Veeam Backup for AWS 4.0 [Archived]
User Guide
Related documents
Search
This is an archive version of the document. To get the most up-to-date information, see the current version.

How Backup Works

Veeam Backup for AWS does not install agent software inside instances to retrieve data. To back up resource data, Veeam Backup for AWS uses native AWS capabilities. During every backup session, Veeam Backup for AWS creates a cloud-native snapshot (for an RDS or EC2 instance) or an EFS backup (for an EFS file system) for each resource added to a backup policy. The cloud-native snapshot is further used to create a snapshot replica (for an RDS or EC2 instance) in another AWS Region or another AWS account and an image-level backup (only for an EC2 instance). The EFS backup can be used to create a backup copy in another AWS Region.

To protect Amazon VPC configurations, Veeam Backup for AWS retrieves configuration data through API and saves this data to the configuration database. You can also instruct Veeam Backup for AWS to store copies of VPC configuration backups in a backup repository.

EC2 Instance Backup

Veeam Backup for AWS performs EC2 instance backup in the following way:

  1. Veeam Backup for AWS creates snapshots of EBS volumes that are attached to the processed EC2 instance.
  1. EBS snapshots are assigned AWS tags upon creation. Keys and values of AWS tags contain encrypted metadata that helps Veeam Backup for AWS identify the related EBS snapshots and treat them as a single unit — a cloud-native snapshot.
  1. If you enable snapshot replication for the backup policy, Veeam Backup for AWS copies cloud-native snapshots to the target AWS Region and AWS account specified in the backup policy settings.
  1. If you enable image-level backup for the backup policy, Veeam Backup for AWS performs the following operations:
  1. Launches a worker instance in an AWS Region where the processed EC2 instance resides.
  2. Re-creates the EBS volumes from the cloud-native snapshot created at step 1 and attaches them to the worker instance.

Note that the cloud-native snapshot used as a source for image-level backup is not a temporary snapshot — when the backup session completes, this snapshot remains in the snapshot chain and is deleted later according to the specified policy scheduling settings. For more information, see CBT Impact on Snapshot Retention.

  1. Reads data from the EBS volumes on the worker instance, transfers the data to a backup repository and stores it in the native Veeam format.

To reduce the amount of data read from EBS volumes, Veeam Backup for AWS uses the changed block tracking (CBT) mechanism: during incremental backup sessions, Veeam Backup for AWS compares the new cloud-native snapshot with the previous one and reads only those data blocks that have changed since the previous backup session. If CBT cannot be used, Veeam Backup for AWS reads all data from the re-created EBS volumes. For more information, see Changed Block Tracking.

Note

Veeam Backup for AWS encrypts and compresses data saved to backup repositories. For more information on data encryption, see Enabling Data Encryption.

  1. When the backup session completes, Veeam Backup for AWS removes the worker instance from Amazon EC2.
  1. If you enable the backup archiving mechanism, Veeam Backup for AWS performs the following operations:
  1. Launches a worker instance in an AWS where a backup repository storing backed-up data resides.
  2. Retrieves data from the backup repository and transfers it to the archive repository.
  3. Removes the worker instance when the archive session completes.

RDS Instance Backup

Veeam Backup for AWS performs RDS instance backup in the following way:

  1. Veeam Backup for AWS creates a storage volume snapshot of the processed RDS instance (that is, a DB snapshot).

The DB snapshot is assigned AWS tags upon creation. Keys and values of AWS tags contain encrypted metadata that helps Veeam Backup for AWS identify the related DB snapshot.

  1. If you enable snapshot replication for the backup policy, Veeam Backup for AWS copies the DB snapshot to the target AWS Region and AWS account specified in the backup policy settings.

EFS File System Backup

Veeam Backup for AWS performs EFS file system backup in the following way:

  1. Veeam Backup for AWS creates an EFS backup of the file system using AWS Backup service.

The backup is assigned AWS tags upon creation. Keys and values of AWS tags contain encrypted metadata that helps Veeam Backup for AWS identify the related EFS file system backup.

  1. If you configure the EFS backup policy to copy backup files to another AWS Region, Veeam Backup for AWS copies the created backup to the target AWS Region in the same AWS account.

VPC Configuration Backup

Veeam Backup for AWS performs VPC configuration backup in the following way:

  1. Veeam Backup for AWS sends API requests to AWS to retrieve the VPC configuration data, and saves this data in the Veeam Backup for AWS database.

To back up VPC configurations of AWS Regions added to a backup policy, Veeam Backup for AWS uses permissions of an IAM role specified in the backup policy settings. The VPC configuration data is collected for the AWS account to which the specified IAM role belongs.

Veeam Backup for AWS creates a configuration record for each pair of the AWS account and an AWS Region whose VPC configuration data is being backed up. Every time the VPC Configuration Backup policy runs, Veeam Backup for AWS updates the record to create a new restore point for the VPC configurations. For more information, see VPC Configuration Backup Chain.

  1. If you configure the VPC Configuration Backup policy to copy backup files to a backup repository, Veeam Backup for AWS launches the Veeam Data Mover service on the backup appliance to copy the restore point to the target backup repository specified in the backup policy settings. In the repository, for each AWS account in which VPC configuration data has been backed up, Veeam Backup for AWS creates an individual folder with VPC configuration backup files.

Related Topics

View all results across Veeam
Back to document search