Appranix Protect Service

Appranix Protect Service offers protection and cross-region recovery of applications at a massive scale using cloud-native, app-centric data management. SREs and cloud operations teams do not have to use any complicated scripts or infrastructure-centric backup tools on top of cloud virtual machines. Appranix discovers hundreds and thousands of data points from cloud resources to automate the cross-region recovery for disaster recovery, test and development, ransomware recovery and business continuity.

Cloud accounts

Figure 1 - Cloud accounts

configure-cloud

Figure 2 - Configure your public cloud

Discovered cloud resources

Figure 3 - Discovered cloud resources

create-assembly

Figure 4 - Create Assembly

list-assembly

Figure 5 - Assemblies list

discovered-resource-details

Figure 6 - Discovered cloud resource details

LiveBackup policy creation

Figure 7 - Protection policy creation

backup-lists

Figure 8 - Protection timeline

recover

Figure 9 - Recover

reset

Figure 10 - Reset

Process to Delete Environments and Assemblies

  1. Select the required Cloud name from the Cloud Account Page

    Cloud accounts

    Figure 1 - Cloud accounts

  2. Click the associated Assembly to view the environments list

    Resource List

    Figure 2 - Resource List

  3. In Assembly Page, select the environment from the environments list

    Environment List

    Figure 3 - Environment List

  4. In Environment Configuration Tab, Click the “DELETE” button for Deleting the environment

    Environment Configuration

    Figure 4 - Environment Configuration

  5. Select the required option for deleting the snapshots at primary and recovery regions. Type text ‘DELETE’’ to confirm

    Delete Confirmation

    Figure 5 - Delete Confirmation

  6. Once the delete action is triggered by APS, all the selected resources will be deleted in the order in which they were created. It may take a few minutes to complete. APS will redirect the user to the Cloud Configuration Page.

