Disaster Recovery with ANF and JetStream

Disaster recovery to cloud is a resilient and cost-effective way of protecting the workloads against site outages and data corruption events (for example, ransomware). Using the VMware VAIO framework, on-premises VMware workloads can be replicated to Azure Blob storage and recovered, enabling minimal or close to no data loss and near-zero RTO.

JetStream DR can be used to seamlessly recover the workloads replicated from on-premises to AVS and specifically to Azure NetApp Files. It enables cost-effective disaster recovery by using minimal resources at the DR site and cost-effective cloud storage. JetStream DR automates recovery to ANF datastores via Azure Blob Storage. JetStream DR recovers independent VMs or groups of related VMs into recovery site infrastructure according to network mapping and provides point-in-time recovery for ransomware protection.

This document provides an understanding of the JetStream DR principles of operations and its main components.

Solution deployment overview
  1. Install JetStream DR software in the on-premises data center.

    1. Download the JetStream DR software bundle from Azure Marketplace (ZIP) and deploy the JetStream DR MSA (OVA) in the designated cluster.

    2. Configure the cluster with the I/O filter package (install JetStream VIB).

    3. Provision Azure Blob (Azure Storage Account) in the same region as the DR AVS cluster.

    4. Deploy DRVA appliances and assign replication log volumes (VMDK from existing datastore or shared iSCSI storage).

    5. Create protected domains (groups of related VMs) and assign DRVAs and Azure Blob Storage/ANF.

    6. Start protection.

  2. Install JetStream DR software in the Azure VMware Solution private cloud.

    1. Use the Run command to install and configure JetStream DR.

    2. Add the same Azure Blob container and discover domains using the Scan Domains option.

    3. Deploy required DRVA appliances.

    4. Create replication log volumes using available vSAN or ANF datastores.

    5. Import protected domains and configure RocVA (recovery VA) to use ANF datastore for VM placements.

    6. Select the appropriate failover option and start continuous rehydration for near-zero RTO domains or VMs.

  3. During a disaster event, trigger failover to Azure NetApp Files datastores in the designated AVS DR site.

  4. Invoke failback to the protected site after the protected site has been recovered.Before starting, make sure that the prerequisites are met as indicated in this link and also run the Bandwidth Testing Tool (BWT) provided by JetStream Software to evaluate the potential performance of Azure Blob storage and its replication bandwidth when used with JetStream DR software. After the pre-requisites, including connectivity, are in place, set up and subscribe to JetStream DR for AVS from the Azure Marketplace. After the software bundle is downloaded, proceed with the installation process described above.

When planning and starting protection for a large number of VMs (for example, 100+), use the Capacity Planning Tool (CPT) from the JetStream DR Automation Toolkit. Provide a list of VMs to be protected together with their RTO and recovery group preferences, and then run CPT.

CPT performs the following functions:

  • Combining VMs into protection domains according to their RTO.

  • Defining the optimal number of DRVAs and their resources.

  • Estimating required replication bandwidth.

  • Identifying replication log volume characteristics (capacity, bandwidth, and so on).

  • Estimating required object storage capacity, and more.

Note The number and content of domains prescribed depend upon various VM characteristics such as average IOPS, total capacity, priority (which defines failover order), RTO, and others.

Install JetStream DR in On-Premises Datacenter

JetStream DR software consists of three major components: JetStream DR Management Server Virtual Appliance (MSA), DR Virtual Appliance (DRVA), and host components (I/O Filter packages). MSA is used to install and configure host components on the compute cluster and then to administer JetStream DR software. The following list provides a high-level description of the installation process:

How to install JetStream DR for on-premises
  1. Check prerequisites.

  2. Run the Capacity Planning Tool for resource and configuration recommendations (optional but recommended for proof-of-concept trials).

  3. Deploy the JetStream DR MSA to a vSphere host in the designated cluster.

  4. Launch the MSA using its DNS name in a browser.

  5. Register the vCenter server with the MSA.To perform the installation, complete the following detailed steps:

  6. After JetStream DR MSA has been deployed and the vCenter Server has been registered, access the JetStream DR plug-in using the vSphere Web Client. This can be done by navigating to Datacenter > Configure > JetStream DR.

    Error: Missing Graphic Image

  7. From the JetStream DR interface, select the appropriate cluster.

    Error: Missing Graphic Image

  8. Configure the cluster with the I/O filter package.

    Error: Missing Graphic Image

  9. Add Azure Blob Storage located at the recovery site.

  10. Deploy a DR Virtual Appliance (DRVA) from the Appliances tab.

Note DRVAs can be automatically created by CPT, but for POC trials we recommend configuring and running the DR cycle manually (start protection > failover > failback).

The JetStream DRVA is a virtual appliance that facilitates key functions in the data replication process. A protected cluster must contain at least one DRVA, and typically one DRVA is configured per host. Each DRVA can manage multiple protected domains.

Error: Missing Graphic Image

In this example, four DRVA’s were created for 80 virtual machines.

  1. Create replication log volumes for each DRVA using VMDK from the datastores available or independent shared iSCSI storage pools.

  2. From the Protected Domains tab, create the required number of protected domains using information about the Azure Blob Storage site, DRVA instance, and replication log. A protected domain defines a specific VM or set of VMs within the cluster that are protected together and assigned a priority order for failover/failback operations.

