vCloud Air Disaster Recovery (PowerPoint)

Download Report

Transcript vCloud Air Disaster Recovery (PowerPoint)

vCloud® Air™
Disaster Recovery
Technical Presentation
Patrick Kremer, Systems Engineer @VMware
© 2015 VMware Inc. All rights reserved.
Agenda
1
vCloud Air Disaster Recovery Overview
2
Architecture
3
Design Considerations
4
Automation Options
2
vCloud Air Offerings
VMware vCloud® Air™ is a secure public cloud operated by VMware, built on the
trusted foundation of vSphere.
The service supports both existing workloads as well as new application development,
giving IT a common platform to seamlessly extend their data center to the cloud
leveraging the same tools and processes they use today.
vCloud Air Disaster Recovery
What is it?
Simple and secure asynchronous replication and failover for vSphere
•
Warm standby capacity on vCloud Air
•
Self-service protection, failover and failback
workflows per VM
•
15 min1 – 24 hr. recovery point objective (RPO)
•
Initial data seeding by shipping a disk
•
Includes:
•
•
SITE A
(PRIMARY)
vCLOUD AIR , SITE B
(RECOVERY)
7-day run time per DR test
30 days of recovered VM run time
DR Instance
1Dependent
on available bandwidth
CONFIDENTIAL
4
vCloud Air Locations
US New Jersey
US Virginia
US Gov Virginia
US Northern California
US Nevada
US Gov Arizona
vCloud Air
Europe UK
Europe Germany
Japan West
US Texas
Australia
vCloud Government Service
CONFIDENTIAL
5
The simplest way to protect your workloads
Hybrid Aware: Seamless Integration with vCloud Air
• Integrate with your existing on-premises vSphere environment
• Scale your protection capacity to meet variable demand
Flexible Infrastructure: Integrates with what you already have
• Support for multiple vSphere versions
• Support for multiple Virtual Machine Hardware versions
Encapsulation: Simple Application Protection
• Entire system – including application, OS, and data – is stored as
virtual machine files
• Just right click and replicate
CONFIDENTIAL
6
vCloud Air DR Co-Existence with SRM
REMOTE SITE B
ON-PREMISES DATA CENTER
SITE A
TIER 1
SAN-Based
Replication
vSphere
Replication
Managed by SRM
TIER 2
vCLOUD AIR , SITE C
(RECOVERY)
TIER 3
DR Instance
CONFIDENTIAL
9
Disaster Recovery Architecture
Disaster Recovery Service Architecture
Destination VMDKs
Source VMDKs
Reverse Replication
SSL Based Replication
Customer
Data Center
Source VMDKs
vCloud Air Disaster Recovery
Destination VMDKs
11
Built-in Encryption of Data in Flight
Encryption of replication traffic (in-flight) is provided between the following endpoints in vCloud Air
Disaster Recovery.
ESXi
VR
Appliance
(vCloud
Tunneling)
Public Internet or
Direct Connect PLC
vCloud Air
(Cloud Proxy)
Host Based
Replication
(HBR)
vSphere
ESXi
vSphere
WebSocket (SSL) Encryption
CONFIDENTIAL
12
Disaster Recovery Scale Out
VM Replication
VMware vCenter A
1,000 VMs
vSphere
Replication A
DR-VDC A
VMware vSphere
VM Replication
VMware vCenter B
2,000 VMs
vSphere
Replication B
DR-VDC B
VMware vSphere
VM Replication
VMware vCenter C
3,000 VMs
vSphere
Replication C
DR-VDC C
VMware vSphere
CONFIDENTIAL
14
Disaster Recovery Scale Out
Two Sites, One Cloud
VM Replication
VMware vCenter A
500 VMs
VMware vSphere
VMware vCenter B
500 VMs
vSphere
Replication A
Max 1,000 VMs
vSphere
Replication B
VMware vSphere
CONFIDENTIAL
15
System Requirements for vCloud Air Disaster Recovery
• VMware vCenter 6.0
– vSphere Essentials Plus
– vSphere Standard
– vSphere Enterprise
– vSphere Enterprise Plus
Plan
• vCloud Air Disaster
Recovery subscription
• vCloud Air DR-VDC instance
• vSphere Replication Appliance 6.0
• ESXi 5.1 or above*
─ ESXi 5.5 U2 or above recommended
• Public internet connectivity
– No proxy or traffic filtering device
* Check VMware interoperability matrix for latest version support: https://partnerweb.vmware.com/comp_guide2/sim/interop_matrix.php
CONFIDENTIAL
16
Disaster Recovery
Design Considerations
Considerations for Failover
• Self-service failover driven by consumer action
• CPU RAM and Storage drive sizing requirements
• Commensurate bandwidth to support data volume and change rate
• Type of workloads to protect, Tier 1, Tier 3
Sizing
Workload Prioritization
• How much standby storage?
• How much standby
