In the consideration of cloud-based recovery services, organizations need to understand more details of how cloud platforms are implemented for recovery. In this blog entry, I walk through the details of how SunGard has implemented a portion of its cloud recovery platform in support of the Recover2Cloud for Server Replication service.
Understanding a Virtual Data Center (VDC)
Within the cloud, one of the considerations for recovery is to ensure secure access to protected data. SunGard implements a dedicated VDC in the cloud using dedicated firewall protection for each client. VPN connection is established between the firewall and a firewall in the client’s production location.
Within the targeted cloud, there is also a dedicated live virtual machine (VM) for each customer. This VM receives the replicated data, and writes the data as dormant VMDK files.
At time of disaster, SunGard recovery automation launches the VMDK files to bring the VMs live within the VDC. This is done using server processing capacity which is allocated on-demand within the cloud. SunGard provides public IP addresses for those VMs which are public Internet facing. SunGard also provides multiple VLANs for the recovered VMs. All of this is done behind an additional dedicated virtual firewall, to ensure secure access to the recovered application environment.
Failover At Time Of Test (ATOT)
Organizations require the capability to test failover without having to shut down their production environment. This avoids testing in off-hours, such as overnight and on holidays.
To accommodate this requirement, SunGard implements patent-pending sandbox testing using a dedicated test VDC which is separate from the recovery VDC in the SunGard cloud implementation. The basic idea is that prior to test, SunGard instantiates a virtual firewall, creates the required VLANs, sets up the firewall policies between the test VDC and the required servers that will be recovered for test.
An organization working with SunGard can then select the recovery points based on the test goals, which can be either to test crash-consistency of the data or application consistency.
When recovery is triggered, the dormant VMDKs go live behind the newly instantiated virtual firewall. The VMs are assigned appropriate IP addresses, VLANs and port groups as part of the recovery process. The order in which servers are restarted is configured and automated as part of the recovery process, as well, to ensure that the interdependent applications environment is restarted quickly and correctly without risk of human error.
Once the recovery is complete, organizations can use a VPN client to connect to the sandbox VDC test environment. This enables remote test. Remote administrators can even choose use this method as a better means to test for OS or service pack maintenance upgrades.
When organizations have a hybrid environment, they can also connect to hot site or recovered workgroup environments along with the VDC.
How Secure is the Cloud?
SunGard implements enterprise-class security as part of the recovery cloud platform. A Recover2Cloud VDC looks like a remote office network to a client, accessible using secure IPsec VPN tunnel connections. At network layer 2, every R2C customer VDC is isolated from other VDCs in the cloud by using separate VLANs. At network layer 3, each customer VDC is securely protected using dedicated firewalls.