Automatic restore of multiple machines from Veeam to AWS

Luca Dell'Oca,

A couple of weeks ago I presented to a customer Veeam’s integration with AWS services, specifically the Direct Restore to EC2 feature. He was really interested, but he also immediately thought about possible large scenarios of this feature. This solution is not a Disaster Recovery technology, since a machine is not replicated into EC2, ready to be powered on, but it’s rather a backup that is uploaded and then imported into EC2. But still, massive migrations or the creation of dev/test environments from a production copy were really nice use cases.

It was time to hit the lab and find out what was possible.

The original procedure

The original procedure in the Standalone console is good for one machine, and to learn what are the needed steps in a future automatic process. It starts by selecting a backup and the option to restore that machine to EC2:

This starts the wizard where multiple questions are asked, in this order:

  • the AWS account to be used: this has to have minimum permissions to be able to complete the task. I’ve posted a json file in my github to be used for the creation of the IAM role, you can get it here;
  • Region type can be either global, GovCloud or China;
  • the AWS region to be used;
  • the name the machine has to have once imported into EC2, and if any tag has to be applied;
  • Instance type and license, and which of the disks have to be restored (all by default);
  • The target VPC, subnet and security group;

As you can see, these are a good number of parameters to be chosen, and it may take some time to do it, not to count the potential errors.

Also, the use case that was discussed is about starting multiple machines concurrently; it would mean to go through the wizard again and again, once for each machine.

As an additional note, be careful also about the types of machines that are supported by AWS Import API: they are listed here, and as you can see not every Operating System is supported. I learned it the hard way when trying to import a Linux machine that had a kernel that was too new:

The automatic process

Veeam Powershell has a complete set of commands to automate the process of restoring a machine to EC2. Let’s see the relevant steps:

$vm_name = “lemp7”

$ami_name = “lemp7-aws”

# Load the aws account to operate against the VPC

$aws_account = Get-VBRAmazonAccount -AccessKey AKIAIMMUEGVLLWR3VOOA

# Get the correct aws region to work against (this is Frankfurt)

$aws_region = Get-VBRAmazonEC2Region -Account $AWS_account -RegionType Global -Name eu-central-1

# Get the correct VPC

$aws_vpc = Get-VBRAmazonEC2VPC -Region $aws_region -AWSObjectId vpc-0d6bacb426cf397a8

# Get the VPC subnet

$aws_subnet = Get-VBRAmazonEC2Subnet -VPC $aws_vpc -Name “172.16.1.0/24”

# Get the security group

$aws_securitygroup = Get-VBRAmazonEC2SecurityGroup -VPC $aws_vpc -Name default

# Set the instance type to be used

$aws_instancetype = Get-VBRAmazonEC2InstanceType -Region $aws_region -Name t2.micro

 

In this first part, we load all the required AWS parameters into different variables. Some of them are easy to populate, for others you can first run the command to see the output, and use it later. I’ve made this script without user input, since they idea is that the automation will always re-create the same exact environment without any option. It’s meant to be a silent script that just needs to be executed. You can obviously improve it by adding choices to be done during the execution.

Now, it’s time to grab the information from the source backup:

# Get VM latest restore point

$vm_restore = Get-VBRRestorePoint -Name $vm_name | Sort-Object –Property CreationTime –Descending | Select -First 1

# Set the disk parameters

$vm_disk = Get-VBRFilesInRestorePoint -RestorePoint $vm_restore | Where FileName -Like ‘*flat.vmdk*’

$vm_disk = $vm_disk.FileName

$aws_disk = New-VBRAmazonEC2DiskConfiguration -DiskName $vm_disk -Include -DiskType GeneralPurposeSSD

 

Here, we read the latest restore point, since we want to use the most updated version of the machine. From this data, we extract the name of the disk that has to be restored (we use the default file naming of VMware, be careful if you changed the disk name to another one, or if you have more complex configurations like machines with multiple disks), and we create the configuration of the target EBS, the persistent disk that will be created into AWS.

It’s finally time to run the restore. This is done with this single command, where all the previous variables are used:

 ## Restore the VMs to EC2

Start-VBRVMRestoreToAmazon -RestorePoint $vm_restore -Region $aws_region -LicenseType BYOL -InstanceType $aws_instancetype -VMName $ami_name -DiskConfiguration $aws_disk -VPC $aws_vpc -Subnet $aws_subnet -SecurityGroup $aws_securitygroup -Reason test

 

The nice thing about this command is that, unless you use the -Wait option, exits immediately after the restore process has started. This is very useful since we want to restore multiple machines, so we can immediately start another restore. but since this script is uable only for one machine, we need to change a bit the $vm_name variable to make it an array where users can list the machines they want to restore:

$vmlist = “lemp7”,“ubuntu1604”

To process the array and restore each VM, we change the above script to create a FOR cycle, and the final result is this script:

##

## Automated restore to EC2

##

$vbrserver = “vbr-iaas.cloudconnect.local”

$vbruser = “Administrator”

$vbrpwd = “password”

$vmlist = “lemp7”,“ubuntu1604”

asnp “VeeamPSSnapIn” -ErrorAction SilentlyContinue

Connect-VBRServer -Server $vbrserver -User $vbruser -Password $vbrpwd

# Load the aws account to operate against the VPC

$aws_account = Get-VBRAmazonAccount -AccessKey AKIAIMMUEGVLLWR3VOOA

# Get the correct aws region to work against (this is Frankfurt)

$aws_region = Get-VBRAmazonEC2Region -Account $AWS_account -RegionType Global -Name eu-central-1

# Get the correct VPC

$aws_vpc = Get-VBRAmazonEC2VPC -Region $aws_region -AWSObjectId vpc-0d6bacb426cf397a8

# Get the VPC subnet

$aws_subnet = Get-VBRAmazonEC2Subnet -VPC $aws_vpc -Name “172.16.1.0/24”

# Get the security group

$aws_securitygroup = Get-VBRAmazonEC2SecurityGroup -VPC $aws_vpc -Name default

# Set the instance type to be used

$aws_instancetype = Get-VBRAmazonEC2InstanceType -Region $aws_region -Name t2.micro

foreach ($vm in $vmlist) {

    #Set the new VM name in AWS

    $ami_name = $vm  +“-aws”

    # Get VM latest restore point

    $vm_restore = Get-VBRRestorePoint -Name $vm | Sort-Object –Property CreationTime –Descending | Select -First 1

    # Set the disk parameters

    $vm_disk = Get-VBRFilesInRestorePoint -RestorePoint $vm_restore | Where FileName -Like ‘*flat.vmdk*’

    $vm_disk = $vm_disk.FileName

    $aws_disk = New-VBRAmazonEC2DiskConfiguration -DiskName $vm_disk -Include -DiskType GeneralPurposeSSD

    ## Restore the VMs to EC2

    Start-VBRVMRestoreToAmazon -RestorePoint $vm_restore -Region $aws_region -LicenseType BYOL -InstanceType $aws_instancetype -VMName $ami_name -DiskConfiguration $aws_disk -VPC $aws_vpc -Subnet $aws_subnet -SecurityGroup $aws_securitygroup -Reason Restore

    }

Disconnect-VBRServer

 

The script has some simplified options: all machines have the same type, same subnet, same disk type and so on. But you can use it as a starting point to build more complicated plans.

When we start it, we have our two machines being restored at the same time:

And after a while, they are both up and running inside our VPC:

Tech