= SnapMirror - *Bonus section* :toc: :icons: :linkattrs: :imagesdir: ../resources/images == Summary This section will cover SnapMirror feature available with your Amazon FSx for NetApp ONTAP file system. SnapMirror is NetApp ONTAP's native block level replication technology for disaster recovery and data migrations. You can use SnapMirror to: * Replicate data between two Amazon FSx for ONTAP file systems located in different regions to setup Cross-Region Replication (CRR) for disaster recovery. * Migrate data from on-premises NetApp hardware into Amazon FSx for ONTAP file systems. * Create a second copy of your data on a second Amazon FSx for ONTAP file system within the same region. * Setup a DR in the cloud and replicate data between your on-premises NetApp storage and FSx for ONTAP file system. TIP: Consider using Amazon FSx Backups, which provide cost efficient offsite backup of your FSx for ONTAP volumes when planning for disaster recovery. FSx backups are stored in highly-durable Amazon S3 within the same region. === SnapMirror Overview SnapMirror is a disaster recovery technology in ONTAP which can be used to failover from your *primary* FSx file system to a *secondary* FSx file system in same or different region. SnapMirror can also be used to configure disaster recovery between your NetApp storage on-premises and an FSx file system in the Cloud or migrate data from on-premises NetApp storage arrays into the FSx file system. You can perform SnapMirror volume replication on Amazon FSx for NetApp ONTAP. SnapMirror Volume replication ensures that all data from a source system is copied to the target and is available in the event of a system failure or disaster. A peer relationship must be created between the Inter Cluster LIFs on the source and destination file systems and the SVMs. The first time you create a SnapMirror relationship, a snapshot is created on the source to perform the baseline transfer from source to destination volume. == Duration NOTE: It will take approximately 30 minutes to complete this section. IMPORTANT: Read through all steps before continuing. //image::xxx.gif[align="left", width=600] == SnapMirror volume replication === Create a secondary file system *_Click_* on *FSx > File systems* above the summary section of the file system and *_click_* *Create file system* then *_Select_* *Amazon FSx for NetApp ONTAP* and click *_Next_*. . You can choose between *Quick create* or *Standard create* methods. * The *Quick create* option allows you to easily create a new file system with a *_default_* recommended configuration. The *Quick create* option creates a file system with a single SVM and one volume, allowing for quick access to data from Linux instances over the NFS protocol. * The *Standard create* option allows you to set all the configuration options like performance, networking , security, backups, maintenance etc. . *_Select_* *Standard create* and input the values as shown here: + [cols="2,18"] |=== | *File system name - optional* a| Provide a file system name - FSxOntap-DR | *SSD storage capacity* a| Input 1024 | *Provisioned SSD IOPS* a| Accept the default | *Throughput capacity* a| Accept the default | *Virtual Private Cloud (VPC)* a| Select the VPC you noted down earlier during *Examine Amazon FSx Console* section of this workshop. This will be the same VPC as your *primary* file system | *VPC Security Groups* a| Select the security group with name *fsx-ontap-workshop-SecurityGroup-* created by the workshop | *Preferred subnet* a| Select the Preferred subnet you noted down earlier during *Examine Amazon FSx Console* section of this workshop. This will be the same subnet as your *primary* file system | *Standby subnet* a| Select the Standby subnet you noted down earlier during *Examine Amazon FSx Console* section of this workshop. This will be the same subnet as your *primary* file system | *VPC route tables* a| Select the route table ID you noted down earlier during *Examine Amazon FSx Console* section of this workshop. This will be the same route table as your *primary* file system | *Endpoint IP address range* a| Accept the default | *Encryption key* a| Accept the default | *File system administrative password* a| Specify a password for the fsxadmin user. You can set a new password or use the same password as your *primary* file system. You can retrieve this password using link:https://console.aws.amazon.com/secretsmanager[AWS Secrets Manager]. *_Select_* Secret name *FSxPassword-* and *_Click_* on *Retrieve Secret value* to get the fsxadmin user password | *Storage virtual machine name* a| Enter - svmdr01 | *SVM administrative password* a| Accept the default | *Active Directory* a| Accept the default. Do not join an Active Directory | *Default volume configuration* a| Leave Blank for all sections | *Backup and maintenance* a| Accept the default | *Tags* a| Accept the default |=== + . After you have entered or accepted values for all parameters, *_click_* *Next* and then *_click_* *Create file system* . It will take approximately *30 minutes* to create the new file system. NOTE: This will be referenced as *secondary* file system for the