dell emc cloud disaster recovery · 2020-03-04 · cloud dr with aws protection, recovery, and...

Dell EMC Cloud Disaster RecoveryVersion 18.4

Installation and Administration GuideP/N 302-005-425

REV 01

Copyright © 2019 Dell Inc. All rights reserved.

Published January 2019

Dell believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.

THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS-IS.“ DELL MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND

WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF

MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. USE, COPYING, AND DISTRIBUTION OF ANY DELL SOFTWARE DESCRIBED

IN THIS PUBLICATION REQUIRES AN APPLICABLE SOFTWARE LICENSE.

Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be the property of their respective owners.

Published in the USA.

Dell EMCHopkinton, Massachusetts 01748-91031-508-435-1000 In North America 1-866-464-7381www.DellEMC.com

2 Cloud Disaster Recovery 18.4 Installation and Administration Guide

9

11

Preface 13

Cloud DR solution overview 17

Cloud DR solution overview 19Overview.................................................................................................... 20Operational modes...................................................................................... 21Architectures for Standard Mode operation............................................... 22

Avamar/Data Domain to AWS cloud.............................................. 23RecoverPoint for VMs to AWS cloud.............................................25Avamar/Data Domain to Azure cloud.............................................26

Architectures for Advanced Mode operation.............................................. 27Cloud DR solution with VMware Cloud on AWS..........................................29

Cloud DR with AWS 31

Cloud DR with AWS requirements and deployment 33Requirements for Cloud DR with Amazon Web Services............................ 34

Requirements checklist..................................................................34Prerequisites for Advanced Mode..................................................36Accept Amazon Web Services Marketplace terms.........................37Virtual machine specifications for Cloud DR with AWS.................. 37AWS regions for CDRS deployment...............................................38Supported operating systems for Cloud DR and AWS................... 38Supported browsers and resolutions..............................................38Limitations - Cloud DR with AWS.................................................. 39Requirements and limitations for VMware Cloud on AWS..............39Prerequisites to enable failover to VMC........................................ 40Connect CDRA to CDRS using private IP address - AWS.............. 42

Credentials for Cloud DR deployment.........................................................42Deployment guidelines................................................................................43Deploy the CDRA OVA................................................................................44Log into the CDRA......................................................................................45Configuring the CDRA and deploying the CDRS......................................... 46

Set up the CDRA........................................................................... 46Add AWS cloud account................................................................ 47Add AWS cloud targets..................................................................48Deploy the Cloud DR Server in AWS..............................................49Add VPN gateway - Advanced Mode..............................................51Connect to vCenter servers...........................................................52Define a recovery staging area...................................................... 52Configure Avamar backup server and Data Domain system........... 54

Figures

Tables

Part 1

Chapter 1

Part 2

Chapter 2

CONTENTS

Cloud Disaster Recovery 18.4 Installation and Administration Guide 3

Configure cloud backup - Advanced Mode.................................... 56Add additional on-premises sources............................................................57Uninstall Cloud DR components................................................................. 58

Cloud DR with AWS protection, recovery, and failback 61Overview.................................................................................................... 62

Protection..................................................................................... 62Test............................................................................................... 62Failover..........................................................................................64Failback......................................................................................... 65DR plans........................................................................................ 66

Create rapid recovery copies for protected assets..................................... 67Associate VMs with applications - Advanced Mode operation.................... 68Test or fail over a single asset to AWS cloud.............................................. 69User actions to restore applications - Advanced Mode................................71Failover to vCenter or VMware Cloud on AWS........................................... 72Failback workflow....................................................................................... 74Failback from the cloud.............................................................................. 74Promote a DR test to failover..................................................................... 76End a DR test..............................................................................................77End a failover.............................................................................................. 77Monitor recovery activities......................................................................... 78

DR activity statuses.......................................................................79DR activity states for AWS environments......................................79View recovery details ....................................................................80

DR plan activities........................................................................................80Create a DR plan......................................................................................... 81Edit a DR plan.............................................................................................82Test or fail over a DR plan to AWS cloud.................................................... 84Split a DR plan activity............................................................................... 85Delete a DR plan.........................................................................................86

Cloud DR with Azure 87

Cloud DR for Azure requirements and deployment 89Requirements for Cloud DR with Azure cloud environments.......................90

Requirements checklist for Microsoft Azure..................................90Azure prerequisite setup................................................................ 91Virtual machine specifications for Cloud DR with Microsoft Azure....91Azure regions for CDRS deployment............................................. 92Supported operating systems for Cloud DR and Azure.................. 92Supported browsers and resolutions..............................................92Support for Azure Hybrid Benefit.................................................. 93Limitations for Cloud DR with Azure..............................................93Connect to CDRS via private IP address - Azure........................... 93

Credentials for Cloud DR deployment.........................................................94Deploy the CDRA OVA................................................................................94Log in to CDRA...........................................................................................95Configuring the CDRA and deploying the CDRS.........................................96

Set up the CDRA........................................................................... 96Add Azure cloud account...............................................................96Add Azure cloud targets................................................................ 97Deploy the Cloud DR Server in Azure.............................................97

Chapter 3

Part 3

Chapter 4

CONTENTS


Connect to vCenter servers.......................................................... 99Define a recovery staging area...................................................... 99Configure Avamar backup server and Data Domain system.......... 101

Add additional CDRAs............................................................................... 103Uninstall Cloud DR components................................................................ 104

Cloud DR with Azure protection, recovery, and failback 105Overview...................................................................................................106

Protection.................................................................................... 106Test..............................................................................................106Failover........................................................................................ 108Failback........................................................................................109

DR plans.................................................................................................... 110Create rapid recovery copies for protected VMs........................................ 111Test or fail over single asset to Azure cloud............................................... 112Recover to vCenter................................................................................... 113Failback workflow...................................................................................... 115Perform a failback..................................................................................... 116Promote a DR test to failover.................................................................... 118End a DR test.............................................................................................118End a failover.............................................................................................119Monitor recovery activities........................................................................ 119

DR activity statuses...................................................................... 121DR activity states for Azure environments....................................121View recovery details .................................................................. 122

DR plan activities...................................................................................... 122Create a DR plan....................................................................................... 123Edit a DR plan........................................................................................... 124Test or fail over a DR plan to Azure cloud................................................. 126Split a DR plan activity.............................................................................. 127Delete a DR plan........................................................................................128

Cloud DR system and user management 129

Cloud DR Add-on System and User Management 131Cloud DR Add-on System..........................................................................132

Collect logs.................................................................................. 132CDRA User Management.......................................................................... 133

Change the password for the CDRA admin account..................... 133Change the CDRA password expiration period............................. 133

Cloud DR Server Interface 135The CDRS user interface.......................................................................... 136

Log into the CDRS interface........................................................ 136The CDRS Dashboard............................................................................... 136

Navigation pane............................................................................137Events pane..................................................................................137SLA Compliance pane...................................................................138System Health pane..................................................................... 138Recovery Activities pane.............................................................. 139Cloud Usage pane........................................................................ 139Recommendations pane............................................................... 139On-premises assets and storage information pane....................... 140

Chapter 5

Part 4

Chapter 6

Chapter 7

CONTENTS


SLA Compliance page............................................................................... 140Asset Association page............................................................................. 140Asset Recovery page................................................................................. 141

Recover assets to a vCenter in Standard Mode............................ 141Asset recovery in Advanced Mode............................................... 142

DR Activities page..................................................................................... 143DR activity states......................................................................... 144

Reports..................................................................................................... 144System Health.......................................................................................... 145Events.......................................................................................................146Registered components............................................................................ 146Cloud DR Server user accounts.................................................................146

Change the email address of a CDRS user account ..................... 147Change the CDRS user account password................................... 148Change the CDRS password expiration period............................. 149

Create a tag.............................................................................................. 149Set rapid recovery interval........................................................................ 150Export events to Syslog.............................................................................151

Upgrading the CDRS and CDRAs 153Upload upgrade packages to the CDRS and CDRA....................................154Upgrade the Cloud DR Server................................................................... 154Upgrade the Cloud DR Add-on..................................................................155

Security and Networking 157Cloud Disaster Recovery security ........................................ 158User permissions.......................................................................................158Network communications.................................................... 159Firewall.............................................................................. 160

Cloud DR REST API 161REST API overview..............................................................162Using Swagger....................................................................162Change the admin password with Swagger............................................... 162Obtain an access token with Swagger.......................................................163Use the API programmatically.............................................. 163Change the admin password programmatically......................................... 163Obtain an access token programmatically................................................. 164

Performance and scalability 165Cloud DR performance with AWS......................................... 166Cloud DR scalability with AWS............................................. 166Cloud DR performance with Azure........................................ 166Cloud DR scalability with Azure............................................ 167

Troubleshooting 169Collect logs.........................................................................170Permissions to cloud storage for Cloud DR logs.........................................171Enable downloads of Cloud DR logs from AWS.......................................... 171Enable downloads of Cloud DR logs from Azure.........................................171

Chapter 8

Appendix A

Appendix B

Appendix C

Appendix D

CONTENTS


Troubleshooting AWS environments..................................... 172Troubleshooting Azure environments.................................... 174

177Glossary

CONTENTS


CONTENTS


Cloud DR operating modes..........................................................................................21Component view for Cloud DR and AWS.................................................................... 23Network view for Cloud DR and AWS.........................................................................24VMware Cloud on AWS architecture.......................................................................... 24RecoverPoint for VMs to the AWS cloud....................................................................25Architecture for recovery to VMware Cloud on AWS................................................. 26Component architecture for Cloud DR and Azure....................................................... 27Network architecture for Cloud DR and Azure............................................................27Component architecture for Cloud DR and AWS........................................................ 28Example of network architecture for Cloud DR and AWS........................................... 29DR test workflow........................................................................................................63Failover workflow....................................................................................................... 64Failback workflow.......................................................................................................65DR test workflow...................................................................................................... 107Failover workflow...................................................................................................... 108Failback workflow..................................................................................................... 109Recommendations pane............................................................................................ 139Failover to vCenter....................................................................................................142

123456789101112131415161718

FIGURES


FIGURES


Revision history...........................................................................................................14Cloud DR operating modes..........................................................................................21Cloud DR components................................................................................................ 22Architectures for Standard Mode operation............................................................... 22Prerequisite checklist................................................................................................. 34Cloud DR AWS components specifications................................................................. 37Cloud DR Add-on VM specifications........................................................................... 38Cloud DR component credentials................................................................................42Deployment guidelines................................................................................................44Cleaning up cloud-based resources............................................................................ 58Test workflow states and related user actions............................................................63Failover workflow states and related user actions...................................................... 64Failback workflow states and related user actions......................................................65DR activity statuses....................................................................................................79Ongoing activity states for AWS environments.......................................................... 79Prerequisite checklist................................................................................................. 90Cloud DR Add-on VM specifications........................................................................... 92Cloud DR Azure components specifications................................................................92Cloud DR component usernames and passwords........................................................94Test workflow states and related user actions.......................................................... 107Failover workflow states and related user actions..................................................... 108Failback workflow states and related user actions.................................................... 109DR activity statuses................................................................................................... 121Ongoing activity states for Azure environments........................................................ 121Required Cloud Disaster Recovery ports................................................................... 160AWS default limits..................................................................................................... 172

1234567891011121314151617181920212223242526

TABLES


TABLES


Preface

As part of an effort to improve its product lines, we periodically release revisions of itssoftware and hardware. Therefore, some functions described in this document mightnot be supported by all versions of the software or hardware currently in use. Theproduct release notes provide the most up-to-date information on product features.

Contact your technical support professional if a product does not function properly ordoes not function as described in this document.

Note

This document was accurate at publication time. Go to Online Support (https://www.dell.com/support/) to find the latest version of this document.

PurposeThis document describes how to install, deploy, and use the Cloud Disaster Recovery(Cloud DR) solution.

AudienceThis document is intended for backup administrators and operators, and cloudadministrators who are involved in the backup and recovery of VMs to the cloud andare planning to deploy and use the Cloud DR solution. Experience in networkadministration is required for building the network infrastructure to support the CloudDR solution. Training and certification for cloud provider services, for example,Microsoft Azure or Amazon Web Services (AWS), is recommended.

How to use this guideTo familiarize yourself with the Cloud DR solution and how it integrates with otherdata production solutions, see Part 1, Cloud DR solution overview on page 17.

For requirements, deployment, protection, recovery, and failback information andinstructions, if your cloud provider is:

l AWS, see Part 2, Cloud DR with AWS on page 31.

l Azure, see Part 3, Cloud DR with Azure on page 87.

To understand system and user management, including log access and upgradeguidelines, of the Cloud DR Add-on and the Cloud DR Server, see Part 4, Cloud DRAdd-on System and User Management on page 131.

For supplemental information that may provide assistance to Cloud DR administrators,see these appendices:

l Security and Networking on page 157

l Cloud DR REST API on page 161

l Performance and scalability on page 165

l Troubleshooting on page 169

The Glossary contains definitions of terms that may be useful to readers who areunfamiliar with the products and solutions described in this guide.

Revision historyThe following table presents the revision history of this document.

Preface 13

https://www.dell.com/support/


Table 1 Revision history

Revision Date Description

01 January 2019 Cloud DR Release 18.4.

Related contentThe following publications provide additional information:

l Cloud Disaster Recovery Release Notes

l Avamar Administration Guide

l Avamar and Data Domain System Integration Guide

l Avamar for VMware User Guide

l Avamar Virtual Edition for Amazon Web Services Installation and Upgrade Guide

l Avamar Data Domain System Integration Guide

l Avamar Release Notes

l Data Domain Release Notes

l RecoverPoint for Virtual Machines Cloud Solutions Guide

l Cloud Disaster Recovery White Paper Advanced Mode

l Dell EMC YouTube channel: https://www.youtube.com/user/EMCCorp. Searchfor "Cloud Disaster Recovery demo".

Special notice conventions used in this documentDell EMC uses the following conventions for special notices:

DANGER

Indicates a hazardous situation which, if not avoided, will result in death orserious injury.

WARNING

Indicates a hazardous situation which, if not avoided, could result in death orserious injury.

CAUTION

Indicates a hazardous situation which, if not avoided, could result in minor ormoderate injury.

NOTICE

Addresses practices not related to personal injury.

Note

Presents information that is important, but not hazard-related.

Typographical conventionsDell EMC uses the following type style conventions in this document:

Preface


https://www.youtube.com/user/EMCCorp

Bold Used for names of interface elements, such as names of windows,dialog boxes, buttons, fields, tab names, key names, and menu paths(what the user specifically selects or clicks)

Italic Used for full titles of publications referenced in text

Monospace Used for:

l System code

l System output, such as an error message or script

l Pathnames, filenames, prompts, and syntax

l Commands and options

Monospace italic Used for variables

Monospace bold Used for user input

[ ] Square brackets enclose optional values

| Vertical bar indicates alternate selections - the bar means “or”

{ } Braces enclose content that the user must specify, such as x or y orz

... Ellipses indicate nonessential information omitted from the example

Where to get helpSupport, product, and licensing information can be obtained as follows:

Product information

For documentation, release notes, software updates, or further information, go toOnline Support at https://www.dell.com/support/.

Technical support

Go to Online Support and click Service Center. You will see several options forcontacting Technical Support. To open a service request, you must have a validsupport agreement. Contact your sales representative for details about obtaininga valid support agreement or with questions about your account.

Comments and suggestionsComments and suggestions help us to continue to improve the accuracy, organization,and overall quality of the user publications. Send comments and suggestions aboutthis document to [email protected].

Please include the following information:

l Product name and version

l Document name, part number, and revision (for example, 01)

l Page numbers

l Other details to help address documentation issues

Preface

15


mailto:[email protected]

Preface


PART 1

Cloud DR solution overview

This part includes these chapters:

Chapter 1, "Cloud DR solution overview"


CHAPTER 1


This chapter includes the following topics:

l Overview............................................................................................................20l Operational modes..............................................................................................21l Architectures for Standard Mode operation.......................................................22l Architectures for Advanced Mode operation......................................................27l Cloud DR solution with VMware Cloud on AWS................................................. 29


OverviewThe Cloud Disaster Recovery (Cloud DR) solution enables disaster recovery of one ormore on-premises virtual machines (VMs) to the cloud provider environment, eitherAmazon Web Services (AWS) or Microsoft Azure. Cloud DR integrates with existingDell EMC on-premises data protection solutions to protect VMs to the cloud. OnceVMs are protected in the cloud, Cloud DR enables you to run a DR test or a failoverand then run the recovered instance in the cloud.

Supported on-premises data protection solutions include Avamar backup softwarethat is coupled with a Data Domain system (physical or virtual editions) or aRecoverPoint for VMs system. Cloud DR also integrates with Integrated DataProtection Appliance (IDPA). Multiple on-premises data protection sources can beconnected to the same Cloud DR Server.

Cloud DR supports recovery run books, enabling administrators to create one or moreDR plans to recover multiple VMs and preconfigure recovery orchestration, includingnetwork and security groups association, VM boot order definition, and instance typeselection. You can manage, recover, and fail back DR plans through the Cloud DRServer (CDRS) UI.

Through the CDRS UI, you can accelerate the recovery process by creating rapidrecovery copies for protected VMs. Creating a rapid recovery copy starts arehydration process and converts the VMDK files to the required format depending onthe cloud provider environment. The recovery process then only needs to launch therecovered instance.

Depending on the on-premises data protection solution, either the Cloud DR Add-on(CDRA) or the virtual RecoverPoint Appliance (vRPA) manages the deployment of on-premises resources and the CDRS, which runs in the cloud. In this document, theCDRA and vRPA are referred to as on-premises sources.

CDRS monitors available copies and orchestration activities in the cloud. The CDRSuser interface can be used for disaster recovery testing and failover. A DR testenables temporary access to a virtual cloud instance to retrieve specific data or verifythat the recovered VM is working before running a failover. You would start a failoverwhen the on-premises production environment experiences a disaster or the VM is notrunning.

When the production environment is restored, you can start a failback. This actioncopies the failover instance from the cloud to a new VM copy in the on-premisesvCenter environment. The failback procedure is available only in the CDRS.

Two modes of operation are possible in the Cloud DR solution. Standard Modeprovides image-level, VM protection in the AWS or Azure cloud environments. Toprovide full support for application consistency in AWS, use Advanced Mode, whichrequires virtual editions of the Avamar backup server and Data Domain components inthe AWS cloud architecture.

The Cloud DR is not available in Greater China, Russia, Belarus, and Kazakhstan.



Operational modesCloud DR offers two modes of operation: Standard Mode and Advanced Mode.

Figure 1 Cloud DR operating modes

Table 2 on page 21 describes the Cloud DR operating modes.

Table 2 Cloud DR operating modes

Operatingmode

Cloud provider Use case

Standard Mode AWS Crash-consistent, image-level, VM recovery fornative AWS operation and VMware Cloud on AWS.Supported for these on-premises data protectionsolutions:

l Avamar/Data Domain

l RecoverPoint for VMs

l Integrated Data Protection Appliance (IDPA)

Microsoft Azure Crash-consistent, image-level, VM recovery.Supported for on-premises Avamar/Data Domainsolution.

AdvancedMode

AWS Crash-consistent, image-level, VM recovery aswell as application-consistent, agent-basedrecovery.Supported for on-premises Avamar/Data Domainsolution with these additional servers in the cloud:

l Avamar Virtual Edition (AVE)

l Data Domain Virtual Edition (DDVE)


Operational modes 21

Note

If you are operating in Standard Mode, you can later change it to Advanced Mode, ifsupported by the on-premises data protection solution. Select Cloud DR Add-on >

Settings > Operational Mode to change the mode. Changing from Advanced Mode toStandard Mode is not supported.

The Cloud DR solution requires the components that are listed in Table 3 on page22.

Table 3 Cloud DR components

Component Notes

VMware vCenter environment Release 6.0 or later.

An on-premises source:

l Cloud DR Add-on (CDRA) for Avamar/Data Domain

l virtual RecoverPoint Appliance (vRPA)for RecoverPoint for VMs

The on-premises source manages deploymentof resources, protects VMs in the cloud, andconfigures the Cloud DR Server (CDRS). It ispossible to have both types of sources (CDRAand vRPA) on premises, each one connectingto the same Cloud DR Server.

Cloud DR Server The Cloud DR Server (CDRS) is a virtualserver that runs in the customer domain in thecloud and provides a user interface fordisaster recovery testing and failover.

Note

Multiple on-premises sources (CDRAs andvRPAs) can connect to a single CDRS, but anon-premises source cannot connect tomultiple CDRSs.

Public cloud account A public cloud account in the customerdomain, either Azure or AWS.

Architectures for Standard Mode operationArchitectures for Standard Mode operation depend on the on-premises dataprotection solution and the cloud environment.

Table 4 Architectures for Standard Mode operation

On-premises dataprotection solution

Cloud environment Reference diagrams

Avamar with Data Domain Cloud DR and AWS Avamar/Data Domain to AWS cloudon page 23 provides component andnetwork views of a native AWSenvironment as well as anarchitecture diagram for VMwareCloud on AWS (VMC).



Table 4 Architectures for Standard Mode operation (continued)

On-premises dataprotection solution

Cloud environment Reference diagrams

RecoverPoint for VMs Cloud DR and AWS RecoverPoint for VMs to AWS cloudon page 25 provides component andnetwork views of a native AWSenvironment as well as anarchitecture diagram for VMwareCloud on AWS (VMC).

Avamar with Data Domain Cloud DR and Azure Avamar/Data Domain to Azure cloudon page 26 provides component andnetwork views of an Azure cloudenvironment.

Avamar/Data Domain to AWS cloudArchitecture diagrams depict the component and the network views as well asVMware Cloud on AWS in Standard Mode operation.

Figure 2 on page 23 shows the major components for Cloud DR and AWS inStandard Mode operation.

Figure 2 Component view for Cloud DR and AWS

Figure 3 on page 24 shows network connections for Cloud DR and AWS in StandardMode operation.


Avamar/Data Domain to AWS cloud 23

Figure 3 Network view for Cloud DR and AWS

Figure 4 on page 24 shows the architecture for VMware Cloud on AWS (VMC) inStandard Mode operation. You deploy the VMC inside a software-defined data center(SDDC), which is deployed on demand.

Figure 4 VMware Cloud on AWS architecture



RecoverPoint for VMs to AWS cloudThe RecoverPoint for VMs integration with Cloud DR is described using architecturaldiagrams for the supported use cases.

Figure 5 on page 25 shows the integration of the on-premises RecoverPoint for VMssystem with Cloud DR and the AWS cloud environment. Cloud DR software that isintegrated within the virtual RecoverPoint Appliance (vRPA) deploys cloud-basedresources including the Cloud DR Server (CDRS). The CDRS enables disasterrecovery activities for cloud-protected VMs.

Figure 5 RecoverPoint for VMs to the AWS cloud

To support recovery to VMware Cloud on AWS (VMC), you deploy a software-defineddata center (SDDC) in the cloud and a CDRA within it. You connect the CDRA to theCDRS and enable direct failover to the vCenter in the VMC. Figure 6 on page 26shows the cloud architecture. The VMC SDDC can be pre-configured or configured ondemand when a DR site is needed. Recovery to VMC eliminates the need to recoverVMware VMs into AMI format and shortens the Recovery Time Objective (RTO).


RecoverPoint for VMs to AWS cloud 25

Figure 6 Architecture for recovery to VMware Cloud on AWS

Avamar/Data Domain to Azure cloudArchitecture diagrams depict component and network views of Avamar/Data Domainto Azure cloud in Standard Mode operation.

Figure 7 on page 27 shows the major components for Cloud DR and Azure cloud inStandard Mode operation.



Figure 7 Component architecture for Cloud DR and Azure

Figure 8 on page 27 shows network connections for Cloud DR and Azure in StandardMode operation.

Figure 8 Network architecture for Cloud DR and Azure

Architectures for Advanced Mode operationArchitectures for Advanced Mode can vary depending on networking preferences andsite requirements. To build the network infrastructure to support the Cloud DRsolution, consult the network administrator.

The architecture for Advanced Mode requires:

l Deploying physical or virtual editions of Data Domain and Avamar in the vSphereenvironment on premises.

l Deploying virtual editions of Data Domain (DDVE) and Avamar (AVE) in the user'sAWS cloud account. Avamar provides a deployer that deploys AVE and DDVE inthe cloud and configures the required AWS resources.


Architectures for Advanced Mode operation 27

l Connecting the cloud-based AVE and DDVE components.

l Configuring the network connection between on-premises Avamar and DataDomain components and cloud-hosted AVE and DDVE components through a VPNgateway.

l Configuring Avamar replication between the on-premises Avamar and cloud-basedAVE components.

