HP Insight Recovery Technical white paper Abstract... 2 Introduction... 2 Overview of Insight Dynamics VSE and Logical Servers... 2 Disaster Recovery Concepts... 4 Recovery Time Objective (RTO) and Recovery Point Objective (RPO)... 5 Levels of Application Availability... 5 Planned vs. Unplanned Disaster Recovery Scenarios... 6 Overview of Insight Recovery 1.0... 7 Concepts... 7 Example Configuration... 7 Features... 8 Prerequisite Products... 9 Insight Recovery Configuration... 9 Pre-Work Steps (Prior to Configuring Insight Recovery)... 9 Insight Recovery Configuration Steps... 10 At the Primary Site... 11 At the Recovery Site... 15 Insight Recovery Operations... 16 Site Failover... 16 Change Local Site to Primary/Recovery Command... 16 Insight Recovery and RTO / RPO Considerations... 17 Monitoring Status... 18 Using Insight Dynamics VSE Virtualization Manager... 18 Monitoring Status Using the Insight Recovery Jobs Screen... 20 Conclusions... 20 For More Information... 21
Abstract This white paper provides a technical overview of the Insight Recovery 1.0 product. Insight Recovery extends the capabilities of HP Insight Dynamics VSE, providing disaster recovery (DR) protection for logical server environments. Insight Recovery extends HP s set of solution offerings that protect customer s applications in the event of a disaster. Insight Recovery focuses specifically on ProLiant solutions involving both physical and virtual solution environments, utilizing logical servers and HP StorageWorks Continuous Access EVA data replication technologies. Protecting logical servers and their associated workloads from the impact of a site-wide disaster, or major service interruption, is an important requirement for enterprises to ensure business continuity. Increasingly, customers are adopting DR solutions that complement the virtualization technologies in their IT infrastructure. Insight Recovery builds on the common management capabilities of HP Insight Dynamics VSE for virtual and physical server environments, enabling customers to recover from a disaster with an automated push-button disaster failover solution. Introduction IT Administrators using HP Insight Dynamics VSE software are familiar with the benefits of the logical server concept, which unifies the tasks associated with physical and virtual servers through a common set of management interfaces. Building on the flexibility and power of logical servers, HP introduces Insight Recovery. Insight Recovery provides an easy-to-use DR solution that protects application workloads running on either physical or virtual servers. To recover from a major site-wide disaster that disables an entire data center, such as a hurricane, flood, or a prolonged outage in the data center Insight Recovery automates the failover of a set of application workloads to a remote recovery site. By design, the decision to perform a DR failover to a recovery site is a manual decision, which may require the approval of a Chief Information Officer (CIO) or other C-level executive. Once the determination has been made that a disaster has occurred or is imminent at the primary site, an administrator at the recovery site can initiate a DR failover using Insight Recovery. Overview of Insight Dynamics VSE and Logical Servers HP Insight Dynamics VSE introduced the logical server concept, an abstraction that simplifies and unifies the provisioning and ongoing management of servers. This concept provides a single management paradigm for physical server blades and virtual machines, allowing administrators to provision and control disparate resources with the same management tools. The logical server concept is illustrated in Figure 1. 2
Figure 1. Logical server concept, enabled by Insight Dynamics -- VSE Logical server Image Information Configuration requirements Unique IDs Logical Servers can be Physical blades Virtual machines Server HW Server HW Virtual Fabric Image Logical servers simplify the provisioning task (deployment and assignment of resources) that IT Administrators face. A logical server definition exists independent of the underlying server resource (server blade or virtual machine) it is assigned to at any given time. Using Insight Dynamics -- VSE, an administrator can use the same set of tools for provisioning a server, whether it is a server blade or a virtual machine. In both cases, the provisioning step involves assigning a logical server to a particular server resource. Insight Dynamics -- VSE also simplifies the task of moving a workload, for example, a logical server can be easily moved from one server resource to another. A logical server also describes an abstracted system image 1. The system image includes everything that the OS and application stack requires to support a particular workload. For example, a logical server profile may include attributes describing entitlements such as power allocation, requirements for processors and memory, and identifiers (IDs) associated with networking and storage addressing. 1 System image is a term that represents the services and components that are exposed to the OS, including the storage and networking configuration, server identifiers, and the BIOS services and configuration. 3
