Fault protection with Hystax Acura
- Prepare your cloud
- Create a service account and authorized key
- Configure network traffic permissions
- Create a VM with Hystax Acura
- Set up Hystax Acura
- Prepare and install the agents for disaster recovery
- Enable replication
- Set up the subnets to run the VMs
- Create a disaster recovery plan
- Run exercises
- Perform disaster recovery
- How to delete the resources you created
No matter how your resource allocation is structured, you can protect your infrastructure with the Hystax Acura solution.
Supported platforms:
- Cloud services.
- Hypervisors.
- Physical servers.
To get started, create a VM with Hystax Acura Disaster Recovery to manage replication and recovery. Continuous and periodic replication is performed by auxiliary Hystax Cloud Agent VMs. For a detailed description of the architecture, see the Hystax documentation
To run Hystax Acura Disaster Recovery, perform the steps below:
- Prepare your cloud.
- Create a service account and authorized key.
- Configure network traffic permissions.
- Create a VM with Hystax Acura.
- Set up Hystax Acura.
- Prepare and install the agents for disaster recovery.
- Enable replication.
- Set up the subnets to run the VMs.
- Create a disaster recovery plan.
- Run exercises.
- Perform disaster recovery.
If you no longer need the resources you created, delete them.
Prepare your cloud
Sign up for Yandex Cloud and create a billing account:
- Go to the management console
and log in to Yandex Cloud or create an account if you do not have one yet. - On the Yandex Cloud Billing
page, make sure you have a billing account linked and it has theACTIVE
orTRIAL_ACTIVE
status. If you do not have a billing account, create one.
If you have an active billing account, you can go to the cloud page
Learn more about clouds and folders.
Required paid resources
Note
Note that both the Hystax Acura infrastructure and all the recovered VMs will be charged and counted against the quotas
- A Hystax Acura Disaster Recovery VM uses 8 vCPUs, 16 GB of RAM, and a 200-GB disk.
- The auxiliary Hystax Cloud Agent VMs use 2 vCPU cores, 4 GB or RAM, and a 10-GB disk. A single Hystax Acura Cloud Agent VM can serve up to 6 replicated disks at the same time. If there are more than 6 disks, additional Hystax Acura Cloud Agent VMs are created automatically.
The cost of the resources required to use Hystax Acura Disaster Recovery includes:
- Fee for disks and continuously running VMs (see Yandex Compute Cloud pricing).
- Fee for storing images (see Compute Cloud pricing).
- Fee for using a dynamic or static external IP address (see Yandex Virtual Private Cloud pricing).
- Fee for each protected VM (see product description in Cloud Marketplace).
Create a service account and authorized key
The Hystax Acura Disaster Recovery application will run under a service account:
- Create a service account named
hystax-acura-account
with theeditor
andmarketplace.meteringAgent
roles. - Create an authorized key for the service account.
Save the following details to use in the next steps:
- Service account ID.
- Service account authorized key ID.
- Service account private authorized key.
Configure network traffic permissions
Configure network traffic permissions in the default security group. If a security group is unavailable, any incoming or outgoing VM traffic will be allowed.
If a security group is available, add to it the following rules:
Traffic direction |
Description | Port range | Protocol | Source / Destination name |
CIDR blocks |
---|---|---|---|---|---|
Incoming | http |
80 |
TCP |
CIDR |
0.0.0.0/0 |
Incoming | https |
443 |
TCP |
CIDR |
0.0.0.0/0 |
Incoming | https |
4443 |
TCP |
CIDR |
0.0.0.0/0 |
Incoming | vmware |
902 |
TCP |
CIDR |
0.0.0.0/0 |
Incoming | vmware |
902 |
UDP |
CIDR |
0.0.0.0/0 |
Incoming | iSCSI |
3260 |
TCP |
CIDR |
0.0.0.0/0 |
Incoming | udp |
12201 |
UDP |
CIDR |
0.0.0.0/0 |
Incoming | tcp |
15000 |
TCP |
CIDR |
0.0.0.0/0 |
Outgoing | http |
80 |
TCP |
CIDR |
0.0.0.0/0 |
Outgoing | https |
443 |
TCP |
CIDR |
0.0.0.0/0 |
Outgoing | vmware |
902 |
TCP |
CIDR |
0.0.0.0/0 |
Outgoing | vmware |
902 |
UDP |
CIDR |
0.0.0.0/0 |
Outgoing | iSCSI |
3260 |
TCP |
CIDR |
0.0.0.0/0 |
Outgoing | udp |
12201 |
UDP |
CIDR |
0.0.0.0/0 |
Save the security group ID. You will need it when creating VMs with Hystax Acura.
