1 WHITE PAPER: LEVERAGING THE CLOUD FOR SYSTEM AND DATA BACKUP, ARCHIVING, RECOVERY AND AVAILABILITY WITH CA ARCSERVE R16 Leveraging the Cloud for System and Data Backup, Archiving, Recovery, and Availability with CA ARCserve r16 October 2011 CA Technologies DATA MANAGEMENT CUSTOMER SOLUTIONS UNIT
2 Table of Contents Introduction... 2 Cloud technologies... 3 Key system and data protection and recovery issues for the cloud... 3 Using the cloud for backup and recovery... 4 Overview of CA ARCserve Backup r Overview of CA ARCserve D2D r CA ARCserve D2D On Demand... 9 Using the cloud for replication... 9 Overview of CA ARCserve Replication r Using the cloud for system, application and data high availability...12 Overview of CA ARCserve High Availability r Summary...15 Copyright 2011 CA. All rights reserved. All other trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document as is without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or non-infringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill or lost data, even if CA is expressly advised in advance of the possibility of such damage.
3 Introduction The cloud can mean many things; it can refer to applications and platforms that are delivered online, or infrastructure services such as data storage using remote data centers. Cloud services can be provided and delivered remotely by vendors such as Amazon or Microsoft, or private clouds where the resources are created, deployed, managed and controlled in-house. Technologies that exploit the cloud are becoming increasingly important, providing tools and platforms for rapid web-based application development, distributed network infrastructures and secure off-site data storage. Industry analysts state that 43 percent of end users are looking to the cloud for data protection. Cloud services can help where there are limited capital expense budgets, by transferring costs to annual operating expenditure that can be managed and only paid for as required or consumed, in a pay-per-use model. Many businesses lack the internal resources (for example, remote sites, equipment and staff) to meet demanding service-level agreements (SLAs) for business continuity (BC) and disaster recovery (DR). Therefore, online cloud-based Infrastructure-as-a-Service (IaaS) providers can be used as an often lower-cost option than recruiting and retaining such skilled workers, as well as incurring large capital expenditures, and can provide services to meet SLAs. Often, organizations do not have their own remote facilities for DR, and renting remote resources from cloud vendors is a cost-effective alternative option. This paper provides a technical overview of how the CA ARCserve Family of Products enables the use of cloud resources for system, application and data protection. It looks at how you may use the cloud as a backup, replication and archiving location, and for providing a resilient off-site platform for enabling high availability of critical systems. Cloud technologies There are many cloud technologies or offerings available today, from simple applications such as Gmail or Salesforce.com, to computing infrastructure resources provided across the Internet, such as cloud-enabled storage and cloud-hosted virtual servers. Cloud-based applications are typically referred to as Software-as-a-Service (SaaS) or Application-as-a-Service (AaaS). Computing, storage and accessibility services provided across the Internet are referred to as Infrastructure-as-a-Service (IaaS); where storage is the main service, this may be referred to as Storage-as-a-Service (sometimes also abbreviated to SaaS). Some vendors provide rich computing platforms, which are typically called Platform-as-a-Service (PaaS). Examples include Salesforce.com and Amazon Web Services (AWS). This paper focuses on Infrastructure-as-a-Service and Storage-as-a-Service through the following specific cloud technologies. The paper also examines how the CA ARCserve Family of Products makes use of these cloud services to improve data protection, recovery and availability: Amazon Web Services (AWS). AWS offers a suite of cloud services. For data and systems protection, the following AWS services are most significant: Amazon Elastic Compute Cloud (Amazon EC2) provides online hosted virtual machines (VMs). Amazon Simple Storage Service (Amazon S3) is an online storage service. Amazon Virtual Private Cloud (Amazon VPC) provides secure virtual networking services, and is required for accessing Amazon EC2 machines. Windows Azure. Windows Azure includes online storage and application fabric services. Partner private clouds. Examples include Eucalyptus partners that use Amazon S3 standards. Key system and data protection and recovery issues for the cloud For many organizations, there are important issues that must be addressed as a priority while considering the cloud as a realistic protection and recovery option: Service-level agreements (SLAs). Most organizations will require SLAs to be in place to ensure the availability of the protected systems and data, and guard against unplanned outages, service disruptions and data loss in the cloud provider s data center. Legal compliance. Whenever data is stored on remote servers, there are legal standards and compliance issues to resolve. For example, the geographic location of cloud data centers can be a critical issue because regulations in one country may be stringent and enforced more strictly than those elsewhere. Manageability. Many businesses perceive that a move to the cloud will involve a loss of control of their systems and data; the choice of cloud vendor is therefore very important.
