Quest - Rapid Recovery V6 - Set up virtual standby jobs

Written By Tami Sutcliffe (Super Administrator)

Updated at July 31st, 2021

Technical Instructions

Set Up Virtual Standby Jobs for Rapid Recovery V6 

This section describes how to configure virtual standby jobs if you are using Rapid Recovery V6.

Note: To configure one-time exports instead of ongoing virtual standby, please see Setting Up Rapid Recovery V6 VM Exports (below).

Virtual standby jobs allow you to keep updated Hyper-V or VMware virtual machines that represent the latest version of your protected servers. These VMs are thus ready to be started quickly in case the original protected server is no longer available. 

  • If you are using a dedicated Axcient Continuity Cloud node, you can setup virtual standby jobs on your hosted target CORE, so that any protected servers can also be virtualized in the cloud nearly instantly.
  • If you are not using a dedicated Axcient Continuity Cloud node, then you will not be setting up virtual standby jobs. Instead, you will be running one-time exports, after you have been assigned your on-demand Continuity Cloud node(s).

Virtual standby VMs are updated after each recovery point is received by a CORE and thus are kept up to date all the time. Updates to VMs only need to apply the data blocks changed within the received incremental recovery point, and thus updates to VMs usually complete within a few seconds or minutes. The time required for the initial export depends on the amount of data and other factors, and may take several hours to complete.

Manage Your Off-site Core

You can manage and monitor the state of your target Core running in the Axcient Rapid Recovery Cloud by pointing your web browser to

https://aa-myhostname.aa.sc.efscloud.net:8006/apprecovery/admin/Core (where “aa- myhostname” is the name of your Core).

You can also add your target Core to the Rapid Recovery multi-Core management console software and manage it centrally with your other Cores.

To setup virtual standby jobs, login to the source or target CORE Admin Console (see Managing Your Off-site Core instructions above), and follow these instructions: 

1. Select the machine you want to do the Virtual Standby for and go to the Recovery Points tab.

 

2. Click the More Actions (…) button on the Recovery Point you want to use, and select Export.
 

3. Select Continual export (virtual standby) and click Next.

4. Select the appropriate core and click Next
 

 

5. Select the appropriate choice for you: Hyper-V or VMWare

a.)  Hyper-V: Enter the appropriate information. The Port will always be 8010. The IP and username/password that was provided to you in the snippet with your node access information. Click Next.

b.)  VMWare: Enter the appropriate information. The VM Location can be any path you want to use on the node.  You will need to use a location on the X drive to have enough space. Click Next.

6. Hyper-V: Fill in the VM Location – this can be any path you want to use on the node.  You will need to use a location on the X drive to have enough space. The VM name will be filled in automatically, but you can change it if you want to. The RAM, processors, and cores should be set to whatever your needs are – you can set it the same as the source machine, or specify it, depending on your needs and available resources on the node. The Generation and Disk format will be based on your specific situation. If you’re not sure which to use, please reach out to Axcient Support for assistance. Click Next.IMPORTANT: The directory should be unique to the name of the protected server you are configuring the virtual standby job for. Make sure the server name is part of the directory path. For example,   X:\VMs\Machines\aa6-t1src.

VMWare: The VM name will be filled in automatically, but you can change it if you want to. The RAM, Number of processors, and Cores per processor should be set to whatever your needs are – you can set it the same as the source machine, or specify it, depending on your needs and available resources on the node. Click Next.
 

7. For Hyper-V ONLY: Select the appropriate Network Adapter for your situation. Depending on if you are just testing or have a live disaster situation, you will choose the appropriate virtual adapter for your situation. Keep in mind, this can be changed later, so if you are not sure, it is best to select Internal-LAN. Click Next.

 

8. For BOTH Hyper-V and VMWare: Select the volumes you want to restore. It is best to restore all volumes available, but if you have a System Reserved volume then you MUST restore it with the C volume. Restoring volumes from the same machine in multiple restore jobs requires extra steps to make the machine have access to all drives. This is not recommended to do. Click Finish to start the virtual machine creation.

The export will begin after the next recovery point is received for this agent. Proceed to do this for all servers that need to use Virtual Standby.

You can monitor the progress of the virtual standby export jobs on the Events tab in the management console.