Figure 2. Example of provisioning a new logical server Provision new logical server example Node 1 Profile MAC addresses Network connections FC WWNs FC SAN connections FC Boot parameters Node 2 Profile MAC addresses Network connections FC WWNs FC SAN connections FC Boot parameters Node 3 Profile MAC addresses Network connections FC WWNs FC SAN connections FC Boot parameters SIM CMS pnic pnic HBA pnic pnic HBA pnic pnic HBA Node n Profile Virtual Connect For Ethernet And Fibre Channel works across multiple stacked enclosures LAN SAN Customer Data Center Networks Node 1 Boot LUN Node 2 Boot LUN Node 3 Boot LUN StorageWorks EVA boot from SAN Figure 2 illustrates how a logical server can be provisioned from a physical resource pool using Insight Dynamics -- VSE. The logical server can be created using Insight Dynamics -- VSE and moved to any compatible resource. Once created, a logical server can remain as an inactive profile without any defined resources. The ability to reassign a logical server profile from one resource to another requires the sharing of server, networking, and storage resources -- including shared storage for the OS boot image, application software, and application data. This sharing of compute resources is fundamental to the design of Insight Dynamics -- VSE. Disaster Recovery Concepts To protect against the disruptive impact of a large-scale disaster on a data center s compute infrastructure -- such as fires, hurricanes, or a broken water pipe in the datacenter -- DR solutions typically involve failing over application workloads to a remote site. The method of failover can range from automated solutions that are based on storage replication, to manual solutions that involve restoring data and applications from offline media such as backup tapes. Recovery is typically performed at a remote site usually some geographic distance away from the primary site -- ranging from metropolitan ( metro ) area distances (for example tens to hundreds of miles) to thousands of miles or across continents. Whether manual or automatic, these solutions involve the restoration of applications (also known as services ) and data associated with those applications within a reasonable amount of time. The 4
definition of reasonable time varies according to the needs of the enterprise and is typically specified in a Service Level Agreement (SLA) between an IT organization that maintains the applications and the end-users who depend on those applications. An SLA contains a set of objectives or requirements regarding service availability. These are generally referred to as Service Level Objectives (SLOs). SLOs may include requirements for uptime (measured in number of nines, for example 99.95%) and may also include requirements for Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO). Recovery Time Objective (RTO) and Recovery Point Objective (RPO) When describing the DR requirements of a given application workload, two key SLOs are Recovery Time Objective (RTO) and Recovery Point Objective (RPO). Recovery Time Objective (RTO) refers to the required time to recover an application ( service ), typically measured as the time that all services are restored from an end-user perspective. These requirements can range from under two hours for mission critical applications, to within 1-2 days for less critical applications, to within 1-2 weeks for low priority services. Recovery Point Objective (RPO) refers to the required point-in-time to which a DR solution can restore the state of data for a particular service, for example, how much data loss is acceptable following a disaster. These requirements can range from close to zero data loss (for high-value financial transactions, for example) to some small number of minutes of the most recent data, to loss of the past 1-2 days of data, depending on the criticality of the data to the enterprise. The ability of a particular DR solution to meet SLA objectives will vary according to several factors, and their associated costs, including: Properties of the DR solution Storage replication techniques employed Inter-site communication link bandwidth and quality For example, an RPO requirement of close to zero data loss would tend to favor a synchronous data replication technique rather than asynchronous replication however there are advantages and disadvantages to both modes of replication. In a later section of this document (Insight Recovery and RTO / RPO Considerations), the RTO of RPO characteristics of Insight Recovery are discussed. Levels of Application Availability When developing an SLA agreement, a customer may classify their applications based on Application Tiers according to required levels of availability, as illustrated in Table 1. 5
