dell emc cloud disaster recovery...l aws, see part 2, cloud dr with aws on page 31. l azure, see...

Dell EMC Cloud Disaster RecoveryVersion 19.2

Installation and Administration Guide302-006-019

Rev 02

April 2020

Copyright © 2019-2020 Dell Inc. or its subsidiaries. All rights reserved.

Dell believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.

THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS-IS.” DELL MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND

WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF

MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. USE, COPYING, AND DISTRIBUTION OF ANY DELL SOFTWARE DESCRIBED

IN THIS PUBLICATION REQUIRES AN APPLICABLE SOFTWARE LICENSE.

Dell Technologies, Dell, EMC, Dell EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be the property

of their respective owners. Published in the USA.

Dell EMCHopkinton, Massachusetts 01748-91031-508-435-1000 In North America 1-866-464-7381www.DellEMC.com

2 Dell EMC Cloud Disaster Recovery Installation and Administration Guide

9

11

Preface 13

Cloud DR solution overview 17

Cloud DR solution overview 19Overview.......................................................................................................... 20Operational modes............................................................................................20Architectures for Standard Mode operation......................................................22

Avamar/Data Domain/Integrated Data Protection Appliance to AWScloud and AWS GovCloud.................................................................... 23RecoverPoint for VMs to AWS cloud................................................... 24Avamar/Data Domain to Azure cloud................................................... 26

Architectures for Advanced Mode operation.....................................................27Cloud DR solution with VMware Cloud on AWS................................................ 29

Cloud DR with AWS 31

Cloud DR with AWS requirements and deployment 33Requirements for Cloud DR with Amazon Web Services...................................34

Requirements checklist........................................................................ 34Prerequisites for Advanced Mode........................................................ 36Accept Amazon Web Services Marketplace terms............................... 37Virtual machine specifications for Cloud DR with AWS........................ 37AWS/AWS GovCloud regions for CDRS deployment........................... 38Supported operating systems for Cloud DR and AWS..........................38Supported browsers and resolutions.................................................... 38Limitations - Cloud DR with AWS and AWS GovCloud......................... 38Requirements and limitations for VMware Cloud on AWS.................... 39Prerequisites to enable failover to VMC...............................................40Connect CDRA to CDRS using private IP address - AWS..................... 41

Credentials for Cloud DR deployment............................................................... 42Deployment guidelines...................................................................................... 43Deploy the CDRA OVA...................................................................................... 44Log into the CDRA............................................................................................ 44Configuring the CDRA and deploying the CDRS............................................... 45

Set up the CDRA..................................................................................47Add AWS cloud account.......................................................................47Add AWS cloud targets........................................................................ 48Deploy the Cloud DR Server in AWS/AWS GovCloud.......................... 49Add VPN gateway - Advanced Mode....................................................51Connect to vCenter servers.................................................................52Define a recovery staging area.............................................................52

Figures

Tables

Part 1

Chapter 1

Part 2

Chapter 2

CONTENTS

Dell EMC Cloud Disaster Recovery Installation and Administration Guide 3

Configure Avamar backup server and Data Domain system..................54Configure cloud backup - Advanced Mode...........................................56

Add additional on-premises sources..................................................................56Uninstall Cloud DR components........................................................................ 57

Cloud DR with AWS protection, recovery, and failback 59Overview.......................................................................................................... 60

Protection............................................................................................60Test..................................................................................................... 60Failover................................................................................................ 62Failback................................................................................................63DR plans...............................................................................................64

Create rapid recovery copies for protected assets........................................... 65Associate VMs with applications - Advanced Mode operation...........................66Test or fail over a single asset to AWS cloud.................................................... 66User actions to restore applications - Advanced Mode..................................... 68Failover to vCenter or VMware Cloud on AWS................................................. 69Failback workflow.............................................................................................. 71Failback from the cloud..................................................................................... 71Promote a DR test to failover............................................................................73End a DR test....................................................................................................74End a failover.................................................................................................... 74Monitor recovery activities............................................................................... 75

DR activity statuses............................................................................. 76DR activity states for AWS environments............................................ 76View recovery details .......................................................................... 77

DR plan activities...............................................................................................77Create a DR plan............................................................................................... 78Edit a DR plan................................................................................................... 79Test or fail over a DR plan to AWS cloud........................................................... 81Split a DR plan activity......................................................................................82Delete a DR plan............................................................................................... 83

Cloud DR with Azure 85

Cloud DR for Azure requirements and deployment 87Requirements for Cloud DR with Azure cloud environments............................. 88

Requirements checklist for Microsoft Azure........................................ 88Azure prerequisite setup...................................................................... 89Virtual machine specifications for Cloud DR with Microsoft Azure.......89Azure regions for CDRS deployment....................................................90Supported operating systems for Cloud DR and Azure........................ 90Supported browsers and resolutions.................................................... 90Support for Azure Hybrid Benefit........................................................ 90Limitations for Cloud DR with Azure.................................................... 90Connect to CDRS via private IP address - Azure.................................. 91

Credentials for Cloud DR deployment................................................................91Deploy the CDRA OVA...................................................................................... 92Log in to CDRA................................................................................................. 92Configuring the CDRA and deploying the CDRS............................................... 93

Set up the CDRA..................................................................................95Add Azure cloud account..................................................................... 95Add Azure cloud targets.......................................................................96Deploy the Cloud DR Server in Azure...................................................96

Chapter 3

Part 3

Chapter 4

Contents


Connect to vCenter servers................................................................. 97Define a recovery staging area.............................................................98Configure Avamar backup server and Data Domain system..................99

Add additional CDRAs...................................................................................... 101Uninstall Cloud DR components.......................................................................102

Cloud DR with Azure protection, recovery, and failback 103Overview......................................................................................................... 104

Protection.......................................................................................... 104Test.................................................................................................... 104Failover...............................................................................................106Failback.............................................................................................. 107

DR plans.......................................................................................................... 108Create rapid recovery copies for protected VMs............................................. 109Test or fail over single asset to Azure cloud..................................................... 110Recover to vCenter.......................................................................................... 111Failback workflow............................................................................................ 113Perform a failback............................................................................................ 113Promote a DR test to failover...........................................................................115End a DR test................................................................................................... 115End a failover................................................................................................... 116Monitor recovery activities.............................................................................. 116

DR activity statuses............................................................................ 118DR activity states for Azure environments.......................................... 118View recovery details ......................................................................... 119

DR plan activities............................................................................................. 119Create a DR plan............................................................................................. 120Edit a DR plan...................................................................................................121Test or fail over a DR plan to Azure cloud........................................................ 123Split a DR plan activity.....................................................................................124Delete a DR plan.............................................................................................. 125

Cloud DR system and user management 127

Cloud DR Add-on System and User Management 129Cloud DR Add-on System................................................................................ 130

Collect logs.........................................................................................130CDRA User Management................................................................................. 131

Change the password for the CDRA admin account............................ 131Change the CDRA password expiration period.................................... 131

Cloud DR Server Interface 133The CDRS user interface................................................................................. 134

Log into the CDRS interface............................................................... 134The CDRS Dashboard...................................................................................... 134

Navigation pane.................................................................................. 135Events pane........................................................................................135SLA Compliance pane......................................................................... 136System Health pane............................................................................136Recovery Activities pane.....................................................................137Cloud Usage pane............................................................................... 137Recommendations pane...................................................................... 137On-premises assets and storage information pane..............................138

Chapter 5

Part 4

Chapter 6

Chapter 7

Contents


SLA Compliance page...................................................................................... 138Asset Association page.................................................................................... 138Asset Recovery page....................................................................................... 139

Recover assets to a vCenter in Standard Mode.................................. 139Asset recovery in Advanced Mode......................................................140

DR Activities page............................................................................................ 141DR activity states............................................................................... 142

Reports............................................................................................................142System Health................................................................................................. 143Events............................................................................................................. 143Registered components...................................................................................144Cloud DR Server user accounts....................................................................... 144

Change the email address of a CDRS user account ............................144Change the CDRS user account password..........................................145Change the CDRS password expiration period....................................146

Create a tag.....................................................................................................147Set rapid recovery interval.............................................................................. 148Export events to Syslog...................................................................................148

Upgrading the CDRS and CDRAs 151Upload upgrade packages to the CDRS and CDRA.......................................... 152Upgrade the Cloud DR Server......................................................................... 152Upgrade the Cloud DR Add-on........................................................................ 153

Security and Networking 155Cloud Disaster Recovery security ..............................................156User permissions............................................................................................. 156Network communications......................................................... 158Firewall................................................................................... 158

Cloud DR REST API 159REST API overview...................................................................160Using Swagger.........................................................................160Change the admin password with Swagger..................................................... 160Obtain an access token with Swagger..............................................................161Use the API programmatically.................................................... 161Change the admin password programmatically................................................ 161Obtain an access token programmatically........................................................162

Performance and scalability 163Cloud DR performance with AWS...............................................164Cloud DR scalability with AWS...................................................164Cloud DR performance with Azure............................................. 164Cloud DR scalability with Azure................................................. 165

Troubleshooting 167Collect logs..............................................................................168Collect logs in CDRA........................................................................................168Collect logs in CDRS........................................................................................169Permissions to cloud storage for Cloud DR logs.............................................. 169

Chapter 8

Appendix A

Appendix B

Appendix C

Appendix D

Contents


Enable downloads of Cloud DR logs from AWS................................................169Enable downloads of Cloud DR logs from Azure.............................................. 170Troubleshooting AWS environments.......................................... 170Troubleshooting Azure environments......................................... 172

175Glossary

Contents


Contents


Component view for Cloud DR and AWS...........................................................................23Network view for Cloud DR and AWS / AWS GovCloud....................................................23VMware Cloud on AWS architecture.................................................................................24RecoverPoint for VMs to the AWS cloud.......................................................................... 25Architecture for recovery to VMware Cloud on AWS........................................................26Component architecture for Cloud DR and Azure............................................................. 27Network architecture for Cloud DR and Azure.................................................................. 27Component architecture for Cloud DR and AWS.............................................................. 28Example of network architecture for Cloud DR and AWS..................................................29DR test workflow...............................................................................................................61Failover workflow..............................................................................................................62Failback workflow............................................................................................................. 63DR test workflow.............................................................................................................105Failover workflow............................................................................................................ 106Failback workflow............................................................................................................ 107Recommendations pane...................................................................................................137Failover to vCenter.......................................................................................................... 140

1234567891011121314151617

FIGURES


Figures


Revision history................................................................................................................. 14Cloud DR operating modes................................................................................................ 21Cloud DR components....................................................................................................... 21Architectures for Standard Mode operation......................................................................22Prerequisite checklist........................................................................................................34Cloud DR AWS components specifications....................................................................... 37Cloud DR Add-on VM specifications................................................................................. 38Cloud DR component credentials...................................................................................... 42Deployment guidelines...................................................................................................... 43Cleaning up cloud-based resources...................................................................................58Test workflow states and related user actions...................................................................61Failover workflow states and related user actions.............................................................62Failback workflow states and related user actions............................................................ 63DR activity statuses.......................................................................................................... 76Ongoing activity states for AWS environments.................................................................76Prerequisite checklist........................................................................................................88Cloud DR Add-on VM specifications................................................................................. 89Cloud DR Azure components specifications......................................................................89Cloud DR component usernames and passwords.............................................................. 92Test workflow states and related user actions.................................................................105Failover workflow states and related user actions........................................................... 106Failback workflow states and related user actions........................................................... 107DR activity statuses......................................................................................................... 118Ongoing activity states for Azure environments...............................................................118Required Cloud Disaster Recovery ports......................................................................... 158AWS default limits............................................................................................................ 171

1234567891011121314151617181920212223242526

TABLES


Tables


Preface

As part of an effort to improve its product lines, we periodically release revisions of its softwareand hardware. Therefore, some functions described in this document might not be supported by allversions of the software or hardware currently in use. The product release notes provide the mostup-to-date information on product features.

Contact your technical support professional if a product does not function properly or does notfunction as described in this document.

Note: This document was accurate at publication time. Go to Online Support (https://www.dell.com/support/) to find the latest version of this document.

Purpose

This document describes how to install, deploy, and use the Cloud Disaster Recovery (Cloud DR)solution.

Audience

This document is intended for backup administrators and operators, and cloud administrators whoare involved in the backup and recovery of VMs to the cloud and are planning to deploy and usethe Cloud DR solution. Experience in network administration is required for building the networkinfrastructure to support the Cloud DR solution. Training and certification for cloud providerservices, for example, Microsoft Azure or Amazon Web Services (AWS), is recommended.

How to use this guide

To familiarize yourself with the Cloud DR solution and how it integrates with other data productionsolutions, see Part 1, Cloud DR solution overview on page 17.

For requirements, deployment, protection, recovery, and failback information and instructions, ifyour cloud provider is:

l AWS, see Part 2, Cloud DR with AWS on page 31.

l Azure, see Part 3, Cloud DR with Azure on page 85.

To understand system and user management, including log access and upgrade guidelines, of theCloud DR Add-on and the Cloud DR Server, see Part 4, Cloud DR Add-on System and UserManagement on page 129.

For supplemental information that may provide assistance to Cloud DR administrators, see theseappendixes:

l Security and Networking on page 155

l Cloud DR REST API on page 159

l Performance and scalability on page 163

l Troubleshooting on page 167

The Glossary contains definitions of terms that may be useful to readers who are unfamiliar withthe products and solutions that are described in this guide.

Revision history

The following table presents the revision history of this document.


https://www.dell.com/support/


Table 1 Revision history

Revision Date Description

02 April 2020 Update to AWS GovCloudAMI location.

01 September 2019 Cloud DR Release 19.2

Related content

The following publications provide additional information:

l Cloud Disaster Recovery Release Notes

l Avamar Administration Guide

l Avamar and Data Domain System Integration Guide

l Avamar for VMware User Guide

l Avamar Virtual Edition for Amazon Web Services Installation and Upgrade Guide

l Avamar Data Domain System Integration Guide

l Avamar Release Notes

l Data Domain Release Notes

l RecoverPoint for Virtual Machines Cloud Solutions Guide

l Cloud Disaster Recovery White Paper Advanced Mode

l Dell EMC YouTube channel: https://www.youtube.com/user/EMCCorp. Search for "CloudDisaster Recovery demo".

Special notice conventions used in this document

Dell EMC uses the following conventions for special notices:

DANGER Indicates a hazardous situation which, if not avoided, will result in death or seriousinjury.

WARNING Indicates a hazardous situation which, if not avoided, could result in death orserious injury.

CAUTION Indicates a hazardous situation which, if not avoided, could result in minor ormoderate injury.

NOTICE Addresses practices not related to personal injury.

Note: Presents information that is important, but not hazard-related.

Typographical conventions

Dell EMC uses the following type style conventions in this document:

Bold Used for names of interface elements, such as names of windows,dialog boxes, buttons, fields, tab names, key names, and menu paths(what the user specifically selects or clicks)

Italic Used for full titles of publications referenced in text

Monospace Used for:

l System code

l System output, such as an error message or script

Preface


https://www.youtube.com/user/EMCCorp

l Pathnames, filenames, prompts, and syntax

l Commands and options

Monospace italic Used for variables

Monospace bold Used for user input

[ ] Square brackets enclose optional values

| Vertical bar indicates alternate selections - the bar means “or”

{ } Braces enclose content that the user must specify, such as x or y orz

... Ellipses indicate nonessential information omitted from the example

Where to get help

Support, product, and licensing information can be obtained as follows:

Product information

For documentation, release notes, software updates, or further information, go to OnlineSupport at https://www.dell.com/support/.

Technical support

Go to Online Support and click Service Center. You will see several options for contactingTechnical Support. To open a service request, you must have a valid support agreement.Contact your sales representative for details about obtaining a valid support agreement orwith questions about your account.

Comments and suggestions

Comments and suggestions help us to continue to improve the accuracy, organization, and overallquality of the user publications. Send comments and suggestions about this document to [email protected].

Please include the following information:

l Product name and version

l Document name, part number, and revision (for example, 01)

l Page numbers

l Other details to help address documentation issues

Preface



mailto:[email protected]

Preface


PART 1

Cloud DR solution overview

This part includes these chapters:

Chapter 1, "Cloud DR solution overview"


CHAPTER 1


This chapter includes the following topics:

l Overview............................................................................................................................... 20l Operational modes................................................................................................................ 20l Architectures for Standard Mode operation.......................................................................... 22l Architectures for Advanced Mode operation......................................................................... 27l Cloud DR solution with VMware Cloud on AWS.....................................................................29


OverviewThe Cloud Disaster Recovery (Cloud DR) solution enables disaster recovery of one or more on-premises virtual machines (VMs) to the cloud provider environment. Cloud DR supports AmazonWeb Services (AWS), AWS GovCloud, and Microsoft Azure. Cloud DR integrates with existing DellEMC on-premises data protection solutions to protect VMs to the cloud. Once VMs are protectedin the cloud, Cloud DR enables you to run a DR test or a failover and then run the recoveredinstance in the cloud.

Supported on-premises data protection solutions include Avamar backup software that is coupledwith a Data Domain system (physical or virtual editions) or a RecoverPoint for VMs system. CloudDR also integrates with Integrated Data Protection Appliance (IDPA). Multiple on-premises dataprotection sources can be connected to the same Cloud DR Server.

Cloud DR supports recovery run books, enabling administrators to create one or more DR plans torecover multiple VMs and preconfigure recovery orchestration, including network and securitygroups association, VM boot order definition, and instance type selection. You can manage,recover, and fail back DR plans through the Cloud DR Server (CDRS) UI.

Through the CDRS UI, you can accelerate the recovery process by creating rapid recovery copiesfor protected VMs. Creating a rapid recovery copy starts a rehydration process and converts theVMDK files to the required format depending on the cloud provider environment. The recoveryprocess then only needs to launch the recovered instance.

Depending on the on-premises data protection solution, either the Cloud DR Add-on (CDRA) orthe virtual RecoverPoint Appliance (vRPA) manages the deployment of on-premises resources andthe CDRS, which runs in the cloud. In this document, the CDRA and vRPA are referred to as on-premises sources.

CDRS monitors available copies and orchestration activities in the cloud. The CDRS user interfacecan be used for disaster recovery testing and failover. A DR test enables temporary access to avirtual cloud instance to retrieve specific data or verify that the recovered VM is working beforerunning a failover. You would start a failover when the on-premises production environmentexperiences a disaster or the VM is not running.

When the production environment is restored, you can start a failback. This action copies thefailover instance from the cloud to a new VM copy in the on-premises vCenter environment. Thefailback procedure is available only in the CDRS.

Two modes of operation are possible in the Cloud DR solution. Standard Mode provides image-level, VM protection in all three environments. To provide full support for application consistencyin AWS, use Advanced Mode, which requires virtual editions of the Avamar backup server and DataDomain components in the AWS cloud architecture.

Cloud DR is a part of PowerProtect Software and is integrated with PowerProtect Data Manager(PPDM) UI. The PowerProtect Data Manager - Cloud Disaster Recovery User Guide providesinformation about the Cloud DR workflow within PPDM user interface. The integrated Cloud DRsupports only standard mode for AWS.

Operational modesCloud DR offers two modes of operation: Standard Mode and Advanced Mode. The Standardmode is deployed by default. To deploy the Advanced Mode, click Settings in the Navigation paneand select Operational Mode.

Table 2 on page 21 describes the Cloud DR operating modes.



Table 2 Cloud DR operating modes

Operatingmode

Cloud provider Use case

Standard Mode AWS / AWS GovCloud Crash-consistent, image-level, VM recovery fornative AWS operation and VMware Cloud on AWS.Supported for these on-premises data protectionsolutions:

l Avamar/Data Domain

l RecoverPoint for VMs

l Integrated Data Protection Appliance (IDPA)

Microsoft Azure Crash-consistent, image-level, VM recovery.Supported for the following on-premises dataprotection solutions:

l Avamar/Data Domain.


AdvancedMode

AWS Crash-consistent, image-level, VM recovery aswell as application-consistent, agent-basedrecovery.Supported for on-premises Avamar/Data Domainsolution with these additional servers in the cloud:

l Avamar Virtual Edition (AVE)

l Data Domain Virtual Edition (DDVE)

l


Note: If you are operating in Standard Mode, you can later change it to Advanced Mode, ifsupported by the on-premises data protection solution. Select Cloud DR Add-on > Settings >

Operational Mode to change the mode. Changing from Advanced Mode to Standard Mode isnot supported.

The Cloud DR solution requires the components that are listed in Table 3 on page 21.

Table 3 Cloud DR components

Component Notes

VMware vCenter environment Release 6.0 or later.

An on-premises source:

l Cloud DR Add-on (CDRA) for Avamar/Data Domain

l virtual RecoverPoint Appliance (vRPA)for RecoverPoint for VMs

l Integrated Data Protection Appliance(IDPA)

The on-premises source manages deploymentof resources, protects VMs in the cloud, andconfigures the Cloud DR Server (CDRS). It ispossible to have both types of sources (CDRAand vRPA) on premises, each one connectingto the same Cloud DR Server.

Cloud DR Server The Cloud DR Server (CDRS) is a virtualserver that runs in the customer domain in the



Table 3 Cloud DR components (continued)

Component Notes

cloud and provides a user interface fordisaster recovery testing and failover.

Note: Multiple on-premises sources(CDRAs and vRPAs) can connect to asingle CDRS, but an on-premises sourcecannot connect to multiple CDRSs.

Public cloud account A public cloud account in the customerdomain. One of the following:

l Azure

l AWS

l AWS GovCloud

Architectures for Standard Mode operationArchitectures for Standard Mode operation depend on the on-premises data protection solutionand the cloud environment.

Table 4 Architectures for Standard Mode operation

On-premises dataprotection solution

Cloud environment Reference diagrams

Avamar with Data Domain Cloud DR and AWS Avamar/Data Domain/IntegratedData Protection Appliance to AWScloud and AWS GovCloud on page23 provides component and networkviews of a native AWS environmentas well as an architecture diagram forVMware Cloud on AWS (VMC).

RecoverPoint for VMs Cloud DR and AWS RecoverPoint for VMs to AWS cloudon page 24 provides component andnetwork views of a native AWSenvironment as well as anarchitecture diagram for VMwareCloud on AWS (VMC).

Avamar with Data Domain Cloud DR and Azure Avamar/Data Domain to Azure cloudon page 26 provides component andnetwork views of an Azure cloudenvironment.



Avamar/Data Domain/Integrated Data Protection Appliance to AWS cloud andAWS GovCloud

Architecture diagrams depict the component and the network views as well as VMware Cloud onAWS in Standard Mode operation.

Figure 1 on page 23 shows the major components for Cloud DR and AWS in Standard Modeoperation.

Figure 1 Component view for Cloud DR and AWS

Figure 2 on page 23 shows network connections for Cloud DR and AWS / AWS GovCloud inStandard Mode operation.

Figure 2 Network view for Cloud DR and AWS / AWS GovCloud

Figure 3 on page 24 shows the architecture for VMware Cloud on AWS (VMC) in Standard Modeoperation. You deploy the VMC inside a software-defined data center (SDDC), which is deployedon demand.



Figure 3 VMware Cloud on AWS architecture

RecoverPoint for VMs to AWS cloudThe RecoverPoint for VMs integration with Cloud DR is described using architectural diagrams forthe supported use cases.

Figure 4 on page 25 shows the integration of the on-premises RecoverPoint for VMs system withCloud DR and the AWS cloud environment. Cloud DR software that is integrated within the virtualRecoverPoint Appliance (vRPA) deploys cloud-based resources including the Cloud DR Server(CDRS). The CDRS enables disaster recovery activities for cloud-protected VMs.



Figure 4 RecoverPoint for VMs to the AWS cloud

To support recovery to VMware Cloud on AWS (VMC), you deploy a software-defined data center(SDDC) in the cloud and a CDRA within it. You connect the CDRA to the CDRS and enable directfailover to the vCenter in the VMC. Figure 5 on page 26 shows the cloud architecture. The VMCSDDC can be pre-configured or configured on demand when a DR site is needed. Recovery toVMC eliminates the need to recover VMware VMs into AMI format and shortens the RecoveryTime Objective (RTO).



Figure 5 Architecture for recovery to VMware Cloud on AWS

Avamar/Data Domain to Azure cloudArchitecture diagrams depict component and network views of Avamar/Data Domain to Azurecloud in Standard Mode operation.

Figure 6 on page 27 shows the major components for Cloud DR and Azure cloud in StandardMode operation.



Figure 6 Component architecture for Cloud DR and Azure

Figure 7 on page 27 shows network connections for Cloud DR and Azure in Standard Modeoperation.

Figure 7 Network architecture for Cloud DR and Azure

Architectures for Advanced Mode operationArchitectures for Advanced Mode can vary depending on networking preferences and siterequirements. To build the network infrastructure to support the Cloud DR solution, consult thenetwork administrator.

