Having a credible DR strategy is an important requirement for many organisations today due to increased digitisation of business operations. While a cloud based DRaaS can offer a readily accessible solutions, they don’t all provide enterprise users with the additional flexibility they need or are accustomed to. Cloud Volumes ONTAP provides an efficient and reliable on-premises-like DR solution based on the flexibility of NetApp, combined with the scale and economics of AWS, Azure, and Google Cloud platforms.
This blog will provide step-by-step instructions on how to deploy and configure a disaster recovery solution in AWS using Cloud Volumes ONTAP.
Cloud Volumes ONTAP and AWS Disaster Recovery
It’s essential for every enterprise deployment to have a disaster recovery plan. AWS enterprise-level users can turn to Cloud Volumes ONTAP for an easy-to-deploy, storage-efficient AWS disaster recovery solution. Benefits of using Cloud Volumes ONTAP for DR include:
- Easy data replication from on-premise to a DR site in AWS.
- Quick storage failover and failback.
- Storage optimization technologies and automated data tiering to Amazon S3 help reduce storage footprint and costs.
This article provides a step by step guide for enterprise customers to follow in order to deploy Disaster Recovery for their on-premise NetApp ONTAP storage environments.
Before proceeding to the rest of this blog, readers are highly encouraged to refer to this blog post for the following prerequisite information:
- Key design considerations
- AWS Marketplace subscription
- AWS account and permissions
- NetApp Cloud Manager deployment
The rest of this post assumes the reader has completed the prerequisite steps outlined in the above post and has a fully functional Cloud Manager deployment in place already.
DR Network Prerequisites
In order to implement a DR solution from an on-premises ONTAP environment to AWS, we need to establish VPN connectivity to the AWS VPC that the Cloud Volumes ONTAP environment would be deployed to. In this section, we’ll show how to create the VPN configurations required on the AWS side to establish this connectivity.
AWS Networking Prerequisites
AWS Virtual Private Cloud is a logical construct that simulates a virtual network dedicated to your customer account within a specific AWS region, that spans all the Availability Zones within that region. A VPC is logically isolated and can carry multiple subnets within itself. All compute resources deployed within a VPC will typically be associated with one of these subnets. An AWS VPC can be securely connected to an on-premises network via a Virtual Private Gateway. Additional details around these concepts can be found here.
While customers have multiple options when it comes to creating an AWS VPC and VPN configurations to connect their on-premises networks, the rest of this article will focus on using the AWS VPC creation wizard where we will walk you through the steps required to create a new AWS VPC to deploy your NetApp Cloud Volumes ONTAP device. The VPC creation wizard makes it easy for customers to create a new VPC on AWS and create the required AWS VPN configuration items as a part of VPC creation process.
- Navigate to https://console.aws.amazon.com/vpc/, select the appropriate AWS Region, and click on “Launch VPC Wizard” button at the top (an introduction to using AWS VPC can be found here).
- Select the appropriate VPC configuration required and click “Select.” For the purpose of this post, we will select the “VPC with a private subnet only and hardware VPN access” configuration in order to demonstrate a typical enterprise deployment.
- Provide the IPV4 CIDR block details for the new VPC, VPC name, the private subnet’s IPv4 address, and the required AWS Availability Zone. Click “Next” once complete.
- Now provide the Customer Gateway IP, Customer Gateway name, and VPN connection name along with the Routing type. “Click Create VPC” when complete.
a. Customer Gateway: This is an AWS logical construct that provides information to AWS about your physical or software device on the on-premises network where the VPN connectivity details are configured.
- Note that it may take up to 20 minutes to create the VPC and the required VPN configuration items. Once complete:
a. The newly created VPC will be visible within the VPC dashboard
b. The required VPN configurations to connect the VPC to your on-premises network is also automatically created and will be visible within the “Virtual Private Network” section of the VPC dashboard. Note that the VPN Tunnel Details will show as “DOWN” until the VPN configurations are carried out on your on-premises VPN device and the VPN connectivity is successfully established (outside of the scope of this article).
