Fault protection with Hystax Acura
- Get your cloud ready
- Create a service account and authorized key
- Configure the network traffic permissions
- Create a VM with Hystax Acura
- Set up Hystax Acura
- Prepare and install the agents for disaster recovery
- Enable replication
- Set up the subnets to run the VMs
- Create a disaster recovery plan
- Run tests
- Perform disaster recovery
- How to delete the resources you created
Regardless of your resource allocation structure, you can protect your infrastructure with Hystax Acura.
Supported platforms:
- Cloud services
- Hypervisors
- Physical servers
To get started, create a VM with Hystax Acura Disaster Recovery to manage replication and recovery. Auxiliary Hystax Cloud Agent VMs will perform continuous and periodic replication. For a detailed description of the architecture, see this Hystax overview article
To run Hystax Acura Disaster Recovery, follow the steps below:
- Get your cloud ready.
- Create a service account and authorized key.
- Configure the network traffic permissions.
- Create a VM with Hystax Acura.
- Set up Hystax Acura.
- Prepare and install the agents for disaster recovery.
- Enable replication.
- Set up subnets to run the VMs.
- Create a disaster recovery plan.
- Run exercises.
- Perform disaster recovery.
If you no longer need the resources you created, delete them.
Get your cloud ready
Sign up for Yandex Cloud and create a billing account:
- Go to the management console
and log in to Yandex Cloud or create an account if you do not have one yet. - On the Yandex Cloud Billing
page, make sure you have a billing account linked and it has theACTIVE
orTRIAL_ACTIVE
status. If you do not have a billing account, create one.
If you have an active billing account, you can go to the cloud page
Learn more about clouds and folders.
Required paid resources
Note
Note that both the Hystax Acura infrastructure and all the recovered VMs will be charged and counted against the quotas
- A Hystax Acura Disaster Recovery VM uses 8 vCPUs, 16 GB of RAM, and a 200-GB disk.
- The auxiliary Hystax Cloud Agent VMs use 2 vCPU cores, 4 GB or RAM, and a 10-GB disk. A single Hystax Acura Cloud Agent VM can serve up to 6 replicated disks at the same time. Should the number of disks exceed 6, this will automatically create additional Hystax Acura Cloud Agent VMs.
The cost of the resources required to use Hystax Acura Disaster Recovery includes:
- Fee for disks and continuously running VMs (see Yandex Compute Cloud pricing).
- Fee for storing images (see Compute Cloud pricing).
- Fee for using a dynamic or static external IP address (see Yandex Virtual Private Cloud pricing).
- Fee for each protected VM (see the product description in Cloud Marketplace).
Create a service account and authorized key
The Hystax Acura Disaster Recovery application will run under a service account:
- Create a service account named
hystax-acura-account
with theeditor
andmarketplace.meteringAgent
roles. - Create an authorized key for the service account.
Save the following details to use at the next steps:
- Service account ID.
- Service account authorized key ID.
- Service account private authorized key.
Configure the network traffic permissions
Configure the network traffic permissions in the default security group. If a security group is unavailable, this will allow any inbound or outbound VM traffic.
If a security group is available, add the following rules to it:
Traffic direction |
Description | Port range | Protocol | Source / Destination name |
CIDR blocks |
---|---|---|---|---|---|
Inbound | http |
80 |
TCP |
CIDR |
0.0.0.0/0 |
Inbound | https |
443 |
TCP |
CIDR |
0.0.0.0/0 |
Inbound | https |
4443 |
TCP |
CIDR |
0.0.0.0/0 |
Inbound | vmware |
902 |
TCP |
CIDR |
0.0.0.0/0 |
Inbound | vmware |
902 |
UDP |
CIDR |
0.0.0.0/0 |
Inbound | iSCSI |
3260 |
TCP |
CIDR |
0.0.0.0/0 |
Inbound | udp |
12201 |
UDP |
CIDR |
0.0.0.0/0 |
Inbound | tcp |
15000 |
TCP |
CIDR |
0.0.0.0/0 |
Outbound | http |
80 |
TCP |
CIDR |
0.0.0.0/0 |
Outbound | https |
443 |
TCP |
CIDR |
0.0.0.0/0 |
Outbound | vmware |
902 |
TCP |
CIDR |
0.0.0.0/0 |
Outbound | vmware |
902 |
UDP |
CIDR |
0.0.0.0/0 |
Outbound | iSCSI |
3260 |
TCP |
CIDR |
0.0.0.0/0 |
Outbound | udp |
12201 |
UDP |
CIDR |
0.0.0.0/0 |
Save the security group ID. You will need it when creating VMs with Hystax Acura.