4 Security. Any systems and data copied to the cloud must be provably secured, but also remain accessible at all times. Security must be considered at all levels, including protecting data in the network as it is transmitted to the cloud data center, as well as within the data center after the data is stored. Bandwidth. For many organizations, available wide-area bandwidth and its cost considerations are significant barriers to the adoption of cloud-based system and data protection and recovery services. Careful planning is required to ensure that you have adequate bandwidth for both off-site protection and recovery back to the data center. The time that it takes to transmit data to the cloud and back for recovery needs to be tested and understood before turning to the cloud for IT delivery. Long-term retention policies and archiving. The cloud can help meet requirements for long-term data storage, as long as the remote data remains accessible and archiving policies can be simply and easily enforced. Recovery testing and validation. Any data and systems protection strategy is judged on its ability to deliver rapid and reliable recovery. Therefore, it is essential that recovery from cloud-based resources can be tested and validated routinely before the need for such recovery occurs. The cloud can make a good archiving and disaster recovery resource. It can even be a failover location for high availability of your critical applications and data for business continuity, as long as there is careful planning and the right tools are used. The cloud may provide an IT organization with more agility and flexibility in deploying its BC/DR strategy and resources, while helping to reduce costs by eliminating the need to purchase, deploy, manage and maintain all the associated hardware and software. It may also be the perfect solution for companies that do not have their own remote DR site or data center to use. Using the cloud may help IT organizations better balance their capital expenditure (CAPEX) and operating expenditure (OPEX), because the cloud is typically licensed as a monthly recurring charge on a pay-per-use model. Using the cloud for backup and recovery Backup and recovery refer to the protection of critical data and applications across your IT environment, such as user files and folders on file servers, Microsoft Exchange mailboxes and Microsoft SQL Server databases. The cloud can provide a good off-site storage resource for backup and archiving, but there are some challenges to consider: Backup windows. It will take far longer to perform backup directly to a cloud resource than to a local resource, which means that backup across the wide area network (WAN) can take longer than your backup window allows. A better solution is a hybrid model. This is where backup is performed locally for faster backup performance, and then a copy of the backup can be sent to the cloud afterwards, when performance is not as critical. Recovery times. Another consideration is how long it will take to recover data from the cloud. Having a hybrid solution means faster recovery time, too, because you have the option to recover the data from a local source. The cloud is better left for off-site data storage for disaster recovery and file archiving purposes. Overview of CA ARCserve Backup r16 CA ARCserve Backup creates and manages secure, permanent data backups and provides granular, as well as bare-metal, disaster recovery tools. In this way, a computer with or without any operating system or application software can be restored to a previously backed-up state. Backed-up data can be stored on disk or tape, or in cloud storage, and CA ARCserve Backup supports data migrations through staged backup jobs. For example, large databases can be regularly and rapidly backed up to local disk, and then this disk data can be copied or archived to the cloud for long-term, off-site storage. CA ARCserve Backup centralized management enables you to manage your recovery operations from a single location, regardless of where your data is stored. Built-in encryption ensures that your data always remains private. Summary of the cloud support CA ARCserve Backup provides integrated backup copy to cloud storage; this enables you to migrate backup data to public and private cloud storage as part of a disk-to-disk-to-cloud(d2d2c) backup policy for additional off-site data storage or recovery locations, and for archival purposes. Supported cloud services CA ARCserve Backup supports the following cloud configurations: Cloud Connector for Amazon Web Services storage, which provides built-in cloud capabilities (Amazon S3). Private cloud support, which is via Eucalyptus. This is supported if Amazon S3 standards are being used (Eucalyptus 2.0 and 2.0.2).
5 Using CA ARCserve Backup with the cloud CA ARCserve Backup enables you to create on-premise backups and migrate backup data to cloud storage; you do not back up directly to the cloud (Figure 1). This approach enables the backup process to complete as quickly as possible, meeting backup windows and avoiding a prolonged impact on your application infrastructure. Figure 1. CA ARCserve Backup migrations to cloud storage Configuring cloud storage To use cloud storage to retain backups, you must create a valid account with the cloud vendor. For Amazon S3 storage, this requires registering for Amazon Web Services (AWS), and then specifically signing up for Amazon S3 to obtain cloud storage and secret access keys. You can optionally create storage buckets at this stage by using the AWS Management Console, or choose to create these while configuring the cloud connection in the CA ARCserve Backup Manager Console. The CA ARCserve Backup Manager Console uses cloud connections to specify how backup will use cloud storage. For example, because such storage is typically charged per megabyte stored, you can choose to enable Amazon S3 Reduced Redundancy Storage (RRS) to help to reduce costs by storing noncritical, reproducible data at lower levels of redundancy than in standard storage. Both standard and RRS options store data in multiple facilities and on multiple devices, but with RRS, the data is replicated fewer times, resulting in lower storage costs. CA ARCserve Backup cloud connections use virtual cloud-based devices to direct data to the cloud vendor's storage. Compression can be enabled on cloud-based devices, to compress the backup data that is stored in the cloud and help reduce storage costs and bandwidth requirements. Using cloud devices with migration jobs To migrate data to cloud-based devices, you use a staging backup job. When configuring the staging job, you specify how long you want to retain the data on the intermediate staging device (typically, local disk storage). Then, after a specified retention time, the data can be configured to be either purged from the staging device or migrated to the final destination device, such as cloud storage. You also configure retention policies for the final destination in this case, the cloud storage so that after a defined expiry period, the cloud session is deleted to free up space and keep costs down. Using cloud devices with SFB migration jobs A synthetic full backup (SFB) enables you to synthesize a previous full backup session and its subsequent incremental sessions to a full session. SFB is new for CA ARCserve Backup r16, and is only applicable to Windows client agents (not UNIX or Linux ) running r16 or higher. SFB reduces the volume of data in a backup, resulting in less data stored, so it is particularly useful for cloud storage. SFB jobs are submitted from any CA ARCserve Backup server, but can only be used with data deduplication and disk staging devices, such as in a diskto-disk-to-tape (D2D2T) or disk-to-disk-to-cloud (D2D2C) scenario. Using disk staging, you can easily migrate SFB sessions to cloud storage for long-term archiving, for legal compliance and to ensure that copies of data are retained off-site. Figure 2 shows how CA ARCserve Backup creates synthetic full backup sessions.