compute?
• Is storage-based replication
in place?
• Is SRM in place?
• Which workloads to protect
when?
Networking and
Connectivity
• Do you need Direct Connect?
• Do you need VPN?
• How many Networks?
Security Assessment
• Does your CSO need to be
involved?
• What approvals are needed?
CONFIDENTIAL
19
Considerations for Failover
• Cloud (“DR-VDC”) pre-configuration required to streamline failover operations and aide in
faster recovery times
• Local authentication required?
• Access needs to manage the environment?
Infrastructure
Networking
Storage
Management
•
•
•
•
•
Active Directory
DNS
•
DHCP / IP
Re-addressing
L4-L7 services redirect
Resource allocation
changes
RBAC
CONFIDENTIAL
20
Basic DRaaS
vSphere Replication
Replicated
VMs – 4h RTO
IPSEC VPN / Direct Connect
Production VMs
DRaaS
Customer Primary
Datacenter
CONFIDENTIAL
21
DRaaS with IaaS Cross-Connect “Pilot Light”
vSphere Replication
Replicated
VMs – 4h RTO
IPSEC VPN / Direct Connect
Production VMs
DRaaS
Customer Primary
Datacenter
IPSEC
CrossConnect
IaaS
CONFIDENTIAL
22
DRaaS with IaaS Cross-Connect “Pilot Light”, single WAN
vSphere Replication
Replicated
VMs – 4h RTO
IPSEC VPN / Direct Connect
Production VMs
DRaaS
Customer Primary
Datacenter
IPSEC
CrossConnect
IaaS
Prod
Domain
Controller
AD Replication
Log Shipping or SQL AAG
DR Domain
Controller
DR SQL
Prod SQL
Cluster
CONFIDENTIAL
23
DRaaS with IaaS Cross-Connect Pilot Light / Prod, dual WAN
vSphere Replication
Replicated
VMs – 4h RTO
IPSEC VPN / Direct Connect
Production VMs
DRaaS
Customer Primary
Datacenter
IPSEC
CrossConnect
IPSEC VPN / Direct Connect
Prod
Domain
Controller
IaaS
AD Replication
Log Shipping or SQL AAG
DR Domain
Controller
DR SQL
Prod SQL
Cluster
CONFIDENTIAL
24
“Pilot Light” Virtual Machines With Physical Sites
INTERNET
IPSEC VPN
EDGE GATEWAY
Any IPSEC Endpoint
REPLICATION
Private Network
(192.168.110.0/24)
Private Network
(192.168.52.0/24)
Corp HQ
West Coast
AD03
AD04
Corp HQ (East Coast)
VIRTUAL
MACHINE
vCloud Air Disaster Recovery
CONFIDENTIAL
25
“Pilot Light” Virtual Machines with Cross Connect
Direct Connect (1gbps)
EDGE GATEWAY
Customer Router
Private Network
(192.168.52.0/24)
Private Network
(192.168.110.0/2
4)
REPLICATION
Customer
Data Center
AD02
AD01
Customer Cage
vCloud Air Disaster Recovery
vCloud Air
CONFIDENTIAL
26
Connecting to your workloads – VPN
IPSEC VPN
EDGE
GATEWAY
Domain Network
EDGE
GATEWAY
AD
DNS
VPN
Test Network
VPC OnDemand
(Virgina)
Corp/Recovery
Network
vCloud Air Disaster Recovery (Virginia)
vCloud Air
CONFIDENTIAL
30
Current Disaster Recovery
Automation Options
Disaster Recovery Process Examples
Setup & Configuration
Failback Process
Attach vCloud
Air Disaster
Recovery Site
Attach vCloud
Air Disaster
Recovery Site
1
Configure
Outgoing
Replication
2
Configure
Networks
In vCloud Air
3
Test
Failover
4
Initial Sync
• Seeded
• ODT
5
6
Full
Failover
1
Configure
Incoming
Replication
2
Delete Original
vSphere VM*
3
Test
Failback
4
5
Initial Sync
• Seeded
• ODT
CONFIDENTIAL
6
Perform
Full
Failback
32
Disaster Recovery Automation Options
Automation for:
Tools for automation
• vCO/vRealize Automation
• Puppet/Chef or 3rd
party solutions
Manual
RunBook
Creation
•
•
•
•
•
Failover
Testing
Failback
Startup Orders
Recovery Groups
Managing VM changes
vCloud API’s
• Additional networks
• IP Changes
• vCloud Air Extensions
• RaaS Extensions
• Networking Extensions
CONFIDENTIAL
33
vRealize Orchestrator Plugin
Workflows included plugin
•
Configure replication to the cloud
•
Configure replication from the
Cloud
•
Register Cloud Site
•
Initiate Planned Migration to Cloud
•
Test Recover to Cloud
•
Test Clean Up
CONFIDENTIAL
34
Site Recovery Manager Air:
Cloud-Based DR Automation & Orchestration
SITE RECOVERY MANAGER AIR
SITE A
(PRIMARY)
vCLOUD AIR , SITE B
(RECOVERY)
FAILOVER
FAILBACK
Roadmap
•
Easy setup
•
Failover and failback
•
Multiple recovery plans
•
IP address changes
•
Multi-site topologies
•
Non-disruptive testing
•
Priority groups
•
Startup dependencies
•
No Secondary Site to manage
•
Design and Execute from a web
browser
DR Instance
CONFIDENTIAL
36
Today’s slide deck available at:
http://www.patrickkremer.com/vmug
Twitter: @KremerPatrick
Questions?
CONFIDENTIAL
38