Proxy appliance is an auxiliary Linux-based EC2 instance. It is used to upload backed-up data to Amazon EC2. Veeam Backup & Replication automatically deploys the proxy appliance in Amazon EC2 only for the duration of the restore process and removes it immediately after that.
Depending on the type of backups you are restoring from and their location, the proxy appliance may be required or optional. The proxy appliance is required when you restore from:
- Backups of EC2 instances that are stored in external repositories.
- Backups of virtual and physical machines that are stored in object storage repositories.
The proxy appliance is optional when you restore from backups of virtual and physical machines stored in backup repositories, or backups of EC2 instances copied to backup repositories with backup copy jobs. It is recommended, however, to use the proxy appliance in scenarios where it is optional, as the proxy appliance can significantly improve restore performance. You can specify the proxy appliance settings at the Proxy Appliance step of the Restore to Amazon EC2 wizard.
Requirements for Proxy Appliance
When configuring a proxy appliance, mind the following:
- If you want to restore from backups in an on-premises object storage repository, the proxy appliance machine must have access to the source object storage repository. To provide access to object storage repositories, you can use VPN or AWS Direct Connect.
- To upload one machine disk to Amazon EC2, the proxy appliance requires 1 GB RAM. Make sure that the type of EC2 instance selected for the proxy appliance offers enough memory resources to upload all machine disks. Otherwise, the restore process may fail.
- A subnet and security group that you select for the proxy appliance must meet the following requirements:
- Auto-assignment of public IPv4 addresses must be enabled in the subnet. For more information on how to enable this option, see the AWS Documentation.
- The subnet route table must contain a default route to an active AWS internet gateway. For more information on internet gateways and how to create route tables, see the AWS Documentation.
- The subnet must have no network access control lists (ACLs) or a network ACL that allows inbound and outbound traffic on the ports listed in the Ports section.
- The security group must allow inbound and outbound traffic on the ports listed in the Ports section.