Resiliency in the cloud: Disaster recovery with VMware Cloud on AWS

Thank you and welcome today. We're going to discuss resiliency in the cloud disaster recovery with VMware Cloud on AWS. My name is Samir Ku. I'm the worldwide VMware strategic alliance solutions architect leader at AWS. Join with me is Tom Spalding.

Good morning everyone. Tom Spalding. I'm the chief growth officer of Effectual, an AWS premier partner with a specialty on VMC on AWS.

Thank you. So today we will discuss why VMware Cloud on AWS disaster recovery, setting the scene, overview of VMware Cloud disaster recovery or VCDr and then introducing AWS Backup as well. Continuous VMware Cloud on AWS disaster recovery in nine easy steps.

So why VM or Cloud on AWS? AWS has been a reseller of VMware Cloud on AWS since May 2019. We're able to resell multiple VMware cloud services. So VMC on AWS or VMware Cloud on AWS isn't the only VMware service that we're able to sell. We also sell add-ons that you can utilize in conjunction with VMware Cloud on AWS and even other VMware services that utilize native AWS services as well. You have that option to have that single bill. So that allows for simplicity, even the potential volume discounts that you can gain. And then the common integration as far as networking where you can utilize native AWS services as well. Then if you wanna take care of any modernization efforts, those possibilities are there for you.

So with VMware Cloud on AWS from the construct where you have your on premises, vSphere based environment, then AWS provides you with a AWS global infrastructure. On top of that is a vSphere stack which comprises of vSphere to manage your VMware based environment, vSAN, which is a storage overlay. And then NSX-T which is a networking overlay. All three of these components make up VM or Cloud on AWS. You obviously have your vCenter server which can communicate with your on premises, vCenter server as well. And then let's say you're utilizing any of the vSphere add ons or any of VMware's management products such as vRealize Suite. Maybe you have automation through PowerCLI you can still utilize that with VMware Cloud on AWS as well.

Let's say you want to utilize any of the native AWS services. Maybe you want to have your VMs communicate to an Amazon EC2 instance. Maybe you want to send data from your VMs to an Amazon S3 bucket. You have that easy option to do so you can leverage over 200 plus AWS services as needed when needed. This is going to allow you to have that communication again between your on premise environment to VMware Cloud on AWS and then even to the native AWS services now into disaster recovery.

So disaster and cyber cybersecurity events are prevalent. You need to be prepared for these events. 76% of organizations reported an incident during the past two years, they required an ITDR plan while more than 50% reported at least two incidents. 52% of these experience one or more sensitive data breaches within the past 12 months, 17% test their DR implementations more than twice a year. Some end users think that DR is very complex and expensive and I can't even add it headcount. Others say we only test our full DR plan maybe once a year just because it's disruptive to our applications and our environment. Anytime there is a major change, how can we know it still works? It's a huge issue for us and then our data grows 10 to 15% every year with physical DR, it is hard to accommodate the storage needs that are required.

Some of the challenges that we hear with DR solutions operational complexity. It's a highly manual process. New processes are hard to learn. We have to even figure out how to learn them patchwork of silo solutions. How do we even deal with that? And then infrastructure centric set up. So we're ignoring the application at that point, then potentially the high cost, the DR site is size for the worst case. So now we're paying for that inefficient storage of our copies. So we're utilizing storage and paying for storage that we may not efficiently be utilizing. The one size fits all approach doesn't always apply to every DR plan, the accepts the bandwidth usage. So maybe you have traffic going in and out the large time to invest into such an environment, sorry and the low reliability as well that you get with it.

Some customers aren't aware of the unpredictable recovery times that come into play. The infrequent testing that is done with such ad r plan reactive solutions, maybe an error prone recovery that hasn't been tested and even the fill back with caveats, it's not a fully automated process.

