1.1Launching the instance
1.2CPM Server Instance Connectivity
2CPM Server Instance Configuration
3Setting a Simple Backup Policy
3.1Adding an AWS Account
3.2Creating a simple backup schedule
3.3Creating a simple backup policy
4Performing a Basic Recovery

1 Introduction

1.1 Launching the instanceYou can reach all available CPM editions, pricing and links to purchase and start a free trial here. After registering, with AWS Marketplace products, you can use the1-click launch or launch via the AWS Management Console. The1-click option is very convenient. However, if you need to change some of the instance’s configuration, you will need to use the AWS console option. Furthermore, if you want to associate an IAM role to the CPM Server instance to save you from typing in AWS credentials (see CPM user’s guide: 11.4 – Using IAM), you will need to use the management console. 1.2 CPM Server Instance ConnectivityIn order for the configuration process to work, as well as CPM’s normal operations, CPM needs to be able to “talk” with AWS APIs. For that purpose it needs to have outbound connectivity to the Internet, or at least to AWS endpoints (see regions & endpoints on the AWS site). You need to make sure it has Internet connectivity; this may be achieved by placing the instance in a public subnet with a public IP address, by assigning an Elastic IP to the instance, using a NAT instance or by using an Internet Gateway. You also need to make sure DNS is configured properly and that HTTPS protocol is open for outbound traffic in the VPC security group settings (it is by default). Another option is to connect the CPM to the Internet using an HTTP proxy, we will explain how to do this later on.

2 CPM Server Instance Configuration

After launching the CPM AWS instance, use AWS Management Console or any other management tool to obtain the address of the new instance:
Use this address to connect to the CPM Server using the HTTPS protocol in your browser (https://<server address>). When a new CPM Server boots for the first time, it will automatically create aself-signed SSL certificate. Since the certificate is unique for this server, it is perfectly safe to use it, and you will need to use it during the configuration stage. However, you can later upload your own certificate if you wish. Since the certificate is self- signed and not signed by a trusted authority), you will need to approve it as an exception for the browser:

Browser: CPM supports Mozilla Firefox, Google Chrome, Safari and IE (Version 9+).


For CPM to work, Java Script needs to be enabled on your browser.

  The example in Figure 2-2 is from Firefox: After you click “I Understand the Risks” and add an exception for this server, you get the first screen of the CPM configuration application. At the first screen you’ll be asked to type/paste the instance ID of this new CPM instance. This was added to be able to verify that you are indeed the owner of this instance:
  At the second screen you’ll be asked to approve CPM’s license agreement:
  Please read the user license and check the box. After you click on “Next,” you will reach the next screen. In this screen you will define the root user of CPM. This screen looks a bit differently if you are using the Free Trial and BYOL Edition or one of the paid editions:
  If figure2-5 you see the screen of the Free Trial and BYOL Edition. To start a free trial, simply leave the “License” field with the default. If you purchased a license directly from N2W Software you need to choose one of the other options, according to the instructions you received. If you are using one of CPM’s paid products on AWS Marketplace, you will not see the “license” field at all. Additionally, you will need to enter a user name, an optional valid email address, and type the password twice. If this is an upgrade, the username must remain as it was, but the password can be modified.

Passwords: We do not enforce any password rules. However, it is recommended to use passwords that are difficult to guess, and to change them from time to time.

Info2-2After Clicking “Next,” you will need to define the time zone for the CPM Server, and enter whether you want to create a new CPM data volume or attach an existing one (from a previous CPM instance). The CPM Data volume is an EBS volume, created by CPM that contains all CPM’smeta-data and configuration. You will connect to an existing while upgrading from an existing setup. For new installations, please stay with the default. For new free trials you can only choose the new volume option.

