📄
N2WS Backup & Recovery User Guide 4.3.0
  • 1 Introduction to N2WS
  • 2 Installing and Upgrading N2WS
  • 3 Start Using N2WS
  • 4 Defining Backup Policies with N2WS
  • 5 Consistent Backup with N2WS
  • 6 Windows Instances Backup with N2WS
  • 7 Linux/Unix Instances Backup with N2WS
  • 8 Using Elastic File System (EFS) with N2WS
  • 9 Additional N2WS Backup Topics
  • 10 Performing Recovery with N2WS
  • 11 Disaster Recovery with N2WS
  • 12 Cross-Account DR, Backup, and Recovery with N2WS
  • 13 File-Level Recovery with N2WS
  • 14 Tag-based Backup Management with N2WS
  • 15 N2WS Resource Control
  • 16 Security Concerns and Best Practices with N2WS
  • 17 Alerts, Notifications, and Reporting with N2WS
  • 18 N2WS User Management
  • 19 N2WS IdP Integration
  • 20 Configuring N2WS with CloudFormation
  • 21 Managing Snapshots with Lifecycle Policies with N2WS
  • 22 Configuring Workers with N2WS
  • 23 Capturing and Cloning in Network Environments with N2WS
  • 24 Orchestrating Recovery Scenarios with N2WS
  • 25 Monitoring Costs and Savings with N2WS
  • 26 Using N2WS with Azure
  • Appendix A Recommended Configuration for Copy to S3 with N2WS
  • Appendix B Agents Configuration Format with N2WS
  • Appendix C Time Zones with N2WS
  • Appendix D Datadog Integration with N2WS
  • Appendix E Splunk Integration Support with N2WS
  • Appendix F - Resetting Root Password or MFA in N2WS
  • Appendix G - Securing Default Certificates on N2WS Server
Powered by GitBook
On this page
  • 22.1 Worker Parameters
  • ‌22.2 Worker Tags
  • 22.2.1 Configuring AWS to Allow CPM Cost Explorer Calculations
  • 22.3 Testing the Configuration for a Worker

22 Configuring Workers with N2WS

Learn how perform operations in non-N2WS server regions using temporary worker instances.

Previous21 Managing Snapshots with Lifecycle Policies with N2WSNext23 Capturing and Cloning in Network Environments with N2WS

Last updated 10 months ago

Workers for recovery of RDS databases are not configured here but in the Worker Configuration tab of the RDS database Recover screen. See section .

When N2WS copies data to or restores data from a Storage Repository, or Explorint snapshots, it launches a temporary ‘worker’ instance to perform the actual work, such as writing objects into the repository or exploring snapshots.‌

  • When performing backup operations, or Exploring snapshots, the ‘worker’ instance is launched in the region and account of the target instance. The backup or Explore ‘worker’ instance is configured in the Worker Configuration tab.

  • When performing restore operations, the ‘worker’ instance is launched in the region and account that the backed-up instances are to be restored to. The restore ‘worker’ instance is selected or configured according to the following criteria:

    • If a ‘worker’ for the target account/region combination was configured in the Worker Configuration screen, that ‘worker’ instance will be used during the restore or the Explore.

    • If such a ‘worker’ does not exist for the target account/region combination, N2WS will attempt to launch one based on N2WS’s own configuration.

    • If the N2WS configuration cannot be used because the restore, or Explore, will be to a different account or region than N2WS's, the user will be prompted during the restore to configure the ‘worker’.

  • You can add tags to a worker for subsequent tracking in the AWS Cost Explorer.

    • To activate Cost Explorer in N2WS and AWS, see section .

    • To add worker tags, see section .

If you plan to copy to Storage Repository only instances belonging to the same account and residing in the same region as that of the N2WS server, worker configuration Is not required since the worker will derive its configuration from the N2WS server instance.

Attempts to perform Storage Repository/Cold Storage backup and restore operations from an account/region, or to Explore out of the N2WS server account/region, without a valid worker configuration will fail.‌

You can manage workers and their configurations as well as test their communication with the CPM, SSH, EBS API, and S3 Endpoint in the Worker Configuration tab (section ).​‌

22.1 Worker Parameters

‌It is necessary to define a separate worker configuration for each planned account/region combination of Copy to S3 instance snapshots, or each Explore region.