Figure 9 on page 28 shows the component architecture for operating the Cloud DRsolution in Advanced Mode.

Figure 9 Component architecture for Cloud DR and AWS

Figure 10 on page 29 shows an example of the network architecture for AdvancedMode.

This example shows the CDRS deployed within the same VPC as the Avamar and DataDomain components.



Figure 10 Example of network architecture for Cloud DR and AWS

Another option (not shown) is to deploy the CDRS in a different VPC than the Avamarand Data Domain components. This alternative requires a VPN connection from CDRSto the Avamar and Data Domain components in the cloud.

Cloud DR solution with VMware Cloud on AWSCloud DR Standard Mode supports failover from an on-premises environment to aVMware Cloud on AWS (VMC). Copies are protected in AWS S3, and they arerecovered in VMware Cloud on AWS.

VMware Cloud on AWS can be used on demand, when DR is needed. Since VMwareCloud on AWS is not needed for protection, the user can deploy a software-defineddata center (SDDC) only when failover is required. The user connects the VMC to theCloud DR solution by deploying a CDRA in VMC and connecting it to the CDRS. Thenfailover of VMs can begin.

Since the production site and DR site are both using VMware, failover to the VMwareCloud on AWS does not require launching an EC2 instance or converting VMDKs toAMIs.

For more information about VMware Cloud on AWS, read the VMware Cloud on AWSTechnical Overview.

In this solution, the general recovery workflow is:

1. When recovery is needed, deploy an SDDC.

2. Deploy a CDRA in the SDDC and connect it to the CDRS.

3. From the VMC CDRA, when you define the recovery staging area, ensure that youenable direct failover to the VMC vCenter.

4. During recovery operations, select the VM that you want to recover, and thenclick FAILOVER TO VCENTER.

5. The recovery process fails over the AWS S3 copy to the VMware Cloud on AWS.


Cloud DR solution with VMware Cloud on AWS 29

https://assets.cloud.vmware.com/v3/assets/blt719094f4883f620b/blt61dafeacad75e15b/5a345939b2f23a2f7143b373/download?disposition=inline

https://assets.cloud.vmware.com/v3/assets/blt719094f4883f620b/blt61dafeacad75e15b/5a345939b2f23a2f7143b373/download?disposition=inline

If failback is required, use vMotion to move the recovered VM from the VMC vCenterto the vCenter at the production site on premises.



PART 2

Cloud DR with AWS


Chapter 2, "Cloud DR with AWS requirements and deployment"

Chapter 3, "Cloud DR with AWS protection, recovery, and failback "

Cloud DR with AWS 31

Cloud DR with AWS


CHAPTER 2

Cloud DR with AWS requirements anddeployment


l Requirements for Cloud DR with Amazon Web Services.................................... 34l Credentials for Cloud DR deployment................................................................ 42l Deployment guidelines....................................................................................... 43l Deploy the CDRA OVA....................................................................................... 44l Log into the CDRA............................................................................................. 45l Configuring the CDRA and deploying the CDRS.................................................46l Add additional on-premises sources................................................................... 57l Uninstall Cloud DR components......................................................................... 58

Cloud DR with AWS requirements and deployment 33

Requirements for Cloud DR with Amazon Web ServicesThe following sections describe the requirements for the Cloud DR solution when usedwith AWS cloud environments.

Requirements checklistThe prerequisite checklist may vary depending on the on-premises data protectionsolution.

Table 5 Prerequisite checklist

Prerequisite Requirement

Operationaltraining

Familiarity with Avamar, Data Domain, RecoverPoint for VMs,Amazon Web Services, and VMware, as required.

RecoverPoint forVMs

Note

Refer to the RecoverPoint for Virtual Machines Cloud Solutions Guidefor the relevant procedures for the RecoverPoint for VMs protectionsolution.

l Familiarity with the support and limitation statements for eachRecoverPoint for VMs release.

n See the RecoverPoint for Virtual Machines Simple SupportMatrix (ESSM) for detailed support statements for third-party platforms and operating systems.

n See the RecoverPoint for Virtual Machines Release Notes forthe supported component versions and limitations.

n See the RecoverPoint for Virtual Machines Scale andPerformance Guide for the maximum number of supportedcomponents in a RecoverPoint for VMs system.

l TCP/IP port 443 open for communication between every vRPAcluster that protects a production VM, and AWS, and CDRS, asdescribed in the RecoverPoint for Virtual Machines SecurityConfiguration Guide.

l An on-premises installation of RecoverPoint for VMs 5.2.1 orlater, with a network architecture and installed vRPA clusters asdescribed in the RecoverPoint for Virtual Machines Installation andDeployment Guide.

l An on-cloud installation of Cloud DR Server 18.4 or later.

l One public Amazon cloud account, S3 bucket, Cloud DR Server,and on-premises datastore (for snap replication), that areregistered with every vRPA cluster that protects a productionVM.

l VMs that are protected with a copy on AWS, that was created byRecoverPoint for VMs.

Avamar and DataDomain systems

On-premises, physical or virtual editions of:

Cloud DR with AWS requirements and deployment


Table 5 Prerequisite checklist (continued)


for Standard Modeof operation

l Avamar 7.5 and later

l Data Domain 6.1 and later

Avamar and DataDomain systemsfor Advanced Modeof operation


l Avamar 7.5.1 with 7.5.1-101_HF298709_27 and later

l Data Domain 6.1.2 and later

In the cloud, virtual editions of:

l Avamar 7.5.1 with 7.5.1-101_HF298709_27 and later

l Data Domain 6.1.2 and later

Connectivitybetween the DataDomain systemsand the Avamarservers

In Standard Mode, the on-premises Data Domain system isconfigured as the backup target for the Avamar server.In Advanced Mode, DDVE and AVE run in the VPC that is connectedvia VPN to the on-premises components.

Avamar and Data Domain System Integration Guide provides moreinformation about connectivity.

Clocksynchronization viaNTP

All servers (ESXi, Avamar, Data Domain, RecoverPoint vRPA clusters,CDRA, vCenter) must have their clocks synchronized with NTPservers.

vSphereenvironment

l An on-premises vSphere environment, release 6.0 and later.

l Network connectivity between on-premises environment andAWS.

l Virtual machines that are configured for backup to the Avamarserver. The Avamar for VMware User Guide contains informationabout configuring Avamar backups of VMs.

l Virtual machines compatible with Cloud DR. Comply with:

n Virtual machine specifications for Cloud DR with AWS onpage 37.

n Supported operating systems for Cloud DR and AWS on page38 contains information about supported VM operatingsystems.

n http://docs.aws.amazon.com/vm-import/latest/userguide/vmie_prereqs.html for information about VM compatibilitywith AWS.

Amazon WebServices

l An AWS account.

l AWS Marketplace terms must be accepted before deploying theCloud DR Server. Accept Amazon Web Services Marketplaceterms on page 37 contains information about accepting AWSMarketplace terms.

l Network connectivity between on-premises environment andAWS.


Requirements checklist 35

http://docs.aws.amazon.com/vm-import/latest/userguide/vmie_prereqs.html




l An S3 bucket to be used as a Cloud DR target in one of thesupported regions. See AWS regions for CDRS deployment onpage 38.

l Enable downloads of Cloud DR logs from AWS on page 171.

Prerequisites for Advanced ModeFollow the prerequisites for Advanced Mode operation with Avamar and Data Domain.

These prerequisites are based on the Advanced Mode architecture shown in Figure 10on page 29.

1. Ensure that Avamar and Data Domain components are installed on premises. Whenadding the Data Domain system in Avamar, it is recommended to use the DataDomain hostname.

2. In AWS, create a virtual private cloud (VPC).

Note

When you deploy the CDRS on this VPC, the CIDR that you provide must be asubset of the VPC CIDR and must not overlap any other CIDR of a subnet in theVPC.

3. Deploy the VPN gateway within the private subnet.

4. Create the VPN tunnel between on-premises and cloud environments and verifythat it is working.

5. To deploy Avamar Virtual Edition (AVE) and Data Domain Virtual Edition (DDVE) inthe private subnet, follow Avamar and Data Domain documentation:

l Avamar Virtual Edition for Amazon Web Services Installation and Upgrade Guide

l Avamar Data Domain System Integration Guide

Note

During AVE and DDVE deployment, when prompted to provide an IP address, enterthe Fully Qualified Domain Name (FQDN) of the private IP address.

6. Ensure that AVE connects to DDVE, and that DDVE is added as a backup targetfor AVE.

7. Configure the Data Domain system on premises to use the private DNS of thecloud backup server by adding the DNS in the Data Domain System Manager:Hardware > Ethernet > Settings > Hosts Mapping.

8. Configure the cloud AVE component as a destination for the on-premises Avamar:

a. From the on-premises Avamar Administrator UI, select Data MovementPolicy, then select Actions > New Destination.

b. Update required fields, select Verify Authentication, and click OK.



Note

When the Avamar Administrator UI displays the private FQDN with a status ofOK, the action is successful and the on-premises Avamar recognizes the cloud-based AVE as a replication destination.

c. Ensure that the appropriate ports are opened in the security group that isassigned to the AVE instance on AWS. For details about AWS security groupports, refer to Avamar Virtual Edition for Amazon Web Services Installation andUpgrade Guide.

Accept Amazon Web Services Marketplace termsBefore you deploy Cloud DR, you must accept the AWS Marketplace terms.

Procedure

1. To connect to https://aws.amazon.com/marketplace/pp/B00O7WM7QW/,open a browser.

The CentOS 7 (x86_64) - with Updates HVM page displays.

2. Click Continue.

The Sign In or Create an AWS Account page appears.

3. Sign in using the AWS account.

The Launch on EC2 page appears.

4. Click Manual Launch with EC2 Console, API, or CLI.

5. Click Accept Software Terms.

Clicking Accept Software Terms subscribes you to the CentOS software andindicates that you agree to the End User's License Agreement (EULA).

The Thank you for subscribing... page appears. Verify that the subscriptionhas been completed.

Virtual machine specifications for Cloud DR with AWSThe following tables list the required specifications for the VMs used for CloudDisaster Recovery components of the RecoverPoint for VMs cloud solution.

NOTICE

To support recovery operations for production VMs, ensure that each VM has a uniqueidentifier (UID).

Table 6 Cloud DR AWS components specifications

Component Specification

CDRS instance type m4.large

Temporary Restore Service instance type c4.8xlarge

Temporary Retention Service instance type m4.xlarge


Accept Amazon Web Services Marketplace terms 37

https://aws.amazon.com/marketplace/pp/B00O7WM7QW/

Table 6 Cloud DR AWS components specifications (continued)


Note

Only relevant in the RecoverPoint for VMs protection solution.

RDS db.t2.small

Note

For auto-scale handling, up to 100 Restore Service instances can be created forrecovery, and up to 20 can be created for failback.

Table 7 Cloud DR Add-on VM specifications


vCPU 4 (2x2)

RAM 4 GB

HDD 16 GB

In the RecoverPoint for VMs cloud solution, a CDRA is required only if you want to failback from AWS to an on-premises vCenter or recover to vCenter or VMware Cloud onAWS.

AWS regions for CDRS deploymentThe list of AWS regions for CDRS deployment is subject to change. The most up-to-date list of supported regions where you can deploy the CDRS is maintained in theCloud DR Simple Support Matrix, which is available here:


The AWS web page http://docs.aws.amazon.com/general/latest/gr/rande.htmlcontains further information about AWS regions.

Supported operating systems for Cloud DR and AWSThe list of operating systems for Cloud DR and AWS is subject to change. The mostup-to-date list of supported operating systems is maintained in the Cloud DR SimpleSupport Matrix, which is available here:


Supported browsers and resolutionsThe following browsers and resolutions are supported with Cloud DR.

Supported browsers

l Chrome - The latest version at the time of the release of Cloud DR.

l Firefox - The latest version at the time of the release of Cloud DR.




http://docs.aws.amazon.com/general/latest/gr/rande.html


Supported desktop resolutions

l 1280 x 800

l 1366 x 768

l 1920 x 1080

Limitations - Cloud DR with AWSThe following limitations apply to the Cloud DR solution and AWS:

l For limitations in AWS support for importing VMs, see the AWS documentation at http://docs.aws.amazon.com/vm-import/latest/userguide/vmie_prereqs.html

l Only VMware hypervisor is supported. Other hypervisors, such as MicrosoftHyper-V, are not supported.

l VMware tools are not installed on a failed-back VM (AWS removes the VMwaretool installation). Manually install VMware tools, if needed, on the failed back VM.

l You cannot change the names of AWS components, such as the EC2 instance, keypairs, and so on.

l Limitations in Avamar support:

n Ad hoc backups of individual VMs are not supported. Only policy-basedbackups can be used.

n Existing backups that do not have Cloud DR enabled cannot be converted toCloud DR-based backups. Only new backups created after Cloud DR is enabledare supported.

l Cloud provider performance and the volume of protected assets can affect theperformance of the Cloud DR solution.

l Cloud DR disk size limitation for a protected/recovered VM is 4TB. The minimumdisk size is 1GB based on AWS EBS limitations for General Purpose EBS volumes(gp2): https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html.

l For Avamar/Data Domain configurations, Cloud DR ensures that the VM iscompatible with AWS based on various factors such as OS type and disk size. InCloud DR 18.3, the disk size compatibility check changed for Windows machines(to satisfy AWS requirements). The new requirement is 6 GB of free space(instead of 250 MB). Therefore, VMs that were compatible in previous Cloud DRreleases, might become incompatible in Cloud DR 18.3.

l CDRS does not support files share (relevant for Avamar data protection solution).

Requirements and limitations for VMware Cloud on AWSObserve the requirements and limitations of Cloud DR with VMware Cloud on AWS(VMC).

RequirementsRecovery to VMware Cloud requires:

l AWS cloud account

l VMware Cloud deployed in AWS cloud environment (used on demand)

l For Avamar/Data Domain configurations:

n On-premises Avamar (physical or virtual edition) with release 7.5 and later


Limitations - Cloud DR with AWS 39


https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html

n On-premises Data Domain (physical or virtual edition) with release 6.1 and later

l For RecoverPoint for VMs configurations, on-premises RecoverPoint for VMsversion 5.2.1 or later

l CDRA that is deployed in VMware Cloud (requires the same version level as theCDRS).

LimitationsFailover to the VMware Cloud on AWS has these limitations:

l You cannot test a copy or promote a DR test to failover (only direct failover issupported).

l You cannot fail over from rapid recovery copies to VMC.

l You cannot use DR plans to fail over to VMC.

l You cannot use automated failback from VMC to the on-premises production site.Instead, use vCenter vMotion.

l Failover to VMC is available only for copies that are created by a CDRA inStandard Mode.

Prerequisites to enable failover to VMCWhen you enable failover to VMware Cloud on AWS (VMC), ensure that you observethe detailed prerequisites in this section.

Provide a Cloud DR environment

Provide a Cloud DR environment, including a Cloud DR Server (CDRS). Procedures fordeploying a CDRA and CDRS are described in this chapter.

You can deploy CDRS in any AWS region. To avoid the high costs of cross-regionrecovery, Dell EMC recommends to deploy CDRS within the VMC supported regions.

In a typical scenario, VMC is used on demand. When recovery operations are needed,you deploy a VMC SDDC, deploy a CDRA in the VMC, connect the CDRA to theCDRS, enable failover to the VMC vCenter, and then fail over the protected VM.

Create VMware Cloud on AWS

Before you begin

Review VMware documentation about VMware Cloud on AWS: Getting Started withVMware Cloud.

Procedure

1. Obtain a VMware Cloud on AWS (VMC) account.

2. Select an AWS region for VMC from the VMC supported regions list.

3. Connect VMC to the AWS account that is running Cloud DR.

4. Connect the VPC and subnet from the same region that you selected for VMC(in step 2 on page 40).

5. Configure networking for the VMC software defined data center (SDDC).

Configure SDDC networking

Details about configuring the SDDC networking are described in this white paper:

Creating a VMware Software-Defined Data Center.

High-level steps include:



https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws.getting-started/GUID-3D741363-F66A-4CF9-80EA-AA2866D1834E.html

https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws.getting-started/GUID-3D741363-F66A-4CF9-80EA-AA2866D1834E.html

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/vmware-reference-architecture-creating-software-defined-data-center-white-paper.pdf

Procedure

1. To connect between the Management Gateway (MGW) and the ComputeGateway (CGW), create VPN gateway details:

a. Add a VPN from MGW to CGW.

b. Add VPN from CGW to MGW.

2. Create network connection firewall rules for MGW:

a. To enable network connection from web to VMC, add rule: vCenter accessfrom Web with HTTPS(TCP 443) service.

b. To enable provisioning from inbound to ESXi, add rule: inbound to ESXiprovisioning with Provisioning (TCP 902) service.

c. To enable TCP connection from inbound to ESXi, add rule: inbound to ESXi443 with HTTPS(TCP 443) service.

3. Create network connection firewall rules for CGW:

a. To enable network connection from VMC to outside network, add rule:outbound any with All traffic service.

b. To enable network connection from VPC (AWS) to VMC, add rule: any fromVPC with All traffic service.

Deploy the CDRA on the vCenter in the SDDC

Procedure

1. Ensure that the CDRA that is deployed in VMC is accessible from the customernetwork. Use one of these methods:

l Create a jump host, a machine on the same VPC that you selected for theVMC (in step 4 on page 40).

l Assign a public IP address to the CDRA. See Assign a Public IP Address to aVM.

l Configure a VPN that connects the on-premises network to the SDDC. Seethe Network section in the VMware FAQs: https://aws.amazon.com/vmware/faqs/.

2. Deploy the CDRA.ova file (using the same version as the CDRS) on the vCenterin the SDDC. Use the VMC internal IP address.

Connect CDRA in VMC to the CDRS

Procedure

1. Ensure that the cloud account credentials are the same as the configuration forthe Cloud DR environment.

2. Connect the CDRA in the VMC to the existing CDRS.

3. Add the vCenter in the SDDC as the vCenter server. Define the recoverystaging area and enable direct failover to this vCenter.

NOTICE

The number of IP addresses that you allocate to direct failover defines thenumber of simultaneous recoveries that you can run.


Prerequisites to enable failover to VMC 41

https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws.getting-started/GUID-BFE71806-64FC-4CD3-BB21-F1FEFD1478E3.html

https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws.getting-started/GUID-BFE71806-64FC-4CD3-BB21-F1FEFD1478E3.html

https://aws.amazon.com/vmware/faqs/

https://aws.amazon.com/vmware/faqs/

Connect CDRA to CDRS using private IP address - AWSThe connection between the on-premises CDRA and the cloud-based CDRS uses apublic IP address by default. However, after the CDRS is deployed, the CDRA UIprovides a way to connect to CDRS using a private IP address. This capability isavailable only after you deploy a CDRA.

Before you begin

CAUTION

This feature is not supported when the on-premises source is a RecoverPointvRPA. The vRPA does not support private IP communication with CDRS.Activating this feature, in this case, interrupts the connection between the vRPAand CDRS and all communication is lost.

If you want to connect using private IP address (for example, when working with aVPN or AWS direct connect), you must create a network address translation (NAT)gateway and configure network routing. These actions enable the CDRS to accessAWS services such as Amazon Simple Queue Service (SQS). Here are the prerequisitesteps:

Procedure

1. Configure routing to the local network in the route table of the CDRS subnet.Configure the VPN gateway on the AWS as the target.

2. Create a subnet for a NAT gateway. Configure local and default routes.

3. Create the NAT gateway using the previously created subnet.

4. Configure the default route to the NAT gateway.

After you finish

After the CDRS is deployed in the CDRA configuration wizard, edit the connection andchange it to a private IP address. This option is available by selecting Cloud DR Add-on > Cloud DR Server, and then clicking the edit icon. The option is displayed in theEdit CDRS Settings dialog box.

Credentials for Cloud DR deploymentBefore you begin Cloud DR deployment, ensure that you have access to theusernames and passwords for Cloud DR components.

Security best practices recommend that you change default passwords to somethingunique.

Table 8 Cloud DR component credentials

Cloud DRcomponent

Notes

Cloud DR Server Credentials are set during CDRS deployment, and can be changedthrough the CDRS interface, using the procedure to Change the CDRSuser account password on page 148.

In the RecoverPoint for VMs cloud solution, a CDRS admin user is

created and the password for the CDRS admin user is defined during



Table 8 Cloud DR component credentials (continued)

Cloud DRcomponent

Notes

CDRS deployment.The CDRS can be deployed using the RecoverPointfor VMs vSphere plug-in, as described in the RecoverPoint for VirtualMachines Cloud Solutions Guide, or you can connect the RecoverPoint forVMs cloud solution to an existing CDRS (for example, a CDRS that isalready being used to protect Avamar/Data Domain systems).

Amazon WebServices

Credentials are needed to establish a connection to the AWS accountwith the S3 bucket with the snapshots of your protected VMs.

l AWS IAM user credentials are managed through the AWSManagement Console > IAM Console.

l AWS root user credentials are managed through the AWSManagement Console > Security Credentials Page.

In order to deploy a CDRS, you must have an IAM user with the minimumpermissions described in Define the AWS IAM policy on page 158.

RecoverPointvRPA Cluster

Credentials are defined during vRPA cluster installation, as described inthe RecoverPoint for Virtual Machines Installation and Deployment Guide.

vCenter Server Credentials are needed to establish a connection to the vCenter serverthat supports the production environment.

Cloud DR Add-on Created during CDRA OVA deployment, the initial username/password isadmin/admin.

Avamar MCUser Credentials are needed to establish a connection to the backup server onpremises.

Data DomainDDBoost

Credentials are needed to establish a connection to the Data Domainsystem on premises.

Cloud AvamarMCUser

Credentials are needed to establish a connection to the backup server inthe cloud.

Cloud Data DomainDDBoost

Credentials are needed to establish a connection to the Data Domainsystem in the cloud.

Deployment guidelinesUnderstand the guidelines for deployment according to the on-premises dataprotection solution.

Deployment guidelinesTable 9 on page 44 lists the deployment guidelines according to the on-premisesdata protection solution.


Deployment guidelines 43

Table 9 Deployment guidelines

On-premisessolution

Deployment guidelines Reference

Avamar/DataDomain

1. Deploy the CDRA OVA.

2. Log in to CDRA and complete therequired steps in the wizard.

The CDRA wizard has severaltabs: Cloud DR Add-on, CloudAccount, Cloud DR Server,vCenter Servers, LocalBackup, and Cloud Backup(Advanced Mode only).Procedures are in containedthis guide beginning with Deploy the CDRA OVA andending with Configure cloudbackup - Advanced Mode onpage 56.

RecoverPointfor VMs(standarddeployment)

To support VM protection and recovery inthe AWS cloud:

1. Deploy RecoverPoint for VMs OVA(one for each vRPA in the on-premisescluster).

2. Use RecoverPoint for VMs DeployerGUI to install vRPAs in a cluster.

3. Use the RecoverPoint for VMsvSphere plug-in GUI to register thecloud account and targets, and theninstall and register the CDRS.

Procedures for steps 1 and 2are in the RecoverPoint forVMs Installation andDeployment Guide. Step 3 is inthe RecoverPoint for VMsCloud Solutions Guide.

RecoverPointfor VMs(vCenter usecases)

If you want to:

l Fail back to the on-premises vCenter

l Fail over to another vCenter

You must deploy the CDRA OVA, log in tothe CDRA, and complete the steps of theCDRA wizard.

For these use cases, the usercompletes these steps of theCDRA wizard: Cloud DR Add-on, Cloud Account, Cloud DRServer, and vCenter Servers.Procedures are containedwithin this guide beginningwith Deploy the CDRA OVAand ending with Define arecovery staging area on page52, and also in theRecoverPoint for VMs CloudSolutions Guide.

Deploy the CDRA OVAThe Cloud DR Add-on (CDRA) is a Cloud DR component, and it is provided as an OVAdeployed on a VMware vCenter Server environment.

Download the OVA from the link that was provided when you purchased the Cloud DRsolution. Use the vSphere client to deploy the OVA in the vSphere environment.



In the network mapping step, one network interface is required for the CDRA VM.Map the CDRA network interface to a VLAN that provides network access to thecloud.

Note

After the CDRA is deployed, changing its IP address is not supported.

Log into the CDRAYou can log in to the CDRA with the username and password.

Procedure

1. From a host that has network access to the CDRA virtual appliance, use abrowser to connect to the appliance:

https://CDRA_hostname

Where CDRA_hostname is the hostname or IP address of the address that youcreated when the CDRA was deployed to the vCenter server.

2. In the Admin username and Admin password fields, enter the username andpassword that were provided when you purchased the product.

