A worker instance is a Linux-based EC2 instance that is responsible for interaction with S3 repositories and performing data copy tasks. Veeam Backup for AWS automatically launches a worker instance in Amazon EC2 for the duration of a backup or restore process and removes it immediately after the process is complete.
Worker Instance Deployment
Veeam Backup for AWS launches worker instances for the following data protection and disaster recovery operations:
- Creating image-level backups in S3 repositories
- Restoring backed-up data
Veeam Backup for AWS launches one worker instance per each EC2 instance specified in a backup policy or restore task. For data protection operations, the type of the worker instance is selected automatically based on the size of the largest EBS volume attached to the processed EC2 instance. For data recovery operations, Veeam Backup for AWS launches worker instances of the following type:
- c5.large — for EC2 instance restore and volume-level restore
- t2.medium — for file-level restore
Worker Instance Location
Creating image-level backups
AWS region in which a processed EC2 instance resides
EC2 instance restore
AWS region to which an EC2 instance is restored
AWS region to which EC2 instance volumes are restored
File-level restore from cloud-native snapshots or snapshot replicas
AWS region in which an original EC2 instance resides
File-level restore from image-level backups
AWS region in which an S3 repository with backed-up data resides
Worker Instance Components
A worker instance uses the following components:
- Veeam Data Mover is a component that performs data processing tasks. During backup, the Veeam Data Mover retrieves EC2 instance data from snapshots and stores the retrieved data to S3 repositories. During restore, the Veeam Data Mover transfers backed-up data from S3 repositories to the target location.
- Veeam Backup browser is a web service that allows you to find and save files and folders of a backed-up EC2 instance to the local machine. The Veeam Backup browser is installed automatically on worker instances that are launched for file-level restore.
Security Certificates for Worker Instances
Veeam Backup for AWS uses self-signed TLS certificates to establish secure communication between the web browser on the local machine and the Veeam Backup browser on the worker instance during file-level restore. A self-signed certificate is generated automatically on the worker instance when the restore session starts.
Requirements for Worker Instances
For each AWS region where worker instances will be launched, you must configure network settings — specify the Amazon VPC, subnet, and security group to which worker instances must be connected. Otherwise, Veeam Backup for AWS will not be able to launch worker instances and thus perform data protection and disaster recovery operations. For details on how to configure network settings for worker instances, see Configuring Worker Instance Settings.