IBM® Power® Virtual Server resiliency on AIX

This is a baseline solution pattern containing the design and architecture decisions for a PowerVS resiliency solution for AIX workloads to meet common requirements as noted in this use case. Actual solutions depend on the specific requirements that are set by the client. Review the following summary of the use case for this reference architecture:

AIX resiliency summary — Figure 1. Reference Architecture Summary for Deploying Resilient AIX workloads on IBM® Power® Virtual Server

Architecture diagram

AIX reference architecture — Figure 2. Deploying resilient AIX workloads on IBM® Power® Virtual Server reference architecture

Review the environments that are related to this reference architecture:

Provider would connect the environment by using a direct link for private connectivity.
The direct link then connects to a Local Transit Gateway. This advertises and routes on-premises traffic to VPC for gateway or firewall inspection.
The transit gateway connects to managment VPC, which hosts your Next Generation Firewall, management subnets for your bastion hosts, and your Virtual Private Endpoint.
Backup as a Service VPC is deployed as part of the backup service automation not for workloads.
The Cobalt Iron VPE instance then communicates to the Cobalt Iron SaaS IBM Cloud service.
PowerVS workspace is deployed within the IBM® Power® Virtual Server environment and connects to the Power Edge Router (PER).
A local Power high availability standard cluster is then deployed within the workspace to provide local clustering.
The management and workload VPC mentioned from the primary site is also deployed in disaster recovery.
Global Replication Service (GRS) is deployed as part of Disaster Recovery Storage Area Network to Storage Area Network replication.
There is a GRS controller Logical Partition that is deployed at both the primary and the DR site.
Communication for GRS SAN to SAN traffic between sites occurs over the IBM private backbone.
Replication of the controller Logical Partitions occurs over the Global Transit gateway.

Design scope

The PowerVS resiliency for AIX workloads architecture covers design considerations and architecture decisions for the following aspects and domains:

Compute: Virtual Servers
Storage: Primary Storage, Backup Storage, Archive Storage
Networking: Enterprise Connectivity, BYOIP/Edge gateways, Segmentation, Isolation, Cloud Native Connectivity, Domain name system
Security: Data security, Identity and access management, Infrastructure and endpoint security
Resiliency: Backups and Restore, High Availability, Disaster Recovery

The Architecture Framework provides a consistent approach to design cloud solutions by addressing requirements across a set of "aspects" and "domains", which are technology-agnostic architectural areas that need to be considered for any enterprise solution. For more information, see Introduction to the Architecture Design Framework.

Following the Architecture Design Framework, Resiliency for PowerVS covers design considerations and architecture decisions for the following aspects and domains:

heatmap — Figure 3. Resiliency for PowerVS AIX Workloads Heat Map

Requirements

Table 1. Resiliency for PowerVS requirements
Aspect	Requirements
Compute	Provide CPU and RAM to support resiliency components.
Storage	Provide storage to support replication activities. Provide storage to support customer retention schedules.
Networking	Provide enterprise to cloud network connectivity to recovery site. Provide private connectivity between workloads across protected and recovery sites. Deploy workloads in an isolated environment and enforce information flow policies. Provide BYOIP, Edge Routing, VLAN segmentation and DNS
Security	Ensure data encryption at rest and in transit for the storage layer. Protect the boundaries of the application against denial-of-service and application-layer attacks.
Resiliency	Provide local OS level high availability between two AIX LPARs. Provide backups for data retention for AIX workloads. Recovery Time Objective (RTO) and Recovery Point Objective(/RPO) = 1 hours/1 hours. 99.99% Infrastructure Availability
Service Management	Monitor the usage and performance of the resiliency components

Components

Table 2. Resiliency for PowerVS components
Category	Solution Components	How it is used in a solution
Compute	PowerVS LPARs	High availability workload virtual servers Disaster Recovery workload virtual servers Global Replication Service (GRS) Controllers
	VPC VSI	Compute for NGFW and management tools
Storage	Flash Storage from IBM FS9500 series devices	Web, application, database storage Storage for GRS
	Cloud Object Storage	long-term backup archive Logs
Networking	IBM Cloud Direct Link	Enterprise to cloud network connectivity
	Transit Gateway (TGW)	Connectivity between PowerVS and VPCs
	Service Endpoints	Private network access to cloud services such IBM Cloud Logs, Cloud Object Storage.
	Global Transit Gateway (GTGW)	Provides PowerVS and VPC connectivity in different regions (global routing)
	DNS Services	Private DNS resolution
Security	Next-Generation Firewall (NGFW)	Provide IDS/IPS and edge firewall capabilities
Resiliency	Secure automated backup with Compass	Backups for AIX workloads
	PowerHA Standard	Local OS level between two LPARS
	Global Replication Service and IBM Toolkit for AIX Full System Replication	SAN to SAN replication between two IBM Cloud data centers
Service Management	IBM Cloud Logs IBM Cloud Monitoring	Apps, Audit, and operational logs monitor platform metrics