Table 1: Example of Application Tiers according to required levels of availability Tier Name Tier 1 Tier 2 (Top X% Mission Critical (Mission Critical Production) Production) Tier 3 Tier 4 (Business Critical (Non-Business Critical) Production) Application Availability SLO 99.95% 99.9 99.5 99.0 99.5% Disaster Recovery (Metro Area Distance) for Local Outage Events / Local Disasters Failover distance Metro area Metro area N/A N/A Data replication Synchronous Synchronous Manual Process N/A RTO < 2 hours 1 to 2 days < 5 days Best effort, if necessary RPO < 5 min data loss < 1 hour data loss < 1 day data loss < 3 days data loss Disaster Recovery (Long Distance) for Major Wide-Area Disasters Failover distance > 150 miles way > 150 miles away N/A N/A Data replication Asynchronous Asynchronous Manual Process N/A RTO < 2 hours 2 to 5 days < 20 days Best effort, if necessary RPO < 10 min data loss < 2 hours data loss < 2 days data loss < 5 days data loss In this hypothetical example, a customer has classified their applications into four tiers of application availability, labeled Tier 1 (Top X% Mission Critical) to Tier 4 (Non-Business Critical). This example illustrates how RTO and RPO requirements may vary across application tiers. In this case, Tier 1 applications have an RTO of less than 2 hours, and an RPO of less than 5 to 10 minutes. The point to be observed in this example is that not all applications have the same DR requirements, that is, some may have more demanding requirements for RTO and RPO than others. Each enterprise will have its own set of criteria for defining application tiers, and its own requirements that are documented in SLAs and SLOs. Planned vs. Unplanned Disaster Recovery Scenarios There are several use case scenarios where DR solutions are employed, which include minimizing or avoiding downtime associated with either planned and unplanned events. For example, a planned failover scenario may be initiated in anticipation of an approaching hurricane, or ahead of a scheduled maintenance activity that would affect the entire site, such as a power or cooling upgrade. In planned scenarios, there is typically sufficient time to perform an orderly shutdown of services at the primary site before initiating the failover of services at a recovery site. In unplanned failover scenarios, typically a catastrophic event has already occurred, and the primary data center (or some portion thereof) has been rendered inoperable. In these cases, an unplanned failover involving the restoration of services at a recovery site will be required. In an unplanned scenario, there may not be an opportunity to perform an orderly shutdown of services at the primary site before initiating the failover. 6
Overview of Insight Recovery 1.0 Concepts Insight Recovery 1.0 is a two-site solution based on the concept of a primary site and a recovery site. Insight Recovery provides a pushbutton automated DR failover capability that is initiated from the recovery site. Triggering a DR failover is a major decision that typically requires Executive-level approval, such as by a CIO or other C-Level Executive. In Insight Recovery 1.0, initiating a DR failover is manual by design, as many factors, both technical and business related, contribute to the decision to perform a DR failover. Once the decision has been made, Insight Recovery automates the steps associated with performing a DR failover. Example Configuration An example of an Insight Recovery configuration is shown in Figure 3 below. Figure 3: Insight Recovery example configuration Storage Management Server CommandView EVA EVA Continuous Access Replication Solutions Mgr Central Management Server HP Systems Insight Manager Insight Control Environment Insight Dynamics-VSE Virtual Connect Enterprise Mgr Insight Recovery Central Management Server HP Systems Insight Manager Insight Control Environment Insight Dynamics-VSE Virtual Connect Enterprise Mgr Insight Recovery Storage Management Server CommandView EVA EVA Continuous Access Replication Solutions Mgr Virtual Connect Blades (boot from SAN) Virtual Connect Blades (boot from SAN) Continuous Access Storage Replication (Metropolitan Distance) StorageWorks EVA StorageWorks EVA In Figure 3, configurations at both sites are illustrated (primary and recovery sites). The main hardware and software components of an Insight Recovery solution are also shown. At each site, there is a Central Management Server (CMS), which hosts HP SIM and the Insight Dynamics -- VSE software. In addition, the Insight Recovery software runs on the CMS. In addition to the CMS, the other hardware components include the Storage Management Server (which runs CommandView EVA), the Proliant Servers (in this example, c-class blade enclosure(s)), and the StorageWorks EVA storage array(s). In Insight Recovery 1.0, Continuous Access EVA in synchronous mode is used for storage replication. Therefore, the distance between sites is generally limited to a metropolitan area. This is due to latency requirements for Continuous Access EVA synchronous replication. For more information, refer to the Continuous Access EVA Implementation Guide. 7
