Step 4. Specify Guest Processing Settings
If you back up EC2 instances that are currently running, at the Guest Processing step of the wizard, you can configure guest processing settings. These settings allow you to specify what actions Veeam Backup for AWS will perform when communicating with the instance guest OS.
Particularly, you can specify the following guest processing settings:
- Enable application-aware processing. For Windows EC2 instances running VSS-aware applications, you can enable application-aware processing to ensure that the applications will be able to recover successfully, without data loss.
Application-aware processing is the Veeam technology based on Microsoft VSS. Microsoft VSS is responsible for quiescing applications on EC2 instances and creating a consistent view of application data. For more information on Microsoft VSS, see Microsoft Docs.
- Enable guest scripting. For all processed EC2 instances, you can instruct Veeam Backup for AWS to run custom scripts on the instance before and after the backup operation. For example, for an EC2 instance running applications that do not support Microsoft VSS, Veeam Backup for AWS can execute a pre-snapshot script on the instance to quiesce these applications. This will allow Veeam Backup for AWS to create a transactionally consistent snapshot while no write operations occur on the instance volumes. After the snapshot is created, a post-snapshot script can start the applications again.
To be able to communicate with instance guest OSes, Veeam Backup for AWS uses the AWS Systems Manager (SSM) service. Thus, if you plan to enable guest processing for EC2 instances protected by the policy, you must consider the following:
- The backup appliance must have outbound internet access to the SSM service.
- EC2 instances for which you plan to enable guest processing must have the 443 network port opened for outbound internet access to ensure proper communication of Veeam Backup for AWS and the instance guest OSes.
- The IAM role used for EC2 instance backup must have the following permissions to communicate with the SSM service: ssm:GetCommandInvocation, ssm:SendCommand.
- EC2 instances for which you plan to enable guest processing must have the SSM Agent installed. If the SSM Agent is not installed on an EC2 instance, you can install the agent manually using the AWS Management Console.
Note that the SSM Agent is preinstalled on EC2 instances launched from certain AMIs. For more information, see AWS Documentation.
For more information on the SSM service, see AWS Documentation.