22 Configuring Workers with N2WS
Learn how perform operations in non-N2WS server regions using temporary worker instances.
Last updated
Learn how perform operations in non-N2WS server regions using temporary worker instances.
Last updated
When N2WS copies data to or restores data from a Storage Repository, or Explorint snapshots, it launches a temporary ‘worker’ instance to perform the actual work, such as writing objects into the repository or exploring snapshots.‌
When performing backup operations, or Exploring snapshots, the ‘worker’ instance is launched in the region and account of the target instance. The backup or Explore ‘worker’ instance is configured in the Worker Configuration tab.
When performing restore operations, the ‘worker’ instance is launched in the region and account that the backed-up instances are to be restored to. The restore ‘worker’ instance is selected or configured according to the following criteria:
If a ‘worker’ for the target account/region combination was configured in the Worker Configuration screen, that ‘worker’ instance will be used during the restore or the Explore.
If such a ‘worker’ does not exist for the target account/region combination, N2WS will attempt to launch one based on N2WS’s own configuration.
If the N2WS configuration cannot be used because the restore, or Explore, will be to a different account or region than N2WS's, the user will be prompted during the restore to configure the ‘worker’.
You can add tags to a worker for subsequent tracking in the AWS Cost Explorer.
To activate Cost Explorer in N2WS and AWS, see section .
To add worker tags, see section .
Attempts to perform Storage Repository/Cold Storage backup and restore operations from an account/region, or to Explore out of the N2WS server account/region, without a valid worker configuration will fail.‌
You can manage workers and their configurations as well as test their communication with the CPM, SSH, EBS API, and S3 Endpoint in the Worker Configuration tab (section ).​‌
‌It is necessary to define a separate worker configuration for each planned account/region combination of Copy to S3 instance snapshots, or each Explore region.
To keep transfer fee costs down when using Copy to 3, create an S3 endpoint in the worker’s VPC.‌
To configure S3 worker parameters:‌
Select the Worker Configuration tab.
In the User and Account lists, select the User and Account that the new worker is associated with.
In the Region list, select a Region. This configuration will be applied to all workers launched in this region for this account.
In the Key pair list, select a key pair. Using the default, Don’t use key pair, disables SSH connections to this worker.
In the VPC list, select a VPC. The selected VPC must be able to access the subnet where N2WS is running as well as the S3 endpoint.
In the Security Group list, select a security group. The selected security group must allow outgoing connections to the N2WS server and to the S3 endpoint.
In the Subnet list, select a subnet, or choose Any to have N2WS choose a random subnet from the selected VPC.
When performing a recovery, if you choose ‘Any’ in the Subnet drop-down list, N2WS will automatically choose a subnet that is in the same Availability Zone as the one you are restoring to.
If you choose a specific subnet that is not in the same Availability Zone as the one you are restoring to, you will have to choose a different subnet from the Subnet drop-down list in the Worker Configuration tab of the Recovery screen.
In the Worker Role list, select an instance role granting the Worker the permissions required for its policies, or select No Role to not attach an instance role to the Worker.
If Custom ARN is selected, enter the Custom ARN.
If No Role is selected, N2WS will generate temporary credentials and securely pass them to the Worker thereby granting the Worker the permissions linked to the Account that owns the policy and/or the repository.
In the Network Access list, select a network access method.
Direct network access or indirect access via an HTTP proxy is required:
Direct - Select a Direct connection if no HTTP proxy is required.
via HTTP proxy – If an HTTP proxy is required, select, and fill in the proxy values.
11. Select Save.
To edit or delete a worker configuration:‌
In the Worker Configuration tab, select a worker.
You can add multiple tags to each account for workers for subsequent monitoring of cost and usage in the AWS Cost Explorer. When the worker is launched for any type of operation, such as Copy to S3, Recover S3, file-level recovery, Cleanup, worker testing, etc., it will be tagged with the specified tags. You will then be able to filter for the N2WS worker tags in the Tags tab of the AWS Cost Explorer.
To add worker tags:‌
In the Worker Configuration tab, select a worker and then select the Worker Tags tab.
Select Save.​‌
‌To allow CPM Cost Explorer calculations in AWS, users must add cost allocation tags once.‌
To activate user cost allocation tags:‌
In the navigation pane, select Cost Allocation Tags.
Choose the worker tags to activate.
Select Activate.
It can take up to 24 hours for tags to activate.‌
Before a worker is needed, you can test whether it successfully communicates with the N2WS server and other communication targets. Depending on the test, some, but not all, AWS permissions are also checked.‌
Connectivity to N2WS Server (default)
SSH Test - Connectivity to N2WS server using SSH
EBS API Test - Test API connectivity and check AWS ebs:ListSnapshotBlocks permission
S3 Endpoint Test - Test connectivity; check AWS s3:ListAllMyBuckets and s3:ListBucket permissions
To test a worker configuration:‌
Check the results in the Test Status column: Successful or Failed.
If not 'Successful':
Besides the requested connectivity tests, the Configuration Test Details include Account, Region, Zone, Key Pair, VPC, Security Group, and whether an HTTP Proxy was required.​‌
On the ​ New menu, select AWS Worker.
12. Test the new worker (section ).​
Select ​ Delete or ​ Edit.
To activate your worker tags, see section .‌
Select ​ New, and enter the Tag Name and Value. The Value may be blank.
Log in to the AWS Management Console at and open the Billing and Cost Management console.
For complete details, see .‌
Select a worker, and then select ​ Test.
If you want to test connections in addition to the worker, in the Select Additional Tests dialog box, select the relevant tests.
Select Run Tests. The ‘Worker Configuration test is underway’ message briefly appears at the top right and the ‘ ​ In Progress’ message appears in the Test Status column. Select ​ Refresh as necessary.
Select ​ Test Status to display information about the root cause.
To check settings, select ​ Edit.
To view and download the latest log, select​Test Log.​