22 Configuring Workers
When N2WS copies data to or restores data from a Storage Repository, or Explorint snapshots, it launches a temporary ‘worker’ instance to perform the actual work, such as writing objects into the repository or exploring snapshots.
- When performing backup operations, or Exploring snapshots, the ‘worker’ instance is launched in the region and account of the target instance. The backup or Explore ‘worker’ instance is configured in the Worker Configuration tab.
- When performing restore operations, the ‘worker’ instance is launched in the region and account that the backed-up instances are to be restored to. The restore ‘worker’ instance is selected or configured according to the following criteria:
- If a ‘worker’ for the target account/region combination was configured in the Worker Configuration screen, that ‘worker’ instance will be used during the restore or the Explore.
- If such a ‘worker’ does not exist for the target account/region combination, N2WS will attempt to launch one based on N2WS’s own configuration.
- If the N2WS configuration cannot be used because the restore, or Explore, will be to a different account or region than N2WS's, the user will be prompted during the restore to configure the ‘worker’.
If you plan to copy to Storage Repository only instances belonging to the same account and residing in the same region as that of the N2WS server, worker configuration Is not required since the worker will derive its configuration from the N2WS server instance.
Attempts to perform Storage Repository/Cold Storage backup and restore operations from an account/region, or to Explore out of the N2WS server account/region, without a valid worker configuration will fail.
It is necessary to define a separate worker configuration for each planned account/region combination of Copy to S3 instance snapshots, or each Explore region.
To keep transfer fee costs down when using Copy to 3, create an S3 endpoint in the worker’s VPC.
To configure S3 worker parameters:
- 1.Select the Worker Configuration tab.
- 2.On the New menu, select AWS Worker.
- 3.In the User and Account lists, select the User and Account that the new worker is associated with.
- 4.In the Region list, select a Region. This configuration will be applied to all workers launched in this region for this account.
- 5.In the Key pair list, select a key pair. Using the default, Don’t use key pair, disables SSH connections to this worker.
- 6.In the VPC list, select a VPC. The selected VPC must be able to access the subnet where N2WS is running as well as the S3 endpoint.
- 7.In the Security Group list, select a security group. The selected security group must allow outgoing connections to the N2WS server and to the S3 endpoint.
- 8.In the Subnet list, select a subnet, or choose Any to have N2WS choose a random subnet from the selected VPC.
- 1.When performing a recovery, if you choose ‘Any’ in the Subnet drop-down list, N2WS will automatically choose a subnet that is in the same Availability Zone as the one you are restoring to.
- 2.If you choose a specific subnet that is not in the same Availability Zone as the one you are restoring to, you will have to choose a different subnet from the Subnet drop-down list in the Worker Configuration tab of the Recovery screen.
- 9.In the Worker Role list, select an instance role granting the Worker the permissions required for its policies, or select No Role to not attach an instance role to the Worker.
- 1.If Custom ARN is selected, enter the Custom ARN.
- 2.If No Role is selected, N2WS will generate temporary credentials and securely pass them to the Worker thereby granting the Worker the permissions linked to the Account that owns the policy and/or the repository.
- 10.In the Network Access list, select a network access method.
Direct network access or indirect access via an HTTP proxy is required:
- Direct - Select a Direct connection if no HTTP proxy is required.
- via HTTP proxy – If an HTTP proxy is required, select, and fill in the proxy values.
11. Select Save.
To edit or delete a worker configuration:
- 1.In the Worker Configuration tab, select a worker.
- 2.Select Delete or Edit.
You can add multiple tags to each account for workers for subsequent monitoring of cost and usage in the AWS Cost Explorer. When the worker is launched during Copy to S3, Recover S3, file-level recovery, or worker test, you will be able to filter for the N2WS worker tags in the Tags tab of the AWS Cost Explorer. To activate your worker tags, see section 22.2.1.
To add worker tags:
- 1.In the Worker Configuration tab, select a worker and then select the Worker Tags tab.
- 2.Select New, and enter the Tag Name and Value. The Value may be blank.
- 3.Select Save.
To allow CPM Cost Explorer calculations in AWS, users must add cost allocation tags once.
To activate user cost allocation tags:
- 2.In the navigation pane, select Cost Allocation Tags.
- 3.Choose the worker tags to activate.
- 4.Select Activate.
It can take up to 24 hours for tags to activate.
Before a worker is needed, you can test whether it successfully communicates with the N2WS server and other communication targets. Depending on the test, some, but not all, AWS permissions are also checked.
- Connectivity to N2WS Server (default)
- SSH Test - Connectivity to N2WS server using SSH
- EBS API Test - Test API connectivity and check AWS ebs:ListSnapshotBlocks permission
- S3 Endpoint Test - Test connectivity; check AWS s3:ListAllMyBuckets and s3:ListBucket permissions
To test a worker configuration:
- 1.Select a worker, and then select Test.
- 2.If you want to test connections in addition to the worker, in the Select Additional Tests dialog box, select the relevant tests.
- 3.Select Run Tests. The ‘Worker Configuration test is underway’ message briefly appears at the top right and the ‘ In Progress’ message appears in the Test Status column. Select Refresh as necessary.
- 4.Check the results in the Test Status column: Successful or Failed.
- 5.If not 'Successful':
- 1.Select Test Status to display information about the root cause.
- 2.To check settings, select Edit.
Besides the requested connectivity tests, the Configuration Test Details include Account, Region, Zone, Key Pair, VPC, Security Group, and whether an HTTP Proxy was required.
To view and download the latest log, select