The architecture for Advanced Mode requires:

l Deploying physical or virtual editions of Data Domain and Avamar in the vSphere environmenton premises.

l Deploying virtual editions of Data Domain (DDVE) and Avamar (AVE) in the user's AWS cloudaccount. Avamar provides a deployer that deploys AVE and DDVE in the cloud and configuresthe required AWS resources.



l Connecting the cloud-based AVE and DDVE components.

l Configuring the network connection between on-premises Avamar and Data Domaincomponents and cloud-hosted AVE and DDVE components through a VPN gateway.

l Configuring Avamar replication between the on-premises Avamar and cloud-based AVEcomponents.

Figure 8 on page 28 shows the component architecture for operating the Cloud DR solution inAdvanced Mode.

Figure 8 Component architecture for Cloud DR and AWS

Figure 9 on page 29 shows an example of the network architecture for Advanced Mode.

This example shows the CDRS deployed within the same VPC as the Avamar and Data Domaincomponents.



Figure 9 Example of network architecture for Cloud DR and AWS

Another option (not shown) is to deploy the CDRS in a different VPC than the Avamar and DataDomain components. This alternative requires a VPN connection from CDRS to the Avamar andData Domain components in the cloud.

Cloud DR solution with VMware Cloud on AWSCloud DR Standard Mode supports failover from an on-premises environment to a VMware Cloudon AWS (VMC). Copies are protected in AWS S3, and they are recovered in VMware Cloud onAWS.

VMware Cloud on AWS can be used on demand, when DR is needed. Since VMware Cloud on AWSis not needed for protection, the user can deploy a software-defined data center (SDDC) onlywhen failover is required. The user connects the VMC to the Cloud DR solution by deploying aCDRA in VMC and connecting it to the CDRS. Then failover of VMs can begin.

Since the production site and DR site are both using VMware, failover to the VMware Cloud onAWS does not require launching an EC2 instance or converting VMDKs to AMIs.

For more information about VMware Cloud on AWS, read the VMware Cloud on AWS TechnicalOverview.

In this solution, the general recovery workflow is:

1. When recovery is needed, deploy an SDDC.

2. Deploy a CDRA in the SDDC and connect it to the CDRS.

3. From the VMC CDRA, when you define the recovery staging area, ensure that you enabledirect failover to the VMC vCenter.

4. During recovery operations, select the VM that you want to recover, and then click FAILOVERTO VCENTER.

5. The recovery process fails over the AWS S3 copy to the VMware Cloud on AWS.

If failback is required, use vMotion to move the recovered VM from the VMC vCenter to thevCenter at the production site on premises.



https://assets.cloud.vmware.com/v3/assets/blt719094f4883f620b/blt61dafeacad75e15b/5a345939b2f23a2f7143b373/download?disposition=inline

https://assets.cloud.vmware.com/v3/assets/blt719094f4883f620b/blt61dafeacad75e15b/5a345939b2f23a2f7143b373/download?disposition=inline

PART 2

Cloud DR with AWS


Chapter 2, "Cloud DR with AWS requirements and deployment"

Chapter 3, "Cloud DR with AWS protection, recovery, and failback "


Cloud DR with AWS


CHAPTER 2

Cloud DR with AWS requirements anddeployment


l Requirements for Cloud DR with Amazon Web Services....................................................... 34l Credentials for Cloud DR deployment....................................................................................42l Deployment guidelines...........................................................................................................43l Deploy the CDRA OVA.......................................................................................................... 44l Log into the CDRA.................................................................................................................44l Configuring the CDRA and deploying the CDRS....................................................................45l Add additional on-premises sources...................................................................................... 56l Uninstall Cloud DR components............................................................................................ 57


Requirements for Cloud DR with Amazon Web ServicesThe following sections describe the requirements for the Cloud DR solution when used with AWSand AWS GovCloud environments.

Requirements checklistThe prerequisite checklist may vary depending on the on-premises data protection solution.

Table 5 Prerequisite checklist

Prerequisite Requirement

Operational training Familiarity with Avamar, Data Domain, RecoverPoint for VMs,Amazon Web Services, AWS GovCloud and VMware, as required.

RecoverPoint forVMs

Note: Refer to the RecoverPoint for Virtual Machines CloudSolutions Guide for the relevant procedures for the RecoverPointfor VMs protection solution.

l Familiarity with the support and limitation statements for eachRecoverPoint for VMs release.

n See the RecoverPoint for Virtual Machines Simple SupportMatrix (ESSM) for detailed support statements for third-party platforms and operating systems.

n See the RecoverPoint for Virtual Machines Release Notes forthe supported component versions and limitations.

n See the RecoverPoint for Virtual Machines Scale andPerformance Guide for the maximum number of supportedcomponents in a RecoverPoint for VMs system.

l An on-premises installation of RecoverPoint for VMs 5.2.1 orlater, with a network architecture and installed vRPA clusters asdescribed in the RecoverPoint for Virtual Machines Installation andDeployment Guide.

Note: All vRPAs must be able to resolve amazonaws.comaddresses, so all vRPA clusters will require an appropriateDNS.

l TCP/IP port 443 open for communication between every vRPAcluster that protects a production VM and AWS, and vRPAcluster that protects a production VM and CDRS, as described inthe RecoverPoint for Virtual Machines Security Configuration Guide.

l An on-cloud installation of Cloud DR Server 18.4 or later.

l One public Amazon cloud account, S3 bucket, Cloud DR Server,and on-premises datastore (for snap replication), that areregistered with every vRPA cluster that protects a productionVM.

l VMs that are protected with a copy on AWS, that was created byRecoverPoint for VMs.

Avamar and DataDomain systems for

On-premises, physical or virtual editions of:

l Avamar 7.5 and later

Cloud DR with AWS requirements and deployment


Table 5 Prerequisite checklist (continued)


Standard Mode ofoperation

l Data Domain 6.1 and later

Avamar and DataDomain systems forAdvanced Mode ofoperation


l Avamar 7.5.1 with 7.5.1-101_HF298709_27 and later

l Data Domain 6.1.2 and later

In the cloud, virtual editions of:

l Avamar 7.5.1 with 7.5.1-101_HF298709_27 and later

l Data Domain 6.1.2 and later

Connectivitybetween the DataDomain systems andthe Avamar servers

In Standard Mode, the on-premises Data Domain system isconfigured as the backup target for the Avamar server.In Advanced Mode, DDVE and AVE run in the VPC that is connectedusing VPN to the on-premises components.

Avamar and Data Domain System Integration Guide provides moreinformation about connectivity.

Clocksynchronization viaNTP

All servers (ESXi, Avamar, Data Domain, RecoverPoint vRPA clusters,CDRA, vCenter) must have their clocks synchronized with NTPservers.

vSphere environment l An on-premises vSphere environment, release 6.0 and later.

l Network connectivity between on-premises environment andAWS.

l Virtual machines that are configured for backup to the Avamarserver. The Avamar for VMware User Guide contains informationabout configuring Avamar backups of VMs.

l Virtual machines compatible with Cloud DR. Comply with:

n Virtual machine specifications for Cloud DR with AWS onpage 37.

n Supported operating systems for Cloud DR and AWS on page38 contains information about supported VM operatingsystems.

n http://docs.aws.amazon.com/vm-import/latest/userguide/vmie_prereqs.html for information about VM compatibilitywith AWS.

Amazon WebServices / AWSGovCloud

l An AWS / AWS GovCloud account.

l AWS Marketplace terms must be accepted before deploying theCloud DR Server. Accept Amazon Web Services Marketplaceterms on page 37 contains information about accepting AWSMarketplace terms . (only for AWS users)

l Network connectivity between on-premises environment andAWS / AWS GovCloud.



http://docs.aws.amazon.com/vm-import/latest/userguide/vmie_prereqs.html




l An S3 bucket to be used as a Cloud DR target in one of thesupported regions. See AWS/AWS GovCloud regions for CDRSdeployment on page 38.

l An AWS IAM policy, as described in Define the AWS IAM policyon page 156.

l Enable downloads of Cloud DR logs from AWS on page 169.

Prerequisites for Advanced ModeFollow the prerequisites for Advanced Mode operation with Avamar and Data Domain.

These prerequisites are based on the Advanced Mode architecture shown in Figure 9 on page 29.

1. Ensure that Avamar and Data Domain components are installed on premises. When adding theData Domain system in Avamar, it is recommended to use the Data Domain hostname.

2. In AWS, create a virtual private cloud (VPC).Note: When you deploy the CDRS on this VPC, the CIDR that you provide must be asubset of the VPC CIDR and must not overlap any other CIDR of a subnet in the VPC.

3. Deploy the VPN gateway within the private subnet.

4. Create the VPN tunnel between on-premises and cloud environments and verify that it isworking.

5. To deploy Avamar Virtual Edition (AVE) and Data Domain Virtual Edition (DDVE) in the privatesubnet, follow Avamar and Data Domain documentation:

l Avamar Virtual Edition for Amazon Web Services Installation and Upgrade Guide

l Avamar Data Domain System Integration Guide

Note: During AVE and DDVE deployment, when prompted to provide an IP address, enterthe Fully Qualified Domain Name (FQDN) of the private IP address.

6. Ensure that AVE connects to DDVE, and that DDVE is added as a backup target for AVE.

7. Configure the Data Domain system on premises to use the private DNS of the cloud backupserver by adding the DNS in the Data Domain System Manager: Hardware > Ethernet >Settings > Hosts Mapping.

8. Configure the cloud AVE component as a destination for the on-premises Avamar:

a. From the on-premises Avamar Administrator UI, select Data Movement Policy, then selectActions > New Destination.

b. Update required fields, select Verify Authentication, and click OK.Note: When the Avamar Administrator UI displays the private FQDN with a status ofOK, the action is successful and the on-premises Avamar recognizes the cloud-basedAVE as a replication destination.

c. Ensure that the appropriate ports are opened in the security group that is assigned to theAVE instance on AWS. For details about AWS security group ports, refer to Avamar VirtualEdition for Amazon Web Services Installation and Upgrade Guide.



Accept Amazon Web Services Marketplace termsBefore you deploy Cloud DR, you must accept the AWS Marketplace terms. The market placeterms are applicable for AWS GovCloud also.

Procedure

1. To connect to https://aws.amazon.com/marketplace/pp/B00O7WM7QW/, open abrowser.

The CentOS 7 (x86_64) - with Updates HVM page displays.

2. For AWS GovCloud, open the web browser, and enter https://aws.amazon.com/marketplace/pp/B078TPM69W/.

The CIS Centos Linux 7 Benchmark - Level 1 page displays.

3. Click Continue to Subscribe.

The Sign In or Create an AWS Account page appears.

4. Sign in using the AWS account.

The Subscribe to this software page appears.

5. Click Accept Terms.

The subscription to the CentOS software is enabled, when you click Accept Terms. Thisalso indicates that you agree to the End User's License Agreement (EULA).

The Thank you for subscribing... message appears. Verify that the subscription has beencompleted.

Virtual machine specifications for Cloud DR with AWSThe following tables list the required specifications for the VMs used for Cloud Disaster Recoverycomponents of the RecoverPoint for VMs cloud solution.

NOTICE To support recovery operations for production VMs, ensure that each VM has aunique identifier (UID).

Table 6 Cloud DR AWS components specifications

Component Specification

CDRS instance typeNOTICE If m5.large is not available, m4.large will be deployed.

m5.large

Temporary Restore Service instance type c4.8xlarge

Temporary Retention Service instance typeNote: Only relevant in the RecoverPoint for VMs protection solution.

m4.xlarge

RDSNOTICE If db.t3.small is not available, db.t2.small will be deployed.

db.t3.small

Note: For auto-scale handling, up to 100 Restore Service instances can be created forrecovery, and up to 20 can be created for failback.



https://aws.amazon.com/marketplace/pp/B00O7WM7QW/

https://aws.amazon.com/marketplace/pp/B078TPM69W/

https://aws.amazon.com/marketplace/pp/B078TPM69W/

Table 7 Cloud DR Add-on VM specifications

Component Specification

vCPU 4 (2x2)

RAM 4 GB

HDD 16 GB

In the RecoverPoint for VMs cloud solution, a CDRA is required only if you want to fail back fromAWS to an on-premises vCenter or recover to vCenter or VMware Cloud on AWS.

AWS/AWS GovCloud regions for CDRS deploymentThe list of regions for CDRS deployment is subject to change. The most up-to-date list ofsupported regions where you can deploy the CDRS is maintained in the Cloud DR Simple SupportMatrix, which is available at Dell EMC Online Support

The AWS Service Endpoints web page contains further information about AWS regions.

For AWS GovCloud regions, see Endpoints for the AWS GovCloud (US) Regions

Supported operating systems for Cloud DR and AWSThe list of operating systems for Cloud DR and AWS is subject to change. The most up-to-date listof supported operating systems is maintained in the Cloud DR Simple Support Matrix, which isavailable here:


Supported browsers and resolutionsThe following browsers and resolutions are supported with Cloud DR.

Supported browsers

l Chrome - The latest version at the time of the release of Cloud DR.

l Firefox - The latest version at the time of the release of Cloud DR.

Supported desktop resolutions

l 1280 x 800

l 1366 x 768

l 1920 x 1080

Limitations - Cloud DR with AWS and AWS GovCloudThe following limitations apply to the Cloud DR solution and AWS:

l For limitations in AWS support for importing VMs, see the AWS documentation at http://docs.aws.amazon.com/vm-import/latest/userguide/vmie_prereqs.html

l Only VMware hypervisor is supported. Other hypervisors, such as Microsoft Hyper-V, are notsupported.

l VMware tools are not installed on a failed-back VM (AWS removes the VMware toolinstallation). Manually install VMware tools, if needed, on the failed back VM.




http://docs.aws.amazon.com/general/latest/gr/rande.html

https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/using-govcloud-endpoints.html




l You cannot change the names of AWS components, such as the EC2 instance, key pairs, andso on.

l Limitations in Avamar support:

n Ad hoc backups of individual VMs are not supported. Only policy-based backups can beused.

n vAPP virtual machines are not supported.

n Existing backups that do not have Cloud DR enabled cannot be converted to Cloud DR-based backups. Only new backups created after Cloud DR is enabled are supported.

l Cloud provider performance and the volume of protected assets can affect the performance ofthe Cloud DR solution.

l Cloud DR disk size limitation for a protected/recovered VM is 4TB. The minimum disk size is1GB based on AWS EBS limitations for General Purpose EBS volumes (gp2): https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html.

l For Avamar/Data Domain configurations, Cloud DR ensures that the VM is compatible withAWS based on various factors such as operating system type and disk size. In Cloud DR 18.3,the disk size compatibility check changed for Windows machines (to satisfy AWSrequirements). The new requirement is 6 GB of free space (instead of 250 MB). Therefore,VMs that were compatible in previous Cloud DR releases, might become incompatible in CloudDR 18.3.

l CDRS does not support files share (relevant for Avamar data protection solution).

Requirements and limitations for VMware Cloud on AWSObserve the requirements and limitations of Cloud DR with VMware Cloud on AWS (VMC).

Requirements

Recovery to VMware Cloud requires:

l AWS cloud account

l VMware Cloud deployed in AWS cloud environment (used on demand)

l For Avamar/Data Domain configurations:

n On-premises Avamar (physical or virtual edition) with release 7.5 and later

n On-premises Data Domain (physical or virtual edition) with release 6.1 and later

l For RecoverPoint for VMs configurations, on-premises RecoverPoint for VMs version 5.2.1 orlater

l CDRA that is deployed in VMware Cloud (requires the same version level as the CDRS).

Note: Direct recovery to vCenter/VM Cloud is supported for UEFI enabled virtual machines.

Limitations

Failover to the VMware Cloud on AWS has these limitations:

l You cannot test a copy or promote a DR test to failover (only direct failover is supported).

l You cannot fail over from rapid recovery copies to VMC.

l You cannot use DR plans to fail over to VMC.

l You cannot use automated failback from VMC to the on-premises production site. Instead, usevCenter vMotion.

l Failover to VMC is available only for copies that are created by a CDRA in Standard Mode.



https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html

Prerequisites to enable failover to VMCWhen you enable failover to VMware Cloud on AWS (VMC), ensure that you observe the detailedprerequisites in this section.

Provide a Cloud DR environment

Provide a Cloud DR environment, including a Cloud DR Server (CDRS). Procedures for deploying aCDRA and CDRS are described in this chapter.

About this task

You can deploy CDRS in any AWS region. To avoid the high costs of cross-region recovery, DellEMC recommends to deploy CDRS within the VMC supported regions.

In a typical scenario, VMC is used on demand. When recovery operations are needed, you deploy aVMC SDDC, deploy a CDRA in the VMC, connect the CDRA to the CDRS, enable failover to theVMC vCenter, and then fail over the protected VM.

Create VMware Cloud on AWS

Before you begin

Review VMware documentation about VMware Cloud on AWS: Getting Started with VMwareCloud.

Procedure

1. Obtain a VMware Cloud on AWS (VMC) account.

2. Select an AWS region for VMC from the VMC supported regions list.

3. Connect VMC to the AWS account that is running Cloud DR.

4. Connect the VPC and subnet from the same region that you selected for VMC (in step 2 onpage 40).

5. Configure networking for the VMC software defined data center (SDDC).

Configure SDDC networking

About this task

Details about configuring the SDDC networking are described in this white paper:

Creating a VMware Software-Defined Data Center.

High-level steps include:

Procedure

1. To connect between the Management Gateway (MGW) and the Compute Gateway (CGW),create VPN gateway details:

a. Add a VPN from MGW to CGW.

b. Add VPN from CGW to MGW.

2. Create network connection firewall rules for MGW:

a. To enable network connection from web to VMC, add rule: vCenter access from Webwith HTTPS(TCP 443) service.

b. To enable provisioning from inbound to ESXi, add rule: inbound to ESXi provisioning withProvisioning (TCP 902) service.

c. To enable TCP connection from inbound to ESXi, add rule: inbound to ESXi 443 withHTTPS(TCP 443) service.



https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws.getting-started/GUID-3D741363-F66A-4CF9-80EA-AA2866D1834E.html

https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws.getting-started/GUID-3D741363-F66A-4CF9-80EA-AA2866D1834E.html

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/vmware-reference-architecture-creating-software-defined-data-center-white-paper.pdf

3. Create network connection firewall rules for CGW:

a. To enable network connection from VMC to outside network, add rule: outbound anywith All traffic service.

b. To enable network connection from VPC (AWS) to VMC, add rule: any from VPC withAll traffic service.

Deploy the CDRA on the vCenter in the SDDC

Procedure

1. Ensure that the CDRA that is deployed in VMC is accessible from the customer network.Use one of these methods:

l Create a jump host, a machine on the same VPC that you selected for the VMC (in step 4 on page 40).

l Assign a public IP address to the CDRA. See Assign a Public IP Address to a VM.

l Configure a VPN that connects the on-premises network to the SDDC. See the Networksection in the VMware FAQs: https://aws.amazon.com/vmware/faqs/.

2. Deploy the CDRA.ova file (using the same version as the CDRS) on the vCenter in theSDDC. Use the VMC internal IP address.

Connect CDRA in VMC to the CDRS

Procedure

1. Ensure that the cloud account credentials are the same as the configuration for the CloudDR environment.

2. Connect the CDRA in the VMC to the existing CDRS.

3. Add the vCenter in the SDDC as the vCenter server. Define the recovery staging area andenable direct failover to this vCenter.

NOTICE The number of IP addresses that you allocate to direct failover defines thenumber of simultaneous recoveries that you can run.

Connect CDRA to CDRS using private IP address - AWSThe connection between the on-premises CDRA and the cloud-based CDRS uses a public IPaddress by default. However, after the CDRS is deployed, the CDRA UI provides a way to connectto CDRS using a private IP address. This capability is available only after you deploy a CDRA.

Before you begin

CAUTION This feature is not supported when the on-premises source is a RecoverPoint vRPA.The vRPA does not support private IP communication with CDRS. Activating this feature, inthis case, interrupts the connection between the vRPA and CDRS and all communication islost.

About this task

If you want to connect using private IP address (for example, when working with a VPN or AWSdirect connect), you must create a network address translation (NAT) gateway and configurenetwork routing. These actions enable the CDRS to access AWS services such as Amazon SimpleQueue Service (SQS). Here are the prerequisite steps:

Procedure

1. Configure routing to the local network in the route table of the CDRS subnet. Configure theVPN gateway on the AWS as the target.



https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws.getting-started/GUID-BFE71806-64FC-4CD3-BB21-F1FEFD1478E3.html

https://aws.amazon.com/vmware/faqs/

2. Create a subnet for a NAT gateway. Configure local and default routes.

3. Create the NAT gateway using the previously created subnet.

4. Configure the default route to the NAT gateway.

After you finish

After the CDRS is deployed in the CDRA configuration wizard, edit the connection and change it toa private IP address. This option is available by selecting Cloud DR Add-on > Cloud DR Server,and then clicking the edit icon. The option is displayed in the Edit CDRS Settings dialog box.

Credentials for Cloud DR deploymentBefore you begin Cloud DR deployment, ensure that you have access to the usernames andpasswords for Cloud DR components.

Security best practices recommend that you change default passwords to something unique.

Table 8 Cloud DR component credentials

Cloud DRcomponent

Notes

Cloud DR Server Credentials are set during CDRS deployment, and can be changedthrough the CDRS interface, using the procedure to Change the CDRSuser account password on page 145.

In the RecoverPoint for VMs cloud solution, a CDRS admin user iscreated and the password for the CDRS admin user is defined duringCDRS deployment.The CDRS can be deployed using the RecoverPointfor VMs vSphere plug-in, as described in the RecoverPoint for VirtualMachines Cloud Solutions Guide, or you can connect the RecoverPoint forVMs cloud solution to an existing CDRS (for example, a CDRS that isalready being used to protect Avamar/Data Domain systems).

Amazon WebServices

Credentials are needed to establish a connection to the AWS accountwith the S3 bucket with the snapshots of your protected VMs.

l AWS IAM user credentials are managed through the AWSManagement Console > IAM Console.

l AWS root user credentials are managed through the AWSManagement Console > Security Credentials Page.

In order to deploy a CDRS, you must have an IAM user with the minimumpermissions described in Define the AWS IAM policy on page 156.

AWS GovCloud Credentials are needed to establish a connection to the AWS GovCloudaccount with the S3 bucket with the snapshots of your protected VMs.

l AWS IAM user credentials are managed through the AWS GovCloudManagement Console > IAM Console.

In order to deploy a CDRS, you must have an IAM user with the minimumpermissions described in Define the AWS IAM policy on page 156.

RecoverPointvRPA Cluster

Credentials are defined during vRPA cluster installation, as described inthe RecoverPoint for Virtual Machines Installation and Deployment Guide.

vCenter Server Credentials are needed to establish a connection to the vCenter serverthat supports the production environment.



Table 8 Cloud DR component credentials (continued)

Cloud DRcomponent

Notes

Cloud DR Add-on Created during CDRA OVA deployment, the initial username/password isadmin/admin.

Avamar MCUser Credentials are needed to establish a connection to the backup server onpremises.

Data DomainDDBoost

Credentials are needed to establish a connection to the Data Domainsystem on premises.

Cloud AvamarMCUser

Credentials are needed to establish a connection to the backup server inthe cloud.

Cloud Data DomainDDBoost

Credentials are needed to establish a connection to the Data Domainsystem in the cloud.

Deployment guidelinesUnderstand the guidelines for deployment according to the on-premises data protection solution.

Deployment guidelines

Table 9 on page 43 lists the deployment guidelines according to the on-premises data protectionsolution.

Table 9 Deployment guidelines

On-premisessolution

Deployment guidelines Reference

Avamar/DataDomain

1. Deploy the CDRA OVA.

2. Log in to CDRA and complete therequired steps in the wizard.

The CDRA wizard has severaltabs: Cloud DR Add-on, CloudAccount, Cloud DR Server,vCenter Servers, LocalBackup, and Cloud Backup(Advanced Mode only).Procedures are in containedthis guide beginning with Deploy the CDRA OVA andending with Configure cloudbackup - Advanced Mode onpage 56.

RecoverPointfor VMs(standarddeployment)

To support VM protection and recovery inthe AWS cloud:

1. Deploy RecoverPoint for VMs OVA(one for each vRPA in the on-premisescluster).

2. Use RecoverPoint for VMs DeployerGUI to install vRPAs in a cluster.

3. Use the RecoverPoint for VMsvSphere plug-in GUI to register the

Procedures for steps 1 and 2are in the RecoverPoint forVMs Installation andDeployment Guide. Step 3 is inthe RecoverPoint for VMsCloud Solutions Guide.



Table 9 Deployment guidelines (continued)

On-premisessolution

Deployment guidelines Reference

cloud account and targets, and theninstall and register the CDRS.

RecoverPointfor VMs(vCenter usecases)

If you want to:

l Fail back to the on-premises vCenter

l Fail over to another vCenter

You must deploy the CDRA OVA, log in tothe CDRA, and complete the steps of theCDRA wizard.

For these use cases, the usercompletes these steps of theCDRA wizard: Cloud DR Add-on, Cloud Account, Cloud DRServer, and vCenter Servers.Procedures are containedwithin this guide beginningwith Deploy the CDRA OVAand ending with Define arecovery staging area on page52, and also in theRecoverPoint for VMs CloudSolutions Guide.