Note that for replicated agents on the target CORE, the initial replication must fully complete (or the initial seed must be fully consumed) before you can configure virtual standby.

Setting Up Rapid Recovery V6 VM Exports

VM Exports allows you to export a single virtual machine state from the replication points. This approach does not allow for ongoing or subsequent updates and is generally more applicable to testing or short-term access.

To export a VM one-time, login to the source or target CORE Admin Console (see instructions above), and follow these steps: 

1. Select the agent in question and go to the Recovery Points tab:

 

2. Select (use the side arrow to expand) the desired Recovery Point:

 

3. Click the Export button (located in the Gear menu on the right side):

 

4. Select One-time Export and click Next.
 

5. Select the appropriate machine and click Next.

6. Select the recovery point you wish to use and click Next.
 

7. Select the appropriate option for you.
 

 a.)  For Hyper-V : Enter the appropriate information. The Port will always be 8010. The IP and username/password that was provided to you in the snippet with your node access information. Click Next. 

b.)  For VMWare: Enter the appropriate information. The VM Location can be any path you want to use on the node.  You will need to use a location on the X drive to have enough space. Click Next.

8. For Hyper-V: Fill in the VM Location – this can be any path you want to use on the node.  You will need to use a location on the X drive to have enough space. The VM name will be filled in automatically, but you can change it if you want to. The RAM should be set to whatever your needs are – you can set it the same as the source machine, or specify it, depending on your needs and available resources on the node. The Generation and Disk format will be based on your specific situation. If you’re not sure which to use, please reach out to Support for assistance. Click Next.


 
For VMWare: The VM name will be filled in automatically, but you can change it if you want to. The RAM, Number of processors, and Cores per processor should be set to whatever your needs are – you can set it the same as the source machine, or specify it, depending on your needs and available resources on the node. Click Next.
 


 
IMPORTANT: The directory should be unique to the name of the protected server you are configuring the virtual standby job for. Make sure the server name is part of the directory path. For example, X:\VMs\Machines\aa6-t1src.
 

9. For Hyper-V ONLY: Select the appropriate Network Adapter for your situation. Depending on if you are just testing or have a live disaster situation, you will choose the appropriate virtual adapter for your situation. Keep in mind, this can be changed later, so if you are not sure, it is best to select Internal-LAN. Click Next.

10. For both Hyper-V and VMWare: Select the volumes you want to restore. It is best to restore all volumes available, but if you have a System Reserved volume then you MUST restore it with the C volume. Restoring volumes from the same machine in multiple restore jobs requires extra steps to make the machine have access to all drives. This is not recommended to do. Click Finish to start the virtual machine creation.

Axcient Continuity Cloud

The Axcient Continuity Cloud is provided to partners and billed on a per-use, as-needed basis. Reach out to Support if you need to get started using the Continuity Cloud.

When you are granted access, you will be given credentials and an IP address that gives you remote desktop access to one or more Continuity Cloud physical nodes. These physical nodes are running Hyper-V and allow you to quickly virtualize your RapidRecovery Virtual Standby jobs. You will be assigned public IPs that are pre-routed into a WAN-DMZ network accessible by your Continuity Cloud nodes. You will have access to a virtual router and firewall that will allow you to easily route traffic from the WAN-DMZ to and from a custom virtual LAN.

Virtualizing Servers in the Axcient Continuity Cloud For Rapid Recovery V6

To virtualize one or more servers, follow these instructions:

1. Login to the Rapid Recovery V6 target CORE admin console, and setup VM export jobs for each of the machines to be virtualized (See Managing Your Off-site Core instructions above).

2.  IMPORTANT: Once the VM export jobs have finished, in the Rapid Recovery V6 target CORE admin console, use the Virtual Standby tab to pause all virtual standby jobs for VMs that you are about to turn on. If you forget to do this, while the VMs are running, virtual standby jobs will fail.

failure1.jpg

3. Next, login to the Continuity Cloud using remote desktop, and open the Hyper-V manager.

4. Check the network configuration of each VM to ensure that the first virtual NIC is connected to the “Internal-LAN” virtual network, or the virtual network that you want to use.

