1 Introduction to N2WS

Welcome to the N2WS Backup & Recovery User Guide. Here you will find all the documentation that you need to make the most of N2WS.

N2WS Backup & Recovery (CPM), known as N2WS, is an enterprise-class backup, recovery, and disaster recovery solution for Amazon Web Services (AWS). Designed from the ground up to support AWS, N2WS uses cloud-native technologies (e.g., EBS snapshots) to provide unmatched backup and, more importantly, restore capabilities in AWS.

N2WS also supports backup and recovery for Microsoft Azure Virtual Machines, SQL Servers, and Disks.

N2WS is sold as a service. When you register to use the service, you get permission to launch a virtual Amazon Machine Image (AMI) of an EC2 instance. Once you launch the instance, and after a short configuration process, you can start backing up your data using N2WS.

Using N2WS, you can create backup policies, schedules, and import non-N2WS backups to Amazon Simple Storage Service (S3). Backup policies define what you want to back up (i.e., Backup Targets) as well as other parameters, such as:

  • Frequency of backups

  • Number of backup generations to maintain

  • Whether to copy the backup data to other AWS regions, etc.

  • Whether to back up a resource immediately

Backup targets can be of several different types, for example:

  • EC2 instances (including some or all instance’s EBS volumes)

  • Independent EBS volumes (regardless of whether they are attached and to which instance)

  • Amazon Relational Database Service (RDS) databases

  • RDS Aurora clusters, including Aurora Serverless

  • Redshift clusters

  • DocumentDB

  • DynamoDB tables

  • Elastic File System (EFS)

  • FSx File Systems - Lustre, NetApp ONTAP, Windows with managed Active Directory, OpenZFS

  • S3 Sync to copy objects between S3 buckets

  • For Azure policies, Virtual Machines (VM), SQL Servers, and Disks

In addition to backup targets, you also define backup parameters, such as:

  • In Windows achieving application consistency using Microsoft Volume Shadow Copy Service (VSS)

  • Running backup scripts

  • Number of retries in case of a failure

Schedules are used to define how you want to time the backups. You can define the following:

  • A start and end time for the schedule, including time zone of data

  • Backup frequency, e.g. every 15 minutes, every 4 hours, every day, etc.

  • Days of the week to run the policy

  • Special times to disable the policy

A policy can have one or more schedules associated with it. A schedule can be associated with one or more policies. As soon as you have an active policy defined with a schedule, backups will start automatically.

N2WS provides monitoring at multiple levels. The Dashboard displays key performance indicators for backups, disaster recoveries, volume usage, backups to S3, and other metrics. Operation-specific monitors allow you to view details. And support for additional monitoring using Datadog and Splunk is available.

Following is a summary of the supported services for AWS and Azure backup targets:

AWS Main Backup Targets

Service/OptionCross Region DRCross Acct DRCopy to RepositoryCopy to S3 Glacier

EC2

Y

Y

Y

Y

EBS

Y

Y **

Y

Y

EFS

Y

Y

N

N

FSX

See below

See below

See below

N

Redshift Cluster

N

Y *

XAccount to original region is always Full

Y

Y

RDS

Y

Y

Y

Y

*Cross-account DR to the original region incurs additional costs.

**Snapshots of EBS/RDS encrypted with default key cannot be copied cross account.

AWS FSx Backup Targets with Exceptions, Services, and Options

Service/Option

Backup

Cross Region DR

Cross Account DR*

Lustre

Y

Y FSx

Y Persistent HDD -

AWS - Optional XRegion

NetApp ONTAP

Y

N

N

OpenZFS

Y

Y AWS

Y AWS - Optional XRegion

Windows File Server

Y

Y FSx

Y AWS - Optional XRegion

*Cross Account - FSx and Vaults must be encrypted with custom encryption key.

Azure Backup Targets

Service

Backup

DR - Cross Region

Copy to Repository

Disk

Y

Y

N

SQL Server

Y

DR – XRegion ONLY

Y

VM

Y

Y

N

1.1 Purchasing N2WS on the AWS Marketplace

N2WS is available in several different editions that support different usage tiers of the solution, e.g. number of protected instances, number of AWS accounts supported, etc. The price for using the N2WS software is a fixed monthly price which varies between the different N2WS editions.