Deploy the CDRA OVAThe Cloud DR Add-on (CDRA) is a Cloud DR component, and it is provided as an OVA deployed ona VMware vCenter Server environment.

Download the OVA from the link that was provided when you purchased the Cloud DR solution.Use the vSphere client to deploy the OVA in the vSphere environment.

In the network-mapping step, one network interface is required for the CDRA VM. Map the CDRAnetwork interface to a VLAN that provides network access to the cloud.

CDRA supports dual NIC configurations for CDRS deployment. See Configuring the CDRA anddeploying the CDRS for more information.

Note: After the CDRA is deployed, changing its IP address is not supported.

Log into the CDRAYou can log in to the CDRA with the username and password.

Procedure

1. From a host that has network access to the CDRA virtual appliance, use a browser toconnect to the appliance:

https://CDRA_hostname

Where CDRA_hostname is the hostname or IP address of the address that you createdwhen the CDRA was deployed to the vCenter server.

2. In the Admin username and Admin password fields, enter the username and password thatwere provided when you purchased the product.

Note:



l The default admin password is admin.

l Passwords expire based on the specified expiration period. By default, the expirationperiod is 90 days.

If this login is the first login or the password has expired, the Cloud DR Add-on ChangeAdmin Password window opens for you to change the password. Passwords must be atleast eight characters in length and contain a minimum of three of the following charactertypes:

l English uppercase: A-Z

l English lowercase: a-z

l Numeric character: 0–9

l Special (non-alphanumeric) characters

Note: If you forget the password, click Forgot password?. Then enter the usernameand click Send.When the admin user account's email address is initially provided or changed, AWSsends a verification email to the email address. This email address must be verifiedbefore receiving the password reset email. You can request a new verification emailthrough the AWS console by signing into the console and selecting the US East (N.Virginia) region. Then, open https://console.aws.amazon.com, select EmailAddresses, select the email address, and click resend.

Note: Email verification is not required for AWS GovCloud users.

3. If the user logs in for the first time, CDRA logs in to the Standard Mode.

To change the operational mode for your environment, see Table 2 on page 21.

Results

The Cloud DR Add-on window opens and the Welcome page is displayed.

Configuring the CDRA and deploying the CDRSThe following sections describe how to configure the Cloud DR Add-on (CDRA) and deploy theCloud DR Server (CDRS). CDRS is deployed to the cloud during configuration of the CDRA.

To begin, click Configuration in the navigation pane.



HTTPS://CONSOLE.AWS.AMAZON.COM

The menu bar (across the top) displays the steps that are required to complete the configurationand deployment process. The Cloud DR solution is fully deployed when you complete these tasks.

Generally, you complete the steps working from left to right. For example, you must connect tothe Cloud Account and create Cloud DR targets before you deploy the Cloud DR Server.

CDRA supports single NIC (NIC-0) and dual NIC (NIC-0 and NIC-1) configuration. Dual NICconfiguration is the default configuration. The single NIC configuration (NIC-0) is used for bothinternal and external networks. In single NIC configuration, IPv4 is mandatory whereas IPv6 isoptional. There are two types of Dual NIC configurations.

l External (Cloud and Data) NIC-0

n NIC-0 is used for external network.

n IPv4 is mandatory.

n IPv6 is optional.

l Internal - NIC-1

n NIC-1 is used for internal network.

n NIC-1 supports either IPv4 and IPv6.

n NIC-1 supports dual stack configuration where both IPv4 and IPv6 are defined.



Set up the CDRATo configure networking and other settings for the CDRA, use the Setup CDRA page of the CloudDR Add-on window.

Procedure

1. For Cloud DR Add-on name, enter a name for the CDRA.

2. Enter the hostname or IP address for the primary and secondary DNS servers.

3. Enter the hostname or IP address for the primary and secondary NTP servers.

4. Select a time zone that is the same as the on-premises time zone.

5. Expand the Network Configuration section. If CDRA is configured with dual NIC, External(Data) interface and Internal (Management) Interface are displayed . Only External(Data) interface is displayed in single NIC configuration.

The External (Data) interface connects cloud provider to the Data Domain path. TheInternal (Management) Interface is used for internal components.

6. Enter the IPv4 address and the gateway id in the External (Data) interface section.

7. Select the Enable IPv6 checkbox to configure the IPv6 address and gateway.

8. Select the Internal (Management) Interface to enable the Enable IPv4 and Enable IPv6sections.

9. Select the Enable IPv4 checkbox to configure the IPv4 address.


11. Click Save.

Add AWS cloud accountAdd the AWS cloud account and connect the CDRA to the account.

Before you begin

Ensure that you have an AWS account that is already configured before connecting to the cloudaccount.

Procedure

1. Click Cloud Account on the menu bar.

The Connect to Cloud Account page is displayed.

2. Click Add Cloud Account.

3. In the Connect to Cloud Provider Account dialog box, select AWS.

4. In the Connect to Cloud Provider Account dialog box, enter the Access Key ID and theSecret Access Key for the AWS account. http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html provides information about obtaining theaccess and secret keys for both AWS and AWS GovCloud users.



http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html

http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html

5. To copy the IAM policy, click Copy IAM Policy.

This action copies to the buffer a JSON version of the minimum AWS user accountpermissions that are required for Cloud DR implementation. This implementation is thenapplied to AWS and AWS GovCloud to set the permissions policy for the appropriate user. Define the AWS IAM policy on page 156 also provides the IAM policy and instructions forcreating an AWS policy that uses this IAM policy.

6. To view the Identity and Access Management (IAM) policy that represents the minimumuser account permissions that are required for Cloud DR implementation, click Show IAMPolicy.

7. To save the AWS / AWS GovCloud cloud account, click Verify & Save.

The CDRA verifies that the account exists before saving the cloud account information andclosing the Connect to Cloud Provider Account dialog box.

Note: The user cannot change to a different AWS / AWS GovCloud account, after theaccount is linked to Cloud DR.

Add AWS cloud targetsYou can add one or more AWS / AWS GovCloud cloud targets to the cloud account by selecting anAmazon S3 bucket and an encryption method.

Procedure


The Cloud Account page is displayed.

2. Click ADD CLOUD TARGET to set up one or more Cloud DR targets on the cloud account.

The Cloud DR target is the S3 bucket on AWS / AWS GovCloud where data is written whenVMs are backed up to the cloud. The Cloud DR Server is deployed on one of the targets.

The Add Cloud DR Target dialog box opens.

3. Enter a name for the Cloud DR target.

For Avamar/Data Domain configurations, Standard Mode operation requires this name to bethe same name that is displayed in the Avamar Administrator UI when creating a Cloud DRbackup policy.

For RecoverPoint for VMs configurations, when creating a cloud copy, enter the same namethat is displayed in the RecoverPoint for VMs plug-in for vSphere.

4. Select an Amazon S3 bucket and region for the Cloud DR target.

5. Click Advanced security option and select an encryption method.

Option Description

SSE-S3 Default encryption (no cost)

SSE-KMS Key management service encryption (incurs a cost)



Note: If you select the SSE-KMS encryption method, only the default customer-managed key is supported. Changing the encryption key might cause errors with thefiles in the Amazon S3 bucket.

For more information about these encryption methods, see:

l SSE-S3 - https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html

l SSE-KMS - https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html

6. Click ADD.

7. For each Cloud DR target that you want to add, repeat the steps in this procedure.

Deploy the Cloud DR Server in AWS/AWS GovCloudDeploy the CDRS on a specific Cloud DR target.

Before you begin

l Cloud DR targets are required in the AWS/AWS GovCloud account before performing thistask. Add AWS cloud account on page 47 contains information about adding Cloud DR targetsto the AWS/AWS GovCloud account.

l AWS Marketplace terms must be accepted before deploying the Cloud DR Server. AcceptAmazon Web Services Marketplace terms on page 37 contains information about acceptingAWS Marketplace terms . (only for AWS users)

Procedure

1. Click Cloud DR Server on the menu bar.

l If no CDRS has been deployed, the Deploy Cloud DR Server page is displayed.

l If the CDRS has already been deployed, the Cloud DR Server page is displayed. You arenot permitted to deploy more CDRS instances.

2. In the Cloud DR Server Configuration section, select an AWS region, and then select anexisting VPC or create a new VPC.

Option Description

CreateNew VPC

Not available in Advanced Mode. If you create a new VPC in Standard Mode:

l The connection between the CDRA and CDRS uses a public IP address,and you cannot update this setting later to use a private IP address.

l Changing to Advanced Mode later is not possible without assistance fromDell EMC support.

SelectexistingVPC

Available in Standard Mode and Advanced Mode. In Advanced Mode, you candeploy CDRS in the same VPC as the AVE and DDVE components or in adifferent VPC. If you select a different VPC than the one that contains AVEand DDVE, ensure that CDRS has a VPN connection to the AVE and DDVE.

Note: The AWS API should be connected to CDRS for successfuldeployment. The user can remove the public IP from CDRS once thedeployment is complete.



https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html

https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html

https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html

https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html

A public subnet is created in the VPC, and the CDRS is launched into it.

3. In the IPV4 CIDR Range section, the CIDR prefix for the CDRS is pre-populated, and youmay retain the given value or change it.

Note: The CIDR range defines the number of IP addresses within the VPC. The range isallocated by CDRS to the CDRS subnet and two RDS's (the second RDS is a backup forhigh availability). Each RDS is created in its own Availability Zone and private subnet. Ifyou selected an existing VPC in the previous step, ensure that the IP addresses withinthe CIDR range are available for use. If you specify a range of addresses that is notavailable (meaning that these IP addresses may already be in use), then the deploymentprocess will not start.

4. In the User Configuration section, enter and confirm passwords for the CDRS Admin andCDRS Monitor users.

The passwords must:

l Be at least eight characters in length

l Contain characters of a minimum of three of the following types:

n English uppercase: A-Z

n English lowercase: a-z

n Numeric character: 0–9

n Special (non-alphanumeric) characters

a. Enter and confirm passwords for the CDRS Admin and CDRS Monitor users.

b. Enter an email address for Cloud DR password reset requests.

When the Cloud DR Server is successfully deployed, AWS sends an email to this addressfor verification. Follow the instructions in the email within 24 hours of deployment.

Note: If you update the password, the new password must be different than theprevious password.

5. To confirm that you accept the marketplace terms, click the I have accepted the AWSMarketplace terms checkbox.

This checkbox is applicable for AWS users only.

6. Click Deploy Cloud DR Server.



Results

The CDRA begins deployment of the CDRS to the Cloud DR target. Deploying the CDRS may takeup to 30 minutes.

The M4.Large instance type is used for the CDRS instance. To reduce deployment costs, you maywant to purchase reserved instances from AWS; otherwise an on-demand instance is used. Anelastic IP address is automatically assigned to the CDRS instance. You cannot change this IPaddress.

If the deployment is successful, the Cloud DR Server page is displayed, listing the hostname ofthe CDRS host and the region. You can access the Cloud DR Server by clicking the CDRSHostname link, but protection and disaster recovery are not supported until you complete allCDRA configuration steps.

If an error occurs during deployment, click Cleanup to delete the cloud resources that CDRScreates, and then retry deployment.

Note: Multiple Cloud DR Add-on appliances can connect to a single Cloud DR Server instance.However, a Cloud DR Add-on appliance can connect to only one Cloud DR Server instance.

Add VPN gateway - Advanced ModeThe Advanced Mode requires that you add one or more VPN gateways. If you are operating inStandard Mode, skip this procedure.

Before you begin

Adding VPN gateways is a requirement only when operating in Advanced Mode.

You must first deploy the CDRS before you can add VPN gateways.

About this task

Add at least one VPN gateway to enable communication between the Data Domain system and thebackup server in the cloud. If you plan to support multiple regions, add a VPN gateway for eachregion.

Procedure

1. On the Cloud DR Server page, click the Add VPN Gateway Details button.

2. In the Add VPN Gateway Details dialog box, select a region for the VPN gateway.



3. Select the same VPC and subnet that the VPN gateway is using to communicate with DDVEand AVE.

NOTICE The subnet that you select in this step must have a route table. This subnetmust be explicitly associated with the route table (DR test and failover functions requireit). You can verify the association in AWS.

4. Enter the IP address for the IPV4 CIDR Range. This CIDR is used by the Restore Serviceinstance during a DR operation. The range value is fixed and cannot be changed.

NOTICE A different VPC and subnet is created for the restore service with theconfigured CIDR that cannot be changed.

5. Click Apply.

Connect to vCenter serversYou can connect the CDRA to vCenter servers that manage VMs in the Cloud DR solution. You canalso define recovery settings.

Procedure

1. Click vCenter Servers on the menu bar.

The Connect to vCenter Servers page appears.

2. Click Add vCenter Server.

The Connect to vCenter Server dialog box appears.

3. Enter the hostname or IP address of the vCenter server.

4. Enter the port number for the vCenter server.

5. Enter the Admin username and password.

6. Click Save.

7. In the Confirm vCenter's SSL Certificate dialog box, click Confirm.

A dialog box prompts you to define a recovery staging area.

8. Define the recovery settings as described in "Define a recovery staging area." To definerecovery settings later, click Define Later.

9. To add additional vCenter servers, repeat steps in this procedure for each vCenter server.

Results

The vCenter Servers page lists vCenter servers that you add to the CDRA.

Define a recovery staging areaRecovery is the process of transferring protected VMs from the cloud to the designated vCenterenvironment. The Define Recovery Staging Area dialog box enables you to configure settings forthe operation.

Before you begin

If you are defining a recovery staging area for the VMware Cloud on AWS (VMC), follow theseguidelines when performing this procedure:

l When prompted to select a network, select the network for the VMC software-defined datacenter (SDDC).

l When enabling direct failover to a vCenter, select the VMC vCenter.



About this task

Note: If you do not define a recovery staging area during initial Cloud DR configuration, youcan define it later. However, recovery operations do not work unless these settings areconfigured.

Procedure

1. In the vCenter Servers tab, select a vCenter, and click the edit icon . To updateinformation about the vCenter, select Edit vCenter Details. To update the failback settings,select Edit Failback Setting.

When you click Edit vCenter Details, the Define Recovery Staging Area dialog box is

displayed.

2. Select one or more datastores or datastore clusters on the vCenter server.

3. Select one or more networks for the recovery staging area.

Selected networks must connect to the cloud.

4. For each selected network:

a. Highlight the network.

b. Configure the IP range pool by typing the first IP address in the pool and the number ofIP addresses in the subnet to be included in the pool. To enter additional IP range pools,

click the plus button.

c. Enter the network Subnet mask.

d. Enter the network default gateway for the Gateway.

5. To enable a direct failover to the selected vCenter, click the toggle button at the bottom ofthe dialog box:



Note: You may define multiple vCenters as recovery targets.

6. Click Save.

Configure Avamar backup server and Data Domain systemYou can connect CDRA to a local (on-premises) Avamar backup server and Data Domain system.

Before you begin

This procedure is only for the on-premises Avamar/Data Domain solution.

Before configuring the on-premises Avamar server, deploy the CDRS.

Procedure

1. Click Local Backup on the menu bar.

The Connect to Backup Servers page is displayed.

2. Click Add Backup Server.

The Connect to Backup Server dialog box is displayed.

3. Enter the hostname of the Avamar server.

4. Enter the Avamar server HTTPS service port number.

5. Enter the username and password of the Avamar MCUser account.

6. Click Save.

The Local Backup page is displayed. This page displays the DDBoost username that thebackup server uses to connect to the Data Domain system.

7. To connect the local Data Domain system that is registered to the Avamar server, clickConnect DD.

Note: When adding the Data Domain system in Avamar, Dell EMC recommends usingthe Data Domain hostname.

The Connect to Data Domain system dialog box is displayed.

8. Select the Data Domain system and enter the password for the DDBoost username. Thenclick Connect.

9. If you want to protect VMs that the cloud provider does not support, switch the Protectunsupported VMs toggle to the on position.

Note: Although the protection of unsupported VMs is supported, recovery of these VMsto cloud instances is not supported.

10. To connect to additional Avamar servers, repeat the steps in this procedure for each Avamarserver.

Results

The Local Backup lists the Avamar server and Data Domain system that are connected to theCDRA.



Note: Any Avamar server can be connected to only one CDRA at a time.

Edit backup server and associated Data Domain systemYou can edit the information for a backup server and its associated Data Domain system.

Procedure


2. To edit the local backup server, click the edit (pencil) icon for the backup server that youwant to change, and click Edit Backup Server.

The Edit Backup server dialog box appears.

3. Make the required changes and click Save.

4. To edit the Data Domain system, click the edit (pencil) icon for the system that you want tochange, and click Edit DD_system.

The Update Data Domain's Credentials dialog box appears.

5. Make the required changes and click Connect.

Delete Data Domain systemYou can delete the on-premises Data Domain system that is associated with the local backupserver.

Procedure


2. Click the delete (trash can) icon for the backup server and its associated Data Domainsystem.

The system prompts you to select either the backup server or the associated Data Domainsystem for deletion.

3. Select the associated Data Domain system for deletion.

Results

The selected Data Domain system is deleted.

Delete backup serverYou disconnect from a backup server by deleting it.

Procedure




3. Select the local backup server.

Note: If the local backup server is connected to a Data Domain system, first delete theData Domain system. Then delete the local backup server.



Results

The selected backup server is removed. If an Avamar server is removed and then reconnected, afull backup of protected VMs occurs. Previously protected VMs are accessible to disaster recoveryand failover in the CDRS.

Configure cloud backup - Advanced ModeOperating in Advanced Mode requires you to establish communication between the local backupserver and the backup server in the cloud and its associated Data Domain system.

Before you begin

If you are operating in Standard Mode, skip this procedure. Configuring the cloud backup server ispossible only when operating in Advanced Mode.

Procedure

1. Click Cloud Backup on the menu bar.

2. Click the Connect to your Cloud Backup Server button.

a. Select the on-premises backup server from the list provided.

b. Select the (remote) cloud backup server from the list.

c. Select a region for the cloud backup server.

d. Enter the port number for the cloud backup server.

e. Enter the cloud backup server username and password.

f. To connect the on-premises backup server to the cloud backup server, click Connect.

The on-premises and cloud-based backup servers are connected.

3. To establish a connection from the cloud backup server to the cloud Data Domain system,click the Connect DD button.

The Connect to Cloud Data Domain System dialog box is displayed.

a. Select a cloud-based Data Domain system from the list.

b. Enter the DDBoost user password for the cloud Data Domain system.

c. Select an S3 restore bucket that is in the same region as the cloud Data Domain system.

d. Click the Connect button.

Results

The cloud backup server configuration is complete. You may use the CDRS for Cloud DRoperations. To access the CDRS, return to the Cloud DR Server page and click the hyperlink toopen the Cloud DR Server.

Add additional on-premises sourcesYou can add up to 50 on-premises sources (CDRAs or vRPAs) to the same Cloud DR Server(CDRS).

About this task

The CDRAs that are connected to the CDRS can operate in different modes (Standard Mode orAdvanced Mode).

This high-level procedure describes how to add CDRAs. Details of each step are provided in thisguide. For information about adding vRPAs, see (Deployment guidelines on page 43).



Procedure


2. Log in to the CDRA.

3. Configure the CDRA.

4. Add the AWS cloud account.

5. Add the AWS Cloud DR targets.

6. If you want to change the CDRA-to-CDRS connection to a private IP address, edit theCDRS settings.

7. Connect to the existing Cloud DR Server.

a. On the Cloud DR Server page of the Cloud DR Add-on UI, click the link for the CDRShostname.

b. When the Cloud DR Server log-in is displayed, enter the username and password for theCDRS.

This action connects the new CDRA to the existing CDRS.

8. Connect to one or more vCenter servers.

9. Define failback settings.

10. Connect a local Avamar backup server and Data Domain system.

11. If operating in Advanced Mode, configure the cloud backup server.

12. To add more CDRAs to the existing CDRS, repeat the steps in this procedure.

Uninstall Cloud DR componentsTo uninstall Cloud DR components, follow the steps in this procedure.

Before you begin

NOTICE Failure to perform these steps in the listed order causes undesirable results.

The steps that follow apply to Standard Mode and Advanced Mode operation unless otherwisenoted. These steps assume that the on-premises source is a CDRA. If the on-premises source is avRPA, and there is no on-premises CDRA, perform only the tasks that are listed in Table 10 onpage 58.

Procedure

1. (Advanced Mode only) From the CDRA UI, capture a list of the on-premises and cloudservers that are registered in CDRA.

2. (Advanced Mode only) From the on-premises Avamar, delete policies that are using cloudservers that are registered in CDRA.

3. (Advanced Mode only) From the CDRA UI, in the Cloud Backup tab, delete the cloud DataDomain.



4. (Advanced Mode only) From the CDRA UI, in the Cloud Backup tab, delete the cloudAvamar.

5. (Standard Mode only) From the on-premises Avamar, delete the Avamar policies that areconfigured to send files to the cloud.

6. From the CDRA UI, in the Local Backup tab, remove the Data Domain system.

7. From the CDRA UI, in the Local Backup tab, remove the Avamar backup server.

8. (Advanced Mode only) From the CDRA UI, in the Cloud DR Server tab, remove the VPNGW parameters.

9. Delete the Cloud DR Add-on appliance from vSphere, as described in VMwaredocumentation.

10. If you installed a CDRA on-premises or on the VMware Cloud on AWS, delete the Cloud DRAdd-on appliance from vSphere, as described in VMware documentation.

11. It is important that you clean up cloud-based resources that are no longer needed. From theAmazon Web Services console, perform these tasks in the order presented:

Table 10 Cleaning up cloud-based resources

Task AWS documentation link

Delete the Cloud Formationstacks from all regions that youused (named CDRS-DeployStack, CDRS-RDSCluster, CDRS-RestoreService).

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-console-delete-stack.html

Delete the EC2 key pairs thatare named CDRS-KeyPair andCDRS-RestoreService.

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html

Delete the IAM role that isnamed CDRS-Role.

http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage_delete.html

Delete all S3 buckets that wereused as Cloud DR targets.

http://docs.aws.amazon.com/AmazonS3/latest/dev/delete-or-empty-bucket.html

Note: Perform this step only if the S3 buckets are notbeing used for purposes other than Cloud DR.

Unregister AMIs and deletesnapshots that Cloud DRServer created for rapidrecovery of VMs.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/deregister-ami.htmlLook for AMIs and snapshots where CDRS is displayed in theCreated By tag name.

Delete the SQS queues that arenamed CDRS-RestoreService<version>-Events and CDRS-RestoreService…<version>-Responses

https://docs.aws.amazon.com/cli/latest/reference/sqs/delete-queue.html











https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/deregister-ami.html

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/deregister-ami.html



CHAPTER 3

Cloud DR with AWS protection, recovery, andfailback


l Overview...............................................................................................................................60l Create rapid recovery copies for protected assets................................................................65l Associate VMs with applications - Advanced Mode operation............................................... 66l Test or fail over a single asset to AWS cloud.........................................................................66l User actions to restore applications - Advanced Mode..........................................................68l Failover to vCenter or VMware Cloud on AWS......................................................................69l Failback workflow.................................................................................................................. 71l Failback from the cloud.......................................................................................................... 71l Promote a DR test to failover................................................................................................ 73l End a DR test........................................................................................................................ 74l End a failover.........................................................................................................................74l Monitor recovery activities....................................................................................................75l DR plan activities................................................................................................................... 77l Create a DR plan................................................................................................................... 78l Edit a DR plan........................................................................................................................79l Test or fail over a DR plan to AWS cloud................................................................................81l Split a DR plan activity.......................................................................................................... 82l Delete a DR plan....................................................................................................................83


OverviewThe Cloud DR solution provides disaster recovery (DR) activities that include protection, test,promote test to failover, failover, and failback of one or more on-premises assets.

You can perform DR activities on a single asset, or multiple assets by using a DR plan.

ProtectionProtection varies depending on the operational mode (Standard Mode or Advanced Mode).

When the Cloud DR solution includes Avamar and Data Domain in Standard Mode, the protectionflow uses the Cloud DR data path. The protection flow follows:

1. Avamar writes a full VM backup to the Data Domain system.

2. The CDRA receives the backup files from Data Domain and validates AWS compatibility. Thenit segments, compresses, and encrypts the files.

3. The CDRA sends the segment to the cloud target for protection.

4. Avamar then writes only incremental backups to the Data Domain system.

5. The CDRA segments, compresses, and encrypts the incremental backups.

6. The CDRA sends only the changes (or diffs) to the cloud target for protection.

You start the standard protection flow from the Avamar Administrator UI by creating a backupgroup, selecting a data set, and enabling Cloud DR for the group. See the Avamar for VMware UserGuide for information about configuring protection from the Avamar Administrator UI.

After you back up a VM, you can enable it for rapid recovery in the CDRS user interface.

The protection flow is similar in Advanced Mode except that it uses the Data Domain data path,which is managed by Avamar. In Advanced Mode operation, you must create two backup groups inthe Avamar Administrator UI, one for the VM and one for the application.

