Dell PowerProtect Cyber Recovery 19.15 AWS Deployment Guide

The following figure represents the architecture. The right side of the figure shows the AWS resources that define the Cyber Recovery vault architecture:

1. The production environment can be on premises or also deployed on AWS or another cloud provider. The workstation at the production site enables you to connect to the jump host, which is in a private subnet in the VPC. The jump host provides access to the Cyber Recovery management host, the DDVE management console, and CyberSense (if you choose to include it in your deployment). For additional security, the workstation has a limited IP range.
2. The CloudFormation template deploys all the components that the Cyber Recovery solution requires in the VPC on AWS. The template creates two private subnets: A private subnet that includes the jump host and a private subnet that includes the Cyber Recovery management host and DDVE. It also configures security groups, Access Control Lists (ACLs), inbound and outbound rules, and so on.
   NOTE:The CloudFormation template does not deploy CyberSense. If you deploy CyberSense, an additional security group is then configured for communication.
3. The network ACLs allow access between:
   • The production workstation and the jump host subnet
   • The private subnets that include the jump host, the Cyber Recovery management host, DDVE, and the other components that make up the Cyber Recovery vault
4. As a best practice, the deployment uses Amazon Simple Email Service (SES) for one-way email from the Cyber Recovery management host.
5. The security group and the networks ACLs for the private subnet that includes the Cyber Recovery management host contain rules that enable the Cyber Recovery software to send email messages using Amazon SES.
6. Communication to CyberSense goes through the associated instances security group.
7. The Cyber Recovery software automatically enables and disables the air gap, which uses AWS security features for additional security.

Sensitive Cyber Recovery data, such as passwords, is encrypted and stored in a lockbox. For more information about Cyber Recovery security, see the PowerProtect Cyber Recovery Security Configuration Guide at Dell Online Support. When deployed to AWS, the Cyber Recovery lockbox is in a secure Elastic Block Store (EBS) volume.

Backup data is stored in a Simple Storage Service (S3) bucket, and the backup metadata is stored on a DDVE EBS volume. For more information, see the PowerProtect DD Virtual Edition on Amazon Web Services Installation and Administration Guide at Dell Online Support.