Link Search Menu Expand Document

VPC configurations for Cloud Connector deployment

To deploy the Cloud Connector, select the VPC(s) you want to deploy it to. When choosing the VPC(s), note that different configurations may affect the process of deployment. Below you will find possible configurations to be used when deploying the Cloud Connector.

  • If the default VPC is used, then it should have a public subnet in every Availability Zone. Such configuration will work fine. If the default VPC is modified so it doesn’t consist entirely of public subnets with access to the Internet, backup operations with Elastio will fail.

Note: In case any other VPC is used, the modifications and/or deletion of the public VPC won’t affect the Elastio backups.

  • Public subnets with an IGW require “auto-assign public IPv4 address”.

  • Private subnets with a NAT gateway don’t require “auto-assign public IPv4 address”. (The instructions on how to configure a private subnet with a NAT gateway are here).

Using a public subnet with an IGW or a private subnet with a NAT depends on the need to access the vault from outside of the VPC, such as from a development workstation, a CI/CD pipeline, an on-prem server, etc.

Deploying the vault entirely in public subnets will allow the vault to be accessible over the Internet. So, performing backups, restores and mounts from outside of AWS (either from other clouds or from on-prem workstations) will become available. This is the most flexible configuration, but it might not be permitted depending upon each organization’s security policies.

If the vault is deployed in private subnets, it will be accessed only from within the private subnets. Performing backups and mounts from systems outside of the subnets will be possible only after setting up a VPN tunnel into the VPC with a network path from the VPN tunnel to the private subnets, where the vault is running.