rest of this workshop. == Setup SnapMirror volume replication === Prepare your DR/*secondary* file system for SnapMirror . Go to the link:https://console.aws.amazon.com/fsx/[Amazon FSx] console, *_Click_* the *File system ID* of your Amazon FSx for NetApp ONTAP file system with name *FSxOntap-DR* which you created from the FSx Console earlier in this section. . *_Examine_* the *Administration* section of the console. *_Click_* the *Administration* tab. *_Find_* the values of the following file system attributes: * Management endpoint - IP address . *_Return_* to the SSH connection of the *FSx for ONTAP Workshop Linux instance* and export the file system management endpoint IP address for the *secondary* file system. Replace the IP address shown below with the your IP *file system Management endpoint - IP address* + TIP: Since your will be switching between *primary* and *secondary* file system, initiate a SSH session in a new tab in your terminal window or your browser session. + [source,bash] ---- ADMINUSER="fsxadmin" DRMGMTENDPOINT="x.x.x.x" ---- === SnapMirror steps NOTE: If you are creating a SnapMirror relationship between FSx file systems in a different accounts or different region you will need to establish VPC communication using link:https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html[VPC peering] or link:https://docs.aws.amazon.com/vpc/latest/tgw/what-is-transit-gateway.html[Transit gateway]. For this workshop we will establish SnapMirror relationship between file systems in the same VPC. . *_Run_* the below command to SSH to the *secondary* file system management endpoint. + [source,bash] ---- ssh ${ADMINUSER}@${DRMGMTENDPOINT} ---- + NOTE: If you are unable to SSH, verify the _security group_ configured on the ENI's for your *secondary* file system. Make sure it matches the _security group_ *fsx-ontap-workshop-Security-group-* of your *primary* file system. Go to the link:https://console.aws.amazon.com/fsx/[Amazon FSx] console, *_Click_* the *File system ID* of your Amazon FSx for NetApp ONTAP file system with name *FSxOntap-DR*. *_Click_* on *Network & security* tab and *_Click_* on the network interface (eni-xxxxxxxxxxx) for your preferred subnet. *_Go_* to the new tab that was opened in your browser for the network interface *_Select_* the ENI, *_Click_* *Actions* -> *Change security groups*. Next, *_Click_* *Select security groups* to pick the security group created by the workshop environment starting with *fsx-ontap-workshop-Security-group-* then *_Click_* *Add security group* and *_Click_* *Save*. Go to the link:https://console.aws.amazon.com/fsx/[Amazon FSx] console, *_Click_* the *File system ID* of your Amazon FSx for NetApp ONTAP file system with name *FSxOntap-DR*. *_Click_* on *Network & security* tab and *_Click_* on the network interface (eni-xxxxxxxxxxx) for your standby subnet. Repeat the step to update the security group for the ENI in your standby subnet. + . *_Return_* to the SSH connection of the *FSx for ONTAP Workshop Linux instance* and SSH to the *primary* file system management endpoint. + [source,bash] ---- ssh ${ADMINUSER}@${MGMTENDPOINT} ---- + . *_Run_* below ONTAP CLI command, on your *secondary* file system to create a new volume with type DP. + [source,bash] ---- vol create -volume vol2 -vserver svmdr01 -size 100G -type DP -aggregate aggr1 ---- + . *_Run_* below ONTAP CLI command, on your *primary* file system to get the Inter Cluster LIF IP addresses and Cluster name. + [source,bash] ---- network interface show -service-policy default-intercluster ---- + . *_Run_* below ONTAP CLI command, on your *secondary* file system to get the Inter Cluster LIF IP addresses. + [source,bash] ---- network interface show -service-policy default-intercluster ---- + . *_Initiate_* Cluster Peering from your *secondary* file system. Replace the IP addresses with IP addresses of your *primary* file system Inter Cluster LIFs.Enter passphrase when prompted. + [source,bash] ---- cluster peer create -peer-addrs x.x.x.x,y.y.y.y ---- + . *_Accept_* Cluster Peering from your source file system. Replace the IP addresses with IP addresses of your *secondary* file system Inter Cluster LIFs.Enter passphrase when prompted. Enter the passphrase your created earlier when prompted. + [source,bash] ---- cluster peer create -peer-addrs x.x.x.x,y.y.y.y ---- + . *_Verify_* the Cluster Peer Relationship was created successfully. + [source,bash] ---- cluster peer show -instance ---- + . *_Initiate_* a SVM peer relationship from your *primary* file system. *Replace* the source SVM name on *primary*, destination SVM name on your *secondary* file system and the cluster Name(Ex: FsxId003d1df7268e711aa) below. + [source,bash] ---- vserver peer create -vserver svm01 -peer-vserver svmdr01 -applications snapmirror -peer-cluster ---- + TIP: If you are have the same SVM name on both your primary and secondary file system then use _-local-name_ option with the above command. + . *_Check_* the status of peer relationship on your *primary* file system. The status will show as *_Initiated_*. + [source,bash] ---- vserver peer show-all ---- + . *_Check_* SVM peer on *secondary* file