Axcient Knowledge

●  Status of Axcient Services
Submit a Ticket View My Cases

    Axcient Knowledgebase  /  Axcient Classic Products  /  Axcient Third Party BDRs  /  THIRD PARTY BDR - Quest |Rapid Recovery |AppAssure  /  Quest - AppAssure Continuity Cloud Guide V5

    Quest - AppAssure Continuity Cloud Guide V5

    Super Administrator

    Written By Tami Sutcliffe (Super Administrator)

    Updated at July 31st, 2021

     Last updated: June 10, 2016 

     

    Contents

     Technical Instructions

    Setting Up AppAssure V5 Virtual Standby Jobs

    Managing Your Off-site Core

    Setting Up AppAssure V5 VM Exports

    Axcient Continuity Cloud

    Virtualizing Servers in the Axcient Continuity Cloud For AppAssure V5

    Summary of different types of networks the VM can be connected to

    Virtual Firewall and Router Configuration

    Manage and Start VMs

    Cleaning Up

    Detailed Virtual Firewall and Router Configuration

    PPTP VPN connections for mobile clients

    Additional Assistance

      

    Technical Instructions

     

    Setting Up AppAssure V5 Virtual Standby Jobs

     This section describes how to configure virtual standby jobs if you are using AppAssure V5.

    Note: To configure one-time exports instead of ongoing virtual standby, please see “Setting Up AppAssure V5 VM Exports” below.

    Virtual standby jobs allow you to keep updated Hyper-V or VMware virtual machines that represent the latest version of your protected servers. These VMs are thus ready to be started quickly in case the original protected server is no longer available. Please note that virtual standby is only available for protected Windows servers at this time (version 5.3 of AppAssure).

    If you are using a dedicated Axcient Continuity Cloud node, you can also setup virtual standby jobs on your hosted target CORE, so that any protected servers can also be virtualized in the cloud nearly instantly. If you are not using a dedicated Axcient Continuity Cloud node, then you will only setup virtual standby jobs if and when you need to actually virtualize a server in the cloud, after you have been assigned your on-demand Continuity Cloud node(s).

    Virtual standby jobs allow you to keep updated Hyper-V or VMware virtual machines that represent the latest version of your protected servers. These VMs are thus ready to be started quickly in case the original protected server is no longer available. Please note that virtual standby is only available for protected Windows servers at this time (version 5.3 of AppAssure).

    If you are using a dedicated Axcient Continuity Cloud node, you can also setup virtual standby jobs on your hosted target CORE, so that any protected servers can also be virtualized in the cloud nearly instantly. If you are not using a dedicated Axcient Continuity Cloud node, then you will only setup virtual standby jobs if and when you need to actually virtualize a server in the cloud, after you have been assigned your on-demand Continuity Cloud node(s).

    Virtual standby VMs are updated after each recovery point is received by a CORE and thus are kept up to date all the time. Updates to VMs only need to apply the data blocks changed within the received incremental recovery point, and thus updates to VMs usually complete within a few seconds or minutes. The time required for the initial export depends on the amount of data and other factors, and may take several hours.

     

    Managing Your Off-site Core

    You can manage and monitor the state of your target Core running in the Axcient AppAssure Cloud by pointing your web browser to

    https://aa5-myhostname.aa.sc.efscloud.net:8006/apprecovery/admin/Core (where aa5- myhostname is the name of your Core).

    You can also add your target Core to the AppAssure multi-Core management console software and manage it centrally with your other Cores.

    To setup virtual standby jobs, login to the source or target CORE Admin Console (see Managing Your Off-site Core instructions above), go to the Virtual Standby tab:

     

    In the top right, click the Actions menu, then click Add:

     The Add Virtual Standby dialog will appear:

    Select the Agent you wish to add a virtual standby job for and also the export type. For Hyper-V powered BDR appliances and the Axcient Continuity Cloud, you should choose Hyper-V Export. Then click the Next button.

     

    When configuring the Hyper-V export, for Hyper-V powered BDR appliances, choose Use local machine.

    For the Axcient Continuity Cloud, for the Hyper-V Host Name, use the AppAssure private IP listed in the Private-IPs.txt file on the desktop of your Continuity Cloud node, and for User name and Password use the credentials you were assigned for that Continuity Cloud node. For VM Machine Location choose a path that is local to the Hyper-V server. For Axcient Continuity Cloud nodes and Axcient BDR appliances, choose a directory on the X:\.

