Migrate Applications and Enable Disaster Recovery with CloudAny

You can use CloudAny to perform source-agnostic migration and recovery of your applications and data. You can migrate and backup applications from on-premises systems and other cloud systems to Oracle Cloud Infrastructure (OCI), and then recover those systems when needed.

Architecture

This architecture shows how you can use CloudAny to migrate and backup applications from both on-premises systems and other cloud systems to Oracle Cloud Infrastructure (OCI). When needed, you can use CloudAny to automate disaster recovery across physical, virtual, or public cloud environments into OCI.

The following are some of CloudAny's capabilities:

• Cloud Migration: Automated lift-and-shift migration with continuous replication and unlimited tests. Enables you to migrate Windows Server and Linux machines between on-premises and other cloud platforms into OCI.
• Cloud Disaster Recovery: Ensures business continuity with an automated disaster recovery solution optimized for OCI that meets critical RPO and RTO objectives. Provides one-click disaster recovery which is integrated with various platforms. You can further customize with your user scripts.
• Legacy Apps Migration Simplifies virtualization and hardware refresh of legacy applications. Block-based replication tech migrates both application and data into OCI without reinstalling the application or restoring data.

The following diagram illustrates the workflow from on-premises and third party cloud sources to OCI.

Description of the illustration cloudany-migration-dr-logical-arch.png

GUID-60057BAC-08EE-4827-8377-968C4C5B811D

The architecture flow is the same from an on-premises deployment or a third-party deployment to OCI, as follows:

1. The CASource agent is installed on-premises or on the third-party cloud. It captures block level changes from applications outside of OCI and sends them to the CAServer on the target OCI Region.
2. The CAServer agent is installed on the target OCI Region.
3. The CAServer retrieves the replication data from the CASource agent and manages the replication process.
4. The CAServer saves the replicated data in block storage on OCI. Block storage provides a scalable and reliable storage solution for the replicated data.
5. Provision virtual machines (VMs) on-demand on OCI using the stored data. This allows for the quick and flexible deployment of VMs in the target cloud as needed.
6. Users can access the VM on OCI from on-premises or the internet.

The following diagram illustrates the OCI architecture:

Description of the illustration cloudany-migration-dr-arch.png

GUID-E86039FA-1365-4BD4-B5B7-9E2FB8BB0E31

The architecture has the following CloudAny components:

• CASource Agent

  The CASource Agent captures block level changes and sends the data to the target CAServer. The agent is installed on the source server. In this architecture, the source server is located in Site A on-premises and Site B in a 3rd party cloud.

• CAServer

  The CAServer receives replication data from the on-premises CASource Agent and manages the replication process. In this architecture, the CAServer is installed in a private subnet (replication subnet) on OCI.

• CloudAny management console
  The CloudAny management console centralizes control and coordination of replication and recovery processes. In this architecture, the management console is installed in a private subnet (replication subnet) on OCI. It performs the following functions:

  • Manages server and client registrations
  • Exchanges information and commands
  • Automates cloud operations
  • Serves as an interface for tasks
  • Stores execution data for future reference
  • Supports many-to-many replication

The architecture has the following OCI components:

• Region

  An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).

• Availability domains

  Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain shouldn't affect the other availability domains in the region.

• Virtual cloud network (VCN) and subnets

  A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.

• Bastion host

  The bastion host is a compute instance that serves as a secure, controlled entry point to the topology from outside the cloud. The bastion host is provisioned typically in a demilitarized zone (DMZ). It enables you to protect sensitive resources by placing them in private networks that can't be accessed directly from outside the cloud. The topology has a single, known entry point that you can monitor and audit regularly. So, you can avoid exposing the more sensitive components of the topology without compromising access to them.

• Bastion service

  Oracle Cloud Infrastructure Bastion provides restricted and time-limited secure access to resources that don't have public endpoints and that require strict resource access controls, such as bare metal and virtual machines, Oracle MySQL Database Service, Autonomous Transaction Processing (ATP), Oracle Container Engine for Kubernetes (OKE), and any other resource that allows Secure Shell Protocol (SSH) access. With Oracle Cloud Infrastructure Bastion service, you can enable access to private hosts without deploying and maintaining a jump host. In addition, you gain improved security posture with identity-based permissions and a centralized, audited, and time-bound SSH session. Oracle Cloud Infrastructure Bastion removes the need for a public IP for bastion access, eliminating the hassle and potential attack surface when providing remote access.

• Load balancer

  The Oracle Cloud Infrastructure Load Balancing service provides automated traffic distribution from a single entry point to multiple servers in the back end.

• Oracle Base Database Service

  Oracle Base Database Service is an Oracle Cloud Infrastructure (OCI) database service that enables you to build, scale, and manage full-featured Oracle databases on virtual machines. Oracle Base Database Service uses OCI Block Volumes storage instead of local storage and can run Oracle Real Application Clusters (Oracle RAC) to improve availability.

• Block volume

  With block storage volumes, you can create, attach, connect, and move storage volumes, and change volume performance to meet your storage, performance, and application requirements. After you attach and connect a volume to an instance, you can use the volume like a regular hard drive. You can also disconnect a volume and attach it to another instance without losing data.

