hbc8292 vcloud air recovery as a service (raas) deep dive
TRANSCRIPT
vCloud Air Recovery as a Service (RaaS) Deep DiveDavid Hill, VMware, Inc
HBC8292
#HBC8292
2
1 vCloud Air Disaster Recovery Overview
2 Architecture
3 Design Considerations
4 Data Protection in the Cloud
5 Backup to the Cloud
Agenda
VMware vCloud® Air™ is a secure public cloud operated by VMware, built on the trusted foundation of vSphere.
The service supports both existing workloads as well as new application development, giving IT a common platform to seamlessly extend their data center to the cloud leveraging the same tools and processes they use today.
vCloud Air Offerings
Cost-effective DR of vSphere VMs. Ideal for BC/DR, data center extension/geographic coverage
Warm standby capacity on vCloud Air Self-service protection, failover and failback workflows per VM 15 min – 24 hr. recovery point objective (RPO) Initial data seeding by shipping a disk 7-day run time per DR test 30 days of recovered VM run time
Disaster Recovery
SITE A(PRIMARY)
vCLOUD AIR , SITE B(RECOVERY)
vSphere Replication
FAILOVER
FAILBACK
DR Instance
Multiple point in time recovery snapshots
Subscription service that is offered in monthly, yearly or ELA terms
9:00am
8:45am8:30am
8:15am
4:15am
vRealize Orchestrator plug-in for vCloud Air
SITE A(PRIMARY)
vCLOUD AIR , SITE B(RECOVERY)
vRealize Orchestrator plug-in
FAILOVER
FAILBACK
DR Instance
Failback using vSphere Replication
vCloud Air Disaster Recovery
4
CONFIDENTIAL
The simplest way to protect your workloads
6
Encapsulation: Simple Application Protection• Entire system – including application, OS, and data – is stored as virtual
machine files• Just right click and replicate
Flexible Infrastructure: Integrates with what you already have• Support for multiple vSphere versions• Support for multiple Virtual Machine Hardware versions
Hybrid Aware: Seamless Integration with vCloud Air• Integrate with your existing on-premises vSphere environment• Scale your protection capacity to meet variable demand
CONFIDENTIAL
Disaster Recovery Decision Maker
8
Seeking DR Solution?
Budget for Second Data
Center/Managed Service?
Pass
vCloud Air - DR
Internal SkillsHosted SolutionCo-existence
Yes
No
No
YesCo-existence
YesYes
(Default)
(Partner service contract)
True Multi-Tenancy & Multi-Site Storage agnostic support Support for different vSphere versions Shared cloud infrastructure Simplified management
• UI embedded in vSphere (v5.1+)• Protect VMs with a couple of clicks• Automatable failover and testing• Installable in current environment
Administration via vCloud Air console and API*
vCloud Air Disaster Recovery
vCloud Air US vCloud Air Asia vCloud Air EUR
VMware vSphere customers
SRM
CONFIDENTIAL 9
TIER 1
TIER 2
TIER 3
Managed by SRM
SAN-Based Replication
vSphere Replication
ON-PREMISES DATA CENTERSITE A
REMOTE SITE B
vCLOUD AIR , SITE C(RECOVERY)
DR Instance
vCloud Air DR Co-Existence with SRM
CONFIDENTIAL 10
Cloud-Based DR Automation & Orchestration
SITE A(PRIMARY) vCLOUD AIR , SITE B
(RECOVERY)
FAILBACK
FAILOVER
DR Instance
SITE RECOVERY MANAGER AIR • Easy setup• Failover and failback• Multiple recovery plans• IP address changes• Multi-site topologies• Non-disruptive testing• Priority groups• Startup dependencies• No Secondary Site to manage• Design and Execute from a web
browser
Roadmap
Disaster Recovery Architecture
12
Disaster Recovery Service Architecture
vCloud Air Disaster Recovery
CustomerData Center Source VMDKs
Destination VMDKs Source VMDKs
Destination VMDKs
SSL Based Replication
Reverse Replication
CONFIDENTIAL 13
Built-in Encryption of Data in Flight
Encryption of replication traffic (in-flight) is provided between the following endpoints in vCloud Air Disaster Recovery.