Create a VM with Hystax Acura
Create a VM with a boot disk from the Hystax Acura Disaster Recovery to Yandex Cloud
image.
Run the VM
-
In the management console
, select the folder to create your VM in. -
In the list of services, select Compute Cloud.
-
In the left-hand panel, select
Virtual machines. -
Click Create virtual machine.
-
Under Boot disk image:
- Go to the Marketplace tab.
- Click Show all Marketplace products.
- In the public image list, select Hystax Acura Disaster Recovery to Yandex Cloud and click Use.
-
Under Location, select an availability zone to place your VM in.
-
Under Disks and file storages, enter
200 GB
for boot disk size. -
Under Computing resources, select the configuration with
8 vCPU
and16 GB
. -
Under Network settings:
-
In the Subnet field, enter the ID of a subnet in the new VM’s availability zone. Alternatively, you can select a cloud network from the list.
-
Each network must have at least one subnet. If there is no subnet, create one by selecting Create subnet.
-
If you do not have a network, click Create network to create one:
- In the window that opens, enter the network name and select the folder to host the network.
- (Optional) Select the Create subnets option to automatically create subnets in all availability zones.
- Click Create network.
-
-
If a list of Security groups is available, select the security group you had previously configured network traffic permissions for. If this list does not exist, all incoming and outgoing traffic will be enabled for the VM.
-
-
Under Access, select SSH key and specify the information required to access the VM:
- In the Login field, enter a username, e.g.,
yc-user
. -
In the SSH key field, select the SSH key saved in your organization user profile.
If there are no saved SSH keys in your profile, or you want to add a new key:
- Click Add key.
- Enter a name for the SSH key.
- Upload or paste the contents of the public key file. You need to create a key pair for the SSH connection to a VM yourself.
- Click Add.
The SSH key will be added to your organization user profile.
If users cannot add SSH keys to their profiles in the organization, the added public SSH key will only be saved to the user profile of the VM being created.
- In the Login field, enter a username, e.g.,
-
Under General information, specify the VM name:
hystax-acura-vm
. -
Under Additional, select the
hystax-acura-account
service account. -
Click Create VM.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
In the terminal, run the following command:
yc compute instance create \
--name hystax-acura-vm \
--zone <availability_zone> \
--cores 8 \
--memory 16 \
--network-interface subnet-id=<subnet_ID>,nat-ip-version=ipv4,security-group-ids=<security_group_ID_if_group_set_up_previously> \
--create-boot-disk name=hystax-acura-disk,size=200,image-id=<Hystax_Acura_image_ID> \
--service-account-id <service_account_ID> \
--ssh-key ~/.ssh/id_ed25519.pub
Where:
-
name
: VM name, e.g.,hystax-acura-vm
. -
zone
: Availability zone, e.g.,ru-central1-a
. -
cores
: Number of vCPUs the VM has. -
memory
: VM RAM size. -
network-interface
: VM network interface description:-
subnet-id
: Subnet to connect your VM to.You can get the list of subnets using the
yc vpc subnet list
CLI command. -
nat-ip-version=ipv4
: Connect a public IP address. -
security-group-ids
: Security groups.You can get the list of groups using the
yc vpc security-group list
command. If you skip this parameter, the default security group will be assigned.
-
-
create-boot-disk
: Create a new disk for the VM:-
name
: Disk name, e.g.,hystax-acura-disk
. -
size
: Disk size. -
image-id
: Disk image ID.For this example, use
image_id
from the product description in Cloud Marketplace.
-
-
service-account-id
: ID of the previously created service account.You can get the list of accounts using the
yc vpc security-group list
command. -
ssh-key
: Path to the public SSH key file.
Make the IP static
VMs are created with a public dynamic IP. Since a VM with Hystax Acura may reboot, make the IP static.
To convert a dynamic public IP address to static:
- In the management console
, open the page for the folder you are using. - Select Virtual Private Cloud.
- Go to the IP addresses tab.
- Click
in the row with the address of your Hystax Acura VM. - In the menu that opens, select Make static.
- In the window that opens, click Change.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
To convert a dynamic public IP address to static:
-
See the description of the CLI update address attribute command:
yc vpc address update --help
-
Retrieve an address list:
yc vpc address list
Result:
+----------------------+------+-----------------+----------+------+ | ID | NAME | ADDRESS | RESERVED | USED | +----------------------+------+-----------------+----------+------+ | e2l46k8conff8n6ru1jl | | 84.201.155.117 | false | true | +----------------------+------+-----------------+----------+------+
The
false
value of theRESERVED
parameter indicates that the IP address with thee2l46k8conff8n6ru1jl
ID
is dynamic. -
Make this address static by using the
--reserved=true
key and the IP addressID
:yc vpc address update --reserved=true e2l46k8conff8n6ru1jl
Result:
id: e2l46k8conff8n6ru1jl folder_id: b1g7gvsi89m34pipa3ke created_at: "2023-06-02T09:36:46Z" external_ipv4_address: address: 84.201.155.117 zone_id: ru-central1-b requirements: {} reserved: true used: true
Now that the
reserved
parameter istrue
, the IP address is static.