When the Cloud DR solution includes RecoverPoint for VMs, the virtual RecoverPoint Appliancecluster (vRPA cluster) manages the data path to the cloud and the control path to the CDRS,replacing the on-premises CDRA for those functions within the protection flow.

TestA DR test enables temporary access to a cloud instance to verify that a recovered asset worksbefore you perform a failover. Testing DR scenarios before a real disaster occurs is arecommended best practice that saves time and ensures that production assets on premises canbe quickly recovered in the cloud.

Figure 10 on page 61 shows the basic test workflow. Table 11 on page 61 lists the user actionsthat are available for each workflow state.

Cloud DR with AWS protection, recovery, and failback


Figure 10 DR test workflow

To understand the workflow and available user actions for each state, read Table 11 on page 61from left to right and from top to bottom.

Table 11 Test workflow states and related user actions

Workflow state User Actions Next state

Starting state:Production VMs areprotected in cloud and remainprotected during the test

Select VM/DR PlanSelect test network

Select cloud instance,security group

Start test

Test in progress

Test in progress Cancel Canceled

Canceled -- Starting state

Failed Retry Test in progress

Clean up Starting state

Succeeded:Testing - cloud instancerunning

Promote to failover (canchange network)

Failed over - cloud instancerunning

End test (removes cloudinstance)

Starting state



FailoverYou perform a failover to the cloud when an on-premises disaster occurs and the production VMsare not running.

During a failover, shut down the on-premises production VMs to prevent users from writing newdata to them.

Figure 11 on page 62 shows the basic failover workflow. Table 12 on page 62 lists the useractions that are available for each workflow state.

Figure 11 Failover workflow


Table 12 Failover workflow states and related user actions


Starting state:Production VMs areprotected in cloud and remainprotected during failover

Select VM/DR PlanSelect failover network


Start failover

Failover in progress

Failover in progress Cancel Canceled


Failed Retry Failover in progress


Succeeded: Fail back Failed back

End failover (removes cloudinstance)

Starting state



Table 12 Failover workflow states and related user actions (continued)



FailbackA failback transfers a failed-over VM (cloud instance) back to the on-premises vSphereenvironment. A failback is only crash-consistent, not application-consistent.

The failback workflow is the same for Standard Mode and Advance Mode of operation.

Before starting failback, it is a best practice to shut down services on the cloud instance.

Figure 12 on page 63 shows the basic failback workflow. Table 13 on page 63 lists the useractions that are available for each workflow state.

Figure 12 Failback workflow


Table 13 Failback workflow states and related user actions


Starting state:Failed over - cloud instancerunning

Select VM/DR plan.Start failback.

Failback in progress

Failback in progress Cancel. Canceled



Table 13 Failback workflow states and related user actions (continued)



Failed Retry Failback in progress

Clean up. Starting state

Succeeded:Failback completed, new VMcopies restored on premises

Link to failover activity card.End failover to terminaterecovered cloud instances.

--

DR plansA disaster recovery (DR) plan is a collection of assets (VMs and their applications) that enablesyou to define run book recovery plans, including batch operations on multiple assets, network andsecurity group association, VM boot order definition, and selection of cloud instance type.

A DR plan is associated with a single region and on-premises source (CDRA or vRPA). You can addto the plan only those assets that are protected by the designated source (CDRA or vRPA) and arein the designated region.

The assets that you add to the DR plan are called DR plan members. If required, you can add thesame asset to multiple DR plans. For example, you might want to create several DR plans to testvarious DR scenarios. You can also create a master DR plan that contains all the assets onpremises.

Note: If the operational mode is Standard Mode, you add only VMs to the plan. In AdvancedMode, in addition to adding VMs, you add applications to the plan.

For each VM in the DR plan, you can specify a startup priority, called a boot order, from 1 to 5,where a lower number represents a higher priority. For example, a VM with a boot order of 1 beginsrecovery before a VM with a boot order of 2 to 5. All VMs with the same boot order begin recoveryat approximately the same time (actual start times may vary depending on when each VM recoveryoperation ends).

Note: Boot order, network, security group, and cloud instance type apply to VMs, not toindividual applications.

You can test, fail over, or fail back a DR plan in the same way that you might perform thoseoperations on a single asset. There are minor differences in the workflows.

When you test or fail over a DR plan, that operation is applied to all the assets contained in theplan. If one asset in the plan fails, the operation continues on the other assets in the plan (thedefault behavior). You may choose to retry the operation for the failed asset while the DR planoperation continues. A partially successful DR test means that the batch operation continues evenwhen one or more assets in the DR plan encounter a test failure. Optionally, you may configure theDR plan to fail when any asset in the plan fails by enabling the Fail on error option.

When a DR plan is partially successful (that is, recovery of some assets has succeeded whileothers have failed), the user has three options:

l Retry - This action retries the operation only for the failed assets. Cloud instances that arealready recovered remain available.

l End test or failover - This action terminates the cloud instances of successfully recoveredVMs.

Note: Ending a failback operation for a DR plan only closes the failback card.



l Split - This action splits a partially successful DR plan into its individual members so you canmanage each asset separately.

Depending on the number of members in a DR plan, it may take some time for the plan operation tocomplete. One convenient feature of a DR plan is that when you run a DR plan, you canimmediately begin editing the plan or even delete it without affecting the completion of the originalplan.

Create rapid recovery copies for protected assetsYou can accelerate the recovery process ahead of time by creating rapid recovery copies forprotected assets. Creating a rapid recovery copy reduces the RTO for a protected asset butconsumes additional cloud resources and incurs additional costs.

About this task

Creating a rapid recovery copy starts the rehydration process and converts the VMDK files to anAmazon Machine Image (AMI). The recovery process (test or failover) then launches therecovered instance from the AMI.

Perform this procedure when a copy is available in the cloud storage.

Rapid recovery is supported for the VM and its associated applications. To enable rapid recoveryfor an application, apply rapid recovery to its associated VM.

Note: Failover of rapid recovery copies to a vCenter or VMware Cloud is not supported.

Procedure

1. In the CDRS user interface, select Protection > Asset Protection in the navigation pane.

The existing protected assets are displayed in the right pane. The Rapid Recovery Imagecolumn indicates whether the asset is enabled for rapid recovery.

2. Select one or more VMs and click Set Rapid Recovery Image.

3. In the Set Rapid Recovery Image dialog box, select the number of rapid recovery copiesthat you want to keep (from 1 to 5), and then click Set.

Note: Configuring more than one rapid recovery copy for selected VMs enables you toquickly recover to an older point in time in case the latest point-in-time copy cannot beused because of inconsistent or corrupt data.

Results

l The CDRS creates the rapid recovery copy and removes the oldest machine image to maintainthe number of copies that you configured.



l You can verify the results by reviewing the Rapid Recovery Image column where the numberof copies is indicated. The icon is displayed in some CDRS windows and designates a copythat is enabled for rapid recovery.

After you finish

l You can disable rapid recovery for an asset by selecting it and clicking Disable Rapid RecoveryImages.

l You can set the minimal time interval during which rapid recovery copies are not created. See Set rapid recovery interval on page 148.

Associate VMs with applications - Advanced Mode operationIf you are operating in the Advanced Mode, the Asset Association window enables you toassociate a VM with an application.

Before you begin

Making associations between applications and the VMs that host them is required to enable DRactivities for the applications. Unassociated applications cannot be tested or failed over.

Procedure

1. From the CDRS user interface, select Protection > Asset Association.

A table of available clients appears. The table lists the client names, IP addresses,application types, and backup servers.

2. To associate a VM with an application, click the row for the application that you want toassociate, and then click Select VM.

The Select VM dialog box appears. The client's application, client IP address, backup server,and CDRA are identified. The dialog box displays a list of available VMs from which tochoose.

3. Select the VM to associate with the application, and then click Apply.

NOTICE Ensure that you select the correct VM to associate with the application. Theapplication must reside on the VM that you select.

4. Repeat these steps to make additional associations between applications and VMs.

Test or fail over a single asset to AWS cloudThis procedure describes how to test or fail over a single asset (VM or application) to the AWScloud, when an operational error or disaster occurs on premises.

Before you begin

l To ensure a successful failover, and better prepare for a disaster, best practices recommendtesting various disaster recovery scenarios. After performing a test, you can promote the testto a failover.

l To perform a DR test or failover of an asset, you must have VMs that are protected and copiedto the cloud.

l To fail over to a vCenter or VMware Cloud environment, see Failover to vCenter or VMwareCloud on AWS on page 69.

l If you intend to use tags, you must first create the tags. See Create a tag on page 147.

l If you are operating in Advanced Mode, before you perform a test or failover of an application,you must associate the application with a VM. See Associate VMs with applications - AdvancedMode operation on page 66.



Procedure

1. In the Cloud DR Server user interface, select Recovery > Asset Recovery

You can also open the Asset Recovery page from the dashboard by clicking See All in theRecovery pane.

The Asset Recovery page is displayed.

2. Use the Search for assets widget to search by asset type or CDRA name.

3. Select the asset that you want to recover and click Test or Failover.

If you click Failover and the asset has never been tested, a dialog box opens and remindsyou that running a DR test is recommended before implementing a failover. The messagealso recommends that you shut down the production VM to avoid a possible data loss that iscaused by accidental user access. Click Select Copy to continue.

4. In the wizard that opens, in the Copy step, select a point-in-time copy of an asset that youwant to test or fail over, and then click Next.

In the RecoverPoint for VMs cloud solution, all bookmarks created using RecoverPoint forVMs are displayed.

Note: If operating in Advanced Mode, when you select an application copy, the CloudDR Server also selects the latest VM copy before the point-in-time copy of theapplication. If there is no VM copy before that time, the Cloud DR Server takes a newVM copy.

5. In the Network step, select the network where you want to launch the EC2 instance, andthen click Next.

NOTICE If you are operating in Advanced Mode, to ensure application-consistentrecovery, select the VPC network where the DDVE and AVE components are installed(see Figure 9 on page 29). Alternatively, you may select a different VPC network andcreate VPC peering to the VPC that runs DDVE and AVE.

6. (Optional) In the Advanced step:

a. In the Security Groups tab, select a security group.

b. In the EC2 Instance Type & Tags tab, select an EC2 instance type and a tag.



c. In the IP settings tab, to enter a private IP address for the recovered instance, selectthe checkbox for this setting and enter the address. The system prevents you fromselecting an IP address that is already in use.

7. Click Start DR Test or Start Failover.

Results

The recovery process begins and you can monitor progress on the DR Activities page. Duringrecovery:

1. A temporary Restore Service instance is launched in each region where recovery is needed(unless the VM is enabled for rapid recovery). This instance performs hydration duringrecovery, and is automatically terminated after 10 minutes of idle time.

2. The Cloud DR Server converts the VMDK to an AMI and launches an EC2 instance that isbased on the AMI.

3. When the EC2 instance is running, the Cloud DR Server deletes the VMDK and AMI.

User actions to restore applications - Advanced ModeDuring recovery operations, a DR operation may stop pending user action. Optional user actionsare listed here to assist you in restoring an application. When you complete the user actions, youcan continue with the DR operation.

Pausing DR for application maintenanceIf an application is undergoing a DR test or failover and requires user action before continuing (forexample, to mount a database), the DR activity pauses to enable you to perform user actions onthe application.

About this task

When you are ready to resume the DR test or failover, you may choose to continue with the DR inprogress by clicking the CONTINUE button, or you may skip the DR in progress, by clicking theSKIP button, to finish it manually. These options are available from the DR activities page.

If you want to view only those activities that require attention, click the toggle button at the top ofthe DR activities page.

GeneralProcedure

1. Verify that the firewall is disabled. At a minimum, add public + private and UDP + TCP rulesfor avagent.

2. Verify the DNS resolution to the AVE internal DNS name. This action may require manualentry in the hosts file.

3. Verify that the application to be restored is up and running.

4. Verify that minimal free space is available on the EC2 instance.

5. Verify that the Avamar configuration files avagent.cfg and cid.bin were deleted. If not,delete them and restart the avagent service.

6. Verify that TCP ports 28000, 28001, and 28002 are open on the VM firewall and thesecurity group that is attached to the recovered instance.



SQLProcedure

1. Verify that the user databases to be restored are not in use.

2. If any applications are using these databases, shut them down.

OracleProcedure

1. Shut down the Oracle database.

2. Locate the oradata folder containing the control file and database files for the databaseinstance.

3. Rename the folder, and create a new folder with the same name under oradata.

4. Start the Oracle database in the nomount state.

SharePoint and ExchangeProcedure

1. Add the restored domain controller (DC) internal IP address as the DNS server in thenetwork adapter configuration.

2. To re-establish the trust relationship, leave and then rejoin the domain.

3. Open the command prompt and run these commands:

ipconfig /flushdnsipconfig /registerdns

4. Add the DC, AVE, and DDVE internal IP addresses to the hosts file.

5. For Exchange only, add the original IP configuration of the on-premises VM as an alternateconfiguration in the network adapter configuration.

Failover to vCenter or VMware Cloud on AWSThis procedure describes how to fail over a VM to a recovery-enabled vCenter (for example, thevCenter where the VMware Cloud on AWS is deployed). Recovery to VMware Cloud is availableonly for copies that are created by an on-premises source (CDRA or vRPA) in Standard Mode.

Before you begin

Deploy the CDRA, and enable direct failover to the target vCenter, as described in Define arecovery staging area on page 52.

Procedure


The Asset Recovery page displays.

2. Select a VM and click FAILOVER TO VCENTER.

The Failover to vCenter dialog box opens.

3. In the Failover to vCenter dialog box, in the Copy step, select a Point in Time copy andclick NEXT to go to the Failover Target step.



All bookmarks created using RecoverPoint for VMs are displayed. Every copy snapshot(Point in Time) is replicated together with its OVF, so the failed over VM will have the samehardware settings that the protected VM had, at the selected Point in Time.

4. In the Failover Target step, select a CDRA/vCenter failover target.

5. Optionally, in the Advanced section, update the Keep original VM MAC address and UIDcheckbox setting.



If you are failing over to the same network as the production VM, to avoid IP conflicts, clearthis checkbox to ensure that the failed over VM has a different MAC address and UID thanthat of the production VM.

NOTICE When a production VM is replicated, the hardware settings of the productionVM (including the MAC address) are also replicated, with these exceptions:

l RAW disk is not supported. In the failed-over VM, it becomes a VMDK.

l Single-root I/O virtualization (SR-IOV) pass-through is not supported. In the failed-over VM, it becomes an e1000 virtual NIC.

6. Click START FAILOVER.

Results

The failover process begins and you can monitor progress on the DR Activities page.Note: If the destination vCenter version is older than the source vCenter version, the failoverprocess fails due to incompatible virtual machine hardware version.

Failback workflowA failback operation allows a failover instance to be copied back to an on-premises vCenter.

This operation is possible only in Standard Mode.

1. Failback is initiated from a failover instance by using the CDRS user interface.

2. CDRS powers off the instance and creates snapshots of its disks.

3. A Restore Service:

a. Creates disks from the snapshots.

b. Attaches the new disks to itself.

c. Reads the data and creates segments of data, compressing and encrypting the data storedin the cloud target for that specific region.

4. When the CDRA receives a new failback request, it creates a Restore VM, including a bootdisk, at the on-premises vCenter in the failback staging area. The failback staging area isdefined during Cloud DR deployment at the Connect to vCenter Server page.

5. The Restore VM copies the data from the cloud storage. Disks (VDMKs) are directly attachedto the Restore VM and allocated as thick lazy-zeroed.

6. When the restore process completes, the CDRA powers off the Restore VM, deletes the bootdisk, configures the failed-back VM as necessary, and relaunches the VM.At this point, you can vMotion the VMs from the failback staging area to their original locationsor new locations. The IP addresses used for Restore VMs are not used for failed back VMs, soassign appropriate IP addresses to failed back VMs and ensure that DHCP can resolve them.

7. The CDRS performs any required clean-up of temporary resources in the cloud providerenvironment. However, the user must use the cloud provider console or the CDRS userinterface to manually terminate the original failover instance in the cloud. This instance wasused to launch the failback process.

Failback from the cloudWhen an operational error or a disaster occurs in the on-premises environment, you can fail over aVM or DR plan to the cloud. After a failover to the cloud, the failed-over workloads run on cloudinstances (VMs) with data that is stored in cloud storage. When the on-premises issue is resolved,you may want to fail the cloud instance back to the on-premises environment to continue running



the workloads locally, instead of in the cloud. This procedure provides steps to fail back workloadsthat were failed over to the cloud. While you can fail back a VM or DR plan that contain multipleassets, failback of individual applications is not supported.

Before you begin

l Ensure your cloud instances are in a failed-over state.

l In the RecoverPoint for VMs solution, ensure that you have deployed an on-premises CDRA.

NOTICE In the RecoverPoint for VMs solution, to support failback operation, you must deploya CDRA on premises, connect it to the existing CDRS in the cloud, enter the on-premisesvCenter details, and define the recovery staging area.

Procedure

1. To perform a failback, select Recovery > DR Activities.

The DR Activities page displays.

2. Click Failback for the VM or DR plan that you want to recover from the failover state.

The Failback option is available only for VMs or DR plans in a successful failover state.

The Failback dialog opens.

3. In the Failback dialog, select one of these options:

Option Description

Use original Enables you to fail back to the original VM location on premises.

Select target Enables you to select the target CDRA and vCenter for the failback.

4. Click the FAILBACK button.

The failback activity begins. The VM or DR plan is restored to the recovery staging area thatyou specified.

5. To verify that the VM is being restored, open vCenter. To display the Summary tab for theVM, click the VM in the list.

The VM that you failed back does not have an assigned IP address.

6. Open the console for the VM or DR plan that you failed back, and assign IP addresses forthe failback VMs.

You can either assign an IP address or obtain an IP address from a DHCP server.



7. Manually install VMware tools on the failed back VM. (AWS removes VMware tools duringAMI conversion.)

Results

After the failback has completed successfully, you can vMotion the VMs from the failback stagingarea to their original locations or new locations. The IP addresses used for Restore VMs are notused for failed back VMs, so assign appropriate IP addresses to failed back VMs and ensure thatDHCP can resolve them.

The CDRS performs any required clean-up of temporary resources in the cloud providerenvironment. However, the user must use the cloud provider console or the CDRS user interfaceto manually terminate the original failover instance in the cloud. This instance was used to launchthe failback process.

Note: The maximum number of failback activities is limited by the range of pool IP addressesthat you configured for failback. If all IPs in the IP range pool already have failback operationsin progress, a message informs you that the operation cannot be started until one or more ofthe running activities ends.

Promote a DR test to failoverFrom the DR Activities page, you can promote a test of a single asset to failover.

Before you begin

Before promoting a test to failover, shut down the on-premises production VM. This actionensures that users do not accidentally write new data to the on-premises VM when they should beaccessing the cloud-based VM instead.

If the asset you are failing over is an application, shutting down the production VM ensuresapplication consistency.

Procedure

1. To view status and other information about recovery activities, select Recovery > DRActivities.


2. For a DR test that is in the running state, click Promote to Failover.

The Promote to Failover dialog box is displayed. It reminds you shut down the productionVM to avoid possible data loss. To continue, click Select Network.

3. In the Promote to Failover dialog box, select the network for the failover operation:

Option Description

Keep current network Retains the network that was used during the test.

Select a network/security group Enables selecting a different network for the failover.

4. If you select a different network for the failover, you can also select the default securitygroup or a different security group.

5. To select a private IP address for the recovered instance, select the checkbox for thissetting, and enter the address. The system prevents you from selecting an IP address that isalready in use.

6. Click Failover.



End a DR testWhen a DR test on a single VM or a DR plan has completed and is in the running state, you can endthe test from the DR Activities page.

Procedure


The DR Activities page is displayed.

2. For a test that is in the running state, click End DR Test.

3. In the End this DR Test dialog box, click End Test.

Results

When you end a DR test, CDRS clears all used resources from the cloud, and the recoveredinstances are terminated.

Note:You can also terminate a recovery instance from the cloud provider console. When youterminate the recovery instance, the CDRS DR Activities page indicates an InstanceTerminated status.

End a failoverYou can end a failover at any time after a failback transfers a VM from the cloud to the on-premises vSphere environment.

Procedure

1. Select Recovery > DR Activities.

2. If available, click Open Failover Activities for the VM.

Note: The Open Failover Activities option is displayed only if there are VMs in asuccessful failback state.

The Failover Details dialog box opens.

3. Click End Failover.

Results

When a failover ends, CDRS clears all used resources from the cloud, and the recovered instancesare terminated.




Monitor recovery activitiesThe DR Activities page enables you to view information about DR tests, failovers, and failbacks ofVMs and DR plans. The DR Activities page also enables you to promote DR tests to failover, failback the VMs, and terminate DR tests and failovers.

Procedure

1. To view status and other information about recovery activities, select Recovery > DRActivities

The DR Activities page displays a detailed listing of activities.

2. Filter for DR activities.

To search the list of DR activities by name, enter the asset name in the search bar at the topof the page and click the magnifying glass icon. You can also click the filter ( ) icon toselect filters to include in the search parameters, including the activity status, activity type,region, and creation time of the DR activity. When you identify the search filters, they aredisplayed below the search pane. To clear the filters from the search, click Clear Filters.



DR activity statusesEach DR activity (test, failover, or failback) can have one of several statuses that indicates theprogress of the activity.

Table 14 on page 76 provides a definition and example of each DR activity status.

Table 14 DR activity statuses

DR activity status Definition

Successfully running The operation is complete.Disaster recovery is now active.

The recovered cloud instance is now available.

Failed The DR activity failed.The recovered cloud instance is not available.

The user may retry the operation.

In progress DR activity was started and is underway.

This status is displayed from the time the DR activity wasactivated until the operation is complete.

Ending The "End" operation has been activated.

For the test or failover activity, the recovered cloudinstance is being terminated.

Successfully completed DR activity has ended.

Partially successful The DR plan activity includes successful and failed VMs.This status is relevant only for DR plans.

DR activity states for AWS environmentsThe DR Activities page enables you to monitor the progress of ongoing activity states for DRtests and failovers.

You may notice system messages that indicate the current state of an activity while it is inprogress. Table 15 on page 76 describes the activity states.

Table 15 Ongoing activity states for AWS environments

State Description

Rehydrating When you start a recovery, a temporary Restore Service instance is createdfor each region on which the CDRS must perform recovery. In this state, theRestore Service instance constructs the VMDK file from raw data chunksthat are stored in Cloud DR target. The Restore Service instances arecreated in a private subnet, in a separate VPC.

The Restore Service instances automatically terminate after 10 minutes ofidle time.

Converting When the Restore Service instance completes rehydration of the VMDK file,CDRS converts the file into an AMI.



Table 15 Ongoing activity states for AWS environments (continued)

State Description

Launching When conversion is complete, CDRS launches a cloud instance that is basedon the AMI.

Running When the launch completes successfully, the restored VM is running. Thisstate is the final step of the recovery.

Each step in this process can take several minutes to complete.

View recovery detailsThe DR Activities page enables you to view detailed information about the assets that are listed.

Procedure

1. For any asset listed in the DR Activities page, click the information icon .

Note: For DR plans, you must first click the down-arrow icon to access the individualassets.

A detailed list of information about the asset is displayed. For example:

2. To collapse the detailed information view, click the information icon again.

DR plan activitiesA disaster recovery (DR) plan is a collection of assets that enables you to define run book recoveryplans, including batch operations on multiple assets, network and security group association, VMboot order definition, and selection of cloud instance type. You can manage, recover, and fail backDR plans through the CDRS. If you want to manage each asset separately, you can split the DRplan into its individual assets.

This section provides the basic procedures for DR plan activities.



Create a DR planYou can create a DR plan for a specific region/location and CDRA. Then you can add assets to theDR plan.

Before you begin

You can add to the DR plan only those assets that are protected by the selected on-premisessource in the designated region.

Procedure

1. From the CDRS user interface, select Protection > DR Plans.

The Select or Create a New Plan window is displayed.

2. To create a DR plan, click Create Plan.

3. In the Plan Details tab, enter a unique name for the DR plan and select an on-premisessource, and location.

NOTICE You cannot edit the on-premises source name or region after you selectmembers for the plan.

4. If you want the DR plan to fail when any asset in the plan fails, select the Fail plan on errorcheckbox. If you want the DR plan to continue running when one or more assets fail, clearthe checkbox.

5. Select a default network, default security group, and, if you are using tags, a tag.

6. In the Plan Members tab, click Add Members.

The Add Members dialog box displays a list of assets.

7. In the Add Members dialog box, select the checkbox for each asset that you want to add tothe DR plan, and then click Add.

8. To change the asset boot order, default network, default security group, virtual machinetype, tags, or private IP address selection, click the Edit button for the asset. Make thechange, then click Apply.

9. Review the list of assets that you added to the new DR plan. If you require additionalchanges, select one or more of the assets to edit (by using the Edit button) or remove (byusing the Remove button).