ESXiVR
Appliance(vCloud
Tunneling)
Public Internet or Direct Connect PLC
vCloud Air(Cloud Proxy)
Host Based Replication
(HBR)
WebSocket (SSL) Encryption
ESXi
vSphere vSphere
CONFIDENTIAL 14
Components & Architecture
DR Appliance
DR Appliance
vCenter
ESXESX
vCTAvCenter
ESXESX
ESXi
VCD-sp
vRMS
vR
vRCSHybrid DRServices
vRS
A
B
C
vSphere Components
Replication and Cloud Components
Security Components
vSphere UI
vRMS Plugin
VCD Admin UI
vCloud Air Portal
vSM
Tenant(On-Premises Datacenter)
Provider(vCloud Air Cloud)
Cloud Proxy
vRMS
ESXi
CONFIDENTIAL
Disaster Recovery Scale Out
VMware vSphere
VMware vCenter A vSphere Replication A
1,000 VMs
VM Replication
DR-VDC A
VMware vSphere
VMware vCenter B vSphere Replication B
2,000 VMs
VM Replication
DR-VDC B
VMware vSphere
VMware vCenter C vSphere Replication C
3,000 VMs
VM Replication
DR-VDC C
15
CONFIDENTIAL 16
Disaster Recovery Scale OutTwo Sites, One Cloud
VMware vSphere
VMware vCenter A vSphere Replication A
500 VMs
VM Replication
VMware vSphere
VMware vCenter B vSphere Replication B
500 VMs
VM Replication
Max 1,000 VMs
CONFIDENTIAL 17
System Requirements for vCloud Air Disaster Recovery
• VMware vCenter 6.0– vSphere Essentials Plus– vSphere Standard– vSphere Enterprise– vSphere Enterprise Plus
• vSphere Replication Appliance 6.0• ESXi 5.1 or above*
─ ESXi 5.5 U2 or above recommended
• Public internet connectivity– No proxy or traffic filtering device
• vCloud Air Disaster Recovery subscription
• vCloud Air DR-VDC instance
Plan
* Check VMware interoperability matrix for latest version support: https://partnerweb.vmware.com/comp_guide2/sim/interop_matrix.php
Disaster Recovery Design Considerations
CONFIDENTIAL 19
Considerations for Failover
Sizing• How much standby storage?• How much standby
compute?
Security Assessment• Does your CSO need to be
involved?• What approvals are needed?
Networking and Connectivity• Do you need Direct Connect?• Do you need VPN?• How many Networks?
Workload Prioritization• Is storage-based replication
in place?• Is SRM in place?• Which workloads to protect
when?
• Self-service failover driven by consumer action
• CPU RAM and Storage drive sizing requirements• Commensurate bandwidth to support data volume and change rate• Type of workloads to protect, Tier 1, Tier 3
CONFIDENTIAL 20
Considerations for Failover
• Cloud (“DR-VDC”) pre-configuration required to streamline failover operations and aide in faster recovery times
• Local authentication required?• Access needs to manage the environment?
Infrastructure• Active Directory• DNS
Networking• DHCP / IP
Re-addressing• L4-L7 services redirect
Storage• Resource allocation
changes
Management• RBAC
CONFIDENTIAL 21
“Pilot Light” Virtual Machines With Physical Sites
Corp HQWest Coast
AD03 AD04 VIRTUALMACHINE
Private Network(192.168.110.0/24)
Private Network(192.168.52.0/24)
EDGE GATEWAYAny IPSEC Endpoint
INTERNET
vCloud Air Disaster RecoveryCorp HQ (East Coast)
IPSEC VPN
REPLICATION
CONFIDENTIAL 22
“Pilot Light” Virtual Machines with Cross Connect
CustomerData Center AD01
Private Network(192.168.52.0/24)
EDGE GATEWAY
Private Network(192.168.110.0/2
4)
vCloud Air Disaster Recovery
AD02
Customer Cage
vCloud Air
Direct Connect (1gbps)
Customer Router
REPLICATION
CONFIDENTIAL 23
“Pilot Light” Virtual Machines with VPC OnDemand
IPSEC VPN
EDGE GATEWAY
VPC OnDemand(Virgina)
vCloud Air Disaster Recovery (Virginia)
Test Network
Corp/Recovery Network
EDGE GATEWAY
On-Premises Data Center(San Francisco)
PROTECTED WORKLOADS
Domain Network
IPSEC VPN Endpoint
AD DNS AD DNS
Domain Network
IPSEC VPN
