How to make DR-ready system with Amazon Aurora Global Database

How to make DR-ready system
with Amazon Aurora Global Database
Minoru Onda @minorun365
So#ware engineer
KDDI Corpora1on & KDDI Agile Development Center Corpora1on
A W S C O M M U N I T Y B U I L D E R S
A PJ O P E N M I C – M AY

View Slide

> Minoru Onda @minorun365
So,ware Engineer / KDDI & KAG (Concurrently)
Co-lead in communiCes
• JAWS-UG SRE Branch
• JAWS DAYS 2022
Awards
• KDDI Cloud SAMURAI 2021
• KDDI Cloud Ambassadors 2021
$ whoami

View Slide

Do you love Amazon Aurora?

View Slide

Oﬀ course I love!
😍

View Slide

• Distributed instances
• Fast replicaCon in 3AZ storage
• Autoscaling of replicas and volumes
docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Overview.html
Amazon Aurora is cloud-na3ve RDB

View Slide

Customer service applicaCon in mobile shops
Where I am using Aurora

View Slide

Hosted on EKS and connecCong with many on-prem systems
Where I am using Aurora
VPC
Tokyo region
EKS
on EC2 Aurora
iPads on shops
Private network
Private network
On-prem workloads
DX
DX

View Slide

We faced huge outage of DX on 2021, and started mulC-region planning
Started DR planning a?er Direct Connect outage
VPC
Tokyo region
EKS
on EC2 Aurora
iPads on shops
Private network
Private network
On-prem workloads
DX
DX

View Slide

© 2023, Amazon Web Services, Inc. or its aﬃliates. All rights reserved.
Then, how to enable BCP?

View Slide

Clarify your requirements!
• Recovery Cme objecCve (RTO)
• Recovery point objecCve (RPO)
Basic strategies of disaster recovery (DR) on AWS
aws.amazon.com/jp/blogs/architecture/disaster-recovery-dr-architecture-on-aws-part-i-strategies-for-recovery-in-the-cloud/

View Slide

Select best-suit plan with your requirement
• Backup & restore
• Pilot light
• Warm standby
• MulC-site acCve/acCve

View Slide

Select best-suit plan with your requirement
• Backup & restore
• Pilot light
• Warm standby
• MulC-site acCve/acCve
We chose it!
☝

View Slide

And don’t worry!
It’s easy to make your system
mul/-region 😚

View Slide

And don’t worry!
It’s easy to make your system
mul/-region 😚
...excluding Database 🥶

View Slide

Why database is diﬃcult on mul:-region?

View Slide

When you have mulCple DB like...
• To get High-Availability
• To make DR-ready
• To enable Blue/Green deployment
“You build mul<-DB,
you run it consistently!”
Diﬃcul3es on mul3ple database
Werner Vogels on Wikipedia,
however he never says above

View Slide

Popular soluCons for make DBs consistent:
From applica+on
• 2 phase commit (2PC)
• Saga pe8ern
From database
• Logical replica+on
• Phisical replica+on

View Slide

Popular soluCons for make DBs consistent:
From applica+on
• 2 phase commit (2PC)
• Saga pe8ern
From database
• Logical replica+on
• Phisical replica+on
☝
You can use it easily
with Amazon Aurora!

View Slide

Yes that’s Global Database

View Slide

What is Global Database?

View Slide

• Storage replicaCon across regions
• High performance with phisical volume replicaCon
Amazon Aurora Global Database
Aurora cluster (primary)
Tokyo region
Writer & readers
Cluster volumes
Aurora cluster (secondary)
Osaka region
Readers
Cluster volumes
‎ ‎ ‎
Outbound
replica4on

View Slide

Supported engines:
On Aurora MySQL
• Ver 2.11+ (minor versions)
Amazon Aurora Global Database
On Aurora PostgreSQL

View Slide

Just click “Add AWS Region” on exisCng cluster, that’s it 👍
How to use Global Database

View Slide

Demo 1: Enable Global Database

View Slide

Conguratula*ons 🎉
It’s global now.
...is that all??
🥳

View Slide

No, it’s just a beginning...
What you shoud do
on actual disaster maBers!

View Slide

Two op:ons for failover Global Database

View Slide

We have 2 opCons for failover regions in Global Database
Planned failover (managed)
• One-click on console
• Cannot used on emergency
What should you do on disaster?
Unplanned failover
• Manual opera9on with steps
• Available even on disaster

View Slide

We have 2 opCons for failover regions in Global Database
Planned failover (managed)
• One-click on console
• Cannot used on emergency
What should you do on disaster?
Unplanned failover
• Manual opera9on with steps
• Available even on disaster
👇
Use it ﬁrst!

View Slide

When you run Global Database on Tokyo (primary) and Osaka (secondary) ...
Opera3on steps on disaster
Tokyo region
Osaka region
‎ ‎ ‎
Primary

View Slide

Disaster occured!
Tokyo region Osaka region
‎ ‎ ‎ Aurora cluster (secondary)

View Slide

Then you shoud remove secondary cluster from Global Database
Tokyo region
Aurora cluster (standalone)
Osaka region
Remove from
Global DB

View Slide

A,er disaster past, you can rebuild Global Database from Osaka (new-primary)
Opera3on steps a?er disaster
Aurora cluster (old)
Tokyo region
Osaka region
‏ ‏ ‏
Rebuild GDB
Primary

View Slide

Demo 2: Unplanned failover on emergency

View Slide

A,er disaster past, you can rebuild Global Database from Osaka (new-primary)
Tokyo region
Osaka region
‏ ‏ ‏
Rebuild GDB
Primary

View Slide

On peaceful day, you can switch back regions with managed planned failover
Tokyo region
Osaka region
‎ ‎ ‎
Managed
failover
Primary

View Slide

Demo 3: Planned failover (managed)

View Slide

What I learned by using Global Database
on produc:on

View Slide

Make DR opera3on ﬂowchart beforehand!
Disaster occured!

View Slide

Disaster occured! Decide to ac4vate DR

View Slide

Check health of Osaka
cluster using SQL

View Slide

cluster using SQL
Shut requests out
by enabling redirect

View Slide

cluster using SQL
Shut requests out
Check replica4on lag

View Slide

cluster using SQL
Shut requests out
Modify DNS record to
switch Aurora endpoints

View Slide

cluster using SQL
Shut requests out
Unplanned failover
on Global Database

View Slide

cluster using SQL
Shut requests out
Unplanned failover
on Global Database
Chack health of app
on Osaka

View Slide

cluster using SQL
Shut requests out
Unplanned failover
on Global Database
Chack health of app
on Osaka
within RTO

View Slide

In my case...
• Automated all the operaCons with Exastro (Japanese so,ware)
• Separeted operaCons by group, making it easy to go ﬂexible with situaCon
• Using Ansible for included operaCons of on-prem network components
You will make mistake on emergency. Automate it!

View Slide

If you can, plan regular training with all the stakeholders
• OperaCons team
• Infrastructure developers (including DBA)
• ApplicaCon developers
• Management (who can decide to acCvate DR)
And prac3ce DR opera3ons regularly!

View Slide

Thank you!
Minoru Onda
How to make DR-ready system
with Amazon Aurora Global Database Give me your feedback!

View Slide

How to make DR-ready system with Amazon Aurora Global Database

How to make DR-ready system with Amazon Aurora Global Database

みのるん

More Decks by みのるん

Other Decks in Technology

Featured

Transcript