10. When you are satisfied with the DR plan, its assets, and properties, click Create Plan.

Results

The DR plan is created and may be used for testing or failover.

Edit a DR planYou can edit the properties of a DR plan except for the region and the on-premises source.

About this task

If the plan is active (running or in failover or test), editing the plan does not affect the active DRplan.

Procedure


The Select or Create a New Plan window is displayed (not shown).

2. Click the edit icon for the plan that you want to edit.

The Edit DR Plan window is displayed.

3. If required, change the Fail plan on error setting.

4. If you want to change the default network, click CHANGE and pick a different network.

5. If required, pick a different security group.

6. If required, select a different tag.

7. If you want to change the members that belong to the DR plan or edit the settings for anyselected member:

a. Click the EDIT MEMBERS button.



The Plan Members window is displayed.

b. Select one or more members of the plan.

c. If you want to remove one or more selected members, click the REMOVE button.

d. If you want to edit settings for one or more selected plan members, click the EDITbutton.

The Edit Member dialog box is displayed.

e. In the Network tab of the Edit Member dialog, if required, change the boot order,default network, and default security group of the member.

f. In the Advanced tab, if required, change the virtual machine type, tags, or the private IPaddress checkbox.

g. Click APPLY to apply changes to the edited member.

h. In the Edit DR Plan window, click APPLY to apply changes to the edited DR plan.

Results

The DR plan is updated and may be used for testing or failover.



Test or fail over a DR plan to AWS cloudTo verify that the operations of a DR plan work as expected, you test the DR plan. To start afailover of the assets in the DR plan, you fail over the DR plan. This procedure describes how totest or fail over a DR plan by using the Cloud DR Server interface.

Before you begin

To perform a test or failover of a DR plan, you must have instances of virtual machines that areprotected in the cloud.

About this task

To ensure a successful failover and prepare for a disaster, best practices entail testing variousdisaster recovery scenarios.

When an operational error or disaster occurs on premises, you can fail over a DR plan to the cloud.When the on-premise issue is resolved, you may fail back the DR plan to the on-premisesenvironment.

Note: When you fail over a DR plan, CDRS fails over the assets in the DR plan according to theVM boot order.

Procedure

1. In the CDRS user interface, select Recovery > Plan Recovery

The Plan Recovery page displays a list of DR plans on which recovery activities can beperformed.

2. Select the DR plan that you want to recover, and click DR Test to test the plan or Failoverto fail it over to the cloud.

A dialog box is displayed and prompts you to select copies. Any bookmarks that are appliedin RecoverPoint for VMs are displayed. Corrupted copies are clearly identified, and you areprevented from selecting them.

3. Select one of the copy options:

Option Description

Latest available copies Recovery uses the latest copies of the asset in the recoveryoperation.

Select a point in time Recovery uses asset copies that are based on the time, date, andselection that you specify.

When you select an application copy (available only in Advanced Mode), the CDRSautomatically selects the latest VM copy before the point-in-time copy of the application. Ifthere is no VM copy before that time, the CDRS takes a new VM copy. The application failsrecovery if there is no available VM copy.

If you configured the DR plan to fail on error, the plan fails if the VM copy is not available.

4. Click Next.

A dialog box is displayed and prompts you to review the list of copies and their status.



5. If you are:

l Unsatisfied with the copy selections, make the necessary changes before continuing.

l Satisfied with the copy selections, continue with a test or failover of the DR plan.

Results

Depending on the selection, the Cloud DR Server starts the test or failover of the DR plan.

Split a DR plan activityIf you want to manage each asset separately, you can split the DR plan.

About this task

In the DR Activities window, DR plan activities are organized by card types: DR test cards, DRfailover cards, and DR failback cards. If you have a DR plan in test and you split it, the DR testcards are split apart and you can individually end them or promote them to failover. The assets inthe DR plan are separated, and the DR plan is removed. When you split apart a DR plan activity,the action is irreversible.

Procedure

1. From the CDRS user interface, select Recovery > DR Activities.

2. Locate the DR plan activity that you want to split.



3. To split the DR plan into its individual assets, click the icon.

Results

The DR plan is split into its individual assets, and the cards in the DR plan activity are split intoindividual activities.

Delete a DR planWhen you no longer require a DR plan and the VMs it contains, you can delete the plan.

About this task

If the plan is active (running or in failover or test), deleting the plan does not affect the active DRplan.

Procedure


The Select or Create a New Plan window appears.

2. Select a DR plan to delete.

3. To delete the plan, click the delete (trash can) icon for the plan, and confirm the action.

Results

The DR plan is deleted.



PART 3

Cloud DR with Azure


Chapter 4, "Cloud DR for Azure requirements and deployment"

Chapter 5, "Cloud DR with Azure protection, recovery, and failback"


Cloud DR with Azure


CHAPTER 4

Cloud DR for Azure requirements and deployment


l Requirements for Cloud DR with Azure cloud environments..................................................88l Credentials for Cloud DR deployment.................................................................................... 91l Deploy the CDRA OVA.......................................................................................................... 92l Log in to CDRA......................................................................................................................92l Configuring the CDRA and deploying the CDRS....................................................................93l Add additional CDRAs...........................................................................................................101l Uninstall Cloud DR components........................................................................................... 102


Requirements for Cloud DR with Azure cloud environmentsThe following information describes requirements and prerequisites for the Cloud DR solutionwhen used with Microsoft Azure cloud environments.

Requirements checklist for Microsoft AzureEnsure that you meet the requirements to support the Cloud DR solution with Microsoft Azure.

Azure prerequisite checklist

Table 16 Prerequisite checklist


Operational training Familiarity with Avamar, Data Domain, VMware, andMicrosoft Azure cloud provider services.

Avamar and Data Domain systems forStandard Mode of operation


l Avamar 7.5 and later

l Data Domain 6.1 and later

Connectivity between the Data Domainsystems and the Avamar servers

CDRA must use Standard Mode, and the on-premises Data Domain system must be configuredas the backup target for the Avamar server. Avamarand Data Domain System Integration Guide providesmore information about connectivity.

Clock synchronization via NTP All severs (ESXi, Avamar, Data Domain, CDRA,vCenter) must have their clocks synchronized withNTP servers.

vSphere environment l An on-premises vSphere environment, release6.0 and later. The time on the vCentercomponents must be within (plus or minus) 15minutes of the real time.

l Virtual machines that are compatible with CloudDR and configured for backup to the Avamarserver.

n Supported operating systems for Cloud DRand Azure on page 90 contains informationabout supported VM operating systems.

n The Avamar for VMware User Guide containsinformation about configuring Avamarbackups of VMs.

Microsoft Azure l A Microsoft Azure account and subscription.Refer to Azure prerequisite setup on page 89.

l Network connectivity between on-premisesenvironment and Azure. Ensure that you haveconnectivity from the on-premises CDRA toAzure through port 443.





l A storage account (includes blob store) to beused as a Cloud DR target in one of thesupported regions. See Azure regions for CDRSdeployment on page 90.

Azure prerequisite setupSetup steps for Azure must be completed before installation and deployment of the CDRA.

Ensure that the following prerequisite steps are complete:

1. Log in to the Azure portal and create an Azure Active Directory application. You can find theMicrosoft Azure instructions here.

2. Obtain the application ID and authentication key/application secret (needed whenprogrammatically logging in).

a. Get the application ID (some applications refer to this value as the client ID). Find theMicrosoft Azure instructions here.

b. Generate an authentication key/application secret and record its value (it is not possible toretrieve it later). Find the Microsoft Azure instructions here.

3. Get the Directory ID (also known as the tenant ID). This ID is needed when programmaticallylogging in. Find the Microsoft Azure instructions here.

4. Add access control (IAM) for the created application. Find the Microsoft Azure instructions here.

Note: Configure access control (IAM) at the subscription level with contributor role.

Virtual machine specifications for Cloud DR with Microsoft AzureThe following tables list the required specifications for the VMs used for Cloud DR components.

NOTICE To support recovery operations for production VMs, ensure that each VM has aunique identifier (UID).

Table 17 Cloud DR Add-on VM specifications

Component Required specification

vCPU 4 (2x2)

RAM 4 GB

HDD 16 GB

Table 18 Cloud DR Azure components specifications


CDRS Standard DS2 V2 (2 CPU, 7 GB RAM)

Restore Service Standard D16S V3 (16 CPU, 64 GB RAM)



https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal#create-an-azure-active-directory-application

https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#get-values-for-signing-in

https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#create-a-new-application-secret

https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#get-values-for-signing-in

https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#assign-the-application-to-a-role

Table 18 Cloud DR Azure components specifications (continued)


MySQL DB General Purpose (2 vCores, 50 GB storage),MySQL version 5.7

Azure regions for CDRS deploymentThe list of Azure regions for CDRS deployment is subject to change. The most up-to-date list ofsupported regions where you can deploy the CDRS is maintained in the Cloud DR Simple SupportMatrix, which is available here:


For additional information about Microsoft Azure locations, see https://azure.microsoft.com/en-us/global-infrastructure/regions/.

Supported operating systems for Cloud DR and AzureThe list of operating systems for Cloud DR and Azure is subject to change. The most up-to-datelist of supported regions where you can deploy the CDRS is maintained in the Cloud DR SimpleSupport Matrix, which is available here:


Supported browsers and resolutionsThe following browsers and resolutions are supported with Cloud DR.

Supported browsers

l Chrome - The latest version at the time of the release of Cloud DR.

l Firefox - The latest version at the time of the release of Cloud DR.

Supported desktop resolutions

l 1280 x 800

l 1366 x 768

l 1920 x 1080

Support for Azure Hybrid BenefitDell EMC Cloud DR supports Azure Hybrid Benefit.

CDRS users can enable Azure Hybrid Benefit to use their on-premises Windows Server licenses torun Windows VMs. Enable the Use Azure Hybrid Benefit checkbox in the Settings > Generalsection.

For additional information about Microsoft Azure Hybrid Benefit, see Azure Hybrid Benefit forWindows Server.

Limitations for Cloud DR with AzureThe following limitations apply to the Cloud DR solution for Microsoft Azure cloud environments.

l Only VMware hypervisor is supported. Other hypervisors, such as Microsoft Hyper-V, are notsupported.




https://azure.microsoft.com/en-us/global-infrastructure/regions/

https://azure.microsoft.com/en-us/global-infrastructure/regions/


l You cannot change the names of Azure components (for example, VM names, key pairs, andstorage accounts).

l Limitations in Avamar support:

n Ad hoc backups of individual VMs are not supported. Only policy-based backups can beused.

n Existing backups that do not have Cloud DR enabled cannot be converted to Cloud DR-based backups. Only those backups that are initiated after Cloud DR was enabled areprotected to the cloud and may be used for disaster recovery in the cloud.

l Cloud DR per-disk size limitation for a protected/recovered VM is 5 TB. The limit for all disksizes in the VM is 30 TB.

l Since the Azure default subscription has many low-quota limits, you may need to request aquota increase in your subscription (for example, the number of vCPUs per instance family perregion).

l Cloud Snapshot Manager creates snapshots in the same resource group that is created for therecovered virtual machine. If you end the DR activity, the resource group containing therecovered virtual machine is deleted along with all its objects including snapshots that arecreated by Cloud Snapshot Manager.

l Cloud provider performance and the volume of protected assets can affect the performance ofthe Cloud DR solution.

l CDRS does not support files share.

Connect to CDRS via private IP address - AzureThe connection between the on-premises CDRA and the cloud-based CDRS uses a public IPaddress by default. However, after the CDRS is deployed, the Cloud DR solution provides a way toconnect to CDRS via a private IP address.

About this task

If you want to connect via private IP address, here are the prerequisite steps:

Procedure

1. Configure a service endpoint for the CDRS subnet and VNET rules for MySQL.

2. In the Azure portal, go to the resource group of the VPN and create a new route table.

3. Add route to on-premises address ranges via cloud VPN gateway.

4. Open the subnet configuration page, and change the route table to the route table that youcreated in step 2 on page 91.

5. Disassociate the public IP address from the CDRS.

After you finish

After the CDRS is deployed in the CDRA configuration wizard, edit the connection and change it toa private IP address. This option is available by selecting Cloud DR Add-on > Cloud DR Server,and then clicking the edit icon. The option appears in the Edit CDRS Settings dialog box.

Credentials for Cloud DR deploymentBefore you begin Cloud DR deployment, ensure that you have access to the usernames andpasswords for Cloud DR components.

Security best practices recommend that you change default passwords to something unique.



Table 19 Cloud DR component usernames and passwords

Cloud DR component Notes

Cloud DR Add-on Created during CDRA OVA deployment, theinitial username/password is admin/admin.

Avamar MCUser Credentials are needed to establish aconnection to the backup server on premises.

Data Domain DDBoost Credentials are needed to establish aconnection to the Data Domain system onpremises.

vCenter server Credentials are needed to establish aconnection to the vCenter server thatsupports the production environment.

Cloud DR Server Password is set during CDRS deployment.

Cloud Avamar MCUser Credentials are needed to establish aconnection to the backup server in the cloud.

Cloud Data Domain DDBoost These credentials are needed to establish aconnection to the Data Domain system in thecloud.

Deploy the CDRA OVAThe Cloud DR Add-on (CDRA) is a Cloud DR component, and it is provided as an OVA deployed ona VMware vCenter Server environment.

Download the OVA from the link that was provided when you purchased the Cloud DR solution.Use the vSphere client to deploy the OVA in the vSphere environment.

In the network-mapping step, one network interface is required for the CDRA VM. Map the CDRAnetwork interface to a VLAN that provides network access to the cloud.

CDRA supports dual NIC configurations for CDRS deployment. See Configuring the CDRA anddeploying the CDRS for more information.

Note: After the CDRA is deployed, changing its IP address is not supported.

Log in to CDRAYou can log in to the CDRA with the username and password.

Procedure




2. In the Admin username and Admin password fields, enter the username and password thatwere provided when you purchased the product.



Note:

l The default Admin password is admin.

l Passwords expire based on the specified expiration period. By default, the expirationperiod is 90 days.

If this login is the first login or the password has expired, the Cloud DR Add-on ChangeAdmin Password window opens for you to change the password. Passwords must be atleast eight characters in length and contain a minimum of three of the following four types:

l English uppercase: A-Z

l English lowercase: a-z

l Numeric character: 0–9

l Special (non-alphanumeric) characters

Note: If you forget the password, click Forgot password?. Then enter the usernameand click Send.

3. If this is the first time logging in to the CDRA, you are prompted to select the operationalmode. To support Cloud DR for Azure cloud environments, select Standard Mode.

Results

The Cloud DR Add-on window opens and the Welcome page appears.

Configuring the CDRA and deploying the CDRSThe following sections describe how to configure the Cloud DR Add-on (CDRA) and deploy theCloud DR Server (CDRS). CDRS is deployed to the cloud during configuration of the CDRA.

To begin, click Configuration in the navigation pane.



The menu bar (across the top) displays the steps that are required to complete the configurationand deployment process. The Cloud DR solution is fully deployed when you complete these tasks.

Generally, you complete the steps working from left to right. For example, you must connect tothe Cloud Account and create Cloud DR targets before you deploy the Cloud DR Server.

CDRA supports single NIC (NIC-0) and dual NIC (NIC-0 and NIC-1) configuration. Dual NICconfiguration is the default configuration. The single NIC configuration (NIC-0) is used for bothinternal and external networks. In single NIC configuration, IPv4 is mandatory whereas IPv6 isoptional. There are two types of Dual NIC configurations.

l External (Cloud and Data) NIC-0

n NIC-0 is used for external network.

n IPv4 is mandatory.

n IPv6 is optional.

l Internal - NIC-1

n NIC-1 is used for internal network.

n NIC-1 supports either IPv4 and IPv6.

n NIC-1 supports dual stack configuration where both IPv4 and IPv6 are defined.



Set up the CDRATo configure networking and other settings for the CDRA, use the Setup CDRA page of the CloudDR Add-on window.

Procedure

1. For Cloud DR Add-on name, enter a name for the CDRA.

2. Enter the hostname or IP address for the primary and secondary DNS servers.

3. Enter the hostname or IP address for the primary and secondary NTP servers.

4. Select a time zone that is the same as the on-premises time zone.

5. Expand the Network Configuration section. If CDRA is configured with dual NIC, External(Data) interface and Internal (Management) Interface are displayed . Only External(Data) interface is displayed in single NIC configuration.

The External (Data) interface connects cloud provider to the Data Domain path. TheInternal (Management) Interface is used for internal components.

6. Enter the IPv4 address and the gateway id in the External (Data) interface section.

7. Select the Enable IPv6 checkbox to configure the IPv6 address and gateway.

8. Select the Internal (Management) Interface to enable the Enable IPv4 and Enable IPv6sections.



11. Click Save.

Add Azure cloud accountAdd the Azure cloud account and connect the CDRA to the account.

Before you begin

Ensure that you have an Azure account with an Azure subscription.

Procedure


The Connect to Cloud Account page appears.

2. Click Add Cloud Account.

3. In the Connect to Cloud Provider Account dialog box, select Azure.

4. In the Connect to Cloud Provider Account dialog box, enter the Directory ID, ApplicationID, and Key value.

5. Click the SELECT SUBSCRIPTION button and select a subscription from the list.

Only one CDRS can be deployed for an Azure subscription. After the CDRS is deployed,changing the subscription from the CDRA is not supported.



6. To save the Azure cloud account, click Verify & Save.

Add Azure cloud targetsYou can add one or more Azure cloud targets to the cloud account by selecting an Azure storageaccount and a location.

Procedure


The Cloud Account page appears.

2. Click Add Cloud DR Target to set up one or more Cloud DR targets on the cloud account.

The Add Cloud DR Target dialog box opens.

3. Enter a Friendly Name for the Cloud DR target.

4. Select an Azure storage account for the Cloud DR target. The Azure account types aregeneral purpose accounts.

The Azure location for the Cloud DR target is automatically retrieved.

5. Click Add.

6. For each Cloud DR target that you want to add, repeat the steps in this procedure.

Deploy the Cloud DR Server in AzureDeploy the CDRS on a specific Cloud DR target.

Procedure

1. Click Cloud DR Server on the menu bar.

l If no CDRS has been deployed, the Deploy Cloud DR Server page appears.l If the CDRS has already been deployed, the Cloud DR Server page appears. You are not

permitted to deploy additional CDRS instances.

2. In the Cloud DR Server Configuration section, select a cloud target, and then select anexisting VNET or create a new one.

Option Notes

Create New VNET If you create a new VNET, the connection between the CDRA andCDRS uses a public IP address, and it is not possible to change the IPrange of the VNET and subnet after they are created.

Select existingVNET

-



The VM is created using the VNET and subnet.

3. In the IPV4 CIDR Range section, the CIDR prefix for the CDRS is pre-populated, and youmay retain the given value or change it.

4. In the User Configuration section, enter and confirm passwords for the CDRS Admin andCDRS Monitor users.

The passwords must:







a. Enter and confirm passwords for the CDRS Admin and CDRS Monitor users.

b. Enter an email address for Cloud DR password reset requests.

Note: If you update the password, the new password must be different than theprevious password.

5. Click Deploy Cloud DR Server.

Results

The CDRA begins deployment of the CDRS to the Cloud DR target. Deploying the CDRS may takeup to 30 minutes.

During CDRS deployment, these resource providers are registered: Microsoft.Compute,Microsoft.DBforMySQL, Microsoft.Network, Microsoft.ResourceHealth, Microsoft.Security,Microsoft.Storage.

If the deployment is successful, the Cloud DR Server page appears, listing the hostname of theCDRS host and the region. You can access the Cloud DR Server by clicking the CDRS Hostnamelink, but protection and disaster recovery are not supported until you complete all CDRAconfiguration steps.

If an error occurs during deployment, click Cleanup to delete the cloud resources that CDRScreates, and then retry deployment.

Connect to vCenter serversYou can connect the CDRA to vCenter servers that manage VMs in the Cloud DR solution. You canalso define recovery settings.

Procedure

1. Click vCenter Servers on the menu bar.

The Connect to vCenter Servers page appears.

2. Click Add vCenter Server.

The Connect to vCenter Server dialog box appears.

3. Enter the hostname or IP address of the vCenter server.

4. Enter the port number for the vCenter server.

5. Enter the Admin username and password.



6. Click Save.

7. In the Confirm vCenter's SSL Certificate dialog box, click Confirm.

A dialog box prompts you to define a recovery staging area.

8. Define the recovery settings as described in "Define a recovery staging area." To definerecovery settings later, click Define Later.

9. To add additional vCenter servers, repeat steps in this procedure for each vCenter server.

Results

The vCenter Servers page lists vCenter servers that you add to the CDRA.

Define a recovery staging areaRecovery is the process of transferring protected VMs from the cloud back to the on-premisesvCenter environment. The Define Recovery Staging Area dialog box enables you to configuresettings for the operation. You can also enable a direct failover to a vCenter.

About this task

Note: If you do not define a recovery staging area during initial Cloud DR configuration, youcan define it later. However, recovery operations do not work unless these settings areconfigured.

Procedure

1. In the vCenter Servers tab, select a vCenter, and click the edit icon . To updateinformation about the vCenter, select Edit vCenter Details. To update the failback settings,select Edit Failback Setting.

When you click Edit vCenter Details, the Define Recovery Staging Area dialog box is

displayed.

2. Select one or more datastores or datastore clusters on the vCenter server.



3. Select one or more networks for the recovery staging area.

Selected networks must connect to the cloud.

4. For each selected network:

a. Highlight the network.

b. Configure the IP range pool by typing the first IP address in the pool and the number ofIP addresses in the subnet to be included in the pool. To enter additional IP range pools,

click the plus button.

c. Enter the network Subnet mask.

d. Enter the network default gateway for the Gateway.

5. To enable a direct failover to the selected vCenter, click the toggle button at the bottom ofthe dialog box:

Note: You may define multiple vCenters as recovery targets.

6. Click Save.

Configure Avamar backup server and Data Domain systemYou can connect CDRA to a local (on-premises) Avamar backup server and Data Domain system.

Before you begin

This procedure is only for the on-premises Avamar/Data Domain solution.

Before configuring the on-premises Avamar server, deploy the CDRS.

Procedure


The Connect to Backup Servers page is displayed.

2. Click Add Backup Server.

The Connect to Backup Server dialog box is displayed.

3. Enter the hostname of the Avamar server.

4. Enter the Avamar server HTTPS service port number.

5. Enter the username and password of the Avamar MCUser account.

6. Click Save.

The Local Backup page is displayed. This page displays the DDBoost username that thebackup server uses to connect to the Data Domain system.

7. To connect the local Data Domain system that is registered to the Avamar server, clickConnect DD.

Note: When adding the Data Domain system in Avamar, Dell EMC recommends usingthe Data Domain hostname.

The Connect to Data Domain system dialog box is displayed.

8. Select the Data Domain system and enter the password for the DDBoost username. Thenclick Connect.



9. If you want to protect VMs that the cloud provider does not support, switch the Protectunsupported VMs toggle to the on position.

Note: Although the protection of unsupported VMs is supported, recovery of these VMsto cloud instances is not supported.

10. To connect to additional Avamar servers, repeat the steps in this procedure for each Avamarserver.

Results

The Local Backup lists the Avamar server and Data Domain system that are connected to theCDRA.

Note: Any Avamar server can be connected to only one CDRA at a time.

Edit backup server and associated Data Domain systemYou can edit the information for a backup server and its associated Data Domain system.

Procedure


2. To edit the local backup server, click the edit (pencil) icon for the backup server that youwant to change, and click Edit Backup Server.

The Edit Backup server dialog box appears.

3. Make the required changes and click Save.

4. To edit the Data Domain system, click the edit (pencil) icon for the system that you want tochange, and click Edit DD_system.

The Update Data Domain's Credentials dialog box appears.

5. Make the required changes and click Connect.

Delete Data Domain systemYou can delete the on-premises Data Domain system that is associated with the local backupserver.

Procedure




3. Select the associated Data Domain system for deletion.

Results

The selected Data Domain system is deleted.



Delete backup serverYou disconnect from a backup server by deleting it.

Procedure




3. Select the local backup server.

Note: If the local backup server is connected to a Data Domain system, first delete theData Domain system. Then delete the local backup server.

Results

The selected backup server is removed. If an Avamar server is removed and then reconnected, afull backup of protected VMs occurs. Previously protected VMs are accessible to disaster recoveryand failover in the CDRS.

Add additional CDRAsYou can add up to 50 Cloud DR Add-ons (CDRAs) to the same Cloud DR Server (CDRS).

About this task

Follow the steps described below. For details of each step, see the procedures in Cloud DR forAzure requirements and deployment on page 87.

Procedure


2. Log in to the CDRA.

3. Configure the CDRA and deploy the CDRS.

4. Add the Azure cloud account.

5. Add Azure Cloud DR targets.

6. If you want to change the CDRA-to-CDRS connection to a private IP address, edit theCDRS settings.

7. Connect to the existing Cloud DR Server.

a. On the Cloud DR Server page of the Cloud DR Add-on UI, click the link for the CDRShostname.

b. When the Cloud DR Server log-in appears, enter the username and password for theCDRS.



