Disaster Recovery

Question 1

GCP Basics of DR planning: metrics

Answer 1

Recovery Time Objective (RTO)
-Max acceptable lenfth of time that application can be offline
Recovery Point Objective (PTO)
-Max acceptable length of time during whichdata might be lost from your application
- varies by data

Question 2

Cost relationship to RTO & RPO

Answer 2

Lower RTO/RPO = Higher cost

Question 3

Tradinional DR Requirements

Answer 3

Capacity -securing enough resources to scale as needed
Security - providing physical security to protect assets
Network Infrastructure -including firewalls and load balancers
Support -Human resources to maintain hardware
Bandwidth - planning suitable bandwidth for peak load
Facilities - ensure physical infrastructure: equipment and power/AC

Question 4

Cloud features relevant to DR

Answer 4

Global Network - global computer network: software defined and edge cachine services deliver fast, consistent and scalable performance
Redundancy- Global Point Of Presence -> strong redundancy. Storage automatically mirrored across locations
Scalability - Scalable services
Security -
Compliance - Regular third party audits to verify alignment with
* security
* privacy
* compliance regulations
* best practies

Question 5

DR Patterns

Answer 5

1. Cold
2. Warm
3. Hot

Question 6

Cold DR Pattern

Answer 6

• No Standby
• Manual start up
• App down until remediation is completed

Question 7

Warm DR Pattern

Answer 7

• Stand by Active / Passive
• manual switch to stand by
• App down until switch is completed

Question 8

Hot DR Pattern

Answer 8

• Active/Active
• Automatic load sent to healthy zone/region
• No application Downtime

Question 9

DR Detailed Plan

Answer 9

1. Design according to your recovery goals
2. Design for end-to-end recovery
3. Make your tasks specific
4. Make your tasks specific
5. Preparing your software
6. Design continuous deployment for recovery

Question 10

DR Security and compliance controls

Answer 10

Validate VPCs Firewalls
Least privilege
service accounts as part of firewall rules

Question 11

Ways to synchronize permissions between environmentsLink

Answer 11

Replicate IAM policies - Use IAC methods Cloud Deploy Manager
on-prem to cloud - Map functional rules to IAM policies with appropriate IAM roles
Configure IAM policies to grant appropriate premissions to products
OTher cloud to GCP - map permissions in provider’s IAM policies to GCP IAM policies

Question 12

Compute and Storage:
Compute Engine

Answer 12

• Scalable compute resources
• Predefined and custom machine types
• Fast boot times
• Snapshots
• Instance templates
• Managed instance groups
• Reservations
• Persistent disks
• Live migration

Question 13

Compute and Storage:
Cloud Storage

Answer 13

• Highly durable object store
• Geo-redundant storage
• Storage classes
• Object lifecycle management
• Data transfer from other sources
• Encryption at rest by default

Question 14

Compute and Storage:
Cloud Storage

Answer 14

• Managed environment for deploying and scaling containerized applications
• Node auto-repair
• Liveness and readiness probes
• Persistent volumes
• Multi-zone and regional clusters
• Command-line tool for managing cross-regional clusters

Question 15

GCP DR Building Blocks: Compute Engine

Answer 15

Compute Engine: delete protection flag
Instance template save config details of VM and create new instances
instance template from custom image or existing VM
Managed instance groups
Reservations Create reservations in your DR target zone to avoid not having capacity on demand [Link]
Persistent disks and snapshots
Persistent disks- durable network storage devices, independent of instances.. detach and move to keep data after instances are deleted
Persistent disks zonal or regional depending on HA otions
Live Migration
Virtual Disk Import Tool import VMDK, VHD and Raw. Same configuration as on-prem VM

Question 16

GCP Buildling Blocks: management and monitoring

Answer 16

Cloud Data Dashboard
Cloud Monitoring:
Deployment Manager - Lets you define cloud environment in a set of templates

Question 17

Network DR Patterns: Data transfer from and to cloud

Answer 17

Cloud Interconnect provides several options to connect to Google and Google Cloud:
**Cloud VPN
enables the creation of IPsec VPN tunnels between a Google Cloud VPC network and target network.
Traffic traveling between the two networks is encrypted by one VPN gateway, then decrypted by the other VPN gateway.
*HA VPN enables you to create high-availability VPN connections with a SLA of 99.99%, plus a simplified setup compared to creating redundant VPNs.
**Direct peering**
*provides minimal network hops to Google’s public IP addresses. You can use direct peering to exchange internet traffic between your network and Google’s edge points of presence (PoPs).
**Dedicated Interconnect** provides a **direct physical connection between your on-premises network and Google’s network.
*It provides an SLA along with more consistent throughput for large data transfers. Circuits are either 10 Gbps or 100 Gbps and are terminated at one of Google’s colocation facilities. With larger bandwidth, you can reduce the time it takes to transfer data from on-premises to Google Cloud. The following table illustrates the speed gains when upgrading from 10 Gbps to 100 Gbps.

Question 18

Transfer method Diagram

Answer 18

Question 19

Maintaingin images consistency across hybrid environments

Answer 19

*If a fully configured image is required, consider something like Packer, which can create identical machine images for multiple platforms.
*As another option, you can use configuration management tools such as Chef, Puppet, Ansible, or Saltstack to configure instances with finer granularity, creating base images, minimally-configured images, or fully-configured images as needed. For a discussion of how to use these tools effectively, see Zero-to-Deploy with Chef on Google Cloud.

Question 20

Disaster recovery scenarios for data

Answer 20

Data Backups
Database backups