Overview
Through a DR plan you can preconfigure various aspects of disaster recovery for a single-click failover in the event of a disaster. DR plan encompasses virtual machines configured for disaster recovery, the AWS account used for disaster recovery, the replication frequency, the network settings, instance-related failover settings, and the order in which you want to recover the instances.
Before you begin
You have at least one Druva AWS proxy deployed in your AWS account that you intend to use for disaster recovery.
You deploy Druva AWS proxy in the same AWS region where the virtual machines you want to configure for disaster recovery are being backed up.
We strongly discourage the use of CloudCache with Disaster Recovery as the CloudCache can impact the RPO especially if the DR job is configured to run immediately after backup. The data is pulled from the CloudCache (in case the data is not synced to the Druva Cloud yet) and restored to the customer AWS account, which can impact the performance of the DR restore job. There is no impact if the DR job is configured to run daily or weekly, and the data is already present on the Druva Cloud.
To create a DR plan
Log in to the Management Console.
On the menu bar, click All Organizations, and select the required organization from the drop-down list.
On the menu bar, click Disaster Recovery.
In the left pane, click the DR Plans tab. The DR Plans page lists the DR plans configured with your organization.
On the top-right corner of the page, click New DR Plan. The New DR Plan page is displayed.
Configure the following:
Step 1: Add DR plan details
Option | Description |
Plan Name | The name of the DR plan that you want to create. |
Description | The description of the DR plan. |
AWS Account | The account that will be used to maintain the DR copy of the virtual machine. At the time of the disaster, you can launch EC2 instance from this DR copy, in-turn spinning up to production in minutes. Select the required account from the drop-down list. |
Region | The storage region where you want to create DR copies for your virtual machines. Select the required region from the drop-down list. |
Replication Frequency |
|
Step 2: Add virtual machines
Druva allows you to add virtual machines from multiple registered vCenters/ESXi hosts and administrative groups to the DR plan. In order to recover virtual machines in the event of a disaster, you must add virtual machines to the DR plan.
Before adding a virtual machine to a DR plan, you must consider the following points:
You can add only those virtual machines to a DR plan for which the storage region for backup is the same as the region specified in the DR plan.
You cannot add the same virtual machine to multiple DR plans.
Once you add a virtual machine to a DR plan, DR copies for that virtual machine is created periodically as per the schedule specified in the DR plan.
When adding a virtual machine to a DR plan, Druva sets the virtual machine-specific failover settings for launching an instance with its DR copy to the predefined default values. You can edit these settings later.
Procedure
The Source VMs section on the VM Selection tab of the New DR Plan dialog box lists the virtual machines that you can add to the DR plan. Select the virtual machines listed under the VM Name column that you want to add to the DR plan or select the checkbox next to the VM Name column header to add all the virtual machines to the DR plan.
You can also use the search box to search for VMs by name, the Hypervisor they are hosted on, or the administrative group they are a part of, and then select the VMs from the search results.
โ๐ Note
โ You can add a virtual machine only to a single DR plan. Therefore, the VM Name column does not list virtual machine that are already added to other DR plans.The Guest OS credentials column displays the credentials assigned to the virtual machines. The credentials displayed here were assigned to the VMs from the All Virtual Machines page under Protect > VMware. A yellow exclamation mark next to the credential in the Guest OS Credential column signifies that the credentials for the associated VM are invalid. If there is no icon next to the credential, then it means that either:
The credential is valid, or
The credential validation information is not available, or
The credential was assigned to the VM after the VMware application discovery job finished. The VMware application discovery job runs every 24 hours. It validates the credentials and stores the application discovery and credential validation status.
The Failover Checks - Guest OS section lets you assign credentials to VMs selected under the Source VM section. Credentials are required for the Failover Checks - Guest OS that run while the backup of a VM is in progress. You can either select pre-existing credentials from the drop-down or click + New Credentials in the drop-down to create and assign new credentials. See Adding a new credential for field descriptions. The newly created credentials are stored securely in the Credential Store.
The credentials assigned in this dialog box will show up under the Guest OS Credentials column on the All Virtual Machines page under Protect > VMware. These credentials will be used to run Failover checks - Guest OS the next time a backup of the VM is in progress.๐ Noteโ If a VM already has credentials assigned to it, selecting the VM and assigning it credentials from this dialog box will override the existing credentials.
Click Next.
After you add virtual machines to the DR plan, Druva AWS proxy creates DR copies based on the DR plan schedules and stores the DR copy information in the DR plan.
Step 3: Add failover settings
๐ก Tip
For a deeper understanding of the failover process, see About disaster recovery failover.
Druva AWS proxy creates a DR copy for the virtual machine and maintains it in the AWS account. At the time of the disaster, you can launch EC2 instance from the DR copy, in-turn spinning up to production in minutes.
Druva allows you to configure virtual machines for failover with settings specific to the two modes, Production Failover and Test Failover, respectively. Depending, upon the type selected during failover, you can use the corresponding settings to launch the EC2 instance.
Druva allows you to configure failover settings specific to the DR plan as well as individual virtual machines in the DR plan. When you configure failover settings for a DR plan, the failover settings apply to all the virtual machines associated with the plan.
Failover settings
Configure the following options for failover:
Option | Description |
Instance Type | This is the type of EC2 instance that Druva creates in the AWS account when it performs recovery of the VMware virtual machine from the available DR copy.
Manual selection:
Clear the Auto Assign checkbox. Select an instance type from the drop-down next to Instance Type. Select an instance type that is the same size or larger than your source virtual machine.