• Oracle Services Network

  The Oracle Services Network (OSN) is a conceptual network in Oracle Cloud Infrastructure that is reserved for Oracle services. These services have public IP addresses that you can reach over the internet. Hosts outside Oracle Cloud can access the OSN privately by using Oracle Cloud Infrastructure FastConnect or VPN Connect. Hosts in your VCNs can access the OSN privately through a service gateway.

• FastConnect

  Oracle Cloud Infrastructure FastConnect provides an easy way to create a dedicated, private connection between your data center and Oracle Cloud Infrastructure. FastConnect provides higher-bandwidth options and a more reliable networking experience when compared with internet-based connections.

• Internet gateway

  The internet gateway allows traffic between the public subnets in a VCN and the public internet.

• Service gateway

  The service gateway provides access from a VCN to other services, such as Oracle Cloud Infrastructure Object Storage. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and does not traverse the internet.

• Dynamic routing gateway (DRG)

  The DRG is a virtual router that provides a path for private network traffic between VCNs in the same region, between a VCN and a network outside the region, such as a VCN in another Oracle Cloud Infrastructure region, an on-premises network, or a network in another cloud provider.

• Network security group (NSG)

  Network security group (NSG) acts as a virtual firewall for your cloud resources. With the zero-trust security model of Oracle Cloud Infrastructure, all traffic is denied, and you can control the network traffic inside a VCN. An NSG consists of a set of ingress and egress security rules that apply to only a specified set of VNICs in a single VCN.

• Route table

  Virtual route tables contain rules to route traffic from subnets to destinations outside a VCN, typically through gateways.

Recommendations

Use the following recommendations as a starting point to backup or migrate your workloads to OCI. Your requirements might differ from the architecture described here.

• VCN

  When you create a VCN, determine the number of CIDR blocks required and the size of each block based on the number of resources that you plan to attach to subnets in the VCN. Use CIDR blocks that are within the standard private IP address space.

  Select CIDR blocks that don't overlap with any other network (in Oracle Cloud Infrastructure, your on-premises data center, or another cloud provider) to which you intend to set up private connections.

  After you create a VCN, you can change, add, and remove its CIDR blocks.

  When you design the subnets, consider your traffic flow and security requirements. Attach all the resources within a specific tier or role to the same subnet, which can serve as a security boundary.

• Network security groups (NSGs)

  You can use NSGs to define a set of ingress and egress rules that apply to specific VNICs. We recommend using NSGs rather than security lists, because NSGs enable you to separate the VCN's subnet architecture from the security requirements of your application.

• Network and DNS resolution

  Network and DNS resolution is typically configured and managed separately when working with disaster recovery scenarios.

• Load balancer bandwidth

  While creating the load balancer, you can either select a predefined shape that provides a fixed bandwidth, or specify a custom (flexible) shape where you set a bandwidth range and let the service scale the bandwidth automatically based on traffic patterns. With either approach, you can change the shape at any time after creating the load balancer.

• System configuration for CloudAny Disaster Recovery

  Use the following recommendations to help configure your systems:

  • Minimum server specification: a virtual machine with 8 cores, 16GB RAM, and a 100GB disk.
  • Use the predefined CloudAny image to provision and setup the CAServer software in the OCI target cloud.

Considerations

When enabling migration and disaster recovery with CloudAny, consider the following:

• Scalability

  The CloudAny solution is designed to scale efficiently with your business needs. It supports adding new servers and resources dynamically, ensuring that the disaster recovery infrastructure can grow seamlessly with increased data and workload demands.

• Security

  CloudAny employs robust security measures, including end-to-end encryption and secure data transfer protocols. All data in transit and at rest is protected, ensuring that sensitive information remains secure throughout the replication and recovery processes.

• Cost

  CloudAny offers a cost-effective disaster recovery solution by optimizing resource usage and providing flexible pricing models. The pay-as-you-go structure helps manage costs efficiently, allowing businesses to only pay for the resources they actually use.

Features

• Fully Integrated with Platform APIs

  The solution integrates with platform APIs to deliver complex workflows with simplicity and automation. It also provides RESTful APIs for customization and to meet various specifications.

• Supports All Network Infrastructures

  CloudAny supports various IP network architectures, such as LAN, NAT, VPN, and Internet to or from any environment. It is optimized for Internet use with automatic retry and encryption to ensure reliable data transfer.

• Single Policy Recovery for All

  A unified protection scheme applies to most recovery scenarios, whether it is from data center to cloud, cloud to cloud, or cloud to data center. This reduces maintenance and learning barriers, making the recovery process straightforward.

• Intelligent Target Identification

  The solution automatically identifies the target environment to create a bootable recovered disk and machine. This minimizes human intervention and simplifies the recovery flow.

• Minimal Source Impact

  CloudAny allows customizable bandwidth consumption with low CPU and memory usage. This avoids impacting everyday business processes while maximizing the speed of replication.

Explore More

Learn more about Oracle Cloud Infrastructure (OCI) and CloudAny.

Review these additional resources:

• Best practices framework for Oracle Cloud Infrastructure
• Oracle Cloud Cost Estimator
• Cloud Adoption Framework
• Oracle Cloud Infrastructure Documentation
• CloudAny Migration and Disaster Recovery website

Acknowledgments

• Author: Hua Jiang, Zaid Al Qaddoumi, Teck Hock Chua (Arrosoft CloudAny), Ronson Ong (Arrosoft CloudAny), Eric Liew (Arrosoft CloudAny)
• Contributors: Joanne Chua, Laura Hartman