Summary of different types of networks the VM can be connected to:

a) Internal-LAN: This is normally the network you want to connect the new VM to. It is the private virtual LAN that is also NAT’d behind the virtual firewall. Note: by default all outbound traffic is allowed by the virtual firewall. If you are only using the VM for testing, you may want to configure the virtual firewall to block all outbound traffic by default (see instructions below).

b) Internal-Testing-Only: This should be used if you want to completely isolate the VM from any real network. Use this if you want to test your VM without any real network connectivity.

c) WAN-DMZ: Do not choose this network. It is the physical network that receives DMZ traffic from your routed public IPs. It should only be connected to the virtual firewall that will already be running.

5. You may also wish to adjust the number of virtual processors attached to the VM:

number1.jpg

Hyper-V currently supports up to 4 virtual processors per VM.

6. Once the VMs are configured, use the Management Console to turn on the VMs.

7. Then configure the virtual firewall by following the instructions in the section later in this document titled “Virtual Firewall and Router Configuration.”

8. When you are finished running the VMs, stop the VMs using the Management Console. You can use the RapidRecovery Admin Console to resume the virtual standby jobs. The next virtual standby export after the VM stops may take longer than normal as it will have to re-scan the VM data to determine which VM data blocks need to be changed to revert the VM back to where it was before the VM was turned on.

Virtual Firewall and Router Configuration

Before booting the VM, you must configure your virtual LAN network settings and firewall policies.

On the desktop, click the Virtual Firewall shortcut:

 

For additional help with this process , please see the Detailed Virtual Firewall and Router Configuration section later in this document. 

Once your virtual LAN network settings and firewall policies are configured, you can resume with the next step: managing and starting your VMs.

Manage and Start VMs

After your virtual router and firewall are properly configured, you’re ready to use Hyper-V to start your VMs.

You will need to use the Hyper-V console to connect to the VMs, login and reconfigure the network to use the proper LAN IP address. 

Note: If you are using Server 2003 and you did not already install the integration services, you will need to first install the integration services using the Action menu on the Hyper-V console:

 

Note: When you are logging in to the VM, press the button in the top-left to simulate pressing CTRL + ALT + DELETE:

VERY IMPORTANT: If you are virtualizing an SBS server or domain controller, the first time the server boots, when the Windows boot menu appears, you should immediately press F8 and choose Active Directory Restore Mode or Directory Services Restore Mode. Once the server comes up, login as the local Administrator (.\Administrator) using the Directory Services Restore Mode password, then edit the settings for the network adapter to reset the static IP and the DNS server address. For SBS servers, the DNS server address will be the same as the static IP (or 127.0.0.1).

Cleaning Up

When you have finished with the Axcient Continuity Cloud, the best practice is to delete any of your data from the X: (using Windows Explorer).

Axcient will reinitialize the underlying RAID volumes when the node is reprovisioned, zeroing out all data on the volume.

For particularly sensitive data, you may want to securely erase all of the free space on the drive in a way that adheres to DoD standards. To do this, clear the recycle bin and then open a command prompt and run the command “sdelete -c X:” –  This will more securely erase any files you have deleted. Running sdelete may take 24-48 hours, so you should only run it if required by your security procedures.

To ensure that you are no longer billed for the Axcient Continuity Cloud service, you must update or submit a ticket indicating that you are finished with the node(s) that have been provisioned for you.

Note: Once you have submitted a ticket indicating you are finished with the node, you will no longer have access to the machine and Axcient will wipe and reimage the machine from bare metal. Please make sure you have any data that you need before submitting a ticket indicating that you are finished with the nodes. 

Detailed Virtual Firewall and Router Configuration

Before booting the VM, you must configure your virtual LAN network settings and firewall policies.

1. On the desktop, click the Virtual Firewall shortcut:

 

2. Login with the username admin and your assigned Continuity Cloud node password.

3. From the menu, choose Interfaces and then LAN:

 
 

4. In the Static IP configuration section of the page, enter the IP address for the virtual firewall. This IP address will become the default gateway IP for VMs on your LAN. In the example shown, the VM used to be on the network 192.168.10.0/24 (netmask 255.255.255.0) with the default gateway having an IP of 192.168.10.101.

5. Make sure that the Gateway is set to None. Click Save when you’re finished.

IMPORTANT: Do not check the block private networks option because this would block traffic from the WAN-DMZ. 