Note

l The default admin password is admin.

l Passwords expire based on the specified expiration period. By default, theexpiration period is 90 days.

If this login is the first login or the password has expired, the Cloud DR Add-onChange Admin Password window opens for you to change the password.Passwords must be at least eight characters in length and contain a minimum ofthree of the following character types:

l English uppercase: A-Z

l English lowercase: a-z

l Numeric character: 0–9

l Special (non-alphanumeric) characters

Note

If you forget the password, click Forgot password?. Then enter the usernameand click Send.When the admin user account's email address is initially provided or changed,AWS sends a verification email to the email address. This email address must beverified before receiving the password reset email. You can request a newverification email through the AWS console by signing into the console andselecting the US East (N. Virginia) region. Then, open https://console.aws.amazon.com, select Email Addresses, select the email address,and click resend.


Log into the CDRA 45

HTTPS://CONSOLE.AWS.AMAZON.COM


3. If this is the first time logging in to the CDRA, you are prompted to select theoperational mode.

l For image-level, VM protection in the cloud, select Standard Mode.

l For VM protection and full application consistency, select Advanced Mode.

For information about choosing the operational mode for your environment, see Table 2 on page 21.

Results

The Cloud DR Add-on window opens and the Welcome page appears.

Configuring the CDRA and deploying the CDRSThe following sections describe how to configure the Cloud DR Add-on (CDRA) anddeploy the Cloud DR Server (CDRS). CDRS is deployed to the cloud duringconfiguration of the CDRA.

To begin, click Configuration in the navigation pane.

The menu bar (across the top) displays the steps that are required to complete theconfiguration and deployment process. The Cloud DR solution is fully deployed whenyou complete these tasks.

Generally, you complete the steps working from left to right. For example, you mustconnect to the Cloud Account and create Cloud DR targets before you deploy theCloud DR Server.

Set up the CDRATo configure networking and other settings for the CDRA, use the Setup CDRA pageof the Cloud DR Add-on window.

Procedure

1. For Cloud DR Add-on name, enter a name for the CDRA.

2. Enter the hostname or IP address for the primary and secondary DNS servers.



3. Enter the hostname or IP address for the primary and secondary NTP servers.

4. Select a time zone that is the same as the on-premises time zone.

5. Click Save.

Add AWS cloud accountAdd the AWS cloud account and connect the CDRA to the account.

Before you begin

Ensure that you have an AWS account that is already configured before connecting tothe cloud account.

Procedure

1. Click Cloud Account on the menu bar.

The Connect to Cloud Account page appears.

2. Click Add Cloud Account.

3. In the Connect to Cloud Provider Account dialog box, select AWS.

4. In the Connect to Cloud Provider Account dialog box, enter the Access Key IDand the Secret Access Key for the AWS account. http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html provides information about obtaining the access and secret keys.

5. To copy the IAM policy, click Copy IAM Policy.

This action copies to the buffer a JSON version of the minimum AWS useraccount permissions that are required for Cloud DR implementation. Thisimplementation can then be applied to AWS to set the permissions policy forthe AWS user. Define the AWS IAM policy on page 158 also provides the IAMpolicy and instructions for creating an AWS policy that uses this IAM policy.

6. To view the Identity and Access Management (IAM) policy that represents theminimum AWS user account permissions that are required for Cloud DRimplementation, click Show IAM Policy.

7. To save the AWS cloud account, click Verify & Save.

The CDRA verifies that the account exists before saving the cloud accountinformation and closing the Connect to Cloud Provider Account dialog box.

Note

After you provide credentials to an AWS account, you cannot change to anotherAWS account.


Add AWS cloud account 47

http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html



Add AWS cloud targetsYou can add one or more AWS cloud targets to the cloud account by selecting anAmazon S3 bucket and an encryption method.

Procedure


The Cloud Account page is displayed.

2. Click ADD CLOUD TARGET to set up one or more Cloud DR targets on thecloud account.

The Cloud DR target is the S3 bucket on AWS where data is written when VMsare backed up to the cloud. The Cloud DR Server is deployed on one of thetargets.

The Add Cloud DR Target dialog box opens.

3. Enter a name for the Cloud DR target.

For Avamar/Data Domain configurations, Standard Mode operation requiresthis name to be the same name that appears in the Avamar Administrator UIwhen creating a Cloud DR backup policy.

For RecoverPoint for VMs configurations, when creating a cloud copy, enterthe same name that appears in the RecoverPoint for VMs plugin for vSphere.

4. Select an Amazon S3 bucket and region for the Cloud DR target.

5. Click Advanced security option and select an encryption method.

Option Description

SSE-S3 Default encryption (no cost)

SSE-KMS Key management service encryption (incurs a cost)

Note

If you select the SSE-KMS encryption method, only the default customermanaged key is supported. Changing the encryption key might cause errorswith the files in the Amazon S3 bucket.

For more information about these encryption methods, see:

l SSE-S3 - https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html

l SSE-KMS - https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html

6. Click ADD.



https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html

https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html

https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html

https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html

7. For each Cloud DR target that you want to add, repeat the steps in thisprocedure.

Deploy the Cloud DR Server in AWSDeploy the CDRS on a specific Cloud DR target.

Before you begin

l Cloud DR targets are required in the AWS account before performing this task. Add AWS cloud account on page 47 contains information about adding Cloud DRtargets to the AWS account.

l AWS Marketplace terms must be accepted before deploying the Cloud DR Server. Accept Amazon Web Services Marketplace terms on page 37 contains informationabout accepting AWS Marketplace terms.

Procedure

1. Click Cloud DR Server on the menu bar.

l If no CDRS has been deployed, the Deploy Cloud DR Server page appears.

l If the CDRS has already been deployed, the Cloud DR Server page appears.You are not permitted to deploy additional CDRS instances.

2. In the Cloud DR Server Configuration section, select an AWS region, and thenselect an existing VPC or create a new VPC.

Option Description

CreateNew VPC

Not available in Advanced Mode. If you create a new VPC inStandard Mode:

l The connection between the CDRA and CDRS uses a public IPaddress, and you cannot update this setting later to use aprivate IP address.

l Changing to Advanced Mode later is not possible withoutassistance from Dell EMC support.

SelectexistingVPC

Available in Standard Mode and Advanced Mode. In AdvancedMode, you can deploy CDRS in the same VPC as the AVE andDDVE components or in a different VPC. If you select a differentVPC than the one that contains AVE and DDVE, ensure thatCDRS has a VPN connection to the AVE and DDVE.


Deploy the Cloud DR Server in AWS 49

A public subnet is created in the VPC, and the CDRS is launched into it.

3. In the IPV4 CIDR Range section, the CIDR prefix for the CDRS is pre-populated, and you may retain the given value or change it.

Note

The CIDR range defines the number of IP addresses within the VPC. The rangeis allocated by CDRS to the CDRS subnet and two RDS's (the second RDS is abackup for high availability). Each RDS is created in its own Availability Zoneand private subnet. If you selected an existing VPC in the previous step, ensurethat the IP addresses within the CIDR range are available for use. If you specifya range of addresses that is not available (meaning that these IP addresses mayalready be in use), then the deployment process will not start.

4. In the User Configuration section, enter and confirm passwords for the CDRSAdmin and CDRS Monitor users.

The passwords must:

l Be at least eight characters in length

l Contain characters of a minimum of three of the following types:

n English uppercase: A-Z

n English lowercase: a-z

n Numeric character: 0–9

n Special (non-alphanumeric) characters

a. Enter and confirm passwords for the CDRS Admin and CDRS Monitor users.

b. Enter an email address for Cloud DR password reset requests.

When the Cloud DR Server is successfully deployed, AWS sends an email tothis address for verification. Follow the instructions in the email within 24hours of deployment.

Note

If you update the password, the new password must be different than theprevious password.

5. To confirm that you accept the marketplace terms, click the I have acceptedthe AWS Marketplace terms checkbox.

6. Click Deploy Cloud DR Server.

Results

The CDRA begins deployment of the CDRS to the Cloud DR target. Deploying theCDRS may take up to 30 minutes.

The M4.Large instance type is used for the CDRS instance. To reduce deploymentcosts, you may want to purchase reserved instances from AWS; otherwise an on-demand instance is used. An elastic IP address is automatically assigned to the CDRSinstance. You cannot change this IP address.

If the deployment is successful, the Cloud DR Server page appears, listing thehostname of the CDRS host and the region. You can access the Cloud DR Server byclicking the CDRS Hostname link, but protection and disaster recovery are notsupported until you complete all CDRA configuration steps.



If an error occurs during deployment, click Cleanup to delete the cloud resources thatCDRS creates, and then retry deployment.

Note

Multiple Cloud DR Add-on appliances can connect to a single Cloud DR Serverinstance. However, a Cloud DR Add-on appliance can connect to only one Cloud DRServer instance.

Add VPN gateway - Advanced ModeThe Advanced Mode requires that you add one or more VPN gateways. If you areoperating in Standard Mode, skip this procedure.

Before you begin

Adding VPN gateways is a requirement only when operating in Advanced Mode.

You must first deploy the CDRS before you can add VPN gateways.

Add at least one VPN gateway to enable communication between the Data Domainsystem and the backup server in the cloud. If you plan to support multiple regions, adda VPN gateway for each region.

Procedure

1. On the Cloud DR Server page, click the Add VPN Gateway Details button.

2. In the Add VPN Gateway Details dialog box, select a region for the VPNgateway.

3. Select the same VPC and subnet that the VPN gateway is using tocommunicate with DDVE and AVE.

NOTICE

The subnet that you select in this step must have a route table. This subnetmust be explicitly associated with the route table (DR test and failoverfunctions require it). You can verify the association in AWS.


Add VPN gateway - Advanced Mode 51

4. Enter the IP address for the IPV4 CIDR Range. This CIDR is used by the RestoreService instance during a DR operation. The range value is fixed and cannot bechanged.

NOTICE

A different VPC and subnet is created for the restore service with theconfigured CIDR that cannot be changed.

5. Click Apply.

Connect to vCenter serversYou can connect the CDRA to vCenter servers that manage VMs in the Cloud DRsolution. You can also define recovery settings.

Procedure

1. Click vCenter Servers on the menu bar.

The Connect to vCenter Servers page appears.

2. Click Add vCenter Server.

The Connect to vCenter Server dialog box appears.

3. Enter the hostname or IP address of the vCenter server.

4. Enter the port number for the vCenter server.

5. Enter the Admin username and password.

6. Click Save.

7. In the Confirm vCenter's SSL Certificate dialog box, click Confirm.

A dialog box prompts you to define a recovery staging area.

8. Define the recovery settings as described in "Define a recovery staging area."To define recovery settings later, click Define Later.

9. To add additional vCenter servers, repeat steps in this procedure for eachvCenter server.

Results

The vCenter Servers page lists vCenter servers that you add to the CDRA.

Define a recovery staging areaRecovery is the process of transferring protected VMs from the cloud to thedesignated vCenter environment. The Define Recovery Staging Area dialog boxenables you to configure settings for the operation.

Before you begin

If you are defining a recovery staging area for the VMware Cloud on AWS (VMC),follow these guidelines when performing this procedure:

l When prompted to select a network, select the network for the VMC software-defined data center (SDDC).

l When enabling direct failover to a vCenter, select the VMC vCenter.



Note

If you do not define a recovery staging area during initial Cloud DR configuration, youcan define it later. However, recovery operations do not work unless these settingsare configured.

Procedure

1. In the vCenter Servers tab, select a vCenter, and click the edit icon . Toupdate information about the vCenter, select Edit vCenter Details. To updatethe failback settings, select Edit Failback Setting.

When you click Edit vCenter Details, the Define Recovery Staging Areadialog box is displayed.

2. Select one or more datastores or datastore clusters on the vCenter server.

3. Select one or more networks for the recovery staging area.

Selected networks must connect to the cloud.

4. For each selected network:

a. Highlight the network.

b. Configure the IP range pool by typing the first IP address in the pool andthe number of IP addresses in the subnet to be included in the pool. To enter

additional IP range pools, click the plus button.

c. Enter the network Subnet mask.

d. Enter the network default gateway for the Gateway.

5. To enable a direct failover to the selected vCenter, click the toggle button atthe bottom of the dialog box:


Define a recovery staging area 53

Note

You may define multiple vCenters as recovery targets.

6. Click Save.

Configure Avamar backup server and Data Domain systemYou can connect CDRA to a local (on-premises) Avamar backup server and DataDomain system.

Before you begin

This procedure is only for the on-premises Avamar/Data Domain solution.

Before configuring the on-premises Avamar server, deploy the CDRS.

Procedure

1. Click Local Backup on the menu bar.

The Connect to Backup Servers page is displayed.

2. Click Add Backup Server.

The Connect to Backup Server dialog box is displayed.

3. Enter the hostname of the Avamar server.

4. Enter the Avamar server HTTPS service port number.

5. Enter the username and password of the Avamar MCUser account.

6. Click Save.

The Local Backup page is displayed. This page displays the DDBoost usernamethat the backup server uses to connect to the Data Domain system.

7. To connect the local Data Domain system that is registered to the Avamarserver, click Connect DD.

Note

When adding the Data Domain system in Avamar, Dell EMC recommends usingthe Data Domain hostname.

The Connect to Data Domain system dialog box is displayed.

8. Select the Data Domain system and enter the password for the DDBoostusername. Then click Connect.

9. If you want to protect VMs that the cloud provider does not support, switch theProtect unsupported VMs toggle to the on position.



Note

Although the protection of unsupported VMs is supported, recovery of theseVMs to cloud instances is not supported.

10. To connect to additional Avamar servers, repeat the steps in this procedure foreach Avamar server.

Results

The Local Backup lists the Avamar server and Data Domain system that areconnected to the CDRA.

Note

Any Avamar server can be connected to only one CDRA at a time.

Edit backup server and associated Data Domain systemYou can edit the information for a backup server and its associated Data Domainsystem.

Procedure


2. To edit the local backup server, click the edit (pencil) icon for the backup serverthat you want to change, and click Edit Backup Server.

The Edit Backup server dialog box appears.

3. Make the required changes and click Save.

4. To edit the Data Domain system, click the edit (pencil) icon for the system thatyou want to change, and click Edit DD_system.

The Update Data Domain's Credentials dialog box appears.

5. Make the required changes and click Connect.

Delete Data Domain systemYou can delete the on-premises Data Domain system that is associated with the localbackup server.

Procedure


2. Click the delete (trash can) icon for the backup server and its associated DataDomain system.

The system prompts you to select either the backup server or the associatedData Domain system for deletion.

3. Select the associated Data Domain system for deletion.

Results

The selected Data Domain system is deleted.


Configure Avamar backup server and Data Domain system 55

Delete backup serverYou disconnect from a backup server by deleting it.

Procedure




3. Select the local backup server.

Note

If the local backup server is connected to a Data Domain system, first delete theData Domain system. Then delete the local backup server.

Results

The selected backup server is removed. If an Avamar server is removed and thenreconnected, a full backup of protected VMs occurs. Previously protected VMs areaccessible to disaster recovery and failover in the CDRS.

Configure cloud backup - Advanced ModeOperating in Advanced Mode requires you to establish communication between thelocal backup server and the backup server in the cloud and its associated Data Domainsystem.

Before you begin

If you are operating in Standard Mode, skip this procedure. Configuring the cloudbackup server is possible only when operating in Advanced Mode.

Procedure

1. Click Cloud Backup on the menu bar.

2. Click the Connect to your Cloud Backup Server button.

a. Select the on-premises backup server from the list provided.

b. Select the (remote) cloud backup server from the list.

c. Select a region for the cloud backup server.

d. Enter the port number for the cloud backup server.

e. Enter the cloud backup server username and password.

f. To connect the on-premises backup server to the cloud backup server, clickConnect.

The on-premises and cloud-based backup servers are connected.

3. To establish a connection from the cloud backup server to the cloud DataDomain system, click the Connect DD button.

The Connect to Cloud Data Domain System dialog box is displayed.

a. Select a cloud-based Data Domain system from the list.



b. Enter the DDBoost user password for the cloud Data Domain system.

c. Select an S3 restore bucket that is in the same region as the cloud DataDomain system.

d. Click the Connect button.

Results

The cloud backup server configuration is complete. You may use the CDRS for CloudDR operations. To access the CDRS, return to the Cloud DR Server page and clickthe hyperlink to open the Cloud DR Server.

Add additional on-premises sourcesYou can add up to 50 on-premises sources (CDRAs or vRPAs) to the same Cloud DRServer (CDRS).

The CDRAs that are connected to the CDRS can operate in different modes (StandardMode or Advanced Mode).

This high-level procedure describes how to add CDRAs. Details of each step areprovided in this guide. For information about adding vRPAs, see (Deploymentguidelines on page 43).

Procedure


2. Log in to the CDRA.

3. Configure the CDRA.

4. Add the AWS cloud account.

5. Add the AWS Cloud DR targets.

6. If you want to change the CDRA-to-CDRS connection to a private IP address,edit the CDRS settings.

7. Connect to the existing Cloud DR Server.

a. On the Cloud DR Server page of the Cloud DR Add-on UI, click the link forthe CDRS hostname.

b. When the Cloud DR Server log-in is displayed, enter the username andpassword for the CDRS.

This action connects the new CDRA to the existing CDRS.

8. Connect to one or more vCenter servers.

9. Define failback settings.

10. Connect a local Avamar backup server and Data Domain system.

11. If operating in Advanced Mode, configure the cloud backup server.

12. To add more CDRAs to the existing CDRS, repeat the steps in this procedure.


Add additional on-premises sources 57

Uninstall Cloud DR componentsTo uninstall Cloud DR components, follow the steps in this procedure.

Before you begin

NOTICE

Failure to perform these steps in the listed order causes undesirable results.

The steps that follow apply to Standard Mode and Advanced Mode operation unlessotherwise noted. These steps assume that the on-premises source is a CDRA. If theon-premises source is a vRPA, and there is no on-premises CDRA, perform only thetasks that are listed in Table 10 on page 58.

Procedure

1. (Advanced Mode only) From the CDRA UI, capture a list of the on-premises andcloud servers that are registered in CDRA.

2. (Advanced Mode only) From the on-premises Avamar, delete policies that areusing cloud servers that are registered in CDRA.

3. (Advanced Mode only) From the CDRA UI, in the Cloud Backup tab, delete thecloud Data Domain.

4. (Advanced Mode only) From the CDRA UI, in the Cloud Backup tab, delete thecloud Avamar.

5. (Standard Mode only) From the on-premises Avamar, delete the Avamarpolicies that are configured to send files to the cloud.

6. From the CDRA UI, in the Local Backup tab, remove the Data Domain system.

7. From the CDRA UI, in the Local Backup tab, remove the Avamar backup server.

8. (Advanced Mode only) From the CDRA UI, in the Cloud DR Server tab, removethe VPN GW parameters.

9. Delete the Cloud DR Add-on appliance from vSphere, as described in VMwaredocumentation.

10. If you installed a CDRA on-premises or on the VMware Cloud on AWS, deletethe Cloud DR Add-on appliance from vSphere, as described in VMwaredocumentation.

11. It is important that you clean up cloud-based resources that are no longerneeded. From the Amazon Web Services console, perform these tasks in theorder presented:

Table 10 Cleaning up cloud-based resources

Task AWS documentation link

Delete the Cloud Formationstacks from all regions that you

used (named CDRS-DeployStack, CDRS-RDSCluster, CDRS-RestoreService).

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-console-delete-stack.html





Table 10 Cleaning up cloud-based resources (continued)

Task AWS documentation link

Delete the EC2 key pairs that

are named CDRS-KeyPairand CDRS-RestoreService.

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html

Delete the IAM role that is

named CDRS-Role.

http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage_delete.html

Delete all S3 buckets that wereused as Cloud DR targets.

http://docs.aws.amazon.com/AmazonS3/latest/dev/delete-or-empty-bucket.html

Note

Perform this step only if the S3 buckets are not being usedfor purposes other than Cloud DR.

Unregister AMIs and deletesnapshots that Cloud DRServer created for rapidrecovery of VMs.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/deregister-ami.htmlLook for AMIs and snapshots where CDRS is displayed in the

Created By tag name.

Delete the SQS queues that are

named CDRS-RestoreService <version>-Events and CDRS-RestoreService…<version>-Responses

https://docs.aws.amazon.com/cli/latest/reference/sqs/delete-queue.html


Uninstall Cloud DR components 59







https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/deregister-ami.html

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/deregister-ami.html



CHAPTER 3

Cloud DR with AWS protection, recovery, andfailback


l Overview............................................................................................................62l Create rapid recovery copies for protected assets.............................................67l Associate VMs with applications - Advanced Mode operation............................68l Test or fail over a single asset to AWS cloud......................................................69l User actions to restore applications - Advanced Mode....................................... 71l Failover to vCenter or VMware Cloud on AWS................................................... 72l Failback workflow...............................................................................................74l Failback from the cloud...................................................................................... 74l Promote a DR test to failover.............................................................................76l End a DR test..................................................................................................... 77l End a failover......................................................................................................77l Monitor recovery activities.................................................................................78l DR plan activities............................................................................................... 80l Create a DR plan.................................................................................................81l Edit a DR plan.................................................................................................... 82l Test or fail over a DR plan to AWS cloud............................................................84l Split a DR plan activity....................................................................................... 85l Delete a DR plan.................................................................................................86

Cloud DR with AWS protection, recovery, and failback 61

OverviewThe Cloud DR solution provides disaster recovery (DR) activities that includeprotection, test, promote test to failover, failover, and failback of one or more on-premises assets.

You can perform DR activities on a single asset, or multiple assets by using a DR plan.

ProtectionProtection varies depending on the operational mode (Standard Mode or AdvancedMode).

When the Cloud DR solution includes Avamar and Data Domain in Standard Mode, theprotection flow uses the Cloud DR data path. The protection flow follows:

1. Avamar writes a full VM backup to the Data Domain system.

2. The CDRA receives the backup files from Data Domain and validates AWScompatibility. Then it segments, compresses, and encrypts the files.

3. The CDRA sends the segment to the cloud target for protection.

4. Avamar then writes only incremental backups to the Data Domain system.

5. The CDRA segments, compresses, and encrypts the incremental backups.

6. The CDRA sends only the changes (or diffs) to the cloud target for protection.

You start the standard protection flow from the Avamar Administrator UI by creating abackup group, selecting a data set, and enabling Cloud DR for the group. See theAvamar for VMware User Guide for information about configuring protection from theAvamar Administrator UI.

After you back up a VM, you can enable it for rapid recovery in the CDRS userinterface.

The protection flow is similar in Advanced Mode except that it uses the Data Domaindata path, which is managed by Avamar. In Advanced Mode operation, you mustcreate two backup groups in the Avamar Administrator UI, one for the VM and one forthe application.

When the Cloud DR solution includes RecoverPoint for VMs, the virtual RecoverPointAppliance cluster (vRPA cluster) manages the data path to the cloud and the controlpath to the CDRS, replacing the on-premises CDRA for those functions within theprotection flow.

TestA DR test enables temporary access to a cloud instance to verify that a recoveredasset works before you perform a failover. Testing DR scenarios before a real disasteroccurs is a recommended best practice that saves time and ensures that productionassets on premises can be quickly recovered in the cloud.

Figure 11 on page 63 shows the basic test workflow. Table 11 on page 63 lists theuser actions that are available for each workflow state.

Cloud DR with AWS protection, recovery, and failback


Figure 11 DR test workflow

To understand the workflow and available user actions for each state, read Table 11 onpage 63 from left to right and from top to bottom.

Table 11 Test workflow states and related user actions

Workflow state User Actions Next state

Starting state:Production VMs areprotected in cloud and remainprotected during the test

Select VM/DR PlanSelect test network

Select cloud instance,security group

Start test

Test in progress

Test in progress Cancel Canceled

Canceled -- Starting state

Failed Retry Test in progress

Clean up Starting state

Succeeded:Testing - cloud instancerunning

Promote to failover (canchange network)

Failed over - cloud instancerunning

End test (removes cloudinstance)

Starting state


Test 63

FailoverYou perform a failover to the cloud when an on-premises disaster occurs and theproduction VMs are not running.

During a failover, shut down the on-premises production VMs to prevent users fromwriting new data to them.

Figure 12 on page 64 shows the basic failover workflow. Table 12 on page 64 liststhe user actions that are available for each workflow state.

Figure 12 Failover workflow

To understand the workflow and available user actions for each state, read Table 12 on page 64 from left to right and from top to bottom.

