The
Cyber Recovery software is made available as an Amazon Machine Image (AMI). To deploy the
Cyber Recovery software to an Elastic Compute Cloud (EC2) instance in a Virtual Private Cloud (VPC), use an Amazon Web Services (AWS) CloudFormation template.
The CloudFormation template creates:
The
Cyber Recovery VPC—The VPC includes all the components required for the
Cyber Recovery solution.
Two subnets—The two private subnets include:
An AWS jump host on one subnet
The
Cyber Recovery management host and DDVE on the other subnet
NOTE:The production workstation cannot access the
Cyber Recovery management host directly. The Windows-based jump host is available in the VPC to access the
Cyber Recovery and DDVE instances. The management path is through the jump host.
Network access control lists (ACLs)—The ACLs provide a layer of security for the VPC that act as a virtual firewall for controlling traffic in and out of the subnets.
A security group for each instance—The security group protects the instance by acting as a virtual firewall to control inbound and outbound traffic.
VPC endpoints—The VPC endpoints enable private connections between the VPC and supported AWS services.
Identity and Access Management (IAM) roles—Along with the VPC endpoints, the roles provide access to AWS services for specific instances.
NOTE:CyberSense deployment is not included in the
CloudFormation template. Optionally, deploy CyberSense after the
Cyber Recovery solution is deployed on AWS. For more information, see
Deploying CyberSense on AWS.
The
CloudFormation template also deploys an AWS jump host. The Windows-based jump host is available in the VPC to access the
Cyber Recovery and DDVE instances. The management path is through the jump host.
Back up data is stored in Amazon Simple Storage Service (S3) buckets with a high level of deduplication.
The
Cyber Recovery deployment using
CloudFormation does not include a VPN. We strongly recommend that you:
Set up a VPN.
Use a VPN gateway or AWS Direct Connect to access the jump host.