Protecting instances

HYCU for AWS enables you to protect your instance data with fast and reliable backup and restore operations.

Prerequisites

  • To protect instances in Virtual Private Clouds (VPC) without public IPs or in subnets without public IPs, you must create the following VPC endpoints:

    • Interface endpoints: Amazon EC2 (ec2), AWS Security Token Service (sts), Amazon SQS (sqs), and Amazon SNS (sns)
    • Gateway endpoint for Amazon S3

    For details on how to enable AWS VPC endpoints, see AWS documentation.

  • The security group that the instance belongs to must have an inbound firewall rule for port 443 (HTTPS), source IP 0.0.0.0/0 and an outbound firewall rule for port 443 (HTTPS), destination IP 0.0.0.0/0.

    For instructions on how to configure and apply the network firewall rule, see AWS documentation.

Limitations

  • Instance memory is not protected.

  • Crash consistency of backup data is guaranteed only for each volume individually.

Considerations

  • Keep in mind that the role you have assigned determines what kind of actions you can perform. For details on roles, see “Managing roles”.

  • Data in instance backup images, copies of backup images, and data archives that HYCU for AWS creates is crash‑consistent, but it may not always be application‑consistent. If pre‑snapshot scripts are not provided, the application consistency of backup data is limited to applications that store their data on a single volume, and instances and applications that comply with the prerequisites for creating a Windows Volume Shadow Copy Service (VSS) snapshot. For more information about Windows VSS snapshot prerequisites, see “Backing up instances”.

For details on how to efficiently protect instance data, see the following topics: