Cohesity Data Protection Solution for VMware Cloud on AWS
search cancel

Cohesity Data Protection Solution for VMware Cloud on AWS


Article ID: 324666


Updated On:




This article provides information about Cohesity Virtual Edition (v6.3+) Data Protection Solution for VMware Cloud on AWS.

Disclaimer: The partner solution referenced in this article is a solution that is developed and supported by a partner. Use of this product is also governed by the end user license agreement of the partner. You must obtain from the partner the application, support, and licensing for using this product. For more information, see


Use cases

Cohesity provides a policy driven approach for data protection of VMs in VMware Cloud on AWS.
The use cases covered in this document are below:
  • Data Protection in VMC
  • Extended Retention
  • VM level Recovery
  • Granular File & Folder Recovery

Solution Architecture

Cohesity Hyper Converged Secondary Storage platform provides end-to-end data protection for applicationdriven modern infrastructure that spans from core to the cloud and edge. Customers benefits from the same userfriendly interface for managing backup of VMware environment on-premises and in VMware Cloud on AWS.
This document focuses on Cohesity Solution for protection of workloads in VMware Cloud on AWS (VMC) Platform.

Cohesity Virtual Edition (VE) is a VMware Virtual Appliance-based deployment of Cohesity Platform. It is deployed in customer’s software defined data center hosted in VMC. To protect the VMs, the VMC SDDC vCenter is added as a Source to the Cohesity platform. Cohesity, then detects that the source is a vCenter in VMC and discovers all VMs. These VMs can then be protected with policies which ensures end-to-end data management life cycle.

Solution Components

Cohesity Virtual Edition simplifies data protection in VMC through the deployment of Cohesity Virtual Appliance. An easy to manage UI and policy-based management allows customers to achieve strict business SLAs. More information on the Appliance specifications can be found at

Cohesity VE leverages the vSphere Storage APIs – Data Protection (VADP) and the Virtual Disk Development Kit (VDDK) to integrate with vSphere & vSAN in VMC to provide extremely efficient virtual machine image level data protection with best in class global deduplication, data resiliency with strict consistency and softwarebased encryption using the AES-256 standard, with optional FIPS certification for data encryption in-flight and at rest.

Operational Overview

The following concepts and activities are part of knowledge transfer for enterprise customers deploying Cohesity in their VMC SDDCs
Initial Setup and Configuration
  1. Cohesity VE Deployment: Deploy and configure Cohesity Virtual Edition OVA in VMC SDDC. Steps to download, install and setup Cohesity Virtual Edition can be found in Cohesity Virtual Edition Setup Guide available at
  2. Register vCenter as Data Source: Add SDDC vCenter as a data source in Cohesity VE to discover the VMs running on VMC.

Fig: VMC SDDC vCenter as a Data Source
  1. Register S3 bucket for Extended Retention:
Create an S3 bucket in your AWS account and register it as an External Target on Cohesity Virtual Edition.

Fig: S3 Bucket registered as External Target on Cohesity Virtual Edition
  1. Create Protection Policies and Protection Jobs
A Protection Policy defines periodicity and retention of backup, and their archival and replication. A Projection Job defines which objects are backed up. A Protection Policy can be used for many Protection Jobs.

Fig: Protection Policy
For example, screenshot above shows a Protection Policy called “Gold” which does the following:
  • Take a Snapshot every 4 hour and retain it for 1 day on Cohesity Virtual Edition
  • Retry capturing Snapshots 2 times 10 minutes apart before reporting an error
  • Send a copy of Snapshot to AWS S3 bucket and retain it for 30 days. For VMware Cloud on AWS, it is recommended to create Protection policies to store backups on Cohesity VE for short term and leverage AWS S3 for extended retention.

Fig: Protection Job
A Protection Job specifies Source, Objects to be backed up from that source and a Policy to be used for the backups. The screenshot above shows a new Protection Job being created to backup a few VMs from vCenter in SDDC and using a Policy called “Gold”.

Auto-Protect Feature

While creating Protection Job, you can optionally choose Automatic protection at any hierarchical level e.g. a folder level. Every time a new VM is added to the folder, the VM is automatically protected with the previously defined policy and job. This enables the administrator to be hands off for VM data protection while still ensuring that data protection SLAs are met.

