Help Center/ Storage Disaster Recovery Service/ User Guide/ Asynchronous Replication/ Managing Protected Instances/ Performing a Failover
Updated on 2024-07-30 GMT+08:00
View PDF
Share

Performing a Failover

Scenarios

Disaster recovery site servers are created using the most current data and billed based on the server billing standards. If servers are still running during a failover, the system synchronizes all the server data before failover is performed to the disaster recovery site servers. Data written to the servers during the failover may not be synchronized to the disaster recovery site. If one of the servers to be failed over fails, data on the server may fail to be synchronized and some data may be lost.

After a failover, data is not automatically synchronized from the disaster recovery site to the production site, and protection is disabled for protected instances. To start data synchronization from the disaster recovery site to the production site, perform a reverse reprotection.

  • Failover is a high-risk operation. After a failover, services are started at the disaster recovery site. At this time, you must ensure that production site services are stopped. Otherwise, services may be conflicted or interrupted and data may be damaged because both sites are providing services. If you just want to verify and analyze the disaster recovery site data, perform disaster recovery drills instead.
  • During a failover, an ECS used for system conversion will be created, with a name suffix VMwareToCloud. Do not perform any operation on this ECS. Or, the failover may fail. This ECS will be automatically deleted after the failover is complete.

Prerequisites

  • Initial synchronization is completed for the protected instance, and the status of the protected instance is Synchronization finished or Failover failed.
  • Protected instance services are running at the production site.
  • All services on production site server are stopped, and all data has been flushed to disks.

Precautions

During a failover, a primary NIC is configured for each disaster recovery site server. If a production site server uses a secondary NIC, you need to manually bind a secondary NIC for the corresponding disaster recovery site server on the server details page.

Procedure

  1. Log in to the management console.
  2. Click Service List and choose Storage > Storage Disaster Recovery Service.

    The Storage Disaster Recovery Service page is displayed.

  3. Choose Asynchronous Replication. In the right pane, locate the replica pair housing the protected instance you want to perform a failover and click the number in the Protected Instances column.

    The Protection Groups tab page is displayed.

  4. In the navigation tree, choose the target protection group.

    The protection group details page is displayed.

  5. In the Protected Instances area, locate the target protected instance, and click Execute Failover in the Operation column.

  6. Configure the disaster recovery site server.

    Table 1 Parameter description

    Parameter

    Description

    Example Value

    Billing Mode

    Billing mode of the disaster recovery site server

    Only pay-per-use billing is supported currently.

    Pay-per-use

    Specifications

    Select the specifications for the disaster recovery site server.

    -

    Name

    Enter a name for the disaster recovery site server.

    The name can contain letters, digits, underscores (_), hyphens (-), or periods (.), can be no more than 64 characters long, and cannot contain spaces.

    ECS02-DR

    NIC Switchover
    • If enabled, the NIC on the disaster recovery site server will be consistent with the NIC on the production site server.
    • During a failover, the system automatically stops the production site server and binds its NIC to the DR site server.
    • During a failback, if the production site server already has a new NIC bound manually, the system will not bind the original NIC back to the production site server.

      This function is only available when both servers are in the same region.

    -

    Subnet

    Select the subnet where the disaster recovery server resides.

    -

    IP Address

    Select how the server obtains an IP address.

    • Use existing: Select this option if the subnet selected is in the same CIDR Block as the production site server. This setting keeps the IP addresses on both servers consistent.
    • DHCP: IP addresses are automatically assigned by the system.
    • Manually Assign: Manually specify an IP address.

    -

  7. Click Next. On the displayed page, confirm the disaster recovery server information and click Submit.

  8. The protected instance status changes to Executing failover. After the failover is complete, the status changes to Failover completed.