    IMPORTANT: The directory should be unique to the name of the protected server you are configuring the virtual standby job for. Make sure the server name is part of the directory path. For example, in this case we are using X:\VMs\Machines\aa5-t1src.

    Note that you can customize how much vRAM is assigned to the standby VM on the Options tab:

     

    If you wish the virtual standby export to begin immediately, check the Perform initial ad-hoc export checkbox. Otherwise the export will begin after the next recovery point is received for this agent. Now click Save to finish setting up the virtual standby job. Proceed to do this for all servers that need to use Virtual Standby.

    You can monitor the progress of the virtual standby export jobs on the Events tab in the management console.

    Note that for replicated agents on the target CORE, the initial replication must fully complete (or the initial seed must be fully consumed) before you can configure virtual standby.

     

    Setting Up AppAssure V5 VM Exports

    VM Exports allows you to export a single virtual machine state from the replication points. This approach does not allow for ongoing or subsequent updates and is generally more applicable to testing or short-term access.

    To export a VM one-time, login to the source or target CORE Admin Console (see instructions above), select the agent in question and go to the Recovery Points tab:

    Select (use the side arrow to expand) the desired Recovery Point:

    Click the Export button (located to the right inside the expanded Recovery Point details:

    Choose Hyper-V in the Recover to a Virtual Machine dropdown and then configure the Remote host options:

     

    Axcient Continuity Cloud

    The Axcient Continuity Cloud is provided to partners and billed on a per-use, as-needed basis. When you want to access the Continuity Cloud, email Support for access. If your servers are down and you want access after-hours, be sure to follow the instructions in the ticket autoresponder email to escalate the ticket to the highest priority.

    When you are granted access, you will be given credentials and an IP address that gives you remote desktop access to one or more Continuity Cloud physical nodes. These physical nodes are running Hyper-V and allow you to quickly virtualize your Replay Virtual Standby jobs. You will be assigned public IPs that are pre-routed into a WAN-DMZ network accessible by your Continuity Cloud nodes. You will have access to a virtual router and firewall that will allow you to easily route traffic from the WAN-DMZ to and from a custom virtual LAN.

     

    Virtualizing Servers in the Axcient Continuity Cloud For AppAssure V5

    To virtualize one or more servers, follow these instructions: 

    1. Login to the AppAssure V5 target CORE admin console, and setup virtual standby jobs for each of the machines to be virtualized (See Managing Your Off-site Core instructions above). 
    1. IMPORTANT: Once the virtual standby jobs have finished, in the AppAssure V5 target CORE admin console, use the Virtual Standby tab to pause all virtual standby jobs for VMs that you are about to turn on. If you forget to do this, while the VMs are running, virtual standby jobs will fail with an error message like:

    1. Next, login to the Continuity Cloud using remote desktop, and open the Hyper-V manager. 
    1. Check the network configuration of each VM to ensure that the first virtual NIC is connected to the “Internal-LAN” virtual network, or the virtual network that you want to use.

     

     Summary of different types of networks the VM can be connected to:

    Internal-LAN: This is normally the network you want to connect the new VM to. It is the private virtual LAN that is also NAT’d behind the virtual firewall. Note that by default all outbound traffic is allowed by the virtual firewall. If you are only using the VM for testing, you may want to configure the virtual firewall to block all outbound traffic by default (see instructions below).

    Internal-Testing-Only: This should be used if you want to completely isolate the VM from any real network. Use this if you want to test your VM without any real network connectivity.

    WAN-DMZ: Do not choose this network. It is the physical network that receives DMZ traffic from your routed public IPs. It should only be connected to the virtual firewall that will already be running. 

     

    1. You may also wish to adjust the number of virtual processors attached to the VM:

       

    Hyper-V currently supports up to 4 virtual processors per VM. 

    1. Once the VMs are configured, use the Hyper-V management console to turn on the VMs. 
    1. Then configure the virtual firewall by following the instructions in the section later in this document titled “Virtual Firewall and Router Configuration.” 
    1. When you are finished running the VMs, stop the VMs using the Hyper-V management console. You can use the AppAssure Admin Console to resume the virtual standby jobs. The next virtual standby export after the VM stops may take longer than normal as it will have to re-scan the VM data to determine which VM data blocks need to be changed to revert the VM back to where it was before the VM was turned on. 