6 Figure 2. Synthetic full backups and the cloud Using cloud backups for data and system recovery CA ARCserve Backup enables you to restore data from cloud devices to most computers attached to your Windows network. For speed of recovery, you would normally select to use the local staging location. However, if backup data has already been purged from the staging device, you first copy the cloud data to a local CA ARCserve Backup server before performing the recovery. You can then use tools, such as the CA ARCserve Backup WinPE recovery CD, to perform bare-metal recovery of the failed system and apply the files copied from the cloud. If application agents are being used, granular application recovery can be performed from the data stored in the cloud as well as individual file restore, offering flexibility for the fastest recovery based on your outage. Managing CA ARCserve Backup cloud backups CA ARCserve Backup provides you with various tools and options that you can use to manage cloud storage: Dashboard for SRM Reporting. This helps you to proactively monitor your environment and avoid unplanned system outages and downtime. For reports about backing up data to cloud storage, you can use the following dashboard reports: Backup Data Location Report Data Distribution on Media Report Recovery Point Objective Report Infrastructure Visualization. This provides a simple network diagram view of the entire environment. It shows all of the servers, storage and other devices, including cloud-based devices. You can drill down and get details of specific device configurations, quick overviews of server and device statuses and links to relevant reports. Securing CA ARCserve Backup cloud backups CA ARCserve Backup uses secure, industry-standard encryption algorithms in order to ensure the security and privacy of data, whether backups are stored on-premise or in the cloud. Windows client agents use Advanced Encryption Standard (AES)-256 to encrypt backed-up data. When submitting migration jobs for cloud devices, you can choose to enable encryption at the CA ARCserve Backup server during the migration process. In addition, CA ARCserve Backup offers encryption at the source or Production server to protect your most private data before it leaves the Production server. Your data remains private, regardless of where it is stored. Overview of CA ARCserve D2D r16 CA ARCserve D2D provides disk-based protection for physical and virtual Windows servers. These backups enable quick restore of files, volumes, databases and s, as well as entire systems. For example, if a server is running Microsoft Exchange, Granular Mailbox Recovery is automatically enabled. If a server is running Microsoft SQL Server, individual databases can be recovered. Backups can be stored on local disk and, by using the File Copy feature; important data can be copied or archived to off-premise cloud storage. Summary of the cloud support The CA ARCserve D2D File Copy feature enables you to move or copy files to a disk or the cloud based upon your specified file copy and retention criteria. In this way, it helps to reduce storage costs, meet compliance requirements and improve data protection. This hybrid solution, using local backups with copies of files in the cloud, enables quick backups and recoveries from local data, together with secure off-site storage in the cloud for disaster recovery and long-term archiving, all using the same simple backup process.
