Fault protection with Hystax Acura
- Prepare your cloud
- Create a service account and authorized key
- Configure network traffic permissions
- Create a VM with Hystax Acura
- Set up Hystax Acura
- Prepare and install the agents for disaster recovery
- Enable replication
- Set up the subnets to run the VMs
- Create a disaster recovery plan
- Run exercises
- Perform disaster recovery
- How to delete the resources you created
No matter how your resource allocation is structured, you can protect your infrastructure with the Hystax Acura solution.
Supported platforms:
- Cloud services.
- Hypervisors.
- Physical servers.
To get started, create a VM with Hystax Acura Disaster Recovery to manage replication and recovery. Continuous and periodic replication is performed by auxiliary Hystax Cloud Agent VMs. For a detailed description of the architecture, see the Hystax documentation
To run Hystax Acura Disaster Recovery, perform the steps below:
- Prepare your cloud.
- Create a service account and authorized key.
- Configure network traffic permissions.
- Create a VM with Hystax Acura.
- Set up Hystax Acura.
- Prepare and install the agents for disaster recovery.
- Enable replication.
- Set up the subnets to run the VMs.
- Create a disaster recovery plan.
- Run exercises.
- Perform disaster recovery.
If you no longer need the resources you created, delete them.
Prepare your cloud
Sign up for Yandex Cloud and create a billing account:
- Go to the management console
and log in to Yandex Cloud or create an account if you do not have one yet. - On the Yandex Cloud Billing
page, make sure you have a billing account linked and it has theACTIVE
orTRIAL_ACTIVE
status. If you do not have a billing account, create one.
If you have an active billing account, you can go to the cloud page
Learn more about clouds and folders.
Required paid resources
Note
Please note that both the Hystax Acura infrastructure and all the recovered VMs will be charged and counted towards the quotas
- A Hystax Acura Disaster Recovery VM uses 8 vCPUs, 16 GB of RAM, and a 200-GB disk.
- The auxiliary Hystax Cloud Agent VMs use 2 vCPU cores, 4 GB or RAM, and a 10-GB disk. A single Hystax Acura Cloud Agent VM can serve up to 6 replicated disks at the same time. If there are more than 6 disks, additional Hystax Acura Cloud Agent VMs are created automatically.
The cost of the resources required to use Hystax Acura Disaster Recovery includes:
- Fee for disks and continuously running VMs (see Yandex Compute Cloud pricing).
- Fee for storing images (see Compute Cloud pricing).
- Fee for using a dynamic or static external IP address (see Yandex Virtual Private Cloud pricing).
- Fee for each protected VM (see product description in Cloud Marketplace).
Create a service account and authorized key
The Hystax Acura Disaster Recovery application will run under a service account:
- Create the
hystax-acura-account
service account with theeditor
and themarketplace.meteringAgent
roles. - Create an authorized key for the service account.
Save the following details to use in subsequent steps:
- Service account ID.
- Service account authorized key ID.
- Service account private authorized key.
Configure network traffic permissions
Configure network traffic permissions in the default security group. If a security group is unavailable, any incoming or outgoing VM traffic will be allowed.
If a security group is available, add to it the following rules:
Traffic direction |
Description | Port range | Protocol | Source / Destination name |
CIDR blocks |
---|---|---|---|---|---|
Incoming | http |
80 |
TCP |
CIDR |
0.0.0.0/0 |
Incoming | https |
443 |
TCP |
CIDR |
0.0.0.0/0 |
Incoming | https |
4443 |
TCP |
CIDR |
0.0.0.0/0 |
Incoming | vmware |
902 |
TCP |
CIDR |
0.0.0.0/0 |
Incoming | vmware |
902 |
UDP |
CIDR |
0.0.0.0/0 |
Incoming | iSCSI |
3260 |
TCP |
CIDR |
0.0.0.0/0 |
Incoming | udp |
12201 |
UDP |
CIDR |
0.0.0.0/0 |
Incoming | tcp |
15000 |
TCP |
CIDR |
0.0.0.0/0 |
Outgoing | http |
80 |
TCP |
CIDR |
0.0.0.0/0 |
Outgoing | https |
443 |
TCP |
CIDR |
0.0.0.0/0 |
Outgoing | vmware |
902 |
TCP |
CIDR |
0.0.0.0/0 |
Outgoing | vmware |
902 |
UDP |
CIDR |
0.0.0.0/0 |
Outgoing | iSCSI |
3260 |
TCP |
CIDR |
0.0.0.0/0 |
Outgoing | udp |
12201 |
UDP |
CIDR |
0.0.0.0/0 |
Save the security group ID. You will need it when creating VMs with Hystax Acura.