This action connects the new CDRA to the existing CDRS.

8. Connect to one or more vCenter servers.

9. Define failback settings.

10. Connect a local Avamar backup server and Data Domain system.

11. To add more CDRAs to the existing CDRS, repeat the steps in this procedure.

Uninstall Cloud DR componentsTo uninstall Cloud DR, follow the steps in this procedure.

Before you begin

NOTICE Failure to perform these steps in the listed order causes undesirable results.

Procedure

1. From the on-premises Avamar, delete the Avamar policies that are configured to send filesto the cloud.

2. From the CDRA UI, in the Local Backup tab, remove the Data Domain system.

3. From the CDRA UI, in the Local Backup tab, remove the Avamar backup server.

4. Delete the Cloud DR Add-on appliance from vSphere, as described in VMwaredocumentation.

5. From the Azure portal, locate and delete resource groups that have names beginning with"CDRS".

6. Delete the storage account that was used for deployment (unless it is used for purposesother than Cloud DR).



CHAPTER 5

Cloud DR with Azure protection, recovery, andfailback

This chapter contains these topics:

l Overview..............................................................................................................................104l DR plans...............................................................................................................................108l Create rapid recovery copies for protected VMs................................................................. 109l Test or fail over single asset to Azure cloud..........................................................................110l Recover to vCenter............................................................................................................... 111l Failback workflow................................................................................................................. 113l Perform a failback................................................................................................................ 113l Promote a DR test to failover............................................................................................... 115l End a DR test....................................................................................................................... 115l End a failover........................................................................................................................116l Monitor recovery activities................................................................................................... 116l DR plan activities.................................................................................................................. 119l Create a DR plan.................................................................................................................. 120l Edit a DR plan....................................................................................................................... 121l Test or fail over a DR plan to Azure cloud............................................................................ 123l Split a DR plan activity......................................................................................................... 124l Delete a DR plan.................................................................................................................. 125


OverviewThe Cloud DR solution provides disaster recovery (DR) activities that include protection, test,promote test to failover, failover, and failback of one or more on-premises assets.

You can perform DR activities on a single asset, or multiple assets by using a DR plan.

ProtectionProtection varies depending on the operational mode.

When the Cloud DR solution is operating in Standard Mode, the protection flow uses the Cloud DRdata path. The protection flow follows this sequence:

1. Avamar writes a full VM backup to the Data Domain system.

2. The CDRA receives the backup files from Data Domain and validates Azure compatibility. Thenit segments, compresses, and encrypts the files.

3. The CDRA sends the segment to the cloud target for protection.

4. Avamar then writes only incremental backups to the Data Domain system.

5. The CDRA segments, compresses, and encrypts the incremental backups.

6. The CDRA sends only the changes (or diffs) to the cloud target for protection.

You start the standard protection flow from the Avamar Administrator UI by creating a backupgroup, selecting a data set, and enabling Cloud DR for the group. See the Avamar for VMware UserGuide for information about configuring protection from the Avamar Administrator UI.

After you back up a VM, you can enable it for rapid recovery in the CDRS user interface.

TestA DR test enables temporary access to a cloud instance to verify that a recovered asset worksbefore you perform a failover. Testing DR scenarios before a real disaster occurs is arecommended best practice that saves time and ensures that production assets on premises canbe quickly recovered in the cloud.

Figure 13 on page 105 shows the basic test workflow. Table 20 on page 105 lists the user actionsthat are available for each workflow state.

Cloud DR with Azure protection, recovery, and failback


Figure 13 DR test workflow


Table 20 Test workflow states and related user actions


Starting state:Production VMs areprotected in cloud and remainprotected during the test

Select VM/DR PlanSelect test network


Start test

Test in progress

Test in progress Cancel Canceled


Failed Retry Test in progress


Succeeded:Testing - cloud instancerunning

Promote to failover (canchange network)


End test (removes cloudinstance)

Starting state



FailoverYou perform a failover to the cloud when an on-premises disaster occurs and the production VMsare not running.

During a failover, shut down the on-premises production VMs to prevent users from writing newdata to them.

Figure 14 on page 106 shows the basic failover workflow. Table 21 on page 106 lists the useractions that are available for each workflow state.

Figure 14 Failover workflow


Table 21 Failover workflow states and related user actions


Starting state:Production VMs areprotected in cloud and remainprotected during failover

Select VM/DR PlanSelect failover network


Start failover

Failover in progress

Failover in progress Cancel Canceled


Failed Retry Failover in progress


Succeeded: Fail back Failed back

End failover (removes cloudinstance)

Starting state



Table 21 Failover workflow states and related user actions (continued)



FailbackA failback transfers a failed-over VM (cloud instance) back to the on-premises vSphereenvironment.

Before starting failback, it is a best practice to shut down services on the cloud instance.

Figure 15 on page 107 shows the basic failback workflow. Table 22 on page 107 lists the useractions that are available for each workflow state.

Figure 15 Failback workflow


Table 22 Failback workflow states and related user actions


Starting state:Failed over - cloud instancerunning

Select VM/DR plan.Start failback.

Failback in progress

Failback in progress Cancel. Canceled



Table 22 Failback workflow states and related user actions (continued)



Failed Retry Failback in progress

Clean up. Starting state

Succeeded:Failback completed, new VMcopies restored on premises

Link to failover activity card.End failover to terminaterecovered cloud instances.

--

DR plansA disaster recovery (DR) plan is a collection of assets (VMs) that enables you to define run bookrecovery plans, including batch operations on multiple assets, network and security groupassociation, VM boot order definition, and selection of cloud instance type.

A DR plan is associated with a single region and a single Cloud DR Add-on. You can add to the planonly those assets that are protected by the designated CDRA and are in the designated region.

The assets that you add to the DR plan are called DR plan members. If required, you can add thesame asset to multiple DR plans. For example, you might want to create several DR plans to testvarious DR scenarios. You can also create a master DR plan that contains all the assets onpremises.

For each VM in the DR plan, you can specify a startup priority, called a boot order, from 1 to 5,where a lower number represents a higher priority. For example, a VM with a boot order of 1 beginsrecovery before a VM with a boot order of 2-5. All VMs with the same boot order begin recoveryat approximately the same time (actual start times may vary depending on when each VM recoveryoperation ends).

You can test, fail over, or fail back a DR plan in the same way that you might perform thoseoperations on a single asset. There are minor differences in the workflows.

When you test or fail over a DR plan, that operation is applied to all the assets contained in theplan. If one asset in the plan fails, the operation continues on the other assets in the plan (thedefault behavior). You may choose to retry the operation for the failed asset while the DR planoperation continues. A partially successful DR test means that the batch operation continues evenwhen one or more assets in the DR plan encounter a test failure. Optionally, you may configure theDR plan to fail when any asset in the plan fails by enabling the Fail on error option.

When a DR plan is partially successful (that is, recovery of some assets has succeeded whileothers have failed), the user has three options:

l Retry - This action retries the operation only for the failed assets. Cloud instances that arealready recovered remain available.

l End test or failover - This action terminates the cloud instances of successfully recoveredVMs.

Note: Ending a failback operation for a DR plan only closes the failback card.

l Split - This action splits a partially successful DR plan into its individual members so you canmanage each asset separately.

Depending on the number of members in a DR plan, it may take some time for the plan operation tocomplete. One convenient feature of a DR plan is that when you run a DR plan, you can



immediately begin editing the plan or even delete it without affecting the completion of the originalplan.

Create rapid recovery copies for protected VMsYou can accelerate the recovery process ahead of time by creating rapid recovery copies forprotected VMs. Creating a rapid recovery copy reduces the RTO for a protected VM butconsumes additional cloud resources and incurs additional costs.

About this task

Creating a rapid recovery copy starts the rehydration process and converts the VMDK files tovirtual hard disks (VHDs). The recovery process (test or failover) then launches the recoveredinstance from the converted VHDs.

Perform this procedure when a new backup copy is available in the cloud storage.

Note: Failover of rapid recovery images to a vCenter is not supported.

Procedure

1. In the CDRS user interface, select Protection > Asset Protection in the navigation pane.

The existing protected assets are displayed in the right pane. The Rapid Recovery Imagecolumn indicates whether the asset is enabled for rapid recovery.

2. Select one or more VMs and click Set Rapid Recovery Image.

3. In the Set Rapid Recovery Image dialog box, select the number of rapid recovery copiesthat you want to keep (from 1 to 5), and then click Set.

Note: Configuring more than one rapid recovery copy for selected VMs enables you toquickly recover to an older point in time in case the latest point-in-time copy cannot beused because of inconsistent or corrupt data.

Results

l The CDRS creates the rapid recovery copy and removes the oldest copy to maintain thenumber of copies that you configured.

l You can verify the results by reviewing the Rapid Recovery Image column where the numberof copies is indicated. The icon is displayed in some CDRS windows and designates a copythat is enabled for rapid recovery.



After you finish

l You can disable rapid recovery for an asset by selecting it and clicking Disable Rapid RecoveryImages.

l You can set the minimal time interval during which rapid recovery copies are not created. See Set rapid recovery interval on page 148.

Test or fail over single asset to Azure cloudThis procedure describes how to test or fail over a single asset (VM) to the Azure cloud.

Before you begin

To fail over to a vCenter environment, see Recover to vCenter on page 111.

To perform a DR test or failover of an asset, you must have VMs that are backed up by the on-premises backup software and copied to the cloud.

If you intend to use tags, you must first create the tags. See Create a tag on page 147.

About this task

To ensure a successful failover, and better prepare for a disaster, best practices recommendtesting various disaster recovery scenarios. After performing a test, you can promote the test to afailover.

When an operational error or disaster occurs on premises, you can fail over an asset to the cloud.

Procedure


You can also open the Asset Recovery page from the dashboard by clicking See All in theRecovery pane.

The Asset Recovery page is displayed.

2. Use the Search for assets widget to search by asset type or CDRA name.

3. Select the asset that you want to recover and click Test or Failover.

If you click Failover and the asset has never been tested, a dialog box opens and remindsyou that running a DR test is recommended before implementing a failover. The messagealso recommends that you shut down the production VM to avoid a possible data loss that iscaused by accidental user access. Click Select Copy to continue.



4. In the wizard that opens, in the Copy step, select a point-in-time copy of an asset that youwant to test or fail over, and then click Next.

5. In the Network step, select the network where you want to launch the virtual machine, andthen click Next.

6. (Optional) In the Advanced step:

a. In the Security Groups tab, select a security group.

b. In the EC2 Instance Type & Tags, select an EC2 instance type and a tag.

c. In the IP settings tab, to enter a private IP address for the recovered instance, selectthe checkbox for this setting and enter the address. The system prevents you fromselecting an IP address that is already in use.

7. Click Start DR Test or Start Failover.

Results

A temporary Restore Service instance is launched in each region where recovery is needed (unlessthe VM is enabled for rapid recovery). This instance performs hydration during recovery, and isautomatically terminated after 10 minutes of idle time.

During recovery, the temporary Restore Service instance creates VHDs, and the Cloud DR Serverthen attaches them to the restored virtual machine.

Recover to vCenterThis procedure describes how to recover a VM to a recovery-enabled vCenter environment.

Before you begin

To recover to a vCenter, during CDRA configuration, you must enable direct failover to one ormore vCenters (described in Define a recovery staging area on page 98).

Procedure


The Asset Recovery page displays.

2. Select a VM and click FAILOVER TO VCENTER.

The Failover to vCenter dialog box opens.

3. In the Failover to vCenter dialog box, in the Copy step, select a Point in Time copy andclick NEXT to go to the Failover Target step.



Corrupted copies are clearly identified, and you are prevented from selecting them. Everycopy snapshot (Point in Time) is replicated together with its OVF, so the failed over VM willhave the same hardware settings that the protected VM had, at the selected Point in Time.

4. In the Failover Target step, select a CDRA/vCenter failover target.

5. Optionally, in the Advanced section, update the Keep original VM MAC address and UIDcheckbox setting.

If you are failing over to the same network as the production VM, to avoid IP conflicts, clearthis checkbox to ensure that the failed over VM has a different MAC address and UID thanthat of the production VM.

NOTICE When a production VM is protected, the hardware settings of the productionVM (including the MAC address) are also protected, with these exceptions:

l RAW disk is not supported. In the failed-over VM, it becomes a VMDK.

l Single-root I/O virtualization (SR-IOV) pass-through is not supported. In the failed-over VM, it becomes an e1000 virtual NIC.

6. Click START FAILOVER.

Results

The failover process begins and you can monitor progress on the DR Activities page.



Failback workflowA failback operation allows a failover instance to be copied back to an on-premises vCenter.

This operation is possible only in Standard Mode.

1. Failback is initiated from a failover instance by using the CDRS user interface.

2. CDRS powers off the instance and creates snapshots of its disks.

3. A Restore Service:

a. Creates disks from the snapshots.

b. Attaches the new disks to itself.

c. Reads the data and creates segments of data, compressing and encrypting the data storedin the cloud target for that specific region.

4. When the CDRA receives a new failback request, it creates a Restore VM, including a bootdisk, at the on-premises vCenter in the failback staging area. The failback staging area isdefined during Cloud DR deployment at the Connect to vCenter Server page.

5. The Restore VM copies the data from the cloud storage. Disks (VDMKs) are directly attachedto the Restore VM and allocated as thick lazy-zeroed.

6. When the restore process completes, the CDRA powers off the Restore VM, deletes the bootdisk, configures the failed-back VM as necessary, and relaunches the VM.At this point, you can vMotion the VMs from the failback staging area to their original locationsor new locations. The IP addresses used for Restore VMs are not used for failed back VMs, soassign appropriate IP addresses to failed back VMs and ensure that DHCP can resolve them.

7. The CDRS performs any required clean-up of temporary resources in the cloud providerenvironment. However, the user must use the cloud provider console or the CDRS userinterface to manually terminate the original failover instance in the cloud. This instance wasused to launch the failback process.

Perform a failbackWhen an operational error or a disaster occurs in the on-premises environment, you can fail over aVM or DR plan to the cloud. After a failover to the cloud, the failed-over workloads run on cloudinstances (VMs) with data that is stored in cloud storage. When the on-premises issue is resolved,you may want to fail the cloud instance back to the on-premises environment to continue runningthe workloads locally, instead of in the cloud. This procedure provides steps to fail back workloadsthat were failed over to the cloud.

Before you begin

Do this procedure on cloud instances that are in a failed-over state.

About this task

You can fail back a VM or a DR plan that contains multiple assets. Failback of individualapplications is not supported.

Procedure

1. To perform a failback, select Recovery > DR Activities.


2. Click Failback for the VM or DR plan that you want to recover from the failover state.

The Failback option is available only for VMs or DR plans in a successful failover state.



The Failback dialog opens.

3. In the Failback dialog, select one of these options:

Option Description

Use original Enables you to fail back to the original VM location on premises.

Select target Enables you to select the target CDRA and vCenter for the failback.

4. Click the FAILBACK button.

The failback activity begins. The VM or DR plan is restored to the recovery staging area thatyou specified.

5. Open vCenter to verify that the VM is being restored. To display the Summary tab for theVM, click the VM in the list.

The VM that you failed back does not have an assigned IP address.

6. Open the console for the VM or DR plan that you failed back, and assign IP addresses forthe failback VMs.

You can either assign an IP address or obtain an IP address from a DHCP server.

Results

NOTICE

After the failback has completed successfully, you can vMotion the VMs from the failback stagingarea to their original locations or new locations. The IP addresses used for Restore VMs are notused for failed back VMs, so assign appropriate IP addresses to failed back VMs and ensure thatDHCP can resolve them.

The CDRS performs any required clean-up of temporary resources in the cloud providerenvironment. However, the user must use the cloud provider console or the CDRS user interfaceto manually terminate the original failover instance in the cloud. This instance was used to launchthe failback process.

Note: The maximum number of failback activities is limited by the range of pool IP addressesthat you configured for failback. If all IPs in the IP range pool already have failback operations



in progress, a message informs you that the operation cannot be started until one or more ofthe running activities ends.

Promote a DR test to failoverFrom the DR Activities page, you can promote a test of a single asset to failover.

Before you begin

Before promoting a test to failover, shut down the on-premises production VM. This actionensures that users do not accidentally write new data to the on-premises VM when they should beaccessing the cloud-based VM instead.

If the asset you are failing over is an application, shutting down the production VM ensuresapplication consistency.

Procedure



2. For a DR test that is in the running state, click Promote to Failover.

The Promote to Failover dialog box is displayed. It reminds you shut down the productionVM to avoid possible data loss. To continue, click Select Network.

3. In the Promote to Failover dialog box, select the network for the failover operation:

Option Description

Keep current network Retains the network that was used during the test.

Select a network/security group Enables selecting a different network for the failover.

4. If you select a different network for the failover, you can also select the default securitygroup or a different security group.

5. To select a private IP address for the recovered instance, select the checkbox for thissetting, and enter the address. The system prevents you from selecting an IP address that isalready in use.

6. Click Failover.

End a DR testWhen a DR test on a single VM or a DR plan has completed and is in the running state, you can endthe test from the DR Activities page.

Procedure


The DR Activities page is displayed.

2. For a test that is in the running state, click End DR Test.

3. In the End this DR Test dialog box, click End Test.

Results

When you end a DR test, CDRS clears all used resources from the cloud, and the recoveredinstances are terminated.




End a failoverYou can end a failover at any time after a failback transfers a VM from the cloud to the on-premises vSphere environment.

Procedure

1. Select Recovery > DR Activities.

2. If available, click Open Failover Activities for the VM.

Note: The Open Failover Activities option is displayed only if there are VMs in asuccessful failback state.

The Failover Details dialog box opens.

3. Click End Failover.

Results

When a failover ends, CDRS clears all used resources from the cloud, and the recovered instancesare terminated.


Monitor recovery activitiesThe DR Activities page enables you to view information about DR tests, failovers, and failbacks ofVMs and DR plans. The DR Activities page also enables you to promote DR tests to failover, failback the VMs, and terminate DR tests and failovers.

Procedure

1. To view status and other information about recovery activities, select Recovery > DRActivities

The DR Activities page displays a detailed listing of activities.



2. Filter for DR activities.

To search the list of DR activities by name, enter the asset name in the search bar at the topof the page and click the magnifying glass icon. You can also click the filter ( ) icon toselect filters to include in the search parameters, including the activity status, activity type,region, and creation time of the DR activity. When you identify the search filters, they aredisplayed below the search pane. To clear the filters from the search, click Clear Filters.



DR activity statusesEach DR activity (test, failover, or failback) can have one of several statuses that indicates theprogress of the activity.

Table 23 on page 118 provides a definition and example of each DR activity status.

Table 23 DR activity statuses

DR activity status Definition

Successfully running The operation is complete.Disaster recovery is now active.

The recovered cloud instance is now available.

Failed The DR activity failed.The recovered cloud instance is not available.

The user may retry the operation.

In progress DR activity was started and is underway.

This status is displayed from the time the DR activity wasactivated until the operation is complete.

Ending The "End" operation has been activated.

For the test or failover activity, the recovered cloudinstance is being terminated.

Successfully completed DR activity has ended.

Partially successful The DR plan activity includes successful and failed VMs.This status is relevant only for DR plans.

DR activity states for Azure environmentsThe DR Activities page enables you to monitor the progress of ongoing activity states for DRtests and failovers.

Table 24 Ongoing activity states for Azure environments

State Description

Rehydrating When you start a recovery, a temporaryRestore Service instance is created for eachregion in which the CDRS must performrecovery. In this state, the Restore Serviceinstance constructs the VHD from raw datachunks that are stored in Cloud DR target.The Restore Service instance automaticallyterminates after 10 minutes of idle time.For auto-scale handling, up to 100 RestoreService instances can be created forrecovery, and up to 20 restore instances canbe created for failback.



Table 24 Ongoing activity states for Azure environments (continued)

State Description

Converting When the Recovery Service instancecompletes rehydration of the VMDK file,CDRS converts the file into VHDs.

Launching When conversion is complete, CDRS launchesa cloud instance that is based on the VHDs.

Running When the launch completes successfully, therestored VM is running. This state is the finalstep of the recovery.

Each step in this process can take several minutes to complete.

View recovery detailsThe DR Activities page enables you to view detailed information about the assets that are listed.

Procedure

1. For any asset listed in the DR Activities page, click the information icon .

Note: For DR plans, you must first click the down-arrow icon to access the individualassets.

A detailed list of information about the asset is displayed. For example:

2. To collapse the detailed information view, click the information icon again.

DR plan activitiesA disaster recovery (DR) plan is a collection of assets that enables you to define run book recoveryplans, including batch operations on multiple assets, network and security group association, VMboot order definition, and selection of cloud instance type. You can manage, recover, and fail backDR plans through the CDRS. If you want to manage each asset separately, you can split the DRplan into its individual assets.

This section provides the basic procedures for DR plan activities.



Create a DR planYou can create a DR plan for a specific region/location and CDRA. Then you can add assets to theDR plan.

Before you begin

You can add to the DR plan only those assets that are protected by the selected on-premisessource in the designated region.

Procedure


The Select or Create a New Plan window is displayed.

2. To create a DR plan, click Create Plan.

3. In the Plan Details tab, enter a unique name for the DR plan and select an on-premisessource, and location.

NOTICE You cannot edit the on-premises source name or region after you selectmembers for the plan.

4. If you want the DR plan to fail when any asset in the plan fails, select the Fail plan on errorcheckbox. If you want the DR plan to continue running when one or more assets fail, clearthe checkbox.

5. Select a default network, default security group, and, if you are using tags, a tag.

6. In the Plan Members tab, click Add Members.

The Add Members dialog box displays a list of assets.

7. In the Add Members dialog box, select the checkbox for each asset that you want to add tothe DR plan, and then click Add.

8. To change the asset boot order, default network, default security group, virtual machinetype, tags, or private IP address selection, click the Edit button for the asset. Make thechange, then click Apply.

9. Review the list of assets that you added to the new DR plan. If you require additionalchanges, select one or more of the assets to edit (by using the Edit button) or remove (byusing the Remove button).



10. When you are satisfied with the DR plan, its assets, and properties, click Create Plan.

Results

The DR plan is created and may be used for testing or failover.

Edit a DR planYou can edit the properties of a DR plan except for the region and the on-premises source.

About this task

If the plan is active (running or in failover or test), editing the plan does not affect the active DRplan.

Procedure


The Select or Create a New Plan window is displayed (not shown).

2. Click the edit icon for the plan that you want to edit.

The Edit DR Plan window is displayed.

3. If required, change the Fail plan on error setting.

4. If you want to change the default network, click CHANGE and pick a different network.

5. If required, pick a different security group.

6. If required, select a different tag.

7. If you want to change the members that belong to the DR plan or edit the settings for anyselected member:

a. Click the EDIT MEMBERS button.



The Plan Members window is displayed.

b. Select one or more members of the plan.

c. If you want to remove one or more selected members, click the REMOVE button.

d. If you want to edit settings for one or more selected plan members, click the EDITbutton.

The Edit Member dialog box is displayed.

e. In the Network tab of the Edit Member dialog, if required, change the boot order,default network, and default security group of the member.

f. In the Advanced tab, if required, change the virtual machine type, tags, or the private IPaddress checkbox.

g. Click APPLY to apply changes to the edited member.

h. In the Edit DR Plan window, click APPLY to apply changes to the edited DR plan.

Results

The DR plan is updated and may be used for testing or failover.



Test or fail over a DR plan to Azure cloudTo verify that the operations of a DR plan work as expected, you test the DR plan. To start afailover of the assets in the DR plan, you fail over the DR plan. This procedure describes how totest or fail over a DR plan by using the Cloud DR Server interface.

Before you begin

To perform a test or failover of a DR plan, you must have instances of virtual machines that arebacked up in the cloud.

About this task

To ensure a successful failover and prepare for a disaster, best practices entail testing variousdisaster recovery scenarios.

When an operational error or disaster occurs on premises, you can fail over a DR plan to the cloud.When the on-premise issue is resolved, you may fail back the DR plan to the on-premisesenvironment.

Note: When you fail over a DR plan, Cloud DR Server fails over the assets in the DR planaccording to the VM boot order.

Procedure

1. In the Cloud DR Server user interface, select Recovery > Plan Recovery

The Plan Recovery page displays a list of DR plans on which recovery activities can beperformed.

2. Select the DR plan that you want to recover, and click DR Test to test the plan or Failoverto fail it over to the cloud.

A dialog box is displayed and prompts you to select copies.

3. Select one of the copy options:

Option Description

Latest available copies Recovery uses the latest copies of the asset in the recoveryoperation.

Select a point in time Recovery uses asset copies that are based on the time, date, andselection that you specify.

4. Click Next.

A dialog box is displayed and prompts you to review the list of copies and their status.



5. If you are:

l Unsatisfied with the copy selections, make the necessary changes before continuing.l Satisfied with the copy selections, continue with a test or failover of the DR plan.

ResultsDepending on the selection, the Cloud DR Server starts the test or failover of the DR plan.

Split a DR plan activityIf you want to manage each asset separately, you can split the DR plan.

