a new data volume, you have an option to encrypt CPM user data. You also have the option to encrypt a new data volume if using the silent configuration mode (see section 2.9.)
Select Encrypted in the Encrypt Volume drop-down list and choose a key in the Encryption Key list. You have the option to use a custom ARN.
Web Server Settings
Port 443 is the default port for the HTTPS protocol, which is used by the N2WS manager. If you wish, you can configure a different port for the web server. But, keep in mind that the specified port will need to be open in the instance’s security groups for the management console to work, and for any Thin Backup Agents that will need to access it.
The final detail you can configure is an SSL certificate and private key.
- If you leave them empty, the main application will continue to use the self-signed certificate that was used so far.
- If you choose to upload a new certificate, you need to upload a private key as well. The key cannot be protected by a passphrase, or the application will not work.
Warning: If a corrupted SSL certificate is installed, it will prevent the CPM server from starting.
Anonymous Reports Setting
Leaving the Anonymous Usage Reports value as Allow permits N2WS to send anonymous usage data to N2W Software. This data does not contain any identifying information:
- No AWS account numbers or credentials.
- No AWS objects or IDs like instances or volumes.
- No N2WS names of objects names, such as, policy and schedule.
- It contains only details like:
- How many policies run on a N2WS server
- How many instances per policy
- How many volumes
- What the scheduling is, etc.…
You can change this setting at any time using the enable/disable anonymous usage reports link at the bottom of N2WS’s main page.
After filling in the details in the last step, you are prompted to register. This is mandatory for free trials and optional for paid products.
Click Configure System to finalize the configuration. The configuration will take between 30 seconds and 3 minutes for new volumes, and usually less for attaching existing volumes. After the configuration is complete, a successful configuration notification page opens.
Click the here link. After a few seconds, you are redirected to the login screen of the N2WS application. If you are not redirected, refresh the browser manually. If you are still not redirected, reboot the N2WS server via AWS Management Console or another management tool, and it will come back up configured and running.
Most inputs you have in the configuration steps are validated when you click Next. You will get an informative message indicating what went wrong.
A less obvious problem you may encounter is if you reach the third step and get the existing volume select box with only one value in it: No Volumes found. This can arise for two reasons:
If you chose to use an existing volume and there are no available EBS volumes in the N2WS Server’s AZ, you will get this response. In this case, you probably did not have your existing data volume in the same AZ.
To correct this:
Terminate and relaunch the N2WS server instance in the correct zone and start over the configuration process, or
Take a snapshot of the data volume, and create a volume from it in the zone the server is in.
If there is a problem with the credentials you typed in, the “No Instances found” message may appear, even if you chose to create a new data volume. This usually happens if you are using invalid credentials, or if you mistyped them.
To fix, go back and enter the credentials correctly.
In rare cases, you may encounter a more difficult error after you configured the server. In this case, you will usually get a clear message regarding the nature of the problem. This type of problem can occur for several reasons:
If there is a connectivity problem between the instance and the Internet (low probability).
If the AWS credentials you entered are correct but lack the permissions to do what is needed, particularly if they were created using IAM.
If you chose an incorrect port, e.g. the SSH port which is already in use.
If you specified an invalid SSL certificate and/or a private key file.
In case you cannot discover the problem, try again. If it persists, contact N2W Software support (firstname.lastname@example.org).
If the error occurred after completing the last configuration stage, it is recommended that you:
- Terminate the N2WS server instance.
Delete the new data volume (if one was already created).
Try again with a fresh instance.
If you need to change the configuration of your N2WS server after it has already been created, you may need to:
- Change the time zone
- Reset the N2WS root user password
- Change SSL credentials
- Change the HTTPS port
The process to make these changes is to terminate the current N2WS server instance and create a new one. After you terminate the N2WS server, the data volume becomes available. Configure the server as needed and connect to the old (existing) data volume.
Note: Remember to launch the new server in the same AZ.
For the N2WS root user, you may change the email or the password. The username of the root user cannot be changed. If during the configuration process, you type a different username than the original, N2WS will assume you forgot the root username. In that case, the username will not change, and a file named /tmp/username_reminder will be created on the N2WS server. It will contain the username. You can connect to N2WS server using SSH to view this file (see section 7.1).
From version 2.1.0, there is an option to configure N2WS using a special “user data” script. The user data script is a configuration in the ini file format, stating the configuration of the new N2WS instance.
Create the user data file with CPMCONFIG in the first line, [SERVER] in the second line, followed by the configuration details.
N2WS assumes that the N2WS instance has an IAM role that is used for the configuration process, so no credentials are required.
Following is an example of the whole script:
user=<username for the N2WS user>
volume_option=<new or existing>
volume_size=<in GB, used only for the new volume option>
volume_id=<Volume ID for the data volume, used only in the existing volume option>
snapshot_id=<snapshot ID to create the data volume from, used only with the existing volume option, and only if volume_id is not present>
Additionally, if you need the N2WS server to connect to the internet via an HTTP proxy, add a proxy section:
proxy_server=<address of the proxy server>
proxy_user=<user to authenticate, if needed>
proxy_password=<password to authenticate, if needed>
The snapshot option does not exist in the GUI. It can be used for automation of a Disaster Recovery (DR) server recovery. Additionally, if you state a volume ID from another AZ, N2WS will attempt to create a snapshot of that volume and migrate it to the AZ of the new N2WS server. This option can be used in a high availability setup.
Note: You are not required to click to approve the license terms when using the silent configuration option since you already approved the terms when subscribing to the product on AWS Marketplace.