hbc8292 vcloud air recovery as a service (raas) deep dive

vCloud Air Recovery as a Service (RaaS) Deep DiveDavid Hill, VMware, Inc

HBC8292

#HBC8292

2

1 vCloud Air Disaster Recovery Overview

2 Architecture

3 Design Considerations

4 Data Protection in the Cloud

5 Backup to the Cloud

Agenda

VMware vCloud® Air™ is a secure public cloud operated by VMware, built on the trusted foundation of vSphere.

The service supports both existing workloads as well as new application development, giving IT a common platform to seamlessly extend their data center to the cloud leveraging the same tools and processes they use today.

vCloud Air Offerings

Cost-effective DR of vSphere VMs. Ideal for BC/DR, data center extension/geographic coverage

Warm standby capacity on vCloud Air Self-service protection, failover and failback workflows per VM 15 min – 24 hr. recovery point objective (RPO) Initial data seeding by shipping a disk 7-day run time per DR test 30 days of recovered VM run time

Disaster Recovery

SITE A(PRIMARY)

vCLOUD AIR , SITE B(RECOVERY)

vSphere Replication

FAILOVER

FAILBACK

DR Instance

Multiple point in time recovery snapshots

Subscription service that is offered in monthly, yearly or ELA terms

9:00am

8:45am8:30am

8:15am

4:15am

vRealize Orchestrator plug-in for vCloud Air

SITE A(PRIMARY)

vCLOUD AIR , SITE B(RECOVERY)

vRealize Orchestrator plug-in

FAILOVER

FAILBACK

DR Instance

Failback using vSphere Replication

vCloud Air Disaster Recovery

4

CONFIDENTIAL

The simplest way to protect your workloads

6

Encapsulation: Simple Application Protection• Entire system – including application, OS, and data – is stored as virtual

machine files• Just right click and replicate

Flexible Infrastructure: Integrates with what you already have• Support for multiple vSphere versions• Support for multiple Virtual Machine Hardware versions

Hybrid Aware: Seamless Integration with vCloud Air• Integrate with your existing on-premises vSphere environment• Scale your protection capacity to meet variable demand

CONFIDENTIAL

Disaster Recovery Decision Maker

8

Seeking DR Solution?

Budget for Second Data

Center/Managed Service?

Pass

vCloud Air - DR

Internal SkillsHosted SolutionCo-existence

Yes

No

No

YesCo-existence

YesYes

(Default)

(Partner service contract)

True Multi-Tenancy & Multi-Site Storage agnostic support Support for different vSphere versions Shared cloud infrastructure Simplified management

• UI embedded in vSphere (v5.1+)• Protect VMs with a couple of clicks• Automatable failover and testing• Installable in current environment

Administration via vCloud Air console and API*

vCloud Air Disaster Recovery

vCloud Air US vCloud Air Asia vCloud Air EUR

VMware vSphere customers

SRM

CONFIDENTIAL 9

TIER 1

TIER 2

TIER 3

Managed by SRM

SAN-Based Replication

vSphere Replication

ON-PREMISES DATA CENTERSITE A

REMOTE SITE B

vCLOUD AIR , SITE C(RECOVERY)

DR Instance

vCloud Air DR Co-Existence with SRM

CONFIDENTIAL 10

Cloud-Based DR Automation & Orchestration

SITE A(PRIMARY) vCLOUD AIR , SITE B

(RECOVERY)

FAILBACK

FAILOVER

DR Instance

SITE RECOVERY MANAGER AIR • Easy setup• Failover and failback• Multiple recovery plans• IP address changes• Multi-site topologies• Non-disruptive testing• Priority groups• Startup dependencies• No Secondary Site to manage• Design and Execute from a web

browser

Roadmap

Disaster Recovery Architecture

12

Disaster Recovery Service Architecture

vCloud Air Disaster Recovery

CustomerData Center Source VMDKs

Destination VMDKs Source VMDKs

Destination VMDKs

SSL Based Replication

Reverse Replication

CONFIDENTIAL 13

Built-in Encryption of Data in Flight

Encryption of replication traffic (in-flight) is provided between the following endpoints in vCloud Air Disaster Recovery.