Corp Network
REPLICATION
vCloud Air
CONFIDENTIAL 24
“Pilot Light” Virtual Machines with next release
On-Premises Data Center(San Francisco)
PROTECTED WORKLOADS
Domain Network
IPSEC VPN Endpoint
AD DNS
IPSEC VPN
Corp Network
REPLICATION
vCloud Air Disaster Recovery (Virginia)
Corp/Recovery Network
EDGE GATEWAY
AD DNS
Domain Network
Test Network
vCloud Air
CONFIDENTIAL 25
IPSEC VPN
EDGE GATEWAY
VPC OnDemand(Virgina)
vCloud Air Disaster Recovery (Virginia)
Test Network
Corp/Recovery Network
EDGE GATEWAY AD DNS
Domain Network
vCloud Air
Connecting to your workloadsHTTP/HTTPS
CONFIDENTIAL 26
IPSEC VPN
EDGE GATEWAY
VPC OnDemand(Virgina)
vCloud Air Disaster Recovery (Virginia)
Test Network
Corp/Recovery Network
EDGE GATEWAY AD DNS
Domain Network
vCloud Air
Connecting to your workloads – VPN
VPN
Data Protection in the Cloud
28
VMware vCloud Air Object Storage powered by Google Cloud Platform
Storage Options
Standard StorageDurable Reduced
Availability Storage
speed
availability
durability
cost
Nearline
Universal cloud storage suitable for any workload
speed
availability
durability
cost
speed
availability
durability
cost
Cloud storage suitable for use cases that don’t require high
availability and high performance
Cloud storage suitable for long term storage of
infrequently accessed content
Data Protection Service
BACKUP
RESTORE
• Protect you workloads with an integrated backup/recovery option
• Simple to deploy and begin use
• Easily opt in and scale as needed
Benefits
• Agentless, policy-driven backup of virtual machines in vCloud Air
• Image-level (VMDK) restores• In-place or out-of-place
• Full self-service capabilities:• 1 – 365 day retention policy• Scheduled backup windows• Multiple restore points
Overview
VMDK
VMDK
VMDK
VMDK
Backup to Cloud
CONFIDENTIAL30
Why?
Protecting your workload no matter where it lives…EXTENDING DATA MANAGEMENT WITH VCLOUD AIR
VMware Private Cloud(On-premise)
Cloud Storage Library
Cloud is not just a storage target• DR to the Cloud - Extend beyond
your Datacenter with Commvault and vCloud Air by recovering workloads between clouds
vCloud Air
Cloud Storage Library
Commvault in vCA
Clients in vCloud Air
Commvault on-prem
Clients inPrivate Cloud
Protect workloads where they live• Whether on-premise or in vCloud Air,
Commvault can protect active workloads
• Policy-driven methodology allows granular control over how you want your data to be managed
Pay-as-you-go• Capacity-based licensing
from Commvault and Public Cloud models allow you to align costs with cloud consumption
Object Storage powered by
vCloud Air and Veeam: Build a Successful Backup Plan
The 3-2-1 rule:– 3 copies of your data: production data, backup and its copy– 2 different types of media to store copies of your data (ex. disk storage and tape)– 1 copy of a backup file offsite (Cloud or remote site)
Allow the off-site copy of the backup to be hosted in vCloud Air: Good for partners and good for users.
Architectures
CONFIDENTIAL34
Hybrid Architectures on vCloud Air: Disaster Recovery vC
LOU
D A
IRC
OM
PUTE
Corp Network
vCLO
UD
AIR
O
BJEC
T STOR
AG
E
ON-PREMISES
BACKUP VENDOR
Corp Network
IPSEC VPN
VPN ENDPOINT
BACKUP VENDOR
VIRTUAL MACHINE
VIRTUAL MACHINE
VIRTUAL MACHINE
VIRTUAL MACHINE
OFFSITE BACKUP OF THE CLOUD
BACKUP TO THE CLOUD
ON-PREMISES
DIRECT CONNECT (1 gbps)
CORP ROUTER
BACKUPSTORAGE
Backup Network
INTERNET
ARCHIVESTORAGE
BACKUPSTORAGE
“Production” Network
“Production” Network
Private Network(192.168.50.0/24)
EDGE GATEWAY
DMZ Network(192.168.52.0/24
)
vCLOUD AIR
Extending existing On-Prem Infrastructure
Questions?