    Error: Missing Graphic Image

  3. Select VMs you want to protect and start VM protection of the protected domain. This begins data replication to the designated Blob Store.

Note Verify that the same protection mode is used for all VMs in a protected domain.
Note Write- Back(VMDK) mode can offer higher performance.

Error: Missing Graphic Image

Verify that replication log volumes are placed on high performance storage.

Note Failover run books can be configured to group the VMs (called Recovery Group), set boot order sequence, and modify the CPU/memory settings along with IP configurations.

Install JetStream DR for AVS in an Azure VMware Solution private cloud using the Run command

A best practice for a recovery site (AVS) is to create a three-node pilot-light cluster in advance. This allows the recovery site infrastructure to be preconfigured, including the following items:

  • Destination networking segments, firewalls, services like DHCP and DNS, and so on.

  • Installation of JetStream DR for AVS

  • Configuration of ANF volumes as datastores, and moreJetStream DR supports near-zero RTO mode for mission- critical domains. For these domains, destination storage should be preinstalled. ANF is a recommended storage type in this case.

Note Network configuration including segment creation should be configured on the AVS cluster to match on-premises requirements.

Depending on the SLA and RTO requirements, continuous failover or regular (standard) failover mode can be used. For near-zero RTO, continuous rehydration should be started at the recovery site.

How to install JetStream DR for AVS in a private cloud

To install JetStream DR for AVS on an Azure VMware Solution private cloud, complete the following steps:

  1. From the Azure portal, go to the Azure VMware solution, select the private cloud, and select Run command > Packages > JSDR.Configuration.

    Note The default CloudAdmin user in Azure VMware Solution doesn’t have sufficient privileges to install JetStream DR for AVS. Azure VMware Solution enables simplified and automated installation of JetStream DR by invoking the Azure VMware Solution Run command for JetStream DR.

    The following screenshot shows installation using a DHCP-based IP address.

    Error: Missing Graphic Image

  2. After JetStream DR for AVS installation is complete, refresh the browser. To access the JetStream DR UI, go to SDDC Datacenter > Configure > JetStream DR.

    Error: Missing Graphic Image

  3. From the JetStream DR interface, add the Azure Blob Storage account that was used to protect the on-premises cluster as a storage site and then run the Scan Domains option.

    Error: Missing Graphic Image

  4. After the protected domains are imported, deploy DRVA appliances. In this example, continuous rehydration is started manually from the recovery site using the JetStream DR UI.

    Note These steps can also be automated using CPT created plans.
  5. Create replication log volumes using available vSAN or ANF datastores.

  6. Import the protected domains and configure the Recovery VA to use the ANF datastore for VM placements.

    Error: Missing Graphic Image

    Note Make sure that DHCP is enabled on the selected segment and enough IPs are available. Dynamic IPs are temporarily used while domains are recovering. Each recovering VM (including continuous rehydration) requires an individual dynamic IP. After recovery is complete, the IP is released and can be reused.
  7. Select the appropriate failover option (continuous failover or failover). In this example, continuous rehydration (continuous failover) is selected.

    Error: Missing Graphic Image

Performing Failover / Failback

How to perform a Failover / Failback
  1. After a disaster occurs in the protected cluster of the on-premises environment (partial or full failure), trigger the failover.

    Note CPT can be used to execute the failover plan to recover the VMs from Azure Blob Storage into the AVS cluster recovery site.
    Note After failover (for continuous or standard rehydration) when the protected VMs have been started in AVS, protection is automatically resumed and JetStream DR continues to replicate their data into the appropriate/original containers in Azure Blob Storage.

    Error: Missing Graphic Image

    Error: Missing Graphic Image

    The task bar shows progress of failover activities.

  2. When the task is complete, access the recovered VMs and business continues as normal.

    Error: Missing Graphic Image

    After the primary site is up and running again, failback can be performed. VM protection is resumed and data consistency should be checked.

  3. Restore the on-premises environment. Depending upon the type of disaster incident, it might be necessary to restore and/or verify the configuration of the protected cluster. If necessary, JetStream DR software might need to be reinstalled.

    Note Note: The recovery_utility_prepare_failback script provided in the Automation Toolkit can be used to help clean the original protected site of any obsolete VMs, domain information, and so on.
  4. Access the restored on-premises environment, go to the Jetstream DR UI, and select the appropriate protected domain. After the protected site is ready for failback, select the Failback option in the UI.

    Error: Missing Graphic Image

Note The CPT generated failback plan can also be used to initiate the return of the VMs and their data from the object store back to the original VMware environment.
Note Specify the maximum delay after pausing VMs in the recovery site and restarting in the protected site. This time includes completing replication after stopping failover VMs, the time to clean recovery site, and the time to recreate VMs in protected site. The NetApp recommended value is 10 minutes.

Complete the failback process, and then confirm the resumption of VM protection and data consistency.

Ransomeware Recovery

Recovering from ransomware can be a daunting task. Specifically, it can be hard for IT organizations to determine the safe point of return and, once determined, how to ensure that recovered workloads are safeguarded from the attacks reoccurring (from sleeping malware or through vulnerable applications).

JetStream DR for AVS together with Azure NetApp Files datastores can address these concerns by allowing organizations to recover from available points in time, so that workloads are recovered to a functional, isolated network if required. Recovery allows applications to function and communicate with each other while not exposing them to north- south traffic, thereby giving security teams a safe place to perform forensics and other necessary remediation.

Error: Missing Graphic Image