Using the Failback Client

Failback replication is performed by booting the Failback Client on the source server into which you want to replicate your data from AWS. In order to use the Failback Client you must meet the failback prerequisites and generate failback AWS credentials as described below. The DRS Console allows you to track the progress of your failback replication on the Recovery instances page. Learn more about the Recovery instances page.

Failback prerequisites

Prior to performing a failback, ensure that you meet all replication network requirements and the following failback-specific requirements:

• Ensure that the volumes on the server you are failing back to are the same size, or larger, than the Recovery instance.

• The Failback Client must be able to communicate with the Recovery instance on TCP 1500, this can be done either by via a private route (VPN/DX) or a public route (public IP assigned to the Recovery instance)

• TCP Port 1500 inbound and TCP Port 443 outbound must be open on the Recovery instance for the pairing to succeed.

• You must allow traffic to S3 from the server you are failing back to.

• The server on which the Failback Client is ran must have at least 4 GB of dedicated RAM.

• The recovery instance used as a source for failback must have permissions to access the DRS service via API calls. This is done using instance profile for the underlying EC2 instance. The instance profile must include the AWSElasticDisasterRecoveryRecoveryInstancePolicy in addition to any other policy you require the EC2 instance to have. By default, the launch settings that DRS creates for source servers already have an instance profile defined that includes that policy and that instance profile will be used when launching a Recovery Instance.

• Be sure to deactivate secure boot on the server on which the Failback Client is run.

Failback AWS credentials

In order to perform a failback with the Elastic Disaster Recovery Failback Client, you must first generate the required AWS credentials. You can create temporary credentials with AWS STS. These credentials are only used during Failback Client installation.

You will need to enter your credentials into the Failback Client when prompted.

Generating temporary failback credentials

In order to generate the temporary credentials required to install the AWS Elastic Disaster Recovery Failback Client, take the following steps:

1. Create a new IAM Role with the AWSElasticDisasterRecoveryFailbackInstallationPolicy policy.

2. Request temporary security credentials via AWS STS using the AssumeRole API.

Learn more about creating a role to delegate permissions to an AWS service in the IAM documentation. Attach the following policy to the role: AWSElasticDisasterRecoveryFailbackInstallationPolicy.

Failback Client detailed walkthrough

Once you are ready to perform a failback to your original source servers or to different servers, take the following steps:

Note

Replication from the source instance to the source server (in the target AWS Region) will continue when you perform failback on a test machine.

1. Complete the recovery as described above.

2. Configure your failback replication settings on the recovery instances you want to fail back. Learn more about failback replication settings.

3. Download the AWS Elastic Disaster Recovery Failback Client ISO (aws-failback-livecd-64bit.iso) from the S3 bucket that corresponds to the AWS Region in which your Recovery instances are located.

   1. Direct download link: Failback Client ISO: https://aws-elastic-disaster-recovery-{REGION}.s3.{REGION}.amazonaws.com/latest/failback_livecd/aws-failback-livecd-64bit.iso

   2. Failback Client ISO hash link: https://aws-elastic-disaster-recovery-hashes-{REGION}.s3.{REGION}.amazonaws.com/latest/failback_livecd/aws-failback-livecd-64bit.iso.sha512

4. Boot the Failback Client ISO on the server you want fail back to. This can be the original source server that is paired with the Recovery instance, or a different server.

   Important

   Ensure that the server you are failing back to has the same number of volumes or more than the Recovery Instance and that the volume sizes are equal to or larger than the ones on the recovery instance.

   Note

   • When performing a recovery for a Linux server, you must boot the Failback Client with BIOS boot mode.

   • When performing a recovery for a Windows server, you must boot the Failback Client with the same boot mode (BIOS or UEFI) as the Windows source server.

