Protecting FSx File Systems
With Veeam Backup for AWS, you can perform the following operations to protect FSx file systems:
- Create cloud-native backups of FSx file systems and store them in any backup vault in the source AWS Region.
An Amazon FSx file system backup captures the whole image of the FSx file system (including file system configuration, files, directories and so on) at a specific point of time. FSx backups are taken using native AWS capabilities.
- Create backup copies of FSx file systems and store them in AWS Regions within the same AWS account.
By default, FSx backups are stored only in the AWS Region where the processed resources reside. For enhanced data safety, you can instruct Veeam Backup for AWS to create copies of these backups and store them in any other default AWS Region (that is, an AWS Region activated by default for your AWS account) within the same AWS account.
To protect FSx file systems, Veeam Backup for AWS runs backup policies. A backup policy is a collection of settings that define the way backup operations are performed: what data to back up, where to store backups, when to start the backup process, how to retain restore points, and so on.
Veeam Backup for AWS does not install agent software inside instances to back up FSx file systems — it uses native AWS capabilities instead. During every backup session, Veeam Backup for AWS creates a cloud-native backup for each file system added to a backup policy. The cloud-native backup is further used to create a backup copy in another AWS Region.
Supported FSx File System Properties
Veeam Backup for AWS allows you to back up and restore the following file system properties:
Property | Description | Ability to Change Property During Restore to New Location |
|---|---|---|
File system name | Name of an FSx file system. | Yes |
Deployment type | Deployment type of the FSx file system. | No |
Storage type | Storage type of the FSx file system. | No |
Storage capacity | Storage capacity of the FSx file system. | No |
Throughput capacity | Sustained speed at which file servers hosting the FSx file system can process data. | No |
Throughput per unit of storage | Read/write throughput for each 1 TiB of provisioned storage, in MB/s/TiB. | No |
IOPS | Maximum number of input/output operations per second that the FSx file system can process. | No |
Provisioned Metadata IOPS | Maximum rate of metadata operations supported by the FSx file system. | No |
Volume properties | Properties of the FSx file system configured to manage its root volume storage. | No |
Provisioned SSD IOPS | Additional IOPS provisioned to the FSx file system. | No |
Data compression type | Defines whether the FSx file system data is compressed. | No |
Windows authentication | Type of an Microsoft Active Directory to which the FSx file system is joined. | No |
Active Directory domain name | Domain name of the Microsoft AD to which the FSx file system is joined. | Yes |
DNS server IP addresses | IPv4 addresses of DNS servers configured for the domain. | Yes |
Service account user name | Name of a service account that has access to the FSx file system. | Yes |
Organizational unit | Path name of an organizational unit in which the FSx file system is connected. | Yes |
System administrators group | Name of an Active Directory group that has privileges to manage the FSx file system. | Yes |
DNS Aliases | Additional names that are used to access FSx file system data. | No |
Root squash configuration | Additional layer of access control configured for the FSx file system. | No |
Tags | File systems identifiers. | No |
VPC | VPC to which the FSx file system is connected. | Yes |
Subnet | Subnet in which the elastic network interface of the FSx file system resides. | Yes |
Preferred and standby subnet | Subnets in which the network interfaces of the primary and standby file servers reside. | Yes |
Security groups | Security groups associated with the FSx file system. | Yes |
Route tables | Route tables associated with the subnet of the VPC to which the FSx file system is connected. | Yes |
Encryption key | AWS KMS key that is used to encrypt the FSx file system data. | Yes |
Backup and maintenance | Defines whether daily automatic backup is scheduled and whether a weekly maintenance window is configured for the FSx file system. | No |
Important |
Veeam Backup for AWS does not support restore of the following items:
|
If you plan to protect FSx file systems, make sure that security groups associated with these file systems allow access to the following ports:
File System Type | Protocol | Ports | Notes |
|---|---|---|---|
Amazon FSx for Windows File Server | UPD | 53, 88, 123, 389, 464 | Requires inbound and outbound access. |
TCP | 53, 88, 135, 389, 445, 464, 636, 3268, 3269, 5985, 9389, 49152-65535 | ||
Amazon FSx for Lustre | TCP | 988, 1018-1023 | Requires inbound access. For more information on file system access control, see AWS Documentation. |
Amazon FSx for OpenZFS | TCP, UDP | 111, 2049, 20001-20003 | Requires inbound access. |
To learn how to authorize access to security groups, see AWS Documentation.
How To Protect FSx File Systems
To create an FSx backup policy, perform the following steps:
- Check limitations and prerequisites.
- Specify IAM roles to access AWS services and resources.
- [Optional] Configure email notification settings for automated delivery of backup policy results and daily reports.
- Complete the Add FSx Policy wizard.
Related Topics