Red Hat OpenShift on VPC multiregion DR
This reference architecture is used in a multiregion disaster recovery scenario for a containerized workload with persistent storage and backup requirements. The pattern uses Red Hat OpenShift as the managed container platform and Portworx for software-defined storage (SDS) replication and backup.
Architecture diagram
Review the following containers, SDS, and backup disaster recovery components that corresponds with Figure 1:
-
Separate hyperconverged compute and storage Red Hat OpenShift clusters are created in primary and DR region accounting for containerized applications and environments that require disaster recovery protection.
-
To meet the high availability 99.99% SLA 6 worker nodes equally distributed across three availability zones are included within each Red Hat OpenShift cluster in each region.
-
A minimum of 3 worker nodes with extra local block storage is required so that the Portworx built-in internal key-value database (KVDB) can be set up for high availability. The KVDB stores the state, configuration data, and metadata for your cluster. Your data is automatically replicated across these 3 worker nodes, and you can choose to scale this deployment to replicate data across up to 25 worker nodes.
-
-
Portworx Enterprise DR provides data replication between Red Hat OpenShift source and failover destination clusters in separate regions. Each cluster has its own Portworx Enterprise DR installation and uses a separate Portworx key-value store that is not shared.
-
Block Storage for VPC is used as the backing storage for Portworx Enterprise DR and volumes are provisioned on a per availability zone basis.
-
Portworx Enterprise DR async replication is used between the primary and DR site for the DR data replica.
-
Portworx Backup is used to backup up cluster resources applications and data from target and source application clusters. Choose the cluster where Portworx Backup is to be installed (this cluster can also be backed up).
-
Add the Red Hat OpenShift clusters that will be backed up to the Portworx Backup service.
-
An IBM Cloud Object Storage instance and bucket is used as the backup location to the Portworx Backup service.
-
Cross-region COS plan is used for multiregional protection with concurrent access to protect against entire regional unavailability or outage.
-
To back up a cluster without Portworx Enterprise, you must first install the Portworx storage scheduler Stork before you add the cluster to the Portworx Backup service.
-
Public connectivity: Cloud Internet Services (CIS) Global Load Balancer feature is used to provide public traffic load balancing between the primary and DR sites.
-
Public connectivity: VPN for VPC is used to provide secure connectivity from on-premises networks and admin access from anywhere.
-
Private connectivity: Redundant (or single) Direct Link connections that are established to the primary and DR sites with Transit Gateway connections.
-
Private connectivity: Global Routing is added to the DR region Direct Link for resilient private network connectivity outside the local market.
-
Private connectivity: Global Transit Gateway in the DR region provides interconnectivity between VPCs for replication traffic between IBM Cloud regions.
-
Private connectivity: Private DNS Services Global Load Balancer or customer provided GLB is used to provide private traffic load balancing between the primary and DR sites.
Design scope
Following the Architecture Design Framework, the Red Hat OpenShift Service on VPC DR pattern covers design considerations and architecture decisions for the following aspects and domains:
-
Compute: Containers
-
Storage: Primary storage, backup storage, software-defined storage
-
Networking: Enterprise connectivity, load balancing, DNS
-
Resiliency: Backup and restore, disaster recovery
The Architecture Design Framework provides a structured approach to designing cloud solutions by covering key architectural aspects and domains, helping ensure consistency across enterprise solutions regardless of technology. For more information, see Introduction to the Architecture Design Framework.
Requirements
The following table outlines key baseline requirements that are essential for most clients to successfully deploy the Red Hat OpenShift Service on VPC DR pattern.
| Aspect | Requirement |
|---|---|
| Compute | Provide a platform for containerized application, storage, and management workloads with adequate compute capacity. |
| Storage | Provide highly available storage that meets the application performance requirements. |
| Network | Enterprise connectivity to customer data centers to provide access to applications from on-premises. |
| Provide network isolation with the ability to separate applications based on attributes such as environment, data classification, public versus internal apps and function. | |
| Resiliency | Provide a containerized platform that supports application availability targets and business continuity policies. |
| Provide highly available compute, storage, network, and other cloud services for a resilient containerized application with persistent storage requirements. | |
| Provide a backup solution for containers platform and application data to enable recovery if an unplanned outage occurs. | |
| Provide highly available storage for containerized databases and stateful applications with cross-region storage replication. | |
| Provide for an RTO/RPO = 4 hours/15 minutes; expect rollback to original environments no later than specified RTOs. | |
| Provide public and private enterprise connectivity with failover to a secondary region for disaster recovery Provide a 99.99% SLA on the containerized platform service. |
Solution components
| Category | Component | How it's used in the solution |
|---|---|---|
| Compute | Red Hat OpenShift on IBM Cloud VPC | Container platform with worker nodes to support the application, software-defined storage, and backup tool workloads. |
| Storage | Block Storage for VPC | Portworx Enterprise requires Block Storage for VPC as the backing storage for cluster worker nodes. Cloud Drives (for VPC Clusters only) can be used to dynamically provision Block Storage for VPCfor Portworx. |
| Portworx Enterprise | Portworx enterprise provides highly available unified storage across multiple zones for stateful application with Compute and Storage in a Hyperconverged design. | |
| IBM Cloud® File Storage for VPC | File storage offering that provides NFS-based file storage services. | |
| Object Storage | Backups, Archiving, 2nd offside backup copy, logs (application, operational, and audit logs) IBM Cloud Object Storage Smart Tier Cross Regional or Vault based on the access of the data frequency. | |
| Networking | Direct Link | Private network connectivity between VPCs and cloud services. |
| CIS | Public DNS resolution. | |
| Global Transit Gateway | Connectivity between two different regions for Workload and Management VPCs. | |
| Transit Gateway | Connectivity between Workload and Management VPCs. | |
| VPN for VPC | Remote access to manage resources in a private network. | |
| DNS Services | Private DNS resolution. | |
| Resiliency | Portworx Enterprise with Disaster Recovery (px-dr-enterprise) | Disaster Recovery Supports HA across Availability Zones, RPO-zero failover across data centers in a metropolitan area and continuous incremental backups across global data centers. |
| PX-Backup for Kubernetes | Portworx Enterprise is the most widely-used and reliable cloud-native storage solution for production workloads and provides high-availability, data protection, and security for containerized applications. | |
| Cloud Internet Services (CIS) | Global Load Balancer. | |
| DNS Services | Private Global Load Balancer. |