Summary
Description:
1 Intended Purpose
The intended purpose of this document is to clarify, simplify and facilitate the process involved in upgrading or downgrading N2WS Backup and Recovery (CPM) to a different edition and/or version. It will provide a checklist of necessary permissions and access to the AWS infrastructure to be concluded before the upgrade or downgrade process can begin.
2 Time Needed
The entire installation and upgrade process generally takes 60 minutes. Additional time may be needed for extensive configuration following the installation process. During the upgrade/downgrade, you will incur downtime in the backup process.
3 Release Notes & User Guide Documentation
Up-to-date release notes for V4.x.x and the most recent service release can be found at: Release notes for N2W v4.5.1 [February 2026]
Up-to-date product documentation (User Guide) can be found at:
https://n2ws.com/support/documentation (HTML)
4 Checklist for Upgrades and Downgrades
This is a checklist to prepare for the upgrade/downgrade:
- Absolutely no backups can be scheduled to run during the upgrade – the upgrade window is 1 hour
-
The person performing the upgrade will need to have sufficient AWS account administrative permissions to
- Spin up instances and take out subscriptions from the AWS Marketplace
- Create and modify AWS Policies and AWS IAM roles/users
- The person performing the upgrade will need to have access to the N2WS root admin account, username and password
- If you are utilizing Linux backup scripts in order to perform application consistent backup on Linux based instances, you will have to backup those scripts separately prior to the upgrade. The Linux backup scripts can be found on the N2WS instance root volume in folder /cpmdata/scripts
- If you are not utilizing the N2WS self-signed SSL certificate, you will need to have your wildcard .crt and .key files available during the upgrade.
- If you are utilizing the IdP functionality, you will need to have the IdP’s X509 certificate available during the upgrade
- If you are utilizing a web proxy, you will need to have the web proxy configuration available during the upgrade
- If you are utilizing a custom URL to access the N2WS web portal, you will need to have access to the DNS record process. This will allow for an in-place upgrade which doesn’t require a termination of the N2WS instance prior to upgrade.
- If you are performing AWS cross account backups, the person performing the upgrade will need to have sufficient AWS account administrative permissions to upgrade the AWS policies and AWS roles/IAM users in the target account (See 6.1)
- If you utilizing the N2WS thin backup agent for application consistent backups on Windows based virtual machines, please review chapter 5 of this guide
- If the planned upgrade is a white glove install with the help of a N2WS Engineer, please provide which version of N2WS you are currently on and if you are using the S3 archive feature
5 Application Consistent Backups & Thin Backup Agents
Application Consistent Backups on Windows based virtual machines generally utilize the N2WS Thin Backup Agent. If you’re upgrading from a version prior to 3.1, you will need to upgrade the Thin Backup Agent on all of the required servers, due to a major update in the agent software and capabilities.
6 AWS Permissions needed for installation
The person or team tasked with the deployment of N2WS Backup and Recovery needs to have administrative permissions.
- Being able to create instances from the AWS Marketplace
- Being able to take out subscriptions from the AWS Marketplace
- Create roles in IAM
- Create, modify and assign policies in IAM
6.1 Particular AWS permissions needed for N2W to function correctly
With an upgrade of N2WS Backup and Recovery we introduce new features into the product, therefore you will need to also modify the permissions assigned to the IAM role which is used with N2WS Backup and Recovery. Minimum IAM policy file needed for N2WS configuration can be obtained at:
[4.5.0] Required Minimum AWS permissions for N2W operations
The file contains multiple JSON files, please utilize the version appropriate for your edition of N2WS Backup and Recovery.
These JSON files can be customized for specific requirements. The default gives N2WS access to all its backup, recovery and management capabilities.
7 SAP HANA Backup and Recovery
SAP HANA Database is an in-memory relational database that can run on an AWS EC2 instance.
N2WS creates and stores both an EC2 instance and SAP HANA database snapshots as part of a policy backup. SAP HANA snapshots are stored to an S3 repository.
Currently, recovery of SAP HANA internal databases is not supported across AWS accounts. It is possible to run cross-account backup and perform cross-account recovery to EC2 instances only. • SAP HANA backup to cross-account repositories is not yet supported. Only repositories from the same account as the SAP HANA instance are allowed.
7.1 Pre-requisites necessary for SAP HANA Backup and Recovery
SAP HANA policies require the installation of AWS Backint and SSM agents on the EC2 instance before it is added to an N2WS policy. AWS Backint agent configuration and SAP HANA backup commands are sent to EC2 instances.
To install a Backint agent, see https://docs.aws.amazon.com/sap/latest/sap-hana/aws-backint-agent-installing-configuring.html
Change the installation parameter modify_global_ini to modify: modify_global_ini=modify Note: If modify_global_ini has the default value, the backup will fail.