About this taskIn the DR Activities window, DR plan activities are organized by card types: DR test cards, DRfailover cards, and DR failback cards. If you have a DR plan in test and you split it, the DR testcards are split apart and you can individually end them or promote them to failover. The assets inthe DR plan are separated, and the DR plan is removed. When you split apart a DR plan activity,the action is irreversible.Procedure

1. From the CDRS user interface, select Recovery > DR Activities.

2. Locate the DR plan activity that you want to split.



3. To split the DR plan into its individual assets, click the icon.

Results

The DR plan is split into its individual assets, and the cards in the DR plan activity are split intoindividual activities.

Delete a DR planWhen you no longer require a DR plan and the VMs it contains, you can delete the plan.

About this task

If the plan is active (running or in failover or test), deleting the plan does not affect the active DRplan.

Procedure


The Select or Create a New Plan window appears.

2. Select a DR plan to delete.

3. To delete the plan, click the delete (trash can) icon for the plan, and confirm the action.

Results

The DR plan is deleted.



PART 4

Cloud DR system and user management


Chapter 6, "Cloud DR Add-on System and User Management"

Chapter 7, "Cloud DR Server Interface"

Chapter 8, "Upgrading the CDRS and CDRAs"


Cloud DR system and user management


CHAPTER 6

Cloud DR Add-on System and User Management


l Cloud DR Add-on System.................................................................................................... 130l CDRA User Management...................................................................................................... 131


Cloud DR Add-on SystemThe Cloud DR Add-on System menu option enables you to collect logs and upgrade the Cloud DRAdd-on.

Collect logsThe Cloud DR Add-on System menu option enables you to collect logs and upgrade Cloud DR Add-on.

Before you begin

Before downloading logs from cloud storage, grant permissions to the cloud storage location. ForAWS cloud environments, Permissions to cloud storage for Cloud DR logs on page 169 providesinstructions.

For Azure cloud environments, see Enable downloads of Cloud DR logs from Azure on page 170.

About this task

You can store collected logs locally on the CDRA or upload them to the cloud in a default storagelocation. When the logs are collected, the CDRA generates a link to the local storage or the cloudstorage.

To collect CDRS logs, you can use any CDRA that is connected to the CDRS. When logs areuploaded to cloud storage and multiple CDRAs are connected to a CDRS, all logs from any CDRAare uploaded to the same cloud storage location. This condition is true even if each CDRA isconnected to a different cloud storage location. The Cloud Collection Mode enables you tocollect the logs of connected to .

Procedure

1. From the System menu option, click Log Collection.

The Log Collection page displays.

2. Select the date range for the logs you want to collect.

3. Use the Local Collection Mode to store the logs locally.

l To store logs locally on the CDRA, switch the Local Collection Mode toggle to the onposition. Local Connection Mode is best used when the connection between the CDRAand the cloud is not working and the CDRA logs collection is required.When Local Connection Mode is used:

n Local copies of logs are retained for 14 days. Logs older than 14 days are deleted.

n The maximum size of retained logs is 5 GB.

n Log file size cannot exceed 100 MB.

4. To store logs in the cloud in a default storage location, enable the Cloud Collection Modecheck box. The Cloud Collection Mode enables the log collection of connected to .

This option is not available if the Local Collection Mode toggle is switched to the onposition.

5. Enter a task name for the log collection task. This name is used for the cloud storage foldername where the collected logs are stored.

6. To begin the log collection process, click Collect Logs.



Results

When the log collection task completes, the Download and Copy Link button is displayed. Clickthe Download button to download the log or click the Copy Link button to copy the link.

CDRA User ManagementThe Settings menu option enables you to access the CDRA User Management page.

The CDRA User Management page enables you to change the password for the CDRA Adminaccount and update the password expiration period.

Change the password for the CDRA admin account.You can maintain security by changing the password for the CDRA admin account.

Procedure

1. From the Settings menu option, select Users.

The User Management page appears.

2. Click the edit (pencil) icon.

The Edit User Details dialog box opens.

3. Click Change Password.

4. Enter the new password.

The password must:







5. Confirm the new password by entering it again.

6. Click Save.

Change the CDRA password expiration periodYou can change the password expiration period for the CDRA admin account.

Before you begin

Log in as the admin user.

Procedure

1. From the Settings menu option, select Users.

The User Management page appears.

2. Click the edit (pencil) icon.

The Edit User Details dialog box opens.


4. Select a different expiration period. To set the password to never expire, select Never.



5. Click Save.

Results

The expiration period of the CDRA admin user password is updated.



CHAPTER 7

Cloud DR Server Interface


l The CDRS user interface..................................................................................................... 134l The CDRS Dashboard.......................................................................................................... 134l SLA Compliance page.......................................................................................................... 138l Asset Association page........................................................................................................ 138l Asset Recovery page........................................................................................................... 139l DR Activities page................................................................................................................ 141l Reports................................................................................................................................ 142l System Health..................................................................................................................... 143l Events..................................................................................................................................143l Registered components....................................................................................................... 144l Cloud DR Server user accounts............................................................................................144l Create a tag......................................................................................................................... 147l Set rapid recovery interval................................................................................................... 148l Export events to Syslog....................................................................................................... 148


The CDRS user interfaceThe Cloud DR Server user interface provides a dashboard representation of the CDRSenvironment and the capability to perform and monitor recoveries of protected virtual machinesand configuration tasks that are related to the CDRS.

Log into the CDRS interfaceTo log into the cloud-based CDRS component of the Cloud Disaster Recovery solution, you need ausername and password.

Procedure

1. From a host that has network access to the CDRS virtual appliance, use a browser toconnect to the appliance:

https://CDRS_hostname

Where CDRS_hostname is the hostname or IP address of the address that was createdwhen the CDRS was deployed from the CDRA. You can find the CDRS hostname on theCloud DR Server page in the Cloud DR Add-on window by selecting Configuration > CloudDR Server.

2. For Username, enter either admin or monitor.

3. For Password, enter the password for the admin or monitor user.

If you have forgotten the password:

a. Click Forgot Password?.

b. Enter the username, and click Send.

Note: In AWS environments, CDRS checks whether the User email address (see Change the email address of a CDRS user account on page 144) exists in (and hasbeen verified by) the AWS root user account. If a valid User email address has beendefined, an email is sent to the specified email address, with instructions forresetting the password.

Results

On logging in, the Cloud DR Server window opens and the Welcome page appears.The menu bar on the Cloud DR Server window shows the current location in the user interface. Tolog out of the Cloud DR Server user interface, click the icon on the right side of the menu bar andselect Sign out. To leave feedback, click Tell us what you think at the bottom of the window,enter the comments, and click Send Feedback.

The CDRS DashboardThe CDRS dashboard provides insight into key product information and operational behavior. Thedashboard is divided into panes that display unique information.

To open the dashboard, click Overview in the navigation pane of the Cloud DR Server window.



Navigation paneThe Cloud DR Server navigation pane provides links to the various pages of the interface.

The following sections describe the pages that you access through the navigation pane. You canalso access many of these pages through the dashboard.

Events paneThe Events pane of the CDRS dashboard provides a summary of system events.



To view event details, click See Details in the Events pane, or select System > Events from thenavigation pane of the CDRS dashboard. Events on page 143 provides information about Eventsdetails.

SLA Compliance paneThe SLA Compliance pane of the CDRS dashboard provides a summary of the compliance ofprotected assets with the service level agreements (SLAs) that were established in the backupsoftware when backup policies were configured for protection.

To view SLA compliance details, click Review SLA Details in the SLA Compliance pane, or selectOverview > Target RPO from the navigation pane of the CDRS dashboard. SLA Compliance pageon page 138 provides information about SLA compliance of the protected assets.

System Health paneThe System Health pane of the CDRS dashboard provides general system health status.

To view system health details, click See All in the System Health pane, or select System > Healthfrom the navigation pane of the CDRS Dashboard. System Health on page 143 providesinformation about system health details.



Recovery Activities paneThe Recovery Activities pane of the CDRS dashboard displays information about current runningrecovery activities, which include DR test and failover.

For more information about recovery activities, click See All in the Recovery Activities pane, orselect Recovery > DR Activities from the navigation pane of the CDRS dashboard to open the DRActivities page. DR Activities page on page 141 contains information about the DR Activitiespage.

Cloud Usage paneThe Cloud Usage pane of the CDRS dashboard provides a summary of the amount of storagebeing used in the cloud.

Note: The information displayed varies depending on the cloud provider environment and theoperating mode.

To filter the cloud usage based on region, click the down-arrow in the upper right of the CloudUsage pane and select a specific region.

Recommendations paneThe recommendations pane provides a summary of recommendations that are based on theirseverity: high, medium, or low.

To view greater details, click See All. The resulting list provides a description of eachrecommendation.

Figure 16 Recommendations pane



On-premises assets and storage information paneThe On-premises assets and storage information pane of the CDRS dashboard identifies thenumber of on-premises assets that are protected by the Cloud DR solution. It also identifies theamount of on-premises storage that Cloud DR is protecting.

SLA Compliance pageThe SLA Compliance page provides details about the compliance of protected assets with theservice level agreements (SLAs) that were established when policies were configured forprotection.

For Avamar, this compliance represents the Recovery Point Objective (RPO) that is defined in theAvamar Administrator interface. For RecoverPoint for VMs, this compliance represents theRecovery Point Objective (RPO) that is defined in the RecoverPoint for VMs RPO setting of eachcloud copy.

Access the SLA Compliance page from the dashboard by clicking Review SLA Details in the SLACompliance pane. or from the navigation pane by selecting Overview > Target RPO

Noncompliant protected assets are at the top of the list, with the most severe type listed first. Youcan search the list by asset name by using the search bar at the top of the page.

The SLA Compliance page provides information about compliance. Changes cannot be made in thispage.

Asset Association pageThe Asset Association page, available only in Advanced Mode, enables you to associateapplications with their VMs. Making associations between applications and the VMs that host themis required to enable DR activities for the applications. Unassociated applications cannot be testedor failed over.

Access the Asset Association page from the navigation pane by selecting Protection > AssetAssociation.



The Asset Association page makes it easy for you determine which applications require useraction to associate them with a VM. A toggle button at the upper right enables you to display onlyunassociated assets.

Note: As shown in this example, if you protect an SQL application, the association is automaticand you cannot change it. This state occurs when using advanced policy in Avamar andenabling Cloud DR for the policy.

Asset Recovery pageThe Asset Recovery page provides a list of protected assets that you can test or fail over.

You access the Asset Recovery page from the navigation pane by selecting Recovery > AssetRecovery.

From the Asset Recovery page, you can search for assets to recover, select an asset to test orfailover, or recover to a specific vCenter (if previously enabled).

When you select an asset from the list, buttons appear at the top of the dialog box to enable DRactions for you to perform.

Minor differences in asset recovery exist between the two operational modes that are available inthe Cloud DR solution.

Recover assets to a vCenter in Standard ModeIf you enabled recovery to at least one vCenter for at least one on-premises source, the AssetRecovery page is displayed. When you select the asset, an additional action button is displayed:RECOVER TO VCENTER.

The RECOVER TO VCENTER button displays only when:

l The operating mode is Standard Mode

l The selected VM contains a copy in the cloud

l At least one recovery-enabled vCenter is available

When you click RECOVER TO VCENTER, you are prompted to select a copy, a failover target,and configure other settings before starting the failover.



Figure 17 Failover to vCenter

Asset recovery in Advanced Mode

In Advanced Mode, a VM may have one or more associated applications running on it.

Note: In the screen example, the VM named Windows7-withSqlAgent has two asset types. Thebottom row shows the VM, and the top row shows the application on the VM.

In Advanced Mode, if you test or fail over:

l A VM, only the VM is tested or failed over.

l An application, a single DR activity is started that contains one DR card for the VM and one forthe application.

If a VM has more than one application, and you would like to test or fail over multiple applications,place the applications and associated VM in a DR plan and run the DR activity on the plan.



DR Activities pageThe DR Activities page displays recovery activities for DR test and failover and enables you topromote DR tests to failover and end DR tests.

Access the DR Activities page from the dashboard by clicking See All in the Recovery Activitiespane, or from the navigation pane by selecting Recovery > DR Activities.

This screen shows an example of an application test (available only in Advanced Mode). Noticethat the application is coupled with its VM in this view:

Searching for DR activities

To search the list of DR activities by name, enter the asset name in the search bar at the top of thepage and click the magnifying glass icon. You can also click the filter ( ) icon to select filters toinclude in the search parameters, including the activity status, activity type, region, and creationtime of the DR activity. When you identify the search filters, they are displayed below the searchpane. To clear the filters from the search, click Clear Filters.



Promoting a failover to failback

From the DR Activities page, you can also select a VM or DR plan in a failover state and fail it backto an on-premises vCenter server. When promoting a single VM to failback, you can change thenetwork and security group. However, this action is not possible when promoting a DR plan.

Pausing DR for application maintenance - Advanced Mode

If an application is undergoing a DR test or failover and requires user action before continuing (forexample, to mount a database), the DR activity pauses to enable you to perform user actions onthe application. For a list of possible user actions depending on the application, see User actions torestore applications - Advanced Mode on page 68.

When you are ready to resume the DR test or failover, you may choose to continue with the DR inprogress or skip it to finish the DR manually. These options are available from the DR activitiespage:

If you want to view only those activities that require attention, click the toggle button at the top ofthe DR activities page:

Ending recovery instances from the cloud provider console

You can also terminate a recovery instance from the cloud provider console. When you terminatethe recovery instance, the CDRS DR Activities page indicates an Instance Terminated status.

DR activity statesThe DR Activities page enables you to monitor the progress of ongoing activity states for DRtests and failovers.

To understand the states of DR activities for:

l AWS environments, see DR activity states for AWS environments on page 76.

l Azure environments, see DR activity states for Azure environments on page 118.

ReportsCDRS enables you to generate reports that help you to monitor resources in the Cloud DRsolution.

Protected Copies Cloud Consumption

CDRS enables you to define the reporting parameters for cloud consumption. You selectReports > Generate Report, and then define parameters.

l Region

l Consumption for copies:

n Only asset copies

n Only rapid recovery copies

n Asset copies and rapid recovery copies



l Time interval:

n Last week

n Last month

n Last year

Note: The storage consumption is calculated once a day.

Click the DOWNLOAD RAW DATA link (upper right) to retrieve the report in CSV format.

DR Activities

You can also generate a report to show the DR activities based on status, type, region, andselected date range:

System HealthThe Health page, which is accessed by clicking See All in the System Health pane of thedashboard, or selecting System > Health from the navigation pane, provides information about thehealth of the Cloud DR implementation. Cloud-based and on-premises components are listed.

To view details about a component that is listed in this screen, click the down-arrow icon (v) tothe right of the component. A details pane provides information about the status of thecomponent. Component issues are identified so corrective action can be taken.

EventsUse the Events page, which is accessible by selecting System > Events from the navigation pane,to review system events by date, severity, title, and category.

To view details about an event, click the down-arrow icon (v) to the right of the event. A detailspane provides the event ID and detailed information about the event.



To search the list of events for various event types, type a search string in the search bar at thetop of the page and click the magnifying glass icon. For example, to limit the event list to onlythose events that contain the word "Failover," type Failover in the search bar and click themagnifying glass icon.

You can also click the filter ( ) icon to select filters to include in the search parameters, includingsecurity level, category, the Cloud DR Add-on, and event creation time. The search filters youidentify appear below the search pane. To clear the filters from the search, click Clear Filters.

Registered componentsThe Registered Components page, which is accessible by selecting System > RegisteredComponents from the navigation pane, enables you to view registered components and unregisterthem.

A registered component includes name, IP address, version, and on-premises source (CDRA orvRPA). Click UNREGISTER next to the component that you want to unregister.

Cloud DR Server user accountsThe Cloud DR Server User Management page (Settings > Users) displays the user accounts thatare associated with the CDRS. Use this page to view warning messages for a CDRS user, or tochange the password, password expiration period, and password recovery email address, of aCDRS user.

NOTICE You cannot create or delete a user account.

CDRS user accounts are comprised of a Username (admin or monitor) and Password that areused to Log into the CDRS interface on page 134, and a User email address that is used torecover the password.

Two default user accounts are associated with CDRS: admin and monitor. In the Avamar/DataDomain data protection solution, the passwords and other information for these user accounts areprovided when CDRS is initially deployed from the CDRA. In the RecoverPoint for VMs dataprotection solution, an admin user is created when you deploy CDRS using the RecoverPoint forVMs vSphere plug-in.

In AWS environments, if you have not responded to the AWS verification email sent after you Change the email address of a CDRS user account on page 144, a warning icon is displayed next tothe admin user account email address. You can request a new verification email through the AWSconsole by signing into the console and selecting the US East (N. Virginia) region. Open https://console.aws.amazon.com, and select Email Addresses. Select the email address that you want toverify, and click resend.

Change the email address of a CDRS user accountYou can change the email address to which instructions for resetting the password will be sent, ifyou should lose your CDRS user account password.

Before you begin

l Log into the CDRS interface on page 134.





l In AWS environments, in the AWS Management Console, ensure that the email address thatyou want to use for password recovery is verified under the AWS root user account.

About this task

Note: Clicking the Forgot Password? link when you Log into the CDRS interface on page 134will send an email with the instructions for resetting the password to the User email addressthat you define.

Procedure

1. Click the edit (pencil) icon to the right of the user account.

The Edit User Details dialog box appears.

2. In the User email address field, enter the email address.

3. Click Save.

Results

In Azure environments, the email address is updated, and will be used for recovery the next timeyou click the Forgot Password? link, when you Log into the CDRS interface on page 134. Azuredoes not require email verification.

In AWS environments, if the new email address exists in the AWS root user account and has beenverified by AWS, a verification email is sent from AWS to the new email address.

After you finish

In AWS environments, respond to the AWS verification email within 24 hours. After you respond tothe AWS verification email, the email address is updated in Cloud DR, and will be used for recoverythe next time you click the Forgot Password? link, when you Log into the CDRS interface on page134. The new User email address is assigned to the US East (N. Virginia) region.

Change the CDRS user account passwordYou can change the password for the CDRS user.

Before you begin

Log into the CDRS interface on page 134.

About this task

In the RecoverPoint for VMs data protection solution, the password for the admin user is definedin the RecoverPoint for VMs vSphere plugin during CDRS deployment.



Procedure

1. Click the edit (pencil) icon to the right of the user account.



3. Enter the new password.

The password must:







4. Confirm the new password by entering it again.

5. Click Save.

Results

The password is updated, and should be used from now on, when you Log into the CDRS interfaceon page 134.

After you finish

In the RecoverPoint for VMs cloud solution, use the RecoverPoint for VMs vSphere plugin toregister the new password with every vRPA cluster that protects a production VM. In theRecoverPoint for VMs vSphere plugin, select Administration > Cloud Services, click the Editicon to the right of the Cloud DR Server name, update the value for CDRS admin user password,and click Register.

Change the CDRS password expiration periodYou can change the password expiration period for the CDRS admin user.

Before you begin

Log into the CDRS interface on page 134 as the admin user.

Procedure

1. Click the edit (pencil) icon to the right of the admin user account.





3. Select a different expiration period. To set the password to never expire, select Never.

4. Click Save.

Results

The expiration period of the CDRS admin user password is updated. You will be prompted toupdate the current password when it expires.

Create a tagYou can create one or more tags to enable tagged-based resources management. Examples of usecases include Cloud Snapshot Manager (CSM) tag-based policy protection, applying bulk updatesor security patches, upgrading applications, opening or closing ports to network traffic, collectingspecific logs, or monitoring data from recovered instances.

About this task

An important use case for tag-based management is protection during failover operation. You cancreate tags in CDRS and leverage CSM to protect tagged workloads that are being failed over tothe cloud. Read more about tag-based management with CSM here:

https://support.emc.com/docu86938_Cloud-Snapshot-Manager:-Manage-Copy-Sprawl-in-Amazon-Web-Services-.pdf?language=en_US

Procedure

1. From the Cloud DR Server UI, select Settings > Tags, and then click the Create Tagbutton.

2. Enter the key and values for the new tag. Optionally, set the tag as a default. Then clickCreate.

3. Repeat steps above to create additional tags.

Note: Once you create the tags, you can apply them whenever you run a test or failover.





Set rapid recovery intervalYou can set the minimal time interval during which rapid recovery copies are not created. Theminimum time interval is 6 hours, and the maximum is 24 hours. The default setting is 12 hours.

Before you begin

The rapid recovery process can be performed only when a copy is available in the cloud storageafter rapid recovery is enabled. Rapid recovery does not occur for copies that are uploaded beforerapid recovery is enabled.

Procedure

1. In the CDRS user interface, select Settings > General in the navigation pane.

2. In the Set Rapid Recovery Interval section, move the slider to select the time intervalduring which rapid recovery copies are not created.

The change takes effect immediately.

Results

The CDRS runs the rapid recovery process that is based on the time interval that you set.

For example, if the time interval is set to 10 hours, then no rapid recovery copy iscreated within 10 hours of the previous rapid recovery copy.

Export events to SyslogYou can configure CDRS to export events to a syslog server where they can be viewed usingexternal monitoring systems.

Procedure

1. In the CDRS user interface navigation tree, select System > Syslog.

2. Select Add Syslog Server and provide the following information about the Syslog server:

l IP or hostname.

l Transfer protocol.

l Port number.

l Facility name.

3. To return to the Syslog page, click Save & Connect.

4. To verify connection to the syslog server, click Test Syslog.

5. Click Add Event Filter and specify the following information on the Defined Eventswindow:

l Filter name.

l One or more categories to send to syslog.

l One or more severity levels to send to syslog.

6. To return to the Syslog page, click Add.

The Enable Syslog log transfer switch is automatically toggled to on.



Results

The events data is exported to the syslog server. You can disable these exports by toggling offEnable Syslog log transfer.



CHAPTER 8

Upgrading the CDRS and CDRAs

To upgrade the CDRS and CDRAs, you need to upload an upgrade package, which enables you toupgrade the CDRS, and then the CDRAs that are connected to it.

l Upload upgrade packages to the CDRS and CDRA.............................................................. 152l Upgrade the Cloud DR Server.............................................................................................. 152l Upgrade the Cloud DR Add-on.............................................................................................153


Upload upgrade packages to the CDRS and CDRATo upload an upgrade package to the CDRS and CDRA, use the Cloud DR Server Upgrades page.

Before you begin

l The versions of the CDRA and CDRS do not need to be identical, and you are not required toupgrade them at the same time (unless otherwise instructed). When uploading an upgradepackage, if the upgrade package version is not supported, you receive a notification.

l CDRS and CDRA components are upgraded separately. Beginning with Cloud DR Release 18.3,you can directly upgrade to a CDRS/CDRA release version that is up to 4 versions later thanthe current version. For example, if consecutive versions include 18.3, 18.4, 19.1, 19.2, and 19.3,then you could directly upgrade 18.3 to 19.3 in one step. However, for CDRS/CDRA versionsbefore Release 18.3, you must incrementally upgrade from one version to the next (forexample, 17.2 > 17.3 > 17.4 > 18.1 > 18.2).

l In the RecoverPoint for VMs protection solution, consult the RecoverPoint for VMs ReleaseNotes to ensure that the upgrade packages that you upload are for a CDRA/CDRS version thatis compatible with the version of RecoverPoint for VMs that you want to upgrade to.

Procedure

1. Download the upgrade package (CDRS or CDRA, or both) from online support: https://www.dell.com/support/ (search for "Cloud Disaster Recovery Upgrade Package").

2. From the CDRA System menu option, select Upgrades.

3. To upload the upgrade package that you downloaded in 1 on page 152, click UploadPackage.

4. To replace the currently uploaded package with another package, click Upload DifferentPackage.

Results

l After uploading an upgrade package for the CDRS, the Upgrade Cloud DR Server button isdisplayed. Upgrade the Cloud DR Server on page 152 provides the steps to upgrade the CDRS.

l After uploading an upgrade package for the CDRA, a message indicates that the CDRA ispending upgrade. Upgrade the Cloud DR Add-on on page 153 provides the steps to upgradethe CDRA.

l If the upgrade package includes both CDRS and CDRA, the package is made available for theCDRA only after the CDRS has been upgraded.

Upgrade the Cloud DR ServerTo upgrade a CDRS, use the Cloud DR Server Upgrades page. If a DR operation is in progress, theupgrade process is disabled.

Before you begin

l Upload upgrade packages to the CDRS and CDRA on page 152

l Ensure that there is no rapid recovery process running.

l In the RecoverPoint for VMs protection solution, consult the RecoverPoint for VMs ReleaseNotes to ensure that the target CDRS version is compatible with the version of RecoverPointfor VMs that you want to upgrade to.





About this task

Note: Do not upgrade the CDRS while the rapid recovery process is running. If you upgradethe CDRS during the rapid recovery process, that process is not monitored after the upgrade(the machine image is lost).

