- Notes, cautions, and warnings
- Preface
- Getting Started
- Preparing for a Deployment
- Deployment
- Configuration
- Glossary
PowerProtect Data Manager is deployed with a private IP address. For access from an external site, configure a VPN gateway.
The following diagram represents the basic architecture of PowerProtect Data Manager on AWS. The diagram shows a single region, single virtual private cloud (VPC), and single availability zone (AZ).
Sensitive PowerProtect Data Manager data, such as passwords, is encrypted and stored in a lockbox. For more information about PowerProtect Data Manager security, see the PowerProtect Data Manager Security Configuration Guide at Customer Support. When deployed to AWS, the PowerProtect Data Manager lockbox is located in a secure Elastic Block Store (EBS) volume.
Backup data is stored in a Simple Storage Services (S3) bucket, and the backup metadata is stored on a DDVE EBS volume. For more information, see the PowerProtect DD Virtual Edition in Amazon Web Services Installation and Administration Guide at Customer Support.
To minimize data-transfer costs, application hosts and DDVE can be located in the same AZ.
If application hosts are distributed across more than one AZ, you can minimize data-transfer costs by deploying a separate instance of DDVE in each AZ.
If application hosts are distributed across more than one availability zone, but a DDVE instance exists in only one of the AZs, additional data-transfer costs will be incurred.
If a different DDVE instance is in each AZ or region, ensure that PowerProtect Data Manager policies are configured to protect all the hosts in the same AZ or region as each DDVE instance.