Table 12 Failover workflow states and related user actions


Starting state:Production VMs areprotected in cloud and remainprotected during failover

Select VM/DR PlanSelect failover network


Start failover

Failover in progress

Failover in progress Cancel Canceled


Failed Retry Failover in progress


Succeeded: Fail back Failed back

End failover (removes cloudinstance)

Starting state



Table 12 Failover workflow states and related user actions (continued)



FailbackA failback transfers a failed-over VM (cloud instance) back to the on-premisesvSphere environment. A failback is only crash-consistent, not application-consistent.

The failback workflow is the same for Standard Mode and Advance Mode of operation.

Before starting failback, it is a best practice to shut down services on the cloudinstance.

Figure 13 on page 65 shows the basic failback workflow. Table 13 on page 65 liststhe user actions that are available for each workflow state.

Figure 13 Failback workflow


Table 13 Failback workflow states and related user actions


Starting state:Failed over - cloud instancerunning

Select VM/DR plan.Start failback.

Failback in progress


Failback 65

Table 13 Failback workflow states and related user actions (continued)


Failback in progress Cancel. Canceled


Failed Retry Failback in progress

Clean up. Starting state

Succeeded:Failback completed, new VMcopies restored on premises

Link to failover activity card.End failover to terminaterecovered cloud instances.

--

DR plansA disaster recovery (DR) plan is a collection of assets (VMs and their applications)that enables you to define run book recovery plans, including batch operations onmultiple assets, network and security group association, VM boot order definition, andselection of cloud instance type.

A DR plan is associated with a single region and on-premises source (CDRA or vRPA).You can add to the plan only those assets that are protected by the designated source(CDRA or vRPA) and are in the designated region.

The assets that you add to the DR plan are called DR plan members. If required, youcan add the same asset to multiple DR plans. For example, you might want to createseveral DR plans to test various DR scenarios. You can also create a master DR planthat contains all the assets on premises.

Note

If the operational mode is Standard Mode, you add only VMs to the plan. In AdvancedMode, in addition to adding VMs, you add applications to the plan.

For each VM in the DR plan, you can specify a startup priority, called a boot order,from 1 to 5, where a lower number represents a higher priority. For example, a VMwith a boot order of 1 begins recovery before a VM with a boot order of 2 to 5. All VMswith the same boot order begin recovery at approximately the same time (actual starttimes may vary depending on when each VM recovery operation ends).

Note

Boot order, network, security group, and cloud instance type apply to VMs, not toindividual applications.

You can test, fail over, or fail back a DR plan in the same way that you might performthose operations on a single asset. There are minor differences in the workflows.

When you test or fail over a DR plan, that operation is applied to all the assetscontained in the plan. If one asset in the plan fails, the operation continues on theother assets in the plan (the default behavior). You may choose to retry the operationfor the failed asset while the DR plan operation continues. A partially successful DRtest means that the batch operation continues even when one or more assets in theDR plan encounter a test failure. Optionally, you may configure the DR plan to failwhen any asset in the plan fails by enabling the Fail on error option.



When a DR plan is partially successful (that is, recovery of some assets has succeededwhile others have failed), the user has three options:

l Retry - This action retries the operation only for the failed assets. Cloud instancesthat are already recovered remain available.

l End test or failover - This action terminates the cloud instances of successfullyrecovered VMs.

Note

Ending a failback operation for a DR plan only closes the failback card.

l Split - This action splits a partially successful DR plan into its individual membersso you can manage each asset separately.

Depending on the number of members in a DR plan, it may take some time for the planoperation to complete. One convenient feature of a DR plan is that when you run a DRplan, you can immediately begin editing the plan or even delete it without affecting thecompletion of the original plan.

Create rapid recovery copies for protected assetsYou can accelerate the recovery process ahead of time by creating rapid recoverycopies for protected assets. Creating a rapid recovery copy reduces the RTO for aprotected asset but consumes additional cloud resources and incurs additional costs.

Creating a rapid recovery copy starts the rehydration process and converts the VMDKfiles to an Amazon Machine Image (AMI). The recovery process (test or failover) thenlaunches the recovered instance from the AMI.

Perform this procedure when a copy is available in the cloud storage.

Rapid recovery is supported for the VM and its associated applications. To enablerapid recovery for an application, apply rapid recovery to its associated VM.

Note

Failover of rapid recovery copies to a vCenter or VMware Cloud is not supported.

Procedure

1. In the CDRS user interface, select Protection > Asset Protection in thenavigation pane.

The existing protected assets are displayed in the right pane. The RapidRecovery Image column indicates whether the asset is enabled for rapidrecovery.

2. Select one or more VMs and click Set Rapid Recovery Image.

3. In the Set Rapid Recovery Image dialog box, select the number of rapidrecovery copies that you want to keep (from 1 to 5), and then click Set.


Create rapid recovery copies for protected assets 67

Note

Configuring more than one rapid recovery copy for selected VMs enables you toquickly recover to an older point in time in case the latest point-in-time copycannot be used because of inconsistent or corrupt data.

Results

l The CDRS creates the rapid recovery copy and removes the oldest machine imageto maintain the number of copies that you configured.

l You can verify the results by reviewing the Rapid Recovery Image column wherethe number of copies is indicated. The icon is displayed in some CDRS windowsand designates a copy that is enabled for rapid recovery.

After you finish

l You can disable rapid recovery for an asset by selecting it and clicking DisableRapid Recovery Images.

l You can set the minimal time interval during which rapid recovery copies are notcreated. See Set rapid recovery interval on page 150.

Associate VMs with applications - Advanced Mode operationIf you are operating in the Advanced Mode, the Asset Association window enablesyou to associate a VM with an application.

Before you begin

Making associations between applications and the VMs that host them is required toenable DR activities for the applications. Unassociated applications cannot be testedor failed over.

Procedure

1. From the CDRS user interface, select Protection > Asset Association.

A table of available clients appears. The table lists the client names, IPaddresses, application types, and backup servers.

2. To associate a VM with an application, click the row for the application that youwant to associate, and then click Select VM.

The Select VM dialog box appears. The client's application, client IP address,backup server, and CDRA are identified. The dialog box displays a list ofavailable VMs from which to choose.



3. Select the VM to associate with the application, and then click Apply.

NOTICE

Ensure that you select the correct VM to associate with the application. Theapplication must reside on the VM that you select.

4. Repeat these steps to make additional associations between applications andVMs.

Test or fail over a single asset to AWS cloudThis procedure describes how to test or fail over a single asset (VM or application) tothe AWS cloud, when an operational error or disaster occurs on premises.

Before you begin

l To ensure a successful failover, and better prepare for a disaster, best practicesrecommend testing various disaster recovery scenarios. After performing a test,you can promote the test to a failover.

l To perform a DR test or failover of an asset, you must have VMs that areprotected and copied to the cloud.

l To fail over to a vCenter or VMware Cloud environment, see Failover to vCenter orVMware Cloud on AWS on page 72.

l If you intend to use tags, you must first create the tags. See Create a tag on page149.

l If you are operating in Advanced Mode, before you perform a test or failover of anapplication, you must associate the application with a VM. See Associate VMs withapplications - Advanced Mode operation on page 68.

Procedure

1. In the Cloud DR Server user interface, select Recovery > Asset Recovery

You can also open the Asset Recovery page from the dashboard by clickingSee All in the Recovery pane.

The Asset Recovery page is displayed.

2. Use the Search for assets widget to search by asset type or CDRA name.

3. Select the asset that you want to recover and click Test or Failover.

If you click Failover and the asset has never been tested, a dialog box opensand reminds you that running a DR test is recommended before implementing afailover. The message also recommends that you shut down the production VMto avoid a possible data loss that is caused by accidental user access. ClickSelect Copy to continue.


Test or fail over a single asset to AWS cloud 69

4. In the wizard that opens, in the Copy step, select a point-in-time copy of anasset that you want to test or fail over, and then click Next.

In the RecoverPoint for VMs cloud solution, all bookmarks created usingRecoverPoint for VMs are displayed.

Note

If operating in Advanced Mode, when you select an application copy, the CloudDR Server also selects the latest VM copy before the point-in-time copy of theapplication. If there is no VM copy before that time, the Cloud DR Server takesa new VM copy.

5. In the Network step, select the network where you want to launch the EC2instance, and then click Next.

NOTICE

If you are operating in Advanced Mode, to ensure application-consistentrecovery, select the VPC network where the DDVE and AVE components areinstalled (see Figure 10 on page 29). Alternatively, you may select a differentVPC network and create VPC peering to the VPC that runs DDVE and AVE.

6. (Optional) In the Advanced step:

a. In the Security Groups tab, select a security group.

b. In the EC2 Instance Type & Tags tab, select an EC2 instance type and atag.

c. In the IP settings tab, to enter a private IP address for the recoveredinstance, select the checkbox for this setting and enter the address. Thesystem prevents you from selecting an IP address that is already in use.

7. Click Start DR Test or Start Failover.

Results

The recovery process begins and you can monitor progress on the DR Activities page.During recovery:

1. A temporary Restore Service instance is launched in each region where recoveryis needed (unless the VM is enabled for rapid recovery). This instance performs



hydration during recovery, and is automatically terminated after 10 minutes of idletime.

2. The Cloud DR Server converts the VMDK to an AMI and launches an EC2 instancethat is based on the AMI.

3. When the EC2 instance is running, the Cloud DR Server deletes the VMDK andAMI.

User actions to restore applications - Advanced ModeDuring recovery operations, a DR operation may stop pending user action. Optionaluser actions are listed here to assist you in restoring an application. When youcomplete the user actions, you can continue with the DR operation.

Pausing DR for application maintenanceIf an application is undergoing a DR test or failover and requires user action beforecontinuing (for example, to mount a database), the DR activity pauses to enable youto perform user actions on the application.

When you are ready to resume the DR test or failover, you may choose to continuewith the DR in progress by clicking the CONTINUE button, or you may skip the DR inprogress, by clicking the SKIP button, to finish it manually. These options are availablefrom the DR activities page.

If you want to view only those activities that require attention, click the toggle buttonat the top of the DR activities page.

GeneralProcedure

1. Verify that the firewall is disabled. At a minimum, add public + private and UDP+ TCP rules for avagent.

2. Verify the DNS resolution to the AVE internal DNS name. This action mayrequire manual entry in the hosts file.

3. Verify that the application to be restored is up and running.

4. Verify that minimal free space is available on the EC2 instance.

5. Verify that the Avamar configuration files avagent.cfg and cid.bin weredeleted. If not, delete them and restart the avagent service.

6. Verify that TCP ports 28000, 28001, and 28002 are open on the VM firewalland the security group that is attached to the recovered instance.

SQLProcedure

1. Verify that the user databases to be restored are not in use.

2. If any applications are using these databases, shut them down.

OracleProcedure

1. Shut down the Oracle database.

2. Locate the oradata folder containing the control file and database files for thedatabase instance.


User actions to restore applications - Advanced Mode 71

3. Rename the folder, and create a new folder with the same name underoradata.

4. Start the Oracle database in the nomount state.

SharePoint and ExchangeProcedure

1. Add the restored domain controller (DC) internal IP address as the DNS serverin the network adapter configuration.

2. To re-establish the trust relationship, leave and then rejoin the domain.

3. Open the command prompt and run these commands:

ipconfig /flushdnsipconfig /registerdns

4. Add the DC, AVE, and DDVE internal IP addresses to the hosts file.

5. For Exchange only, add the original IP configuration of the on-premises VM asan alternate configuration in the network adapter configuration.

Failover to vCenter or VMware Cloud on AWSThis procedure describes how to fail over a VM to a recovery-enabled vCenter (forexample, the vCenter where the VMware Cloud on AWS is deployed). Recovery toVMware Cloud is available only for copies that are created by an on-premises source(CDRA or vRPA) in Standard Mode.

Before you begin

Deploy the CDRA, and enable direct failover to the target vCenter, as described in Define a recovery staging area on page 52.

Procedure


The Asset Recovery page displays.

2. Select a VM and click FAILOVER TO VCENTER.

The Failover to vCenter dialog box opens.

3. In the Failover to vCenter dialog box, in the Copy step, select a Point in Timecopy and click NEXT to go to the Failover Target step.



All bookmarks created using RecoverPoint for VMs are displayed. Every copysnapshot (Point in Time) is replicated together with its OVF, so the failed overVM will have the same hardware settings that the protected VM had, at theselected Point in Time.

4. In the Failover Target step, select a CDRA/vCenter failover target.

5. Optionally, in the Advanced section, update the Keep original VM MACaddress and UID checkbox setting.

If you are failing over to the same network as the production VM, to avoid IPconflicts, clear this checkbox to ensure that the failed over VM has a differentMAC address and UID than that of the production VM.

NOTICE

When a production VM is replicated, the hardware settings of the productionVM (including the MAC address) are also replicated, with these exceptions:

l RAW disk is not supported. In the failed-over VM, it becomes a VMDK.

l Single-root I/O virtualization (SR-IOV) pass-through is not supported. In thefailed-over VM, it becomes an e1000 virtual NIC.


Failover to vCenter or VMware Cloud on AWS 73

6. Click START FAILOVER.

Results

The failover process begins and you can monitor progress on the DR Activities page.

Failback workflowA failback operation allows a failover instance to be copied back to an on-premisesvCenter.

This operation is possible only in Standard Mode.

1. Failback is initiated from a failover instance by using the CDRS user interface.

2. CDRS powers off the instance and creates snapshots of its disks.

3. A Restore Service:

a. Creates disks from the snapshots.

b. Attaches the new disks to itself.

c. Reads the data and creates segments of data, compressing and encrypting thedata stored in the cloud target for that specific region.

4. When the CDRA receives a new failback request, it creates a Restore VM,including a boot disk, at the on-premises vCenter in the failback staging area. Thefailback staging area is defined during Cloud DR deployment at the Connect tovCenter Server page.

5. The Restore VM copies the data from the cloud storage. Disks (VDMKs) aredirectly attached to the Restore VM and allocated as thick lazy-zeroed.

6. When the restore process completes, the CDRA powers off the Restore VM,deletes the boot disk, configures the failed-back VM as necessary, and relaunchesthe VM.At this point, you can vMotion the VMs from the failback staging area to theiroriginal locations or new locations. The IP addresses used for Restore VMs are notused for failed back VMs, so assign appropriate IP addresses to failed back VMsand ensure that DHCP can resolve them.

7. The CDRS performs any required clean-up of temporary resources in the cloudprovider environment. However, the user must use the cloud provider console orthe CDRS user interface to manually terminate the original failover instance in thecloud. This instance was used to launch the failback process.

Failback from the cloudWhen an operational error or a disaster occurs in the on-premises environment, youcan fail over a VM or DR plan to the cloud. After a failover to the cloud, the failed-overworkloads run on cloud instances (VMs) with data that is stored in cloud storage.When the on-premises issue is resolved, you may want to fail the cloud instance backto the on-premises environment to continue running the workloads locally, instead ofin the cloud. This procedure provides steps to fail back workloads that were failed overto the cloud. While you can fail back a VM or DR plan that contain multiple assets,failback of individual applications is not supported.

Before you begin

l Ensure your cloud instances are in a failed-over state.

l In the RecoverPoint for VMs solution, ensure that you have deployed an on-premises CDRA.



NOTICE

In the RecoverPoint for VMs solution, to support failback operation, you must deploy aCDRA on premises, connect it to the existing CDRS in the cloud, enter the on-premises vCenter details, and define the recovery staging area.

Procedure

1. To perform a failback, select Recovery > DR Activities.

The DR Activities page displays.

2. Click Failback for the VM or DR plan that you want to recover from the failoverstate.

The Failback option is available only for VMs or DR plans in a successful failoverstate.

The Failback dialog opens.

3. In the Failback dialog, select one of these options:

Option Description

Use original Enables you to fail back to the original VM location on premises.

Select target Enables you to select the target CDRA and vCenter for thefailback.

4. Click the FAILBACK button.

The failback activity begins. The VM or DR plan is restored to the recoverystaging area that you specified.

5. To verify that the VM is being restored, open vCenter. To display the Summarytab for the VM, click the VM in the list.

The VM that you failed back does not have an assigned IP address.

6. Open the console for the VM or DR plan that you failed back, and assign IPaddresses for the failback VMs.

You can either assign an IP address or obtain an IP address from a DHCPserver.


Failback from the cloud 75

7. Manually install VMware tools on the failed back VM. (AWS removes VMwaretools during AMI conversion.)

Results

After the failback has completed successfully, you can vMotion the VMs from thefailback staging area to their original locations or new locations. The IP addresses usedfor Restore VMs are not used for failed back VMs, so assign appropriate IP addressesto failed back VMs and ensure that DHCP can resolve them.

The CDRS performs any required clean-up of temporary resources in the cloudprovider environment. However, the user must use the cloud provider console or theCDRS user interface to manually terminate the original failover instance in the cloud.This instance was used to launch the failback process.

Note

The maximum number of failback activities is limited by the range of pool IP addressesthat you configured for failback. If all IPs in the IP range pool already have failbackoperations in progress, a message informs you that the operation cannot be starteduntil one or more of the running activities ends.

Promote a DR test to failoverFrom the DR Activities page, you can promote a test of a single asset to failover.

Before you begin

Before promoting a test to failover, shut down the on-premises production VM. Thisaction ensures that users do not accidentally write new data to the on-premises VMwhen they should be accessing the cloud-based VM instead.

If the asset you are failing over is an application, shutting down the production VMensures application consistency.

Procedure

1. To view status and other information about recovery activities, selectRecovery > DR Activities.


2. For a DR test that is in the running state, click Promote to Failover.

The Promote to Failover dialog box is displayed. It reminds you shut down theproduction VM to avoid possible data loss. To continue, click Select Network.

3. In the Promote to Failover dialog box, select the network for the failoveroperation:

Option Description

Keep current network Retains the network that was used during thetest.

Select a network/securitygroup

Enables selecting a different network for thefailover.

4. If you select a different network for the failover, you can also select the defaultsecurity group or a different security group.



5. To select a private IP address for the recovered instance, select the checkboxfor this setting, and enter the address. The system prevents you from selectingan IP address that is already in use.

6. Click Failover.

End a DR testWhen a DR test on a single VM or a DR plan has completed and is in the running state,you can end the test from the DR Activities page.

Procedure


The DR Activities page is displayed.

2. For a test that is in the running state, click End DR Test.

3. In the End this DR Test dialog box, click End Test.

Results

When you end a DR test, CDRS clears all used resources from the cloud, and therecovered instances are terminated.

Note

You can also terminate a recovery instance from the cloud provider console. When youterminate the recovery instance, the CDRS DR Activities page indicates an InstanceTerminated status.

End a failoverYou can end a failover at any time after a failback transfers a VM from the cloud to theon-premises vSphere environment.

Procedure

1. Select Recovery > DR Activities.

2. If available, click Open Failover Activities for the VM.

Note

The Open Failover Activities option is displayed only if there are VMs in asuccessful failback state.

The Failover Details dialog box opens.

3. Click End Failover.

Results

When a failover ends, CDRS clears all used resources from the cloud, and therecovered instances are terminated.


End a DR test 77

Note


Monitor recovery activitiesThe DR Activities page enables you to view information about DR tests, failovers, andfailbacks of VMs and DR plans. The DR Activities page also enables you to promoteDR tests to failover, fail back the VMs, and terminate DR tests and failovers.

Procedure

1. To view status and other information about recovery activities, selectRecovery > DR Activities

The DR Activities page displays a detailed listing of activities.

2. Filter for DR activities.

To search the list of DR activities by name, enter the asset name in the searchbar at the top of the page and click the magnifying glass icon. You can also clickthe filter ( ) icon to select filters to include in the search parameters, includingthe activity status, activity type, region, and creation time of the DR activity.When you identify the search filters, they are displayed below the search pane.To clear the filters from the search, click Clear Filters.



DR activity statusesEach DR activity (test, failover, or failback) can have one of several statuses thatindicates the progress of the activity.

Table 14 on page 79 provides a definition and example of each DR activity status.

Table 14 DR activity statuses

DR activity status Definition

Successfully running The operation is complete.Disaster recovery is now active.

The recovered cloud instance is now available.

Failed The DR activity failed.The recovered cloud instance is not available.

The user may retry the operation.

In progress DR activity was started and is underway.

This status is displayed from the time the DR activity wasactivated until the operation is complete.

Ending The "End" operation has been activated.

For the test or failover activity, the recovered cloudinstance is being terminated.

Successfully completed DR activity has ended.

Partially successful The DR plan activity includes successful and failed VMs.This status is relevant only for DR plans.

DR activity states for AWS environmentsThe DR Activities page enables you to monitor the progress of ongoing activity statesfor DR tests and failovers.

You may notice system messages that indicate the current state of an activity while itis in progress. Table 15 on page 79 describes the activity states.

Table 15 Ongoing activity states for AWS environments

State Description

Rehydrating When you start a recovery, a temporary Restore Service instance iscreated for each region on which the CDRS must perform recovery. In this

state, the Restore Service instance constructs the VMDK file from raw

data chunks that are stored in Cloud DR target. The Restore Serviceinstances are created in a private subnet, in a separate VPC.

The Restore Service instances automatically terminate after 10 minutes ofidle time.

Converting When the Restore Service instance completes rehydration of the VMDKfile, CDRS converts the file into an AMI.


DR activity statuses 79

Table 15 Ongoing activity states for AWS environments (continued)

State Description

Launching When conversion is complete, CDRS launches a cloud instance that is basedon the AMI.

Running When the launch completes successfully, the restored VM is running. Thisstate is the final step of the recovery.

Each step in this process can take several minutes to complete.

View recovery detailsThe DR Activities page enables you to view detailed information about the assets thatare listed.

Procedure

1. For any asset listed in the DR Activities page, click the information icon .

Note

For DR plans, you must first click the down-arrow icon to access theindividual assets.

A detailed list of information about the asset is displayed. For example:

2. To collapse the detailed information view, click the information icon again.

DR plan activitiesA disaster recovery (DR) plan is a collection of assets that enables you to define runbook recovery plans, including batch operations on multiple assets, network andsecurity group association, VM boot order definition, and selection of cloud instancetype. You can manage, recover, and fail back DR plans through the CDRS. If you wantto manage each asset separately, you can split the DR plan into its individual assets.

This section provides the basic procedures for DR plan activities.



Create a DR planYou can create a DR plan for a specific region/location and CDRA. Then you can addassets to the DR plan.

Before you begin

You can add to the DR plan only those assets that are protected by the selected on-premises source in the designated region.

Procedure

1. From the CDRS user interface, select Protection > DR Plans.

The Select or Create a New Plan window is displayed.

2. To create a DR plan, click Create Plan.

3. In the Plan Details tab, enter a unique name for the DR plan and select an on-premises source, and location.

NOTICE

You cannot edit the on-premises source name or region after you selectmembers for the plan.

4. If you want the DR plan to fail when any asset in the plan fails, select the Failplan on error checkbox. If you want the DR plan to continue running when oneor more assets fail, clear the checkbox.

5. Select a default network, default security group, and, if you are using tags, atag.

6. In the Plan Members tab, click Add Members.

The Add Members dialog box displays a list of assets.

7. In the Add Members dialog box, select the checkbox for each asset that youwant to add to the DR plan, and then click Add.

8. To change the asset boot order, default network, default security group, virtualmachine type, tags, or private IP address selection, click the Edit button for theasset. Make the change, then click Apply.


Create a DR plan 81

9. Review the list of assets that you added to the new DR plan. If you requireadditional changes, select one or more of the assets to edit (by using the Editbutton) or remove (by using the Remove button).

10. When you are satisfied with the DR plan, its assets, and properties, click CreatePlan.

Results

The DR plan is created and may be used for testing or failover.

Edit a DR planYou can edit the properties of a DR plan except for the region and the on-premisessource.

If the plan is active (running or in failover or test), editing the plan does not affect theactive DR plan.

Procedure


The Select or Create a New Plan window is displayed (not shown).

2. Click the edit icon for the plan that you want to edit.

The Edit DR Plan window is displayed.

3. If required, change the Fail plan on error setting.

4. If you want to change the default network, click CHANGE and pick a differentnetwork.

5. If required, pick a different security group.

6. If required, select a different tag.

7. If you want to change the members that belong to the DR plan or edit thesettings for any selected member:

a. Click the EDIT MEMBERS button.



The Plan Members window is displayed.

b. Select one or more members of the plan.

c. If you want to remove one or more selected members, click the REMOVEbutton.

d. If you want to edit settings for one or more selected plan members, click theEDIT button.

The Edit Member dialog box is displayed.

e. In the Network tab of the Edit Member dialog, if required, change the bootorder, default network, and default security group of the member.

f. In the Advanced tab, if required, change the virtual machine type, tags, orthe private IP address checkbox.

g. Click APPLY to apply changes to the edited member.

h. In the Edit DR Plan window, click APPLY to apply changes to the edited DRplan.

