Help Center/ Storage Disaster Recovery Service/ Best Practices/ Two-Site Three-Center Disaster Recovery (SDRS+CBR)/ Solution Principle
Updated on 2023-06-16 GMT+08:00
View PDF
Share

Solution Principle

This section describes how the solution works in three fault scenarios: when the production site is functional; when the production site becomes faulty; when both the production site and cross-AZ DR site become faulty.

When the Production Site Is Functional

Figure 1 shows the work mechanism when the production site is functional.

  • SDRS synchronizes the server data and configuration of the production site in AZ 1 in region A to the cross-AZ DR site in AZ 2 in region A. You can perform routine DR drills to periodically simulate fault recovery scenarios and formulate emergency recovery plans.
  • CBR periodically backs up the entire server at the production site in region A and replicate the backup to the cross-region DR site in region B.
Figure 1 When the production site is functional

When the Production Site Becomes Faulty

If the production site becomes unavailable due to a small-scale fault such as a device fault, applications can be switched to the cross-AZ DR site without data loss.

In this phase, the Recovery Point Objective (RPO) is 0, and the Recovery Time Objective (RTO) is within 30 minutes.

RPO specifies the maximum acceptable period in which data might be lost.

RTO specifies the maximum acceptable amount of time for restoring the entire system after a disaster happens.

Figure 2 When the production site becomes faulty

When Both the Production Site and Cross-AZ DR Site Become Faulty

If the production site and cross-AZ DR site become unavailable due to a large-scale disaster such as a natural disaster, applications can be switched to the cross-region DR site. You can create full-ECS images using the server backups periodically replicated to region B, use the full-ECS images to create ECSs, and restore applications at the cross-region DR site to ensure service continuity.

In this phase, the RPO ranges from 0 to the backup interval. The minimum backup interval is 1 hour, and the RTO is within 30 minutes.

In the cross-region DR phase, the RPO equals the difference between the time when a disaster occurs and the time when the latest backup file is generated.

Figure 3 When both the production site and cross-AZ DR site become faulty