Professional Documents
Culture Documents
6. Testing Mode
7. Performing a Failover
8. Performing a Failback
9. Return to Normal Operations
1. Generating and Using Your Credentials
a. Sign in to the AWS Management Console and open the IAM console
at https://console.aws.amazon.com/iam/
b. In the navigation pane, choose Users and then choose Add users.
c. Type the user name for the new user.
d. Select the type of access this set of users will have. Select programmatic access.
e. For Console password, choose Autogenerated password.
f. Choose Next: Permissions.
g. On the Set permissions page
h. Attach existing policies directly. choose Create policy to open a new browser
tab and create a new policy from scratch. Click create policy and choose Json.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ec2:CreateTags",
"Resource": "arn:aws:ec2:*:*:*/*",
"Condition": {
"StringEquals": {
"ec2:CreateAction": "RunInstances"
}
}
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "ec2:CreateTags",
"Resource": "arn:aws:ec2:*:*:*/*",
"Condition": {
"StringEquals": {
"ec2:CreateAction": "CreateVolume"
}
}
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": [
"ec2:RevokeSecurityGroupIngress",
"ec2:DetachVolume",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:TerminateInstances",
"ec2:StartInstances",
"ec2:RevokeSecurityGroupEgress",
"ec2:StopInstances"
],
"Resource": [
"arn:aws:ec2:*:*:dhcp-options/*",
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:security-group/*"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/Name": "CloudEndure*"
}
}
},
{
"Sid": "VisualEditor3",
"Effect": "Allow",
"Action": [
"ec2:RevokeSecurityGroupIngress",
"ec2:DetachVolume",
"ec2:AttachVolume",
"ec2:DeleteVolume",
"ec2:TerminateInstances",
"ec2:StartInstances",
"ec2:RevokeSecurityGroupEgress",
"ec2:StopInstances"
],
"Resource": [
"arn:aws:ec2:*:*:dhcp-options/*",
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:security-group/*"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/CloudEndure creation time": "*"
}
}
},
{
"Sid": "VisualEditor4",
"Effect": "Allow",
"Action": [
"ec2:DisassociateAddress",
"ec2:CreateDhcpOptions",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:DeregisterImage",
"ec2:DeleteSubnet",
"ec2:DeleteSnapshot",
"ec2:ModifySnapshotAttribute",
"ec2:ModifyVolumeAttribute",
"ec2:CreateVpc",
"ec2:AttachInternetGateway",
"ec2:GetConsoleScreenshot",
"ec2:GetConsoleOutput",
"elasticloadbalancing:DescribeLoadBalancer*",
"ec2:CreateRoute",
"ec2:CreateInternetGateway",
"ec2:CreateSecurityGroup",
"ec2:CreateSnapshot",
"ec2:ModifyVpcAttribute",
"ec2:ModifyInstanceAttribute",
"ec2:ReleaseAddress",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AssociateDhcpOptions",
"ec2:ImportKeyPair",
"ec2:CreateTags",
"ec2:RegisterImage",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:AssociateRouteTable",
"ec2:CreateRouteTable",
"ec2:DetachInternetGateway",
"iam:ListInstanceProfiles",
"ec2:AllocateAddress",
"ec2:ReplaceNetworkAclAssociation",
"ec2:CreateVolume",
"kms:ListKeys",
"ec2:Describe*",
"ec2:DeleteVpc",
"iam:GetUser",
"ec2:CreateSubnet",
"ec2:AssociateAddress",
"ec2:DeleteKeyPair",
"ec2:CreateNetworkAclEntry",
"outposts:GetOutpostInstanceTypes"
],
"Resource": "*"
},
{
"Sid": "MigrationHubConfig",
"Effect": "Allow",
"Action": [
"mgh:GetHomeRegion"
],
"Resource": "*"
},
{
"Sid": "VisualEditor5",
"Effect": "Allow",
"Action": [
"ec2:RevokeSecurityGroupIngress",
"mgh:CreateProgressUpdateStream",
"kms:Decrypt",
"kms:Encrypt",
"ec2:RevokeSecurityGroupEgress",
"ec2:DeleteDhcpOptions",
"ec2:RunInstances",
"kms:DescribeKey",
"kms:CreateGrant",
"ec2:DeleteNetworkAclEntry",
"kms:ReEncrypt*",
"kms:GenerateDataKey*"
],
"Resource": [
"arn:aws:mgh:*:*:progressUpdateStream/*",
"arn:aws:ec2:*:*:subnet/*",
"arn:aws:ec2:*:*:key-pair/*",
"arn:aws:ec2:*:*:dhcp-options/*",
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:network-acl/*",
