As soon as you log on to CPM with the root user credentials you created during configuration, you are redirected to the main screen. CPM is a very simple application to work with. The user interface is simple, intuitive, and user-friendly. Most operations are only one mouse-click away from the main screen.
As you can see in Figure 3-1, the main screen is divided by six tabs:
- Backup Monitor – Here you will see all your backups. For each backup you can see the start and end times, policy, status and DR status. All operations regarding a backup are present in this tab: viewing the list of snapshots, opening the backup log, recovering from a backup, and moving it to the freezer (see section 8.3).
Sometimes you have many backups and are looking for a specific one:
- Policies – Backup Policies defined in the system. From this tab you can create, modify, configure and delete backup policies.
- Schedules – Backup Schedules can be created, configured and deleted in this tab. You attach a schedule to a policy in the policy definition screen.
- Agents – Thin Backup Agents that are connected to this CPM server can be viewed here. Currently, Thin Backup Agents are needed only when application consistency is needed for Windows Servers. In any other case, the backup is done agent-less.
- Freezer – The freezer is a place where you can keep backups indefinitely. When you identify a backup that is worth keeping (e.g. a successful backup of a clean system right after an upgrade), you can move it to the freezer. Elements in the freezer will not be deleted by the automatic Cleanup process.
- Recovery Monitor – Recovery Monitor – This tab will contain records for all recovery operations (except for file level recovery). Each recovery record will contain a time stamp of the recovery operation, the backup was recovered from and additional information. Recovery records are automatically deleted as the backups are.
There are many tools to help you find the data you are looking for:
- Use filters, such as account, policy and status, depending on the tab.
- Sort by all relevant columns.
- Browse between pages.
- Choose how many records to view in one page.
- In every tab, except for Recovery Monitor, there is a Search box.
- In the Backup Monitor, using the Search for Resource box, you can search through all of your backed-up resources. Type or paste all or part of the ID or name for any resource of any type, such as instances, volumes, databases, clusters, tables, and tags.
In addition to the tabs, you have a logout link at the top right corner of the screen. Depending on the type of user you are, some or all of the following buttons appear at the top of the screen:
- Home – Brings you back to the main screen from wherever you are or reloads the whole page.
- Accounts – Depending on the edition of CPM you subscribed to, you can define one or more AWS accounts to work with. These accounts contain the resource objects (instances, EBS volumes, RDS databases, Aurora clusters, Redshift clusters, and DynamoDB tables) you may wish to back up. Each backup policy is associated with a single AWS account.
- S3 Repositories – Create S3 Repositories for User.
- Notifications – Define notifications and alerts.
- Users – Depending on the CPM edition you subscribed to, if you are the root user, click the Manage Users button to create and manage users. Managing includes the ability to:
- Delete users.
- Reset passwords.
- Download usage reports.
- General Settings – Contains settings for controlling CPM features:
- CPM Server Identifier
- Backup Tag Scan
- Capture VPC
- Cleanup, including schedule, deleted record and user audit log retention
- AWS Account for File-Level Recovery
- Identify Provider, including x509 certificate and CPM metadata downloads
- Reports (preview) – Page contains links for downloading most CPM reports (Backups, Snapshots, Audit, Usage, and Protected Resources). Filter reports for account, user, and date and time. See section 15.9.
At the bottom of the screen you can find a few useful links to do the following:
- View the license agreement.
- Download the Thin Backup Agent.
- Enable or disable sending anonymous usage reports.
- Download the CPM logs as a tarball in case you need to send them to our support team.
- Enter a new activation key. If a special permission is required in addition to the default permissions of your CPM edition, N2W Software can issue you an activation key.
- Download a backup view or snapshot view raw report in CSV format.
- Download a usage report for current user.
- Download audit reports for all users. An audit report for the current user are available in the Users button.
- Change the password of the current user.
- To register the CPM instance account with N2W Software. It is recommended that you register if you did not do so during configuration. Registering enables N2W Software to provide enhanced support.
- Generate a CSV report of the unprotected resources for the current user and download it when completed.
- View patches for current server and go to the cpm patches page to install patches.
- Send configurations to local and remote agents.
- Go to N2W Software’s documentation and support pages.
- Display information for the current user, including the maximum allowed GiBs for each resource type.
To associate an AWS account, you will need to either:
Enter AWS credentials consisting of an access key and a secret key, or
Use an IAM role, either on the CPM server instance or cross-account roles.
There are two steps to associating a CPM account with an AWS account:
- To manage your users and roles and obtain AWS credentials, go to the IAM console at https://console.aws.amazon.com/iam/home?#users
Follow the directions to either add a new account or view an existing account.
Capture the AWS credentials.
To associate the AWS account with a CPM account, go to CPM:
- Click Accounts and then click Add New Account.
Complete the fields and enter the AWS credentials in the Access Key boxes.
If you are using the Advanced or Enterprise Edition or a free trial, you will need to choose an account type.
The Backup account is used to perform backups and recoveries and is the default.
DR Account is used to copy snapshots to as part of cross-account functionality.
If this is a DR Account, you choose whether this account is allowed to delete snapshots. If the account not allowed to delete snapshots when cleaning up, the outdated backups will be tagged. Not allowing CPM to delete snapshots of this account implies that the presented IAM credentials do not have the permission to delete snapshots.
CPM Supports three methods of authentication:
- IAM User – Authentication using IAM credentials, access and secret keys.
- Warning: Using IAM User credentials is not recommended as they are less secure than using IAM roles.
- CPM Instance IAM Role – If an IAM role was assigned to the CPM server at launch time or later, you can use that IAM role to manage backups in the same AWS account the CPM server is in. Only the root/admin CPM user is allowed to use the IAM role.
- Assume Role – This type of authentication requires another AWS account already configured in CPM. If you want to use one account to access another, you can define a cross-account role in the target account and allow access from the first one. The operation of using one account to take a role and accessing another account is called assume role.
To allow account authentication using Assume Role in CPM:
- In the Authentication box, choose Assume Role.
- In the Account Number box, type the 12-digit account number, with no hyphens, of the target account.
In the Assuming Account list, choose the account that will assume the role of the target account.
In the Role to Assume box, type the role name, not the full Amazon Resource Name (ARN) of the role. CPM cannot automatically determine what the role name is, since it is defined at the target account, which CPM has no access to yet.
The External ID box is optional unless the cross-account role was created with the 3rd party option.
If you are the root user or independent user and have managed users defined, an additional selection list will appear enabling you to select the user.
In the Scan Resources list, choose whether the current account will be included in scan tags performed by the system. Once Scan Resources is Enabled, you may choose in which region to scan resources. By default, CPM will scan all regions, but you can disable any region which is not relevant to your deployment.
Note: You can add as many AWS accounts as your CPM edition permits.