Site Recovery

Using Site Recovery Jobs, NAKIVO Backup & Replication can automate the execution of one or more actions. An action is a single task that can be included in a Site Recovery Job. The list of available actions can be found under Site Recovery Job Wizard: Actions.

Special Actions used in recovering your IT environment with a Site Recovery Job are Failover and Failback:

Failover switches workloads from the primary location to a secondary recovery location. With Failover action, you can temporarily suspend workloads on the primary location, and start them from the recovery location.
Failback is the process of synchronizing data that has changed since Failover finished, back to the primary location. With Failback action, you can stop workloads on the secondary location and switch them back to the primary location.

Failover and Failback actions are applicable to replicas, and switch replica states from Failover to Normal correspondingly. The Site Recovery Job can be executed in one of the following modes:

Test mode is designed to verify the Site Recovery Job workflow and results. You can execute a Site Recovery Job in the test mode on demand or on schedule. Refer to Running Site Recovery Job in Test Mode for details.
Production mode is designed to recover the environment from a disaster. You can execute a Site Recovery Job in the production mode on demand only. Refer to Running Site Recovery Job in Production Mode for details.

When the Site Recovery Job is run in the production mode, Failover may be either of the following types:

Planned failover is designed to achieve zero data loss when disaster happens. The application will sync replica data with the source VM before switching workloads to the replica.
Emergency failover is designed to minimize downtime. The application will switch workloads from the source VM to the replica immediately.

The topic includes the following sections:

Workflow of Site Recovery Job
Cleanup of Site Recovery Job Testing

Workflow of Site Recovery Job

If your Site Recovery Job contains a Failover action, the action will be executed as follows:

Site Recovery Job is executed in production mode as Emergency Failover is being carried out:
1. Replication from the source VM to the replica will be disabled.
2. The replica will be rolled back to a specified recovery point (optional, as the latest recovery point is used by default).
3. The replica will be connected to a new network (optional).
4. The static IP address of the replica will be modified (optional).
5. The source VM will be powered off (optional).
6. The replica will be powered on.
7. The replica will be switched to the Failover state.
Site Recovery Job is executed in production mode as Planned Failover is being carried out:
1. Replication from the source VM to the replica will be disabled.
2. An incremental replication from the source VM to the replica will be run once.
3. The source VM will be powered off.
4. An incremental replication from the source VM to the replica will be run once more.
5. The replica will be connected to a new network (optional).
6. The static IP address of the replica will be modified (optional).
7. The replica will be powered on.
8. The replica will be switched to the Failover state.
Site Recovery Job is executed in test mode:
1. Replication from the source VM to the replica will be disabled.
2. An incremental replication from the source VM to the replica will be run once.
3. The replica will be connected to an isolated network (optional).
4. The static IP address of the replica will be modified (optional).
5. The replica will be powered on.
6. The replica will be switched to the Failover state.

If your Site Recovery Job contains a Failback action, the action will be executed as follows:

Site Recovery Job is executed in the production mode:
1. The source VM will be powered off (if it exists and is powered on).
2. A protective snapshot of the source VM will be created.
3. An incremental or full replication from the replica to the source VM will be run once.
4. The replica will be powered off (optional).
5. An incremental replication from replica to the source VM will be run once more.
6. The source VM will be connected to a new network (optional).
7. The static IP address of the source VM will be modified (optional).
8. The source VM will be powered on.
Site Recovery Job is executed in test mode:
1. The source VM will be powered off (if it exists and is powered on).
2. A protective snapshot of the source VM will be created.
3. An incremental or full replication from replica to the source VM will be run once.
4. The source VM will be connected to an isolated network (optional).
5. The static IP address of the source VM will be modified (optional).
6. The source VM will be powered on.

Cleanup of Site Recovery Job Testing

After executing a Site Recovery Job in test mode, the cleanup will be carried out as follows:

VMs that have been powered on during the Site Recovery Job testing will be powered off, and vice versa.
Repositories that have been attached during the Site Recovery Job testing will be detached, and vice versa.
Jobs that have been enabled during the Site Recovery Job testing will be disabled, and vice versa.
If the Failover action was part of the Site Recovery Job testing:
1. The replica will be powered off.
2. The replica will be reverted to the pre-Failover state via the snapshot.
3. The replica will be switched to the Normal state.
4. Replication from the source VM to the replica will be enabled.
If the Failback action was part of the Site Recovery Job testing:
1. The source VM will be removed (if it did not exist before the Site Recovery Job testing), or else:
2. The source VM will be reverted to the protective snapshot.
3. The source VM will be powered on (if it exists and was powered off).
4. The protective snapshot will be removed from the source VM.