Features Insight Recovery 1.0 provides the following key features: Insight Recovery 1.0 Feature Description Integrated with HP SIM Insight Recovery is an optional extension to Insight Dynamics VSE. Based on a graphical user interface Configure recovery site using export/import Recover both physical and virtual servers Replicate logical server images via established storage replication solutions Initiate automated failover via pushbutton Site role reversal Define start up order for logical servers during recovery Ability to test recovery logical servers at recovery site The configuration and management of Insight Recovery is done through a graphical interface. Once the configuration of Insight Recovery is done at the primary site, an export/import facility allows for simplified and accurate configuration of the recovery site. Insight Recovery can protect and recover logical servers that are either physical servers or virtual machines. Insight Recovery leverages Continuous Access EVA storage replication in synchronous mode. Insight Recovery provides a failover function that is initiated by a single pushbutton, which automates the steps associated with failing over a set of workloads. Insight Recovery has functions to convert a primary site to a recovery site, and vice versa. As part of Insight Recovery s configuration, an admin can specify the order in which servers will be started at the recovery site during a failover. Insight Recovery provides a Maintenance Mode which allows an admin to manually test individual recovery logical servers without doing a site failover. Recovery logical servers exist at the recovery site and normally are only activated in the event of a site failover. Insight Recovery 1.0 Supported Hardware and Software 2 Component Supported by Insight Recovery 1.0 Servers (managed nodes) Protected logical servers Storage Supports HP Proliant BL servers for physical failover, and ProLiant BL/ML/DL servers for virtual machine failover. Up to 50 logical servers may be protected by Insight Recovery. EVA storage arrays. 2 For more details, refer to the Insight Recovery 1.0 Release Notes 8
Storage replication Distance between primary and recovery sites Continuous Access EVA (synchronous mode). Metropolitan area distance between primary and recovery sites. See Continuous Access EVA Implementation Guide for a discussion of distance restrictions when using Continuous Access EVA in synchronous mode. Prerequisite Products In order to install and use Insight Recovery, a customer must first have installed the following products on the Central Management Server (CMS) at each site: Insight Dynamics VSE Virtual Connect Enterprise Manager (VCEM) Virtual Connect (VC) Insight Control Environment (ICE) Insight Recovery 1.0 supports: HP StorageWorks EVA HP StorageWorks Continuous Access EVA software (synchronous mode) Insight Recovery Configuration This section provides a high-level overview of the Insight Recovery set-up and configuration process. See the Insight Recovery 1.0 Release Notes for detailed product installation requirements and the Insight Recovery Online Help for detailed configuration information. Pre-Work Steps (Prior to Configuring Insight Recovery) To set up Insight Recovery, the server administrator (hereafter referred to as the admin ) performs the following tasks: The admin creates logical servers on both sites. For each logical server protected by Insight Recovery (hereafter referred to as DRprotected ) at the primary site, a corresponding logical server must exist at the recovery site. That is, for each logical server at the primary site to be protected by Insight Recovery, there must be a corresponding recovery logical server at the recovery site. The admin requests that the storage administrator do the following: Create LUNs on the arrays these are the storage LUNs to be used by the logical servers at the primary and recovery sites. Setup replication for LUNs the LUNs that are used by the logical servers protected by Insight Recovery at the primary site must be replicated to the recovery site. Present LUNs to the WWNs provided by the server admin the LUNs are presented to the logical servers HBA WWNs that will access them. Inform the server admin of the details regarding DR Group name, storage array WWN for both sites, and the CommandView EVA server names and credentials for both sites this information will be used as part of the Insight Recovery configuration. The admin completes the set up of the logical servers The admin applies storage parameters to the logical server the server admin completes the configuration of the logical server, including LUN ID for boot-from-san, etc. 9
The admin activates the logical server on the primary site on a target blade or virtual machine and installs the OS and applications. Insight Recovery Configuration Steps Once the pre-configuration steps have been completed, the admin can proceed with configuring Insight Recovery at both the primary and recovery sites. The admin navigates to the Insight Recovery home screen starting from the HP SIM screen by selecting Insight Recovery from the Tools drop-down menu, as illustrated below in Figure 4. Figure 4: Navigating to Insight Recovery in HP SIM The first screen displayed is the Insight Recovery home screen, as illustrated in Figure 5. This screen gives an overview of the product, and explains the purpose of each of the tabs along the top that are useful for navigating for performing different tasks. The tabs include: Sites Configure, Change Local Site to Primary/Recovery Storage Configure storage replication groups Recovery Groups Configure logical servers and their associated storage into Recovery Groups, which are the units of failover in Insight Recovery Jobs Monitor the progress of long-running operations, such as the Change Local Site to Primary operation 10
