JetStream for GCE Disaster Recovery Orchestration Admin Guide

Production VM Failure Scenarios in AROVA

This section describes various possible production VM failure scenarios and their handling using AROVA.

AROVA supports the following protected VM fault tolerance scenarios:

Protected VM failover from any single failure (e.g., No single point of failure).
Protected VM failover from a double-failure (e.g., Regional VM two zone failure – VMs are failed over to the secondary region).

Protected VMs may not be recoverable after some types of double-failure (e.g., A zonal VM losing both its primary and secondary disks).

AROVA ensures data consistency on failover or failback. AROVA stops protection if data consistency cannot be guaranteed – allowing no chance for data corruption.

In the following examples the following are assumed:

AROVA is up and running.
Production VM failure can be partial or full zonal or regional in the primary and/or secondary regions.
A VM is considered "zonal" if all its disks are zonal. Otherwise, the VM will be considered "regional."

Some partial and full zonal failures may impact some VMs randomly.

The AROVA is a managed disk state machine.

After successful failover, the protection status of recovered VMs and disks will be "Unprotected."

Backward replication is not started automatically because the primary region may not yet be restored.

Even though the VM’s status is Unprotected, its VM metadata and properties contained in the CDB can be reused as needed.

Figure 120: "Unprotected" state.

Follow the links below to learn more about various possible failover scenarios.

Failure Scenario Cases:

Zonal VM, Primary Region, VM Zone (R1Z1) Failure

Zonal VM, Secondary Region, Secondary Disk Zone (R2Z1) Failure

Zonal VM, Asynchronous Replication Failed Temporarily then Resumed

Zonal VM, Secondary Region, Secondary Disk Failure

Regional VM, Primary Region, Primary Disk Failure

Regional VM, Primary Region, Primary Disk Primary Zone (R1Z1) Failure

Regional VM, Primary Region, Primary Disk Secondary Zone (R1Z2) Failure

Regional VM, Secondary Region, Secondary Disk Primary Zone (R2Z1) Failure

Regional VM, Secondary Region, Secondary Disk Secondary Zone (R2Z2) Failure

Dependent VMs, Primary Region, Partial or Full Zonal Failure (R1Z1)

Dependent VMs, Temporary Replication Failure

Dependent VMs, Secondary Region, Secondary Disk Failure

Dependent Regional VMs, Primary Region, Primary Disk Zone Partial or Full Failure

Secondary Disk Partial or Full Zone Failure for Dependent Regional VM

Dependent Regional VMs, Secondary Region, Secondary Disk Replica Disk Failure

Primary Region Failure

Protected VM Single Disk Failure