Appranix Cloud Application Resilience Service for Google Cloud

Advanced Cloud Resources Protection and Cross-Region Recovery for the Entire Cloud Application Environments

Overview

Appranix Cloud Application Resilience Service offers protection and recovery of entire application environments using cloud-native services and cloud-native data lifecycle management. SREs and cloud operations teams do not have to use any complicated third party infrastructure-centric data management solutions. They do not have to manually automate infrastructure-as-code like Deployment Manager, Terraform, etc. Appranix discovers hundreds and thousands of data points from all the cloud resources within an account, writes, and versions cloud-native infrastructure-as-code (Deployment Manager) to automate the entire cloud application environment or individual resources recovery.

Using Appranix, organizations can protect virtual machines, containers, persistent disks, firewalls, load balancers, VPCs, routes, external IP configurations, and much more with a few clicks and with no human intervention. All the dependencies between cloud resources are automatically calculated using Appranix’s intelligent Site Reliability Automation system. Users simply input a few policies from preexisting templates to create a cloud application environment time machine from which they can go back in time to recover cloud resources or entire environments in the same region or across another region of the cloud.

Appranix is delivered as a cloud service so cloud operations teams do not have to maintain any data protection infrastructure and do not have to worry about keeping that infrastructure highly available. They can add any number of resources across multiple accounts without having to re-architect the data protection systems for massive scalability. Cloud resources can be recovered in the same region in which the resources are protected or across another region for advanced disaster recovery (DR), and ransomware recovery for business continuity use cases or use it to create copies of production environments for test and dev or to sync multiple production environments across different continents cloud region deployments.

Sign up for the Appranix Service on the Google Cloud Platform Marketplace

Use the GCP search bar to search for the Appranix Site Reliability Automation to select a subscription. There are two options to select, Essentials and Pro.

Google Cloud signup

Appranix Essentials version protects and recovers entire cloud application environments, whereas the Pro version adds self-healing functions with the application blueprint deployments with infrastructure-as-code.

Google Cloud Price

You can activate an appropriate subscription based on your needs from the marketplace. Please note based on the selection, Google cloud resources usage will be billed in your next invoicing cycle.

Google Invoice Cycle

Create a specific user account with your domain email on the Appranix service to isolate it from other users.

Appranix Signin

Onboarding Prerequisites

Granting Permissions to Discover Cloud Resources

To generate the required GCP credentials to use with the Appranix User Console, you need to create at least one GCP Identity and Access Management (IAM) user and assign proper permission policies to this user. You will have to obtain a GCP Project ID and a Service Account Configuration JSON, Object storage bucket name for your GCP account, which are the credentials to enter into the Appranix User Console for discovering all the account cloud resources.

Appranix protect and recovery permission guidelines:

  • Create a service account with the name 'appranix'. [Example : ‘appranix-protect-service’]
  • Create a key for the appranix service account

Appranix bucket creation guidelines

  1. Provide the name for the bucket
  2. Choose how to control access to objects -> Select 'Set permission uniformly at bucket-level'
  3. Create the bucket
  4. Select the permission tab -> Add 'appranix' service account has a member With Role ' Storage Admin'

NOTE: We required bucket to store/sync all the cloud asset details. The 'appranix' service account will only have Storage Admin permission to this bucket not for other buckets in your GCP storage.

Cloud Asset API

Enable the cloud asset API manages the history and inventory of cloud resources.

Cloud Asset API

Adding CloudSQL permissions. Appranix requires the following prerequisites to protect the CloudSQL resources

  • Project Id
  • Google JSON Key String

Apply IAM policy binding for the role shown below in the GCP supported regions

  1. Compute Admin
  2. Cloud Assert Viewer
  3. Deployment Manager Editor
  4. Serviceusage.services.use
  5. Cloud SQL Admin

As an example, to add an IAM policy binding to the service account ‘serviceAccount:project@example.com' use the following commands on the Cloud Shell

Cloud Shell
  • For the role of 'Compute Admin', run:

      $ gcloud projects add-iam-policy-binding PROJECT_ID\--member 'serviceAccount:project@example.com' \--role 'roles/compute.admin'
    
  • For the role of 'Cloud Asset Viewer', run:

      $ gcloud projects add-iam-policy-binding PROJECT_ID\--member 'serviceAccount:project@example.com' \--role 'roles/cloudasset.viewer'
    
  • For the role of 'Deployment Manager Editor', run:

      $ gcloud projects add-iam-policy-binding PROJECT_ID\--member 'serviceAccount:project@example.com' \--role 'roles/deploymentmanager.editor'
    
  • For the custom role of 'serviceusage.services.use' permission, run:

      $ gcloud iam roles create custom_role_service_usage --project PROJECT_ID\--title custom-role-service-usage --description\"Service usage" --permissions\Serviceusage.services.use
      $ gcloud projects add-iam-policy-binding PROJECT_ID\--member 'serviceAccount:project@example.com'\--role 'projects/PROJECT_ID/roles/custom_role_service_usage'
    

This section summarizes permissions for the Cloud SQL support.