7 Figure 3. CA ARCserve D2D r16 and the cloud Supported clouds CA ARCserve D2D supports the following cloud services: Windows Azure Amazon Simple Storage Service (Amazon S3) Private clouds via Eucalyptus (supported if Amazon S3 standards are being used) Using CA ARCserve D2D with the cloud CA ARCserve D2D uses the cloud as a secondary storage location, so systems must first be protected using a CA ARCserve D2D backup to local disk storage. After regular CA ARCserve D2D backups have been set up, you then create File Copy jobs and policies to configure how backed-up data is copied or moved to the cloud. If backup data is moved, the local backup will be deleted. For Amazon S3 storage, you can choose the geographical region for the Amazon S3 data center that will store your backups, enabling you to optimize latency, minimize costs and address regulatory requirements. For Amazon S3, you can also choose to enable RRS for your non-critical, reproducible data, in order to reduce storage costs. As part of the policy, you also specify how frequently to run the file-copying process. By default, file copying runs after every five successful backups are completed. Moving backup data to the cloud is a valuable file archiving option. Your data is secured off-site, local storage requirements are reduced and, by regularly archiving older data to the cloud, your local backup sizes can also be reduced, or at the very least, prevented from continually growing. CA ARCserve D2D provides several methods to identify and locate backed-up data and enable you to restore it. You can browse your available backup and file copy locations (local disk/network drive or cloud) to locate the specific file or folder to be restored. When recovering an individual file, if multiple versions of that file are available, you can select the version to restore. To recover full systems from cloud backups, you first restore the cloud backup to a local device. You can then use the CA ARCserve D2D Bare Metal Recovery (BMR) tools to restore a failed system from the local copy of the recovery point. Managing CA ARCserve D2D cloud protection CA ARCserve D2D uses a Web 2.0 interface for configuring and managing backup and recovery tasks. CA ARCserve D2D can be remotely deployed over the network using the CA ARCserve D2D console, with nodes added manually by name. Once it is deployed, you can select these remote nodes from the base CA ARCserve D2D homepage for management. This interface can be used to manage individual CA ARCserve D2D servers, but additional tools from the CA ARCserve Central Applications suite are particularly useful where there are large CA ARCserve D2D deployments: CA ARCserve Central Protection Manager provides an alternative to the CA ARCserve D2D console, with easy access to all CA ARCserve D2D backups across the network. It can be used to restore files, folders and applications from all CA ARCserve D2D local and cloud-based recovery points. CA ARCserve Central Protection Manager also adds the ability to auto-discover physical and virtual CA ARCserve D2D servers by using computer objects stored in Active Directory, as well as policy-based administration and deployment tools. CA ARCserve D2D servers can be grouped according to criteria such as function or location to simplify management in larger environments. CA ARCserve Central Reporting is used to collect information and view reports about the performance of CA ARCserve D2D nodes and CA ARCserve Backup servers from a central location. You can view reports in tabular and chart formats in a browser-based,
8 dashboard interface, and filter data to view reports about specific branches or groups of protected computers so that you can target report data that is unique to a set of systems with common characteristics. For example, the Data Distribution on Media Drill Down Report displays the amount of data backed up to devices, including the cloud. Reports can be exported as CSV files or sent via . Through easy-to-use web-based tools, CA ARCserve Central Applications are designed to reduce management overhead, particularly for environments where there are multiple CA ARCserve D2D servers, and other CA ARCserve products. For example, CA ARCserve Central Reporting collects information from both CA ARCserve D2D and CA ARCserve Backup. The new Central Applications architecture provides a range of new integration features across the CA ARCserve Family of Products, and enables third-party vendors to develop additional technologies to augment customers CA ARCserve environments. Securing CA ARCserve D2D cloud protection CA ARCserve D2D adds the capability to encrypt and protect (with encryption passwords) sensitive data and decrypt the encrypted data after recovery. CA ARCserve D2D data protection uses secure, AES-256 encryption algorithms to achieve maximum security and privacy of the protected data. It is easy to set up encryption; from the CA ARCserve D2D home page or the CA ARCserve D2D Monitor, you simply select protection settings and specify the encryption algorithm and password to use. Avoiding bandwidth bottlenecks CA ARCserve D2D provides several technologies that can help to reduce bandwidth bottlenecks, and are particularly useful when backing up to the cloud. CA ARCserve D2D uses block-level Infinite Incremental (I2 technology ) for all backups. This technology automatically reduces storage requirements and therefore reduces the amount of data to be transferred to and from the cloud. When you start the backup process to create a recovery point, the specified volume is divided into a number of subordinate data blocks that are then backed up. The initial backup is considered the "parent backup" and will be a full backup of the entire volume to establish the baseline blocks to be monitored. Prior to performing the backup, a VSS Snapshot is created. Then, an internal monitoring driver checks each block to detect any changes. For all subsequent backups, CA ARCserve D2D will incrementally back up only those blocks that have changed since the previous backup (Figure 4). CA ARCserve D2D enables you to schedule the subsequent block-level incremental backups ("child backups") as frequently as every 15 minutes to always provide accurate, up-to-date backup images. After the CA ARCserve D2D recovery point has been created, on local or network storage, the File Copy process is used to transfer data to the cloud. Only data that has changed between backups is copied to the cloud, so the I2 technology can help to significantly reduce bandwidth needs and cloud storage requirements. CA ARCserve D2D uses the Windows VSS writer, so it only works for Windows operating systems that support the VSS writer. For servers, this is Windows Server 2003 Service Pack 1 (SP1) and above; for desktops and laptops, this is Windows XP and above. Figure 4. Block-level Infinite Incremental technology in operation