     

    Virtual Firewall and Router Configuration

    Before booting the VM, you must configure your virtual LAN network settings and firewall policies.

    On the desktop, click the Virtual Firewall shortcut:

     

    For additional help with this process , please see the Detailed Virtual Firewall and Router Configuration section later in this document. 

    Once your virtual LAN network settings and firewall policies are configured, you can resume with the next step: managing and starting your VMs.

     

    Manage and Start VMs

    After your virtual router and firewall are properly configured, you’re ready to use Hyper-V to start your VMs.

    You will need to use the Hyper-V console to connect to the VMs, login and reconfigure the network to use the proper LAN IP address. 

    Note: If you are using Server 2003 and you did not already install the integration services, you will need to first install the integration services using the Action menu on the Hyper-V console:

     

    Note: When you are logging in to the VM, press the button in the top-left to simulate pressing CTRL + ALT + DELETE:

    VERY IMPORTANT: If you are virtualizing an SBS server or domain controller, the first time the server boots, when the Windows boot menu appears, you should immediately press F8 and choose Active Directory Restore Mode or Directory Services Restore Mode. Once the server comes up, login as the local Administrator (.\Administrator) using the Directory Services Restore Mode password, then edit the settings for the network adapter to reset the static IP and the DNS server address. For SBS servers, the DNS server address will be the same as the static IP (or 127.0.0.1).

     

    Cleaning Up

    When you have finished with the Axcient Continuity Cloud, the best practice is to delete any of your data from the X: (using Windows Explorer).

    Axcient will reinitialize the underlying RAID volumes when the node is reprovisioned, zeroing out all data on the volume.

    For particularly sensitive data, you may want to securely erase all of the free space on the drive in a way that adheres to DoD standards. To do this, clear the recycle bin and then open a command prompt and run the command “sdelete -c X:” –  This will more securely erase any files you have deleted. Running sdelete may take 24-48 hours, so you should only run it if required by your security procedures.

    To ensure that you are no longer billed for the Axcient Continuity Cloud service, you must update or submit a ticket indicating that you are finished with the node(s) that have been provisioned for you. 

    Note: Once you have submitted a ticket indicating you are finished with the node, you will no longer have access to the machine and Axcient will wipe and reimage the machine from bare metal. Please make sure you have any data that you need before submitting a ticket indicating that you are finished with the nodes. 

     

    Detailed Virtual Firewall and Router Configuration

    Before booting the VM, you must configure your virtual LAN network settings and firewall policies.

    1. On the desktop, click the Virtual Firewall shortcut:

       
    1. Login with the username admin and your assigned Continuity Cloud node password.
    2. From the menu, choose Interfaces and then LAN:

       
    1. In the Static IP configuration section of the page, enter the IP address for the virtual firewall. This IP address will become the default gateway IP for VMs on your LAN. In the example shown, the VM used to be on the network 192.168.10.0/24 (netmask 255.255.255.0) with the default gateway having an IP of 192.168.10.101.

    1. Make sure that the Gateway is set to None. Click Save when you’re finished.

     

    IMPORTANT: Do not check the block private networks option because this would block traffic from the WAN-DMZ. 

    1. At the top of the page, click the Apply changes button:

    1. Next, in the menu at the top of the page, choose Services, DHCP Server. Click the LAN tab. 
    • If you need a DHCP server on the LAN network, enable the DHCP server, and enter the range of IPs you want the DHCP server to use in its pool. Note that typically you can leave the DNS server IPs blank and it will use Axcient's DNS infrastructure. 
    • If you don’t want the firewall to act as a DHCP server, uncheck the option.

    Either way, when you have finished your selections, click the Save button at the bottom of the page. 

    1. All outbound traffic is allowed by default. If you want to disable all outbound traffic by default, browse to the Firewall menu, and find Rules. Click the LAN tab. Find the rule from LAN net to any destination. Click the green arrow on the left to disable the rule:

    Then click the Apply changes button:

    1. Next, setup any ports that need to be forwarded from your assigned public IPs to internal IPs. 

    To do this, go to the Firewall, NAT menu. Click the + icon to add a new rule:

    1. For Destination, choose the proper DMZ IP address corresponding to your desired public IP. Note that the “WAN Address” entry is your primary public IP.