Fig: Cohesity Auto-Protect Feature

Screenshots above shows Auto-Protect feature during Protection Job creation.

Fig: Protection Jobs on Cohesity Virtual Edition
  1. VM level Recovery
Cohesity provides the ability to recover Protected Objects (such as VMs) from a Snapshot created earlier by a Protection Job. You can choose a snapshot on Cohesity VE or on AWS S3 external target for recovery. You can recover VMs to same Logical network in VMC or a different logical network.
Recover task extracts the VM files (such as the VMDK files) stored in Snapshots and creates new instances of the VMs in their original locations or in a new location depending on the options you choose during recovery:
  •  Recover to Original Location—Recover the VM(s) to their original Resource Pool, datastores, VM folder and logical network in VMC 
  • Recover to New Location—Recover the VM(s) to an alternate resource pool, datastore, VM folder or logical network in VMC.

Fig: Search function for VM Recovery

Cohesity provides intuitive user interface for recovery workflows. Screenshot above shows how users can initiate recovery by searching for the objects to recover. Object names or Protection Job name can be used for search filter.

Fig: VM Level Recovery

Fig: Successful VM Recovery
  1. File and Folder Recovery
Cohesity provides the ability to recover files and folders from a Snapshot created earlier by a Protection Job. Files and folders can be recovered to the original VM or a different VM. You can choose to retain the recovered files' and folders' original (at the time of the backup) permissions and attributes. You can also download files and folders from selected Snapshots. However, only items that were indexed when the Snapshot was created can be downloaded.
Recover task extracts the files stored in Snapshots and creates new instances of them in the original VM or a different VM depending on the options you choose during recovery. You can also choose to download files and folders.

Fig: Granular Search for File & Folder level Recovery

Recover Files or Folders—Recover files or folders to the original location or to a new location. Download a File or Folder—Download files or folders from an existing Snapshot.

Data Protection Flow

Cohesity performs steps below during the VM backup workflow:
  1. Cohesity software takes a snapshot of the VM
  2. The VMDKs associated with the snapshot are opened using VDDK library via HotAdd transport mode.
  3. CBT is leveraged to perform incremental backups.
  4. Once all the data is copied, VM snapshot is released.
  5. VM backup on Cohesity is readily available for recovery from the fully hydrated Cohesity snapshots.

Recovery Flow

Cohesity performs steps below during the Recovery workflow:
  1. Cohesity software clones the VM files (such as the VMDK files) stored in Snapshots to a temporary Cohesity View. A View is a Cohesity representation of a datastore.
  2. Cohesity software creates the target VM(s) with blank disks on the VMC SDDC vCenter based on VM configuration associated with the selected snapshot.
  3. Data is copied from VMDK files from the cloned view to the VMDKs attached with the recovered target VM.
  4. Recovered VM is powered ON or left powered off based on user selection.

Support Information

Troubleshooting (logs, procedures and techniques):
  • Cohesity cluster provides a secure remote tunnel for Cohesity Support personnel to access the cluster and examine and monitor the health of the cluster and troubleshoot to help customers resolve issues.
  • Cohesity uses Time capsule to aggregate and capture logs in an offline bundle for clusters which are not accessible via the remote tunnel.
Indicate whether the solution supports vMotion, HA, and FT: 
  • Cohesity leverages and protects VMs and application workloads using vSphere features including vMotion, HA, and SMP-FT.
Link to product documentation, and specific reference points in those documents (example, Page Numbers of content referenced)
  • Product documentation is available for Cohesity customers on the Cohesity support portal.
Link to downloads site
  • Product upgrade binaries and patches are available to download from our Cohesity support portal.

Support Process

Cohesity support currently offers 3 different support channels for engaging with our customers

Web Portal

Login credentials are required to access our secure Support Web portal:
From the Cohesity Support Portal you can:
  • Manage your profile
  • Submit new cases
  • Manage existing cases
  • Browse our knowledge base
  • Explore our Product Documentation
  • Participate in our community with other customers and power users


  • Americas  - United States & Canada: +1-855-9COHESITY, option 2
  • EMEA - United Kingdom: +44 (0)113 8681096, option 2
  • APAC
    • India: +91 80 67347095
    • Japan: +81 6 4560 2923 
Email - [email protected]