Matt That IT Guy

Racking And Stacking In A Cloud-Based World


Protecting Your AWS Workloads with N2WS

N2WS - Shared Responsibility ModelAt VeeamON 2017, Veeam announced support for AWS workloads via a partnership with N2W Software (founded in 2012). Earlier this year, in January 2018 specifically, Veeam announced that it had acquired N2W Software. What better way to ensure a fantastic experience with a partner than to buy them?

While at VeeamON this year, the first session I attended was “Backup and disaster recovery for AWS”. With more and more workloads moving to the cloud, having a risk management/data availability strategy is vital. Whether it be application specific (e.g. compute), or storage (e.g. EBS), the data needs to be protected. So, how is this accomplished?


So why do you need to protect your AWS instances? Well the usual problems that we’ve seen from on-premises installs, transfers to the cloud nicely. Think of things like rogue admins, or just general user error. What about availability zone outages or ransomware. Long story short, there are a lot of similar problems, but mitigating those problems in the cloud is a different beast. You can’t just point traditional backup tools to your AWS account, which is why new tools are needed.

Cloud has changed how a lot of organizations use their infrastructure. It is important to recognize this is a different beast – legacy tools may not cut it. Could you imagine if your cloud backup strategy involved copying the data locally, for example? Think about how quickly egress traffic costs would add up.


N2WS - The Promise of the Cloud - DeliveredNow that we have an understanding of the problem, how does N2WS face these challenges? What I liked about this solution was that there is not just a single facet used to protect your data. Snapshots are the underlying technology used. Yes, we have had it beat into our head many times that snapshots aren’t backups. But in the case of cloud, this gets a little …. cloudier(?).

The way N2WS works is fairly simple: you take a snapshot of the data that you want to protect, and you write it elsewhere within AWS. This takes that snapshot out of production. If you are backing up your EBS, then you’ll have block-level backups in an incremental forever configuration. When performing a recovery, these snapshots are just copied back to production to roll things back to the restore point. So, a bit of a different concept compared to SAN or virtual machine snapshots, where the snapshot data may never leave the array’s hardware.

EBS isn’t the only AWS offering that can be protected. EC2 instances can be backed up as well, similar to on-premises VMs. In the case of Windows machines, VSS is leveraged to grab an application-consistent backup. The machine is quiesced, the data is read, and the backup is written. If the machine is running Linux, then some in-guest scripts are used to get the same result. Of note is that N2WS uses the term “backup target” to indicate what is being backed up, as opposed to where the backup is being written to.


There were a few things that stood out to me as quite interesting though. First off, you can currently restore to one of 18 AWS datacenters. That is a good amount of variety. Think about situations where you have a world-wide operation and things go down. If you can restore to a region that matches where your organization is currently active, then you might see better performance. The other nifty target that I like is you can restore to a separate AWS account. This could be something like a dedicated DR AWS account – something that only a limited number of folks have access to. AWS credentials can leak over time … if you have a malicious user who deletes the contents of your account, restoring back to it won’t do you any good. Having the ability to restore to a completely different account is a nice touch.

At a high level, N2W Software has kept their own branding. In my mind, this makes sense. The product is still very much standalone – it doesn’t integrate with Veeam Backup and Replication. Rather than re-invent the wheel to get into the cloud game, acquiring N2WS proved to be a quick way to fill that gap.

DISCLAIMER: As a speaker, I was invited to attend VeeamON. Veeam covered costs associated with airfare, accommodations, and some meals. I was not required, nor requested to write any of the above. All thoughts and observations are of my own accord.

One thought on “Protecting Your AWS Workloads with N2WS

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.