Results

The DR plan is updated and may be used for testing or failover.


Edit a DR plan 83

Test or fail over a DR plan to AWS cloudTo verify that the operations of a DR plan work as expected, you test the DR plan. Tostart a failover of the assets in the DR plan, you fail over the DR plan. This proceduredescribes how to test or fail over a DR plan by using the Cloud DR Server interface.

Before you begin

To perform a test or failover of a DR plan, you must have instances of virtual machinesthat are protected in the cloud.

To ensure a successful failover and prepare for a disaster, best practices entail testingvarious disaster recovery scenarios.

When an operational error or disaster occurs on premises, you can fail over a DR planto the cloud. When the on-premise issue is resolved, you may fail back the DR plan tothe on-premises environment.

Note

When you fail over a DR plan, CDRS fails over the assets in the DR plan according tothe VM boot order.

Procedure

1. In the CDRS user interface, select Recovery > Plan Recovery

The Plan Recovery page displays a list of DR plans on which recovery activitiescan be performed.

2. Select the DR plan that you want to recover, and click DR Test to test the planor Failover to fail it over to the cloud.

A dialog box is displayed and prompts you to select copies. Any bookmarks thatare applied in RecoverPoint for VMs are displayed. Corrupted copies are clearlyidentified, and you are prevented from selecting them.

3. Select one of the copy options:

Option Description

Latest available copies Recovery uses the latest copies of the asset in therecovery operation.

Select a point in time Recovery uses asset copies that are based on thetime, date, and selection that you specify.

When you select an application copy (available only in Advanced Mode), theCDRS automatically selects the latest VM copy before the point-in-time copy ofthe application. If there is no VM copy before that time, the CDRS takes a newVM copy. The application fails recovery if there is no available VM copy.

If you configured the DR plan to fail on error, the plan fails if the VM copy is notavailable.

4. Click Next.

A dialog box is displayed and prompts you to review the list of copies and theirstatus.



5. If you are:

l Unsatisfied with the copy selections, make the necessary changes beforecontinuing.

l Satisfied with the copy selections, continue with a test or failover of the DRplan.

Results

Depending on the selection, the Cloud DR Server starts the test or failover of the DRplan.

Split a DR plan activityIf you want to manage each asset separately, you can split the DR plan.

In the DR Activities window, DR plan activities are organized by card types: DR testcards, DR failover cards, and DR failback cards. If you have a DR plan in test and yousplit it, the DR test cards are split apart and you can individually end them or promotethem to failover. The assets in the DR plan are separated, and the DR plan is removed.When you split apart a DR plan activity, the action is irreversible.

Procedure

1. From the CDRS user interface, select Recovery > DR Activities.

2. Locate the DR plan activity that you want to split.


Split a DR plan activity 85

3. To split the DR plan into its individual assets, click the icon.

Results

The DR plan is split into its individual assets, and the cards in the DR plan activity aresplit into individual activities.

Delete a DR planWhen you no longer require a DR plan and the VMs it contains, you can delete theplan.

If the plan is active (running or in failover or test), deleting the plan does not affectthe active DR plan.

Procedure


The Select or Create a New Plan window appears.

2. Select a DR plan to delete.

3. To delete the plan, click the delete (trash can) icon for the plan, and confirmthe action.

Results

The DR plan is deleted.



PART 3

Cloud DR with Azure


Chapter 4, "Cloud DR for Azure requirements and deployment"

Chapter 5, "Cloud DR with Azure protection, recovery, and failback"

Cloud DR with Azure 87

Cloud DR with Azure


CHAPTER 4

Cloud DR for Azure requirements anddeployment


l Requirements for Cloud DR with Azure cloud environments.............................. 90l Credentials for Cloud DR deployment................................................................ 94l Deploy the CDRA OVA....................................................................................... 94l Log in to CDRA.................................................................................................. 95l Configuring the CDRA and deploying the CDRS.................................................96l Add additional CDRAs.......................................................................................103l Uninstall Cloud DR components........................................................................104

Cloud DR for Azure requirements and deployment 89

Requirements for Cloud DR with Azure cloud environmentsThe following information describes requirements and prerequisites for the Cloud DRsolution when used with Microsoft Azure cloud environments.

Requirements checklist for Microsoft AzureEnsure that you meet the requirements to support the Cloud DR solution withMicrosoft Azure.

Azure prerequisite checklist

Table 16 Prerequisite checklist


Operational training Familiarity with Avamar, Data Domain, VMware, andMicrosoft Azure cloud provider services.

Avamar and Data Domain systems forStandard Mode of operation


l Avamar 7.5 and later

l Data Domain 6.1 and later

Connectivity between the Data Domainsystems and the Avamar servers

CDRA must use Standard Mode, and the on-premises Data Domain system must be configuredas the backup target for the Avamar server. Avamarand Data Domain System Integration Guide providesmore information about connectivity.

Clock synchronization via NTP All severs (ESXi, Avamar, Data Domain, CDRA,vCenter) must have their clocks synchronized withNTP servers.

vSphere environment l An on-premises vSphere environment, release6.0 and later. The time on the vCentercomponents must be within (plus or minus) 15minutes of the real time.

l Virtual machines that are compatible with CloudDR and configured for backup to the Avamarserver.

n Supported operating systems for Cloud DRand Azure on page 92 containsinformation about supported VM operatingsystems.

n The Avamar for VMware User Guide containsinformation about configuring Avamarbackups of VMs.

Microsoft Azure l A Microsoft Azure account and subscription.Refer to Azure prerequisite setup on page 91.

l Network connectivity between on-premisesenvironment and Azure. Ensure that you have

Cloud DR for Azure requirements and deployment




connectivity from the on-premises CDRA toAzure through port 443.

l A storage account (includes blob store) to beused as a Cloud DR target in one of thesupported regions. See Azure regions for CDRSdeployment on page 92.

Azure prerequisite setupSetup steps for Azure must be completed before installation and deployment of theCDRA.

Ensure that the following prerequisite steps are complete:

1. Log in to the Azure portal and create an Azure Active Directory application. Youcan find the Microsoft Azure instructions here.

Note

A URL is required when creating the application. Any URL is supported (forexample, https://localhost).

2. Obtain the application ID and authentication key (needed when programmaticallylogging in).

a. Get the application ID (some applications refer to this value as the client ID).Find the Microsoft Azure instructions here.

b. Generate a key and record its value (it is not possible to retrieve it later). Findthe Microsoft Azure instructions here.

3. Get the Directory ID (also known as the tenant ID). This ID is needed whenprogrammatically logging in. Find the Microsoft Azure instructions here.

4. Add access control (IAM) for the created application. Find the Microsoft Azureinstructions here.

Note

Configure access control (IAM) at the subscription level with contributor role.

Virtual machine specifications for Cloud DR with Microsoft AzureThe following tables list the required specifications for the VMs used for Cloud DRcomponents.

NOTICE

To support recovery operations for production VMs, ensure that each VM has a uniqueidentifier (UID).


Azure prerequisite setup 91

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal#create-an-azure-active-directory-application

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal#get-application-id-and-authentication-key

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal#get-application-id-and-authentication-key

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal#get-tenant-id

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal#assign-application-to-role

Table 17 Cloud DR Add-on VM specifications

Component Required specification

vCPU 4 (2x2)

RAM 4 GB

HDD 16 GB

Table 18 Cloud DR Azure components specifications

Component Required specification

CDRS Standard DS2 V2 (2 CPU, 7 GB RAM)

Restore Service Standard D16S V3 (16 CPU, 64 GB RAM)

MySQL DB General Purpose (2 vCores, 50 GB storage),MySQL version 5.7

Azure regions for CDRS deploymentThe list of Azure regions for CDRS deployment is subject to change. The most up-to-date list of supported regions where you can deploy the CDRS is maintained in theCloud DR Simple Support Matrix, which is available here:


For additional information about Microsoft Azure locations, see https://azure.microsoft.com/en-us/global-infrastructure/regions/.

Supported operating systems for Cloud DR and AzureThe list of operating systems for Cloud DR and Azure is subject to change. The mostup-to-date list of supported regions where you can deploy the CDRS is maintained inthe Cloud DR Simple Support Matrix, which is available here:


Supported browsers and resolutionsThe following browsers and resolutions are supported with Cloud DR.

Supported browsers

l Chrome - The latest version at the time of the release of Cloud DR.

l Firefox - The latest version at the time of the release of Cloud DR.

Supported desktop resolutions

l 1280 x 800

l 1366 x 768

l 1920 x 1080




https://azure.microsoft.com/en-us/global-infrastructure/regions/

https://azure.microsoft.com/en-us/global-infrastructure/regions/


Support for Azure Hybrid BenefitDell EMC Cloud DR supports Azure Hybrid Benefit.

CDRS users can enable Azure Hybrid Benefit to use their on-premises WindowsServer licenses to run Windows VMs. Enable the Use Azure Hybrid Benefit checkboxin the Settings > General section.

For additional information about Microsoft Azure Hybrid Benefit, see Azure HybridBenefit for Windows Server.

Limitations for Cloud DR with AzureThe following limitations apply to the Cloud DR solution for Microsoft Azure cloudenvironments.

l Only VMware hypervisor is supported. Other hypervisors, such as MicrosoftHyper-V, are not supported.

l You cannot change the names of Azure components (for example, VM names, keypairs, and storage accounts).

l Limitations in Avamar support:

n Ad hoc backups of individual VMs are not supported. Only policy-basedbackups can be used.

n Existing backups that do not have Cloud DR enabled cannot be converted toCloud DR-based backups. Only those backups that are initiated after Cloud DRwas enabled are protected to the cloud and may be used for disaster recoveryin the cloud.

l Cloud DR per-disk size limitation for a protected/recovered VM is 5 TB. The limitfor all disk sizes in the VM is 30 TB.

l Since the Azure default subscription has many low-quota limits, you may need torequest a quota increase in your subscription (for example, the number of vCPUsper instance family per region).

l Cloud Snapshot Manager creates snapshots in the same resource group that iscreated for the recovered virtual machine. If you end the DR activity, the resourcegroup containing the recovered virtual machine is deleted along with all its objectsincluding snapshots that are created by Cloud Snapshot Manager.

l Cloud provider performance and the volume of protected assets can affect theperformance of the Cloud DR solution.

l CDRS does not support files share.

Connect to CDRS via private IP address - AzureThe connection between the on-premises CDRA and the cloud-based CDRS uses apublic IP address by default. However, after the CDRS is deployed, the Cloud DRsolution provides a way to connect to CDRS via a private IP address.

If you want to connect via private IP address, here are the prerequisite steps:

Procedure

1. Configure a service endpoint for the CDRS subnet and VNET rules for MySQL.

2. In the Azure portal, go to the resource group of the VPN and create a new routetable.


Support for Azure Hybrid Benefit 93

3. Add route to on-premises address ranges via cloud VPN gateway.

4. Open the subnet configuration page, and change the route table to the routetable that you created in step 2 on page 93.

5. Disassociate the public IP address from the CDRS.

After you finish

After the CDRS is deployed in the CDRA configuration wizard, edit the connection andchange it to a private IP address. This option is available by selecting Cloud DR Add-on > Cloud DR Server, and then clicking the edit icon. The option appears in the EditCDRS Settings dialog box.

Credentials for Cloud DR deploymentBefore you begin Cloud DR deployment, ensure that you have access to theusernames and passwords for Cloud DR components.

Security best practices recommend that you change default passwords to somethingunique.

Table 19 Cloud DR component usernames and passwords

Cloud DR component Notes

Cloud DR Add-on Created during CDRA OVA deployment, theinitial username/password is admin/admin.

Avamar MCUser Credentials are needed to establish aconnection to the backup server on premises.

Data Domain DDBoost Credentials are needed to establish aconnection to the Data Domain system onpremises.

vCenter server Credentials are needed to establish aconnection to the vCenter server thatsupports the production environment.

Cloud DR Server Password is set during CDRS deployment.

Cloud Avamar MCUser Credentials are needed to establish aconnection to the backup server in the cloud.

Cloud Data Domain DDBoost These credentials are needed to establish aconnection to the Data Domain system in thecloud.

Deploy the CDRA OVAThe Cloud DR Add-on (CDRA) is a Cloud DR component, and it is provided as an OVAdeployed on a VMware vCenter Server environment.

Download the OVA from the link that was provided when you purchased the Cloud DRsolution. Use the vSphere client to deploy the OVA in the vSphere environment.

In the network mapping step, one network interface is required for the CDRA VM.Map the CDRA network interface to a VLAN that provides network access to thecloud.



Note

After the CDRA is deployed, changing its IP address is not supported.

Log in to CDRAYou can log in to the CDRA with the username and password.

Procedure




2. In the Admin username and Admin password fields, enter the username andpassword that were provided when you purchased the product.

Note

l The default Admin password is admin.

l Passwords expire based on the specified expiration period. By default, theexpiration period is 90 days.

If this login is the first login or the password has expired, the Cloud DR Add-onChange Admin Password window opens for you to change the password.Passwords must be at least eight characters in length and contain a minimum ofthree of the following four types:

l English uppercase: A-Z

l English lowercase: a-z

l Numeric character: 0–9

l Special (non-alphanumeric) characters

Note

If you forget the password, click Forgot password?. Then enter the usernameand click Send.

3. If this is the first time logging in to the CDRA, you are prompted to select theoperational mode. To support Cloud DR for Azure cloud environments, selectStandard Mode.

Results

The Cloud DR Add-on window opens and the Welcome page appears.


Log in to CDRA 95

Configuring the CDRA and deploying the CDRSThe following sections describe how to configure the Cloud DR Add-on (CDRA) anddeploy the Cloud DR Server (CDRS). CDRS is deployed to the cloud duringconfiguration of the CDRA.

To begin, click Configuration in the navigation pane.

The menu bar (across the top) displays the steps that are required to complete theconfiguration and deployment process. The Cloud DR solution is fully deployed whenyou complete these tasks.

Generally, you complete the steps working from left to right. For example, you mustconnect to the Cloud Account and create Cloud DR targets before you deploy theCloud DR Server.

Set up the CDRATo configure networking and other settings for the CDRA, use the Setup CDRA pageof the Cloud DR Add-on window.

Procedure

1. For Cloud DR Add-on name, enter a name for the CDRA.

2. Enter the hostname or IP address for the primary and secondary DNS servers.

3. Enter the hostname or IP address for the primary and secondary NTP servers.

4. Select a time zone that is the same as the on-premises time zone.

5. Click Save.

Add Azure cloud accountAdd the Azure cloud account and connect the CDRA to the account.

Before you begin

Ensure that you have an Azure account with an Azure subscription.



Procedure


The Connect to Cloud Account page appears.

2. Click Add Cloud Account.

3. In the Connect to Cloud Provider Account dialog box, select Azure.

4. In the Connect to Cloud Provider Account dialog box, enter the Directory ID,Application ID, and Key value.

5. Click the SELECT SUBSCRIPTION button and select a subscription from thelist.

Only one CDRS can be deployed for an Azure subscription. After the CDRS isdeployed, changing the subscription from the CDRA is not supported.

6. To save the Azure cloud account, click Verify & Save.

Add Azure cloud targetsYou can add one or more Azure cloud targets to the cloud account by selecting anAzure storage account and a location.

Procedure


The Cloud Account page appears.

2. Click Add Cloud DR Target to set up one or more Cloud DR targets on thecloud account.

The Add Cloud DR Target dialog box opens.

3. Enter a Friendly Name for the Cloud DR target.

4. Select an Azure storage account for the Cloud DR target. The Azure accounttypes are general purpose accounts.

The Azure location for the Cloud DR target is automatically retrieved.

5. Click Add.

6. For each Cloud DR target that you want to add, repeat the steps in thisprocedure.

Deploy the Cloud DR Server in AzureDeploy the CDRS on a specific Cloud DR target.

Procedure

1. Click Cloud DR Server on the menu bar.

l If no CDRS has been deployed, the Deploy Cloud DR Server page appears.


Add Azure cloud targets 97

l If the CDRS has already been deployed, the Cloud DR Server page appears.You are not permitted to deploy additional CDRS instances.

2. In the Cloud DR Server Configuration section, select a cloud target, and thenselect an existing VNET or create a new one.

Option Notes

Create NewVNET

If you create a new VNET, the connection between theCDRA and CDRS uses a public IP address, and it is notpossible to change the IP range of the VNET and subnetafter they are created.

Select existingVNET

-

The VM is created using the VNET and subnet.

3. In the IPV4 CIDR Range section, the CIDR prefix for the CDRS is pre-populated, and you may retain the given value or change it.

4. In the User Configuration section, enter and confirm passwords for the CDRSAdmin and CDRS Monitor users.

The passwords must:







a. Enter and confirm passwords for the CDRS Admin and CDRS Monitor users.

b. Enter an email address for Cloud DR password reset requests.

Note

If you update the password, the new password must be different than theprevious password.



5. Click Deploy Cloud DR Server.

Results

The CDRA begins deployment of the CDRS to the Cloud DR target. Deploying theCDRS may take up to 30 minutes.

During CDRS deployment, these resource providers are registered:Microsoft.Compute, Microsoft.DBforMySQL, Microsoft.Network,Microsoft.ResourceHealth, Microsoft.Security, Microsoft.Storage.

If the deployment is successful, the Cloud DR Server page appears, listing thehostname of the CDRS host and the region. You can access the Cloud DR Server byclicking the CDRS Hostname link, but protection and disaster recovery are notsupported until you complete all CDRA configuration steps.

If an error occurs during deployment, click Cleanup to delete the cloud resources thatCDRS creates, and then retry deployment.

Connect to vCenter serversYou can connect the CDRA to vCenter servers that manage VMs in the Cloud DRsolution. You can also define recovery settings.

Procedure

1. Click vCenter Servers on the menu bar.

The Connect to vCenter Servers page appears.

2. Click Add vCenter Server.

The Connect to vCenter Server dialog box appears.

3. Enter the hostname or IP address of the vCenter server.

4. Enter the port number for the vCenter server.

5. Enter the Admin username and password.

6. Click Save.

7. In the Confirm vCenter's SSL Certificate dialog box, click Confirm.

A dialog box prompts you to define a recovery staging area.

8. Define the recovery settings as described in "Define a recovery staging area."To define recovery settings later, click Define Later.

9. To add additional vCenter servers, repeat steps in this procedure for eachvCenter server.

Results

The vCenter Servers page lists vCenter servers that you add to the CDRA.

Define a recovery staging areaRecovery is the process of transferring protected VMs from the cloud back to the on-premises vCenter environment. The Define Recovery Staging Area dialog box


Connect to vCenter servers 99

enables you to configure settings for the operation. You can also enable a directfailover to a vCenter.

Note

If you do not define a recovery staging area during initial Cloud DR configuration, youcan define it later. However, recovery operations do not work unless these settingsare configured.

Procedure

1. In the vCenter Servers tab, select a vCenter, and click the edit icon . Toupdate information about the vCenter, select Edit vCenter Details. To updatethe failback settings, select Edit Failback Setting.

When you click Edit vCenter Details, the Define Recovery Staging Areadialog box is displayed.

2. Select one or more datastores or datastore clusters on the vCenter server.

3. Select one or more networks for the recovery staging area.

Selected networks must connect to the cloud.

4. For each selected network:

a. Highlight the network.

b. Configure the IP range pool by typing the first IP address in the pool andthe number of IP addresses in the subnet to be included in the pool. To enter

additional IP range pools, click the plus button.

c. Enter the network Subnet mask.

d. Enter the network default gateway for the Gateway.

5. To enable a direct failover to the selected vCenter, click the toggle button atthe bottom of the dialog box:



Note

You may define multiple vCenters as recovery targets.

6. Click Save.

Configure Avamar backup server and Data Domain systemYou can connect CDRA to a local (on-premises) Avamar backup server and DataDomain system.

Before you begin

This procedure is only for the on-premises Avamar/Data Domain solution.

Before configuring the on-premises Avamar server, deploy the CDRS.

Procedure


The Connect to Backup Servers page is displayed.

2. Click Add Backup Server.

The Connect to Backup Server dialog box is displayed.

3. Enter the hostname of the Avamar server.

4. Enter the Avamar server HTTPS service port number.

5. Enter the username and password of the Avamar MCUser account.

6. Click Save.

The Local Backup page is displayed. This page displays the DDBoost usernamethat the backup server uses to connect to the Data Domain system.

7. To connect the local Data Domain system that is registered to the Avamarserver, click Connect DD.

Note

When adding the Data Domain system in Avamar, Dell EMC recommends usingthe Data Domain hostname.

The Connect to Data Domain system dialog box is displayed.

8. Select the Data Domain system and enter the password for the DDBoostusername. Then click Connect.

9. If you want to protect VMs that the cloud provider does not support, switch theProtect unsupported VMs toggle to the on position.


Configure Avamar backup server and Data Domain system 101

Note

Although the protection of unsupported VMs is supported, recovery of theseVMs to cloud instances is not supported.

10. To connect to additional Avamar servers, repeat the steps in this procedure foreach Avamar server.

Results

The Local Backup lists the Avamar server and Data Domain system that areconnected to the CDRA.

Note

Any Avamar server can be connected to only one CDRA at a time.

Edit backup server and associated Data Domain systemYou can edit the information for a backup server and its associated Data Domainsystem.

Procedure


2. To edit the local backup server, click the edit (pencil) icon for the backup serverthat you want to change, and click Edit Backup Server.

The Edit Backup server dialog box appears.

3. Make the required changes and click Save.

4. To edit the Data Domain system, click the edit (pencil) icon for the system thatyou want to change, and click Edit DD_system.

The Update Data Domain's Credentials dialog box appears.

5. Make the required changes and click Connect.

Delete Data Domain systemYou can delete the on-premises Data Domain system that is associated with the localbackup server.

Procedure




3. Select the associated Data Domain system for deletion.

Results

The selected Data Domain system is deleted.



Delete backup serverYou disconnect from a backup server by deleting it.

Procedure




3. Select the local backup server.

Note

If the local backup server is connected to a Data Domain system, first delete theData Domain system. Then delete the local backup server.

Results

The selected backup server is removed. If an Avamar server is removed and thenreconnected, a full backup of protected VMs occurs. Previously protected VMs areaccessible to disaster recovery and failover in the CDRS.

Add additional CDRAsYou can add up to 50 Cloud DR Add-ons (CDRAs) to the same Cloud DR Server(CDRS).

Follow the steps described below. For details of each step, see the procedures in Cloud DR for Azure requirements and deployment on page 89.

Procedure


2. Log in to the CDRA.

3. Configure the CDRA and deploy the CDRS.

4. Add the Azure cloud account.

5. Add Azure Cloud DR targets.

6. If you want to change the CDRA-to-CDRS connection to a private IP address,edit the CDRS settings.

7. Connect to the existing Cloud DR Server.

a. On the Cloud DR Server page of the Cloud DR Add-on UI, click the link forthe CDRS hostname.


Add additional CDRAs 103

b. When the Cloud DR Server log-in appears, enter the username and passwordfor the CDRS.

This action connects the new CDRA to the existing CDRS.

8. Connect to one or more vCenter servers.

9. Define failback settings.

10. Connect a local Avamar backup server and Data Domain system.

11. To add more CDRAs to the existing CDRS, repeat the steps in this procedure.

Uninstall Cloud DR componentsTo uninstall Cloud DR, follow the steps in this procedure.

Before you begin

NOTICE

Failure to perform these steps in the listed order causes undesirable results.

Procedure

1. From the on-premises Avamar, delete the Avamar policies that are configuredto send files to the cloud.

2. From the CDRA UI, in the Local Backup tab, remove the Data Domain system.

3. From the CDRA UI, in the Local Backup tab, remove the Avamar backup server.

4. Delete the Cloud DR Add-on appliance from vSphere, as described in VMwaredocumentation.

5. From the Azure portal, locate and delete resource groups that have namesbeginning with "CDRS".

6. Delete the storage account that was used for deployment (unless it is used forpurposes other than Cloud DR).



CHAPTER 5

Cloud DR with Azure protection, recovery, andfailback

This chapter contains these topics:

l Overview.......................................................................................................... 106l DR plans............................................................................................................ 110l Create rapid recovery copies for protected VMs............................................... 111l Test or fail over single asset to Azure cloud...................................................... 112l Recover to vCenter........................................................................................... 113l Failback workflow..............................................................................................115l Perform a failback............................................................................................. 116l Promote a DR test to failover............................................................................118l End a DR test.................................................................................................... 118l End a failover.................................................................................................... 119l Monitor recovery activities................................................................................119l DR plan activities.............................................................................................. 122l Create a DR plan...............................................................................................123l Edit a DR plan................................................................................................... 124l Test or fail over a DR plan to Azure cloud......................................................... 126l Split a DR plan activity...................................................................................... 127l Delete a DR plan............................................................................................... 128

Cloud DR with Azure protection, recovery, and failback 105

OverviewThe Cloud DR solution provides disaster recovery (DR) activities that includeprotection, test, promote test to failover, failover, and failback of one or more on-premises assets.

