Versions Compared

Old Version 5

changes.mady.by.user Sarabjeet Kaur

Saved on

compared with

New Version 6

changes.mady.by.user Sarabjeet Kaur

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Create a new Storage Account using the ARM template in the DR region (refer to Fig 1 for getting DR region value).

  2. Execute the following command to copy the data from the Secondary Storage Blob Service Endpoint (created when you enabled the RA-GRS redundancy option) to the above-createdoption)to the above created Storage Account.

    Code Block
    azcopy copy "<source_URL>" "<destination_URL>" --recursive=true

...

  1. Open the downloaded template in a Text Editor. Search for EnableDR and change its value from ‘false’ to ‘true’.

  2. While deploying ARM deployment, enter the below details as follows:

    1. Storage Account Name: Enter the name of the Storage Account created in the DR Region in the Storage Account Name.

    2. Key Vault Name: Enter the DNS name of the existing Key vault in the primary region

    3. Kyvos Postgres Server Name: Enter the name of the Postgres Flexible Server promoted from Read replica.

    4. Provide the same engine work directory as the primary deployment.

Storage Account Template

...

languagejava

...

Points to remember

  • If DR happens, then you cannot move to the Original installation. The DR cluster will be the Primary cluster.

  • If you have configured additional settings for the primary cluster, in this case you need to perform the following settings on the secondary cluster as Primary cluster.

    • Once the deployment is complete, you MUST change the ADLS GEN2 storage name in all the datasets, as the raw data storage is also changed due to DR.

    • If the primary deployment was on a private network (tunneling established between Customer and Kyvos AZURE VNET), you must repeat the same procedure after DR deployment.

    • Once the deployment is complete, you must wait for Cuboid replication on all the query engines to execute queries.

    • Once the deployment is complete, you must enable LDAP, SSO, SMTP, TLS, and SSL same as you have done for the the primary cluster cluster.

    • If any additional IPs were allowed in the Security group of primary installation, you MUST configure the same in the DR Security Group, too.

    • Once the DR deployment is complete, you must create the custom URL and DNS mapping again.

    • You must manage the Glue tables and source data after the DR deployment.

Storage Account Template
Anchor
template
template

Code Block
languagejava
{

"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",

"contentVersion": "1.0.0.0",

"parameters": {

"StorageAccountName": {

"descriptiontype": "Selectstring",
True
to Create New Managed Identity for kyvos"defaultValue": "drbucket",

"metadata": {

"description": "Name of Storage Account to be used."

}

},

"StorageAccountContainerName": {

"AdditionalTagstype": {"string",

"typedefaultValue": "objectkyvoscontainer",

"metadata": {

"description": "AdditionalName tagsof toContainer putin onStorage all resources. Syntax: {\"Key1\": \"Value1\", \"Key2\" : \"Value2\"}"Account."

}

},

"defaultValueMultiAzStorageAccount": {

"UsedBytype": "Kyvosbool",

}

}

}"defaultValue": false,

"variablesallowedValues": {[ 
"TagMap": {true, false ],

"LayerTagmetadata": {

"WebServerdescription": "Kyvos_WebPortal",Select True to Create New Managed Identity for kyvos."

}

},



"OlapEngineAdditionalTags": "Service",{

"QueryEnginetype": "Queryobject",

"StorageAccountmetadata": "Persistent_Storage",{

"KyvosManagerdescription": "KM_Service",

"FunctionAdditional tags to put on all resources. Syntax: {\"Key1\": \"Scale_LayerValue1\", 
\"VaultKey2\" : \"Value2\"Secrets}"

},

"ManagedIdentitydefaultValue": "Authentication",{

"AzurePostgresServerUsedBy": "Metadata_Storage"Kyvos"

}

}

},

"LogsStorageAccountvariables": {

"Logs_Storage",TagMap": {

"CreditInfoPostgresLayerTag": "CreditInfo_Metadata_Storage",{

"CreditInfoKeyVaultWebServer": "CreditInfoKyvos_Secrets_StorageWebPortal",

"VnetOlapEngine": "NetworkingService",

"LogWorkspaceQueryEngine": "LoggingQuery",

"PrivateEndpointStorageAccount": "Connection"

}Persistent_Storage",

"RoleTagKyvosManager": { 
"WebServer": "WP_CLUSTER"KM_Service",

"OlapEngineFunction": "BIScale_CLUSTERLayer",

"QueryEngineVault": "QE_CLUSTERSecrets",

"StorageAccountManagedIdentity": "STORAGEAuthentication",

"KyvosManagerAzurePostgresServer": "KMMetadata_Storage",

"FunctionLogsStorageAccount": "KYVOSLogs_FUNCTIONStorage",

"VaultCreditInfoPostgres": "SECRETSCreditInfo_Metadata_MANAGERStorage",

"ManagedIdentityCreditInfoKeyVault": "RESOURCESCreditInfo_Secrets_ACCESSStorage",

"AzurePostgresServerVnet": "DATABASENetworking",

"AzurePostgresServerKmRepoLogWorkspace": "DATABASE_KMLogging",

"LogsStorageAccountPrivateEndpoint": "LOGS_DATA"Connection"

},

"CreditInfoPostgresRoleTag": "CREDITINFO_DATABASE",{

"CreditInfoKeyVaultWebServer": "CREDITINFOWP_PASSWORDSCLUSTER",

"VnetOlapEngine": "NETWORKBI_CLUSTER",

"LogWorkspaceQueryEngine": "LOGGINGQE_CLUSTER",

"PrivateEndpointStorageAccount": "CONNECTIONSTORAGE",

}

}

}"KyvosManager": "KM",

"resourcesFunction": [

{

"type"KYVOS_FUNCTION",

"Vault": "Microsoft.Storage/storageAccountsSECRETS_MANAGER",

"apiVersionManagedIdentity": "2022-09-01RESOURCES_ACCESS",

"nameAzurePostgresServer": "[parameters('StorageAccountName')]DATABASE",

"locationAzurePostgresServerKmRepo": "[resourceGroup().location]DATABASE_KM",

"skuLogsStorageAccount": {"LOGS_DATA",

"nameCreditInfoPostgres": "[if(parameters('MultiAzStorageAccount'), 'Standard_ZRS', 'Standard_LRS')]CREDITINFO_DATABASE",