ESXiVR

Appliance(vCloud

Tunneling)

Public Internet or Direct Connect PLC

vCloud Air(Cloud Proxy)

Host Based Replication

(HBR)

WebSocket (SSL) Encryption

ESXi

vSphere vSphere

CONFIDENTIAL 14

Components & Architecture

DR Appliance

DR Appliance

vCenter

ESXESX

vCTAvCenter

ESXESX

ESXi

VCD-sp

vRMS

vR

vRCSHybrid DRServices

vRS

A

B

C

vSphere Components

Replication and Cloud Components

Security Components

vSphere UI

vRMS Plugin

VCD Admin UI

vCloud Air Portal

vSM

Tenant(On-Premises Datacenter)

Provider(vCloud Air Cloud)

Cloud Proxy

vRMS

ESXi

CONFIDENTIAL

Disaster Recovery Scale Out

VMware vSphere

VMware vCenter A vSphere Replication A

1,000 VMs

VM Replication

DR-VDC A

VMware vSphere

VMware vCenter B vSphere Replication B

2,000 VMs

VM Replication

DR-VDC B

VMware vSphere

VMware vCenter C vSphere Replication C

3,000 VMs

VM Replication

DR-VDC C

15

CONFIDENTIAL 16

Disaster Recovery Scale OutTwo Sites, One Cloud

VMware vSphere

VMware vCenter A vSphere Replication A

500 VMs

VM Replication

VMware vSphere

VMware vCenter B vSphere Replication B

500 VMs

VM Replication

Max 1,000 VMs

CONFIDENTIAL 17

System Requirements for vCloud Air Disaster Recovery

• VMware vCenter 6.0– vSphere Essentials Plus– vSphere Standard– vSphere Enterprise– vSphere Enterprise Plus

• vSphere Replication Appliance 6.0• ESXi 5.1 or above*

─ ESXi 5.5 U2 or above recommended

• Public internet connectivity– No proxy or traffic filtering device

• vCloud Air Disaster Recovery subscription

• vCloud Air DR-VDC instance

Plan

* Check VMware interoperability matrix for latest version support: https://partnerweb.vmware.com/comp_guide2/sim/interop_matrix.php

Disaster Recovery Design Considerations

CONFIDENTIAL 19

Considerations for Failover

Sizing• How much standby storage?• How much standby

compute?

Security Assessment• Does your CSO need to be

involved?• What approvals are needed?

Networking and Connectivity• Do you need Direct Connect?• Do you need VPN?• How many Networks?

Workload Prioritization• Is storage-based replication

in place?• Is SRM in place?• Which workloads to protect

when?

• Self-service failover driven by consumer action

• CPU RAM and Storage drive sizing requirements• Commensurate bandwidth to support data volume and change rate• Type of workloads to protect, Tier 1, Tier 3

CONFIDENTIAL 20

Considerations for Failover

• Cloud (“DR-VDC”) pre-configuration required to streamline failover operations and aide in faster recovery times

• Local authentication required?• Access needs to manage the environment?

Infrastructure• Active Directory• DNS

Networking• DHCP / IP

Re-addressing• L4-L7 services redirect

Storage• Resource allocation

changes

Management• RBAC

CONFIDENTIAL 21

“Pilot Light” Virtual Machines With Physical Sites

Corp HQWest Coast

AD03 AD04 VIRTUALMACHINE

Private Network(192.168.110.0/24)

Private Network(192.168.52.0/24)

EDGE GATEWAYAny IPSEC Endpoint

INTERNET

vCloud Air Disaster RecoveryCorp HQ (East Coast)

IPSEC VPN

REPLICATION

CONFIDENTIAL 22

“Pilot Light” Virtual Machines with Cross Connect

CustomerData Center AD01

Private Network(192.168.52.0/24)

EDGE GATEWAY

Private Network(192.168.110.0/2

4)

vCloud Air Disaster Recovery

AD02

Customer Cage

vCloud Air

Direct Connect (1gbps)

Customer Router

REPLICATION

CONFIDENTIAL 23

“Pilot Light” Virtual Machines with VPC OnDemand

IPSEC VPN

EDGE GATEWAY

VPC OnDemand(Virgina)

vCloud Air Disaster Recovery (Virginia)

Test Network

Corp/Recovery Network

EDGE GATEWAY

On-Premises Data Center(San Francisco)

PROTECTED WORKLOADS

Domain Network

IPSEC VPN Endpoint

AD DNS AD DNS

Domain Network

IPSEC VPN

Corp Network

REPLICATION

vCloud Air

CONFIDENTIAL 24

“Pilot Light” Virtual Machines with next release

On-Premises Data Center(San Francisco)

