🔧 AWS EDR step by step (on premise to AWS and back)
Nachrichtenbereich: 🔧 Programmierung
🔗 Quelle: dev.to
Recently I was tasked to do a POC and training of AWS Disaster recovery services AWS EDR (being an AWS partner) and while doing the POC and testing, realized that though there is good bit of documentation from AWS, however a few points were not clearly explained. I came up with the below procedure to make the process simpler for customer to understand and follow. Kindly consult AWS partner if you are planning to do any other setup, as there can be many architectural and budgetary benefits if you plan to do a deployment and go with AWS or AWS partners, instead of trying it. Feel free to contact me too, if any clarification assistance needed.
In our scenario we have picked an VM on VMware and have tested a failover from and failback to on premise and have captured steps and details on configurations. We have used steps which you might need in actual setups and also provided explanations where necessary.
First things first, assumptions and pre-requisites:
- Assumption is you know and understand and have setup the VPN site-2-site tunnels and have configured connectivity
- You understand security groups and routes and configured rules and routes between on premise and AWS VPC (in my case I had assistance from my internal security team)
- You must test connectivity between on premise and VPC by creating a test machine 4.Create a key, which you can use to login to AWS EC2, which can be used to login to the VM after failover (this is not clearly mentioned in the document)
- Create VPC and mark Staging and Target subnets (if you don't know what is staging an Target subnets we will discuss briefly and also the below image can be referred for more details)
First let's do some copy-paste :) I see many bloggers do that to make article look lengthy, however I am putting basic information and lesser texts and will go to actual steps after that.
What is AWS EDR (Elastic disaster recovery service)
AWS Elastic Disaster Recovery (AWS DRS) minimizes downtime and data loss with fast, reliable recovery of on-premises and cloud-based applications using affordable storage, minimal compute, and point-in-time recovery.
You can increase IT resilience when you use AWS Elastic Disaster Recovery to replicate on-premises or cloud-based applications running on supported operating systems. Use the AWS Management Console to configure replication and launch settings, monitor data replication, and launch instances for drills or recovery.
Set up AWS Elastic Disaster Recovery on your source servers to initiate secure data replication. Your data is replicated to a staging area subnet in your AWS account, in the AWS Region you select. The staging area design reduces costs by using affordable storage and minimal compute resources to maintain ongoing replication.
You can perform non-disruptive tests to confirm that implementation is complete. During normal operation, maintain readiness by monitoring replication and periodically performing non-disruptive recovery and failback drills. AWS Elastic Disaster Recovery automatically converts your servers to boot and run natively on AWS when you launch instances for drills or recovery. If you need to recover applications, you can launch recovery instances on AWS within minutes, using the most up-to-date server state or a previous point in time. After your applications are running on AWS, you can choose to keep them there, or you can initiate data replication back to your primary site when the issue is resolved. You can fail back to your primary site whenever you’re ready.
How it works
AWS Elastic Disaster Recovery (AWS DRS) minimizes downtime and data loss with fast, reliable recovery of on-premises and cloud-based applications using affordable storage, minimal compute, and point-in-time recovery.
Now without wasting anytime lets get to our setup
Architectural explanation
Below is a diagram of connectivity from if you are doing replication from on premise to AWS
Components as per diagram:
- On premise Datacentre On premise datacenter will have original source server (I said original, because after failover the AWS EC2 becomes source server)
- Site to Site VPN or DirectConnect connectivity to send data to AWS
- AWS region API's endpoints (which can be found here https://docs.aws.amazon.com/general/latest/gr/rande.html)
- AWS staging subnet, where replication server is created, and data disks will be kept along with snapshots
There are two options and architecture based on the options I have seen. Second option is not specifically discussed in any documentation and Second option is what I have demonstrated and explained here.
There is slight difference between Option 1 and Option 2 which I will explain, once we have seen both options:
Option 1
Below is the architecture diagram for Option 1. Here we have VPN connectivity, however the AWS regional endpoints are connected using AWS privatelink and endpoint reginal endpoints will be created and some of the endpoints will incur extra costs. There won't be internet access on source or replication server in this case. More details are on this below URL. Since the topic is covered here well and I have tested it to be working, hence didn't covered, however please let me know if you need demonstration/documentation for this option too.
Option 2
This scenario we have demonstrated here is this option. Below are points to be mentioned:
- We will enable Public IP on Replication server and keep replication server in Internet/public subnet
- Source servers should have access to internet and use port 443 to connect to DRS server endpoint in AWS over internet and Replication server will also access AWS regional endpoints using Internet Public IP, but the replication data transfer will happen over private network, using site-to site VPN. We can give/open ports only for the endpoints with support from internal security team
Below is the reference diagram for the architecture
https://docs.aws.amazon.com/drs/latest/userguide/Network-Requirements.html
Above ICMP is added just to ping and last two are added to allow traffic between VPN for data transfer consistency
Right sizing vm and select vm type
Download the software for windows
Run installation
For Linux, download and copy from your laptop to linux machine and run installer
Failover from On-premise to AWS
Select the instance under “source server” to failover and select “initiate recovery job” and initiate recovery
See details in the job as the process will follow automaticlly and instance will get launche in AWS target subnet with same data as on premise
We can connect to target/recovery instance which was failed over to AWS and confirm data and make changes
Failback from AWS to on premise
Follow the below links for more details:
https://docs.aws.amazon.com/drs/latest/userguide/failback-performing-main.html
We need to download and attach the “failback iso” to original VM on premise, depending on region you select download relevant installer
Change boot option to boot from ISO, for physical servers attach the ISO as USB etc.
Provide region and IP details (same as original server before failover)
The key will be for “failback user” with below permissions
The disks will be detected and instance will start replication
Once replication have finished we will see message to complete Failback
The original (on premise) server will reboot and the data can be confirmed and the server is back as original
...
🎥 EDR Is Dead, EDR Is Not Dead - PSW #849
📈 26.01 Punkte
🎥 IT Security Video
🔧 On-premise & AWS Hybrid Migration Project
📈 21.2 Punkte
🔧 Programmierung