Register AWS Backup gateway in the customer-owned AWS account where backup resources are managed. When the gateway is registered, add the vCenter to AWS Backup and associate with the gateway. AWS recommends updating vCenter resolution to “Private DNS lookup” to keep the communication between vCenter and AWS Backup gateway private. This is optional; it is also possible to use this architecture with vCenter resolution to public domain name system (DNS). AWS Backup gateway communicates with vCenter over the compute gateway (CGW). AWS Backup gatewaycommunicates with AWS Backup public service endpoints over the internet through the Local Gateway and the on-premises customer router. The traffic from the AWS Backup gateway over the internet to the AWS Backup public service endpoints is encrypted using TLS. The AWS Backup public service endpoint communicates with the AWS Backup management and storage plane through AWS Backup service endpoints. AWS Backuppublic service, the management plane, and the storage plan is managed by AWS. Create and manage the backup plan and backup vault, assign virtual machines to the backup plan, view backups, and perform restores from the customerowned AWS account.