Create a VM with Hystax Acura
Create a VM with a boot disk from the Hystax Acura Disaster Recovery to Yandex Cloud
image.
Start the VM
-
In the management console
, select the folder where you want to create your VM. -
From the list of services, select Compute Cloud.
-
In the left-hand panel, select
Virtual machines. -
Click Create virtual machine.
-
Under Boot disk image:
- Go to the Marketplace tab.
- Click Show all Marketplace products.
- From the public image list, select Hystax Acura Disaster Recovery to Yandex Cloud and click Use.
-
Under Location, select an availability zone where your VM will reside.
-
Under Disks and file storages, enter
200 GB
as the boot disk size. -
Under Computing resources, select the
8 vCPU
and16 GB
configuration. -
Under Network settings:
-
In the Subnet field, enter the ID of a subnet in the new VM’s availability zone. Alternatively, you can select a cloud network from the list.
-
Each network must have at least one subnet. If there is no subnet, create one by selecting Create subnet.
-
If you do not have a network, click Create network to create one:
- In the window that opens, enter the network name and select the folder to host the network.
- Optionally, enable the Create subnets setting to automatically create subnets in all availability zones.
- Click Create network.
-
-
If a list of Security groups is available, select the security group whose network traffic permissions you previously configured. If this list is not there, all inbound and outbound traffic will be allowed for the VM.
-
-
Under Access, select SSH key and specify the VM access credentials:
- In the Login field, enter a username, e.g.,
yc-user
. -
In the SSH key field, select the SSH key saved in your organization user profile.
If there are no saved SSH keys in your profile, or you want to add a new key:
- Click Add key.
- Enter a name for the SSH key.
- Upload or paste the contents of the public key file. You need to create a key pair for the SSH connection to a VM yourself.
- Click Add.
The SSH key will be added to your organization user profile.
If users cannot add SSH keys to their profiles in the organization, the added public SSH key will only be saved to the user profile of the VM being created.
- In the Login field, enter a username, e.g.,
-
Under General information, specify the VM name:
hystax-acura-vm
. -
Under Additional, select the
hystax-acura-account
service account. -
Click Create VM.
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder through the --folder-name
or --folder-id
parameter.
In the terminal, run this command:
yc compute instance create \
--name hystax-acura-vm \
--zone <availability_zone> \
--cores 8 \
--memory 16 \
--network-interface subnet-id=<subnet_ID>,nat-ip-version=ipv4,security-group-ids=<security_group_ID_if_group_set_up_previously> \
--create-boot-disk name=hystax-acura-disk,size=200,image-id=<Hystax_Acura_image_ID> \
--service-account-id <service_account_ID> \
--ssh-key ~/.ssh/id_ed25519.pub
Where:
-
name
: VM name, e.g.,hystax-acura-vm
. -
zone
: Availability zone, e.g.,ru-central1-a
. -
cores
: Number of vCPUs the VM has. -
memory
: VM RAM size. -
network-interface
: VM network interface description:-
subnet-id
: Subnet to connect your VM to.You can get the list of subnets using the
yc vpc subnet list
CLI command. -
nat-ip-version=ipv4
: Connect a public IP address. -
security-group-ids
: Security groups.You can get the list of groups using the
yc vpc security-group list
command. If you skip this parameter the system will assign the default security group.
-
-
create-boot-disk
: Create a new disk for the VM:-
name
: Disk name, e.g.,hystax-acura-disk
. -
size
: Disk size. -
image-id
: Disk image ID.For this example, use
image_id
from the product description in Cloud Marketplace.
-
-
service-account-id
: ID of the previously created service account.You can get the list of accounts using the
yc vpc security-group list
command. -
ssh-key
: Path to the public SSH key file.
Convert the IP address to static
VMs get a public dynamic IP address when created. Since a VM with Hystax Acura may reboot, make the IP static.
To convert a dynamic public IP address into a static one:
- In the management console
, open the page for the folder you are using. - Select Virtual Private Cloud.
- Go to the IP addresses tab.
- Click
in the row with the address of your Hystax Acura VM. - In the menu that opens, select Make static.
- In the window that opens, click Change.
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder through the --folder-name
or --folder-id
parameter.
To convert a dynamic public IP address into a static one:
-
See the description of the CLI commands for updating the address attribute:
yc vpc address update --help
-
Get a list of the addresses:
yc vpc address list
Result:
+----------------------+------+-----------------+----------+------+ | ID | NAME | ADDRESS | RESERVED | USED | +----------------------+------+-----------------+----------+------+ | e2l46k8conff8n6ru1jl | | 84.201.155.117 | false | true | +----------------------+------+-----------------+----------+------+
The
false
value of theRESERVED
parameter means the IP address with thee2l46k8conff8n6ru1jl
ID
is dynamic. -
Convert this address to static by using the
--reserved=true
key and the IP addressID
:yc vpc address update --reserved=true e2l46k8conff8n6ru1jl
Result:
id: e2l46k8conff8n6ru1jl folder_id: b1g7gvsi89m34pipa3ke created_at: "2023-06-02T09:36:46Z" external_ipv4_address: address: 84.201.155.117 zone_id: ru-central1-b requirements: {} reserved: true used: true
Now that the
reserved
parameter istrue
, the IP address is static.
