Skip to content
English
Customer portal
Go to arpio.io
  • There are no suggestions because the search field is empty.

DR Network Architecture Planning

These are common questions to address with your internal teams before a scheduled DR test or failover exercise.

Source Environment

  • Describe the workloads in scope for DR.
    • What are the primary resource types?
    • Which AWS accounts do these resources live in?
    • Are these accounts in the same OU?
    • What are your internal infrastructure dependencies?
  • Describe the network architecture of your primary environment.
    • Do you have cross-account dependencies / shared resources? 
    • How are the cross-account dependencies linked? Is it by transit gateway, peered VPCs, etc?
    • How is DNS configured and utilized?
      • Is there an internal DNS Domain and where are the NameServers?
      • Is there a production DNS Domain and where are the NameServers?
    • Optional: Create or update a Network Diagram to describe your network setup (VPCs, subnets, routing, etc.). This is useful for exploring the questions below, and as a reference for Arpio to advise on your recovery environment.
      Here is an example:
      Screenshot 2024-08-05 at 1.34.47 PM
  • Do you have external dependencies on:
    • Active Directory? What type ( Ex. AWS Managed ActiveDirectory, AD Domain installed on DC running on EC2)?
    • External Firewall Appliances - Palo Alto, Fortinet, etc.
    • Third-party SaaS apps that require Internet connectivity
    • Marketplace images
    • Other?

Recovery Environment

  • What is your network architecture going to look like in the DR environment? 
    • Will the DR environment be isolated from your production environment or connected? 
    • How are IPs handled? Note: Arpio will replicate your IPs by default, but we do have the ability to renumber your recovery environment, if needed.
    • Is Arpio replicating AWS Transit Gateways, resources shared across AWS accounts, or handling Amazon VPC peering?
    • Are replicated connections in the DR environment going to mirror production?
    • Are there dependencies on IP addresses or connection strings?

Testing

  • When recovered, how are testers going to connect to the DR environment?
  • Do you plan to use Arpio’s network sandbox to create a bubble environment? 
    • If so, are there services that will need to access the internet during the test?
    • If so, are your network firewalls directly in front of the Internet Gateways?
    • If so, will non-AWS Network Firewalls need to be created and managed in the DR environment?
  • Are there additional stakeholders who need to attend the networking deep dive? (Networking, Security, etc.)
  • Testing should be incremental and can start with Infrastructure validation
  • What is the plan for Application-level validation?

General Guidelines

  • To get complete resiliency, you will need to recover your environment in an alternate region and account. This gives you protection against both infrastructure outages, as well as ransomware and other cyber threats.
  • We generally recommend that you mirror your primary account structure in your DR environment – e.g. each source AWS account should have a mirror DR account.
  • Arpio does not support the ability to replicate one source environment into two accounts in the same region.