VPC

Virtual Private Cloud resource replication with Arpio

Arpio replicates the following resource types from Amazon's Virtual Private Cloud service.

DHCP Options

Arpio replicates selected DHCP Options objects from your primary environment to your recovery environment. No fields are translated during replication.

Internet Gateway

Arpio replicates selected Internet Gateways from your primary environment to your recovery environment. The following attributes are translated during replication:

Attribute Translation
Attached VPCs Translated to corresponding VPCs that Arpio manages in the recovery environment

The following resources are automatically selected into recovery points when an Internet Gateway is selected:

  • The VPCs that the Internet Gateway is attached to

NAT Gateway

Arpio replicates selected NAT Gateways from your primary environment to your recovery environment.  NAT Gateways are created during recovery tests and actual failover.  The do not run when the recovery environment is not being used.

The following attributes are translated during replication:

Attribute Translation
Attached VPCs Translated to the corresponding VPCs that Arpio manages in the recovery environment.
Subnet IDs Translated to the corresponding subnet(s) that Arpio manages in the recovery environment.
IP Addresses Translated to the corresponding Elastic IPs that Arpio manages in the recovery environment.

The following resources are automatically selected into recovery points when a NAT Gateway is selected:

  • The Elastic IPs that the NAT Gateway relies upon
  • The Subnets that contain the NAT Gateway's endpoints
  • The VPCs that the NAT Gateway is attached to

Network ACL

Arpio replicates selected Network ACLs from your primary environment to your recovery environment.

If a Network ACL in your primary environment is the "default" for its VPC, its replica in the recovery environment will be the default for the corresponding VPC.

The following attributes are translated during replication:

Attribute Translation
IPv6 CIDR blocks If the CIDR block falls within a VPC that is being replicated, it will be translated to a corresponding CIDR block within the IPv6 range of the replicated VPC
VPC
Subnet Associations
Translated to the corresponding entity that Arpio manages in the recovery environment

The following resources are automatically selected into recovery points when a Network ACL is selected:

  • Subnets with which the Network ACL is associated

Route Table

Arpio replicates selected Route Tables from your primary environment to your recovery environment.

If a Route Table in your primary environment is the "main" route table for its VPC, its replica in the recovery environment will be the main route table for the corresponding VPC.

Arpio currently automates creation of the following route targets:

  • Local (the local network)
  • Internet Gateways
  • EC2 Instances

You may manually add routes to other target types. For example, you can add a VPC peer to the recovery environment, and add routes to that VPC peer. Arpio will retain those routes when it applies new recovery points to the environment.

The following attributes are translated during replication:

Attribute Translation
IPv6 Route Destinations If the route destination's CIDR block falls within a VPC that is being replicated, it will be translated to a corresponding CIDR block within the IPv6 range of the replicated VPC
Prefix List Route Destinations Translated to the corresponding prefix list in the recovery region
Internet Gateway route target Translated to the corresponding Arpio managed Internet Gateway in the recovery environment
EC2 Instance route target Translated to the corresponding Arpio managed EC2 Instance in the recovery environment
Subnet Associations Translated to the corresponding subnets that Arpio manages in the recovery environment

The following resources are automatically selected into recovery points when a Route Table is selected:

  • The VPC containing the Route Table
  • Any Internet Gateways referenced as route targets

Security Group

Arpio replicates Security Groups, and all of their rules, to the recovery environment.

If a Security Group in your primary environment is the "default" for its VPC, its replica in the recovery environment will be the default for the corresponding VPC.

The following attributes are translated when replicating Security Groups to the recovery environment:

Attribute Translation
Other Security Groups If a Security Group rule references another Security Group that is being replicated, it is translated to the corresponding Arpio managed Security Group in the recovery environment
IPv6 CIDR Blocks If the CIDR block falls within a VPC that is being replicated, it will be translated to a corresponding CIDR block within the IPv6 range of the replicated VPC
Prefix Lists Translated to the corresponding prefix list in the recovery region

The following resources are automatically selected into recovery points when a Security Group is selected:

  • The VPC containing the Security Group
  • Any other Security Groups referenced by rules on this Security Group

Subnet

Arpio replicates subnets to the recovery environment.

Subnets live in availability zones, and you've probably chosen them carefully in your primary environment. Arpio maps these to availability zones in the recovery environment, ensuring that the resources used in your subnets are available in the mapped availability zones while maximizing availability zone diversity in the recovery environment.

The following attributes are translated when replicating Subnets to the recovery environment:

Attribute Translation
IPv6 CIDR Blocks Translated to a corresponding CIDR block within the IPv6 range of the replicated VPC
VPC Translated to the corresponding Arpio-managed VPC in the recovery environment
Availability Zone Translated to an availability zone in the recovery environment that supports the resources defined within the Subnet while maximizing availability zone diversity of the recovery environment

The following resources are automatically selected into recovery points when a Subnet is selected:

  • Associated Network ACLs
  • Associated Route Tables
  • The VPC containing the Subnet

VPC

Arpio replicates VPCs to the recovery environment.

The replicated VPC is setup to maximize similarity with the primary environment. In addition to containing replicas of the primary environment's resources, it retains the IPv4 CIDR blocks of the primary environment. Instances that Arpio launches within the recovery environment retain the IPv4 addresses of the corresponding instance in the primary environment.

There may be occasions where you need network connectivity between your primary environment's VPC and the recovery environment's VPC. This is possible through network address translation, and Arpio support can help you set that up.

The following attributes are translated when replicating VPCs to the recovery environment:

Attribute Translation
IPv6 CIDR Block AWS will grant a new IPv6 CIDR block for the recovery environment VPC
DHCP Options Translated to the corresponding Arpio-managed DHCP Options in the recovery environment

The following resources are automatically selected into recovery points when a VPC is selected:

  • Associated DHCP Options
  • The "default" Security Group
  • The "main" Route Table
  • The "default" Network ACL
  • Attached Internet Gateways

VPC Endpoints

Arpio replicates selected VPC gateway and interface endpoints from your primary environment to your recovery environment. 

The following interface endpoint attributes are translated during replication:

Attribute

Translation

VPC

Translated to the corresponding VPC that Arpio manages in the recovery environment

Subnets

Translated to the corresponding subnets that Arpio manages in the recovery environment. 

Security Groups

Translated to the corresponding security groups that Arpio manages in the recovery environment. 

Endpoint Notifications

Translated to the corresponding SNS topics Arpio manages in the recovery environment. 

Policy Document

Translated to the corresponding policy document that Arpio manages in the recovery environment

The following gateway endpoint attributes are translated during replication:

Attribute

Translation

VPC

Translated to the corresponding VPC that Arpio manages in the recovery environment

Route Tables

Translated to the corresponding route tables that Arpio manages in the recovery environment. 

Policy Document

Translated to the corresponding policy document that Arpio manages in the recovery environment.

 

The following resources are automatically selected into recovery points when a VPC Endpoint is selected:

All Endpoints:

  • The VPC that the endpoint is attached to
  • The Endpoint Policy Document attached to the endpoint

Interface Endpoints:

  • Subnets attached to the endpoint
  • Security groups attached to the endpoint
  • SNS Topics attached as Notification Connections to the endpoint

Gateway Endpoints:

  • Route tables the gateway endpoint lives in