Red Hat OpenShift on VPC multiregion DR
This reference architecture is used in a multiregion disaster recovery scenario for a containerized workload with persistent storage and backup requirements. The pattern uses Red Hat OpenShift as the managed container platform and Red Hat OpenShift Data Foundation for software-defined storage (SDS) replication.
Architecture diagram
Review the following containers, SDS, and backup disaster recovery components that corresponds with Figure 1:
-
A single hyperconverged compute and storage Red Hat OpenShift cluster is created in primary and DR region accounting for containerized applications and environments that require disaster recovery protection. To meet the high availability 99.99% SLA 3 worker nodes equally distributed across three availability zones are included within each Red Hat OpenShift cluster in each region.
-
OpenShift Data Foundation provides data replication between Red Hat OpenShift source and failover destination clusters in separate regions. Each cluster has its ODF installation with one cluster designated as primary and another as secondary.
-
Red Hat Advanced Cluster Management (ACM) is used to manage ODF clusters and perform application failover and relocation.
-
Public connectivity: Cloud Internet Services (CIS) Global Load Balancer feature is used to provide public traffic load balancing between the primary and DR sites.
-
Public connectivity: VPN for VPC is used to provide secure connectivity from on-premises networks and admin access from anywhere.
-
Private connectivity: Redundant (or single) Direct Link connections that are established to the primary and DR sites with Transit Gateway connections.
-
Private connectivity: Global Routing is added to the DR region Direct Link for resilient private network connectivity outside the local market.
-
Private connectivity: Global Transit Gateway in the DR region provides interconnectivity between VPCs for replication traffic between IBM Cloud regions.
-
Private connectivity: Private DNS Services Global Load Balancer or customer provided GLB is used to provide private traffic load balancing between the primary and DR sites.
Design scope
Following the Architecture Design Framework, the Red Hat OpenShift Service on VPC DR pattern covers design considerations and architecture decisions for the following aspects and domains:
-
Compute: Containers
-
Storage: Primary storage, backup storage, software-defined storage
-
Networking: Enterprise connectivity, load balancing, DNS
-
Resiliency: Backup and restore, disaster recovery
The Architecture Design Framework provides a structured approach to designing cloud solutions by covering key architectural aspects and domains, helping ensure consistency across enterprise solutions regardless of technology. For more information, see Introduction to the Architecture Design Framework.
Requirements
The following table outlines key baseline requirements that are essential for most clients to successfully deploy the Red Hat OpenShift Service on VPC DR pattern.
| Aspect | Requirement |
|---|---|
| Compute | Provide a platform for containerized application, storage, and management workloads with adequate compute capacity. |
| Storage | Provide highly available storage that meets the application performance requirements. |
| Network | Enterprise connectivity to customer data centers to provide access to applications from on-premises. |
| Provide network isolation with the ability to separate applications based on attributes such as environment, data classification, public versus internal apps and function. | |
| Resiliency | Provide a containerized platform that supports application availability targets and business continuity policies. |
| Provide highly available compute, storage, network, and other cloud services for a resilient containerized application with persistent storage requirements. | |
| Provide a backup solution for containers platform and application data to enable recovery if an unplanned outage occurs. | |
| Provide highly available storage for containerized databases and stateful applications with cross-region storage replication. | |
| Provide for an RTO/RPO = 4 hours/15 minutes; expect rollback to original environments no later than specified RTOs. | |
| Provide public and private enterprise connectivity with failover to a secondary region for disaster recovery. Provide a 99.99% SLA on the containerized platform service. |
Solution components
| Category | Component | How it's used in the solution |
|---|---|---|
| Compute | Red Hat OpenShift on IBM Cloud VPC | Container platform with worker nodes to support the application, software-defined storage, and backup tool workloads. |
| Storage | Block Storage for VPC | ODF requires Block Storage for VPC as the backing storage for cluster worker nodes. Cloud Drives (for VPC Clusters only) can be used to dynamically provision Block Storage for VPCfor ODF. |
| ODF | ODF provides highly available unified storage across multiple zones for stateful application with Compute and Storage in a Hyperconverged design. | |
| IBM Cloud® File Storage for VPC | File storage offering that provides NFS-based file storage services. | |
| Object Storage | Backups, Archiving, 2nd offside backup copy, logs (application, operational, and audit logs) IBM Cloud Object Storage Smart Tier Cross Regional or Vault based on the access of the data frequency. | |
| Networking | Direct Link | Private network connectivity between VPCs and cloud services. |
| CIS | Public DNS resolution. | |
| Global Transit Gateway | Connectivity between two different regions for Workload and Management VPCs. | |
| Transit Gateway | Connectivity between Workload and Management VPCs. | |
| VPN for VPC | Remote access to manage resources in a private network. | |
| DNS Services | Private DNS resolution. | |
| Resiliency | ODF Disaster Recovery | Disaster Recovery Supports HA across Availability Zones, RPO-zero failover across data centers in a metropolitan area and continuous incremental backups across global data centers. |
| Cloud Internet Services (CIS) | Global Load Balancer. | |
| DNS Services | Private Global Load Balancer. |