To see the different features for each edition, along with pricing and details, go to the N2W Software Web site. Once you subscribe to one of the N2WS editions, you can launch an N2WS Server instance and begin protecting your AWS environment. Only one N2WS Server per subscription will actually perform a backup. If you run additional instances, they will only perform recovery operations (section 1.3.3).

1.1.1 Moving between N2WS Editions

If you are already subscribed and using one N2WS edition and want to move to another that better fits your needs, you need to perform the following steps:

Before proceeding, it is highly recommended that you create a snapshot of your CPM data volume. You can delete that snapshot once your new N2WS Server is up and running. The data volume is typically named N2WS – Data Volume.

  1. Terminate your existing N2WS instance. N2WS recommends that you do so while no backup is running.

  2. Unsubscribe from your current N2WS edition. It is important since you will continue to be billed for that edition if you don’t cancel your subscription. You will only be able to unsubscribe if you don’t have any running instances of your old edition. You manage your subscriptions on the AWS Marketplace site on the Your Software page.

  3. Subscribe to the new N2WS Edition and launch an instance. You need to launch the instance in the same Availability Zone (AZ) as the old one. If you want to launch your new N2WS Server in a different zone or region, you will need to create a snapshot of the data volume and either create the volume in another zone or copy the snapshot to another region and create the volume there.

  4. During configuration, choose Use Existing Data Volume and select the existing data volume.

Once configuration completes, continue to work with your existing configuration with the new N2WS edition.

1.1.2 Downgrading

If you moved to a lower N2WS edition, you may find yourself in a situation where you exceed the resources your new edition allows. For example, you used N2WS Advanced Edition and you moved to N2WS Standard Edition, which allows fewer instances. N2WS will detect such a situation as a compliance issue, will cease to perform backups, display a message, and issue an alert detailing the problem.

To fix the problem:

  • Move back to an N2WS edition that fits your current configuration, or

  • Remove the excessive resources, e.g., remove users, AWS accounts, or instances from policies.

Once the resources are back in line with the current edition, N2WS will automatically resume normal operations.

1.2 N2WS Architecture

The N2WS Server is a Linux-based virtual appliance. It uses AWS APIs to access your AWS account. It allows managing snapshots of EBS volumes, RDS instances and clusters, Redshift clusters, DocumentDB, and DynamoDB tables. Except in cases where the user chooses to install our Thin Backup Agent for Windows Servers or use the AWS Simple System Manager (SSM) Remote Agent, N2WS does not directly access your instances. Access is performed by the agent, or by a script that the user provides, which performs application quiescence.

N2WS consists of the following parts, all of which reside on the N2WS virtual server:

  • A database that holds your backup related metadata.

  • A Web/Management server that manages metadata.

  • A backup server that performs the backup operations. These components reside in the N2WS server.

The N2WS architecture is shown below. N2WS Server is an EC2 instance inside the cloud, but it also connects to the AWS infrastructure to manage the backup of other instances. N2WS does not need to communicate or interfere in any way with the operation of other instances. The only case where the N2WS server communicates directly with and has software installed on, an instance, is when backing up Windows Servers for customers who want to use Microsoft VSS for application quiescing.

  • If you wish to have VSS or script support for application quiescence, you need to install the AWS SSM Agent or the N2WS Thin Backup Agent. The agent gets its configuration from the N2WS server, using the HTTPS protocol.

  • The SSM Agent doesn't require any inbound ports to be opened. All communication from the agent is outbound from HTTPS to the SSM and EC2 Message endpoints in the region where your instances are registered.

1.3. N2WS Server Instance

The N2WS instance is an EBS-based instance with two EBS volumes. One is the root device, and the other is the CPM data volume. All persistent data and configuration information reside on the data volume. From N2WS’s perspective, the root device is dispensable. You can always terminate your N2WS instance and launch a new one, then using a short configuration process continue working with your existing data volume.

1.3.1 Root Volume

Although you have access to the N2WS Server instance via SSH, N2W Software expects the N2WS Server instance will be used as a virtual appliance. N2W Software expects you not to change the OS and not to start running additional products or services on the instance. If you do so and it affects N2WS, N2W Software will not be able to provide you with support. Our first requirement will be for you to launch a clean N2WS server.