Procedure

1. From the CDRS System menu option, select Upgrades.

2. Click Upgrade Cloud DR Server.

3. In the Cloud DR Server Upgrade dialog box, click Upgrade.

Results

Expect a short downtime during upgrade while the CDRS restarts. You cannot perform DRoperations until the upgrade completes and you restart the browser.

After you finish

Restart the browser, and Log into the CDRS interface on page 134.

Upgrade the Cloud DR Add-onTo upgrade a CDRA, use the Cloud DR Add-on Upgrades page.

Before you begin

l Upload upgrade packages to the CDRS and CDRA on page 152

l Ensure the CDRA complies with the Virtual machine specifications for Cloud DR with AWS onpage 37

l In the RecoverPoint for VMs protection solution, consult the RecoverPoint for VMs ReleaseNotes to ensure that the target CDRA version is compatible with the version of RecoverPointfor VMs that you have upgraded to.

Note: In the RecoverPoint for VMs protection solution, a CDRA is required only for failbackfrom AWS, or to recover to VMware Cloud on AWS. If you deployed more than one CDRA,remember to upgrade both of them.

Procedure

1. From the CDRA System menu option, select Upgrades.

The Upgrades page displays and provides information about the current version andupgrade status of the Cloud DR Add-on.

2. If an upgrade package is available for the CDRA, click Upgrade Cloud DR Add-on.

Results

The CDRA is upgraded to the new version. A short downtime is possible during upgrade while theCDRA restarts. At the end of the upgrade process, the Cloud DR Add-on login page displays.

After you finish

Restart the browser and Log into the CDRA on page 44.



APPENDIX A

Security and Networking

This appendix includes the following topics:

l Cloud Disaster Recovery security ....................................................................................... 156l Network communications.................................................................................................... 158l Firewall................................................................................................................................ 158


Cloud Disaster Recovery securityData in transit

For data that the Cloud DR solution transfers:

l Communication between customer data centers and Amazon Web Services uses SSLprotocols.

l The use of a Virtual Private Networker (VPN) or AWS Connect are optional.

Data at rest in AWS S3

For data at rest in the AWS S3 storage, Cloud DR supports server-side encryption that is providedby AWS. Supported encryption methods include SSE-S3 and SSE-KMS.

Password Vaulting

All passwords are kept in a lockbox for both the Cloud DR Add-on and the Cloud DR Server.

User permissionsAll AWS user permissions are handled via AWS Identity and Access Management (IAM).

Cloud DR user permissions are handled via Cloud DR users and roles.

Define the AWS IAM policyTo deploy CDRS, you must have an AWS Identity and Access Management (IAM) user with thefollowing minimum permissions:

Create group policy in AWS

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "iam:GenerateCredentialReport", "iam:GenerateServiceLastAccessedDetails", "iam:Get*", "iam:List*", "iam:CreateRole", "iam:DeleteRole", "iam:AttachRolePolicy", "iam:DetachRolePolicy", "iam:DeleteRolePolicy", "iam:CreatePolicy", "iam:DeletePolicy", "iam:PutRolePolicy", "iam:CreateInstanceProfile", "iam:DeleteInstanceProfile", "iam:AddRoleToInstanceProfile", "iam:RemoveRoleFromInstanceProfile", "iam:PassRole", "iam:SimulateCustomPolicy", "iam:SimulatePrincipalPolicy" ], "Effect": "Allow", "Resource": "*" }, { "Action": "ec2:*", "Effect": "Allow",


"Resource": "*" }, { "Effect": "Allow", "Action": "cloudwatch:*", "Resource": "*" }, { "Effect": "Allow", "Action": "s3:*", "Resource": "*" }, { "Effect": "Allow", "Action": [ "ses:SendEmail", "ses:SendRawEmail", "ses:Verify*", "ses:ListVerifiedEmailAddresses" ], "Resource": "*" }, { "Effect": "Allow", "Action": "cloudformation:*", "Resource": "*" }, { "Effect": "Allow", "Action": "rds:*", "Resource": "*" }, { "Effect": "Allow", "Action": "sqs:*", "Resource": "*" } ]}

To create a policy in AWS using this IAM policy:

1. At the AWS Identity and Access Management Console (https://console.aws.amazon.com/iam/home?#/home), click Policies.

2. Click Create policy.

3. Click Select for Create Your Own Policy.

4. Enter a name and description for the policy.

5. In Policy Document, paste the above IAM policy.

6. Click Create Policy.

Create group policy in AWS GovCloud

To create a policy in AWS GovCloud IAM:

1. At the AWS GovCloud Identity and Access Management Console ( https://console.amazonaws-us-gov.com/console/home?region=us-gov-west-1), click Policies.

2. Click Create policy.

3. Enter the following details:

l Service


https://console.aws.amazon.com/iam/home?#/home

https://console.aws.amazon.com/iam/home?#/home

https://console.amazonaws-us-gov.com/console/home?region=us-gov-west-1

https://console.amazonaws-us-gov.com/console/home?region=us-gov-west-1

l Actions

l Resources

l Request conditions

4. Click Review Policy.

5. Enter the name and description for the policy.

6. Click Create policy to create a group policy.

Network communicationsAfter failover to the cloud, the customer is responsible for ensuring proper networkingcommunications from restored VM instances on the cloud to their local network, such as using aVPN or similar networking solution, load balancing, and other networking-related issues.

FirewallThe following ports should be opened for communication between the specified components:

Table 25 Required Cloud Disaster Recovery ports

Port Description

111 Communication between Data Domain and CDRA

443 Communication between CDRA and AWS

443 Communication between CDRA and CDRS

443 Communication between CDRA and vCenter

443 Communication between a local restore VM and AWS

2049 Communication between Data Domain and CDRA

9443 Communication between Avamar and CDRA


APPENDIX B

Cloud DR REST API


l REST API overview.............................................................................................................. 160l Using Swagger.....................................................................................................................160l Use the API programmatically...............................................................................................161


REST API overviewA REST API is provided for both the Cloud DR Add-on and Cloud DR Server to facilitateprogrammatic access to Cloud DR functionality.

Swagger documentation for the REST API is available at the following locations:

l CDRA — https://CDRA_IP_or_hostname/api-docl CDRS — https://CDRS_IP_or_hostname/api-docAll Cloud DR API calls must be authenticated with an access token.

Using SwaggerThis section describes how to use Swagger to reset the admin password and obtain an accesstoken.

Change the admin password with SwaggerYou can use Swagger to change the admin password.

About this task

These steps are only necessary if the initial admin password has not been changed in the CDRAuser interface. These steps have no impact on the CDRS admin password.

Procedure

1. Open a browser and go to https://<CDRA_IP_or_hostname>/api-doc.

2. To expand the relevant REST calls, click Users.

3. Click the /users/resetPassword PUT call.

4. Enter the following JSON in the Parameters section:

{ "username": "admin", "password": "initial password", "newPassword": "new password"}

where:

l username – enter admin.

l password – the existing admin password. The initial admin password value is password.

l newPassword – the new password.

5. Click Try it out!

Results

The expected response code of HTTP OK 200 indicates that the password change is successful.


Obtain an access token with SwaggerYou can use Swagger to obtain an access token.

Procedure

1. Open a browser and go to https://<CDRA_IP_or_hostname>/api-doc.

2. Click Authorize at the top of Swagger user interface.

3. Complete the following fields on the Available authorizations dialog box.

l Username – enter admin.

l Password – the current admin password.

l Setup client authentication type – select None or Other.

4. Click Authorize.

Results

For the rest of the session, all REST API calls are authorized using the access token.

l A blue information icon ( ) indicates authorized REST API calls.

l A red exclamation icon ( ) indicates unauthorized REST API calls.

Use the API programmaticallyThis section describes how to use the Cloud Disaster Recovery REST API to change the adminpassword and to obtain the access token.

Change the admin password programmaticallyThe Cloud Disaster Recovery REST API enables you to change the admin passwordprogrammatically.

About this task


Procedure

1. Open an API client that you want to use for creating a PUT request.

2. Specify https://<CDRA_IP_or_hostname>/rest/users/resetPassword as the URI.

3. Specify the following JSON in the request body:

{ "username": "admin", "password": "initial password", "newPassword": "new password"}

where:


l password – the existing admin password. The initial admin password value is password.

l newPassword – the new password.


4. Send the PUT request.

Results

The expected response code of HTTP OK 200 indicates that the password change is successful.

Obtain an access token programmaticallyYou can obtain an access programmatically and then include the token value in subsequent requestheaders.

Before you begin

About this task


Procedure

1. Open a REST API client that you want to use for creating the POST request.

2. Specify https://<CDRA_OR_CDRS_ADDRESS>/rest/oauth2/token as the URI.

3. Specify the following JSON in the request body:

{"grantType": "","username": "admin","password": "password"}

where:

l grantType – empty string.


l password – the existing admin password.

4. Send the POST request.

The response returns the access token and the token type in the body of the message. Forexample:

{"accessToken": "4776290f-5ec1-44b3-b5aa-826b4c6a1962","tokenType": "Bearer"}

5. Specify the following headers in all further requests:

Content-Type: application/json Authorization : Bearer 9a82cb75-627f-485e-8495-a765fe4526b7

Authorization specifies the token type and token value.


APPENDIX C

Performance and scalability


l Cloud DR performance with AWS........................................................................................ 164l Cloud DR scalability with AWS............................................................................................. 164l Cloud DR performance with Azure....................................................................................... 164l Cloud DR scalability with Azure............................................................................................165


Cloud DR performance with AWSThe following summarizes the performance expectations for operations with Cloud DR with AWS.

Protection

l CDRA maximum read throughput from Data Domain is 72 MBps.

l Concurrent protected virtual machines per CDRA is 15% of the Data Domain read streamsamount (min:1, max:20).

l Compression rate before sending to the cloud is 50%.

Recovery

l Rehydration: 10 Gbps per Restore Service instance.

l Conversion: Conversion time is based on the AWS VMDK-to-AMI Conversion time (forexample: Ubuntu 7Gbyte OS takes around 20 minutes).

Cloud DR scalability with AWSThe following summarizes the maximum supported operations with Cloud DR:

l Up to 100 TB of protected front-end data (the actual size of all protected virtual machines).

l Up to 1000 VMs protected.

l 20 concurrent conversions from VMDK to AMI per region.

l If the stack amount reaches the customer limitation or quota, any subsequent DR test orfailover fails with an appropriate error message.

l 20 simultaneous AWS operations for DR tests, failovers, and other operations (AWSlimitation). Contact AWS support to raise this limit.

Cloud DR performance with AzureThe following summarizes the performance expectations for both protection and recoveryoperations with Cloud DR with Azure:

Protection

l CDRA maximum read throughput from Data Domain is 72 MBps.

l Concurrent protected virtual machines per CDRA is 15% of the Data Domain read streamsamount (min:1, max:20).

l Compression rate before sending to the cloud is 50%.

Recovery

l Rehydration: 10 Gbps per Restore Service instance.

l Conversion: Conversion script takes approximately 1 minute to run.


Cloud DR scalability with AzureThe following summarizes the maximum supported operations with Cloud DR:

l Up to 100 TB of protected front-end data (the actual size of all protected virtual machines).

l Up to 1000 VMs protected.

l If the stack amount reaches the customer limitation or quota, any subsequent DR test orfailover fails with an appropriate error message.

l 100 simultaneous operations for DR tests, failovers, and other operations per region.


APPENDIX D

Troubleshooting


l Collect logs.......................................................................................................................... 168l Troubleshooting AWS environments.................................................................................... 170l Troubleshooting Azure environments................................................................................... 172


Collect logsThe Cloud DR Add-on System menu option enables you to collect logs and upgrade Cloud DR Add-on.

l Collect logs in CDRA

l Collect logs in CDRS

Collect logs in CDRALogs can be collected from the CDRS user interface. The logs are stored locally or uploaded to thecloud in a default storage location. CDRS generates a link to the local storage or cloud storageonce the logs are collected.

About this task

You can store collected logs locally on the CDRA or upload them to the cloud in a default storagelocation. When the logs are collected, the CDRA generates a link to the local storage or the cloudstorage.

To collect CDRS logs, you can use any CDRA that is connected to the CDRS. When logs areuploaded to cloud storage and multiple CDRAs are connected to a CDRS, all logs from any CDRAare uploaded to the same cloud storage location. This condition is true even if each CDRA isconnected to a different cloud storage location. The Cloud Collection Mode enables you tocollect the logs of connected to .

Procedure




2.In the Admin username and Admin password fields, enter the username and password forthe CDRA.




5. Use the Local Collection Mode to store the logs locally.

l To store logs locally on the CDRA, switch the Local Collection Mode toggle to the onposition. Local Connection Mode is best used when the connection between the CDRAand the cloud is not working and the CDRA logs collection is required.When Local Connection Mode is used:

n Local copies of logs are retained for 14 days. Logs older than 14 days are deleted.

n The maximum size of retained logs is 5 GB.

n Log file size cannot exceed 100 MB.

6. To store logs in the cloud in a default storage location, enable the Cloud Collection Modecheck box. The Cloud Collection Mode enables the log collection of connected to .


This option is not available if the Local Collection Mode toggle is switched to the onposition.



Results

When the log collection task completes, the Download and Copy Link button is displayed. Clickthe Download button to download the log or click the Copy Link button to copy the link.

Collect logs in CDRSLogs can be collected from the CDRS user interface. The logs are uploaded to the cloud in adefault storage location. CDRS generates a link to the cloud storage once the logs are collected.

Procedure






Results

When the log collection task completes, a link is provided to the collected logs. To access the logs,click the link or click Copy to copy the link.

Permissions to cloud storage for Cloud DR logsAfter logs are collected, they are uploaded to a default Azure storage account or Amazon S3bucket and a link is provided in the CDRA interface. Clicking the link enables you to download logsfrom the storage account or S3 bucket. However, you cannot download the logs unless theappropriate permissions have been granted to the storage account or S3 bucket.

Instead of granting permissions to download the logs from the CDRA interface, you may prefer todownload the logs directly from the Azure portal or AWS management console that was used fordeployment.

Enable downloads of Cloud DR logs from AWSTo enable downloads of Cloud DR logs from the AWS, log in to the AWS console.

About this task

This procedure enables public access to the logs folder for downloading the log files. When publicaccess is enabled, the CDRS dashboard displays a recommendation to remove public access. Afterretrieving Cloud DR logs, ensure that you remove public access.

Procedure

1. Log into the S3 Dashboard of the AWS Console (https://console.aws.amazon.com/s3/).

2. Select the S3 bucket that contains the logs.

3. Click the Permissions tab.

4. Click Bucket Policy.


https://console.aws.amazon.com/s3/

5. Enter the following text in the Bucket policy editor:

{ "Version": "2012-10-17", "Statement": [ { "Sid": "AddPerm", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::bucket-name/logs/*" } ]}

where bucket-name is the name of the bucket that contains the logs.

6. Click Save.

Results

The log files are now accessible via the link provided in the CDRA interface.

Enable downloads of Cloud DR logs from AzureTo enable downloads of Cloud DR logs from the Azure, access the Azure portal.

About this task

This procedure enables public access to the logs folder for downloading the log files. When publicaccess is enabled, the CDRS dashboard displays a recommendation to remove public access. Afterretrieving Cloud DR logs, ensure that you remove public access.

Procedure

1. Access the Azure portal.

Portal address: https://portal.azure.com/.

2. Locate the storage account that you selected during CDRS deployment.

3. Locate a blob named cdrscontainer in this storage account. The logs are created insidethis container in a folder named logs.

4. Select the checkbox next to the logs folder, and then click access policy.

5. Set the public access level to Blob (anonymous read access for blobs only)and click Save.

Results

The log files are now accessible via the link provided in the CDRA interface.

Troubleshooting AWS environmentsAWS default limits

The following components in AWS have default limits that may not be appropriate for the CloudDR environment. For example, if you plan to use more than five VMs and are using elastic IPaddresses, you must increase the default limit for the number of elastic IP addresses beforeperforming a disaster recovery.


https://portal.azure.com/

Table 26 AWS default limits

Component Default limit

Number of buckets 100

Number of Elastic IP addresses 5

Number of instances per region 20

Number of Internet gateways 5

Number of Instances from the same type inthe same region

25

http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html contains informationabout default service limits and information about how to increase the limits.

AWS encryption

In AWS, policies can be specified for an S3 bucket that requires all objects within the bucket to beencrypted (or non-encrypted) with a specific algorithm or key. Cloud DR does not verify that thepolicy of the target bucket matches the encryption policy that the user configured for a cloudtarget. If there is a mismatch between the two, CDRA fails to send the data to the S3 bucket.

In the event of this failure, check the Cloud DR events to determine the issue. Then change thesecurity policy in the cloud target, the target bucket, or the target bucket policy.

AES256 encryption

Cloud DR uses AES256 to encrypt metadata in AWS. As a result, if an S3 bucket policy enforcesKMS for all objects within the bucket, the CDRA can upload the user data, but not the metadata.

If this issue exists, edit the bucket policy to allow for AES256 encryption for the metadata folderwithin the bucket. For example, edit the bucket policy by adding the following:

{ "Sid": "AllowKMSEverywhere", "Effect": "Allow", "Principal": "*", "Action": "s3:PutObject", "Resource": "arn:aws:s3:::bucket1/*", "Condition": { "StringEquals": { "s3:x-amz-server-side-encryption": "aws:kms" } } }, { "Sid": "AllowAES256InMetadataFolder", "Effect": "Allow", "Principal": "*", "Action": "s3:PutObject", "Resource": "arn:aws:s3:::bucket1/backups/*", "Condition": { "StringEquals": { "s3:x-amz-server-side-encryption": "AES256" } }}


http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html

Error when deploying the Cloud DR Server if AWS Marketplace terms have not beenaccepted

An error may occur when the Cloud DR is trying to create the EC2 instance for the Cloud DRServer during Cloud DR Server deployment if AWS Marketplace terms have not been accepted.The following error message appears in the log:

ERROR [date] com.emc.cloud_dr.cdr.cdra.cloud_manager.impl.deploy_cdrs.wf.steps.instance.CreateCdrsInstanceTasklet: Error in Create Cdrs Instance! com.amazonaws.services.ec2.model.AmazonEC2Exception: In order to use this AWS Marketplace product you need to accept terms and subscribe. To do so please visit http://aws.amazon.com/marketplace/pp?sku=aw0evgkw8e5c1q413zgy5pjce (Service: AmazonEC2; Status Code: 401; Error Code: OptInRequired; Request ID: id)

To resolve this issue, accept the AWS Marketplace terms as described in Accept Amazon WebServices Marketplace terms on page 37 and continue with Cloud DR Server deployment.

Incorrect email address when configuring the Cloud DR Server

If you specify an incorrect email address when configuring the Cloud DR Server and are unable toverify the email:

1. Follow instructions for changing the email address at Change the email address of a CDRS useraccount on page 144. Then enter and verify the correct email address.

2. Log in to the AWS console and open the Amazon SES console at https://console.aws.amazon.com.

3. Select the US East (N. Virginia) region.

4. Select the incorrect email address and click Remove.

Troubleshooting Azure environmentsAzure cloud post-failback procedure for Linux Operating System

The Cloud DR failback procedure in the Cloud DR Installation and Administration Guide transfers afailed-over VM (cloud instance) back to the on-premises vSphere environment. After running thefailback procedure, if you receive the following message, additional steps may be required (sincethe Azure Hypervisor uses a different configuration for booting a Linux-based VM).

Failback succeeded, but the VM may not boot due to issues in the conversion step.

The additional steps follow this general work flow:

1. To boot with the original initrd/initramfs image, edit the boot menu. Pressing TAB at theend of the initrd line should autocomplete the .cdr_backup extension.

2. Log in to the VM.

3. Replace any file in the /boot folder with its corresponding file that has the .cdr_backupextension (if it exists).

Listed below are the detailed steps for this general work flow.

Note: Before performing these steps, you may want to try logging in to the failed-back VMsince, in some cases (for example, OEL 6.8), the VM boots correctly.

Note: The operating systems that are used in the following examples include SLES 11 (SUSEEnterprise Linux) with GRUB and Red Hat (RH) 7 Linux with GRUB2.




Note: Different versions of GRUB may use different keyboard shortcuts. GRUB showskeyboard shortcuts for boot and edit commands at the bottom of the screen.

1. Open the VM console in vSphere.

2. Power on the failback VM.

a. To access the GRUB menu, press Esc in the VM boot/splash screen.Note: Some Linux operating system versions may require different keystrokes.

b. In SLES, press Esc key. In RH, press the down arrow key.

c. In cases where multiple optional boot entries exist, validate which boot entry is used for theVM in the Azure cloud. By default, it should be the latest version initrd/initramfs.Select each optional boot entry until you find the appropriate one (the one with a secondinitrd/initramfs file that has the extension .cdr_backup).

3. To change the required initrd/initramfs file, press Edit (e) .Note: Select the initrd version to work with, for example, initrd-3.... In other Linuxoperating system versions (or other GRUB versions), file names like initrd16... may beused.

4. To replace the file path with the original file that has the .cdr_backup extension, press Edit(e). To autocomplete the suffix (if it exists), add "." at the end of the file name and press Tab.

5. When the backup initrd/initramfs file is found, press the required keyboard shortcut toboot using the appropriate initrd/initramfs file.

6. To make the boot changes permanent, log in to the terminal using root/sudoer user.

a. In the /boot folder, replace the initrd/initramfs file with the original file that hasthe .cdr_backup extension.

b. For GRUB, in the /boot/grub folder, replace the menu.lst file with the original file thathas the .cdr_backup extension.

c. For GRUB2, in the /boot/grub2 folder, replace the grub.cfg file with the original filethat has the .cdr_backup extension.

7. To verify if the changes have been completed successfully, boot the VM.


GLOSSARY

A

AMI Amazon Machine Image (AMI) is a template that contains configuration informationwhich is used to launch an EC2 instance in the AWS environment. In the native cloudsolution (AWS cloud), VMware's VMDK format, which is used by VMs, must beconverted to AMI format, which is used by AWS cloud. In the VMware Cloud to AWS(VMC) solution, there is no requirement to do a format conversion from VMDK to AMIbecause a VMware environment exists both on premises and in the cloud.

Application An application in DD Cloud DR solution refers to one of the following:

l Windows File System

l Linux File System

l Windows SQL Server

l Windows Exchange VSS

l Windows Sharepoint VSS

l Linux Oracle RMAN

l Windows Oracle RMAN

Protection and recovery of applications is available only on the Advanced Mode of DDCloud DR solution.

Asset A general term that refers to a VM or an application. VMs and applications areconsidered assets in the Cloud DR solution.

Azure Storage Azure Storage is an object storage service, which is used for cases like cloudapplications, content distribution, backup, archiving, disaster recovery, and Big Dataanalytics.

Azure Storage Disk Azure Storage Disk is a SSD storage optimized for I/O intensive read/write operations.

Azure Virtual Machine Virtual servers enable the users to deploy, manage, and maintain the operating systemand the server software. Instance types provide combinations of CPU/RAM. Users payfor what they use with the flexibility to change sizes.

Azure Virtual Network Azure Virtual Network provides an isolated, private environment in the cloud. Usershave control over their virtual networking environment, including selection of their ownIP address range, creation of subnets, and configuration of route tables and networkgateways.

C

CDRA Cloud Disaster Recovery Addon (CDRA) manages deployment of on-premisescomponents and CDRS, which runs in the cloud.


CDRS Cloud Disaster Recovery Server (CDRS) is a virtual server that runs in the customerdomain in the cloud. It provides a user interface for disaster recovery testing andfailover, and monitors available copies and orchestration activities in the cloud.

Note: Multiple on-premises sources (CDRAs and vRPAs) can connect to a singleCDRS, but an on-premises source cannot connect to multiple CDRSs.

Classless Inter-DomainRouting (CIDR)

Classless Inter-Domain Routing (CIDR) is a method for IP address allocation and IProuting.

E

EBS Amazon Elastic Block Store (EBS) provides block-level storage volumes for use withEC2 instances.

EC2 Elastic Cloud Compute (EC2) is an Amazon web service that provides resizablecompute capacity in the cloud. An EC2 instance is a virtual server in the AWSenvironment.

R

RDS Relational Database Service (RDS) is a web service that makes it easier to set up,operate, and scale a relational database in AWS environment.

Rehydration During protection, Cloud DR initially sends the first full copy of the protected VM tothe cloud and afterwards sends only the differences. When you start recovery (forexample, test or failover), a temporary Restore Service instance constructs the VMDKfile from the raw data chunks that are stored in the Cloud DR target. This process iscalled rehydration.

S

S3 Simple Storage Service (S3) is a cloud computing web server that provides scalable,object storage in the AWS environment. Objects are stored in S3 buckets. It is thesimplest and cheapest type of storage available from Amazon.

SQL Database SQL Database is a relational database-as-a-service (DBaaS) where the databaseresilience, scale, and maintenance are primarily handled by the Azure platform.

V

VPC Amazon Virtual Private Cloud (VPC) is a part of the AWS cloud where you can launchAWS resources in a virtual network that you define.

Glossary


dell emc cloud disaster recovery...l aws, see part 2, cloud dr with aws on page 31. l azure, see...

Documents