"tierCreditInfoKeyVault": "Standard"

}CREDITINFO_PASSWORDS",

"tagsVnet": "[union(parameters('AdditionalTags'),json(concat('{\"CLUSTER_ID\NETWORK",

"LogWorkspace": \"LOGGING"kyvos-',
deployment().name, '\" , \"CreatedBy\": \"Kyvos\", \"Name\": \"kyvos-storage-', deployment().name, '\" , \"ROLE\": \"', variables('TagMap').RoleTag.StorageAccount, '\" , \"LAYER\": \"', variables('TagMap').LayerTag.StorageAccount, '\"')))
"PrivateEndpoint": "CONNECTION"

}

}

},

"resources": [

{

"type": "Microsoft.Storage/storageAccounts",

"apiVersion": "2022-09-01",

"name": "[parameters('StorageAccountName')]",

"kindlocation": "StorageV2",[resourceGroup().location]",

"propertiessku": {

"largeFileSharesStatename": "Disabled",

"isHnsEnabled": true[if(parameters('MultiAzStorageAccount'), 'Standard_ZRS', 'Standard_LRS')]",

"networkAclstier": {
 "bypassStandard":

"AzureServices"},

"virtualNetworkRulestags": [],

"ipRules": [],

"defaultAction": "Allow"

},

"supportsHttpsTrafficOnly": true,

"encryption": {

"services": {

"file": {

"keyType": "Account",

"enabled": true

},

"blob"[union(parameters('AdditionalTags'),json(concat('{\"CLUSTER_ID\": \"kyvos-', deployment().name, '\" , \"CreatedBy\": \"Kyvos\", \"Name\": \"kyvos-storage-', deployment().name, '\" , \"ROLE\": \"', variables('TagMap').RoleTag.StorageAccount, '\" , \"LAYER\": \"', variables('TagMap').LayerTag.StorageAccount, '\"')))]",

"kind": "StorageV2",

"properties": {

"keyTypelargeFileSharesState": "AccountDisabled",

"enabledisHnsEnabled": true,

}

},"networkAcls": {

"keySourcebypass": "Microsoft.Storage"

}AzureServices",

"minimumTlsVersionvirtualNetworkRules": "TLS1_2"[],

"accessTieripRules": "Hot"[],

"allowBlobPublicAccessdefaultAction": false

}"Allow"

},

{

"typesupportsHttpsTrafficOnly": "Microsoft.Storage/storageAccounts/blobServices"true,

"apiVersionencryption": {

"2022-09-01",services": {

"namefile": "[concat(parameters('StorageAccountName'), '/default')]{

"keyType": "Account",

"dependsOnenabled": [

"[resourceId('Microsoft.Storage/storageAccounts', parameters('StorageAccountName'))]"

]true

},

"propertiesblob": {

"corskeyType": {"Account",

"enabled": true

}

},

"corsRuleskeySource": []"Microsoft.Storage"

},

"deleteRetentionPolicyminimumTlsVersion": "TLS1_2",

"accessTier": {"Hot",

"enabledallowBlobPublicAccess": false

}

},

{

"tagstype": "[union(parameters('AdditionalTags'),json('{}'))]"

},

{

"type": "MicrosoftMicrosoft.Storage/storageAccounts/blobServices/containers",

"apiVersion": "2022-09-01",

"name": "[concat(parameters('StorageAccountName'), '/default/',parameters('StorageAccountContainerName'))]",

"dependsOn": [

"[resourceId('Microsoft.Storage/storageAccounts/blobServices', parameters('StorageAccountName'), 'default')]"

],

"[resourceId('Microsoft.Storage/storageAccounts', parameters('StorageAccountName'))]"

]properties": {

"cors": {

"corsRules": []

},

"propertiesdeleteRetentionPolicy": {

"publicAccessenabled": "None" false

}

},

"tags": "[union(parameters('AdditionalTags'),json('{}'))]"

},

],{

"outputstype": {

}

}

Points to remember

...

Once the deployment is complete, you MUST change the ADLS GEN2 storage name in all the datasets, as the raw data storage is also changed due to DR.

...

If the primary deployment was on a private network (tunneling established between Customer and Kyvos AZURE VNET), you must repeat the same procedure after DR deployment.

...

Once the deployment is complete, you must wait for Cuboid replication on all the query engines to execute queries.

...

Once the deployment is complete, you must enable TLS and SSL again in Kyvos.

...

If any additional IPs were allowed in the Security group of primary installation, you MUST configure the same in the DR Security Group, too.

...

Once the DR deployment is complete, you must create the custom URL and DNS mapping again.

...

"Microsoft.Storage/storageAccounts/blobServices/containers",

"apiVersion": "2022-09-01",

"name": "[concat(parameters('StorageAccountName'), '/default/',parameters('StorageAccountContainerName'))]",

"dependsOn": [

"[resourceId('Microsoft.Storage/storageAccounts/blobServices', parameters('StorageAccountName'), 'default')]",

"[resourceId('Microsoft.Storage/storageAccounts', parameters('StorageAccountName'))]"

],

"properties": {

"publicAccess": "None"

},

"tags": "[union(parameters('AdditionalTags'),json('{}'))]"

}

],

"outputs": {

}

}