Remember that all your changes in the OS will be wiped out as soon as you upgrade to a new release of N2WS, which will come in the form of a new image (AMI). If you need to install software to use with backup scripts (e.g., Oracle client) or you need to install a Linux OS security update, you can. N2W Software recommends that you consult N2W Software support before doing so.

1.3.2 Backing up the N2WS Server

N2WS server runs on an EBS-based instance. This means that you can stop and start it whenever you like. But if you create an image (AMI) of it and launch a new one with the system and data volume, you will find that the new server will not be fully functional. It will load and will allow you to perform recovery, but it will not continue performing backup as this is not the supported way to back up N2WS servers. What you need to do, is to back up only the data volume, launch a fresh N2WS server, and connect it to a recovered data volume. See section 11.4.3.

1.3.3 N2WS Server with HTTP Proxy

N2WS needs connectivity to AWS endpoints to be able to use AWS APIs. This requires Internet connectivity. If you need N2WS to connect to the Internet via an HTTP Proxy, that is fully supported. During configuration, you will be able to enable proxy use and enter all the required details and credentials: proxy address, port, user, and password. User and password are optional and can be left empty if the proxy server does not require authentication. Once you configure proxy settings at the configuration stage, they will also be set for use in the main application.

1.3.4 Multiple N2WS Servers

If you are trying to launch multiple N2WS servers of the same edition in the same account, you will find that from the second one on, no backup will be performed. Each such server will assume it is a temporary server for recovery purposes and will allow only recovery. Typically, one N2WS server should be enough to back up your entire EC2 environment. If you need more resources, you should upgrade to a higher edition of N2WS. If you do need to use more than one N2WS server in your account, contact N2W Software support.

1.4 Upgrading N2WS

If you are upgrading from version 2.X, 3.X, or 4X, also see https://support.n2ws.com/portal/en/kb/articles/upgrade-instructions-for-v3-x

We strongly recommend that you read this entire section BEFORE starting the upgrade and that you follow every step in these sections to ensure that version 4.x is configured correctly and with no loss of data.

The upgrade process consists of the following phases:

  1. Before starting the upgrade, refer to instructions specific to your current version in section 1.4.1.

  2. Stop the current CPM instance.

  3. Create a new data volume from the snapshot to be used in the upgrade.

  4. Configure the new version instance according to instructions in section 1.4.2.

  5. Terminate the old version instance, and launch the new version as described in section 1.4.3.

  6. After the upgrade, there are still a few steps to ensure a complete transition. See section 1.4.4.

If you have any questions or encounter issues, visit the N2WS Support Center where you will find helpful resources in a variety of formats or can open a Support Ticket.

1.4.1 Before Upgrading to N2WS V4.X

The following sections outline the steps required to upgrade to N2WS Backup & Recovery version 4.x.

1.4.1.1 GENERAL

Permissions

Due to new functionality in v3.x, you may need to update your permission policies. If you have more than one AWS Account added to the N2WS console, you will have to update the IAM Policies for each account. See the JSON templates at https://support.n2ws.com/portal/kb/articles/what-are-the-required-minimal-aws-permissions-roles-for-cpm-operation

Before starting:

  1. Have the username and password for the root/admin user ready.

  2. If you are using a proxy in the N2WS settings, write down the details.

  3. Take a screenshot of the N2WS EC2 instance network settings: IP, VPC, Subnet, Security Groups, and IAM Role and Keypair name.

  4. Take a screenshot of the Tags if you have more than a few.

  5. Verify that there are no backups, DRs, or Cleanup running or scheduled to run within the next 15-30 minutes.

  6. Shut down the N2WS EC2 instance.

  7. Take a snapshot of the N2WS Data Volume. Only the Data Volume is important, as it contains all your settings, backup entries, etc.

  8. Download the latest IAM permissions and update the IAM Policies from your role.

1.4.1.2 UPGRADE FROM 4.X., 3.X, 2.7.X, 2.3.X, 2.2.X, 2.1x

  • For 3.0.0/3.0.0a Customers, after upgrading to v3.0.0b or later versions:

    • If you created or modified an S3 policy in v3.0.x or earlier versions, TO AVOID a POSSIBLE DATA LOSS, you must apply the workaround listed at S3 backups may be stored for X days instead of X months.

    • Policies created or modified in v3.0.0b and later will not experience this issue.

