Skip to main content

How can we help you?

Druva Documentation

Create a DR plan

Enterprise Workloads Editions
❌ Business| ✅ Enterprise (Purchase Separately) | ✅ Elite

 

Overview

Through a DR plan you can preconfigure various aspects of disaster recovery for a single-click failover in the event of a disaster.  DR plan encompasses virtual machines configured for disaster recovery, the AWS account used for disaster recovery, the replication frequency, the network settings, instance-related failover settings, and the order in which you want to recover the instances.

Before you begin 

  • You have at least one Druva AWS proxy deployed in your AWS account that you intend to use for disaster recovery. 
  • You deploy Druva AWS proxy in the same AWS region where the virtual machines you want to configure for disaster recovery are being backed up.
  • We strongly discourage the use of CloudCache with Disaster Recovery as the CloudCache can impact the RPO especially if the DR job is configured to run immediately after backup. The data is pulled from the CloudCache (in case the data is not synced to the Druva Cloud yet) and restored to the customer AWS account, which can impact the performance of the DR restore job. There is no impact if the DR job is configured to run daily or weekly, and the data is already present on the Druva Cloud.

To create a DR plan

  1. Log in to the Management Console.
  2. On the menu bar, click All Organizations, and select the required organization from the drop-down list.
  3. On the menu bar, click Disaster Recovery.
  4. In the left pane, click the DR Plans tab. The DR Plans page lists the DR plans configured with your organization.
  5. On the top-right corner of the page, click New DR Plan. The New DR Plan page is displayed.
  6. Configure the following: 
    1. Add DR plan details
    2. Add virtual machines 
    3. Add failover settings
    4. Define network mapping

Step 1: Add DR plan details

New DR Plan - Plan Details.png

Option Description
Plan Name The name of the DR plan that you want to create.
Description The description of the DR plan.
AWS Account The account that will be used to maintain the DR copy of the virtual machine. At the time of the disaster, you can launch EC2 instance from this DR copy, in-turn spinning up to production in minutes. Select the required account from the drop-down list.
Region The storage region where you want to create DR copies for your virtual machines. Select the required region from the drop-down list.
Replication Frequency
  • The frequency to update a DR copy. Based on the frequency defined, the Druva AWS proxy replicates the virtual machine backup data from the Druva Cloud to the AWS account and creates a DR copy. The DR copy corresponds to the latest recovery point available for the virtual machine. If there is already an existing DR copy present for a virtual machine (based on the previous recovery point), it is replaced by the DR copy created for the latest available recovery point. 
    Select one of the following options from the drop-down list
    • Immediately after backup: The update DR copy job (DR Restore job on the jobs page) starts immediately after a successful virtual machine backup.
    • Daily: The update DR copy job starts every day at the selected time.
    • Weekly: The update DR copy job starts every week at the selected time.
  • Start Time: The time when you want the update DR copy job to begin. The Start Time list only appears if you select the Daily or Weekly options from the Replication Frequency drop-down list.

Step 2: Add virtual machines

Druva allows you to add virtual machines from multiple registered vCenters/ESXi hosts and administrative groups to the DR plan. In order to recover virtual machines in the event of a disaster, you must add virtual machines to the DR plan. 

Before adding a virtual machine to a DR plan, you must consider the following points:

  • You can add only those virtual machines to a DR plan for which the storage region for backup is the same as the region specified in the DR plan.
  • You cannot add the same virtual machine to multiple DR plans.
  • Once you add a virtual machine to a DR plan, DR copies for that virtual machine is created periodically as per the schedule specified in the DR plan.
  • When adding a virtual machine to a DR plan, Druva sets the virtual machine-specific failover settings for launching an instance with its DR copy to the predefined default values. You can edit these settings later.

Procedure

  1. The Source VMs section on the VM Selection tab of the New DR Plan dialog box lists the virtual machines that you can add to the DR plan. Select the virtual machines listed under the VM Name column that you want to add to the DR plan or select the checkbox next to the VM Name column header to add all the virtual machines to the DR plan.
  2. You can also use the search box to search for VMs by name, the Hypervisor they are hosted on, or the administrative group they are a part of, and then select the VMs from the search results. 