5. If you plan on using a static IP for the Failback Client, run following once the Failback Client ISO boots:

   IPADDR="enter IPv4 address" NETMASK="subnet mask" GATEWAY="default gateway" DNS="DNS server IP address" CONFIG_NETWORK=1 /usr/bin/start.sh

   For example,

   IPADDR="192.168.10.20" NETMASK="255.255.255.0" GATEWAY="192.168.10.1" DNS="192.168.10.10" CONFIG_NETWORK=1 /usr/bin/start.sh

6. Enter your AWS credentials, including your AWS Access Key ID and AWS Secret Access Key that you created for Failback Client installation, the AWS Session Token (if you are using temporary credentials – users who are not using temporary credentials can leave this field blank), and the AWS Region in which your Recovery instance resides. You can attach the Elastic Disaster Recovery Failback Client credentials policy to a user or create a role and attach the policy to that role to obtain temporary credentials. Learn more about Elastic Disaster Recovery credentials.

   

7. Enter the custom endpoint or press Enter to use the default endpoint. You should enter a custom endpoint if you want to use a VPC Endpoint (PrivateLink).

   

8. If you are failing back to the original source machine, the Failback Client will automatically choose the correct corresponding recovery instance.

   

9. If the Failback Client is unable to automatically map the instance, then you will be prompted to select the recovery instance to fail back from. The Failback Client will display a list with all recovery instances. Select the correct recovery instance by either entering the numerical choice from the list that corresponds to the correct recovery instance or by typing in the full recovery instance ID.

   
   Note

   The Failback Client will only display recovery instances whose volume sizes are equal to or smaller than the volume sizes of the server you’re failing back to. If the recovery instance has volume sizes that are larger than that of the server you are failing back to, then these Recovery instances will not be displayed.

10. If you are failing back to the original source server, then the Failback Client will attempt to automatically map the volumes of the instance.

    

11. If the Failback Client is unable to automatically map the volumes, you will need to manually enter a local block device (example /dev/sdg) to replicate to from the remote block device. Enter the EXCLUDE command to specifically exclude local block devices.

    
    Important

    The local volumes must be the same in size or larger than the recovery instance volumes.

12. The Failback Client will verify connectivity between the recovery instance and AWS Elastic Disaster Recovery.

    
    Important

    For the Failback Client to successfully establish connectivity, a public IP must be set on the recovery instance in EC2. In addition, TCP Port 443 outbound must be open on the Recovery instance.

13. The Failback Client will download the replication software from a public S3 bucket onto the source server.

    
    Important

    You must allow traffic to S3 from the source server for this step to succeed.

14. The Failback Client will configure the replication software.

    

15. The Failback Client will pair with the AWS Replication Agent running on the recovery instance and will establish a connection.

    
    Important

    TCP Port 1500 inbound must be open on the recovery instance for the pairing to succeed.

16. Data replication will begin.

    

    You can monitor data replication progress on the Recovery instances page in the AWS Elastic Disaster Recovery Console.

    

17. Once data replication has been completed, the Recovery instance on the Recovery instances page will show the Ready status under the Failback state column and the Healthy status under the Data replication status column.

    

18. Once all of the recovery instances you are planning to fail back show the statuses above, select the checkbox to the left of each Instance ID and choose Failback. This will stop data replication and will start the conversion process. This will finalize the failback process and create a replica of each recovery instance on the corresponding source server.

    Select the checkbox to the left of one or more recovery instances that are in the Ready state and click Failback to continue the failback process after performing a failback with the Elastic Disaster Recovery Failback Client. This action will stop data replication and will start the conversion process. This will finalize the failback process and will create a replica of each recovery instance on the corresponding source server.

    

    When the Continue with failback for X instances dialog appears, click Failback.

    This action will create a Job, which you can follow on the Recovery job history page. Learn more about the Recovery job history page.

19. Once the failback is complete, the Failback Client will show that the failback has been completed successfully.

    

20. You can opt to either terminate, delete, or disconnect the Recovery instance. Learn more about each action.