You can perform DR activities on a single asset, or multiple assets by using a DR plan.

ProtectionProtection varies depending on the operational mode.

When the Cloud DR solution is operating in Standard Mode, the protection flow usesthe Cloud DR data path. The protection flow follows this sequence:

1. Avamar writes a full VM backup to the Data Domain system.

2. The CDRA receives the backup files from Data Domain and validates Azurecompatibility. Then it segments, compresses, and encrypts the files.

3. The CDRA sends the segment to the cloud target for protection.

4. Avamar then writes only incremental backups to the Data Domain system.

5. The CDRA segments, compresses, and encrypts the incremental backups.

6. The CDRA sends only the changes (or diffs) to the cloud target for protection.

You start the standard protection flow from the Avamar Administrator UI by creating abackup group, selecting a data set, and enabling Cloud DR for the group. See theAvamar for VMware User Guide for information about configuring protection from theAvamar Administrator UI.

After you back up a VM, you can enable it for rapid recovery in the CDRS userinterface.

TestA DR test enables temporary access to a cloud instance to verify that a recoveredasset works before you perform a failover. Testing DR scenarios before a real disasteroccurs is a recommended best practice that saves time and ensures that productionassets on premises can be quickly recovered in the cloud.

Figure 14 on page 107 shows the basic test workflow. Table 20 on page 107 lists theuser actions that are available for each workflow state.

Cloud DR with Azure protection, recovery, and failback


Figure 14 DR test workflow


Table 20 Test workflow states and related user actions


Starting state:Production VMs areprotected in cloud and remainprotected during the test

Select VM/DR PlanSelect test network


Start test

Test in progress

Test in progress Cancel Canceled


Failed Retry Test in progress


Succeeded:Testing - cloud instancerunning

Promote to failover (canchange network)


End test (removes cloudinstance)

Starting state


Test 107

FailoverYou perform a failover to the cloud when an on-premises disaster occurs and theproduction VMs are not running.

During a failover, shut down the on-premises production VMs to prevent users fromwriting new data to them.

Figure 15 on page 108 shows the basic failover workflow. Table 21 on page 108 liststhe user actions that are available for each workflow state.

Figure 15 Failover workflow


Table 21 Failover workflow states and related user actions


Starting state:Production VMs areprotected in cloud and remainprotected during failover

Select VM/DR PlanSelect failover network


Start failover

Failover in progress

Failover in progress Cancel Canceled


Failed Retry Failover in progress


Succeeded: Fail back Failed back

End failover (removes cloudinstance)

Starting state



Table 21 Failover workflow states and related user actions (continued)



FailbackA failback transfers a failed-over VM (cloud instance) back to the on-premisesvSphere environment.

Before starting failback, it is a best practice to shut down services on the cloudinstance.

Figure 16 on page 109 shows the basic failback workflow. Table 22 on page 109 liststhe user actions that are available for each workflow state.

Figure 16 Failback workflow


Table 22 Failback workflow states and related user actions


Starting state:Failed over - cloud instancerunning

Select VM/DR plan.Start failback.

Failback in progress

Failback in progress Cancel. Canceled


Failback 109

Table 22 Failback workflow states and related user actions (continued)



Failed Retry Failback in progress

Clean up. Starting state

Succeeded:Failback completed, new VMcopies restored on premises

Link to failover activity card.End failover to terminaterecovered cloud instances.

--

DR plansA disaster recovery (DR) plan is a collection of assets (VMs) that enables you todefine run book recovery plans, including batch operations on multiple assets, networkand security group association, VM boot order definition, and selection of cloudinstance type.

A DR plan is associated with a single region and a single Cloud DR Add-on. You canadd to the plan only those assets that are protected by the designated CDRA and arein the designated region.

The assets that you add to the DR plan are called DR plan members. If required, youcan add the same asset to multiple DR plans. For example, you might want to createseveral DR plans to test various DR scenarios. You can also create a master DR planthat contains all the assets on premises.

For each VM in the DR plan, you can specify a startup priority, called a boot order,from 1 to 5, where a lower number represents a higher priority. For example, a VMwith a boot order of 1 begins recovery before a VM with a boot order of 2-5. All VMswith the same boot order begin recovery at approximately the same time (actual starttimes may vary depending on when each VM recovery operation ends).

You can test, fail over, or fail back a DR plan in the same way that you might performthose operations on a single asset. There are minor differences in the workflows.

When you test or fail over a DR plan, that operation is applied to all the assetscontained in the plan. If one asset in the plan fails, the operation continues on theother assets in the plan (the default behavior). You may choose to retry the operationfor the failed asset while the DR plan operation continues. A partially successful DRtest means that the batch operation continues even when one or more assets in theDR plan encounter a test failure. Optionally, you may configure the DR plan to failwhen any asset in the plan fails by enabling the Fail on error option.

When a DR plan is partially successful (that is, recovery of some assets has succeededwhile others have failed), the user has three options:

l Retry - This action retries the operation only for the failed assets. Cloud instancesthat are already recovered remain available.

l End test or failover - This action terminates the cloud instances of successfullyrecovered VMs.

Note

Ending a failback operation for a DR plan only closes the failback card.



l Split - This action splits a partially successful DR plan into its individual membersso you can manage each asset separately.

Depending on the number of members in a DR plan, it may take some time for the planoperation to complete. One convenient feature of a DR plan is that when you run a DRplan, you can immediately begin editing the plan or even delete it without affecting thecompletion of the original plan.

Create rapid recovery copies for protected VMsYou can accelerate the recovery process ahead of time by creating rapid recoverycopies for protected VMs. Creating a rapid recovery copy reduces the RTO for aprotected VM but consumes additional cloud resources and incurs additional costs.

Creating a rapid recovery copy starts the rehydration process and converts the VMDKfiles to virtual hard disks (VHDs). The recovery process (test or failover) thenlaunches the recovered instance from the converted VHDs.

Perform this procedure when a new backup copy is available in the cloud storage.

Note

Failover of rapid recovery images to a vCenter is not supported.

Procedure

1. In the CDRS user interface, select Protection > Asset Protection in thenavigation pane.

The existing protected assets are displayed in the right pane. The RapidRecovery Image column indicates whether the asset is enabled for rapidrecovery.

2. Select one or more VMs and click Set Rapid Recovery Image.

3. In the Set Rapid Recovery Image dialog box, select the number of rapidrecovery copies that you want to keep (from 1 to 5), and then click Set.

Note

Configuring more than one rapid recovery copy for selected VMs enables you toquickly recover to an older point in time in case the latest point-in-time copycannot be used because of inconsistent or corrupt data.


Create rapid recovery copies for protected VMs 111

Results

l The CDRS creates the rapid recovery copy and removes the oldest copy tomaintain the number of copies that you configured.

l You can verify the results by reviewing the Rapid Recovery Image column wherethe number of copies is indicated. The icon is displayed in some CDRS windowsand designates a copy that is enabled for rapid recovery.

After you finish

l You can disable rapid recovery for an asset by selecting it and clicking DisableRapid Recovery Images.

l You can set the minimal time interval during which rapid recovery copies are notcreated. See Set rapid recovery interval on page 150.

Test or fail over single asset to Azure cloudThis procedure describes how to test or fail over a single asset (VM) to the Azurecloud.

Before you begin

To fail over to a vCenter environment, see Recover to vCenter on page 113.

To perform a DR test or failover of an asset, you must have VMs that are backed upby the on-premises backup software and copied to the cloud.

If you intend to use tags, you must first create the tags. See Create a tag on page149.

To ensure a successful failover, and better prepare for a disaster, best practicesrecommend testing various disaster recovery scenarios. After performing a test, youcan promote the test to a failover.

When an operational error or disaster occurs on premises, you can fail over an asset tothe cloud.

Procedure


You can also open the Asset Recovery page from the dashboard by clickingSee All in the Recovery pane.

The Asset Recovery page is displayed.

2. Use the Search for assets widget to search by asset type or CDRA name.

3. Select the asset that you want to recover and click Test or Failover.

If you click Failover and the asset has never been tested, a dialog box opensand reminds you that running a DR test is recommended before implementing afailover. The message also recommends that you shut down the production VMto avoid a possible data loss that is caused by accidental user access. ClickSelect Copy to continue.



4. In the wizard that opens, in the Copy step, select a point-in-time copy of anasset that you want to test or fail over, and then click Next.

5. In the Network step, select the network where you want to launch the virtualmachine, and then click Next.

6. (Optional) In the Advanced step:

a. In the Security Groups tab, select a security group.

b. In the EC2 Instance Type & Tags, select an EC2 instance type and a tag.

c. In the IP settings tab, to enter a private IP address for the recoveredinstance, select the checkbox for this setting and enter the address. Thesystem prevents you from selecting an IP address that is already in use.

7. Click Start DR Test or Start Failover.

Results

A temporary Restore Service instance is launched in each region where recovery isneeded (unless the VM is enabled for rapid recovery). This instance performshydration during recovery, and is automatically terminated after 10 minutes of idletime.

During recovery, the temporary Restore Service instance creates VHDs, and the CloudDR Server then attaches them to the restored virtual machine.

Recover to vCenterThis procedure describes how to recover a VM to a recovery-enabled vCenterenvironment.

Before you begin

To recover to a vCenter, during CDRA configuration, you must enable direct failoverto one or more vCenters (described in Define a recovery staging area on page 99).

Procedure


The Asset Recovery page displays.

2. Select a VM and click FAILOVER TO VCENTER.

The Failover to vCenter dialog box opens.


Recover to vCenter 113

3. In the Failover to vCenter dialog box, in the Copy step, select a Point in Timecopy and click NEXT to go to the Failover Target step.

Corrupted copies are clearly identified, and you are prevented from selectingthem. Every copy snapshot (Point in Time) is replicated together with its OVF,so the failed over VM will have the same hardware settings that the protectedVM had, at the selected Point in Time.

4. In the Failover Target step, select a CDRA/vCenter failover target.

5. Optionally, in the Advanced section, update the Keep original VM MACaddress and UID checkbox setting.



If you are failing over to the same network as the production VM, to avoid IPconflicts, clear this checkbox to ensure that the failed over VM has a differentMAC address and UID than that of the production VM.

NOTICE

When a production VM is protected, the hardware settings of the productionVM (including the MAC address) are also protected, with these exceptions:

l RAW disk is not supported. In the failed-over VM, it becomes a VMDK.

l Single-root I/O virtualization (SR-IOV) pass-through is not supported. In thefailed-over VM, it becomes an e1000 virtual NIC.

6. Click START FAILOVER.

Results

The failover process begins and you can monitor progress on the DR Activities page.

Failback workflowA failback operation allows a failover instance to be copied back to an on-premisesvCenter.

This operation is possible only in Standard Mode.

1. Failback is initiated from a failover instance by using the CDRS user interface.

2. CDRS powers off the instance and creates snapshots of its disks.

3. A Restore Service:

a. Creates disks from the snapshots.

b. Attaches the new disks to itself.

c. Reads the data and creates segments of data, compressing and encrypting thedata stored in the cloud target for that specific region.

4. When the CDRA receives a new failback request, it creates a Restore VM,including a boot disk, at the on-premises vCenter in the failback staging area. The


Failback workflow 115

failback staging area is defined during Cloud DR deployment at the Connect tovCenter Server page.

5. The Restore VM copies the data from the cloud storage. Disks (VDMKs) aredirectly attached to the Restore VM and allocated as thick lazy-zeroed.

6. When the restore process completes, the CDRA powers off the Restore VM,deletes the boot disk, configures the failed-back VM as necessary, and relaunchesthe VM.At this point, you can vMotion the VMs from the failback staging area to theiroriginal locations or new locations. The IP addresses used for Restore VMs are notused for failed back VMs, so assign appropriate IP addresses to failed back VMsand ensure that DHCP can resolve them.

7. The CDRS performs any required clean-up of temporary resources in the cloudprovider environment. However, the user must use the cloud provider console orthe CDRS user interface to manually terminate the original failover instance in thecloud. This instance was used to launch the failback process.

Perform a failbackWhen an operational error or a disaster occurs in the on-premises environment, youcan fail over a VM or DR plan to the cloud. After a failover to the cloud, the failed-overworkloads run on cloud instances (VMs) with data that is stored in cloud storage.When the on-premises issue is resolved, you may want to fail the cloud instance backto the on-premises environment to continue running the workloads locally, instead ofin the cloud. This procedure provides steps to fail back workloads that were failed overto the cloud.

Before you begin

Do this procedure on cloud instances that are in a failed-over state.

You can fail back a VM or a DR plan that contains multiple assets. Failback of individualapplications is not supported.

Procedure

1. To perform a failback, select Recovery > DR Activities.


2. Click Failback for the VM or DR plan that you want to recover from the failoverstate.

The Failback option is available only for VMs or DR plans in a successful failoverstate.

The Failback dialog opens.



3. In the Failback dialog, select one of these options:

Option Description

Use original Enables you to fail back to the original VM location on premises.

Select target Enables you to select the target CDRA and vCenter for thefailback.

4. Click the FAILBACK button.

The failback activity begins. The VM or DR plan is restored to the recoverystaging area that you specified.

5. Open vCenter to verify that the VM is being restored. To display the Summarytab for the VM, click the VM in the list.

The VM that you failed back does not have an assigned IP address.

6. Open the console for the VM or DR plan that you failed back, and assign IPaddresses for the failback VMs.

You can either assign an IP address or obtain an IP address from a DHCPserver.

Results

NOTICE

After the failback has completed successfully, you can vMotion the VMs from thefailback staging area to their original locations or new locations. The IP addresses usedfor Restore VMs are not used for failed back VMs, so assign appropriate IP addressesto failed back VMs and ensure that DHCP can resolve them.

The CDRS performs any required clean-up of temporary resources in the cloudprovider environment. However, the user must use the cloud provider console or theCDRS user interface to manually terminate the original failover instance in the cloud.This instance was used to launch the failback process.


Perform a failback 117

Note

The maximum number of failback activities is limited by the range of pool IP addressesthat you configured for failback. If all IPs in the IP range pool already have failbackoperations in progress, a message informs you that the operation cannot be starteduntil one or more of the running activities ends.

Promote a DR test to failoverFrom the DR Activities page, you can promote a test of a single asset to failover.

Before you begin

Before promoting a test to failover, shut down the on-premises production VM. Thisaction ensures that users do not accidentally write new data to the on-premises VMwhen they should be accessing the cloud-based VM instead.

If the asset you are failing over is an application, shutting down the production VMensures application consistency.

Procedure



2. For a DR test that is in the running state, click Promote to Failover.

The Promote to Failover dialog box is displayed. It reminds you shut down theproduction VM to avoid possible data loss. To continue, click Select Network.

3. In the Promote to Failover dialog box, select the network for the failoveroperation:

Option Description

Keep current network Retains the network that was used during thetest.

Select a network/securitygroup

Enables selecting a different network for thefailover.

4. If you select a different network for the failover, you can also select the defaultsecurity group or a different security group.

5. To select a private IP address for the recovered instance, select the checkboxfor this setting, and enter the address. The system prevents you from selectingan IP address that is already in use.

6. Click Failover.

End a DR testWhen a DR test on a single VM or a DR plan has completed and is in the running state,you can end the test from the DR Activities page.

Procedure




The DR Activities page is displayed.

2. For a test that is in the running state, click End DR Test.

3. In the End this DR Test dialog box, click End Test.

Results

When you end a DR test, CDRS clears all used resources from the cloud, and therecovered instances are terminated.

Note


End a failoverYou can end a failover at any time after a failback transfers a VM from the cloud to theon-premises vSphere environment.

Procedure

1. Select Recovery > DR Activities.

2. If available, click Open Failover Activities for the VM.

Note

The Open Failover Activities option is displayed only if there are VMs in asuccessful failback state.

The Failover Details dialog box opens.

3. Click End Failover.

Results

When a failover ends, CDRS clears all used resources from the cloud, and therecovered instances are terminated.

Note


Monitor recovery activitiesThe DR Activities page enables you to view information about DR tests, failovers, andfailbacks of VMs and DR plans. The DR Activities page also enables you to promoteDR tests to failover, fail back the VMs, and terminate DR tests and failovers.

Procedure

1. To view status and other information about recovery activities, selectRecovery > DR Activities

The DR Activities page displays a detailed listing of activities.


End a failover 119

2. Filter for DR activities.

To search the list of DR activities by name, enter the asset name in the searchbar at the top of the page and click the magnifying glass icon. You can also clickthe filter ( ) icon to select filters to include in the search parameters, includingthe activity status, activity type, region, and creation time of the DR activity.When you identify the search filters, they are displayed below the search pane.To clear the filters from the search, click Clear Filters.



DR activity statusesEach DR activity (test, failover, or failback) can have one of several statuses thatindicates the progress of the activity.

Table 23 on page 121 provides a definition and example of each DR activity status.

Table 23 DR activity statuses

DR activity status Definition

Successfully running The operation is complete.Disaster recovery is now active.

The recovered cloud instance is now available.

Failed The DR activity failed.The recovered cloud instance is not available.

The user may retry the operation.

In progress DR activity was started and is underway.

This status is displayed from the time the DR activity wasactivated until the operation is complete.

Ending The "End" operation has been activated.

For the test or failover activity, the recovered cloudinstance is being terminated.

Successfully completed DR activity has ended.

Partially successful The DR plan activity includes successful and failed VMs.This status is relevant only for DR plans.

DR activity states for Azure environmentsThe DR Activities page enables you to monitor the progress of ongoing activity statesfor DR tests and failovers.

Table 24 Ongoing activity states for Azure environments

State Description

Rehydrating When you start a recovery, a temporaryRestore Service instance is created for eachregion in which the CDRS must performrecovery. In this state, the Restore Serviceinstance constructs the VHD from raw datachunks that are stored in Cloud DR target.The Restore Service instance automaticallyterminates after 10 minutes of idle time.For auto-scale handling, up to 100 RestoreService instances can be created forrecovery, and up to 20 restore instances canbe created for failback.


DR activity statuses 121

Table 24 Ongoing activity states for Azure environments (continued)

State Description

Converting When the Recovery Service instancecompletes rehydration of the VMDK file,CDRS converts the file into VHDs.

Launching When conversion is complete, CDRS launchesa cloud instance that is based on the VHDs.

Running When the launch completes successfully, therestored VM is running. This state is the finalstep of the recovery.

Each step in this process can take several minutes to complete.

View recovery detailsThe DR Activities page enables you to view detailed information about the assets thatare listed.

Procedure

1. For any asset listed in the DR Activities page, click the information icon .

Note

For DR plans, you must first click the down-arrow icon to access theindividual assets.

A detailed list of information about the asset is displayed. For example:

2. To collapse the detailed information view, click the information icon again.

DR plan activitiesA disaster recovery (DR) plan is a collection of assets that enables you to define runbook recovery plans, including batch operations on multiple assets, network andsecurity group association, VM boot order definition, and selection of cloud instancetype. You can manage, recover, and fail back DR plans through the CDRS. If you wantto manage each asset separately, you can split the DR plan into its individual assets.

This section provides the basic procedures for DR plan activities.



Create a DR planYou can create a DR plan for a specific region/location and CDRA. Then you can addassets to the DR plan.

Before you begin

You can add to the DR plan only those assets that are protected by the selected on-premises source in the designated region.

Procedure


The Select or Create a New Plan window is displayed.

2. To create a DR plan, click Create Plan.

3. In the Plan Details tab, enter a unique name for the DR plan and select an on-premises source, and location.

NOTICE

You cannot edit the on-premises source name or region after you selectmembers for the plan.

4. If you want the DR plan to fail when any asset in the plan fails, select the Failplan on error checkbox. If you want the DR plan to continue running when oneor more assets fail, clear the checkbox.

5. Select a default network, default security group, and, if you are using tags, atag.

6. In the Plan Members tab, click Add Members.

The Add Members dialog box displays a list of assets.

7. In the Add Members dialog box, select the checkbox for each asset that youwant to add to the DR plan, and then click Add.

8. To change the asset boot order, default network, default security group, virtualmachine type, tags, or private IP address selection, click the Edit button for theasset. Make the change, then click Apply.


Create a DR plan 123

9. Review the list of assets that you added to the new DR plan. If you requireadditional changes, select one or more of the assets to edit (by using the Editbutton) or remove (by using the Remove button).

10. When you are satisfied with the DR plan, its assets, and properties, click CreatePlan.

Results

The DR plan is created and may be used for testing or failover.

Edit a DR planYou can edit the properties of a DR plan except for the region and the on-premisessource.

If the plan is active (running or in failover or test), editing the plan does not affect theactive DR plan.

Procedure


The Select or Create a New Plan window is displayed (not shown).

2. Click the edit icon for the plan that you want to edit.

The Edit DR Plan window is displayed.

3. If required, change the Fail plan on error setting.

4. If you want to change the default network, click CHANGE and pick a differentnetwork.

5. If required, pick a different security group.

6. If required, select a different tag.

7. If you want to change the members that belong to the DR plan or edit thesettings for any selected member:

a. Click the EDIT MEMBERS button.



The Plan Members window is displayed.

b. Select one or more members of the plan.

c. If you want to remove one or more selected members, click the REMOVEbutton.

d. If you want to edit settings for one or more selected plan members, click theEDIT button.

The Edit Member dialog box is displayed.

e. In the Network tab of the Edit Member dialog, if required, change the bootorder, default network, and default security group of the member.

f. In the Advanced tab, if required, change the virtual machine type, tags, orthe private IP address checkbox.

g. Click APPLY to apply changes to the edited member.

h. In the Edit DR Plan window, click APPLY to apply changes to the edited DRplan.

Results

The DR plan is updated and may be used for testing or failover.


Edit a DR plan 125

Test or fail over a DR plan to Azure cloudTo verify that the operations of a DR plan work as expected, you test the DR plan. Tostart a failover of the assets in the DR plan, you fail over the DR plan. This proceduredescribes how to test or fail over a DR plan by using the Cloud DR Server interface.

Before you begin

To perform a test or failover of a DR plan, you must have instances of virtual machinesthat are backed up in the cloud.

To ensure a successful failover and prepare for a disaster, best practices entail testingvarious disaster recovery scenarios.

When an operational error or disaster occurs on premises, you can fail over a DR planto the cloud. When the on-premise issue is resolved, you may fail back the DR plan tothe on-premises environment.

Note

When you fail over a DR plan, Cloud DR Server fails over the assets in the DR planaccording to the VM boot order.

Procedure

1. In the Cloud DR Server user interface, select Recovery > Plan Recovery

The Plan Recovery page displays a list of DR plans on which recovery activitiescan be performed.

2. Select the DR plan that you want to recover, and click DR Test to test the planor Failover to fail it over to the cloud.

A dialog box is displayed and prompts you to select copies.

3. Select one of the copy options:

Option Description

Latest available copies Recovery uses the latest copies of the asset in therecovery operation.

Select a point in time Recovery uses asset copies that are based on thetime, date, and selection that you specify.

4. Click Next.

A dialog box is displayed and prompts you to review the list of copies and theirstatus.



5. If you are:

l Unsatisfied with the copy selections, make the necessary changes beforecontinuing.

l Satisfied with the copy selections, continue with a test or failover of the DRplan.

Results

Depending on the selection, the Cloud DR Server starts the test or failover of the DRplan.

Split a DR plan activityIf you want to manage each asset separately, you can split the DR plan.

In the DR Activities window, DR plan activities are organized by card types: DR testcards, DR failover cards, and DR failback cards. If you have a DR plan in test and yousplit it, the DR test cards are split apart and you can individually end them or promotethem to failover. The assets in the DR plan are separated, and the DR plan is removed.When you split apart a DR plan activity, the action is irreversible.

Procedure

1. From the CDRS user interface, select Recovery > DR Activities.

2. Locate the DR plan activity that you want to split.


Split a DR plan activity 127

3. To split the DR plan into its individual assets, click the icon.

Results

The DR plan is split into its individual assets, and the cards in the DR plan activity aresplit into individual activities.

Delete a DR planWhen you no longer require a DR plan and the VMs it contains, you can delete theplan.

If the plan is active (running or in failover or test), deleting the plan does not affectthe active DR plan.

Procedure


The Select or Create a New Plan window appears.