PROTECTED WORKLOADS

Domain Network

IPSEC VPN Endpoint

AD DNS

IPSEC VPN

Corp Network

REPLICATION

vCloud Air Disaster Recovery (Virginia)

Corp/Recovery Network

EDGE GATEWAY

AD DNS

Domain Network

Test Network

vCloud Air

CONFIDENTIAL 25

IPSEC VPN

EDGE GATEWAY

VPC OnDemand(Virgina)

vCloud Air Disaster Recovery (Virginia)

Test Network

Corp/Recovery Network

EDGE GATEWAY AD DNS

Domain Network

vCloud Air

Connecting to your workloadsHTTP/HTTPS

CONFIDENTIAL 26

IPSEC VPN

EDGE GATEWAY

VPC OnDemand(Virgina)

vCloud Air Disaster Recovery (Virginia)

Test Network

Corp/Recovery Network

EDGE GATEWAY AD DNS

Domain Network

vCloud Air

Connecting to your workloads – VPN

VPN

Data Protection in the Cloud

28

VMware vCloud Air Object Storage powered by Google Cloud Platform

Storage Options

Standard StorageDurable Reduced

Availability Storage

speed

availability

durability

cost

Nearline

Universal cloud storage suitable for any workload

speed

availability

durability

cost

speed

availability

durability

cost

Cloud storage suitable for use cases that don’t require high

availability and high performance

Cloud storage suitable for long term storage of

infrequently accessed content

Data Protection Service

BACKUP

RESTORE

• Protect you workloads with an integrated backup/recovery option

• Simple to deploy and begin use

• Easily opt in and scale as needed

Benefits

• Agentless, policy-driven backup of virtual machines in vCloud Air

• Image-level (VMDK) restores• In-place or out-of-place

• Full self-service capabilities:• 1 – 365 day retention policy• Scheduled backup windows• Multiple restore points

Overview

VMDK

VMDK

VMDK

VMDK

Backup to Cloud

CONFIDENTIAL30

Why?

Protecting your workload no matter where it lives…EXTENDING DATA MANAGEMENT WITH VCLOUD AIR

VMware Private Cloud(On-premise)

Cloud Storage Library

Cloud is not just a storage target• DR to the Cloud - Extend beyond

your Datacenter with Commvault and vCloud Air by recovering workloads between clouds

vCloud Air

Cloud Storage Library

Commvault in vCA

Clients in vCloud Air

Commvault on-prem

Clients inPrivate Cloud

Protect workloads where they live• Whether on-premise or in vCloud Air,

Commvault can protect active workloads

• Policy-driven methodology allows granular control over how you want your data to be managed

Pay-as-you-go• Capacity-based licensing

from Commvault and Public Cloud models allow you to align costs with cloud consumption

Object Storage powered by

Google

vCloud Air and Veeam: Build a Successful Backup Plan

The 3-2-1 rule:– 3 copies of your data: production data, backup and its copy– 2 different types of media to store copies of your data (ex. disk storage and tape)– 1 copy of a backup file offsite (Cloud or remote site)

Allow the off-site copy of the backup to be hosted in vCloud Air: Good for partners and good for users.

Architectures

CONFIDENTIAL34

Hybrid Architectures on vCloud Air: Disaster Recovery vC

LOU

D A

IRC

OM

PUTE

Corp Network

vCLO

UD

AIR

O

BJEC

T STOR

AG

E

ON-PREMISES

BACKUP VENDOR

Corp Network

IPSEC VPN

VPN ENDPOINT

BACKUP VENDOR

VIRTUAL MACHINE

VIRTUAL MACHINE

VIRTUAL MACHINE

VIRTUAL MACHINE

OFFSITE BACKUP OF THE CLOUD

BACKUP TO THE CLOUD

ON-PREMISES

DIRECT CONNECT (1 gbps)

CORP ROUTER

BACKUPSTORAGE

Backup Network

INTERNET

ARCHIVESTORAGE

BACKUPSTORAGE

“Production” Network

“Production” Network

Private Network(192.168.50.0/24)

EDGE GATEWAY

DMZ Network(192.168.52.0/24

)

vCLOUD AIR

Extending existing On-Prem Infrastructure

Questions?