- 1 – Introduction to CPM
CPM – Cloud Protection Manager – is an enterprise-class backup, recovery and disaster recovery solution for the Amazon Web Services (AWS). Designed from the ground up to support AWS, CPM uses cloud native technologies (e.g. EBS snapshots) to provide unmatched backup and, more importantly, restore capabilities in AWS.
CPM is sold as a service. When you register to use the service, you get permission to launch a virtual Amazon Machine Image (AMI) of an EC2 instance. Once you launch the instance, and after a short configuration process, you can start backing up your data using CPM.
Using CPM, you can create backup policies and schedules. Backup policies define what you want to back up (i.e. Backup Targets) as well as other parameters, such as:
- Frequency of backups
- Number of backup generations to maintain
- Whether to copy the backup data to other AWS regions, etc.
- Whether to back up a resource immediately
- Backup targets can be of several different types, for example:
- EC2 instances (including some or all of the instance’s EBS volumes
- Independent EBS volumes (regardless of whether they are attached and to which instance)
- Amazon Relational Database Service (RDS) databases
- RDS Aurora clusters
- Redshift clusters
- DynamoDB tables
In addition to backup targets, you also define backup parameters, such as:
- In Windows achieving application consistency using Microsoft Volume Shadow Copy Service (VSS)
- Running backup scripts
- Number of retries in case of a failure
Schedules are used to define how you want to time the backups. You can define the following:
- A start and end time for the schedule
- Backup frequency, e.g. every 15 minutes, every 4 hours, every day, etc.
- Days of the week to run the policy
- Special times to disable the policy
A policy can have one or more schedules associated with it. A schedule can be associated with one or more policies.
As soon as you have an active policy defined with a schedule, backups will start automatically.
CPM available in several different editions which support different usage tiers of the solution (e.g. number of protected instances, number of AWS accounts supported, etc.) The price for using the CPM software is a fixed monthly price which varies between the different CPM editions.
To see the different features for each edition, along with pricing and details, go to our pricing & purchase page on the N2WS web site. Once you subscribe to one of CPM’s editions, you can launch a CPM Server instance and begin protecting your AWS environment. Only one CPM Server per subscription will actually perform backup. If you run additional instances, they will only perform recovery operations (see section 1.3.3).
1.1.1 – Moving between CPM Editions
If you are already subscribed and using one CPM edition and want to move to another that better fits your needs, you need to perform the following steps:
Note: Before proceeding, it is highly recommended to create a snapshot of your CPM Data Volume before proceeding. You can delete that snapshot once your new CPM Server is up and running. The data volume is typically named CPM Cloud Protection Manager Data.
- Terminate your existing CPM instance. It is recommended to do so while no backup is running.
- Unsubscribe from your current CPM edition. It is important since you will continue to be billed for that edition if you don’t cancel your subscription. You will only be able to unsubscribe if you don’t have any running instances of your old edition. You manage your subscriptions on the AWS Marketplace site in the Your Software page.
- Subscribe to the new CPM Edition and launch an instance. You need to launch the instance in the same Availability Zone (AZ) as the old one. If you want to launch your new CPM Server in a different zone or region, you will need to create a snapshot of the data volume and either create the volume in another zone or copy the snapshot to another region and create the volume there.
- During configuration, choose Use Existing Data Volume and select the existing data volume.
- Once configuration completes, continue to work with your existing configuration with the new CPM edition.
1.1.2 – Downgrading
If you moved to a lower CPM edition, you may find yourself in a situation where you exceed the resources your new edition allows. For example, you used CPM Advanced Edition and you moved to CPM Standard Edition, which allows fewer instances. CPM will detect such a situation as a compliance issue, will cease to perform backups, display a message, and issue an alert detailing the problem.
To fix the problem:
- Move back to a CPM edition that fits your current configuration, or
- Remove the excessive resources, e.g. remove users, AWS accounts or instances from policies.
Once the resources are back in line with the current edition, CPM will automatically resume normal operations.
The CPM Server is a Linux based virtual appliance. It uses AWS APIs to access your AWS account. It allows managing snapshots of EBS volumes, RDS instances and clusters, Redshift clusters, and DynamoDB tables. Except in cases where the user chooses to install our Thin Backup Agent for Windows Servers, CPM does not directly access your instances. Access is performed by the agent, or by a script that the user provides, which performs application quiescence.
CPM consists of three parts, all of which reside on the CPM virtual server:
- A database that holds your backup related metadata
- A Web/Management server that manages metadata
- A backup server that actually performs the backup operations. These components reside in the CPM server
The CPM architecture is shown in Figure 1-1. CPM Server is an EC2 instance inside the cloud, but it also connects to the AWS infrastructure to manage the backup of other instances. CPM does not need to communicate or interfere in any way with the operation of other instances. The only case where CPM server communicates directly with, and has software installed on, an instance, is when backing up Windows Servers for customers who want to use Microsoft VSS for application quiescing. If you wish to have VSS or script support for application quiescence, you will need to install the CPM Thin Backup Agent. The agent will get its configuration from the CPM server, using the HTTPS protocol.