system. The status will show as *_pending_*. + [source,bash] ---- vserver peer show ---- + . *_Authorize_* the pending peer relationship from your *secondary* file system. + [source,bash] ---- vserver peer accept -vserver svmdr01 -peer-vserver svm01 ---- + . *_Verify_* the Cluster Peer Relationship was created successfully on *secondary* file system. + [source,bash] ---- cluster peer show ---- + . *_Verify_* the SVM Peer Relationship was created successfully on *secondary* file system. + [source,bash] ---- vserver peer show ---- + . *_Verify_* existing SnapMirror relationships on *secondary* file system. + [source,bash] ---- snapmirror show ---- + . *_Create_* a SnapMirror relationship on *secondary* file system. Specify type XDP to retain storage efficiencies, select *_MirrorAllSnapshots_* to setup a asynchronous relationship using default policy and a schedule. You can use a custom policy or customize the schedule to meet your RPO/RTO requirements. To learn more about SnapMirror best practices refer link:https://www.netapp.com/pdf.html?item=/media/17174-tr4733pdf.pdf[SnapMirror Best Practices] + [source,bash] ---- snapmirror create -source-path svm01:vol1 -destination-path svmdr01:vol2 -policy MirrorAllSnapshots -type XDP -schedule 5min ---- + . *_Verify_* SnapMirror relationship status on *secondary* file system. + [source,bash] ---- snapmirror show ---- + . *_Initialize_* the SnapMirror relationship from your *secondary* file system. Replace the SVM name with *_svmdr01_* and volume name with *_vol2_*. + [source,bash] ---- snapmirror initialize -destination-path svmdr01:vol2 ---- + . *_Verify_* SnapMirror relationship status from your *secondary* FSx file system. You should see the status as *Transferring* or *Finalizing*. *_Wait_* for the status to change to *Idle*. + [source,bash] ---- snapmirror show ---- + . *_Check_* detailed information about your SnapMirror relationship by running below command from your *secondary* FSx file system. Examine the output and check for *Throttle (KB/sec)*. + [source,bash] ---- snapmirror show -instance ---- + . Was your SnapMirror transfer bandwidth throttled? + TIP: You can configure per-relationship throttle or global throttling to restrict amount of bandwidth used. When global throttling is set, it restricts the bandwidth used by incoming and/or outgoing SnapMirror transfers. + . *_Run_* below command from your *secondary* FSx file system to copy the NFS Endpoint IP address of your SVM (_nfs_smb_management_1_). + [source,bash] ---- network interface show ---- + . *Create* a *_Junction Path_* for the destination volume using *ONTAP CLI* + [source,bash] ---- volume mount -vserver svmdr01 -volume vol2 -junction-path /vol2 ---- + . *_Run_* below command to exit the ONTAP CLI session and return to the *FSx for ONTAP Workshop Linux instance* + [source,bash] ---- quit ---- + . *_Run_* below command to export the NFS Endpoint IP address of the SVM on your *secondary* file system. Replace the IP address with the NFS endpoint IP address for your SVM. + [source,bash] ---- DRNFSENDPOINT="x.x.x.x" ---- + . . *_Return_* to the SSH connection of the *FSx for ONTAP Workshop Linux Instance* and *Mount* the volume on the Linux EC2 instance. Replace the IP address show below with the IP address of your NFS endpoint for SVM. + [source,bash] ---- SMMOUNT="/snapmirror" sudo mkdir ${SMMOUNT} sudo mount -t nfs ${DRNFSENDPOINT}:/vol2 ${SMMOUNT} ---- + . *_Run_* below command to set the *user:group* for the mount point. *_Copy_* the command with *ssm-user:ssm-user* if you are using a SSH session from *Session Manager*. *_Copy_* the command with *ec2-user:ec2-user* if you are using a SSH session from your *Terminal*. + [source,bash] ---- sudo chown ec2-user:ec2-user ${SMMOUNT} or sudo chown ssm-user:ssm-user ${SMMOUNT} ---- + . Did the permission change work? Since the volume is data protected by the SnapMirror relationship, you can only mount it read-only. + . *_Return_* to the SSH connection of the *FSx for ONTAP Workshop Linux instance* and SSH to the *secondary* file system management endpoint. + [source,bash] ---- ssh ${ADMINUSER}@${DRMGMTENDPOINT} ---- + . *_Verify_* the status of the SnapMirror relationship shows *Snapmirrored Idle*, *Quiesce* the relationship and *break* the relationship to make the destination volume *_read-write_*. + [source,bash] ---- snapmirror show snapmirror quiesce -destination-path svmdr01:vol2 snapmirror break -destination-path svmdr01:vol2 ---- + . *_Verify_* SnapMirror relationship status from your *secondary* FSx file system. You should see the status as *Broken-off*. + [source,bash] ---- snapmirror show ---- + . *_Run_* below command to exit the ONTAP CLI session and return to the *FSx for ONTAP Workshop Linux instance* + [source,bash] ---- quit ---- + . *Write* data on your destination volume to confirm your destination is now read-write. + [source,bash] ---- echo "Writing to snapmirrored volume" >> ${SMMOUNT}/snapmirror.txt cat ${SMMOUNT}/snapmirror.txt ---- + == Next section Click the button below to go to the next section. image::cleanup-resources.jpg[link=../10-cleanup-resources-snapmirror/, align="left",width=420]