2. Select a DR plan to delete.

3. To delete the plan, click the delete (trash can) icon for the plan, and confirmthe action.

Results

The DR plan is deleted.



PART 4

Cloud DR system and user management


Chapter 6, "Cloud DR Add-on System and User Management"

Chapter 7, "Cloud DR Server Interface"

Chapter 8, "Upgrading the CDRS and CDRAs"

Cloud DR system and user management 129

Cloud DR system and user management


CHAPTER 6

Cloud DR Add-on System and UserManagement


l Cloud DR Add-on System................................................................................. 132l CDRA User Management.................................................................................. 133

Cloud DR Add-on System and User Management 131

Cloud DR Add-on SystemThe Cloud DR Add-on System menu option enables you to collect logs and upgradethe Cloud DR Add-on.

Collect logsCollecting logs for CDRA and CDRS is possible only through the CDRA user interface.

Before you begin

Before downloading logs from cloud storage, grant permissions to the cloud storagelocation. For AWS cloud environments, Permissions to cloud storage for Cloud DR logson page 171 provides instructions.

For Azure cloud environments, see Enable downloads of Cloud DR logs from Azure onpage 171.

You can store collected logs locally on the CDRA or upload them to the cloud in adefault storage location. If you store the logs locally, only the CDRA logs can becollected (not CDRS logs). When the logs are collected, the CDRA generates a link tothe local storage or the cloud storage.

To collect CDRS logs, you can use any CDRA that is connected to the CDRS. Whenlogs are uploaded to cloud storage and multiple CDRAs are connected to a CDRS, alllogs from any CDRA are uploaded to the same cloud storage location. This condition istrue even if each CDRA is connected to a different cloud storage location.

Procedure

1. From the System menu option, click Log Collection.

The Log Collection page displays.

2. Select the date range for the logs you want to collect.

3. For Local Connection Mode:

l To store logs in the cloud in a default storage location, switch the LocalConnection Mode toggle to the off position. If you plan to collect CDRSlogs, you must switch this toggle to the off position.

l To store logs locally on the CDRA, switch the Local Connection Modetoggle to the on position. Local Connection Mode is best used when theconnection between the CDRA and the cloud is not working and the CDRAlogs collection is required.When Local Connection Mode is used:

n Local copies of logs are retained for 14 days. Logs older than 14 days aredeleted.

n The maximum size of retained logs is 5 GB.

n Log file size cannot exceed 100 MB.

4. To collect logs from the CDRS, select the Collect Logs from CDRS checkbox.

This option is not available if the Local Connection Mode toggle is switched tothe on position.

5. Enter a task name for the log collection task. This name is used for the cloudstorage folder name where the collected logs are stored.

6. To begin the log collection process, click Collect Logs.

Cloud DR Add-on System and User Management


Results

When the log collection task completes, a link is provided to the collected logs. Toaccess the logs, click the link or click Copy to copy the link.

CDRA User ManagementThe Settings menu option enables you to access the CDRA User Management page.

The CDRA User Management page enables you to change the password for theCDRA Admin account and update the password expiration period.

Change the password for the CDRA admin account.You can maintain security by changing the password for the CDRA admin account.

Procedure

1. From the Settings menu option, select Users.

The User Management page appears.

2. Click the edit (pencil) icon.

The Edit User Details dialog box opens.

3. Click Change Password.

4. Enter the new password.

The password must:







5. Confirm the new password by entering it again.

6. Click Save.

Change the CDRA password expiration periodYou can change the password expiration period for the CDRA admin account.

Before you begin

Log in as the admin user.

Procedure

1. From the Settings menu option, select Users.

The User Management page appears.

2. Click the edit (pencil) icon.

The Edit User Details dialog box opens.


4. Select a different expiration period. To set the password to never expire, selectNever.


CDRA User Management 133

5. Click Save.

Results

The expiration period of the CDRA admin user password is updated.



CHAPTER 7

Cloud DR Server Interface


l The CDRS user interface.................................................................................. 136l The CDRS Dashboard....................................................................................... 136l SLA Compliance page....................................................................................... 140l Asset Association page..................................................................................... 140l Asset Recovery page.........................................................................................141l DR Activities page............................................................................................ 143l Reports.............................................................................................................144l System Health.................................................................................................. 145l Events.............................................................................................................. 146l Registered components.................................................................................... 146l Cloud DR Server user accounts........................................................................ 146l Create a tag......................................................................................................149l Set rapid recovery interval............................................................................... 150l Export events to Syslog.................................................................................... 151

Cloud DR Server Interface 135

The CDRS user interfaceThe Cloud DR Server user interface provides a dashboard representation of the CDRSenvironment and the capability to perform and monitor recoveries of protected virtualmachines and configuration tasks that are related to the CDRS.

Log into the CDRS interfaceTo log into the cloud-based CDRS component of the Cloud Disaster Recoverysolution, you need a username and password.

Procedure

1. From a host that has network access to the CDRS virtual appliance, use abrowser to connect to the appliance:

https://CDRS_hostname

Where CDRS_hostname is the hostname or IP address of the address that wascreated when the CDRS was deployed from the CDRA. You can find the CDRShostname on the Cloud DR Server page in the Cloud DR Add-on window byselecting Configuration > Cloud DR Server.

2. For Username, enter either admin or monitor.

3. For Password, enter the password for the admin or monitor user.

If you have forgotten the password:

a. Click Forgot Password?.

b. Enter the username, and click Send.

Note

In AWS environments, CDRS checks whether the User email address (see Change the email address of a CDRS user account on page 147) exists in(and has been verified by) the AWS root user account. If a valid User emailaddress has been defined, an email is sent to the specified email address,with instructions for resetting the password.

Results

On logging in, the Cloud DR Server window opens and the Welcome page appears.The menu bar on the Cloud DR Server window shows the current location in the userinterface. To log out of the Cloud DR Server user interface, click the icon on the rightside of the menu bar and select Sign out. To leave feedback, click Tell us what youthink at the bottom of the window, enter the comments, and click Send Feedback.

The CDRS DashboardThe CDRS dashboard provides insight into key product information and operationalbehavior. The dashboard is divided into panes that display unique information.

To open the dashboard, click Overview in the navigation pane of the Cloud DR Serverwindow.



Navigation paneThe Cloud DR Server navigation pane provides links to the various pages of theinterface.

The following sections describe the pages that you access through the navigationpane. You can also access many of these pages through the dashboard.

Events paneThe Events pane of the CDRS dashboard provides a summary of system events.


Navigation pane 137

To view event details, click See Details in the Events pane, or select System >Events from the navigation pane of the CDRS dashboard. Events on page 146provides information about Events details.

SLA Compliance paneThe SLA Compliance pane of the CDRS dashboard provides a summary of thecompliance of protected assets with the service level agreements (SLAs) that wereestablished in the backup software when backup policies were configured forprotection.

To view SLA compliance details, click Review SLA Details in the SLA Compliancepane, or select Overview > SLA Compliance from the navigation pane of the CDRSdashboard. SLA Compliance page on page 140 contains information about the SLACompliance page, which provides SLA compliance details.

System Health paneThe System Health pane of the CDRS dashboard provides general system healthstatus.

To view system health details, click See All in the System Health pane, or selectSystem > Health from the navigation pane of the CDRS Dashboard. System Health onpage 145 provides information about system health details.



Recovery Activities paneThe Recovery Activities pane of the CDRS dashboard displays information aboutcurrent running recovery activities, which include DR test and failover.

For more information about recovery activities, click See All in the RecoveryActivities pane, or select Recovery > DR Activities from the navigation pane of theCDRS dashboard to open the DR Activities page. DR Activities page on page 143contains information about the DR Activities page.

Cloud Usage paneThe Cloud Usage pane of the CDRS dashboard provides a summary of the amount ofstorage being used in the cloud.

Note

The information displayed varies depending on the cloud provider environment and theoperating mode.

To filter the cloud usage based on region, click the down-arrow in the upper right ofthe Cloud Usage pane and select a specific region.

Recommendations paneThe recommendations pane provides a summary of recommendations that are basedon their severity: high, medium, or low.

To view greater details, click See All. The resulting list provides a description of eachrecommendation.

Figure 17 Recommendations pane


Recovery Activities pane 139

On-premises assets and storage information paneThe On-premises assets and storage information pane of the CDRS dashboardidentifies the number of on-premises assets that are protected by the Cloud DRsolution. It also identifies the amount of on-premises storage that Cloud DR isprotecting.

SLA Compliance pageThe SLA Compliance page provides details about the compliance of protected assetswith the service level agreements (SLAs) that were established when policies wereconfigured for protection.

For Avamar, this compliance represents the Recovery Point Objective (RPO) that isdefined in the Avamar Administrator interface. For RecoverPoint for VMs, thiscompliance represents the Recovery Point Objective (RPO) that is defined in theRecoverPoint for VMs RPO setting of each cloud copy.

Access the SLA Compliance page from the dashboard by clicking Review SLADetails in the SLA Compliance pane, or from the navigation pane by selectingOverview > SLA Compliance.

Non-compliant protected assets are at the top of the list, with the most severe typelisted first. You can search the list by asset name by using the search bar at the top ofthe page.

This page does not enable you to make changes to the SLAs. It only providesinformation about compliance.

Asset Association pageThe Asset Association page, available only in Advanced Mode, enables you toassociate applications with their VMs. Making associations between applications andthe VMs that host them is required to enable DR activities for the applications.Unassociated applications cannot be tested or failed over.

Access the Asset Association page from the navigation pane by selectingProtection > Asset Association.



The Asset Association page makes it easy for you determine which applicationsrequire user action to associate them with a VM. A toggle button at the upper rightenables you to display only unassociated assets.

Note

As shown in this example, if you protect an SQL application, the association isautomatic and you cannot change it. This state occurs when using advanced policy inAvamar and enabling Cloud DR for the policy.

Asset Recovery pageThe Asset Recovery page provides a list of protected assets that you can test or failover.

You access the Asset Recovery page from the navigation pane by selectingRecovery > Asset Recovery.

From the Asset Recovery page, you can search for assets to recover, select an assetto test or failover, or recover to a specific vCenter (if previously enabled).

When you select an asset from the list, buttons appear at the top of the dialog box toenable DR actions for you to perform.

Minor differences in asset recovery exist between the two operational modes that areavailable in the Cloud DR solution.

Recover assets to a vCenter in Standard ModeIf you enabled recovery to at least one vCenter for at least one on-premises source,the Asset Recovery page is displayed. When you select the asset, an additional actionbutton is displayed: RECOVER TO VCENTER.

The RECOVER TO VCENTER button displays only when:

l The operating mode is Standard Mode

l The selected VM contains a copy in the cloud

l At least one recovery-enabled vCenter is available

When you click RECOVER TO VCENTER, you are prompted to select a copy, afailover target, and configure other settings before starting the failover.


Asset Recovery page 141

Figure 18 Failover to vCenter

Asset recovery in Advanced Mode

In Advanced Mode, a VM may have one or more associated applications running on it.

Note

In the screen example, the VM named Windows7-withSqlAgent has two asset types.The bottom row shows the VM, and the top row shows the application on the VM.

In Advanced Mode, if you test or fail over:

l A VM, only the VM is tested or failed over.

l An application, a single DR activity is started that contains one DR card for the VMand one for the application.

If a VM has more than one application, and you would like to test or fail over multipleapplications, place the applications and associated VM in a DR plan and run the DRactivity on the plan.



DR Activities pageThe DR Activities page displays recovery activities for DR test and failover andenables you to promote DR tests to failover and end DR tests.

Access the DR Activities page from the dashboard by clicking See All in theRecovery Activities pane, or from the navigation pane by selecting Recovery > DRActivities.

This screen shows an example of an application test (available only in AdvancedMode). Notice that the application is coupled with its VM in this view:

Searching for DR activitiesTo search the list of DR activities by name, enter the asset name in the search bar atthe top of the page and click the magnifying glass icon. You can also click the filter( ) icon to select filters to include in the search parameters, including the activitystatus, activity type, region, and creation time of the DR activity. When you identifythe search filters, they are displayed below the search pane. To clear the filters fromthe search, click Clear Filters.


DR Activities page 143

Promoting a failover to failbackFrom the DR Activities page, you can also select a VM or DR plan in a failover stateand fail it back to an on-premises vCenter server. When promoting a single VM tofailback, you can change the network and security group. However, this action is notpossible when promoting a DR plan.

Pausing DR for application maintenance - Advanced ModeIf an application is undergoing a DR test or failover and requires user action beforecontinuing (for example, to mount a database), the DR activity pauses to enable youto perform user actions on the application. For a list of possible user actionsdepending on the application, see User actions to restore applications - AdvancedMode on page 71.

When you are ready to resume the DR test or failover, you may choose to continuewith the DR in progress or skip it to finish the DR manually. These options are availablefrom the DR activities page:

If you want to view only those activities that require attention, click the toggle buttonat the top of the DR activities page:

Ending recovery instances from the cloud provider consoleYou can also terminate a recovery instance from the cloud provider console. When youterminate the recovery instance, the CDRS DR Activities page indicates an InstanceTerminated status.

DR activity statesThe DR Activities page enables you to monitor the progress of ongoing activity statesfor DR tests and failovers.

To understand the states of DR activities for:

l AWS environments, see DR activity states for AWS environments on page 79.

l Azure environments, see DR activity states for Azure environments on page 121.

ReportsCDRS enables you to generate reports that help you to monitor resources in the CloudDR solution.

Protected Copies Cloud ConsumptionCDRS enables you to define the reporting parameters for cloud consumption. Youselect Reports > Generate Report, and then define parameters.

l Region

l Consumption for copies:

n Only asset copies

n Only rapid recovery copies



n Asset copies and rapid recovery copies

l Time interval:

n Last week

n Last month

n Last year

Note

The storage consumption is calculated once a day.

Click the DOWNLOAD RAW DATA link (upper right) to retrieve the report in CSVformat.

DR ActivitiesYou can also generate a report to show the DR activities based on status, type, region,and selected date range:

System HealthThe Health page, which is accessed by clicking See All in the System Health pane ofthe dashboard, or selecting System > Health from the navigation pane, providesinformation about the health of the Cloud DR implementation. Cloud-based and on-premises components are listed.

To view details about a component that is listed in this screen, click the down-arrowicon (v) to the right of the component. A details pane provides information about thestatus of the component. Component issues are identified so corrective action can betaken.


System Health 145

EventsUse the Events page, which is accessible by selecting System > Events from thenavigation pane, to review system events by date, severity, title, and category.

To view details about an event, click the down-arrow icon (v) to the right of theevent. A details pane provides the event ID and detailed information about the event.

To search the list of events for various event types, type a search string in the searchbar at the top of the page and click the magnifying glass icon. For example, to limit theevent list to only those events that contain the word "Failover," type Failover in thesearch bar and click the magnifying glass icon.

You can also click the filter ( ) icon to select filters to include in the searchparameters, including security level, category, the Cloud DR Add-on, and eventcreation time. The search filters you identify appear below the search pane. To clearthe filters from the search, click Clear Filters.

Registered componentsThe Registered Components page, which is accessible by selecting System >Registered Components from the navigation pane, enables you to view registeredcomponents and unregister them.

A registered component includes name, IP address, version, and on-premises source(CDRA or vRPA). Click UNREGISTER next to the component that you want tounregister.

Cloud DR Server user accountsThe Cloud DR Server User Management page (Settings > Users) displays the useraccounts that are associated with the CDRS. Use this page to view warning messagesfor a CDRS user, or to change the password, password expiration period, andpassword recovery email address, of a CDRS user.

NOTICE

You cannot create or delete a user account.

CDRS user accounts are comprised of a Username (admin or monitor) and Passwordthat are used to Log into the CDRS interface on page 136, and a User email addressthat is used to recover the password.

Two default user accounts are associated with CDRS: admin and monitor. In theAvamar/Data Domain data protection solution, the passwords and other informationfor these user accounts are provided when CDRS is initially deployed from the CDRA.In the RecoverPoint for VMs data protection solution, an admin user is created whenyou deploy CDRS using the RecoverPoint for VMs vSphere plug-in.



In AWS environments, if you have not responded to the AWS verification email sentafter you Change the email address of a CDRS user account on page 147, a warningicon is displayed next to the admin user account email address. You can request anew verification email through the AWS console by signing into the console andselecting the US East (N. Virginia) region. Open https://console.aws.amazon.com,and select Email Addresses. Select the email address that you want to verify, andclick resend.

Change the email address of a CDRS user accountYou can change the email address to which instructions for resetting the password willbe sent, if you should lose your CDRS user account password.

Before you begin

l Log into the CDRS interface on page 136.

l In AWS environments, in the AWS Management Console, ensure that the emailaddress that you want to use for password recovery is verified under the AWSroot user account.

Note

Clicking the Forgot Password? link when you Log into the CDRS interface on page136 will send an email with the instructions for resetting the password to the Useremail address that you define.

Procedure

1. Click the edit (pencil) icon to the right of the user account.

The Edit User Details dialog box appears.

2. In the User email address field, enter the email address.

3. Click Save.

Results

In Azure environments, the email address is updated, and will be used for recovery thenext time you click the Forgot Password? link, when you Log into the CDRS interfaceon page 136. Azure does not require email verification.

In AWS environments, if the new email address exists in the AWS root user accountand has been verified by AWS, a verification email is sent from AWS to the new emailaddress.


Change the email address of a CDRS user account 147


After you finish

In AWS environments, respond to the AWS verification email within 24 hours. Afteryou respond to the AWS verification email, the email address is updated in Cloud DR,and will be used for recovery the next time you click the Forgot Password? link,when you Log into the CDRS interface on page 136. The new User email address isassigned to the US East (N. Virginia) region.

Change the CDRS user account passwordYou can change the password for the CDRS user.

Before you begin

Log into the CDRS interface on page 136.

In the RecoverPoint for VMs data protection solution, the password for the adminuser is defined in the RecoverPoint for VMs vSphere plugin during CDRSdeployment.

Procedure

1. Click the edit (pencil) icon to the right of the user account.



3. Enter the new password.

The password must:







4. Confirm the new password by entering it again.

5. Click Save.

Results

The password is updated, and should be used from now on, when you Log into theCDRS interface on page 136.



After you finish

In the RecoverPoint for VMs cloud solution, use the RecoverPoint for VMs vSphereplugin to register the new password with every vRPA cluster that protects aproduction VM. In the RecoverPoint for VMs vSphere plugin, selectAdministration > Cloud Services, click the Edit icon to the right of the Cloud DRServer name, update the value for CDRS admin user password, and click Register.

Change the CDRS password expiration periodYou can change the password expiration period for the CDRS admin user.

Before you begin

Log into the CDRS interface on page 136 as the admin user.

Procedure

1. Click the edit (pencil) icon to the right of the admin user account.



3. Select a different expiration period. To set the password to never expire, selectNever.

4. Click Save.

Results

The expiration period of the CDRS admin user password is updated. You will beprompted to update the current password when it expires.

Create a tagYou can create one or more tags to enable tagged-based resources management.Examples of use cases include Cloud Snapshot Manager (CSM) tag-based policyprotection, applying bulk updates or security patches, upgrading applications, openingor closing ports to network traffic, collecting specific logs, or monitoring data fromrecovered instances.

An important use case for tag-based management is protection during failoveroperation. You can create tags in CDRS and leverage CSM to protect taggedworkloads that are being failed over to the cloud. Read more about tag-basedmanagement with CSM here:

https://support.emc.com/docu86938_Cloud-Snapshot-Manager:-Manage-Copy-Sprawl-in-Amazon-Web-Services-.pdf?language=en_US

Procedure

1. From the Cloud DR Server UI, select Settings > Tags, and then click theCreate Tag button.


Change the CDRS password expiration period 149



2. Enter the key and values for the new tag. Optionally, set the tag as a default.Then click Create.

3. Repeat steps above to create additional tags.

Note

Once you create the tags, you can apply them whenever you run a test orfailover.

Set rapid recovery intervalYou can set the minimal time interval during which rapid recovery copies are notcreated. The minimum time interval is 6 hours, and the maximum is 24 hours. Thedefault setting is 12 hours.

Before you begin

The rapid recovery process can be performed only when a copy is available in thecloud storage after rapid recovery is enabled. Rapid recovery does not occur forcopies that are uploaded before rapid recovery is enabled.

Procedure

1. In the CDRS user interface, select Settings > General in the navigation pane.

2. In the Set Rapid Recovery Interval section, move the slider to select the timeinterval during which rapid recovery copies are not created.

The change takes effect immediately.

Results

The CDRS runs the rapid recovery process that is based on the time interval that youset.

For example, if the time interval is set to 10 hours, then no rapid recovery copy iscreated within 10 hours of the previous rapid recovery copy.



Export events to SyslogYou can configure CDRS to export events to a syslog server where they can be viewedusing external monitoring systems.

Procedure

1. In the CDRS user interface navigation tree, select System > Syslog.

2. Select Add Syslog Server and provide the following information about theSyslog server:

l IP or hostname.

l Transfer protocol.

l Port number.

l Facility name.

3. To return to the Syslog page, click Save & Connect.

4. To verify connection to the syslog server, click Test Syslog.

5. Click Add Event Filter and specify the following information on the DefinedEvents window:

l Filter name.

l One or more categories to send to syslog.

l One or more severity levels to send to syslog.

6. To return to the Syslog page, click Add.

The Enable Syslog log transfer switch is automatically toggled to on.

Results

The events data is exported to the syslog server. You can disable these exports bytoggling off Enable Syslog log transfer.


Export events to Syslog 151

CHAPTER 8

Upgrading the CDRS and CDRAs

To upgrade the CDRS and CDRAs, you need to upload an upgrade package, whichenables you to upgrade the CDRS, and then the CDRAs that are connected to it.

l Upload upgrade packages to the CDRS and CDRA........................................... 154l Upgrade the Cloud DR Server...........................................................................154l Upgrade the Cloud DR Add-on......................................................................... 155

Upgrading the CDRS and CDRAs 153

Upload upgrade packages to the CDRS and CDRATo upload an upgrade package to the CDRS and CDRA, use the Cloud DR ServerUpgrades page.

Before you begin

l The versions of the CDRA and CDRS do not need to be identical, and you are notrequired to upgrade them at the same time (unless otherwise instructed). Whenuploading an upgrade package, if the upgrade package version is not supported,you receive a notification.

l CDRS and CDRA components are upgraded separately. Beginning with Cloud DRRelease 18.3, you can directly upgrade to a CDRS/CDRA release version that is upto 4 versions later than the current version. For example, if consecutive versionsinclude 18.3, 18.4, 19.1, 19.2, and 19.3, then you could directly upgrade 18.3 to 19.3in one step. However, for CDRS/CDRA versions before Release 18.3, you mustincrementally upgrade from one version to the next (for example, 17.2 > 17.3 > 17.4> 18.1 > 18.2).

l In the RecoverPoint for VMs protection solution, consult the RecoverPoint for VMsRelease Notes to ensure that the upgrade packages that you upload are for aCDRA/CDRS version that is compatible with the version of RecoverPoint for VMsthat you want to upgrade to.

Procedure

1. Download the upgrade package (CDRS or CDRA, or both) from online support: https://www.dell.com/support/ (search for "Cloud Disaster Recovery UpgradePackage").

2. From the CDRA System menu option, select Upgrades.

3. To upload the upgrade package that you downloaded in 1 on page 154, clickUpload Package.

4. To replace the currently uploaded package with another package, click UploadDifferent Package.

Results

l After uploading an upgrade package for the CDRS, the Upgrade Cloud DR Serverbutton is displayed. Upgrade the Cloud DR Server on page 154 provides the stepsto upgrade the CDRS.

l After uploading an upgrade package for the CDRA, a message indicates that theCDRA is pending upgrade. Upgrade the Cloud DR Add-on on page 155 providesthe steps to upgrade the CDRA.

l If the upgrade package includes both CDRS and CDRA, the package is madeavailable for the CDRA only after the CDRS has been upgraded.

Upgrade the Cloud DR ServerTo upgrade a CDRS, use the Cloud DR Server Upgrades page. If a DR operation is inprogress, the upgrade process is disabled.

Before you begin

l Upload upgrade packages to the CDRS and CDRA on page 154

l Ensure that there is no rapid recovery process running.




l In the RecoverPoint for VMs protection solution, consult the RecoverPoint for VMsRelease Notes to ensure that the target CDRS version is compatible with theversion of RecoverPoint for VMs that you want to upgrade to.

Note

Do not upgrade the CDRS while the rapid recovery process is running. If you upgradethe CDRS during the rapid recovery process, that process is not monitored after theupgrade (the machine image is lost).

