GCP Recovery

Recover GCP Resources

  1. From the navigation menu, go to Cloud Resilence > Cloud Assemblies.

    The Cloud Assemblies page appears.

  2. Click the GCP assembly that you want to recover.

    The Cloud Assembly page of the GCP appears.

  3. On the Timeline tab, click the protected timeline.

    The Protection page of the timeline appears.

  4. In the upper-right corner of the page, click Recover.

    The Recover Resources page of the timeline appears.

  5. Enter the name of the recovery.

  6. Select the predefined or custom created recovery profile. You can choose a recovery profile to recover only the “Preemptible Nodes” during recovery.

Note:

To create a new recovery profile, go to the Cloud Assembly page of the GCP cloud assembly, click Actions, and then select Recovery Profile.

  1. Select the recovery type. You can recover to the same region or cross region(s).

  2. To recover to the same primary location, select Same Region.

  3. To recover the snapshots to the selected recovery region, select Cross Region.

  4. Select how you want to recover resources. Choose if you want to recover entire assembly, only selected resources, or selected labels for the assembly.

  5. To perform zone-level resilence, go to the Advanced section, map the source zone with the destination zone.

    Note

    For the same region recovery, you can also select a cross zone.

  6. Under Override Network Tags, do the following:

    1. To remove existing network tags, select the Remove existing network tags check box.

    2. To add new network tags, select the Add new network tags check box, enter the tag name, and then click Add Tag.

  7. To skip protection of recovered resources, move the Skip protection for recovered resources toggle key to the right. This will add the KEY: ax-aps-protection, VALUE: ignore tag in the recovered resources. Any resource with this tag will be ignored by Cloud Rewind protection.

  8. Select Recover to start the recovery.

Recovery Scenarios

Cloud Rewind covers the following recovery scenarios during the protected resource's recovery.

Same region recovery

Using Cloud Rewind, the user can recover the entire assembly or the selected resources to the same region.

Recovery of the VPC in the same region can be achieved using anyone of these three use cases,

  1. Create new VPC
    Cloud Rewind creates a new isolated VPC in the primary region and recovers all your cloud resources. The created VPC will have the same IP range (CIDR block) as the source VPC, and all the associated resources like subnets, alias IPs, and other dependencies for the VPC will be created similarly to the source VPC.
  2. Same VPC
    Cloud Rewind recovers all the selected resources into the same VPC for which the protection is enabled. If the source instance already exists, Cloud Rewind will highlight saying that there is a conflicting resource and will provision the instance with a different IP address. If you want the instance to be created with the same IP address as the source, the source instance should be removed completely before triggering a recovery.
  3. Use existing VPC
    By selecting this option, a pre-existing VPC in the primary region can be chosen for recovery. The VPC chosen for recovery can have a different IP value, but the number of subnets, and the number of IPs per subnet should be the same as the source VPC. Example: 172.31.0.0/16 (Source) and 10.31.0.0/16 (Destination).

Note

In a pre-existing VPC recovery, Cloud Rewind can map the alias IPs only if the secondary IP range's name and its range should match the source VPC.

Other region recovery

Using Cloud Rewind, the users can recover the entire assembly or the selected resources. The recovery region where the resources are to be recovered has to be chosen from the recovery regions list.

There are two use cases covered under the other region recovery,

  1. Create new VPC
    Cloud Rewind creates a new isolated VPC in the selected region and recovers all your cloud resources. The created VPC will have the same IP range (CIDR block) as the source VPC, and all the associated resources like subnets, alias IPs, and other dependencies for the VPC will be created similarly to the source VPC.
  2. Use existing VPC
    By selecting this option, a pre-existing VPC in the selected region can be chosen for recovery. The VPC chosen for recovery can have a different IP value, but the number of subnets, and the number of IPs per subnet should be the same as the source VPC. Example: 172.31.0.0/16 (Source) and 10.31.0.0/16 (Destination).

Note

  • In a pre-existing VPC recovery, Cloud Rewind can map the alias IPs only if the secondary IP range's name and its range match the source VPC.