9 CA ARCserve D2D provides a backup speed throttling capability; you can specify the maximum speed (MB/min) at which your backups are written to reduce CPU or network utilization. This can prevent the backup from consuming all available bandwidth while it is copied to network storage locations. Backup speed throttling does not apply to file copy data while it is uploaded to the cloud. Managing data retention policies and archiving CA ARCserve D2D includes several options that help with the long-term management of data stored in the cloud. For recovery point data that has been moved to a secondary location, such as the cloud, you can use Retention Time to specify the amount of time that the stored data will be retained at the destination location. At the end of the specified retention time, the stored data is purged from the destination. With this option, you can use CA ARCserve D2D to automatically implement the data archive requirements that apply to your organization's data. For data that has been copied to a secondary location, you can use File Versions to specify the number of previous versions of any file that is retained and stored at the destination location. After this number is exceeded, the oldest version will be discarded. This cycle of discarding the oldest stored version repeats as newer versions are added to the destination, enabling you to always maintain the specified number of stored versions. This option helps to ensure that, if unnoticed data corruption occurs, you can always go back to a previous uncorrupted version of that file. CA ARCserve D2D On Demand CA ARCserve D2D On Demand is a cloud-specific solution, based on CA ARCserve D2D r16. This SaaS offering provides direct integration with Windows Azure, with the CA ARCserve D2D On Demand product license and the Windows Azure storage all purchased from one vendor. By contrast, with the standard version of CA ARCserve D2D, if you want to make use of the cloud for your data, you must separately contract for the cloud storage with a cloud vendor. The CA ARCserve D2D On Demand service is sold as a monthly subscription license, and therefore provides an alternative option for implementing CA ARCserve D2D with secondary cloud storage. CA ARCserve D2D On Demand supports the same features as the standard version of CA ARCserve D2D, except that: CA ARCserve D2D On Demand automatically connects to the CA Cloud (the Windows Azure service) during the configuration process and no options exist to select other cloud vendors. CA ARCserve D2D On Demand is not currently supported by CA ARCserve Central Applications. Using the cloud for replication Many organizations leverage replication technology to complement periodic backups, especially for more critical data. Replication is typically performed in a real-time continuous manner, capturing each and every change made to files, data and databases providing better protection in case of unplanned data loss and damage especially when a storage device fails. Replication is also used to copy backups off-site for disaster recovery, after backup has completed. Many organizations perform replication to a remote or off-site facility to address both demanding recovery point objectives (RPOs) and disaster recovery strategies, but what can you do if you do not have an available remote site? The cloud can be a perfect vehicle for off-site replication, especially if you do not have your own remote facilities and staff. Overview of CA ARCserve Replication r16 CA ARCserve Replication is primarily used to copy data and backups from both physical and virtual servers off-site and to the cloud for disaster recovery (DR) purposes. It also complements traditional backup methods by providing continuous data protection (CDP) to minimize the risk of data loss between periodic backups and to protect against storage device failures. To start, CA ARCserve Replication synchronizes the data on your Production server with a Replica server that may be housed on-site, at a remote location or in the cloud. CA ARCserve Replication then captures all file and database changes and automatically copies them in real time from the Production server to the Replica server. It is not necessary to manually install the CA ARCserve Replication engine on the Production or cloud-hosted Replica servers because the engine is automatically deployed. In addition, to avoid any disruption to the production or cloud environment, no reboot of either the Production server or Replica server is required.
10 CA ARCserve Replication enables you to create a wide range of scenarios to protect your servers, applications and databases. CA ARCserve Replication also provides a Full System Replication scenario whereby an entire system is replicated, including the operating system, system state, application and data, from any physical or virtual server to an offline virtual server that supports the guest operating system of the active server. To further help reduce data loss, CA ARCserve Replication also provides a Data Rewind feature that provides CDP technology to rewind the Replica server storage back to a known good point in time, such as a database checkpoint, prior to the data loss or damage. This capability is typically used to help you recover data that you may have lost since you performed your last backup. This non-disruptive process is performed on the Replica server, so the production environment is unaffected until you recover the lost or damaged data and resynchronize the Production and Replica servers. Alternatively, you can also schedule recurring VSS Snapshots using the Replica server and storage to make data recovery even easier while avoiding any impact to the Production server. Summary of the cloud support CA ARCserve Replication provides both real-time continuous and periodic replication of your systems, applications and data to the cloud for disaster recovery. It can also be used to copy your backups to the cloud, no matter what backup you use, for disaster recovery. Some features such as Data Rewind and VSS Snapshots may not be available in all cloud offerings because they depend on the level of service provided by the cloud vendor. Supported clouds CA ARCserve Replication has two types of cloud support. One type is integrated cloud support, which