Veeam Backup for AWS performs EFS backup in the following way:
- Veeam Backup for AWS creates a cloud-native backup of the file system using AWS Backup service and saves this backup to the specified backup vault in the same AWS Region in which the source file system resides.
The backup is assigned AWS tags upon creation. Keys and values of AWS tags contain encrypted metadata that helps Veeam Backup for AWS identify the related EFS file system backup.
- If you configure the EFS backup policy to copy backup files to another AWS Region, Veeam Backup for AWS copies the created backup to the target AWS Region in the same AWS account.
- If you enable EFS indexing in the backup policy settings, Veeam Backup for AWS performs the following operations:
- Launches a worker instance in an AWS Region in which the processed file system resides in an AWS account where the file system belong — that is, the production AWS account.
By default, Veeam Backup for AWS selects the most appropriate network settings of AWS Regions in production accounts (for example, selects a VPC specified as a mount target for the processed file system). However, you can add specific worker configurations. For more information on worker instances, see Managing Worker Configurations.
- Mounts the source file system on the worker instance.
- Reads data from the file system using the worker instance, creates a catalog of files and folders (index) of the system, transfers the index to a backup repository and stores it in the native Veeam format.
The EFS index is associated with the cloud-native backup created at step 1 and the backup copy created at step 2. However, if the indexing session does not complete by the time a new backup session starts, a new indexing session is not launched and Veeam Backup for AWS associates the created EFS index with 2 cloud-native backups and backup copies created by 2 backup sessions.
Veeam Backup for AWS encrypts and compresses data saved to backup repositories. For more information on data encryption, see Enabling Data Encryption.
- When the indexing session completes, removes the worker instance from Amazon EC2.