Figure 5: Insight Recovery Home Screen At the Primary Site The admin configures Insight Recovery at the primary site, and exports the configuration. 3 The Insight Recovery configuration involves configuring Site, Storage, and Recovery Group information. A Recovery Group is a grouping of a logical server and its associated Storage Replication Group3. The admin may also specify a startup number indicating the order Recovery Groups will be started in at the Recovery Site during a failover. For example, an admin may choose to start up their highest priority workloads before less important workloads. A Storage Replication Group is an Insight Recovery term for what is known as a DR Group in Continuous Access EVA terminology. 11
The configuration of Site information is illustrated below in Figure 6: Figure 6: Configuration of site information in Insight Recovery Local Site Site Name CMS Name Role of Local Site (Primary or Recovery) Description Remote Site In Figure 6, note that once the site role of the local site is specified, the site role of the remote site is deduced (for example if the local site is designated as the primary site then the remote site is automatically set to the recovery site role). 12
The configuration of Storage information is illustrated in Figure 7: Figure 7: Configuration of storage information in Insight Recovery Storage Type Replication Group Name Local and Remote CommandView EVA Server Names and Array WWNs Local and Remote CommandView EVA Server Credentials In Figure 7, note that in Insight Recovery 1.0, the only Storage Type that is supported is the HP StorageWorks EVA. As part of Storage configuration, both the local and remote CommandView EVA server credentials (login name and password) must be entered. For a description of the Failsafe mode and UseNonCurrentDataOk parameters, see the section on Insight Recovery and RTO / RPO Considerations, later in this document. 13
The configuration of Recovery Groups is illustrated in Figure 8: Figure 8: Configuration of Recovery Groups Recovery Group Name Recovery Group Start Order Number Logical Server Name Storage Replication Group Name As shown in Figure 8, configuring a Replication Group (RG) involves specifying an RG name, the start order number of this RG (to specify that higher priority workloads should be started ahead of lower priority workloads), a logical server name, and a Storage Replication Group name. Once the entire Insight Recovery configuration (Sites, Storage, Recovery Groups) is completed at the primary site, the admin exports the Insight Recovery configuration (by invoking the Sites Configure Export button). The exporting of the Insight Recovery configuration information at the primary site is illustrated in Figure 9. Figure 9: Exporting of Insight Recovery Configuration File save dialog window 14
As shown in Figure 9, the admin is prompted for a location to save the configuration file. At the Recovery Site The admin imports the Insight Recovery configuration at the recovery site. The configuration file exported at the primary site in the previous step is transferred to the recovery site, and then is imported at the recovery site using the Import command (by invoking the Sites Configure Import button). During the import phase, the admin decides which logical servers at the recovery site correspond to the DR-protected logical servers at the primary site. These are known as recovery logical servers. During the import process, for each imported Recovery Group, the admin is asked to specify which recovery logical server corresponds to the logical server in the configuration just imported from the primary site. If the corresponding logical server names at both sites are identical, the matching is done automatically during the Import process. If the corresponding logical server names are not identical, the admin can choose the recovery logical server that corresponds to the logical server in the Recovery Group just imported. The final confirmation screen of the import process is illustrated in Figure 10. Figure 10: Final confirmation screen in the Import procedure of Insight Recovery configuration Sites Information Storage Information Recovery Group Information As shown in Figure 10, in the last step of the Import process, the admin is presented with a final confirmation screen to show the result of the Import process which should be checked before proceeding. 15
