DR with Veeam from A to Z

[getwidth]

Hello everyone. I do not know about some of but the vast amount of knowledge that has to go into completing a DR scenario seems overwhelming at times. Also I am aware that there is a tone of information in these forums which I have read a good bit of. I am hoping that you will entertain my questions and at the same time possibly lead someone else through a complete process or the idea setup of a DR scenario. So what I am looking for is sort of a best practice and how most people do things. Thank you Veeam for a great product.

My setup
At my source
Watchguard VPN to DR / 10Mbps to the net
2x ESXi 5.1 hosts
EMC Clarion SANS

IP numbers:
10.x.x.x

At the DR location
Watchguard VPN to source / 10Mbps to the net
1x ESXi host
EMC SAN

IP numbers:
11.x.x.x

Specific questions/thoughts
- When doing VPN, you really have to use a different IP scheme at the target side. It is possible to use the same IP range but it is too complicated and runs into problems and shouldn't even be considered. Correct?

- There should be a server at both the source and destination running AD, DNS, DHCP if needed, and have them configured appropriately for IP. Such as in my site my source is 10.x.x.x and my DR would be 11.x.x.x. Correct? Although it would be awesome if they could be on the same IP space so that failover and failback would be much easier.

- When failing over a machine at the DR side, that machine will have to take on a new IP address. In my case it would have to be 11.x.x.x. What is the procedure for telling the source servers and clients that the exchange server for example changed to 11.x.x.x?

- For the people that have replicated their VM's locally then transferred their DR equipment (server and SAN/etc) to the DR location, what all did you have to do? From what I can tell and read you just have to change the IP address of the ESXi server/HyperV and configure storage. What problems did you have with that or is that even the best way to do it?

- From my experience thus far, it seems like their will be a good 30 minutes to an hour of data loss in a failover. I realize that this number vastly can vary but I am going by how long it takes for me to do a failover and failback in my testing and being local. If it took my exchange server 30 minutes to accomplish the task and I had to do that to my 6 most important servers, I start to get afraid of data loss. Am I looking at this all wrong?

Summary
I know these are big and several questions but learning it bit by bit through videos, website, forums, etc, etc, it just seems to go on forever. I appreciate your answers and discussion.
Thank you

[dellock6]

Hi Billy

- When doing VPN, you really have to use a different IP scheme at the target side. It is possible to use the same IP range but it is too complicated and runs into problems and shouldn't even be considered. Correct?

No, layer2 and layer3 VPN are both usable and both have their use cases, pros and cons. If you prefer to use L2 vpn (also called bridged) go for it.

- There should be a server at both the source and destination running AD, DNS, DHCP if needed, and have them configured appropriately for IP. Such as in my site my source is 10.x.x.x and my DR would be 11.x.x.x. Correct? Although it would be awesome if they could be on the same IP space so that failover and failback would be much easier.

Correct, having Active Directory servers already running at both site of the VPN is a common design, and really suggested.

- When failing over a machine at the DR side, that machine will have to take on a new IP address. In my case it would have to be 11.x.x.x. What is the procedure for telling the source servers and clients that the exchange server for example changed to 11.x.x.x?

Veeam has a configuration option in Replica Job to re-IP the virtual machine.

- From my experience thus far, it seems like their will be a good 30 minutes to an hour of data loss in a failover. I realize that this number vastly can vary but I am going by how long it takes for me to do a failover and failback in my testing and being local. If it took my exchange server 30 minutes to accomplish the task and I had to do that to my 6 most important servers, I start to get afraid of data loss. Am I looking at this all wrong?

Probably you are referring to the time it takes at every replica execution.
But during a real failover scenario, you do not do a replica because you lost the production site, you simply poweron the servers at DR site.
If instead you are looking for ways to reduce the replica times, tell us the configuration of your replica jobs and we could help you. First of all, do you have at least 1 proxy at each site?

Luca.

[veremin]

Tell us the configuration of your replica jobs and we could help you. First of all, do you have at least 1 proxy at each site?

And where is your Veeam Backup and Replication server is located? In Production or in DR site? Or you have it deployed at both ends?

Thanks.

[getwidth]

And where is your Veeam Backup and Replication server is located? In Production or in DR site? Or you have it deployed at both ends?

Thanks.

Veeam server location
The Veeam Backup and Replication server is located on the production side. It is a virtual server with 8 CPU's and 8GB's of RAM.

Proxy's
I have two proxy's. The Veeam server and the other server is my VSphere server, which is located at the productions site too.

[veremin]

In this case, it seems that you don’t follow “best” practice. In case of remote replication, it’s strongly recommended to have one Veeam proxy running in the production site (closer to the source host), and another one in the remote DR site (closer to the target host). With proxy servers set up on the both ends, the data will cross the WAN in highly-compressed and deduplicated state.

Furthermore, it might be worth deploying additional VB&R server at DR site and creating/managing remote replication jobs from there. Such scenario would guarantee that in case of disaster, when, for instance, your production site with primal VB&R server goes down, all necessary steps, like Failover, Failback and etc. can be performed smoothly by DR VBR Server itself.

Thanks.

[getwidth]

Great information. The stuff I was looking for.

Currently all equipment is onsite, until I get the VPN working right and all servers replicated. Then I will move the DR equipment onsite at DR and...
1. Add another Veeam server, I guess this means another license too right?
2. Add a proxy at the DR site. I might guess that the Veeam server and the proxy server can be the same server and be within the limits of "best practice"?

[veremin]

Add another Veeam server, I guess this means another license too right?

Nope. The Veeam license cares only about a source host. In other words, as long as you’re backing up one host regardless of how many VB&R installations are being used, you won’t need any additional license.

Add a proxy at the DR site. I might guess that the Veeam server and the proxy server can be the same server and be within the limits of "best practice"?

Yep.

Hope this helps.
Thanks.