"arn:aws:ec2:*:*:placement-group/*",
"arn:aws:ec2:*:*:vpc/*",
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*::image/*",
"arn:aws:ec2:*:*:snapshot/*",
"arn:aws:kms:*:*:key/*"
]
},
{
"Sid": "VisualEditor6",
"Effect": "Allow",
"Action": [
"ec2:CreateTags",
"mgh:ImportMigrationTask",
"mgh:AssociateCreatedArtifact",
"mgh:NotifyMigrationTaskState",
"mgh:DisassociateCreatedArtifact",
"mgh:PutResourceAttributes"
],
"Resource": [
"arn:aws:mgh:*:*:progressUpdateStream/*/migrationTask/*",
"arn:aws:ec2:*:*:subnet/*",
"arn:aws:ec2:*::network-interface/*",
"arn:aws:ec2:*:*:dhcp-options/*",
"arn:aws:ec2:*::snapshot/*",
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*::image/*"
]
},
{
"Sid": "VisualEditor7",
"Effect": "Allow",
"Action": "ec2:Delete*",
"Resource": [
"arn:aws:ec2:*:*:route-table/*",
"arn:aws:ec2:*:*:dhcp-options/*",
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:internet-gateway/*"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/Name": "CloudEndure*"
}
}
},
{
"Sid": "VisualEditor8",
"Effect": "Allow",
"Action": "ec2:Delete*",
"Resource": [
"arn:aws:ec2:*:*:route-table/*",
"arn:aws:ec2:*:*:dhcp-options/*",
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:internet-gateway/*"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/CloudEndure creation time": "*"
}
}
},
{
"Sid": "VisualEditor9",
"Effect": "Allow",
"Action": "ec2:ModifyVolume",
"Resource": "arn:aws:ec2:*:*:volume/*",
"Condition": {
"StringLike": {
"ec2:ResourceTag/Name": "CloudEndure*"
}
}
},
{
"Sid": "VisualEditor10",
"Effect": "Allow",
"Action": "cloudwatch:GetMetricData",
"Resource": "*"
}
]
}
i. After you create the policy, close that tab and return to your original tab to add
the policy to the new user.
j. Choose Next: Tags.
k. Choose Next: Review to see all of the choices you made up to this point. When
you are ready to proceed, choose Create user.
l. To view the users' access keys (access key IDs and secret access keys),
choose Show next to each password and access key that you want to see. To
save the access keys, choose Download .csv and then save the file to a safe
location.
Then click Close.
a. Create Project.
For AWS Credentials, Enter AWS Access Key ID and AWS Secret Access Key
from user credentials that we created before. Then click Save.
3. Defining Your Replication Settings
Once your credentials have been set up, you will need to define the replication settings for
AWS.
Go to Replication Setting.
Prerequisites:
For Microsoft Windows Server 2012 R2 64 bit & Microsoft Windows Server 2016 64
Bit:
1. Microsoft Windows Server versions 2008 R2 and above require .Net Framework
version 4.5 or above to be installed.
2. Nitro instances (for example, the C5 and M5 family types) will work with RHEL
7.0+ and CentOS 7.0+ in AWS in a Linux environment and with Windows Server
2008 R2, Windows Server 2012 R2, Windows Server 2016, and Windows Server
2019 in a Windows environment. Certain newer AWS regions only support Nitro
instances and therefore only support the previously mentioned operating systems.
3. Each Source machine with an installed Agent continuously communicates with
CloudEndure Replication Servers in the Staging Area over TCP Port 1500. TCP
Port 1500 is needed for the transfer of replicated data from the Source machines to
the Staging Area.
You can found your Installation Token Information, and how to install
CloudEndure Agent according to your Operating System.
5. Configure Blueprint
Click on DB Portal.
6. Testing Mode
Test Mode and Recovery Mode create exactly the same Target machines, but by using the
correct Mode, the User Console will correctly indicate if the Source machine was tested
recently or if it is currently Failed Over (the User Console assumes that a Target machine
launched in Recovery Mode was Failed Over, even though you do the actual Failover
outside of CloudEndure).