Automatic selection:
๐ Notes
Druva caps the instance size to 24xlarge in situations where the vCPU of your virtual machine exceeds 96, or the memory exceeds 384 GB. Druva displays 24xlarge in the recommendations if this instance size is available in your AWS region.
๐ Note
The Auto Assign functionality is disabled, and the View Recommendations link is unavailable if the backup of one or more selected VMs is not successful post the proxy upgrade.
See, Failover Limitations for more information. |
IAM Role | With the implementation of AWS PrivateLink (If you have deployed a Druva AWS proxy version 4.9.1-101573 or later), only the existing IAM roles will be displayed in the IAM Role drop-down. If you have created a new IAM role in your AWS account, you need to manually type the name of the IAM role which is the IAM instance profile ARL name.
For more information, refer to the AWS documentation. |
Volume Type | Select the required type of the Amazon EBS volume that you want to attach to the EC2 instance. Select one of the following options:
๐ Note
|
Instance Tags (Key-Value) | Enter a label in the key-value format and assign it to your AWS EC2 resources to categorize the AWS resources in different ways. Keys should not be name or conversion_id as these are used by Druva.
For more information about tags, refer to the AWS documentation. |
Security Groups | This is an optional field. Select one or more security groups from the groups available in the selected VPC. The security groups are used during the Production or Test failovers.
๐ Note
|
Network Settings | These settings are available when you select a single VM and then select Change Failover Settings. |
Subnet | The subnet settings are defined in Network Mappings.The subnet field is greyed out while changing the failover settings. |
Public IP | Select one of the following:
|
Private IP | Select one of the following:
|
Security Group | This is an optional field. Select one or more security groups from the groups available in the selected VPC. The security groups are used during the Production or Test failovers.
๐ Note
|
Step 4: Define network mapping
As part of network mapping:
Map the VCenter source network to a VPC and subnet on the target AWS account.
If the network of your virtual machine belongs to the same network for which you have defined the network mapping, the same VPC and subnet defined in the network mappings are used during failover.
The default network mapping defines the VPC and subnet to be used when no target network mapping is specified for the virtual machine source network.
When the source virtual machine has multiple network adapters, the default network mapping settings are always used for failover. However, when the source virtual machine has a single network adapter and if network mappings are defined for the adapter network, these network mapping settings are used for failover. Else the default network mapping settings are used for failover.
Security groups available in a particular VPC are available for selection in Network Mapping settings.
You can assign up to five security groups to AWS EC2 instances during failover.
Security groups assigned to a VM in the VM network settings ( Network Settings under Change Failover Settings for a selected VM) take precedence over security groups defined in the Default Target Network or Target Network Mappings. Suppose a VM in a specific subnet does not have any security groups assigned to it in the VM network settings. In that case, the VM takes on the security group assigned to a VPC in the same subnet in the Default Target Network settings or Target Network Mapping settings.
Considerations for adding network mappings
Before defining network mappings, consider the following points:
Ensure that you have deployed Druva AWS proxy 4.8.2 or later.
If a vCenter source network name is renamed, Disaster Recovery treats this network as a new network. The corresponding network mapping with the old name is displayed on the Recovery tab with the following warning message:
โSource network does not exist
.If a data center name changes, all the source networks within that data center are considered as new networks.
For every vCenter, a cron job runs every 24 hours to detect any network changes in your infrastructure. If Disaster Recovery detects any change in the source network of a virtual machine, it checks for any available network mapping for the new network. If it does not identify any network mapping, it assigns the default network mapping to the failover settings of the virtual machine. Disaster Recovery sends the following alert:
โFailover IP address settings for <virtual_machine_name> is changed.
If you have configured a static IP address for a virtual machine, you must validate the IP address with respect to the new VPC and subnet assigned to the failover settings.
Security groups available in a particular VPC are available for selection in Network Mapping settings.
You can assign up to five security groups to AWS EC2 instances during failover.
Security groups assigned to a VM in the VM network settings ( Network Settings under Change Failover Settings for a selected VM) take precedence over security groups defined in the Default Target Network or Target Network Mappings. Suppose a VM in a specific subnet does not have any security groups assigned to it in the VM network settings. In that case, the VM takes on the security group assigned to a VPC in the same subnet in the Default Target Network settings or Target Network Mapping settings.
Default target network
The Default target network settings are used when no target network is specified.
Mapping | Description |
Default Production / TestFailover Mapping | |
VPC | Select the VPC option from the drop-down list where you want to launch the EC2 instance for your production or test failover mode.
For more information, see VPC. |
Subnet | Select the required subnet option from the drop-down list for your production or test failover mode.
For more information, see Subnet. |
Security groups | This is an optional field. Select one or more security groups from the groups available in the selected VPC. The security groups are used during the Production or Test failovers. |
Network mappings
Network mappings comprise of the following:
Mapping | Description |
vCenter/Hypervisor | Select the registered vCenter or hypervisor host for which you want to define the VPC and subnet. |
Source Network | Select the network of your source virtual machine. |
Production / TestFailover Mapping | |
VPC | Select the VPC option from the drop-down list where you want to launch the EC2 instance for your production or test failover mode.
For more information, see VPC. |
Subnet | Select the required subnet option from the drop-down list for your production or test failover mode.
For more information, see Subnet. |
Security groups | This is an optional field. Select one or more security groups from the groups available in the selected VPC. The security groups are used during the Production or Test failovers. |
Filter DR plans by failover status
You can filter DR plans by the latest failover status and the latest failover check status. You can filter the DR plans by the following failover statuses:
Queued
Running
Successful
Successful with errors
Failed
Canceled
You can also filter the DR plans by the following failover check statuses (environment):
Successful
In Progress
Failed
Warning
Not initiated