    New DR Plan - VM selection.png

Note: You can add a virtual machine only to a single DR plan. Therefore, the VM  Name column does not list virtual machine  that are already added to other DR plans.

  1. The Guest OS credentials column displays the credentials assigned to the virtual machines. The credentials displayed here were assigned to the VMs from the All Virtual Machines page under Protect > VMware. A yellow exclamation mark next to the credential in the Guest OS Credential column signifies that the credentials for the associated VM are invalid. If there is no icon next to the credential, then it means that either:

    1. The credential is valid, or
    2. The credential validation information is not available, or
    3. The credential was assigned to the VM after the VMware application discovery job finished. The VMware application discovery job runs every 24 hours. It validates the credentials and stores the application discovery and credential validation status.
  2. The Failover Checks - Guest OS section lets you assign credentials to VMs selected under the Source VM section. Credentials are required for the Failover Checks - Guest OS that run while the backup of a VM is in progress. You can either select pre-existing credentials from the drop-down or click + New Credentials in the drop-down to create and assign new credentials. See Adding a new credential for field descriptions. The newly created credentials are stored securely in the Credential Store.
    The credentials assigned in this dialog box will show up under the Guest OS Credentials column on the All Virtual Machines page under Protect > VMware. These credentials will be used to run Failover checks  - Guest OS the next time a backup of the VM is in progress.

    Note: If a VM already has credentials assigned to it, selecting the VM and assigning it credentials from this dialog box will override the existing credentials.

  3. Click Next.

After you add virtual machines to the DR plan, Druva AWS proxy creates DR copies based on the DR plan schedules and stores the DR copy information in the DR plan.

Step 3: Add failover settings

For a deeper understanding of the failover process, see  About disaster recovery failover.

Druva AWS proxy creates a DR copy for the virtual machine and maintains it in the AWS account. At the time of the disaster, you can launch EC2 instance from the DR copy, in-turn spinning up to production in minutes.

Druva allows you to configure virtual machines for failover with settings specific to the two modes, Production Failover and Test Failover, respectively. Depending, upon the type selected during failover, you can use the corresponding settings to launch the EC2 instance.  

Druva allows you to configure failover settings specific to the DR plan as well as individual virtual machines in the DR plan. When you configure failover settings for a DR plan, the failover settings apply to all the virtual machines associated with the plan.

Failover settings
New DR Plan - Failover Settings.png

Configure the following options for failover:
Change Failover Settings.png

Option Description
Instance Type

This is the type of EC2 instance that Druva creates in the AWS account when it performs recovery of the VMware virtual machine from the available DR copy. 
You can either select an instance type manually from the drop-down list or let Druva automatically assign an instance type based on the CPU, Memory, Region or Availability Zone, and Operating system version of the VMs selected in the DR plan. The Auto Assign option is selected by default. We recommend using the Auto Assign option.

Manual selection:

Clear the Auto Assign checkbox. Select an instance type from the drop-down next to Instance Type. Select an instance type that is the same size or larger than your source virtual machine.

Automatic selection:

  • Ensure that the Auto Assign checkbox is selected to let Druva automatically select instance types for the VMs.
  • Click View recommendations to view instance types that will be assigned to each VM selected in the DR plan if you use the Auto Assign feature. If you do not want to assign the recommended EC2 instance, you can deselect the Auto Assign option and manually assign an appropriate instance type.

Note:

  • We've discontinued support for t2.micro and t2.small EC2 instance types for DR failovers. These instance types aren’t available for manual instance type selection or auto-assignment.  If you've selected t2.micro or t2.small instance types in the failover settings for virtual machines in existing DR plans, you must change the instance type to t2.medium or higher. These instances will automatically be upgraded to t2.medium if you run a DR failover without changing the instance type manually.
  • The Auto Assign feature currently does not consider storage specifications of the source machine such as NVMe.