Customer (On-Premises) Networking Prerequisites
The VPN configuration required in the on-premises environment may vary depending on the VPN equipment used and specific instructions on how to achieve that are beyond the scope of this post.
However, customers can download the AWS VPN configuration required for the on-premises VPN configuration tasks using the Site-to-Site VPN connections section of the VPC dashboard. For this, navigate to the VPC dashboard, select the Site-to-Site VPN Connections section under Virtual Private Network on the navigation menu on the left, and click the download configuration button at the top. Customers can then select the specific configuration required based on the third-party vendor solution and the corresponding VPN device platform to be used for the on-premises VPN configuration.
Once the on-premises VPN device has successfully been configured and VPN connection with AWS VPC has been established, ensure to verify the VPN tunnels (shown in the screenshots in step 5.b above) are showing as UP before proceeding with the steps below.
Discover an On-premises ONTAP Cluster
This section of the post will cover how to discover the on-premises NetApp cluster from Cloud Manager in order to deploy a volume for disaster recovery.
- Log in to your NetApp Cloud Account on the Cloud Central portal and select “Go to Cloud Manager” under Fabric View:
- From the Cloud Manager home page, go to the “Working Environments” tab and then click “Create your first Cloud Volumes ONTAP instance”:
- Select “Discover” and select “ONTAP” to discover the on-premises NetApp ONTAP cluster.
- Enter the on-premises cluster management IP details and admin credentials. Click “Continue” to discover the on-premises ONTAP systems.
- Accept / amend the name for the on-premises working environment and click “Go” to add the on-premises NetApp cluster to Cloud Manager. Once complete, you will see the new on-premises environment listed within Cloud Manager.
Note that as you have not yet deployed any Cloud Volumes ONTAP systems; Cloud Manager is only showing the discovered on-premises environment.
- Double-click the discovered cluster to see the volumes and determine which one you wish to replicate.
We will now proceed to creating the first Cloud Volumes ONTAP system.
Create a New Cloud Volumes ONTAP Environment on AWS
- From the Cloud Manager home page, go to the “Working Environments” tab and click “Add Working Environment”:
- The first step here is to choose the cloud in which you wish to start your new environment. The available options are AWS or Azure cloud, in a single-node or high availability configuration. For this scenario, we are selecting the “Cloud Volumes ONTAP for AWS” option.
- In this step you will provide the details of the environment to be created including the environment name and admin credentials. Make sure to verify the Cloud Provider Account to be accurate, as is outlined in the prerequisite configurations step-by-step article. When you are finished, click “Continue.”
- In this step, configure the AWS Region, VPC, and the appropriate subnet for connectivity.
a. If you choose to create a new security group, Cloud Manager will create a group with all the required inbound/outbound access rules. Alternatively, you can choose an existing security group (such as the security group created for Cloud Manager deployment, which was covered in the prerequisite configurations post) if Cloud Volumes ONTAP is also being deployed to the same AWS VPC as Cloud Manager. If you use an existing security group, ensure the security group rules outlined here are fully configured within the security group. You should also confirm that connectivity exists between Cloud Manager Server and the selected VPC.
b. If you select the SSH Authentication method as the Key Pair, make sure to select the appropriate key pair that should have been pre-created, which was also explained in the prerequisite configurations post.
Once you’re finished, click “Continue.”
- Now select the Data Encryption option applicable for Cloud Volumes ONTAP and click “Continue.”
- In the next screen, choose your license option: Pay-As-You-Go, or BYOL to use for an existing license.
In either case, select a NetApp Support Site (NSS) account to be used with the configuration. A NetApp Support Site account is recommended for the Pay-As-You-Go option to activate support for your system. However, note this can be added later as an option. Activation provides access to NetApp technical support resources and software updates. For the BYOL option, a support account allows you to upload your license key and enable the subscription for the term that you purchased. This includes automatic updates for term renewals.
In this example, we will keep the default Pay-As-You-Go option.
- In the next step, you can choose between several preconfigured packages available for various types of workloads.
These options include PoC and small workloads, Database and application data production workloads, Cost effective DR, and High performance production workloads. You can hover over each option to view the configuration parameters of each option.