So you have several options. When it comes to ad r plan, you have that backup and restore option, which accounts for that low cost that comes with it. Maybe a pilot light, you do have to account for the costs, the rpo rt o, maybe you want to have a warm standby and AWS as well. Again, think about the costs, the rpo and rt o, maybe it it meets your needs to have a hot standby where it's an active, active environment though that does come at a price. So you do need to be mindful of that. But more importantly, you have multiple options that are available for your workloads.

Now we'll get into an overview of VCDr. So with VMware disaster recovery as a solution. VMware disaster recovery as a service solution, you have multiple options. You have VCDr and you have VMware Site Recovery. So VCDr is VMware Cloud disaster recovery. This is an on demand DR as a service solution. Then with VMware Site Recovery, it's a hot DR as a service solution. Some of the key differences to keep in mind and even there's some similarities to keep in mind as well.

If you're comparing the options that are available to you with both of them, you have a consistent vSphere based environment. The DR orchestration is taken care of for you as far as fail over and fail back. Even the ability to replicate to cloud storage with VCDr. Then with VMware Site Recovery, you had that ability to replicate to VMware Cloud on AWS with that fail over capacity. That's there. The instant power on ability with VCDr is critical. So this is going to allow for that live mount to take place in a VMware Cloud on AWS SDDC. So your VMs are up and running when disaster strikes, you have that fast RTO with prep provision fail over capacity with Site Recovery Manager to account for.

Then the moderate RPO that comes with BCDr, think about it from 30 minutes to four hours. You have low RPO with Site Recovery Manager, give or take five minutes or more. And then with VCDr, you can protect up to 2000 recovery points per protection group with VMware Site Recovery. You have up to 24 multiple point in time instances per VM to account for.

So with VCDr, it is an on demand disaster recovery as a service solution. So let's say you have your production environment, you have your vSphere environment, maybe it's on premises and then you have cloud services that are available to you. This will account for the SAS orchestration scale out file system as well. With your on premise environment, you're gonna deploy ad r as a service connector that will communicate to the cloud based services that will allow for replication to take place. And then with VM or Cloud on AWS, you have that on demand fill over target that's provided to you via live mount. So your VMs are up and running for you. If you want to send back any delta base backups, you, you have the option to do so. So you can always fill back as needed when needed as well. This is an on demand solution. It's simple to use and it allows for cloud economics to be accounted for as well being that it's on demand.

Think about it from a standpoint between your on premises environment where it's replicating to the cloud based services via VCDr, you have the pilot light option. So maybe you have the SDDC that's up and running. And BCDr we have VM ore Cloud on AWS where you only have the minimal amount of hosts that are required, you have the ability to scale out when needed. So when disaster strikes, you had that instant power on with live mound taking place. So your VMs will come online. There's no VM format conversion, your VMs are retained as VMs. Nothing changes and then think about ransomware recovery.

So security is at everyone's top of minds right now, especially with everything happening going on and whatnot. But if you don't have a ransomware recovery plan, this is something that VCDer can also provide you with your ability to protect your workloads comes with VCDr being that this is simple to use.

Yeah, they're consistent environment, the consistent UI look and feel. So it's the same. We have our knowledge that you're already accustomed to. Nothing changes between your on premises vSphere environment and VMware Cloud on AWS. The operations that come into play, it's consistent as well. This is a Sass based management tool for you and then you have the continuous DR health checks taking place continuously between your on premise environment and even in VMware Cloud on AWS VABC, DR, you have the built in audit reports. So maybe you have some compliance requirements where you do have to provide audit reports. This will give you that ability to maintain that compliance.

Let's say something happens with your on premises environment, disaster strikes. Now you're moving to VMware Cloud on AWS via VCDr. You had that efficient cloud source that will be live mounted to an SDDC. You pay when capacity is needed. So let's say you're not backing up your whole environment, you only want to protect certain amount of VMs. You're only paying for what you utilize, you have optimized fail backs. And then even with the simplified pricing, again, you pay for what you utilize now with AWS Backup.