Druva caps the instance size to 24xlarge in situations where the vCPU of your virtual machine exceeds 96, or the memory exceeds 384 GB. Druva displays 24xlarge in the recommendations if this instance size is available in your AWS region.
Instance type recommendations.png

Note: You must upgrade the VMware backup proxy to version 5.0.0 or later. The backup of all VMs selected in the DR plan should be successful after the VMware backup proxy upgrade.

The Auto Assign functionality is disabled, and the View Recommendations link is unavailable if the backup of one or more selected VMs is not successful post the proxy upgrade.
Auto assign blocked.png

See,  Failover Limitations for more information.

IAM Role

With the implementation of AWS PrivateLink (If you have deployed a Druva AWS proxy version 4.9.1-101573 or later), only the existing IAM roles will be displayed in the IAM Role drop-down. If you have created a new IAM role in your AWS account, you need to manually type the name of the IAM role which is the IAM instance profile ARL name.

For more information, refer to the AWS documentation.

Volume Type

Select the required type of the Amazon EBS volume that you want to attach to the EC2 instance. Select one of the following options:

  • Magnetic: These are standard volumes backed by the magnetic drives and used for workloads that are infrequently accessed. These volumes deliver approximately 100 IOPS on average.
    For more information, refer to the AWS documentation.
  • General Purpose SSD: These are cost-effective storages that are used for a broad range of workloads. These volumes deliver approximately between 100 to 16,000 IOPS on average.
    For more information, refer to the AWS documentation.
  • Provisioned IOPS SSD: These provisioned storages are used for I/O-intensive workloads such as database workloads. These volumes deliver approximately between 100 to 64,000 IOPS on average.
    For more information, refer to the AWS documentation.
    • IOPS: Enter the input/output operations per second capacity for the volume.  The IOPS box is displayed only if the Provisioned IOPS SSD option is selected as the volume type.

Note: Select the Provisioned IOPS SSD volume type only if the disk sizes are greater than 4 GB

Instance Tags (Key-Value)

Enter a label in the key-value format and assign it to your AWS EC2 resources to categorize the AWS resources in different ways. Keys should not be name or conversion_id as these are used by Druva.

For more information about tags, refer to the AWS documentation.

Security Groups

This is an optional field. Select one or more security groups from the groups available in the selected VPC. The security groups are used during the Production or Test failovers.

Note: The Security Group checkbox is disabled if the selected virtual machines belong to different VPCs. To change security groups of VMs belonging to different VPCs, filter the Virtual Machines listing by VPCs and change the security group settings in bulk. Alternatively,  change the security groups one VM at a time. For more information, see Filter Virtual Machines.

Network Settings

These settings are available when you select a single VM and then select Change Failover Settings.

Subnet The subnet settings are defined in Network Mappings. The subnet field is greyed out while changing the failover settings.
Public IP

Select one of the following:

  • None: No public IP is assigned to the failover EC2 instance.
  • Elastic: Elastic IP addresses are public IPV4 addresses that you allocate to your AWS account. Enter an available elastic IP address that can be assigned to your failover EC2 instance.
  • Auto Assign: An available public IP address is automatically assigned to your failover EC2 instance. Your subnet should be a public subnet. 
Private IP

Select one of the following:

  • Static: Enter a static private IP address that is available within your subnet CIDR. This IP address is not reachable over the internet but enables communication between EC2 instances within the same VPC.
  • Auto Assign: An available private IP address from your subnet CIDR is dynamically assigned to your failover EC2 instance. This IP address is not reachable over the internet but enables communication between EC2 instances within the same VPC.
Security Group

This is an optional field. Select one or more security groups from the groups available in the selected VPC. The security groups are used during the Production or Test failovers.

Note: The Security Group checkbox is disabled if the selected virtual machines belong to different VPCs. To change security groups of VMs belonging to different VPCs, filter the Virtual Machines listing by VPCs and change the security group settings in bulk. Alternatively,  change the security groups one VM at a time. For more information, see Filter Virtual Machines.