is specific to Amazon EC2 and has specific Amazon EC2 features. The other type is non-integrated cloud /WAN support using a remote Windows Replica server at a remote site over a virtual private network (VPN), or in a private cloud, for example. Supported clouds for all Replication scenarios (except Full System) are: The Replicate to Cloud option. This applies to Amazon EC2 server and storage resources. Regular replication by Hostname/IP. This applies to any cloud-based server that supports the replication engine and a VPN connection for secure IP access. This includes Amazon EC2 servers and Amazon VPC connections, but any supported cloud-based host and VPN can also be used. Supported clouds for Full System scenarios are: Amazon EC2 server and storage resources. Any cloud-based server that supports Microsoft Hyper-V, VMware or Citrix XenServer VMs and a VPN connection for secure IP access. Using CA ARCserve Replication with the Amazon EC2 cloud CA ARCserve Replication provides built-in integration with Amazon Elastic Compute Cloud (Amazon EC2) for fast and easy replication to the cloud. CA ARCserve Replication may also be used to replicate on-premise, to a remote site or office and to other internal and private cloud providers that offer support. Amazon cloud replication supports byte-level replication, so only changes to files (not necessarily whole files) are transmitted over the network to the cloud. This saves bandwidth and ensures that replication happens in near real time. Multiple Amazon EC2 instances are supported, so a single on-premise server can be replicated to more than one cloud-based Replica server. Such one-to-many scenarios can be used for applications such as Microsoft Exchange to ensure that there is more than one copy of the Exchange database. Replication can be configured on a scheduled, periodic or continuous basis in a forward direction. Continuous replication ensures that all changes made on the Production server are automatically replicated to the Replica server. However, to help manage replication over WAN connections, periodic replication can be configured so that replication is triggered manually or on a schedule, or be aggregated and sent on a periodic basis. For DR, local on-premise servers can be recovered using the data held on the cloud-based server. Creating a replica instance To use CA ARCserve Replication cloud capabilities, you need to create an Amazon EC2 replica instance (that is, the online virtual machine) by using a valid Amazon Web Services (AWS) account. You can create this instance by using the CA ARCserve Replication Manager, or by using the Amazon EC2 Dashboard in the AWS Management Console. When creating the instance, you select an Amazon Machine Image (AMI) to use. For CA ARCserve Replication, you can only use Windows AMIs that are backed by Amazon Elastic Block Store (Amazon EBS). Amazon EBS is a type of storage designed specifically for Amazon EC2 instances. It enables you to create volumes that Amazon EC2 instances can mount as devices, much like a standard hard drive. As part of the process, you must also specify the Amazon Virtual Private Cloud (Amazon VPC) subnet where you want to allocate the instance. Amazon VPC is a private, isolated section of the Amazon Web Services (AWS) cloud where you define your own virtual network topology, usually in such a way that it is similar to your own data center topology.
11 When your Amazon details have been set up, you can create an Amazon EC2 Data Replication scenario so that your Amazon EC2 instance can be used as a Replica server by using the Replicate to Cloud option. During this process, you can also configure the engine to be automatically installed on the Amazon EC2 VM. Running an Amazon EC2 Data Replication scenario After you create the scenario, you need to run it to start the replication process. Figure 5 shows the on-premise and Amazon cloud environments after the scenario has been run. Figure 5. Replication to the cloud The Cloud Repository server is an Amazon EC2 instance with CA ARCserve Replication installed. The Recovery Replica server is also an Amazon EC2 instance with the same disk layout as the Production server. After the Recovery Replica server is created, it is stopped. All volumes are detached from it and attached to the Cloud Repository instance. CA ARCserve Replication scenarios are then created from onpremise Production servers to the exposed volumes on the Cloud Repository server. Offline synchronization is typically used to first synchronize your Production and Replica servers. It enables you to copy all your data to an external device and then copy from that device to the Replica server. It is a method for transferring large data volumes without using the network. It should be noted that offline synchronization is not available for use with Amazon EC2, but may be available for use with other private clouds if supported by the cloud vendor. Using a cloud-based Replica server for recovery The recovery process is similar to regular replication, but in this case, the synchronization is in the reverse direction, going from the cloudbased Replica server to the on-premise Production server. You simply select the Replication scenario and choose to restore data. This initiates the recovery, with the Replica server temporarily becoming the Master as replicated data is synchronized back to the Production server over the network. After the recovery is complete, the regular replication process can be restarted. Managing replication to the cloud The new CA ARCserve Replication Console includes a tab for cloud management (Cloud View). This shows a list of managed AWS accounts, instances, snapshots, Amazon EBS volumes, elastic IPs and security groups. Securing replication to the cloud To secure communications to the cloud, you can use the built-in Secure Sockets Layer (SSL) encryption feature in CA ARCserve Replication. Although the Amazon VPC connection is itself encrypted, many organizations also require encryption within their own environments. CA ARCserve Replication encryption therefore complements Amazon VPC encryption. Avoiding bandwidth bottlenecks CA ARCserve Replication includes several options that help reduce bandwidth bottlenecks when replicating the cloud. For all scenario types, after an initial synchronization between the Production server and the Replica server has completed, the replication engine only sends file-level or block-level changes to the Replica server. This technique reduces the bandwidth that is required for daily backups of remote data and applications.