Create a VM with Hystax Acura
Create a VM with a boot disk using an image of Hystax Acura Disaster Recovery to Yandex Cloud
.
Run the VM
-
In the management console
, select the folder to create your VM in. -
In the list of services, select Compute Cloud.
-
Click Create virtual machine.
-
Under General information:
- Enter
hystax-acura-vm
as your VM name and add a description. - Select an availability zone to place your VM in.
- Enter
-
Under Image/boot disk selection:
- Go to the Marketplace tab.
- Click Show all Marketplace products.
- In the public image list, select Hystax Acura Disaster Recovery to Yandex Cloud and click Use.
-
Under Disks and file storages, enter
200 GB
as your disk size. -
Under Computing resources, specify:
- vCPU:
8
- RAM:
16 GB
- vCPU:
-
Under Network settings:
-
Select a cloud network and a subnet from the list. If there is no subnet, click Create subnet and create one.
To add a subnet, select a folder, enter a subnet name, select the availability zone, and specify a CIDR in the window that opens. Then click Create network.
-
If a list of Security groups is available, select the security group for which you previously configured network traffic permissions. If this list does not exist, all incoming and outgoing traffic will be enabled for the VM.
-
-
Under Access, specify the information required to access the instance:
- Select the previously created
hystax-acura-account
service account. - In the Login field, enter a username for SSH access, e.g.,
yc-user
. - In the SSH key field, paste the public SSH key.
- Select the previously created
-
Click Create VM.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
In the terminal, run the following command:
yc compute instance create \
--name hystax-acura-vm \
--zone <availability zone> \
--cores 8 \
--memory 16 \
--network-interface subnet-id=<subnet ID>,nat-ip-version=ipv4,security-group-ids=<security group ID if previously configured> \
--create-boot-disk name=hystax-acura-disk,size=200,image-id=<Hystax Acura image ID> \
--service-account-id <service account ID> \
--ssh-key ~/.ssh/id_ed25519.pub
Where:
-
name
: VM name, e.g.,hystax-acura-vm
. -
zone
: Availability zone, e.g.,ru-central1-a
. -
cores
: Number of vCPUs in your VM. -
memory
: Amount of RAM in your VM. -
network-interface
: VM network interface description:-
subnet-id
: Subnet to connect your VM to.You can get a list of subnets using the
yc vpc subnet list
command. -
nat-ip-version=ipv4
: Connect a public IP. -
security-group-ids
: Security groups.You can retrieve a group list using the
yc vpc security-group list
command. If you skip this parameter, the default security group will be assigned.
-
-
create-boot-disk
: Create a new disk for the VM:-
name
: Disk name, e.g.,hystax-acura-disk
. -
size
: Disk size. -
image-id
: Disk image ID.For this example, use
image_id
from the product description in Cloud Marketplace.
-
-
service-account-id
: ID of the previously created service account.You can retrieve a list using the
yc iam service-account list
command. -
ssh-key
: Path to the public SSH key file.
Make the IP static
VMs are created with a public dynamic IP. Since a VM with Hystax Acura may reboot, make the IP static.
To convert a dynamic public IP address to static:
- In the management console
, open the page for the folder you are using. - Select Virtual Private Cloud.
- Go to the IP addresses tab.
- Click
in the row with the address of your Hystax Acura VM. - In the menu that opens, select Make static.
- In the window that opens, click Change.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
To convert a dynamic public IP address to static:
-
See the description of the CLI's update address attribute command:
yc vpc address update --help
-
Retrieve an address list:
yc vpc address list
Result:
+----------------------+------+-----------------+----------+------+ | ID | NAME | ADDRESS | RESERVED | USED | +----------------------+------+-----------------+----------+------+ | e2l46k8conff8n6ru1jl | | 84.201.155.117 | false | true | +----------------------+------+-----------------+----------+------+
The
false
value of theRESERVED
parameter of the IP address with thee2l46k8conff8n6ru1jl
ID
shows that this address is dynamic. -
Convert the address to static by using the
--reserved=true
key and the addressID
:yc vpc address update --reserved=true e2l46k8conff8n6ru1jl
Result:
id: e2l46k8conff8n6ru1jl folder_id: b1g7gvsi89m34pipa3ke created_at: "2023-06-02T09:36:46Z" external_ipv4_address: address: 84.201.155.117 zone_id: ru-central1-b requirements: {} reserved: true used: true
The
reserved
parameter value changed totrue
and the IP address is now static.
