Helper Appliances

Helper appliance is an auxiliary Linux-based EC2 instance. It is used to upload backed-up data to Amazon EC2. Veeam Backup & Replication automatically deploys the helper appliance in Amazon EC2 only for the duration of the restore process and removes it immediately after that.

Depending on the type of backups you are restoring from and their location, the helper appliance may be required or optional. The helper appliance is required when you restore from:

The helper appliance is optional when you restore from backups of virtual and physical machines stored in backup repositories, or backups of EC2 instances copied to backup repositories with backup copy jobs. It is recommended, however, to use the helper appliance in scenarios where it is optional, as the helper appliance can significantly improve restore performance. You can specify the helper appliance settings at the Helper Appliance step of the Restore to Amazon EC2 wizard.

Requirements for Helper Appliance

When configuring a helper appliance, consider the following:

  • If you want to restore from backups in an on-premises object storage repository, the helper appliance machine must have access to the source object storage repository. To provide access to object storage repositories, you can use VPN or AWS Direct Connect.
  • To upload one machine disk to Amazon EC2, the helper appliance requires 1 GB RAM. Make sure that the type of EC2 instance selected for the helper appliance offers enough memory resources to upload all machine disks. Otherwise, the restore process may fail.
  • A subnet and security group that you select for the helper appliance must meet the following requirements:
  • Auto-assignment of public IPv4 addresses must be enabled in the subnet. For more information on how to enable this option, see the AWS Documentation.
  • The subnet route table must contain a default route to an active AWS internet gateway. For more information on internet gateways and how to create route tables, see the AWS Documentation.
  • The subnet must have no network access control lists (ACLs) or a network ACL that allows inbound and outbound traffic on the ports listed in section Ports.
  • The security group must allow inbound and outbound traffic on the ports listed in section Ports.

Page updated 11/22/2023

Page content applies to build 12.1.1.56