12 CA ARCserve Replication also provides additional performance-related technologies. Multi-stream replication means that replication data can be sent over multiple IP sessions even within a single scenario. This improves replication and synchronization times for most scenarios, but has the greatest impact for customers with scenarios running across high-latency WAN connections. Bandwidth throttling enables you to control the size of the incoming bandwidth allowed on the replica host. You can either define one size limit that will apply to all hours of the day, or you can specify different values for different hours. By using the bandwidth scheduler, you can decrease the bandwidth size during busy hours and increase it during off-peak hours in order to optimize your bandwidth resources. CA ARCserve Replication and CA ARCserve High Availability also provide an assessment mode that enables you to measure the amount of bandwidth that is required to replicate data, prior to implementation. Assessment mode enables you to plan your bandwidth requirements and adjust either your bandwidth or the volume of data that you want to replicate to suit your individual requirements. Using the cloud for system, application and data high availability High availability refers to the real-time protection of complete systems or applications, and where a secondary system can be rapidly brought online either manually or automatically. For many organizations, high availability is a necessity for maintaining access to business-critical applications and data. Using traditional backup, restoring a full system, application and data after a system or storage failure can take many hours, affecting all parts of the business, and with potentially disastrous impact on sales and services. Employee productivity and morale is also affected, as is reputation and even compliance. A Bare Metal Recovery (BMR) solution can dramatically reduce that time, but it could still take an hour or more. Some IT organizations turn to technologies such as failover clustering to help maintain availability, but these technologies can be complex and costly to deploy and maintain. They entail all servers in a cluster needing to be of near-identical specifications, with the same operating system and application software, which can drive up costs. In addition, failover clustering does not protect the shared storage device, nor can it be used to replicate to a remote location for disaster recovery unless a separate replication solution is purchased. For many, a host-based, high-availability software solution may be a better option. This solution protects physical and virtual servers and storage, and may be deployed on-site, off-site and in the cloud. Although many organizations deploy high availability as an on-site solution for business continuity, it is also common to deploy such solutions offsite or in the cloud to support both business continuity and disaster recovery needs by using the same technology. For organizations that do not have their own DR site or remote facilities to use, using the cloud may provide an ideal solution. Overview of CA ARCserve High Availability r16 CA ARCserve High Availability provides all the features of CA ARCserve Replication, and adds real-time server and application monitoring with automatic and push-button failover, automated end-user redirection and push-button failback for both physical and virtual server environments. The failover capability is available for applications such as Microsoft SharePoint, Microsoft Exchange and Microsoft Dynamics CRM, as well as for Microsoft Hyper-V and VMware vsphere virtualization environments. Failover and failback refer to the CA ARCserve High Availability process in which active and passive roles change between Production and Replica servers: Failover. CA ARCserve High Availability provides an automatic failover process where the production systems and applications are monitored in real time. If an unplanned outage occurs, workloads are moved to the Replica server and end users are automatically redirected. You can configure automatic failover by using predefined monitoring checks, which include ping checks, database checks or user-defined checks, for customizing failover to meet specific application requirements. Alternatively, push-button failover can be used to proactively move workloads and end users to the Replica server in advance of an impending disaster or planned outage. Failback. Failback is used after the Production server has been repaired or replaced, in order to get the original Production server resynchronized with the current Replica server. CA ARCserve High Availability also provides an Assured Recovery option. Assured Recovery enables you to perform a full test of the recoverability of your data on a Replica server, and provides automatic disaster recovery tests for data and application recoverability. Manual testing can also be used when the need arises. Assured Recovery testing does not interfere with normal operations, does not require resynchronization and does not impact on high-availability or disaster-recovery operations.