Set up Hystax Acura
-
Open the
hystax-acura-vm
VM page in the management console and find its public IP address. -
Enter the
hystax-acura-vm
VM public IP address in your browser. The Hystax Acura initial setup screen will open.Note
After the Hystax Acura Disaster Recovery VM boots up for the first time, an installation process will start which may take over 20 minutes.
-
By default, a Hystax Acura VM has a self-signed certificate installed.
-
On the page that opens, fill out the following fields:
- Organization: Name of your organization.
- Admin user login: Email address for logging in to Hystax Acura Control Panel.
- Password: Administrator password.
- Confirm password: Re-enter the administrator password.
-
Click Next.
-
Specify the Yandex Cloud connection settings:
-
Service Account id: ID of your service account.
-
Key id: ID of your service account authorized key.
-
Private Key: Private part of your service account authorized key.
Note
If you obtained the ID and private key in a JSON file, e.g., when creating an authorized key via the CLI, remove the line break characters (
\n
) from the ID and the private key. -
Default Folder id: ID of your folder.
-
Zone: Availability zone.
-
Hystax Service Subnet: ID of the subnet the
hystax-acura-vm
virtual machine is connected to. -
S3 Host:
storage.yandexcloud.net
. -
S3 Port:
443
. -
Enable HTTPS: Select the option to enable HTTPS connections.
-
Hystax Acura Control Panel Public IP: Public IP address of the Hystax Acura VM. Replace the value in this field with the IP address obtained in step 1.
-
-
Click Next.
Hystax Acura will automatically check whether it can access your cloud. If everything is correct, you can now log in to the Hystax control panel using your email address and password.
Prepare and install the agents for disaster recovery
The agents will install on the VMs that will be recovered to Yandex Cloud. To download and install an agent:
-
In the Hystax Acura control panel, click the Hystax logo in the top-left corner.
-
Under Machines Groups, create a group of protected VMs, such as
Prod-Web
. -
Click the Download agents tab.
-
Choose one out of three types of agents depending on the OS:
- VMware
- Windows
- Linux
Click Next.
-
Download and install the agent on the VMs you would like to protect:
VMwareWindowsLinux-
In the drop-down list, select the VM group the agents will be set up for, such as
Prod-Web
. -
Select New VMware vSphere and fill out the fields:
- Platform Name: Name of the platform.
- Endpoint: Public IP address of the ESXi host.
- Login: User login (the user must have the administrator permissions).
- Password: Password.
Click Next.
-
Click Download Agent and wait for the agent to download.
-
Unpack the downloaded OVA file with the agent on the ESXi host.
-
Start the VMs with the agent.
- In the drop-down list, select the VM group the agents will be set up for, such as
Prod-Web
. - Click Next.
- Click Download Agent and wait for the agent to download.
- Unpack the archive and install the agent from
hwragent.msi
on the VMs you would like to protect.
- In the drop-down list, select the VM group the agents will be set up for, such as
Prod-Web
. - Select Linux distribution type:
- CentOS/RHEL (.rpm package): CentOS or Red Hat-based.
- Debian/Ubuntu (.deb package): Ubuntu or Debian.
- Select driver install method:
- Pre-built: Install a driver binary.
- DKMS: Compile as you install.
- Click Next.
- You will get commands for installing the agent to the VM. Run these commands following the instructions for your distribution and installation method.
-
Enable replication
Once the agent is installed on the VMs to protect, they will show up in the list as Unprotected
.
To enable VM replication:
- Open the Hystax Acura control panel. Click the Hystax logo.
- Under Machines Groups, deploy a VM group, such as
Prod-Web
. - Click
in the VM list on the right. - Set up a replication schedule and an image lifecycle policy using the Edit replication schedule and Edit retention policies options. For more information, see the Hystax documentation
. - Select Start Protection.
VM replication will start. Once it is complete, the VMs will change their status to Protected
.
Set up the subnets to run the VMs
As the recovery process starts, a cloud site will be created; this is an infrastructure to support your application in Yandex Cloud that includes subnets and recovered VMs.
Create subnets, the CIDRs of which will contain the IPs of your VMs.
For instance, if you are protecting two VMs with 10.155.0.23
and 192.168.0.3
as their IPs, create two subnets with 10.155.0.0/16
and 192.168.0.0/24
as their CIDRs. The subnets must be in the same availability zone as the Hystax Acura Disaster Recovery VM.