To verify the connection between the S3 bucket and SAP HANA EC2, see https://docs.aws.amazon.com/sap/latest/sap-hana/aws-backint-agent-prerequisites.html#aws-backint-agent-iam
SSM Agent Installation Note: N2WS to SAP HANA EC2 instance communication is completed via an SSM agent. Therefore, assign an SSM IAM role with proper permissions to both N2WS and the EC2 instance running SAP HANA. See section 6.2.2 of the N2WS Backup and Recovery User Guide.
To install and run an SSM agent, see https://docs.aws.amazon.com/systems-manager/latest/userguide/agent-install-sles.html
To check the status of the SSM Agent, see https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent-status-and-restart.html.
8 Immutable Backups/S3 Object Lock
S3 Repositories offer an option to protect the data stored in the bucket against deletion or alteration using S3 Object Locks. Usage of Immutable Backup protection will slightly increase total cost, because there is an additional cost associated with putting and removing the locks and with the handling of object versions.
8.1 Pre-requisites necessary for Immutable Backups/S3 Object Lock
Note: It is not possible to enable Immutable Backup for existing repositories.
The bucket must be created within AWS S3
- Bucket versioning must be enabled before using Object Lock. This is the opposite for non-immutable repositories where versions must be disabled
- Buckets containing the repository must be created with the Object Lock option enabled
- Buckets with repositories must always be encrypted, regardless of immutability
9 Compliance
N2WS Backup and Recovery is an IaaS (infrastructure as a service) solution. N2WS resides in your account and interacts with your data and the AWS infrastructure using AWS API calls.
- The data never flows through N2WS, which means we inherit the compliance ratings of the AWS cloud
- N2WS belongs to you and you are not sharing a service with other customers
- N2WS is completely under your control and you’re not entrusting your AWS account credentials to a service hosted someplace else
N2WS inherits the compliance of the AWS cloud:
ISO: https://aws.amazon.com/compliance/iso-27001-faqs/ SOC: https://aws.amazon.com/compliance/soc-faqs/
HIPAA: https://aws.amazon.com/compliance/hipaa-compliance/ FedRAMP: https://aws.amazon.com/compliance/fedramp/
Other Compliance Programs: https://aws.amazon.com/compliance/programs/
The following KB article discusses hardening of the CPM instance for the purpose of vulnerability scans:
N2W instance hardening for vulnerability scans
The underlying OS of the N2WS virtual appliance is Ubuntu 18.04 and a Security Technical Implementation Guide (STIG) can be found here:
https://www.stigviewer.com/stig/canonical_ubuntu_18.04_lts/
Confirmation Steps
10 Support
N2WS Backup and Recovery comes with full software support. You may log tickets with our 24/7 support, free of charge, at:
https://n2ws.zendesk.com/hc/en-us/requests/new
or
email to support@n2ws.com
The full documentation can be found at: https://n2ws.com/support/documentation
We also encourage you to reach out to your sales representative for workshops, escalations and questions.
11 Video Tutorials
0. (Optional) Upgrade of existing N2WS 2.x.x to 3.x.x https://youtu.be/mWiJpJkeGS8
1. Installation of N2WS V3.0.0 (and configuration of appliance backup – cpmdata) https://youtu.be/ohK5mvl8KPw
2. Configuration of a backup and performing a recovery of the resource https://youtu.be/fp-jNjUHo64
3. Configuration of S3 archiving https://youtu.be/qvKpLEOlAHk
4. Configuration of Recovery Scenario https://youtu.be/UU MJSDMwU
5. Configuration of Resource Control https://youtu.be/k_DbaZlFt0Q
6. Configuration of Notifications https://youtu.be/pbBD0cdyQt0
7. Configuration of Reports and scheduled Reports https://youtu.be/47ptw7MRouo
8. Configuration of scheduled Recovery Scenario https://youtu.be/5a1DvXgqhgE
9. Configuration of automated backups using custom tags https://youtu.be/aoZMi_d8N0A
10. Configuration of Zero EBS Snapshots https://youtu.be/JFUCn85rgUs
11. Configuration of S3Sync (S3 Bucket Backup) https://youtu.be/hj8wInBN9og
12. How to Monitor EBS Volume Usage (and get automatic alerts) https://youtu.be/O2xV4YMBLqE
13. How to Create a Secure DR Account in AWS https://youtu.be/jDmna4uQ8gg
14. How to perform backup and recovery from Amazon FSx https://youtu.be/l4oWpX2sQw8
15. The Easiest File-Level Recovery for your AWS Environment https://youtu.be/TicPyfKHgbk
16. How to Configure Immutable Backups with Amazon S3 Object Lock using N2WS https://youtu.be/Py_xTVKr7Is
17. How to configure and manage multiple users with N2WS Backup & Recovery https://youtu.be/TnEE3rsINIA
18. How to set strong password rules with N2WS Backup & Recovery https://youtu.be/eeOL9DyrN6E
19. Learn how N2WS Backup & Recovery can protect itself from any AWS outages or failures
https://youtu.be/_nIwJePcrr8
Comments
0 comments
Please sign in to leave a comment.