Disaster Recovery Flashcards
GCP Basics of DR planning: metrics
Recovery Time Objective (RTO)
-Max acceptable lenfth of time that application can be offline
Recovery Point Objective (PTO)
-Max acceptable length of time during whichdata might be lost from your application
- varies by data
Cost relationship to RTO & RPO
Lower RTO/RPO = Higher cost
Tradinional DR Requirements
Capacity -securing enough resources to scale as needed
Security - providing physical security to protect assets
Network Infrastructure -including firewalls and load balancers
Support -Human resources to maintain hardware
Bandwidth - planning suitable bandwidth for peak load
Facilities - ensure physical infrastructure: equipment and power/AC
Cloud features relevant to DR
Global Network - global computer network: software defined and edge cachine services deliver fast, consistent and scalable performance
Redundancy- Global Point Of Presence -> strong redundancy. Storage automatically mirrored across locations
Scalability - Scalable services
Security -
Compliance - Regular third party audits to verify alignment with
* security
* privacy
* compliance regulations
* best practies
DR Patterns
- Cold
- Warm
- Hot
Cold DR Pattern
- No Standby
- Manual start up
- App down until remediation is completed
Warm DR Pattern
- Stand by Active / Passive
- manual switch to stand by
- App down until switch is completed
Hot DR Pattern
- Active/Active
- Automatic load sent to healthy zone/region
- No application Downtime
DR Detailed Plan
- Design according to your recovery goals
- Design for end-to-end recovery
- Make your tasks specific
- Make your tasks specific
- Preparing your software
- Design continuous deployment for recovery
DR Security and compliance controls
Validate VPCs Firewalls
Least privilege
service accounts as part of firewall rules
Ways to synchronize permissions between environmentsLink
Replicate IAM policies - Use IAC methods Cloud Deploy Manager
on-prem to cloud - Map functional rules to IAM policies with appropriate IAM roles
Configure IAM policies to grant appropriate premissions to products
OTher cloud to GCP - map permissions in provider’s IAM policies to GCP IAM policies
Compute and Storage:
Compute Engine
- Scalable compute resources
- Predefined and custom machine types
- Fast boot times
- Snapshots
- Instance templates
- Managed instance groups
- Reservations
- Persistent disks
- Live migration
Compute and Storage:
Cloud Storage
- Highly durable object store
- Geo-redundant storage
- Storage classes
- Object lifecycle management
- Data transfer from other sources
- Encryption at rest by default
Compute and Storage:
Cloud Storage
- Managed environment for deploying and scaling containerized applications
- Node auto-repair
- Liveness and readiness probes
- Persistent volumes
- Multi-zone and regional clusters
- Command-line tool for managing cross-regional clusters
GCP DR Building Blocks: Compute Engine
Compute Engine: delete protection flag
Instance template save config details of VM and create new instances
instance template from custom image or existing VM
Managed instance groups
Reservations Create reservations in your DR target zone to avoid not having capacity on demand [Link]
Persistent disks and snapshots
Persistent disks- durable network storage devices, independent of instances.. detach and move to keep data after instances are deleted
Persistent disks zonal or regional depending on HA otions
Live Migration
Virtual Disk Import Tool import VMDK, VHD and Raw. Same configuration as on-prem VM