Important: Before testing launch, make sure the server is not running at the same time as
the server on premise, so that there are no conflicts on the domain controller.
Important: You should launch machines in Test Mode prior to launching them in Recovery
Mode in order to ensure that the process has been thoroughly tested. After testing either
SSH (Linux) or RDP (Windows) into your machine and ensure that everything is working
correctly.
A confirmation message will appear. Click NEXT to launch the Testing machine.
Note: Any previous Target machines launched for the Source machines you are testing
will be deleted.
Choose the Recovery Point for the Target machine in Testing Mode.
Note: If the "Latest" Recovery Point is chosen, then CloudEndure will take a new
snapshot of the Source machine and use that snapshot.
Job Progress will only contain information only when you perform one of the Job actions.
Important: If there's an issue with the dns, unregister and re-register the DNS.
7. Performing a Failover
Important! Before Failover, make sure the server is not running at the same time as the
server on premise, so that there are no conflicts on the domain controller.
Note: To Failover specific machines, you will need to create a new Project (Step 2
and 3) and configure it identically to your original DR Project (same Target region,
license, credentials and Replication Settings.) Once you have the Project ready.
Verify that the Source machine you want to Failover has the following status indications
under each column.
A confirmation message will appear. Click NEXT to launch the Recovery machine.
Note: Any previous Target machines launched for the Source machines you are testing
will be deleted.
Choose the Recovery Point for the Target machine in Recovery Mode.
Note: If the "Latest" Recovery Point is chosen, then CloudEndure will take a new
snapshot of the Source machine and use that snapshot.
Job Progress will only contain information only when you perform one of the Job actions.
Important: If there's an issue with the dns, unregister and re-register the DNS.
s
8. Performing a Failback
Note: To Failback specific machines, you will need to Create a new Project (Step 2
and 3) and configure it identically to your original DR Project (same Target region,
license, credentials and Replication Settings.) Once you have the Project ready.
The Project view will reset, and what were your Target machines will now appear
as Source machines, ready to replicate their data back to the original Source infrastructure,
which will now (temporarily) appear as your Target infrastructure.
o Allow inbound port 1500 open on the Source AWS instance from which you
are failing back so that the CloudEndure Failback Client could connect to it.
Choose the Prepare for Failback option in the PROJECT ACTIONS menu in the User
Console.
Note: You can only initiate the Prepare for Failback action once all of the Source
machines in the Project have launched Target machines in either Test or Recovery
mode.
The machines in the Machine List View will display Waiting for boot from Failback Client
under the DATA REPLICATION PROGRESS column.
Download the Failback Client, using the link from the Replication Settings section in the
CloudEndure User Console under Setup & Info. You can access the link by clicking on
Learn more about failing back to "Other Infrastructure" and then clicking download
from here on the Failing Back to an Unidentified Cloud / Other Infrastructure dialog. The
file will be downloaded automatically.
Note: The Failback Client interface will launch and connect to the DHCP client.
Upon connection, you will be prompted for your CloudEndure Installation Token.
Input your installation token into the Failback Client.
Note: You can locate your installation token by navigating to Setup & Info > Other
Settings > Installation Token in the CloudEndure Console.
Note: You also need your Instance ID on AWS. Go to AWS Management Console
> EC2 Instances
Note: The Failback will launch new machines. After the new machines have been
launched, the old original Source machines need to be cleaned up manually as
CloudEndure never deletes Source machines. If the Failback Client is launched on
an Other Infrastructure (non-AWS) Source, then the same machine will function as
the Target and should not be deleted.
Important: After Failback completed make sure the server is not running at the same
time as the server on AWS (Server that has been launched on AWS is n not deleted), so
that there are no conflicts on the domain controller.
Important: If there's an issue with the dns, unregister and re-register the DNS.
Note: Before returning to normal operation, you need to have the data that was
written to your Recovery machines copied back to the machines in your original
Source infrastructure.
Your machines will yet again undergo the initiation sequence.
Once your machines enter Continuous Data Protection mode, the Failback process has
been successfully completed.
If you're failing over to AWS from one Source machine and then failing back from AWS
to a different source machine,The machine may be stuck at the Initiating Disaster
Recovery stage without data replication progress.
To fix this issue, reinstall the CloudEndure Agent on the new (different) Source machine.