13 Summary of the cloud support CA ARCserve High Availability can be used with both private and public clouds that provide the server and storage resources for failover. Note that Assured Recovery, Data Rewind and VSS Snapshots are not supported by Amazon EC2, but may be available in other private cloud offerings depending on the level of service provided by the cloud vendor. Supported clouds Supported clouds for all High Availability scenarios (except Full System) are: Regular failover and failback by Hostname/IP. Any cloud-based server that supports the High Availability engine and a VPN connection for secure IP access. Supported clouds for Full System scenarios with failover to cloud are: Amazon EC2 server and storage resources (replication and failover for Windows-based systems only). Any cloud-based server that supports Hyper-V, VMware or Citrix XenServer VMs and a VPN connection for secure IP access. Using CA ARCserve High Availability with the Amazon EC2 cloud CA ARCserve High Availability is integrated with Amazon EC2, but can also be used on-premise, at a remote or branch office and with other supported internal and private cloud services. To deploy CA ARCserve High Availability with Amazon EC2, you use the Full System High Availability scenario to replicate the entire system including the operating system, system state, application and data from any physical or virtual server to an offline virtual server in the Amazon cloud. Using Full System replication, multiple physical and/or virtual servers are stored as replica volumes on a proxy or gateway server running within the Amazon EC2 cloud. In the event of an outage, a new virtual machine is created and the appropriate replica volume is detached from the proxy server and mounted for failover purposes, the Replica (failover) server being a clone of the production system. This unique process helps to lower cloud service costs because you only pay for the storage used and the actual failover system time used. You do not pay for system use during the replication process because the Replica (failover) server is offline. This Failover to Cloud (Full System) scenario, which is specific to Amazon EC2, is available for Windows Server 2003, Windows Server 2008 and Windows Server 2008 R2 servers, where the Production server is a local physical or virtual server and the Replica server is an Amazon EC2 server. In order to provide seamless failover using the cloud, you specify to automatically redirect DNS with this scenario, so that user requests for the Production server are automatically redirected to the Amazon EC2 server using your own Amazon Virtual Private Cloud (Amazon VPC) configuration. Failover scenarios can also apply across distributed server groups, such as SharePoint server farms or other application environments where the integrity of a service depends on multiple physical or virtual servers. By using server groups with CA ARCserve High Availability, common scenario properties can apply to the whole group. You can also configure all the scenarios in the group to start and stop together, and use group failover so that all servers are failed over together automatically if any fail. Distributed groups can be configured to use the Full System scenario with Amazon EC2, or to use Hyper-V, VMware or Citrix XenServer with a private cloud. Creating an Amazon EC2 Failover to Cloud (Full System) scenario To create a Full System High Availability scenario with an Amazon EC2 Replica server, you must have an AWS account and you must have created the VPN connection between your on-premise network and your Amazon VPC. You then create the Full System scenario and, in the Scenario Creation Wizard, specify the Replicate to Cloud option. During this process, you can also configure the engine to be automatically installed on the Amazon EC2 VM. Running an Amazon EC2 Failover to Cloud (Full System) scenario During Full System Replication, the system information and data from one or more Production servers is replicated to the remote instance and stored on Amazon EC2 storage volumes as virtual images on a single Amazon AMI (the cloud-based VM). As long as the Is-Alive check is valid, data will continue to be replicated to the cloud (Figure 6). Figure 6. Failover to Cloud (Full System) scenario: Before failover
14 If the Is-Alive check fails, indicating failure at the Production server, the Replica server (the VM) is started and the appropriate image is attached to the Amazon EC2 instance (Figure 7). This approach to using Amazon EC2 integration for failover to the cloud is unique. It provides significant savings on AWS computing costs because you only pay for the failover processing time you use, and do not pay compute costs for the replication time. Figure 7. Failover to Cloud (Full System) scenario: After failover System and data recovery after failover to Amazon EC2 cloud You may only use the Full System Replication and Failover scenario for High Availability with the Amazon EC2 service, so the built-in pushbutton failback feature may not be used. If your original Production server was a physical server, you will need to build a new Production server with a hardware, operating system and application configuration that is identical to the original server. Then you can restore just the data from the cloud Replica server to the new physical server because CA ARCserve High Availability creates a temporary Reverse Replication scenario and will replicate data at the file system level. At the end of the restore process, you will have to reboot the physical server to replace busy system files that could
15 not be updated during the reverse synchronization process. After restoring the new Production server, you then restart the Replication and Failover scenario to the Amazon cloud and resume protection of your production system and data. Alternatively, if you can use a virtual server for your new Production server, you can more easily restore your new Production server by using the Full System Replication scenario on the cloud Replica server to resynchronize the operating system, system state, application and data altogether to the new Production server. If your original Production server was a virtual server, you can easily restore your new Production server by using the Full System Replication scenario on the cloud Replica server to resynchronize the operating system, system state, application and data altogether to the new virtual Production server. Then you restart the Replication and Failover scenario, and resume protection of your new production system and data. Note that if you are using a cloud service provider that allows the use of basic CA ARCserve High Availability Replication and Failover scenarios, you will be able to use the built-in push-button failback feature found in the products. Summary The cloud can be an important component of a data and systems protection strategy. You can use it as a remote location for backups and long-term data storage, as a secure off-site host for CDP and even for backup servers in a high-availability environment. CA ARCserve technologies can leverage cloud services such as those available from Amazon, Microsoft or through the Eucalyptus interface to provide complete protection for virtual and physical servers, for backup and recovery of applications and data, for disaster recovery and replication of complete systems or applications and for ensuring high availability for mission-critical services. For more information on the CA ARCserve Family of products, please visit arcserve.com. Copyright 2011 CA. All rights reserved. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. All other trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. CA assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, CA provides this document as is without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or non-infringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill or lost data, even if CA is expressly advised in advance of the possibility of such damage.