The CPM instance is an EBS-based instance with two EBS volumes. One is the root device, and the other is the CPM data volume. All persistent data and configuration information reside on the data volume. From CPM’s perspective, the root device is dispensable. You can always terminate your CPM instance and launch a new one, then using a short configuration process continue working with your existing data volume.
1.3.1 – Root Volume
Although you have access to the CPM Server instance via SSH, N2WS expects the CPM Server instance will be used as a virtual appliance. N2WS expects you not to change the OS and not to start running additional products or services on the instance. If you do so and it affects CPM, N2WS will not be able to provide you with support. Our first requirement will be for you to launch a clean CPM server.
Note: Remember that all your changes in the OS will be wiped out as soon as you upgrade to a new release of CPM, which will come in the form of a new image (AMI). If you need to install software to use with backup scripts (e.g. Oracle client) or you need to install a Linux OS security update, you can. N2WS recommends that you consult N2WS support before doing so.
1.3.2 – Backing up the CPM Server
CPM server runs on an EBS-based instance. This means that you can stop and start it whenever you like. But if you create an image (AMI) of it and launch a new one with the system and data volume, you will find that the new server will not be fully functional. It will load and will allow you to perform recovery, but it will not continue performing backup as this is not the supported way to back up CPM servers. What you need to do, is to back up only the data volume, and to launch a fresh CPM server and connect it to a recovered data volume (see section 10.4.3).
1.3.3 – CPM Server with HTTP Proxy
CPM needs connectivity to AWS endpoints to be able to use AWS APIs. This requires Internet connectivity. If you need CPM to connect to the Internet via an HTTP Proxy, that is fully supported. During configuration you will be able to enable proxy use and enter all the required details and credentials: proxy address, port, user and password. User and password are optional and can be left empty if the proxy server does not require authentication. Once you configure proxy settings at the configuration stage, they will also be set for use in the main application. In any event, proxy settings can be modified at any time in the general settings screen in the main CPM application.
1.3.4 – Multiple CPM Servers
If you are trying to launch multiple CPM servers of the same edition in the same account, you will find that from the second one on, no backup will be performed. Each such server will assume it is a temporary server for recovery purposes and will allow only recovery. Typically, one CPM server should be enough to back up your entire EC2 environment. If you need more resources, you should upgrade to a higher edition of CPM. If you do need to use more than one CPM server in your account, contact N2WS support.
1.3.5 – Upgrading the CPM Server Instance
At certain times, you may need to terminate the current CPM Server instance and start a fresh one. The typical scenario is upgrading to a new CPM image.
To upgrade/restart the CPM Server Instance:
- Launch a new CPM Server instance in the same region and AZ as the old one. You can launch the instance using the Your Software page on the AWS web site.
- To determine the AZ of the new instance or to launch it in a Virtual Private Cloud (VPC) subnet, launch the instance using the EC2 console rather than using the 1-click option.
- Terminate the old instance, preferably while no backup is being performed. Wait until it is in the terminated state.
- When the new instance is in the running state, connect to it with a browser using HTTPS.
- Approve the exception to the SSL certificate.
- Choose Use Existing Data Volume and paste in your AWS credentials.
- Select your old data volume from the list of volumes to complete the configuration process. Operations will resume automatically.
Recommended: Go to the Volumes view in the AWS Management Console and create a snapshot of the CPM data volume. The volume is typically named CPM Cloud Protection Manager Data. The snapshot is only needed in the event there is a problem with the upgrade process and it can be deleted afterwards.
If you are using backup scripts that utilize SSH, you may need to login to the CPM Server once and run the scripts manually, so the use of the private key will be approved.
As part of the cloud ecosystem, CPM relies on web technology. The management interface through which you manage backup and recovery operations is web-based. The APIs which CPM uses to communicate with AWS, are web-based. All communication with the CPM server is done using the HTTPS protocol, which means it is all encrypted. This is important, since sensitive data will be communicated to/from the CPM server, for example, AWS credentials, CPM credentials, object IDs of your AWS objects (instances, volumes, databases, images, snapshot IDs etc.).
Most interactions with the CPM server are done via a web browser.
- Since CPM uses modern web technologies, you will need your browser to be enabled for Java Script.
- CPM supports Firefox, Safari, Google Chrome, and Microsoft Internet Explorer (version 9 and newer).
- CPM will not work for IE versions 8 and older.
Other browsers are not supported.
If you want to view a getting-started tutorial or try the fully-functional CPM free for 30 days, go to the AWS Marketplace at http://n2ws.com/support/video-tutorials/getting-started. Follow the instructions in the How to Install Cloud Protection Manager video.
Note: It is not necessary to reinstall CPM after purchasing a license.
It is now possible to have a free trial of CPM with the usage limitations customized for your specific AWS infrastructure. Contact N2W Software sales at firstname.lastname@example.org to start your customized free trial. The N2W Software sales team may provide a reference code for your customized installation.