The AWS credentials are an AWS Access Key and Secret Key. You should try not to use root credentials, but rather use credentials of an IAM user. You can either create that IAM user with power user permissions or use a stricter approach and allow the permissions as

specified in CPM’s user guide (14.4 Using IAM). If you assigned an adequate IAM role to this instance, you can choose “Use Instance’s IAM Role” in the “AWS Credentials” field, and then you do not need to enter access and secret keys. Please consult the user’s guide for more details (CPM Server Configuration Process). These credentials are used to create and/or attach the EBS data volume to CPM. CPM also saves them to use for file-level recovery.
  In the next page of the configuration application you define the final details. In Figure 2-7 you can see this screen, assuming you chose to create a new volume.
You can also set the capacity of the volume (for guidance on what size you should use, please consult the user’s guide: 2.4.1 – New data volume), and optionally change the port of the web service (443 is the default). If you choose to do so, you need to make sure the desired port is opened in one of the instance’s security groups. There is also a possibility to upload your own SSL certificate and key. If the SSL fields remain empty, CPM will continue to use the sameself-signed certificate. “Allow Anonymous Usage Reports” will send a usage report without any identification details to N2WS, so we can improve the CPM solution. Choose “Don’t Allow” if you don’t want these reports to be sent. The last step will ask you to register this account with N2W Software:
  This registration is mandatory for free trials and optional for paid products. We recommend all customers to perform this registration, as it will help us know you and provide better and faster support. In any case, N2W Software guarantees not to share your contact information with anyone. WARNING: Please use English characters only in registration.Non-English characters (e.g. German, French) will cause the operation to fail. After clicking on “Configure System” you will see a waiting screen. The operation usually takes around 30 seconds, but may take a little longer. Then you will be redirected to the success screen:
  When you see the screen in Figure 2-9, you know that the system was configured successfully. You can then click on the link to start using the system. It will take a few seconds for the application to start. If, for any reason, you are not directed automatically to the application login screen, you should reboot the instance from the management console:
  You can now login with the credentials you created in the first screen, and you’re ready to go…
When you login for the first time after creating a trial you will get an error message for the first few minutes, until CPM can connect and get approved by our licensing service:
  This message should go away in a few minutes. Please allow4-5 minutes and then refresh the screen.

3 Setting a Simple Backup Policy

3.1 Adding an AWS AccountAfter logging in the system for the first time, you will see the main screen:
  It is currently empty. The first thing you will need to do is to associate an AWS account so you can start backing up EC2 instances. Depending on the edition of CPM you registered to, you can associate one or more AWS accounts. Please click on the button in the top panel: “Manage AWS Accounts,” then click on “Add New Account.” add account
In this screen (Figure 3-2) you will type your AWS access key and secret key, or you can choose to use the IAM rle of the CPM server instance, if such a role was associated with the instance at launch time. These credentials are saved in the CPM database. However, the secret key is kept in an encrypted form. There is no way these credentials will ever appear in clear text format anywhere. Please see “Security Concerns and Best Practices” in the User’s Guide. Please stay with the default Backup Account. DR accounts relate tocross-account backup and recovery and are out of the scope of this guide. 3.2 Creating a simple backup scheduleClick on “Main” to go back to the main screen and then click the “Schedules” tab. Currently, the list of schedules is empty. You will now create the first schedule. Click on “New Schedule,” and then enter a name and description for it:
  You can also set the start time of this schedule and the frequency; available units are minutes, hours, days, weeks and months. 3.3 Creating a simple backup policy: Click on “Main” to go back to the main screen and then click the “Policies” tab. Currently, the list of policies is empty. You will now create the first policy. Click on “New Policy,” and then enter a name and description for it:
Figure 3-4
  Other fields in this screen (Figure 3-4) include: “Account” – each policy can be associated with one AWS account; “Auto Target Removal” – will determine whether toauto-remove resources that no longer exist; “Generations to Save” – defines how many backups of this policy we want to keep (older backups will be automatically deleted). “Status” – by default a policy is enabled; in the “Schedules” field, please check the schedule we just created. Now click “Apply” and look at the policies tab:
Figure 3-5
  When looking at this screen, you can see there are several things you can do with a policy. To edit the basic policy definition screen (the one you just filled), you can click on the link of the policy’s name. To configure the policy, you have three buttons – “Backup Targets,”
“More Options,” and “DR.” “Backup Targets” defines the actual objects this policy will back up. Click on this button:
  As you can see in Figure 3-6, there are four types of objects you can back up: Instances, Volumes, RDS Databases, RDS Aurora Clusters and Redshift Clusters. “Instances” means backing up EC2 instances, including their Meta data, and optionally some or all of their data volumes. This is the most common backup target. “Volumes” means backing up EBS volumes independently, whether or not they are attached to an instance, and regardless of which instance they are attached to. This can be useful to back up volumes which are not always attached to an instance, or volumes that move between instances, like cluster volumes. “RDS Databases” allow you to add backups of RDS DB instances. This will use RDS snapshots, and can be useful for backing up RDS databases together with other types of objects, or for anyone who wishes to backup RDS databases using CPM, in addition to or instead of using AWS automatic backup. Aurora is similar to RDS but handles Aurora clusters. Redshift will allow you to manage Redshift Cluster snapshots. We will now add an instance to the policy. Click on “Add Instances” (see Figure 3-7). The instance and AMI IDs have been erased from this screenshot, although you will see them. You can see the list of instances you have in the policy’s account. You can use the free text search, column based sorting, or pagination, if there are a lot of instances and you are seeking a specific one. Although you can add backup objects from different regions in the same policy, in many cases it is not a good practice to do so.
  Check an instance you want to back up and click on “Add Selected.” This will add the requested instance to the screen in the background, and remove it from the popup window, although it does not close the popup. You can add as many instances as you want, and when you’re finished, click “Close.” Back in the “Backup Targets” screen you can see the instance on the list of instances. You have buttons to remove it from the policy and a “Configure” button. By default, all EBS volumes which are attached to this instance will be backed up. If a volume gets detached from, or attached to the instance, it will not interfere with the normal operations of the policy. Every backup, CPM will check which volumes are attached to the instance and take snapshots of them. Click on “Main” and go to the policies tab again. Click on the “backup times” link in the “Schedules” column of the policy. You will see the planned backups for this policy. The backups will start automatically. Consult the User’s Guide to see how to create application consistency for Linux and Windows servers.

