Google Cloud Platform

SUREedge® DR 6.5.0

Getting Started Guide for Google Cloud Platform

1. Introduction

Welcome to SUREedge DR! Data migration can be a lengthy and difficult, although a necessary, process. SUREedge® DR is a proven enterprise-class software appliance for Application Mobility, significantly simplifying and improving the process of moving enterprise applications and systems across disparate environments. With a multi-tier application migration planner, agentless architecture, WAN throttling, application awareness and world class encryption and deduplication capabilities, SUREedge DR is easy to deploy, highly scalable and hardware- and hypervisor- agnostic. With the ability to capture and migrate applications, data and servers between disparate virtualization environments, data centers and public, private and hybrid clouds, SUREedge® DR is the most complete and easy-to-use solution available in the market.

1.1 Deployment Scenarios

SUREedge® DR supports many different deployment configurations to meet the needs of various situations:

  • Cloud-targeted DR, where the cloud is leveraged as a failover site for on-premises workloads or workloads in another cloud.
  • Site-to-site DR, where the source and target environments are non-cloud based.
  • Intra-cloud DR, where the goal is to protect against unavailability due to loss of resources in or connectivity to a region or zone within a public or private cloud.
  • Cloud-to-site DR, which reverses the cloud-targeted scenario and uses a non-cloud, on-premises virtualization environment to protect cloud-based workloads.

In all these scenarios an instance of SUREedge DR is deployed in each of the source and target environments. The source SUREedge DR instance is responsible for capturing images of the protected systems and efficiently transferring them to the target instance. The target SUREedge DR instance receives and manages the system images and orchestrates the transformation and instantiation process when recoveries are performed.

1.2 Installation Overview

To set up an environment for recovery you should first determine the location(s) where SUREedge DR should be installed. You can then:

  • Obtain the required documentation and software for the environment(s) you have identified. You should have SUREedge DR 6.5.0 Getting Started Guide for Google Cloud Platform (GCP).
  • Perform the installation of SUREedge DR software as instructed.
  • License and configure SUREedge DR as appropriate for each environment, as described in the Installation Guide and the SUREedge DR 6.5.0 User Guide.

This Getting Started guide covers the steps necessary for installing SUREedge DR in a GCP environment. The following sections will take you through the steps to obtain installation materials and to install, license and configure SUREedge DR to run in a GCP environment. You can then use the SUREedge DR 6.5.0 User Guide to configure and start using SUREedge DR for recovery.

2. Installing SUREedge DR

SUREedge DR installers, tools and documentation are all available online for download or deployment. The next sections will detail you to obtain the documentation and software binaries you will need to get started with SUREedge DR.

2.1 Obtaining Documentation

SUREedge DR documentation is available for download as PDF files from the Sureline Systems. To get access to SUREedge DR documentation, navigate to this URL in your browser:
https://drive.google.com/drive/u/0/folders/1d5WbV869lbJILeSNbPccXDTIUhClD284

You will need an account to log in and access the SUREedge DR documentation. If you are a new user, please click on “Request access”. After request is approved, you will have access to the download area:

Prerequisites for SUREedge DR Deployment in Google Cloud.

To create virtual machines in the target project(s) where recovered servers will be relocated SUREedge DR needs to perform operations using a service account with sufficient permissions and have network access to the new virtual machines. This requires that the necessary APIs be enabled for the project(s) where VMs will be recovered and the availability of a service account with the appropriate roles and permissions enabled. You must also make sure that the virtual networking for the project(s) is configured such that for the duration of the recovery operation the recovered VMs can be reached by the SUREedge DR instance that you deploy.

The following sections describe the specifics of these prerequisites and how to meet them.

2.2.1 Accounts and Privileges

To be able to make the cloud API calls required to create the cloud-side virtual machines and transform them to run in the cloud SUREedge DR needs the project to have the necessary APIs enabled and a service account with the appropriate permissions. Sureline provides a script that you can use to make the process of creating the roles and enabling the APIs easier. The details of required APIs, roles and permissions are outlined here.

2.2.2 Networking Configurations

SUREedge DR uses Google Cloud Virtual Private Cloud (VPC) networks and requires specific networking firewall rules to be configured for deployment and recovery of workloads. This section describes networking requirement and firewall rules needed for deployment.

All projects where VMs will be recovered must be reachable by the SUREedge DR instance; if multiple projects are involved, then this will require a Shared VPC. (Note: Legacy networks are not supported.) Any project can host the Shared VPC with the remaining projects attached. In the case where all recovered systems are going into a single project then the SUREedge DR instance should be deployed there and the default VPC for the project can be used.

2.2.2.1 Configuring Firewall rules

To create and transform servers being recovered in GCP the SUREedge DR instance must be able to communicate with the VMs being created in the cloud. To allow this any firewalls between the SUREedge DR instance and the projects that will contain the recovered VMs must allow the following network communications:

  • ICMP: Firewalls must allow ICMP packets to be passed between the SUREedge DR instance and the target projects and networks.
  • TCP: Ports 22, 25025, 25026, 25027, and 25028 must be open between the SUREedge DR instance and the target project networks.
  • TCP: Ports 80 and 443 are used to access the SUREedge DR UI and must be open between the SUREedge DR MC VM and any systems where a browser will be used to access the DR UI.

2.3 Deploying SUREedge DR on GCP

This section contains the instructions for deploying SUREedge DR on Google Cloud Platform.

