Comprehensive Guide to Setting Up Zmanda in AWS
This guide provides step-by-step instructions for setting up a Zmanda hybrid environment in Amazon Web Services (AWS). Whether you choose to install Zmanda on the cloud with agents on your on-premise data center or prefer to deploy Zmanda on-premise with agents on the cloud, this guide will help you configure your environment seamlessly.
Scenario 1: Zmanda Installed on the Cloud and Agents Installed on the On-Premise Data Center
AWS Prerequisites:
Before you begin, make sure you have an active AWS account.
Virtual Private Cloud (VPC) Configuration:
Create a VPC in AWS with the necessary subnets for your EC2 instance. Configure IP ranges for these subnets.
Ensure the CIDR range of the VPC does not overlap with your on-premises network IP range.
Setting Up Zmanda on AWS EC2 Instance:
You can set up Zmanda on AWS EC2 instances by utilizing Zmanda’s Amazon Machine Image (AMI) available on the AWS Marketplace. Create an EC2 instance by following the steps outlined below:
Log in to the AWS console and navigate to EC2 instances.
Click on Launch Instances.
Under Application and OS Images (Amazon Machine Image), search for Zmanda.
Select the Zmanda Enterprise Backup Server image for your instance.
Choose a suitable instance type from the drop-down menu based on your needs.
Note: t3a.medium is the minimum requirement for Zmanda backup server.
Follow the on-screen instructions to create the instance.
Defining Inbound Security Group Rules:
The next step is to define inbound security group rules to open the VMs' ports, allowing Zmanda to communicate with the target within the on-premises workload.
Text | SSH to the VM | ZMC UI access | ZMC backup server |
Type | SSH | Custom TCP | Custom TCP |
Protocol | Not editable | Not editable | Not editable |
Port range | Not editable | 8008 | 8002 |
Source type | On-premises subnet | On-premises subnet | On-premises subnet |
Note:
Replace the custom source with your on-premises subnet range.
Ensure that ports 10080 and 10081 are enabled on the agent machine to establish connections with the backup server and restore server, respectively.
Setting Up Site-to-Site VPN Connection:
You will use a Site-to-Site VPN to connect your remote network (where your backup agent is located) to the Virtual Private Cloud (VPC).
During the setup process, you will choose a target gateway type: either a “virtual private gateway”, a “transit gateway”, or “not associated”.
Virtual Private Gateway:
Set up a virtual private gateway in your VPC. This acts as a VPN endpoint for your VPC.
Choose Virtual Private Gateways from the VPC navigation panel.
Create a virtual private gateway.
For Name tag, enter a name for your virtual private gateway. This step is optional.
For Autonomous System Number (ASN), maintain the default selection, which is the Amazon default ASN.
Choose Create virtual private gateway.
Select the virtual private gateway you created. Choose the Actions option, then select Attach to VPC.
For Available VPCs, choose the VPC where your Zmanda Server EC2 instance is located, and then select Attach to VPC.
Customer Gateway:
This represents your on-premises VPN device. Configure it with the relevant IP and authentication details.
VPN Connection:
Create a VPN connection in AWS, connecting the virtual private gateway to the customer gateway. This establishes a secure tunnel between your on-premises network and AWS.
Choose Site-to-Site VPN connections from the VPC navigation panel.
Choose Create VPN connection.
For Name tag, enter a name for your virtual private gateway. This step is optional.
For Target gateway type, select Virtual private gateway. Then, choose the virtual private gateway.
For Customer gateway, select Existing. Then, choose the customer gateway that you created earlier from Customer gateway ID.
Select Static routing option. For Static IP Prefixes, specify each IP prefix for the private network of your VPN connection.
Finally, select Create VPN connection.
Internet Gateway:
An Internet Gateway in AWS facilitates communication between resources within VPC and the public internet, allowing VPC resources, such as our EC2 instance, to connect to the internet.
Choose Internet Gateways from the VPC navigation panel.
Choose Create Internet Gateway.
Once created, go to Actions, then select Attach to VPC.
Routing Configuration:
Set up appropriate routing rules in your VPC route tables to ensure that traffic intended for your on-premises network is directed towards the Virtual Private Gateway.
This ensures that traffic from Zmanda backup server to the backup agent is routed through VPN tunnels.