  • For Customers upgrading from other versions, perform the upgrade as usual. See section 1.4.3.

1.4.1.3 UPGRADE FROM 2.4, 2.5, 2.6

  • Customers that did not use Copy to S3 do not need to perform any additional actions and should perform the upgrade as usual. See section 1.4.3.

  • Customers that did use Copy to 3 must proceed according to the following steps.

1.4.1.4 IMPORTANT NOTICE FOR 2.4, 2.5, 2.6 CUSTOMERS USING COPY TO S3

All data previously archived to S3 (using versions 2.4-2.6) cannot be recovered using version 3.0. To recover this data in the future, you will need to create an AMI of the existing N2WS instance before completing the upgrade process.

You must complete the following mandatory steps:

Mandatory Steps for 2.4, 2.5, 2.6 Customers using Copy to S3:

Before shutting down the 2.4.x, 2.5.x, or 2.6.x N2WS server:

  1. Verify that no backup/DR/Cleanup/S3 is in process or scheduled within the next 30 minutes.

  2. Disable the local CPM Agent.

  3. Connect to CPM in SSH.

  4. Type:

sudo mv /opt/n2wsoftware/cpmagent/agent.pyo/opt/n2wsoftware/cpmagent/agent.pyo.disabled

5. Use the AWS Console to create an AMI of the existing N2WS instance. Retain this AMI to ensure that you can recover data previously archived to S3, using any version before 2.7. Retain this AMI for as long as you need to recover the pre-v2.7 legacy data from S3.

Launch this AMI, which defaults to recover-only mode, whenever you need to recover from the old S3 repository:

  1. Navigate to the EC2 console.

  2. Select the running N2WS instance.

  3. Under the Actions menu, select Image.

  4. Create Image.

6. Launch version 4.x using the normal upgrade process. See section 1.4.3.

Notice for customers using Copy to S3:

  • Once version 3.0 is launched, the first archive to S3 will be FULL. All subsequent backups will be incremental as usual.

  • You can maximize cost savings by moving previously archived data (pre-v2.7) from S3 to S3 Intelligent Tiering, or IA if preferred.

Cleaning Up Your Pre-2.7 S3 Repository

Once version 3.x is launched, all data previously archived to S3 (using versions 2.4 - 2.6) will not be deleted by the N2WS cleanup operation.

When based on your retention policy you no longer need any of the archived backups in your older repository using versions 2.4-2.6, you can manually delete it.

To delete a repository named ‘Repository_to_Delete’ located at ‘Configured_S3_Bucket’:

  1. Use the AWS console to access the S3 console.

  2. The repository, ‘Rep_to_Delete’, will be located under Configured_S3_Bucket > Veeam > Backup > Rep_to_Delete

  3. Select the ‘Rep_to_Delete’ folder and delete it using the S3 console.

1.4.2 Configuring the New N2WS Server Instance

  • The new CPM instance needs to be in the same Availability Zone as the cpmdata EBS volume.

  • Use the cpmdata volume created from the snapshot, and leave the original volume attached to the stopped instance.

  • If your data volume is very big, wait 10 minutes before starting the upgrade, as AWS is creating new volumes from snapshots. The ready message may show before the volume is actually ready.

To upgrade/restart the N2WS Server Instance:

  1. About 1 minute after launching the new instance, it should in the running state. Connect to the UI with a browser using https://[ip-of-your-new-instance].

  2. Confirm the Instance ID of your newly launched instance.

  3. Accept the Terms and Conditions.

  4. Enter the username and password of the admin/root user.

  5. Approve the exception to the SSL certificate.

  6. Choose the time zone, and select Use Existing Data Volume in step #4, “Data Volume and Proxy”.

  7. Select your old data volume in the Existing CPM Data Volume list in step #5, “Server Configuration”.

  8. Select Configure System in step #6, “Register Your Account”. N2WS will automatically resume operations. Wait until the login mask appears.

See section 2 for complete details for the Server Configuration.

1.4.3 Terminating the Old Instance and Launching the New Instance

If you have a Marketplace instance, after a successful upgrade, the new CPM will automatically detect the existence of the old instance and will launch in recovery mode. You will need to terminate the old CPM and perform a failover

  1. Terminate the existing CPM instance.

  2. Launch a new N2WS Server instance in the same region and AZ as the old one. You can launch the instance using the Your Marketplace Software page on the AWS web site.