Step 4: Define network mapping

New DR Plan - Network Mapping.png

As part of network mapping:

  • Map the VCenter source network to a VPC and subnet on the target AWS account.
  • If the network of your virtual machine belongs to the same network for which you have defined the network mapping, the same VPC and subnet defined in the network mappings are used during failover.
  • The default network mapping defines the VPC and subnet to be used when no target network mapping is specified for the virtual machine source network.
  • When the source virtual machine has multiple network adapters, the default network mapping settings are always used for failover. However, when the source virtual machine has a single network adapter and if network mappings are defined for the adapter network, these network mapping settings are used for failover. Else the default network mapping settings are used for failover.
  • Security groups available in a particular VPC are available for selection in Network Mapping settings.
  • You can assign up to five security groups to AWS EC2 instances during failover.
  • Security groups assigned to a VM in the VM network settings (Network Settings under Change Failover Settings for a selected VM) take precedence over security groups defined in the Default Target Network or Target Network Mappings. Suppose a VM in a specific subnet does not have any security groups assigned to it in the VM network settings. In that case, the VM takes on the security group assigned to a VPC in the same subnet in the Default Target Network settings or Target Network Mapping settings.

Considerations for adding network mappings

Before defining network mappings, consider the following points:

  • Ensure that you have deployed Druva AWS proxy 4.8.2 or later.
  • If a vCenter source network name is renamed, Disaster Recovery treats this network as a new network. The corresponding network mapping with the old name is displayed on the Recovery tab with the following warning message:
    Source network does not exist.
  • If a data center name changes, all the source networks within that data center are considered as new networks.
  • For every vCenter, a cron job runs every 24 hours to detect any network changes in your infrastructure. If Disaster Recovery detects any change in the source network of a virtual machine, it checks for any available network mapping for the new network. If it does not identify any network mapping, it assigns the default network mapping to the failover settings of the virtual machine. Disaster Recovery sends the following alert:
    Failover IP address settings for <virtual_machine_name> is changed.
  • If you have configured a static IP address for a virtual machine, you must validate the IP address with respect to the new VPC and subnet assigned to the failover settings.
  • Security groups available in a particular VPC are available for selection in Network Mapping settings.

  • You can assign up to five security groups to AWS EC2 instances during failover.

  • Security groups assigned to a VM in the VM network settings (Network Settings under Change Failover Settings for a selected VM) take precedence over security groups defined in the Default Target Network or Target Network Mappings. Suppose a VM in a specific subnet does not have any security groups assigned to it in the VM network settings. In that case, the VM takes on the security group assigned to a VPC in the same subnet in the Default Target Network settings or Target Network Mapping settings.

Default target network

The Default target network settings are used when no target network is specified.

Mapping Description
Default Production / Test Failover Mapping 
VPC

Select the VPC option from the drop-down list where you want to launch the EC2 instance for your production or test failover mode.

For more information, see VPC.

Subnet

Select the required subnet option from the drop-down list for your production or test failover mode.

For more information, see Subnet.

Security groups This is an optional field. Select one or more security groups from the groups available in the selected VPC. The security groups are used during the Production or Test failovers.

Network mappings

Network mappings comprise of the following:

Networking Mappings.png

Mapping Description
vCenter/Hypervisor Select the registered vCenter or hypervisor host for which you want to define the VPC and subnet.
Source Network Select the network of your source virtual machine.
Production / Test Failover Mapping 
VPC

Select the VPC option from the drop-down list where you want to launch the EC2 instance for your production or test failover mode.

For more information, see VPC.

Subnet

Select the required subnet option from the drop-down list for your production or test failover mode.

For more information, see Subnet.

Security groups This is an optional field. Select one or more security groups from the groups available in the selected VPC. The security groups are used during the Production or Test failovers.

Filter DR plans by failover status

You can filter DR plans by the latest failover status and the latest failover check status. You can filter the DR plans by the following failover statuses:

  • Queued
  • Running
  • Successful
  • Successful with errors
  • Failed
  • Canceled

You can also filter the DR plans by the following failover check statuses (environment):

  • Successful
  • In Progress
  • Failed
  • Warning
  • Not initiated

Filter DR Plans.png