Set up Hystax Acura
-
Open the
hystax-acura-vm
VM page in the management console and find its public IP address. -
Enter the
hystax-acura-vm
VM public IP address in your browser. This will open the initial setup screen for Hystax Acura.Note
After the Hystax Acura Disaster Recovery VM boots up for the first time, an installation process will start which may take over 20 minutes.
-
By default, a Hystax Acura VM has a self-signed certificate installed.
-
On the page that opens, fill out the following fields:
- Organization: Name of your organization.
- Admin user login: Email address for logging in to the admin panel.
- Password: Admin password.
- Confirm password: Re-enter the admin password.
-
Click Next.
-
Specify the Yandex Cloud connection settings:
-
Service account ID: ID of the service account.
-
Key ID: ID of the service account authorized key.
-
Private Key: Private part of your service account authorized key.
Note
If you obtained the ID and private key in a JSON file, e.g., when creating an authorized key via the CLI, remove the line break characters (
\n
) from the ID and the private key. -
Default folder ID: ID of your folder.
-
Availability zone: Availability zone.
-
Hystax Service Subnet: ID of the subnet the
hystax-acura-vm
VM is connected to. -
S3 host:
storage.yandexcloud.net
. -
S3 port:
443
. -
Enable HTTPS: Select this option to enable HTTPS connections.
-
Public IP address of the Hystax Acura management console: Public IP address of the Hystax Acura VM. Replace the value in this field with the IP address obtained in Step 1.
-
-
Click Next.
Hystax Acura will automatically check whether it can access your cloud. If everything is correct, you can now log in to the Hystax control panel using your email address and password.
Prepare and install the agents for disaster recovery
The agents will install on the VMs that will be recovered to Yandex Cloud. To download and install an agent:
-
In the Hystax Acura control panel, click the Hystax logo in the top-left corner.
-
Under Machines Groups, create a group of protected VMs, e.g,
Prod-Web
. -
Go to the Download agent tab.
-
Choose one out of three types of agents depending on the OS:
- VMware
- Windows
- Linux
Click Next.
-
Download and install the agent on the VMs you would like to protect:
VMwareWindowsLinux-
In the drop-down list, select a group of VMs to set up agents for, e.g.,
Prod-Web
. -
Select New VMware vSphere and fill in these fields:
- Platform Name: Name of the platform.
- Endpoint: Public IP address of the ESXi host.
- Login: User login. This user must have the admin permissions.
- Password: Password.
Click Next.
-
Click Download agent and wait for the download to complete.
-
Unpack the downloaded OVA file with the agent on the ESXi host.
-
Start the VMs with the agent.
- In the drop-down list, select a group of VMs to set up agents for, e.g.,
Prod-Web
. - Click Next.
- Click Download agent and wait for the download to complete.
- Unpack the archive and install the agent from
hwragent.msi
on the VMs you want to protect.
- In the drop-down list, select a group of VMs to set up agents for, e.g.,
Prod-Web
. - Select Linux distribution type:
- CentOS/RHEL (.rpm package): CentOS or Red Hat-based.
- Debian/Ubuntu (.deb package): Ubuntu or Debian.
- Select driver install method:
- Pre-built: Install a driver binary.
- DKMS: Compile as you install.
- Click Next.
- You will get commands for installing the agent to the VM. Run these commands following the instructions for your distribution and installation method.
-
Enable replication
Once the agent is installed on the VMs to protect, they will appear in the list as Unprotected
.
To enable VM replication:
- Open the Hystax Acura control panel. Click the Hystax logo.
- Under Machines Groups, deploy a VM group, e.g.,
Prod-Web
. - In the VM list on the right, click
. - Set up a replication schedule and snapshot retention period using the Edit replication schedule and Edit retention policies options. For more information, see the Hystax documentation
. - Select Enable protection.
VM replication will start. Once it is complete, the VMs will change their status to Protected
.
Set up the subnets to run the VMs
As the recovery process starts, a cloud site will be created; this is an infrastructure to support your application in Yandex Cloud that includes subnets and recovered VMs.
Create subnets, the CIDRs of which will contain the IPs of your VMs.
