Skip to main content
Pure Technical Services

Connect and Configure Cross-Region-Replication for Purity CloudSnap AWS S3 Buckets | Pure CBS on AWS

Currently viewing public documentation. Please login to access the full scope of documentation.

KP_Ext_Announcement.png

Introduction

This document illustrates how to use Purity CloudSnapTM to offload to a bucket then replicate to another bucket by leveraging S3 cross-region-replication (CRR). This provides a third copy of data to be located off the region and can be recovered on-demand to a new Cloud Block Store in that region. This scenario can be used as an inter-region Cold Disaster Recovery or a long-term data archive. 

To learn more about CloudSnap, Please refer to CloudSnap Best Practices and Users Guide, you can also check Cody Hosterman blog Configuring FlashArray Offload to AWS S3.  

Architecture  

The diagram below shows the architecture this document aims to achieve. Region X refers to the source region and Region Y as the destination region. The replicated bucket "Bucket-2" can be utilized in case of a disaster or whenever the data is needed to be recovered in that region. This can be easily achieved by deploying new CBS and connecting the bucket and restoring the offloaded snapshot. 

clipboard_ef25fe9fa96c457235a68eed923080c85.png

Requirements

  • This guide uses Cloud Block Store as the source array, and CloudSnap is enabled by default. If FlashArray is used instead, please follow Steps to Install CloudSnap to install and enable CloudSnap. 
  • For this guide AWS S3 is used as a replication/offload target, users need to have an AWS account where S3 buckets can be created and configured. 
  • CloudSnap uses replication interfaces, and it is over HTTPS, so make sure to add port 443 to CBS replication security group. 

clipboard_e6eded44786a4a53b57a4bdd571902d92.png

Create AWS S3 Buckets

Authentication

Configure Replication Rule

The replication is configured to be one-directional from the source bucket "Bucket-1" to the destination bucket "Bucket-2". 

Start by navigating to "Bucket-1". Then under Management, select Create replication rule.

clipboard_ed5a7f4d7596e03a81121ba1a5c619555.png

Choose the rule name, and keep the Status as Enabled. An enabled rule starts working once this rule is saved. 

clipboard_e8591edd7ff4214b44ce291300639d049.png

Make sure to apply the rule to all the objects in the source bucket by selecting Apply to all objects in the bucket. Then choose the destination “Bucket-2” using Browse S3. 

clipboard_e30c031044c6c403f8add43c225f87459.png

It is mandatory for buckets replication to enable Versioning. If it is not enabled beforehand, the AWS console shows a banner where you can click and enable for both source and destination. examples below: 

Source Bucket

clipboard_e93445c20f66afde0d38fc1c95790e243.png 

Destination Bucket 

clipboard_e74b8c0a5da76139be42aa54c2402b036.png

 

For IAM role, select Create new role from the dropdown list.

It is recommended to choose Create new role rather than choosing an existed IAM role. Once the replication rule is saved, AWS S3 creates a new IAM role and generates a new policy that matches the configuration of the source and destination buckets. 

clipboard_eb2b17f29c6d10d38d68b86591a57234d.png

You must enable Replicate objects encrypted with AWS KMS. This is required since the encryption is enabled on the source bucket. 

Since this is a cross-region-replciation, you need to choose the AWS KMS key for decrypting source objects, make sure to select the correct one, selected in the previous section. Then choose a key on the destination region to re-encrypt the objects. 

For this practice all the keys used are AWS KMS managed keys, you can always create or bring your custom key. 

clipboard_e612a49337764cc26f61968c8540b2629.png

Save the rule, and with this replication is configured.

Configure Lifecycle Rule

CloudSnap uses one lifecycle rule and it is auto-created once the bucket is initialized by the array. Therefore, the following step applies to the destination bucket "Bucket-2" only, the source bucket will be connected to the array the step after. 

On your local machine or AWS CloudShell, Create a file offload_lifecycle.json and paste the following rule to it. 

{
    "Rules": [
        {
            "ID": "AbortIncompleteMultipartUpload",
            "Filter": {},
            "Status": "Enabled",
            "AbortIncompleteMultipartUpload": {
                "DaysAfterInitiation": 1
            }
        }
    ]
}

Then use AWS CLI to create the lifecycle rule on the destination bucket. Make sure to replace the bucket name (highlighted in green below)

aws s3api put-bucket-lifecycle-configuration --bucket cbs-offload-us-bucket-2 --lifecycle-configuration file://offload_lifecycle.json 

 Verify on AWS Console that the lifecycle rule is created. 

clipboard_ef858a99cddaebb1e197a9c609128fbeb.png

Connect to Source S3 Bucket 

How to Use the Destination Bucket 

The following are the steps to perform on the DR region in order to recover the replicated snapshot to a new CBS: 

1. Deploy Cloud Block Store on the region where the destination bucket is located. You can achieve this by following the deployment guide on AWS Console, AWS CLI, or using Terraform

2. Connect destination "Bucket-2" to the newly deployed CBS. Check Connect to Cloudsnap S3 bucket from CBS array.

3. Restore the offloaded snapshots. Check Restoring a snapshot from the offload target

4. Create volumes from restored snapshots. Check Creating a Volume from the Restored Snapshot