6. At the top of the page, click the Apply changes button:

7. Next, in the menu at the top of the page, choose Services, DHCP Server. Click the LAN tab. 

  • If you need a DHCP server on the LAN network, enable the DHCP server, and enter the range of IPs you want the DHCP server to use in its pool. Note that typically you can leave the DNS server IPs blank and it will use Axcient's DNS infrastructure. 
  • If you don’t want the firewall to act as a DHCP server, uncheck the option.

Either way, when you have finished your selections, click the Save button at the bottom of the page. 

8. All outbound traffic is allowed by default. If you want to disable all outbound traffic by default, browse to the Firewall menu, and find Rules. Click the LAN tab. Find the rule from LAN net to any destination. Click the green arrow on the left to disable the rule:

Then click the Apply changes button:

9. Next, setup any ports that need to be forwarded from your assigned public IPs to internal IPs. 

To do this, go to the Firewall, NAT menu. Click the + icon to add a new rule:

10. For Destination, choose the proper DMZ IP address corresponding to your desired public IP. Note that the “WAN Address” entry is your primary public IP.

Secondary public IPs (and corresponding DMZ IPs) are also preconfigured in the drop select list. Public IP address information is in the Public-IPs.txt file on the desktop.

In this example, we’re selecting the DMZ IP 172.26.128.4, which is receiving traffic from the public IP 38.109.175.128.

 

11. Next, for the destination port range, choose which protocol you want to forward from the drop down list, or you can manually enter a range of ports.

In this example, we’re forwarding remote desktop:

12. For the Redirect target IP and Redirect target port enter the virtual LAN IP address of the server that should receive the forwarded traffic. The target port should normally be the same (in this case, remote desktop):

13. The NAT reflection setting is normally enabled. This allows servers in your internal LAN to connect to forward ports using your assigned public IPs (sometimes called NAT loopback).
Note that this may not work in all scenarios.

14. The Filter rule association setting determines whether to automatically add a firewall rules to allow the port forwarded traffic. You should select Add associated filter rule

15. Once you’re finished configuring the port forward rule, click Save. Then click Apply Changes. Repeat this for all ports that you want to forward. 

Note that you can also setup 1:1 NAT if desired. Normally you do not need to customize Outbound NAT.

If you want to tie your virtual LAN to your actual LAN through an IPsec firewall, please see detailed instructions here: http://doc.pfsense.org/index.php/VPN_Capability_IPsec.

PPTP VPN connections for mobile clients

If you want to setup PPTP VPN connections for mobile clients to connect, go to VPN in the menu across the top and choose PPTP. 

  1. Change the radio button to Enable PPTP Server. The server address and remote address range determine the default gateway and assigned private IP addresses for PPTP clients. Normally, you want to choose a subsection of your LAN subset to use for your PPTP network. In this example, the LAN network is 192.168.5.0/24, so we’re assigning 32 of these addresses to be used for PPTP clients, starting with the IP address 192.168.5.192:

     
  2. Choose whether you want to require strong encryption, and then click Save. The virtual firewall should already be preconfigured to allow all traffic from PPTP clients to the LAN network.

     
  3. Next, click the Users tab on the PPTP settings page to add PPTP users:

  4. For each user, click the add button, and then enter a Username and Password.

Once users are setup, each user can use a PPTP client to connect.

For example, below are sample instructions for a Windows 7 machine:

Instructions for a Windows 7 machine: 

In the network and sharing center, choose to connect to a new network that is a VPN over an Internet Connection.

Put in your primary WAN public IP.

NOTE: Make sure to check the Don’t connect now option.

 

 

Click Next, and enter the username and password:

 

In the windows tray, click the network icon, then right click the new VPN connection and choose Properties:

Go to the network tab of the properties page, select IPv4, and choose Properties, then click Advanced:

 

 

Make sure to uncheck the Use default gateway on remote network option:

Then save all changes.

Your Windows 7 user should now be able to connect and access LAN resources.

Additional Assistance

Rapid Recovery and Axcient are committed to responsive, competent technical support.

Our teams strive to exceed your expectations.

For issues or questions regarding the Rapid Recovery V6 software:

  • If you purchase licenses from Rapid Recovery directly, please contact Rapid Recovery technical support at (703) 480-0100 or  support@Rapid Recovery.com.

For assistance with the Axcient Continuity Cloud or to troubleshoot network, replication, or CORE server issues:

  • Contact Axcient Support
  • Call us at 800-352-0248.