How Backup Works

In this article

    Veeam Backup for AWS does not install agent software inside instances to retrieve data. To back up resource data, Veeam Backup for AWS uses native AWS capabilities. During every backup session, Veeam Backup for AWS creates a cloud-native snapshot (for an RDS or EC2 instance) or an EFS backup (for an EFS file system) for each resource added to a backup policy. The cloud-native snapshot is further used to create a snapshot replica (for an RDS or EC2 instance) in another AWS Region or another AWS account and an image-level backup (only for an EC2 instance). The EFS backup can be used to create a backup copy in another AWS Region.

    To protect Amazon VPC configuration, Veeam Backup for AWS retrieves configuration data through API and saves this data to the Veeam Backup for AWS database and a backup repository if the VPC configuration backup copy is enabled.

    For more information on the backup process, see:

    EC2 Instance Backup

    Veeam Backup for AWS performs EC2 instance backup in the following way:

    1. Veeam Backup for AWS creates snapshots of EBS volumes that are attached to the processed EC2 instance.
    1. EBS snapshots are assigned AWS tags upon creation. Keys and values of AWS tags contain encrypted metadata that helps Veeam Backup for AWS identify the related EBS snapshots and treat them as a single unit — a cloud-native snapshot.
    1. If you enable snapshot replication for the backup policy, Veeam Backup for AWS copies cloud-native snapshots to the target AWS Region and AWS account specified in backup policy settings.
    1. If you enable image-level backup for the backup policy, Veeam Backup for AWS performs the following operations:
    1. Launches a worker instance in an AWS Region where the processed EC2 instance resides.
    2. Re-creates the EBS volumes from the cloud-native snapshot created at step 1 and attaches them to the worker instance.

    Note that the cloud-native snapshot used as a source for image-level backup is not a temporary snapshot, and it is required to perform changed block tracking (CBT). When the backup session completes, this snapshot remains in the snapshot chain until the next image-level backup session. For more information, see CBT Impact on Snapshot Retention.

    1. Reads data from the EBS volumes on the worker instance, transfers the data to a backup repository and stores it in the native Veeam format.

    To reduce the amount of data read from EBS volumes, Veeam Backup for AWS uses CBT: during incremental backup sessions, Veeam Backup for AWS transfers to a backup repository only those data blocks that have changed since the previous backup session. If CBT cannot be used, Veeam Backup for AWS reads the full content of EBS volumes. For more information, see Changed Block Tracking.

    Veeam Backup for AWS encrypts and compresses data saved to backup repositories. For more information on data encryption, see Enabling Data Encryption.

    1. When the backup session completes, Veeam Backup for AWS removes the worker instance from Amazon EC2.
    1. If you enable the backup archiving mechanism, Veeam Backup for AWS performs the following operations:
    1. Launches a worker instance in an AWS where a backup repository storing backed-up data resides.
    2. Retrieves data from the backup repository and transfers it to the archive repository.
    3. Removes the worker instance when the archive session completes.

    RDS Instance Backup

    Veeam Backup for AWS performs RDS instance backup in the following way:

    1. Veeam Backup for AWS creates a storage volume snapshot of an RDS instance (DB snapshot).

    The DB snapshot is assigned AWS tags upon creation. Keys and values of AWS tags contain encrypted metadata that helps Veeam Backup for AWS identify the related DB snapshot.

    1. If you enable snapshot replication for the backup policy, Veeam Backup for AWS copies the DB snapshot to the target AWS Region and AWS account specified in backup policy settings.

    EFS File System Backup

    Veeam Backup for AWS performs EFS file system backup in the following way:

    1. Veeam Backup for AWS creates a EFS backup of a file system using AWS Backup service.

    The backup is assigned AWS tags upon creation. Keys and values of AWS tags contain encrypted metadata that helps Veeam Backup for AWS identify the related EFS file system backup.

    1. If you configure the EFS backup policy to copy backup files to another AWS Region, Veeam Backup for AWS copies the created backup to the target AWS Region in the same AWS account.

    VPC Configuration Backup

    Veeam Backup for AWS performs VPC configuration backup in the following way:

    1. Veeam Backup for AWS sends API requests to AWS to retrieve the VPC configuration data and saves this data in the Veeam Backup for AWS database.

    To back up the VPC configuration of an AWS Region, Veeam Backup for AWS uses permissions of an IAM role specified for this AWS Region in the backup policy. For each pair of the AWS account and the AWS Region whose VPC configuration data is backed up using the IAM role created in this AWS account, Veeam Backup for AWS creates a configuration record. Every time the VPC Configuration Backup policy runs, Veeam Backup for AWS updates the record to create a new restore point for the VPC configuration. For more information, see VPC Configuration Backup Chain.

    1. If you configure the VPC Configuration Backup policy to copy backup files to a backup repository, Veeam Backup for AWS launches Veeam Data Mover service on the backup appliance to copy the restore point to the target backup repository specified in the backup policy settings. On the repository, for each backed-up AWS account, Veeam Backup for AWS creates an individual folder with VPC configuration backup files.

    Related Topics