So this is a fully managed policy based backup service that makes it easy to centrally manage and automate your backups. Whether it's in VMware Cloud on AWS, your on premise environment or even in AWS, you can centralize your data protection with AWS Backup. This is gonna give you that ability to automate data protection management. So you add that centralized view for your backups to manage them. You can scale out when needed as well. It's policy driven. This allows you to create monitor and manage your data protection. You can improve data resiliency and continuity as well. You can copy secondary data across regions and accounts via AWS organizations can be utilized as well.

Then you have that cross account, copy of your backups that can take place. Then you can ensure data protection and compliance via governance. That's allowing for real time data protection management with auditor ready reports, it's immutable backup that's available to you as well.

Then with AWS Backup for VMware again, this is going to allow for that single centralized data protection solution for hybrid VMware based workloads. The flexible restore options between your on premise environment and even with VMware Cloud on AWS is provided to you the ability to use the same backup policy across multiple AWS services and VMware based workloads. It also is going to give you that option where you can create that immutable backup of your virtual machines running in VMware Cloud on AWS. This could also be with your VMs that are an on premises environment. You can restore to VMware Cloud on AWS or even your on premises environment as well. You have that ability to utilize life cycle life cycle policies to cold tier your backups as well via cold tier storage.

You can create separable protected cross account and cross-region backups to meet your compliance needs and then you can centrally manage data protection across multiple AWS accounts via AWS Organizations.

So let's say you're looking to get started with AWS Backup for VMware, you have AWS Backup, you download the Backup Gateway deployed in your SDDC, whether this is again in your on premise environment or even in VMware Cloud on AWS, you're then gonna define a backup plan with your organizational data protection policies that are accounted for, then you want to assign VMs to that backup plan. This is gonna allow you to govern your backups and even maintain compliance for your policies.

We do have a reference architecture that's available for you. So please do go to our website, check it out if you have any questions in respect to it, feel free to reach out. The key thing to keep in mind is it's very simple to deploy and utilize this particular service between whether it's your on premise environment or even in VMware Cloud on AWS, it has that agent that's deployed that will allow for that communication. It's gonna utilize the public service endpoint, then it's gonna communicate with the AWS Backup management service that will then allow communication to AWS Backup Gateway where your backups, you can manage them, the restore points, the plan for your restore restorations take place and even the backup as well.

So now we did mention that utilizing VCDr is very simple, Tom. Please let us know how easy it is.

Thank you, Samir. I use the word easy in the title of this slide. I think everyone in this room probably knows nothing's ever easy in it. Uh what AWS and what BMC and AWS brings to the table is the ability to use similar technologies, similar processes to what we've always been using, but move it forwards in a modern way and allow us to innovate and to continuously provide that resiliency um in such a way that we're following through with the same processes that we always have been.

So I can use the word easy in this sense because we're not changing too much, too quickly. Effectual has done this for multiple different customers a dozen times a year for the past four years as one of the first partners with VMC on AWS. So let's jump into how we've done this a few times and why I feel confident that we can say nine easy steps,

Step one, have two data centers. One's ok. Hopefully you've got some form of dr but the way that we've seen it is normally you've got one on the east coast and then potentially you've got one over here on the west coast. I'm just pushing them as far apart as possible. There may be a different minimum for your business. Well, let's go coast to coast for this one. So the very first step is to use the technologies that Samir has just walked us through VCDr or SRM. In order to establish a new disaster recovery point for your business. We're leveraging a region that AWS has been kind enough to build for us so we can immediately start accessing infrastructure with no lead times when it comes to actually the deployment of the hardware that underpins the solution.

So if we double click in here, we can zoom in. So we're over here on the west coast, we've got two options that I can. I. Well, Samira's just walked us through. Option one is the SRM way as Samir described, the way that we can think about this is the lowest RTO and the lowest RPO available to us to describe this in more of a physical manner. SRM could be thought of as I'm between my data centers, I'm moving data very, very quickly between two places we've been doing this for years. The only difference is I'm now doing it from VMC on AWS, my new data center over here to my previous production or disaster recovery.

