Enabling access to data

You must manually enable access to the instances by assigning credential groups to them in HYCU for AWS:

Guest OS Data protection scenario

any

  • You plan to restore individual files using a user account that you specify.

  • You plan to use a specified user account for the restore, either to reuse an already existing user account or to comply with policies that impose restrictions on the utilized user names and passwords.

Linux

  • You plan to use pre‑snapshot or post‑snapshot scripts and run them with a user account that you specify.

  • The SSH server is configured to use a non‑default TCP port.

  • The SSH server is configured to use public key authentication.

Windows

  • You plan to use pre‑snapshot or post‑snapshot scripts.

  • The WinRM server is configured to use the HTTP transport protocol or a non‑default TCP port.

Configuring and assigning credential groups manually

Prerequisites

  • A user account with sufficient privileges is configured within each instance. For details on how to do this, see AWS documentation.

  • For Linux instances:

    • Ensure the following within the instance:

      • The specified user account is a member of the sudo user group.

      • The following line is included in the /etc/sudoers file:

        <UserName> ALL=(ALL) NOPASSWD: /bin/lsblk, /bin/ls, /bin/mkdir, 
/bin/mv, /bin/umount, /bin/cp, /bin/rm, /bin/mount

    • Only if you want HYCU for AWS to access the instance by using a specific user account with password authentication. The SSH server is configured to allow password authentication for signing-in on to the instance.

    • For Ubuntu 22.04 instances that have RSA key-based authentication configured:

      You must add the PubkeyAcceptedKeyTypes=+ssh-rsa parameter to the /etc/ssh/sshd_config file, and then restart the SSH service by running the systemctl restart ssh.service command.

Limitation

Only if you use the SSH protocol with public key authentication. If keys are generated with PuttyKeyGen or ssh-keygen using the legacy PEM format, only DSA and RSA keys are supported.

To access the Instances panel, in the navigation pane, click  Instances. Alternatively, in the Dashboard panel, click the Instances widget.

Procedure

  1. In the Instances panel, select the instance to which you want to assign a credential group.

  2. Click  Credentials. The Credential Groups dialog box opens.

  3. Click  New.

  4. In the Credential group name field, enter a name for the credential group.

  5. From the Protocol drop-down menu, select one the following protocol options:

    Protocol option Instructions
    Automatic

    Select this option if you want HYCU for AWS to automatically select a protocol for accessing the instance—the SSH protocol (TCP port 22) or the WinRM protocol (TCP port 5985, HTTP transport)—, and then enter the user name and password of a user account that has required permissions to access the instance.

    Use the following format for the user name:

    • Linux: <LocalOrDomainUserName>

    • Windows: <LocalUserName>, <Domain>\<DomainUserName>, <DomainUserName>@<Domain>
    SSH

    Select this option if you want to use the SSH protocol for accessing the instance, and then do the following:

    1. In the Port field, enter the SSH server port number.

    2. From the Authentication drop-down menu, select the type of authentication you want to be used, and then provide the required information:

      Password authentication

      Enter the user name (in the <LocalOrDomainUserName> format) and password of a user account that has required permissions to access the instance.
      Public key authentication

      Do the following:

      1. Enter the user name (in the <LocalOrDomainUserName> format) and password of a user account that has required permissions to access the instance.

      2. Click Browse. Browse for and then select the file with the private key, and click Open.

        For information on how to obtain the private key, see AWS documentation.

      3. Only if the private key is encrypted. Enter the private key passphrase.
    WinRM

    Select this option to use the WinRM protocol for instance access and to enable the credential group adjustment for the actual WinRM server configuration.

    1. From the Transport drop-down menu, select the transport protocol of the WinRM server in the instance.

    2. In the Port field, enter the WinRM server port number.

    3. Enter the user name (in the <localuser>, <domain>\<user>, or <user>@<domain> format) and password of a user account that has required permissions to access the instance.

  6. Click Save.

  7. Click Assign.

The name of the assigned credential group appears in the Credential group column of the Instances panel. HYCU for AWS performs instance discovery after you assign the credentials to the instance and the Discovery status in the Instances panel is updated accordingly.

t Tip  If several instances share the same user name and password, you can use multiple selection to assign the same credential group to them.

To unassign a credential group from an instance, in the Instances panel, select the instance, click  Credentials, and then click Unassign.

You can also edit any of the existing credential groups (select a credential group, click  Edit , and then make the required modifications) or delete the ones that you do not need anymore (select a credential group, and then click  Delete).