Alternatively, you can click the “Create my own configuration” button on the top-right corner of the screen.
For this scenario we will proceed with “Cost effective DR” configuration. Click Continue to proceed to the next screen.
- We will skip the “Create Volume” section that appears next as we will be creating the DR replication volumes to the on-premises NetApp environment as a part of setting up the replication.
Click “Skip” to proceed.
- In this step you are asked to review the configuration settings and approve that the Cloud Manager will provision the selected AWS resources on your behalf. Tick the “I understand….” box and then click “GO.”
You can see that the environment is now initializing. This may take up to 25 minutes to provision.
- Once provisioned, Cloud Volumes ONTAP will be listed in the working environments along with your other ONTAP systems.
Create a Replication Relationship
Now that we have discovered the on-premises NetApp cluster and deployed a Cloud Volumes ONTAP instance to an AWS VPC for DR replication, this section will focus on creating the NetApp SnapMirror® replication relationship for enabling DR from on-premises to the cloud.
Snapshots are created automatically by ONTAP operating systems as a default backup mechanism. To configure replication between different source and destination ONTAPs, the user should configure the data replication policies that specify how snapshots will be copied over to the destination volume. The following replication policies are available:
- Backup Policy: This policy is used for copying specific snapshot copies to the destination volume, mainly for backup and long-term retention purposes, allowing you to restore to different points in time.Mirror Policy: Copies the newly-created snapshots to the destination. This is suitable in DR scenarios, where the destination volume can be activated at any time for data access.
- Mirror and Backup Policy: As the name indicates, this option combines both Mirror and Backup policies and is useful for DR as well as long-term retention.
These policies are included in the system. Alternatively, you can create custom policies of your own.
- From the main working environments page, drag and drop the source environment (On-premises) to the target environment (Cloud Volumes ONTAP).
- On the “Source Peering Setup” page, choose the Cluster Logical Interface (LIF) you want to use for the cluster peering setup, which is the initial connection between the two working environments. Click “Continue” to proceed.
- The next screen will show the list of volumes on the source. Select the volume that you want to be replicated.
- In this step you can define the destination volume. The name, disk type, and tiering policy will be assigned with default values according to the source. Keep the defaults and select “Continue.”
Note the S3 Tiering option can be set and enabled here. If the Amazon S3 tiering option is enabled, ensure that the prerequisites for this are met. Advanced options allow you to select the specific aggregates on the Cloud Volumes ONTAP device. We will ignore this option here and proceed with the default setting.
- Define the data transfer rate maximum. This setting is useful in environments with bandwidth restrictions. Select “Continue.”
- In the next screen, select your preferred replication policy. For this scenario, we will choose the Mirror policy which is sufficient for the purposes of disaster recovery.
- In the “Schedule” window, choose a replication schedule based from the available options listed. This will define the data Recovery Point Objective (RPO) of your DR solution.
- Review the configuration, tick the “I understand…” box to approve, and click on “GO” to start the replication process.
- On successful setup, you will see a message as follows stating that replication has started. Note the replication direction indicated between the on-premises NetApp ONTAP and Cloud Volumes ONTAP with an arrow.
Monitor and Manage the Replication Relationship
Once the replication is completed successfully, you can see the replication relationship in the working environments by going to the “Replication Status” section. You can also verify the replication relationship health here. As can be seen from the image below, the on-premises volume is being replicated to Cloud Volumes ONTAP in AWS.
You can manage the replication configuration from the Cloud Manager management window using the Replication Status tab view. Click the icon on the left of the relationship line to view various options. For example, you can break the replication, reverse synchronise the data (used during a failback operation), edit the sync schedule, and more using this view.
Cloud Volumes ONTAP offers a cloud-based disaster recovery solution for your storage. The solution can be configured for AWS disaster recovery as well as for Azure disaster recovery, which is outlined in this blog post. As a central part of a disaster recovery strategy, it offers better protection and security when compared to traditional disaster recovery solutions and caters to multicloud and hybrid-cloud architectures for enterprises.