After the Import process has been completed, each recovery logical server is in Maintenance Mode, meaning that it should be tested at the recovery site to ensure that it is working properly. Once this is done, each of the recovery logical servers must be taken out of Maintenance Mode in order to enable them for automatic activation by Insight Recovery in the event of a site failover. Insight Recovery Operations Site Failover A site failover involves failing over the set of workloads running at the primary site that are protected by Insight Recovery to the recovery site. A planned failover is performed while the primary site is still capable of supporting the workloads under protection of Insight Recovery. A planned failover may be performed in anticipation of an imminent disaster, such as an approaching hurricane or a planned utility outage (power shutdown for maintenance, etc). An unplanned failover is one in which the failover to the recovery site is performed without advance warning or planning, typically after the primary site is no longer capable of supporting the workloads under protection of Insight Recovery. An unplanned failover may be required in order to recover from the effects of an unexpected event, such as a fire or flood, etc. The admin performs the following steps to perform a planned site failover using Insight Recovery: At the primary site, perform an orderly shutdown of all logical servers at the primary site that are to be failed over. Then, click the Change Local Site to Recovery button. This will deactivate all the logical servers that are being managed by Insight Recovery. Verify that the storage being replicated to the recovery site containing images associated with the DR-protected logical servers is synchronized with respect to the state of the storage at the primary site. At the recovery site, click the Change Local Site to Primary button (illustrated in Figure 11). Once the Failover Site command is initiated using Insight Recovery at the recovery site, it proceeds to completion automatically. Monitor the progress of the Failover Site command using the Jobs screen in the Insight Recovery user interface at the recovery site. This is a high level description of the planned site failover procedure. There are differences in the detailed steps to be performed (including the order of steps) in the case of an unplanned failover. Refer to the Insight Recovery 1.0 Release Notes and Online Help for more information. Change Local Site to Primary/Recovery Command Whether as part of a planned or unplanned failover, invoking the Change Local Site to Primary/Recovery buttons is performed from the Sites screen within Insight Recovery, as illustrated in Figure 11. 16
Figure 11 Change Local Site to Primary/Recovery buttons Change Local Site to Primary Change Local Site to Recovery (grayed-out since the site s current role is Recovery) As illustrated in Figure 11, the Change Local Site to Primary button is only available when the local site is in the recovery site role, whereas the Change Local Site to Recovery button is grayed-out at the recovery site. At the primary site the reverse is true, that is the Change Local Site to Recovery button is enabled, but the Change Local Site to Primary button is grayed-out. Insight Recovery and RTO / RPO Considerations Insight Recovery 1.0 provides support for up to 50 DR-protected logical servers (managed nodes). When considering the RTO and RPO characteristics of an Insight Recovery solution, you must take a number of factors into account, such as the number of logical servers being protected, the state of the disk array and storage management server (CommandView EVA) at the primary site, the state of the inter-site communication links between the primary and recovery sites, etc. Regarding recovery time (RTO) considerations, Insight Recovery performs recovery group startup in approximately 4 to 5 minutes per logical server -- including logical server activation time. Therefore, the maximum amount of time required to failover 50 Logical Servers could be slightly more than four hours, but this can vary depending on several factors such as the actual number of DR-protected logical servers. Referring to the hypothetical Application Tiers classification in Table 1, in that example Insight Recovery would be a suitable disaster recovery solution (over Metropolitan area distances) for Tiers 2, 3, and 4 but possibly not for Tier 1 since the worst case total recovery time for 50 logical servers may exceed two hours. Insight Recovery provides the ability to specify a startup order at failover time, so that higher priority applications can be started before those of lower priority, which is may be useful in addressing specific RTO requirements. Meeting recovery point objectives (RPO) is also dependent on many factors including whether the failover was a planned or unplanned failover scenario, and in the case of an unplanned failover -- 17
