Help Center/ Storage Disaster Recovery Service/ User Guide/ Asynchronous Replication/ Managing a Protection Group/ Performing a Failover
Updated on 2024-10-29 GMT+08:00
View PDF
Share

Performing a Failover

Scenarios

Disaster recovery site servers are created using the most current data and billed based on the server billing standards. If servers are still running during a failover, the system synchronizes all the server data before failover is performed to the disaster recovery site servers. Data written to the servers during the failover may not be synchronized to the disaster recovery site. If one of the servers to be failed over fails, data on the server may fail to be synchronized and some data may be lost.

After a failover, data is not automatically synchronized from the disaster recovery site to the production site, and protection is disabled for protected instances. To start data synchronization from the disaster recovery site to the production site, perform a reverse reprotection.

  • Failover is a high-risk operation. After a failover, services are started at the disaster recovery site. At this time, you must ensure that production site services are stopped. Otherwise, services may be conflicted or interrupted and data may be damaged because both sites are providing services. If you just want to verify and analyze the disaster recovery site data, perform disaster recovery drills instead.
  • During a failover in a V2C scenario, an ECS used for system conversion will be created, with a name suffix VMwareToCloud. Do not perform any operation on this ECS. Or, the failover may fail. This ECS will be automatically deleted after the failover is complete.
  • If NIC switchover is enabled, after a failover, SDRS automatically stops the production site server and changes the server status to Planned stop. If NIC switchover is disabled, the production site server status remains unchanged before and after a failover.
  • After a failover, the production site server stops providing services. Or, new data will be overwritten after a reverse synchronization.

Prerequisites

  • The protection group contains protected instances.
  • Initial synchronization is completed for all the protected instances in the protection group, and the status of protected instances is Synchronization finished or Failover failed.
  • Protected instance services are running at the production site.
  • All services on production site servers are stopped, and all data has been flushed to disks.

Precautions

During a failover, a primary NIC is configured for each disaster recovery site server. If a production site server uses a secondary NIC, you need to manually bind a secondary NIC for the corresponding disaster recovery site server on the server details page.

Procedure

  1. Log in to the management console.
  2. Click Service List and choose Storage > Storage Disaster Recovery Service.

    The Storage Disaster Recovery Service page is displayed.

  3. Choose Asynchronous Replication. In the right pane, locate the replica pair housing the protection group you want to perform a failover and click the number in the Protection Groups column.

    The Protection Groups tab page is displayed.

  4. In the navigation tree, choose the target protection group.

    The protection group details page is displayed.

  5. In the upper right corner of the basic information area, click Execute Failover.

    The Execute Failover page is displayed.

  6. Configure disaster recovery site servers.

    Table 1 Parameter description

    Parameter

    Description

    Example Value

    Billing Mode

    Billing mode of the disaster recovery site server

    Only pay-per-use billing is supported currently.

    Pay-per-use

    Specifications

    Select the specifications for the disaster recovery site servers.

    -

    Name

    Enter a name for the disaster recovery site server.

    The name can contain letters, digits, underscores (_), hyphens (-), or periods (.), can be no more than 64 characters long, and cannot contain spaces.

    ECS02-DR

    NIC Switchover
    • If enabled, the NIC on the disaster recovery site server will be consistent with the NIC on the production site server.
    • During a failover, the system automatically stops the production site server and binds its NIC to the DR site server.
    • During a failback, if the production site server already has a new NIC bound manually, the system will not bind the original NIC back to the production site server.

      This function is only available when both servers are in the same region.

    -

    Subnet

    Select the subnet where the disaster recovery server resides.

    -

    IP Address

    Select how the server obtains an IP address.

    • Use existing: Select this option if the subnet selected is in the same CIDR Block as the production site server. This setting keeps the IP addresses on both servers consistent.
    • DHCP: IP addresses are automatically assigned by the system.
    • Manually Assign: Manually specify an IP address.
      NOTE:

      If disaster recovery site servers are configured in a batch, only DHCP is available. If disaster recovery site servers are configured individually, all options are available.

    -

  7. Click Next.
  8. Confirm the disaster recovery site server information and click Submit.

  9. The protected instance status changes to Executing failover. After the failover is complete, the status changes to Failover completed.

Parent Topic: Managing a Protection Group