4 Performing a Basic Recovery

CPM backs up the requested objects at the requested times. When you return to the main console after a while, you can view the backups in the “Backup Monitor” tab:
  For each backup, you can see exact start and finish times, and status. Click on “View” in the “Snapshots” column, and see the individual EBS snapshots of all the volumes. Click on “Open” in the “Log” column, and view the log of this backup with all the details. In order to recover from a certain backup (typically the most recent successful backup), you only need to click on the “Recover” button in the “Actions” column:
  In the recovery panel screen (Figure 4-2) you can see all the instances that this backup contains. Should this policy include also EBS volumes, RDS databases or Redshift Clusters, you will have a link to recover them as well. In order to recover an instance, just click on the “Instance” button. The “Volumes Only” button is for recovering only the EBS volumes of the
instance, without actually creating a new instance. You will now see the “Recover Instance” page:
  Most of the options when launching EC2 instances are available here and may be modified. The good thing is that the defaults are exactly the options the originalbacked-up instance had at the time of the backup, including the tags associated with it. So, just clicking the “Recover Instance” button will recover an instance exactly like the original one. A further option worth mentioning here is “Launch from.” This sets the option for the image the new instance will be launched from. In case of aninstance-store-based instance, the only option would be to launch from an image. The default will be the original image, although it can be changed. In case it’s a LinuxEBS-based instance, as in this example, and the backup includes the snapshot of the boot device, you can choose between launching from an image (the original image or another), and launching from the snapshot, which is the default. In case you choose to launch from a snapshot, a new image (AMI) will be created, and you can choose whether you want to keep the image after the recovery is complete, or deregister it. You can even choose not to perform the recovery now, and only create the image, to recover from it later. After you click “Recover Instance” and confirm, you will be directed back to the recovery panel page, and will get a message about the operation success:
  The message will include the instance ID of the new instance, and now you can go and see it in the AWS Management Console. The recovered instance is exactly the same as the original one, with all its EBS volumes. This concludes the Quick Start Guide. Please consult the User’s Guide for more details.