To create subnets:
- Open the Virtual Private Cloud section in the folder to create a subnet in.
- Click the name of the cloud network.
- Click Create subnet.
- Enter the subnet name, such as
net-b-155
. - Select an availability zone from the drop-down list, such as
ru-central1-b
. - Enter the subnet CIDR, such as
10.155.0.0/16
. - Click Create subnet.
Save the IDs of the created subnets. You will need these when you create your disaster recovery (DR) plan.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
Retrieve a list of the cloud networks:
yc vpc network list
Result:
+----------------------+----------------+ | ID | NAME | +----------------------+----------------+ | enplum7a98s1t0lhasi8 | network | +----------------------+----------------+
-
Select the
NAME
orID
of the cloud network you need. Create a subnet:yc vpc subnet create \ --name net-b-155 \ --network-name network \ --zone ru-central1-b \ --range 10.155.0.0/16
-
To view the subnet list, run the command below:
yc vpc subnet list
Result:
+----------------------+-------------+----------------------+----------------+---------------+------------------+ | ID | NAME | NETWORK ID | ROUTE TABLE ID | ZONE | RANGE | +----------------------+-------------+----------------------+----------------+---------------+------------------+ | e2lgjspicv43ainspl0n | net-b-155 | enplum7a98s1t0lhasi8 | | ru-central1-b | [10.155.0.0/16] | | e2l8g5u9ijd1sursv2ov | net-b-192 | enplum7a98s1t0lhasi8 | | ru-central1-b | [192.168.0.0/24] | | e2l1hqsrpp932ik74aic | net-b | enplum7a98s1t0lhasi8 | | ru-central1-b | [192.168.1.0/24] | +----------------------+-------------+----------------------+----------------+---------------+------------------+
Save the
IDs
of the subnets you created. You will need these when you create your disaster recovery (DR) plan.
For more details, see this step-by-step guide in the Virtual Private Cloud documentation.
Create a disaster recovery plan
The DR plan includes a VM description and the network settings. You can have a plan generated automatically or create one manually.
To generate a DR plan automatically:
- Open the Hystax Acura control panel. Click the Hystax logo.
- Check the VMs you need on the list, click Bulk actions, and select Generate DR plan. You can also generate a plan for a group of VMs by clicking
in the group header. - In the Name field, enter
Plan-1
as the name. - Under Subnets on the right, specify the properties of the previously created subnets: Subnet ID and CIDR.
- Click Save.
To create a DR plan manually:
- Open the Hystax Acura control panel. Click the Hystax logo.
- Click Add DR Plan.
- In the Name field, enter
Plan-1
as the name. - Use one of the modes below:
Basic
: Create a plan with standard settings.Expert
: Create a plan with flexible settings using JSON (see detailed syntax description ).
- Add VMs using the
button. If required, specify an initialization ordering by using the Move to another Rank option. - Modify the parameters of the VMs being created, as required, using the Flavor name field as follows:
<platform>-<cpu>-<ram>-<core_fraction>
, e.g.,2-8-16-100
. - Under Subnets on the right, specify the properties of the previously created subnets: Subnet ID and CIDR.
- Click Save.
Warning
Make sure a valid IP address is specified for each VM.
Run exercises
Regular exercises help verify disaster readiness as well as make changes to configurations in advance.
To run a test without shutting down the primary infrastructure:
- Open the Hystax Acura control panel. Click the Hystax logo.
- In the top navigation panel, select Run test Cloud Site.
- Tick the disaster recovery plans you need in the list. Expand plans and edit as required.
- Click Next.
- In the Cloud Site Name field, enter a name, such as
Cloud-Site-from-Plan-1
. - In the Restore point time field, open the calendar window and select the restore point that will be used to create your VMs.
- Under Final DR plan, verify that the plan is up-to-date and correct.
- Click Run Recover.
The Hystax Acura control panel will display the Cloud Sites section. Wait for Cloud-Site-from-Plan-1
to change its status to Running
.
Open the Management console
Perform disaster recovery
A real disaster recovery is no different than a test one:
- Open the Hystax Acura control panel. Click the Hystax logo.
- In the top navigation panel, select Run Cloud Site.
Repeat the test recovery steps.
How to delete the resources you created
Some resources are not free of charge. To avoid paying for them, delete the resources you no longer need:
- Delete the
hystax-acura-vm
VM. - Delete the supplemental
cloud-agent
VMs. - Delete the
hystax-acura-account
service account.
If you reserved a public static IP address, delete it.