For example, if you are protecting two VMs with 10.155.0.23
and 192.168.0.3
as their IP adresses, create two subnets with 10.155.0.0/16
and 192.168.0.0/24
as their CIDRs. The subnets must be in the same availability zone as the Hystax Acura Disaster Recovery VM.
To create subnets:
- Open the Virtual Private Cloud section in the folder to create a subnet in.
- Click the name of the cloud network.
- Click Create subnet.
- Enter a name for the subnet, e.g.,
net-b-155
. - Select an availability zone from the drop-down list, e.g.,
ru-central1-b
. - Enter the subnet CIDR, such as
10.155.0.0/16
. - Click Create subnet.
Save the IDs of the created subnets. You will need these when you create your disaster recovery (DR) plan.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
Retrieve a list of the cloud networks:
yc vpc network list
Result:
+----------------------+----------------+ | ID | NAME | +----------------------+----------------+ | enplum7a98s1t0lhasi8 | network | +----------------------+----------------+
-
Select
NAME
orID
of the cloud network you need. Create a subnet:yc vpc subnet create \ --name net-b-155 \ --network-name network \ --zone ru-central1-b \ --range 10.155.0.0/16
-
To view the subnet list, run the command below:
yc vpc subnet list
Result:
+----------------------+-------------+----------------------+----------------+---------------+------------------+ | ID | NAME | NETWORK ID | ROUTE TABLE ID | ZONE | RANGE | +----------------------+-------------+----------------------+----------------+---------------+------------------+ | e2lgjspicv43ainspl0n | net-b-155 | enplum7a98s1t0lhasi8 | | ru-central1-b | [10.155.0.0/16] | | e2l8g5u9ijd1sursv2ov | net-b-192 | enplum7a98s1t0lhasi8 | | ru-central1-b | [192.168.0.0/24] | | e2l1hqsrpp932ik74aic | net-b | enplum7a98s1t0lhasi8 | | ru-central1-b | [192.168.1.0/24] | +----------------------+-------------+----------------------+----------------+---------------+------------------+
Save the
ID
of the subnets you created. You will need these when you create your disaster recovery (DR) plan.
For more details, see this step-by-step guide in the Virtual Private Cloud documentation.
Create a disaster recovery plan
The DR plan includes a VM description and the network settings. You can have a plan generated automatically or create one manually.
To generate a DR plan automatically:
- Open the Hystax Acura control panel. Click the Hystax logo.
- Select the VMs you need from the list, click Bulk actions, and select Generate DR plan. You can also generate a plan for a VM group by clicking
in the group header. - In the Title field, enter the name:
Plan-1
. - Under Subnets on the right, specify the parameters of the previously created subnets, i.e., their Subned ID and CIDR.
- Click Save.
To create a DR plan manually:
- Open the Hystax Acura control panel. Click the Hystax logo.
- Click Add DR plan.
- In the Title field, enter the name:
Plan-1
. - Use one of the modes below:
Basic
: Create a plan with standard settings.Expert
: Create a plan with flexible settings using JSON (see detailed syntax description ).
- Add VMs by clicking
. If required, specify an initialization ordering by using the Move to another Rank option. - If required, modify the parameters of the new VMs. To do this, in the Flavor name field, specify the following:
<platform>-<cpu>-<ram>-<core_fraction>
. For example,2-8-16-100
. - Under Subnets on the right, specify the parameters of the previously created subnets, i.e., their Subned ID and CIDR.
- Click Save.
Warning
Make sure a valid IP address is specified for each VM.
Run exercises
Regular exercises help verify disaster readiness as well as make changes to configurations in advance.
To run a test without shutting down the primary infrastructure:
- Open the Hystax Acura control panel. Click the Hystax logo.
- In the top navigation panel, select Run test Cloud Site.
- Tick the disaster recovery plans you need in the list. Expand plans and edit as required.
- Click Next.
- In the Cloud Site Name field, enter a name, e.g.,
Cloud-Site-from-Plan-1
. - In the Restore point time field, open the calendar window and select the restore point that will be used to create your VMs.
- Under Final DR plan, verify that the plan is up-to-date and correct.
- Click Run Recover.
The Hystax Acura control panel will display the Cloud Sites section. Wait until the status of Cloud-Site-from-Plan-1
changes to Running
.
Open the management console
Perform disaster recovery
A real disaster recovery is no different than a test one:
- Open the Hystax Acura control panel. Click the Hystax logo.
- In the top navigation panel, select Run Cloud Site.
Repeat the test recovery steps.
How to delete the resources you created
Some resources are not free of charge. To avoid paying for them, delete the resources you no longer need:
- Delete
hystax-acura-vm
. - Delete the secondary
cloud-agent
VMs. - Delete the
hystax-acura-account
service account.
If you reserved a public static IP address, delete it.