  • If the user has attached a certificate to the GCP Load Balancer in the primary region, it is mandatory to manually copy the certificate to other recovery regions. The certificates in both primary and recovery regions should have a tag with the key “Name.” The same value should be present in primary and recovery regions for Cloud Rewind identification. During recovery, Cloud Rewind attaches the certificates in the recovery regions automatically using these tags. This setting has to be done before protection so that the metadata information is correctly captured for the recovery to be successful.

Cross-Project Recovery

You can use cross-project recovery to rebuild/restore the entire environment to a designated destination project, ensuring seamless recovery across projects.

For more information, see Recovering GCP Resources to a Cross Project.

Shared VPC recovery scenarios

Google Cloud recommends having a Shared VPC setup so that instances from multiple projects can connect through the shared VPC in a private network taking advantage of the speed and security of Google's internal network architecture. For more details regarding Google's shared VPC setup, refer here.

The main catch in this setup is that the network is set up and is owned by a host project and is shared between multiple service projects under one GCP organization.

Note

Cloud Rewind establishes cloud connection per GCP project. Hence, to support the shared VPC setup recovery, it is mandatory to have the shared VPC's host project added as a separate cloud connection in Cloud Rewind.

Click here for the steps to Configure Shared VPC Recovery Option

With Shared VPC, Cloud Rewind supports multiple recovery options:

Same region recovery

  1. Same shared VPC and same Subnet as the source instance

  2. Same shared VPC but different Subnet in the same region

  3. DR shared VPC in the same region

Other region recovery

  1. Same Shared VPC but different subnet in the other region

  2. DR Shared VPC in the other region

Note

"Create New VPC" is not a valid use case for a shared VPC configuration. Creating a shared VPC requires organization level permission that the Cloud Rewind service account does not acquire. You could disable seeing the create new VPC option by enabling the "Shared VPC Network Recovery" toggle button under Cloud Assembly Configuration "Recovery Options".

Custom machine type recovery

Cloud Rewind supports recovery of instances with custom machine type.

For example, an instance with a N2 custom machine type, and a custom size definition will be restored with the exact configuration in the supported recovery region. For regions or zones not supporting the N2 custom machine type, a predefined machine type with a closely matching configuration is automatically chosen from the recovery region.

Recovery simulation

Cloud Rewind provides an option to create a schedule to test the recovered application in the recovery region and ensure that the configured protection policy works well in the real recovery scenario.

By creating a recovery simulation policy, schedule the recovery to happen at the chosen frequency. Create a recovery simulation from the Cloud Assembly “Summary” or “Policies” tab. Select a recovery profile from the list of available recovery profiles. There is an option to select from the last “Successful protection only” or “Successful or Partial successful protection.” If the last timeline is a failure, the user can define to choose from the number of selected previous timelines.

Select the number of hours after which the reset has to happen. This way, the recovered resources will be reset to avoid unnecessary billing. Created recovery simulation policy can be enabled/disabled, edited, or deleted anytime.

Delete recovered resources

Cloud Rewind allows you to delete recovered resources using the RESET option. The reset helps to delete the recovered resources and roll back the GCP resources to the original state before the recovery is triggered. It helps to reduce the GCP billing that can incur due to recovery testing.

You can delete a recovery either on demand or by scheduling a reset. To reset a schedule, you can do it while configuring recovery or after the completion of recovery.

  1. From the navigation menu, go to Cloud Resilence > Cloud Assemblies.

    The Cloud Assemblies page appears.

  2. Click the GCP assembly that you want to reset.

    The Cloud Assembly page of the GCP appears.

  3. On the Timeline tab, click the Recovered tab.

  4. Click the recovered timeline that you want to reset.

    The Protection page of the recovered timeline appears.

  5. In the row for the recovered timeline, click the actions button actions_button, and then select Reset Now.

    The Reset Recovery dialog box appears.

  6. In the box, type DELETE.

  7. Click Delete.

    Once the reset action is triggered, the reset status changes to Reset In Progress. After the reset is completed, the changes to Reset completed. The Recovery Logs tab contains recovery and reset logs. It provides all the details of the execution for recovery and the reset process details.

Note

Cloud Rewind safely fails the reset request on the recovered resources if any configuration drift is noted from the original recovered resource configuration.

×

Loading...