AWS recently announced the general availability for AWS PrivateLink for Amazon S3. AWS PrivateLink provides private network connectivity between Amazon Simple Storage Service (S3) and on-premises resources which use private IP addressing from your virtual network. This eliminates the need to deploy proxy servers which typically constrain performance, add single points of failure, and increase operational complexity. With AWS PrivateLink you can now access S3 directly as a private endpoint using your secure, virtual network which leverages a new interface endpoint within your Virtual Private Cloud (VPC). This new feature extends functionality for existing gateway endpoints by enabling users to access S3 using private IP addresses. NetBackup API and secure HTTP requests to S3 can now be automatically directed through interface endpoints that connect to S3 securely and privately via PrivateLink.
Interface endpoints simplify the NetBackup network architecture when connecting to S3 by eliminating the need to deploy an internet gateway or configure firewall rules. Additional visibility with your network traffic can now be realized with the ability to capture and monitor flow logs within your VPC. Finally, you can take additional security measures with your interface endpoints by creating security groups and enabling access control policies.
Securing NetBackup Data Between the Data Center and AWS S3
The AWS Shared Responsibility Model defines the distribution of security responsibilities between AWS and its customers. One of the biggest concerns that influence cloud adoption is security. In the context of data protection to the cloud the transport remains an area of concern for many organizations that are subject to data regulatory and/or compliance requirements. NetBackup users can now safely transfer data to and from the AWS cloud without the risk of exposing sensitive data to visibility, tampering or theft. Veritas has thoroughly tested NetBackup with AWS PrivateLink to send backup data as well as recover to and from AWS S3. We are also proud to announce that NetBackup provides day-zero support for AWS PrivateLink.
The high-level diagram illustrated below shows the test environment Veritas setup to validate NetBackup support for AWS PrivateLink S3. Veritas selected an AWS VPN approach for solution validation testing and the steps outlined below were completed through the AWS console:
The test plan focused on two primary objectives which were validating basic connectivity and functional testing.
For additional details and more information please refer to the links below:
https://www.veritas.com/protection/netbackup
https://aws.amazon.com/blogs/aws/aws-privatelink-for-amazon-s3-now-available/