For other public internet-bound traffic, you can route it through the internet gateway.
Navigate to the Route tables section and create a route table for your VPC.
Access the Route table settings and modify or add routes as needed.
For Destination, specify the IP address range of the on-premise network. For Target, select the appropriate gateway.
To route other traffic intended for the public internet, add an additional route with the destination set to 0.0.0.0/0 and select the internet gateway as the target.
On-Premises Configuration:
Configure your on-premises VPN device to establish a connection with the AWS VPN.
Set up routing on your on-premises network to direct traffic intended for the Zmanda Backup Server and Agent VMs through the VPN tunnel, with the customer gateway as the target.
Scenario 2: Zmanda Installed on the On-Premise Data Center and Agents Installed on the Cloud
AWS Prerequisites:
Before you begin, make sure you have an active AWS account.
Virtual Private Cloud (VPC) Configuration:
Create a VPC in AWS with the necessary subnets for your EC2 instance. Configure IP ranges for these subnets.
Ensure the CIDR range of the VPC does not overlap with your on-premises network IP range.
Defining Inbound Security Group Rules:
The agent EC2 instance should have the following rules enabled to communicate with the backup and restore server.
Note:
Replace the custom source with your on-premises subnet range.
Setting Up Site-to-Site VPN Connection:
You will use a Site-to-Site VPN to connect your remote network (where your backup agent is located) to the Virtual Private Cloud (VPC).
During the setup process, you will choose a target gateway type: either a virtual private gateway, a transit gateway, or "not associated".
Virtual Private Gateway:
Set up a virtual private gateway in your VPC. This acts as a VPN endpoint for your VPC.
Choose Virtual Private Gateways from the VPC navigation panel.
Create a virtual private gateway.
For Name tag, enter a name for your virtual private gateway. This step is optional.
For Autonomous System Number (ASN), maintain the default selection, which is the Amazon default ASN.
Choose Create virtual private gateway.
Select the virtual private gateway you created. Choose the Actions option, then select Attach to VPC.
For Available VPCs, choose the VPC where your Zmanda Server EC2 instance is located, and then select Attach to VPC.
Customer Gateway:
This represents your on-premises VPN device. Configure it with the relevant IP and authentication details.
VPN Connection:
Create a VPN connection in AWS, connecting the virtual private gateway to the customer gateway. This establishes a secure tunnel between your on-premises network and AWS.
Choose Site-to-Site VPN connections from the VPC navigation panel.
Choose Create VPN connection.
For Name tag, enter a name for your virtual private gateway. This step is optional.
For Target gateway type, select Virtual private gateway. Then, choose the virtual private gateway.
For Customer gateway, select Existing. Then, choose the customer gateway that you created earlier from Customer gateway ID.
Select Static routing option. For Static IP Prefixes, specify each IP prefix for the private network of your VPN connection.
Finally, select Create VPN connection.
Internet Gateway:
An Internet Gateway in AWS facilitates communication between resources within VPC and the public internet, allowing VPC resources, such as our EC2 instance, to connect to the internet.
Choose Internet Gateways from the VPC navigation panel.
Choose Create Internet Gateway.
Once created, go to Actions, then select Attach to VPC.
Routing Configuration:
Set up appropriate routing rules in your VPC route tables to ensure that traffic intended for your on-premises network is directed towards the Virtual Private Gateway.
This ensures that traffic from Zmanda backup server to the backup agent is routed through VPN tunnels.
For other public internet-bound traffic, you can route it through the internet gateway.
Navigate to the Route tables section and create a route table for your VPC.
Access the Route table settings and modify or add routes as needed.
For Destination, specify the IP address range of the on-premise network. For Target, select the appropriate gateway.
To route other traffic intended for the public internet, add an additional route with the destination set to 0.0.0.0/0 and select the internet gateway as the target.
On-Premises Configuration:
Configure your on-premises VPN device to establish a connection with the AWS VPN.
Set up routing on your on-premises network to direct traffic intended for the Zmanda Backup Server and Agent VMs through the VPN tunnel, with the customer gateway as the target.
By following these steps, you can successfully configure Zmanda in two distinct scenarios, allowing you to create a seamless and efficient deployment customized to your specific requirements.
Last updated