Now, as Samir walked us through subtle differences between SRM and between VCDr again, describing this visually. We've made it to the same place. We've got a slightly higher RTO or RPO. We're replicating the data, it's not hot standby, but the data is there ready and waring to go for us. Should we need to, should we have to call a disaster or, or declare a disaster? I'll say so with that new connection in place, we now have VVMC acting as our previous DR data center. This is not rocket science, this is what companies have been doing to move data centers around for, for years. The difference that we have here is that AWS has done the heavy lifting for us but has done it in such a way that we can continue to use the same technology as we always have been.

So we now sever the connection between the east and west coast. We're leveraging the west coast exclusively between two data centers over here. And that leads us to the business value. Number one, which is button's not working, which is recouping that cost when it comes to that disaster recovery data center on the east coast, there are partners in the AWS ecosystem that will buy that hardware back from you. There is a very happy CFO within your business who can now close an entire sunk cost asset that he no longer needs to recoup, recapitalize or refresh any hardware within.

So once we've got to this point, we're recouping costs and the way that we describe it to uh our customers and what we've done multiple times in the past is let's go around again. So we now have the ability to effectively promote VMC and AWS up into production. We've got live replication between two data centers. So we're effectively moving traffic between what was previously production now up into VMC on AWS S production. And then we're demoting our previous production data center into disaster recovery that allows us to once again. Alright, thanks man. Establish another new region. AWS has already built them for us. We're leveraging the same technologies we have at no point between steps one and step six, removed any disaster recovery, removed any disaster recovery capabilities or reduced any resiliency or introduced any additional risk into our businesses. What we have done so far is save costs and continue operations.

So we leveraged the exact same VMC solution on the east coast. We reestablished the sync between the two. We can go quickly or we can go more at a measured pace using either SRM or VCDr. And once again, we can now promote, we can decide whether or not to promote production to the east or the west. And we can once again sever that connection between our previous disaster recovery, which was previously production. And once again recoup those costs. And at zero points through the entire nine steps, have we removed any resiliency from the solution.

So it's technically possible, we can show how it can be done without introducing business risk. But effectively, what we've done is we've got disaster recovery on east and west coast that are replicating between the two using either SRM or VCDr. Nothing has changed technically from that perspective, the solution looks very similar.

So why bother? So these are live examples that have been amalgamated uh across a dozen different customers over the past four years for us. So these are real numbers that our customers brought to us as a result of going through these nine steps with us.

So we're looking at that reduction in RTO, we're looking at reduction in RPO, which is why we have re disaster recovery. We wanna be taking that number and we want to be pushing it up into the C suite of our businesses to tell them we can now reduce our cyber insurance. We are now better protected. We can go to our shareholders and say that it's much harder to disrupt our business. We can continue to operate to continue to service our customers.

Once again, we can leverage the fact that AWS has made these investments for us to allow us to go to any region. I've been using the east and west coast of the US as you can probably tell, not a US native. Let's go to Europe. They've built a Hong Kong data center. They've got one in a in a PA. We can replicate the exact same solution to any data center that AWS has previously built and leverage VMC using the exact same technologies around the world. And again, we now have the ability to with that replication factor serve those same applications from anywhere in the world during a disaster to enable that application anywhere capability for our users. Get closer to the user experience even in the midst of a disaster within one country or another.

Our customers reported back to us that the other unanticipated benefit of moving in this direction. And following these nine steps was actually more freedom. They had less vendors to manage. Samir started this entire presentation with AWS allows you to put all of this onto a single bill and to pull in other VMware products onto that single bill. Unanticipated because we're still using the same technologies. But we've made an operational efficiency through establishing the same processes that we've always needed to protect our businesses.

So AWS has effectively built us a solution that we can follow nine steps. We can never at a single point, introduce risk into our business. We can remain resilient throughout and we can achieve business benefits that have a significant bottom line impact and make a very happy C suite.

Thank you so much for, for coming today guys. Uh we're gonna be taking questions off to the side. Um and I hope you've had a great re invent. I think that wraps us. Thank you. Appreciate it.