To keep transfer fee costs down when using Copy to 3, create an S3 endpoint in the worker’s VPC.‌

To configure S3 worker parameters:‌

  1. Select the Worker Configuration tab.

  3. In the User and Account lists, select the User and Account that the new worker is associated with.

  4. In the Region list, select a Region. This configuration will be applied to all workers launched in this region for this account.

  5. In the Key pair list, select a key pair. Using the default, Don’t use key pair, disables SSH connections to this worker.

  6. In the VPC list, select a VPC. The selected VPC must be able to access the subnet where N2WS is running as well as the S3 endpoint.

  7. In the Security Group list, select a security group. The selected security group must allow outgoing connections to the N2WS server and to the S3 endpoint.

  8. In the Subnet list, select a subnet, or choose Any to have N2WS choose a random subnet from the selected VPC.

    1. When performing a recovery, if you choose ‘Any’ in the Subnet drop-down list, N2WS will automatically choose a subnet that is in the same Availability Zone as the one you are restoring to.

    2. If you choose a specific subnet that is not in the same Availability Zone as the one you are restoring to, you will have to choose a different subnet from the Subnet drop-down list in the Worker Configuration tab of the Recovery screen.

  9. In the Worker Role list, select an instance role granting the Worker the permissions required for its policies, or select No Role to not attach an instance role to the Worker.

    1. If Custom ARN is selected, enter the Custom ARN.

    2. If No Role is selected, N2WS will generate temporary credentials and securely pass them to the Worker thereby granting the Worker the permissions linked to the Account that owns the policy and/or the repository.

  10. In the Network Access list, select a network access method.

Direct network access or indirect access via an HTTP proxy is required:

  • Direct - Select a Direct connection if no HTTP proxy is required.

  • via HTTP proxy – If an HTTP proxy is required, select, and fill in the proxy values.

11. Select Save.

To edit or delete a worker configuration:‌

  1. In the Worker Configuration tab, select a worker.

‌22.2 Worker Tags

You can add multiple tags to each account for workers for subsequent monitoring of cost and usage in the AWS Cost Explorer. When the worker is launched for any type of operation, such as Copy to S3, Recover S3, file-level recovery, Cleanup, worker testing, etc., it will be tagged with the specified tags. You will then be able to filter for the N2WS worker tags in the Tags tab of the AWS Cost Explorer.

To add worker tags:‌

  1. In the Worker Configuration tab, select a worker and then select the Worker Tags tab.

  3. Select Save.​‌

22.2.1 Configuring AWS to Allow CPM Cost Explorer Calculations

‌To allow CPM Cost Explorer calculations in AWS, users must add cost allocation tags once.‌

To activate user cost allocation tags:‌

  2. In the navigation pane, select Cost Allocation Tags.

  3. Choose the worker tags to activate.

  4. Select Activate.

It can take up to 24 hours for tags to activate.‌

22.3 Testing the Configuration for a Worker

Before a worker is needed, you can test whether it successfully communicates with the N2WS server and other communication targets. Depending on the test, some, but not all, AWS permissions are also checked.‌

  • Connectivity to N2WS Server (default)

  • SSH Test - Connectivity to N2WS server using SSH

  • EBS API Test - Test API connectivity and check AWS ebs:ListSnapshotBlocks permission

  • S3 Endpoint Test - Test connectivity; check AWS s3:ListAllMyBuckets and s3:ListBucket permissions

To test a worker configuration:‌

  4. Check the results in the Test Status column: Successful or Failed.

  5. If not 'Successful':

Besides the requested connectivity tests, the Configuration Test Details include Account, Region, Zone, Key Pair, VPC, Security Group, and whether an HTTP Proxy was required.​‌

On the ​ New menu, select AWS Worker.

12. Test the new worker (section ).​

Select ​ Delete or ​ Edit.

To activate your worker tags, see section .‌

Select ​ New, and enter the Tag Name and Value. The Value may be blank.

Log in to the AWS Management Console at and open the Billing and Cost Management console.

For complete details, see .‌

Select a worker, and then select ​ Test.

If you want to test connections in addition to the worker, in the Select Additional Tests dialog box, select the relevant tests.

Select Run Tests. The ‘Worker Configuration test is underway’ message briefly appears at the top right and the ‘ ​ In Progress’ message appears in the Test Status column. Select ​ Refresh as necessary.

Select ​ Test Status to display information about the root cause.

To check settings, select ​ Edit.

To view and download the latest log, select​Test Log.​

https://console.aws.amazon.com/billing/home#/
http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/activating-tags.html
22.3
22.2.1
22.2
22.3
25.1
21.4.3