    Cloud accounts

    Figure 6 - Cloud accounts

Primary Region Recovery

  1. Configure Cloud accounts

    Cloud accounts

    Figure 1 - Cloud accounts

  2. Create Cloud accounts

    configure-cloud

    Figure 2 - Configure your public cloud

  3. Create Assembly

    Create Assembly

    Figure3 - Create Assemebly

  4. Create a policy

    Create policy

    Figure 4 - Create policy

  5. Timeline

    Timeline

    Figure 5 - Timeline

  6. Recover primary region

     Recover primary region

    Figure 6 - Recover primary region

  7. Recover primary region - Select resources for recovery

     Select resources for recovery

    Figure 7 - Select resources for recovery

  8. Recover primary region - Recreate instance with new IP or ignore

    Recreate instance with new IP or ignore

    Figure 8 - Recreate instance with new IP or ignore

  9. Recover primary region - Recovery in progress

    Recovery in progress

    Figure 9 - Recovery in progress

  10. Recover primary region - Recovery Completed

    Recover primary region - Recovery Completed

    Figure 10 - Recovery Completed

  11. Recover primary region - Reset

    Reset Primary Region

    Figure 11 - Reset Primary Region

DNS Configuration

  1. Enable/Disable DNS Configuration

    DNS Configuration

    Figure 1 - DNS Configuration

  2. Enabling IAM policy for the zone

    Enable IAM policy

    Figure 2 - Enable IAM policy

  3. Adding zone record set

    Add zone

    Figure 3 - Add zone

  4. Record set details

    Record

    Figure 4 - Record

  5. Update DNS record set

    Update DNS

    Figure 5 - Update DNS

  6. Reset DNS record set

    Reset DNS

    Figure 6 - Reset DNS

Storage Encryption Mapping for Recovery

  1. Enable/Disable Storage encryption by Default Key

    Default key

    Figure 1 - Default key

  2. Sync Custom Keys Storage encryption

    Sync Custom keys

    Figure 2 - Sync Custom keys

  3. Map corresponding Recovery Region KMS key to the Primary Region key

    Mapping

    Figure 3 - Mapping

Appranix requires the following prerequisites to protect the AWS resources

  • AWS API Key

  • AWS Secret Key

Apply the IAM policy shown below in the AWS primary and recovery regions

  • IAM policy JSON details for the Primary Region:
{
    "Version": "2012-10-17",
    "Statement": [{
            "Sid": "AppranixPrimaryRegionEc2AndElbReadAndSnapshotWriteAccess",
            "Effect": "Allow",
            "Action": [
                "ec2:Describe*",
                "ec2:CreateSnapshot",
                "ec2:CreateTags",
                "ec2:CopySnapshot",
                "ec2:DeleteSnapshot",
                "ec2:DeleteTags",
                "elasticloadbalancing:Describe*"
            ],
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "aws:RequestedRegion": "Replace your primary region"
                }
            }
        },
        {
            "Sid": "KmsCreateGrantAccess",
            "Effect": "Allow",
            "Action": "kms:CreateGrant",
            "Resource": "*",
            "Condition": {
                "Bool": {
                    "kms:GrantIsForAWSResource": "true"
                }
            }
        }
    ]
}
  • IAM policy JSON details for the Primary Region Recovery:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PrimaryRegionRecovery",
            "Effect": "Allow",
            "Action": [
                "ec2:RunInstances",
                "ec2:ModifyInstanceAttribute",
                "ec2:TerminateInstances",
                "ec2:RegisterImage",
                "ec2:DeregisterImage",
                "cloudformation:*"
              ],
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "aws:RequestedRegion": "Replace your primary region"
                }
            }
        }
    ]
}
  • IAM policy JSON details for the KMS
   {
    "Id": "kms-describe-and-create-grant-policy",
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "CreateGrant",
            "Effect": "Allow",
            "Action": "kms:CreateGrant",
            "Resource": "*",
            "Condition": {
                "Bool": {
                    "kms:GrantIsForAWSResource": "true"
                }
            }
        },
        {
            "Sid": "AllowUseofTheKey",
            "Effect": "Allow",
            "Action": [
                "kms:ListAliases",
                "kms:DescribeKey*",
                "kms:Encrypt",
                "kms:Decrypt",
                "kms:GenerateDataKey*"
            ],
            "Resource": "*"
        }
    ]
}
  • IAM policy JSON details for the Route-53
{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Sid" : "AllowHostedZoneListPermissions",
         "Effect": "Allow",
         "Action": [
            "route53:GetHostedZone",
            "route53:ListHostedZones",
            "route53:GetHostedZoneCount",
            "route53:ListHostedZonesByName"
         ],
         "Resource": "*"
      },
      {
         "Sid" : "AllowHostedZoneRecoredSetUpdatePermissions",
         "Effect": "Allow",
         "Action": [
            "route53:ChangeResourceRecordSets",
            "route53:ListResourceRecordSets",
         ],
         "Resource": ["arn:aws:route53:::hostedzone/Replace your hosted zone id"
             ]
      }
   ]
}

Appranix requires the following prerequisites to protect the Google - CloudSQL resources

  • Project Id

  • Google JSON Key String

Apply the IAM policy shown below in the GCP

  1. Cloud SQL Admin

  2. Deployment Manager Editor

To add an IAM policy binding for the user 'test-user@gmail.com' on a project with identifier 'PROJECT_ID'

  • for the role of 'roles/cloudsql.admin', run:
    $ gcloud projects add-iam-policy-binding PROJECT_ID\
    --member='user:test-user@gmail.com' --role='roles/cloudsql.admin'
  • for the role of 'roles/deploymentmanager.editor', run:
  $ gcloud projects add-iam-policy-binding PROJECT_ID\
  --member='user:test-user@gmail.com'\ --role='roles/deploymentmanager.editor'

To add an IAM policy binding to the service account 'project@example.domain.com' for the same project

  • for the role of 'roles/cloudsql.admin', run:
    $ gcloud projects add-iam-policy-binding PROJECT_ID\
    --member 'serviceAccount:project@example.domain.com' \
    --role 'roles/cloudsql.admin'
  • for the role of 'roles/deploymentmanager.editor', run:
    $ gcloud projects add-iam-policy-binding PROJECT_ID\
    --member 'serviceAccount:project@example.domain.com' \
    --role 'roles/deploymentmanager.editor'

For more reference Click here

results matching ""

    No results matching ""