  3. To determine the AZ of the new instance, launch the instance using the EC2 console rather than using the 1-click option.

  4. Wait until the old CPM instance is in the terminated state.

  5. Confirm Perform Failover prompt.

6. Wait 5 minutes for the 'Operation Succeeded' message.

7. Reboot.

1.4.4 Completing the Upgrade

After upgrading:

  1. If you were using N2WS Thin Backup Agents to perform app-consistent backups:

    1. Check the Agents tab and see if “last heard from” is updated with a recent date and time.

    2. If not, you may have to download and install the N2WS Thin Backup Agent on your Windows EC2 instances.

  2. If you were using the AWS SSM Remote Agent to perform app-consistent backups, note that the SSM Agent will not appear in the Agents tab. You will need to verify the SSM Agent separately.

  3. If you were using backup scripts that utilize SSH, you may need to log in to the N2WS Server once and run the scripts manually so that the use of the private key will be approved.

  4. If you have more than one AWS Account added to the N2WS console:

    1. Update the IAM Policies for each Account. See step 8 in the Before Warning in section 1.4.1.

    2. Confirm using Check AWS Permissions for each Account.

1.5 N2WS Technology

As part of the cloud ecosystem, N2WS relies on web technology. The management interface through which you manage backup and recovery operations is web-based. The APIs which N2WS uses to communicate with AWS are web-based. All communication with the N2WS server is performed using the HTTPS protocol, which means it is all encrypted. This is important since sensitive data will be JavaScript communicated to/from the N2WS server, for example, AWS credentials, N2WS credentials, object IDs of your AWS objects (instances, volumes, databases, images, snapshot IDs, etc.).

1.6 Browser Support

Most interactions with the N2WS server are performed via a web browser.

  • Since N2WS uses modern web technologies, you will need your browser to be enabled for JavaScript.

  • N2WS supports Microsoft Chromium Edge, Mozilla Firefox, and Google Chrome.

  • Other browsers are not supported.

1.7 Viewing Tutorial and Free Installation

If you want to view a getting-started tutorial, or to try the fully-functional N2WS free for 30 days, go to https://n2ws.com/support/video-tutorials/getting-started. Follow the instructions in the ‘Getting Started with N2WS Backup & Recovery for AWS’ video.

It is not necessary to reinstall N2WS after purchasing a license.

1.8 Customized Free Trial

It is now possible to have a free trial of N2WS with the usage limitations customized for your specific AWS infrastructure. Contact N2W Software sales to start your customized free trial. The N2W Software sales team may provide a reference code for your customized installation.

​1.9 Support for AWS Outposts

N2WS provides customers the ability to back up and recover on-premise workloads running on AWS Outposts as well as workloads on AWS. N2WS can run the core backup application on the AWS cloud and protect workloads running either on regions outside of AWS Outposts or protect applications that need to be backed up on AWS Outposts.

N2WS supports the following AWS services running on Outposts:

  • EC2/EBS/RDS/SES/S3/VPC

  • The services can be deployed in all AWS regions.

1.9.1 Deployment

N2WS is available on AWS Marketplace with different editions ready to support any size environment: https://aws.amazon.com/marketplace/search/results?x=29&y=9&searchTerms=n2ws

You can launch N2WS as an AMI directly from the AWS Marketplace or use a pre-configured CloudFormation (CF) template. Configuration takes a few minutes. See https://n2ws.com/support/video-tutorials/install-and-configure-n2ws-backup-recovery-3-0

For further information regarding the AWS Outposts service, go to https://console.aws.amazon.com/outposts/

1.9.2 Supported Use Cases

The prerequisite for support is complete installation of N2WS Backup & Recovery. Use cases are:

  • Backup - N2WS can either back up applications, such as a media server, that run on AWS Outposts by storing the backup data on Outposts, as well as protect applications running outside of AWS Outposts by storing backup data in the same AWS region.

  • Disaster Recovery (DR) - In the case of Disaster Recovery, N2WS protects resources running on AWS Outposts and copies data to another AWS Region or AWS account.

    • Another option is to use N2WS Backup & Recovery to back up resources running in a specific AWS region to Amazon Outposts.

    • DR failback reverses the workflow.

Last updated