  • For the role of 'roles/cloudsql.admin', run:

      $ gcloud projects add-iam-policy-binding PROJECT_ID\--member 'serviceAccount:project@example.com'\--role 'roles/cloudsql.admin'
    

For more information, check out Google Cloud Documentation Click here

Creating a Cloud Configuration in Appranix

  1. Login to your Appranix account using the credentials you created
  2. Go to the Cloud Configuration page
  3. Select your cloud provider, in this case, Google Cloud
  4. Provide the necessary Project ID and Service Account Configuration JSON to configure your GCP Cloud Account
  5. Provide the necessary Bucket Name to store the discovered resources
  6. Select Supported Regions for the discovery of resources and recovery
  7. Add any additional required services for the cloud app resilience (Cloud SQL, etc.)

Configure Cloud Account(s)

Configure your cloud accounts with an appropriate description and authentication.

Configure Cloud

List of Configured Google Cloud Accounts

This page lists all the cloud accounts that have been configured.

Cloud List

Discover Cloud Resources

Appranix discovers all the resources from the configured GCP account automatically. These resources are refreshed periodically based on the policies configured later in the section.

Discover Cloud

Create a Cloud Assembly

Users can flexibly group all the discovered resources as Assemblies. For simplicity, Appranix only shows COMPUTE virtual machines. It is best practice to select and group per application criticality you want to protect and recover. For instance, you can select Tier-1 business-critical applications as an Assembly. Tier-2 applications as another Assembly and so on. You can then select all other resources as a separate Assembly.

Step - 1: Select and name a protection policy based on the Application(s) requirement

Assembly Create

Step - 2: Select the cloud configuration to protect the resources

Select Cloud Configuration

Step - 3: Select all the cloud resources to be protected with the specific policy

Select Cloud Resource

Step - 4: Review and Finish the Cloud Assembly creation

Assembly Finish

List of Assemblies

Appranix lists all the cloud Assemblies created so you modify them later if desired.

Assembly List

Assembly Summary

All the configurations for the particular Cloud Assembly are shown here. This page lists all the resources that belong to an application from the list of virtual machines selected when the Assembly was created.

Assembly Summary

Assembly Resources Page

This page lists all the dependent resources managed in an Assembly both as a list view and graph view. If you add any more VMs to this Assembly, all their dependent resources are automatically identified and grouped to show an entire application environment’s cloud resources.

Graphical View:

Managed Resources are shown in the graphical view.

Assembly Resources Page

List View:

Managed Resources are shown in the List view.

Assembly Resources List

Edit Cloud Assembly Resources:

You can add or remove resources from the Cloud Assembly.

Update Assembly Resources

Cloud Assembly Resource Details

All the details about the particular resource are shown in the card view.

Assembly Resources Info

Policies List

Policy details are listed here with policy name, frequency, primary regions, and copy retention counts

Policies List

Applying Protection Policies

You can apply Protection Policies based on the Application(s) requirement. You can apply multiple protection policies for the same Cloud Assembly. Click the “Create Protection Policy” link to name your protection policy and select the snapshot retention count in the primary region and recovery regions.

You can create Hourly, Daily, Weekly, Monthly and Yearly policies. Appranix will manage all the resources lifecycle based on the policies automatically within the application environment time machine.

Creating a new protection policy

Here we can create a new protection policy with multiple frequency type to protect the resources.

Creating a new protection policy

Selecting the protection policy from Policy Template

Here we can select a protection policy from Policy Template to protect the resources.

Creating the protection policy from Policy Template

Protection Policy Summary details

Summary details for Protection Policy listed here with policy frequency type, primary region name, protection status, and protection timeline.

Protection Policy Summary details

Cloud Assembly Timeline

This page shows your Cloud Application Environment Time Machine based on all your Protection Policies.

Cloud Assembly Timeline

Recovering Application Environments

Recover the cloud resources within the same region or your selected secondary region using the “RECOVER” button.

Recovering Application Environments

Recovering in the Same Cloud Region

Recover the cloud resources in the same region.

Note: Recovering the resources in the same region might have resource conflicts with existing production environment resources. Appranix avoids creating overlapping resources with different IP addresses for the instances.

Recovering in the Same Cloud Region

Recovering in Other Regions

You have the choice to select all the resources or specific resources to recover in other cloud regions

Recovering in Other Regions

Type text “RECOVER” to confirm the recovery

Recover action

Once the Recover action is triggered, the recovery status changes to “Recovery In Progress” and recovery logs for the specific timeline.

Recovery Logs

Recovery logs contain all the details of the execution for creating a copy of the application environment with copies of the application data from the snapshots. The Logs from the GCP Deployment Manager stack execution will be displayed here as well.

Recovery Logs

Once processed, the status will be updated to RECOVERY COMPLETED.

Login to your GCP account and get access to the recovered resources. All the recovered resources are automatically tagged with a prefix “ax-” so you can identify and manage them appropriately.

Recovery Completed

Recovered resources are shown in the recovered resources tab

Recovered Resources

By clicking the Resource from the List to view the resource details

Recovered Resources Info

Assembly Recovery Reset

Since every Assembly recovery consumes GCP resources, it is advisable to Reset the recovery region back to the original state. This process will delete all the GCP resources in the reverse order in which they were created. Press “RESET” and type “DELETE” in capital letters to initiate the Reset.

Assembly Recovery Reset

Delete process will show the progress in the status box

Assembly Recovery Reset Inprogress

Once reset completed, the status will be updated as "Reset completed".

Assembly Recovery Reset Completed

results matching ""

    No results matching ""