Set up Hystax Acura
-
Open the
hystax-acura-vm
VM page in the management console and find its public IP address. -
Enter the
hystax-acura-vm
VM public IP address in your browser. This will open the initial Hystax Acura setup screen.Note
After the Hystax Acura Disaster Recovery VM boots up for the first time, an installation process will start, which may take over 20 minutes.
-
By default, a Hystax Acura VM has a self-signed certificate.
-
On the page that opens, fill out the following fields:
- Organization: Name of your organization.
- Admin user login: Email address for logging in to the admin panel.
- Password: Admin password.
- Confirm password: Re-enter the admin password.
-
Click Next.
-
Specify the Yandex Cloud connection settings:
-
Service account ID: ID of the service account.
-
Key ID: ID of the service account authorized key.
-
Private Key: Private part of your service account authorized key.
Note
If you obtained the ID and private key in a JSON file, e.g., when creating an authorized key via the CLI, remove the line break characters (
\n
) from the ID and the private key. -
Default folder ID: ID of your folder.
-
Availability zone.
-
Hystax Service Subnet: ID of the subnet the
hystax-acura-vm
VM is connected to. -
S3 host:
storage.yandexcloud.net
. -
S3 port:
443
. -
Enable HTTPS.
-
Public IP address of the Hystax Acura management console: Public IP address of the Hystax Acura VM. Replace the value in this field with the IP address you got at step 1.
-
-
Click Next.
Hystax Acura will automatically check whether it can access your cloud. If everything is correct, you can now log in to the Hystax control panel using your email address and password.
Prepare and install the agents for disaster recovery
The agents will install on the VMs that will be recovered in Yandex Cloud. To download and install an agent:
-
In the Hystax Acura control panel, click the Hystax logo in the top-left corner.
-
Under Machines Groups, create a group of protected VMs, e.g,
Prod-Web
. -
Go to the Download agent tab.
-
Select one out of three agent types depending on the OS:
- VMware
- Windows
- Linux
Click Next.
-
Download and install the agent on the VMs you would like to protect:
VMwareWindowsLinux-
From the drop-down list, select a group of VMs to set up agents for, e.g.,
Prod-Web
. -
Select New VMware vSphere and fill in these fields:
- Platform Name.
- Endpoint: Public IP address of the ESXi host.
- Login: User login. This user must have the admin permissions.
- Password.
Click Next.
-
Click Download agent and wait for the download to complete.
-
Unpack the downloaded OVA agent file on the ESXi host.
-
Start the VMs with the agent.
- From the drop-down list, select a group of VMs to set up agents for, e.g.,
Prod-Web
. - Click Next.
- Click Download agent and wait for the download to complete.
- Unpack the archive and install the agent from
hwragent.msi
on the VMs you want to protect.
- From the drop-down list, select a group of VMs to set up agents for, e.g.,
Prod-Web
. - Select the Linux distribution type:
- CentOS/RHEL (.rpm package): CentOS or Red Hat-based.
- Debian/Ubuntu (.deb package).
- Select the driver installation method:
- Pre-built: Install a driver binary.
- DKMS: Compile as you install.
- Click Next.
- You will get commands for installing the agent to the VM. Run these commands following the instructions for your distribution and installation method.
-
Enable replication
After the agent is installed on the VMs under protection, they will appear in the list as Unprotected
.
To enable VM replication:
- Open the Hystax Acura control panel. Click the Hystax logo.
- Under Machines Groups, deploy an instance group, e.g.,
Prod-Web
. - In the right-hand VM list, click
. - Set up a replication schedule and snapshot retention period using the Edit replication schedule and Edit retention policies options. For more information, see this Hystax article
. - Select Enable protection.
This will start VM replication. Once it is complete, the VMs will change their status to Protected
.
Set up the subnets to run the VMs
The recovery process will create a cloud site, i.e., an infrastructure to support your application in Yandex Cloud that includes subnets and recovered VMs.
Create subnets whose CIDRs will contain the IP addresses of your VMs.
For example, if you are protecting two VMs with IP adresses 10.155.0.23
and 192.168.0.3
, create two subnets with CIDRs 10.155.0.0/16
and 192.168.0.0/24
. The subnets must reside in the same availability zone as the Hystax Acura Disaster Recovery VM.