    Secondary public IPs (and corresponding DMZ IPs) are also preconfigured in the drop select list. Public IP address information is in the Public-IPs.txt file on the desktop.

    In this example, we’re selecting the DMZ IP 172.26.128.4, which is receiving traffic from the public IP 38.109.175.128.

     

    1. Next, for the destination port range, choose which protocol you want to forward from the drop down list, or you can manually enter a range of ports.

    In this example, we’re forwarding remote desktop:

    1. For the Redirect target IP and Redirect target port enter the virtual LAN IP address of the server that should receive the forwarded traffic. The target port should normally be the same (in this case, remote desktop):

    1. The NAT reflection setting is normally enabled. This allows servers in your internal LAN to connect to forward ports using your assigned public IPs (sometimes called NAT loopback).
      Note that this may not work in all scenarios. 

    1. The Filter rule association setting determines whether to automatically add a firewall rules to allow the port forwarded traffic. You should select Add associated filter rule
    1. Once you’re finished configuring the port forward rule, click Save. Then click Apply ChangesRepeat this for all ports that you want to forward. 

    Note that you can also setup 1:1 NAT if desired. Normally you do not need to customize Outbound NAT.

    If you want to tie your virtual LAN to your actual LAN through an IPsec firewall, please see detailed instructions here: http://doc.pfsense.org/index.php/VPN_Capability_IPsec.

     

    PPTP VPN connections for mobile clients

    If you want to setup PPTP VPN connections for mobile clients to connect, go to VPN in the menu across the top and choose PPTP. 

    1. Change the radio button to Enable PPTP Server. The server address and remote address range determine the default gateway and assigned private IP addresses for PPTP clients. Normally, you want to choose a subsection of your LAN subset to use for your PPTP network. In this example, the LAN network is 192.168.5.0/24, so we’re assigning 32 of these addresses to be used for PPTP clients, starting with the IP address 192.168.5.192:



    2. Choose whether you want to require strong encryption, and then click Save. The virtual firewall should already be preconfigured to allow all traffic from PPTP clients to the LAN network.

       
    1. Next, click the Users tab on the PPTP settings page to add PPTP users:

    1. For each user, click the add button, and then enter a Username and Password.

    Once users are setup, each user can use a PPTP client to connect.

    For example, below are sample instructions for a Windows 7 machine:

     

    Instructions for a Windows 7 machine: 

     

    In the network and sharing center, choose to connect to a new network that is a VPN over an Internet Connection.

    Put in your primary WAN public IP:

     

    Make sure to check the “Don’t connect now” option.

    Click Next, and put in the username and password:

     

     

     

    In the windows tray, click the network icon, then right click the new VPN connection and choose Properties:

    Go to the network tab of the properties page, select IPv4, and choose Properties, then click Advanced:


     

     

    Make sure to uncheck the Use default gateway on remote network option:

    Then save all changes.

     

    Your Windows 7 user should now be able to connect and access LAN resources.

     

    Additional Assistance

     

    AppAssure and Axcient are committed to responsive, competent technical support.

    Our teams strive to exceed your expectations.

     

    For issues or questions regarding the AppAssure V5 software:

    • If you purchase licenses from AppAssure directly, please contact AppAssure technical support at (703) 480-0100 or  support@appassure.com.

     

    For assistance with the Axcient Continuity Cloud or to troubleshoot network, replication, or CORE server issues:

    • Contact Axcient Support
    • Call us at 800-352-0248.

     

     

     

    Copyright © 2016 Axcient Inc. All rights reserved. Axcient , Inc. is the sole author of this document; use of the AppAssure trademark does not imply official endorsement by Dell. Axcient and the Axcient logo are trademarks of Axcient Inc. AppAssure is a trademark of Dell. AXCIENT AND DELL MAKE NO WARRANTIES, EXPRESSED OR IMPLIED, IN THIS DOCUMENT.

     

     

    Related Articles

    Quest Rapid Recovery v6.x Cloud Replication Guide

    Using the Rapid Recovery cloud, you can replicate data to the Enterprise Storage ...