whether the disk array at the primary site and/or the inter-site links between sites were still operational following the disaster event. Another key factor in RPO is the setting of certain storage replication parameters in particular, whether FailSafe and UseNonCurrentDataOk are enabled or disabled in the storage replication group configuration. The meanings of these parameter settings are as follows: Parameter Description Failsafe Failsafe mode specifies how host I/Os are handled if data cannot be replicated between the source and destination array. The failsafe mode can be either: Failsafe enabled All host I/O to the DR Group2 is stopped if data cannot be replicated between the source array and destination array. This ensures that both arrays will always contain the same data (RPO of zero). A failsafe-enabled DR Group can be in one of two states: Locked (failsafe-locked) Host I/O and remote replication have stopped because data cannot be replicated between the source and destination array. Unlocked (failsafe-unlocked) Host I/O and remote replication have resumed once replication between the arrays is re-established. Failsafe disabled If replication of data between the source and destination array is interrupted, the host continues writes to the source array, but all remote replication to the destination array stops and I/Os are put into the DR Group write history log until remote replication is reestablished. UseNonCurrentDataOk UseNonCurrentDataOk can either be set to False or True. This specifies whether the specified storage can fail over to the recovery site in cases where the data at the recovery site may not be current. When this is set to True, Insight Recovery proceeds with the failover even in cases where the destination data may not be current. When this is set to False and the data at the recovery site is not current, Insight Recovery does not allow the storage failover to occur. For example, in the event of an unplanned failover where the primary site is suddenly destroyed in a catastrophic disaster, and the UseNonCurrentDataOk option is set to True for a given storage replication group, it is possible that some data may be lost in an unplanned failover. For further discussion regarding configuring Continuous Access EVA replication, please refer to the Continuous Access EVA Implementation Guide. Monitoring Status Using Insight Dynamics VSE Virtualization Manager Insight Recovery is integrated with the Insight Dynamics VSE Virtualization Manager graphical interface. Every logical server that is protected by Insight Recovery ( DR-protected ) has a special icon (a tornado with a superimposed checkmark) to indicate that it is protected in the event of a disaster. This is illustrated in Figure 12 below. 18
Figure 12: Insight Dynamics -- VSE Virtualization Manager showing Insight Recovery protected logical server Indicates that this logical server is protected by Insight Recovery In this example, there are three logical servers. Logical server demols03 is protected by Insight Recovery, indicated by the tornado-with-checkmark icon. Using this interface, an admin can easily determine which logical servers are protected by Insight Recovery. 19
Monitoring Status Using the Insight Recovery Jobs Screen Insight Recovery has a Jobs graphical interface that shows the status of long-running tasks, such as the Change Local Site to Primary operation, as illustrated in Figure 13. Figure 13: Insight Recovery Jobs screen Jobs associated with failing over Recovery Groups Sub-job associated with failing over a Storage Replication Group Sub-job associated with failing over a logical server Sub-jobs associated with Recovery Group failover jobs In this example, the Jobs screen shows the details related with two sub-jobs, each associated with failing over a particular Recovery Group. In this example, the sub-jobs are associated with the failing over of the Storage Replication Group and the logical server that are components of the Recovery Group. Conclusions Insight Recovery is a disaster recovery (DR) product that complements the capabilities of Insight Dynamics -- VSE, by providing an automated DR solution for logical server environments (both physical and virtual servers). When a primary site is impacted by a disaster, Insight Recovery can automatically failover logical servers to a recovery site with a single command - recovering applications running on HP BladeSystems or as VMware virtual machine guests. Insight Recovery utilizes the Continuous Access EVA capabilities of HP StorageWorks EVA storage to ensure that application data is properly replicated to the recovery location, and that the overall transition is achieved within minutes to a small number of hours. 20
For More Information For additional information, refer to the resources in the following list. www.hp.com/go/insightrecovery (includes Insight Recovery 1.0 QuickSpecs) HP Insight Dynamics VSE HP virtualization solutions HP BladeSystem Insight Recovery 1.0 Release Notes Insight Recovery Online Help HP StorageWorks Continuous Access EVA implementation guide (T3680-96312, September 2008) Copyright 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Linux is a U.S. registered trademark of Linus Torvalds. Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation. UNIX is a registered trademark of The Open Group. January 2009