To create subnets:
- Open the Virtual Private Cloud section in the folder where you want to create a subnet.
- Click the cloud network name.
- Click Create subnet.
- Enter a name for the subnet, e.g.,
net-b-155
. - From the drop-down list, select an availability zone, e.g.,
ru-central1-b
. - Enter the subnet CIDR, such as
10.155.0.0/16
. - Click Create subnet.
Save the IDs of the created subnets. You will need these when you create your disaster recovery (DR) plan.
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder through the --folder-name
or --folder-id
parameter.
-
Get a list of the cloud networks:
yc vpc network list
Result:
+----------------------+----------------+ | ID | NAME | +----------------------+----------------+ | enplum7a98s1t0lhasi8 | network | +----------------------+----------------+
-
Select
NAME
orID
of the cloud network you need. Create a subnet:yc vpc subnet create \ --name net-b-155 \ --network-name network \ --zone ru-central1-b \ --range 10.155.0.0/16
-
To view the subnet list, run the command below:
yc vpc subnet list
Result:
+----------------------+-------------+----------------------+----------------+---------------+------------------+ | ID | NAME | NETWORK ID | ROUTE TABLE ID | ZONE | RANGE | +----------------------+-------------+----------------------+----------------+---------------+------------------+ | e2lgjspicv43ainspl0n | net-b-155 | enplum7a98s1t0lhasi8 | | ru-central1-b | [10.155.0.0/16] | | e2l8g5u9ijd1sursv2ov | net-b-192 | enplum7a98s1t0lhasi8 | | ru-central1-b | [192.168.0.0/24] | | e2l1hqsrpp932ik74aic | net-b | enplum7a98s1t0lhasi8 | | ru-central1-b | [192.168.1.0/24] | +----------------------+-------------+----------------------+----------------+---------------+------------------+
Save the
ID
s of the subnets you created. You will need these when you create your disaster recovery (DR) plan.
For more details, see this Virtual Private Cloud step-by-step guide.
Create a disaster recovery plan
The DR plan includes a VM description and the network settings. You can have a plan generated automatically or create one manually.
To generate a DR plan automatically:
- Open the Hystax Acura control panel. Click the Hystax logo.
- Select the VMs you need from the list, click Bulk actions, and select Generate DR plan. You can also generate a plan for a VM group by clicking
in the group header. - In the Title field, enter the name:
Plan-1
. - Under Subnets on the right, specify the parameters of the previously created subnets: Subned ID and CIDR.
- Click Save.
To create a DR plan manually:
- Open the Hystax Acura control panel. Click the Hystax logo.
- Click Add DR plan.
- In the Title field, enter the name:
Plan-1
. - Use one of the modes below:
Basic
: Create a plan with regular settings.Expert
: Create a plan with flexible settings using JSON (see the detailed syntax description here ).
- Add VMs by clicking
. If required, specify an initialization order by using the Move to another Rank option. - If required, modify the parameters of the new VMs. To do this, specify the following in the Flavor name field:
<platform>-<cpu>-<ram>-<core_fraction>
, e.g.,2-8-16-100
. - Under Subnets on the right, specify the properties of the previously created subnets: Subned ID and CIDR.
- Click Save.
Warning
Make sure you specified a valid IP address for each VM.
Run tests
With regular tests, you can check your infrastructure fault tolerance, as well as make changes to your configuration when required.
To run a test without shutting down the primary infrastructure:
- Open the Hystax Acura control panel. Click the Hystax logo.
- In the top navigation panel, select Run test Cloud Site.
- Tick the disaster recovery plans you need in the list. Expand and edit the plans, if required.
- Click Next.
- In the Cloud Site Name field, enter a name, e.g.,
Cloud-Site-from-Plan-1
. - In the Restore point time field, open the calendar window and select the restore point that will be used to create your VMs.
- Under Final DR plan, make sure the plan is up-to-date and correct.
- Click Run Recover.
The Hystax Acura control panel will display the Cloud Sites section. Wait until the Cloud-Site-from-Plan-1
status switches to Running
.
Open the management console
Perform disaster recovery
A real disaster recovery is no different to a test one:
- Open the Hystax Acura control panel. Click the Hystax logo.
- In the top navigation panel, select Run Cloud Site.
Repeat the test recovery steps.
How to delete the resources you created
Some resources are not free of charge. To avoid paying for them, delete the resources you no longer need:
- Delete
hystax-acura-vm
. - Delete the secondary
cloud-agent
VMs. - Delete the
hystax-acura-account
service account.
If you reserved a public static IP address, delete it.