Procedure

1. From the CDRS System menu option, select Upgrades.

2. Click Upgrade Cloud DR Server.

3. In the Cloud DR Server Upgrade dialog box, click Upgrade.

Results

Expect a short downtime during upgrade while the CDRS restarts. You cannot performDR operations until the upgrade completes and you restart the browser.

After you finish

Restart the browser, and Log into the CDRS interface on page 136.

Upgrade the Cloud DR Add-onTo upgrade a CDRA, use the Cloud DR Add-on Upgrades page.

Before you begin

l Upload upgrade packages to the CDRS and CDRA on page 154

l Ensure the CDRA complies with the Virtual machine specifications for Cloud DRwith AWS on page 37

l In the RecoverPoint for VMs protection solution, consult the RecoverPoint for VMsRelease Notes to ensure that the target CDRA version is compatible with theversion of RecoverPoint for VMs that you have upgraded to.

Note

In the RecoverPoint for VMs protection solution, a CDRA is required only for failbackfrom AWS, or to recover to VMware Cloud on AWS. If you deployed more than oneCDRA, remember to upgrade both of them.

Procedure

1. From the CDRA System menu option, select Upgrades.

The Upgrades page displays and provides information about the current versionand upgrade status of the Cloud DR Add-on.

2. If an upgrade package is available for the CDRA, click Upgrade Cloud DR Add-on.

Results

The CDRA is upgraded to the new version. A short downtime is possible duringupgrade while the CDRA restarts. At the end of the upgrade process, the Cloud DRAdd-on login page displays.


Upgrade the Cloud DR Add-on 155

After you finish

Restart the browser and Log into the CDRA on page 45.



APPENDIX A

Security and Networking

This appendix includes the following topics:

l Cloud Disaster Recovery security .................................................................... 158l Network communications................................................................................. 159l Firewall............................................................................................................. 160

157

Cloud Disaster Recovery securityData in transitFor data that the Cloud DR solution transfers:

l Communication between customer data centers and Amazon Web Services usesSSL protocols.

l The use of a Virtual Private Networker (VPN) or AWS Connect are optional.

Data at rest in AWS S3For data at rest in the AWS S3 storage, Cloud DR supports server-side encryptionthat is provided by AWS. Supported encryption methods include SSE-S3 and SSE-KMS.

Password VaultingAll passwords are kept in a lockbox for both the Cloud DR Add-on and the Cloud DRServer.

User permissionsAll AWS user permissions are handled via AWS Identity and Access Management(IAM).

Cloud DR user permissions are handled via Cloud DR users and roles.

Define the AWS IAM policyIn order to deploy CDRS, you must have an AWS Identity and Access Management(IAM) user with the following minimum permissions:

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "iam:GenerateCredentialReport", "iam:GenerateServiceLastAccessedDetails", "iam:Get*", "iam:List*", "iam:CreateRole", "iam:DeleteRole", "iam:AttachRolePolicy", "iam:DetachRolePolicy", "iam:DeleteRolePolicy", "iam:CreatePolicy", "iam:DeletePolicy", "iam:PutRolePolicy", "iam:CreateInstanceProfile", "iam:DeleteInstanceProfile", "iam:AddRoleToInstanceProfile", "iam:RemoveRoleFromInstanceProfile", "iam:PassRole", "iam:SimulateCustomPolicy", "iam:SimulatePrincipalPolicy" ], "Effect": "Allow", "Resource": "*" }, { "Action": "ec2:*", "Effect": "Allow",


"Resource": "*" }, { "Effect": "Allow", "Action": "cloudwatch:*", "Resource": "*" }, { "Effect": "Allow", "Action": "s3:*", "Resource": "*" }, { "Effect": "Allow", "Action": [ "ses:SendEmail", "ses:SendRawEmail", "ses:Verify*", "ses:ListVerifiedEmailAddresses" ], "Resource": "*" }, { "Effect": "Allow", "Action": "cloudformation:*", "Resource": "*" }, { "Effect": "Allow", "Action": "rds:*", "Resource": "*" }, { "Effect": "Allow", "Action": "sqs:*", "Resource": "*" } ]}

To create a new policy in AWS using this IAM policy:

1. At the AWS Identity and Access Management Console (https://console.aws.amazon.com/iam/home?#/home), click Policies.

2. Click Create policy.

3. Click Select for Create Your Own Policy.

4. Enter a name and description for the policy.

5. In Policy Document, paste the above IAM policy.

6. Click Create Policy.

Network communicationsAfter failover to the cloud, the customer is responsible for ensuring proper networkingcommunications from restored VM instances on the cloud to their local network, suchas using a VPN or similar networking solution, load balancing, and other networking-related issues.

Network communications 159

https://console.aws.amazon.com/iam/home?#/home

https://console.aws.amazon.com/iam/home?#/home

FirewallThe following ports should be opened for communication between the specifiedcomponents:

Table 25 Required Cloud Disaster Recovery ports

Port Description

111 Communication between Data Domain and CDRA

443 Communication between CDRA and AWS

443 Communication between CDRA and CDRS

443 Communication between CDRA and vCenter

443 Communication between a local restore VM and AWS

2049 Communication between Data Domain and CDRA

9443 Communication between Avamar and CDRA


APPENDIX B

Cloud DR REST API


l REST API overview...........................................................................................162l Using Swagger..................................................................................................162l Use the API programmatically...........................................................................163

161

REST API overviewA REST API is provided for both the Cloud DR Add-on and Cloud DR Server tofacilitate programmatic access to Cloud DR functionality.

Swagger documentation for the REST API is available at the following locations:

l CDRA — https://CDRA_IP_or_hostname/api-docl CDRS — https://CDRS_IP_or_hostname/api-docAll Cloud DR API calls must be authenticated with an access token.

Using SwaggerThis section describes how to use Swagger to reset the admin password and obtain anaccess token.

Change the admin password with SwaggerYou can use Swagger to change the admin password.

These steps are only necessary if the initial admin password has not been changed inthe CDRA user interface. These steps have no impact on the CDRS admin password.

Procedure

1. Open a browser and go to https://<CDRA_IP_or_hostname>/api-doc.

2. To expand the relevant REST calls, click Users.

3. Click the /users/resetPassword PUT call.

4. Enter the following JSON in the Parameters section:

{ "username": "admin", "password": "initial password", "newPassword": "new password"}

where:

l username – enter admin.

l password – the existing admin password. The initial admin password value ispassword.

l newPassword – the new password.

5. Click Try it out!

Results

The expected response code of HTTP OK 200 indicates that the password change issuccessful.


Obtain an access token with SwaggerYou can use Swagger to obtain an access token.

Procedure

1. Open a browser and go to https://<CDRA_IP_or_hostname>/api-doc.

2. Click Authorize at the top of Swagger user interface.

3. Complete the following fields on the Available authorizations dialog box.

l Username – enter admin.

l Password – the current admin password.

l Setup client authentication type – select None or Other.

4. Click Authorize.

Results

For the rest of the session, all REST API calls are authorized using the access token.

l A blue information icon ( ) indicates authorized REST API calls.

l A red exclamation icon ( ) indicates unauthorized REST API calls.

Use the API programmaticallyThis section describes how to use the Cloud Disaster Recovery REST API to changethe admin password and to obtain the access token.

Change the admin password programmaticallyThe Cloud Disaster Recovery REST API enables you to change the admin passwordprogrammatically.


Procedure

1. Open an API client that you want to use for creating a PUT request.

2. Specify https://<CDRA_IP_or_hostname>/rest/users/resetPassword as theURI.

3. Specify the following JSON in the request body:

{ "username": "admin", "password": "initial password", "newPassword": "new password"}

where:


l password – the existing admin password. The initial admin password value ispassword.

Obtain an access token with Swagger 163

l newPassword – the new password.

4. Send the PUT request.

Results

The expected response code of HTTP OK 200 indicates that the password change issuccessful.

Obtain an access token programmaticallyYou can obtain an access programmatically and then include the token value insubsequent request headers.

Before you begin


Procedure

1. Open a REST API client that you want to use for creating the POST request.

2. Specify https://<CDRA_OR_CDRS_ADDRESS>/rest/oauth2/token as theURI.

3. Specify the following JSON in the request body:

{"grantType": "","username": "admin","password": "password"}

where:

l grantType – empty string.


l password – the existing admin password.

4. Send the POST request.

The response returns the access token and the token type in the body of themessage. For example:

{"accessToken": "4776290f-5ec1-44b3-b5aa-826b4c6a1962","tokenType": "Bearer"}

5. Specify the following headers in all further requests:

Content-Type: application/json Authorization : Bearer 9a82cb75-627f-485e-8495-a765fe4526b7

Authorization specifies the token type and token value.


APPENDIX C

Performance and scalability


l Cloud DR performance with AWS..................................................................... 166l Cloud DR scalability with AWS..........................................................................166l Cloud DR performance with Azure....................................................................166l Cloud DR scalability with Azure........................................................................ 167

165

Cloud DR performance with AWSThe following summarizes the performance expectations for operations with Cloud DRwith AWS.

Protection

l CDRA maximum read throughput from Data Domain is 72 MBps.

l Concurrent protected virtual machines per CDRA is 15% of the Data Domain readstreams amount (min:1, max:20).

l Compression rate before sending to the cloud is 50%.

Recovery

l Rehydration: 10 Gbps per Restore Service instance.

l Conversion: Conversion time is based on the AWS VMDK-to-AMI Conversion time(for example: Ubuntu 7Gbyte OS takes around 20 minutes).

Cloud DR scalability with AWSThe following summarizes the maximum supported operations with Cloud DR:

l Up to 100 TB of protected front-end data (the actual size of all protected virtualmachines).

l Up to 1000 VMs protected.

l 20 concurrent conversions from VMDK to AMI per region.

l If the stack amount reaches the customer limitation or quota, any subsequent DRtest or failover fails with an appropriate error message.

l 20 simultaneous AWS operations for DR tests, failovers, and other operations(AWS limitation). Contact AWS support to raise this limit.

Cloud DR performance with AzureThe following summarizes the performance expectations for both protection andrecovery operations with Cloud DR with Azure:

Protection

l CDRA maximum read throughput from Data Domain is 72 MBps.

l Concurrent protected virtual machines per CDRA is 15% of the Data Domain readstreams amount (min:1, max:20).

l Compression rate before sending to the cloud is 50%.

Recovery

l Rehydration: 10 Gbps per Restore Service instance.

l Conversion: Conversion script takes approximately 1 minute to run.


Cloud DR scalability with AzureThe following summarizes the maximum supported operations with Cloud DR:

l Up to 100 TB of protected front-end data (the actual size of all protected virtualmachines).

l Up to 1000 VMs protected.

l If the stack amount reaches the customer limitation or quota, any subsequent DRtest or failover fails with an appropriate error message.

l 100 simultaneous operations for DR tests, failovers, and other operations perregion.

Cloud DR scalability with Azure 167

APPENDIX D

Troubleshooting


l Collect logs....................................................................................................... 170l Troubleshooting AWS environments................................................................. 172l Troubleshooting Azure environments................................................................174

169

Collect logsCollecting logs for CDRA and CDRS is possible only through the CDRA user interface.

You can store collected logs locally on the CDRA or upload them to the cloud in adefault storage location. If you store the logs locally, only the CDRA logs can becollected (not CDRS logs). When the logs are collected, the CDRA generates a link tothe local storage or the cloud storage.

To collect CDRS logs, you can use any CDRA that is connected to the CDRS. Whenlogs are uploaded to cloud storage and multiple CDRAs are connected to a CDRS, alllogs from any CDRA are uploaded to the same cloud storage location. This condition istrue even if each CDRA is connected to a different cloud storage location.

Procedure




2.In the Admin username and Admin password fields, enter the username andpassword for the CDRA.

3. From the System menu option, click Log Collection.

The Log Collection page displays.

4. Select the date range for the logs you want to collect.

5. For Local Connection Mode:

l To store logs in the cloud in a default storage location, switch the LocalConnection Mode toggle to the off position. If you plan to collect CDRSlogs, you must switch this toggle to the off position.

l To store logs locally on the CDRA, switch the Local Connection Modetoggle to the on position. Local Connection Mode is best used when theconnection between the CDRA and the cloud is not working and the CDRAlogs collection is required.When Local Connection Mode is used:

n Local copies of logs are retained for 14 days. Logs older than 14 days aredeleted.

n The maximum size of retained logs is 5 GB.

n Log file size cannot exceed 100 MB.

6. To collect logs from the CDRS, select the Collect Logs from CDRS checkbox.

This option is not available if the Local Connection Mode toggle is switched tothe on position.

7. Enter a task name for the log collection task. This name is used for the cloudstorage folder name where the collected logs are stored.

8. To begin the log collection process, click Collect Logs.


Results

When the log collection task completes, a link is provided to the collected logs. Toaccess the logs, click the link or click Copy to copy the link.

Permissions to cloud storage for Cloud DR logsAfter logs are collected, they are uploaded to a default Azure storage account orAmazon S3 bucket and a link is provided in the CDRA interface. Clicking the linkenables you to download logs from the storage account or S3 bucket. However, youcannot download the logs unless the appropriate permissions have been granted to thestorage account or S3 bucket.

Instead of granting permissions to download the logs from the CDRA interface, youmay prefer to download the logs directly from the Azure portal or AWS managementconsole that was used for deployment.

Enable downloads of Cloud DR logs from AWSTo enable downloads of Cloud DR logs from the AWS, log in to the AWS console.

This procedure enables public access to the logs folder for downloading the log files.When public access is enabled, the CDRS dashboard displays a recommendation toremove public access. After retrieving Cloud DR logs, ensure that you remove publicaccess.

Procedure

1. Log into the S3 Dashboard of the AWS Console (https://console.aws.amazon.com/s3/).

2. Select the S3 bucket that contains the logs.

3. Click the Permissions tab.

4. Click Bucket Policy.

5. Enter the following text in the Bucket policy editor:

{ "Version": "2012-10-17", "Statement": [ { "Sid": "AddPerm", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::bucket-name/logs/*" } ]}

where bucket-name is the name of the bucket that contains the logs.

6. Click Save.

Results

The log files are now accessible via the link provided in the CDRA interface.

Enable downloads of Cloud DR logs from AzureTo enable downloads of Cloud DR logs from the Azure, access the Azure portal.

This procedure enables public access to the logs folder for downloading the log files.When public access is enabled, the CDRS dashboard displays a recommendation to

Permissions to cloud storage for Cloud DR logs 171

https://console.aws.amazon.com/s3/

https://console.aws.amazon.com/s3/

remove public access. After retrieving Cloud DR logs, ensure that you remove publicaccess.

Procedure

1. Access the Azure portal.

Portal address: https://portal.azure.com/.

2. Locate the storage account that you selected during CDRS deployment.

3. Locate a blob named cdrscontainer in this storage account. The logs arecreated inside this container in a folder named logs.

4. Select the checkbox next to the logs folder, and then click access policy.

5. Set the public access level to Blob (anonymous read access forblobs only) and click Save.

Results

The log files are now accessible via the link provided in the CDRA interface.

Troubleshooting AWS environmentsAWS default limitsThe following components in AWS have default limits that may not be appropriate forthe Cloud DR environment. For example, if you plan to use more than five VMs and areusing elastic IP addresses, you must increase the default limit for the number of elasticIP addresses before performing a disaster recovery.

Table 26 AWS default limits

Component Default limit

Number of buckets 100

Number of Elastic IP addresses 5

Number of instances per region 20

Number of Internet gateways 5

Number of Instances from the same type inthe same region

25

http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html containsinformation about default service limits and information about how to increase thelimits.

AWS encryptionIn AWS, policies can be specified for an S3 bucket that requires all objects within thebucket to be encrypted (or non-encrypted) with a specific algorithm or key. Cloud DRdoes not verify that the policy of the target bucket matches the encryption policy thatthe user configured for a cloud target. If there is a mismatch between the two, CDRAfails to send the data to the S3 bucket.

In the event of this failure, check the Cloud DR events to determine the issue. Thenchange the security policy in the cloud target, the target bucket, or the target bucketpolicy.


https://portal.azure.com/

http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html

AES256 encryptionCloud DR uses AES256 to encrypt metadata in AWS. As a result, if an S3 bucketpolicy enforces KMS for all objects within the bucket, the CDRA can upload the userdata, but not the metadata.

If this issue exists, edit the bucket policy to allow for AES256 encryption for themetadata folder within the bucket. For example, edit the bucket policy by adding thefollowing:

{ "Sid": "AllowKMSEverywhere", "Effect": "Allow", "Principal": "*", "Action": "s3:PutObject", "Resource": "arn:aws:s3:::bucket1/*", "Condition": { "StringEquals": { "s3:x-amz-server-side-encryption": "aws:kms" } } }, { "Sid": "AllowAES256InMetadataFolder", "Effect": "Allow", "Principal": "*", "Action": "s3:PutObject", "Resource": "arn:aws:s3:::bucket1/backups/*", "Condition": { "StringEquals": { "s3:x-amz-server-side-encryption": "AES256" } }}

Error when deploying the Cloud DR Server if AWS Marketplace terms have notbeen acceptedAn error may occur when the Cloud DR is trying to create the EC2 instance for theCloud DR Server during Cloud DR Server deployment if AWS Marketplace terms havenot been accepted. The following error message appears in the log:

ERROR [date] com.emc.cloud_dr.cdr.cdra.cloud_manager.impl.deploy_cdrs.wf.steps.instance.CreateCdrsInstanceTasklet: Error in Create Cdrs Instance! com.amazonaws.services.ec2.model.AmazonEC2Exception: In order to use this AWS Marketplace product you need to accept terms and subscribe. To do so please visit http://aws.amazon.com/marketplace/pp?sku=aw0evgkw8e5c1q413zgy5pjce (Service: AmazonEC2; Status Code: 401; Error Code: OptInRequired; Request ID: id)

To resolve this issue, accept the AWS Marketplace terms as described in AcceptAmazon Web Services Marketplace terms on page 37 and continue with Cloud DRServer deployment.

Incorrect email address when configuring the Cloud DR ServerIf you specify an incorrect email address when configuring the Cloud DR Server andare unable to verify the email:

1. Follow instructions for changing the email address at Change the email address ofa CDRS user account on page 147. Then enter and verify the correct emailaddress.

Troubleshooting AWS environments 173

2. Log in to the AWS console and open the Amazon SES console at https://console.aws.amazon.com.

3. Select the US East (N. Virginia) region.

4. Select the incorrect email address and click Remove.

Troubleshooting Azure environmentsAzure cloud post-failback procedure for Linux Operating SystemThe Cloud DR failback procedure in the Cloud DR Installation and Administration Guidetransfers a failed-over VM (cloud instance) back to the on-premises vSphereenvironment. After running the failback procedure, if you receive the followingmessage, additional steps may be required (since the Azure Hypervisor uses adifferent configuration for booting a Linux-based VM).

Failback succeeded, but the VM may not boot due to issues in the conversion step.

The additional steps follow this general work flow:

1. To boot with the original initrd/initramfs image, edit the boot menu.Pressing TAB at the end of the initrd line should autocompletethe .cdr_backup extension.

2. Log in to the VM.

3. Replace any file in the /boot folder with its corresponding file that hasthe .cdr_backup extension (if it exists).

Listed below are the detailed steps for this general work flow.

Note

Before performing these steps, you may want to try logging in to the failed-back VMsince, in some cases (for example, OEL 6.8), the VM boots correctly.

Note

The operating systems that are used in the following examples include SLES 11 (SUSEEnterprise Linux) with GRUB and Red Hat (RH) 7 Linux with GRUB2.

Note

Different versions of GRUB may use different keyboard shortcuts. GRUB showskeyboard shortcuts for boot and edit commands at the bottom of the screen.

1. Open the VM console in vSphere.

2. Power on the failback VM.

a. To access the GRUB menu, press Esc in the VM boot/splash screen.

Note

Some Linux operating system versions may require different keystrokes.

b. In SLES, press Esc key. In RH, press the down arrow key.

c. In cases where multiple optional boot entries exist, validate which boot entry isused for the VM in the Azure cloud. By default, it should be the latest version




initrd/initramfs. Select each optional boot entry until you find theappropriate one (the one with a second initrd/initramfs file that has theextension .cdr_backup).

3. To change the required initrd/initramfs file, press Edit (e) .

Note

Select the initrd version to work with, for example, initrd-3.... In otherLinux operating system versions (or other GRUB versions), file names likeinitrd16... may be used.

4. To replace the file path with the original file that has the .cdr_backup extension,press Edit (e). To autocomplete the suffix (if it exists), add "." at the end of thefile name and press Tab.

5. When the backup initrd/initramfs file is found, press the required keyboardshortcut to boot using the appropriate initrd/initramfs file.

6. To make the boot changes permanent, log in to the terminal using root/sudoeruser.

a. In the /boot folder, replace the initrd/initramfs file with the original filethat has the .cdr_backup extension.

b. For GRUB, in the /boot/grub folder, replace the menu.lst file with theoriginal file that has the .cdr_backup extension.

c. For GRUB2, in the /boot/grub2 folder, replace the grub.cfg file with theoriginal file that has the .cdr_backup extension.

7. To verify if the changes have been completed successfully, boot the VM.

Troubleshooting Azure environments 175

GLOSSARY

A

AMI Amazon Machine Image (AMI) is a template that contains configuration informationwhich is used to launch an EC2 instance in the AWS environment. In the native cloudsolution (AWS cloud), VMware's VMDK format, which is used by VMs, must beconverted to AMI format, which is used by AWS cloud. In the VMware Cloud to AWS(VMC) solution, there is no requirement to do a format conversion from VMDK to AMIbecause a VMware environment exists both on premises and in the cloud.

Application An application in DD Cloud DR solution refers to one of the following:

l Windows File System

l Linux File System

l Windows SQL Server

l Windows Exchange VSS

l Windows Sharepoint VSS

l Linux Oracle RMAN

l Windows Oracle RMAN

Protection and recovery of applications is available only on the Advanced Mode of DDCloud DR solution.

Asset A general term that refers to a VM or an application. VMs and applications areconsidered assets in the Cloud DR solution.

Azure Storage Azure Storage is an object storage service, which is used for cases like cloudapplications, content distribution, backup, archiving, disaster recovery, and Big Dataanalytics.

Azure Storage Disk Azure Storage Disk is a SSD storage optimized for I/O intensive read/write operations.

Azure Virtual Machine Virtual servers enable the users to deploy, manage, and maintain the operating systemand the server software. Instance types provide combinations of CPU/RAM. Users payfor what they use with the flexibility to change sizes.

Azure Virtual Network Azure Virtual Network provides an isolated, private environment in the cloud. Usershave control over their virtual networking environment, including selection of their ownIP address range, creation of subnets, and configuration of route tables and networkgateways.

C

CDRA Cloud Disaster Recovery Addon (CDRA) manages deployment of on-premisescomponents and CDRS, which runs in the cloud.


CDRS Cloud Disaster Recovery Server (CDRS) is a virtual server that runs in the customerdomain in the cloud. It provides a user interface for disaster recovery testing andfailover, and monitors available copies and orchestration activities in the cloud.

Note

Multiple on-premises sources (CDRAs and vRPAs) can connect to a single CDRS, butan on-premises source cannot connect to multiple CDRSs.

Classless Inter-DomainRouting (CIDR)

Classless Inter-Domain Routing (CIDR) is a method for IP address allocation and IProuting.

E

EBS Amazon Elastic Block Store (EBS) provides block-level storage volumes for use withEC2 instances.

EC2 Elastic Cloud Compute (EC2) is an Amazon web service that provides resizablecompute capacity in the cloud. An EC2 instance is a virtual server in the AWSenvironment.

R

RDS Relational Database Service (RDS) is a web service that makes it easier to set up,operate, and scale a relational database in AWS environment.

Rehydration During protection, Cloud DR initially sends the first full copy of the protected VM to thecloud and afterwards sends only the differences. When you start recovery (forexample, test or failover), a temporary Restore Service instance constructs the VMDKfile from the raw data chunks that are stored in the Cloud DR target. This process iscalled rehydration.

S

S3 Simple Storage Service (S3) is a cloud computing web server that provides scalable,object storage in the AWS environment. Objects are stored in S3 buckets. It is thesimplest and cheapest type of storage available from Amazon.

SQL Database SQL Database is a relational database-as-a-service (DBaaS) where the databaseresilience, scale, and maintenance are primarily handled by the Azure platform.

V

VPC Amazon Virtual Private Cloud (VPC) is a part of the AWS cloud where you can launchAWS resources in a virtual network that you define.

Glossary


dell emc cloud disaster recovery · 2020-03-04 · cloud dr with aws protection, recovery, and...

Documents