  1. Login to GCP and navigate to the Marketplace (https://console.cloud.google.com/marketplace) and search for “SUREedge DR”:

  2. You will see a listing for SUREedge DR:

  3. Click on “SUREedge DR” as highlighted in the above screen. This brings you to the DR’s Marketplace Product Page:

  4. Click the LAUNCH button to begin the deployment process. This shows the SUREedge DR Deployment page:

  5. First select the project in which you wish to deploy.
  6. In the New SUREedge DR Deployment section you can customize any of the deployment parameters as per your requirements.
    You must supply the following information:
    1. In the Deployment name field enter the appropriate name of the deployment project.
    2. In the Recovery Controller Service Account field enter a service account to be used by the deployed DR instance (as described in Section 2.2 above.)
    3. In the Networking section you should select a VPC which is shared between the project where SUREedge is deployed and any target projects where VMs need to be recovered. (If all VMs are going to be recovered in the same project as the one where DR is being deployed you can select any network attached to it.)
    You may also modify the following parameters:
    1. In the Zone field select the appropriate zone/ country from the dropdown list for deployment process.
    2. If you wish the deployment process to add tags and firewall rules to your chosen VPC that will allow recovery related from the internet, then enable the Communication Ports option. You can restrict the source IP addresses given this access by adding them to the Source Server IP Ranges field. (These steps are not required if, for example, you will be utilizing a VPN to connect your networking to the systems being recovered.)
    3. If you wish the deployment process to add tags and firewall rules to your chosen VPC that will allow web-based UI traffic from the internet, then enable the SUREedge Web UI Ports option. You can restrict the source IP addresses given this access by adding them to the field IP ranges from *which* SUREege Web UI traffic will be allowed.
    4. You can expand the More Networking Details area to access more options, such as whether an external IP address should be assigned to the DR Instance VMs being deployed.
    5. In the Windows VM Details section, you can modify the values for the SUREedge DR MC virtual machine, such as the machine type, disk type and size, etc.
    6. In the Linux VM Details section, you can modify the values for SUREedge Store virtual machine, such as the machine type, disk type and size, etc.
    7. In the Linux Data Disk section, you can modify the type and amount of disk space allocated for storing replicated system images. It defaults to 1TB which is sufficient for many DR projects. You can enable automatic SUREedge Store growth (which automatically increases the SUREedge Store capacity when required) by selecting the SUREedge Store automatic resizing option. If you do not enable this option, you should carefully monitor your Store capacity needs using the SUREedge Web UI to avoid replication interruptions due to lack of space.

You can modify the amount of disk space allocated for storing images of recovered systems in the Linux Data Disk section. It defaults to 1TB which is sufficient for many recovery projects and the disks are automatically resized as needed while recovery is in progress.

Once deployment is completed the post-deployment page shows Windows VM address where you can access the DR user interface, and a pre-configured username and password used to log in.

3. Getting Started

Your system is now installed and ready to perform Recovery. Please refer to the SUREedge DR User Guide for more information about SUREedge DR applications and systems.

Use the Windows Site Address link from the post-deployment page to access the newly deployed SUREedge DR instance. This will lead you to the following login screen. Enter the Admin user (from the post-deployment page) in the Username field and the Admin Password in the Password field.

Click Login. You will be taken to the SUREedge DR main user interface.

A SUREedge DR Dual Instance Deployment involves deploying an instance of DR within the source site, where the systems being protected reside, which is used to capture and securely transfer system images to the DR instance running in the cloud. (For details on when you might want to use a Dual Instance deployment, see the Introduction to the SUREedge DR User Guide.)

To download the software, navigate to the Settings page of the DR UI and select the Dual Instance section:

Here you will find installation media for installing DR instance in various environments, along with instructions for its installation and configuration.

4. Required APIs, Roles and Permission

SUREedge DR requires that certain APIs can be used within the project(s) where VMs will be recovered and needs a service account with the appropriate roles and permissions enabled. The APIs, roles and permissions required are listed in the table below:

Project APIs needed:
iam.googleapis.com cloudresourcemanager.googleapis.com logging.googleapis.com
compute.googleapis.com storage-component.googleapis.com monitoring.googleapis.com
Roles Needed:
iam.serviceAccountUser logging.logWriter roles/monitoring.metricWriter
roles/monitoring.viewer
Permissions Needed:
compute.addresses.create compute.addresses.createInternal compute.addresses.delete
compute.addresses.deleteInternal compute.addresses.get compute.addresses.list
compute.addresses.setLabels compute.addresses.use compute.addresses.useInternal
compute.diskTypes.get compute.diskTypes.list compute.disks.create
compute.disks.delete compute.disks.get compute.disks.list
compute.disks.setLabels compute.disks.update compute.disks.use
compute.disks.useReadOnly compute.disks.createSnapshot compute.images.get
compute.images.list compute.images.useReadOnly compute.snapshots.create
compute.snapshots.delete compute.snapshots.useReadOnly compute.instances.attachDisk
compute.instances.create compute.instances.delete compute.instances.detachDisk
compute.instances.get compute.instances.getSerialPortOutput compute.instances.list
compute.instances.reset compute.instances.setDiskAutoDelete compute.instances.setLabels
compute.instances.setMachineType compute.instances.setMetadata compute.instances.setMinCpuPlatform
compute.instances.setScheduling compute.instances.setServiceAccount compute.instances.setTags
compute.instances.start compute.instances.startWithEncryptionKey compute.instances.stop
compute.instances.update compute.instances.updateNetworkInterface compute.instances.updateShieldedInstanceConfig
compute.instances.use compute.licenseCodes.get compute.licenseCodes.list
compute.licenseCodes.update compute.licenseCodes.use compute.licenses.get
compute.licenses.list compute.machineTypes.get compute.machineTypes.list
compute.networks.get compute.networks.list compute.networks.use
compute.networks.useExternalIp compute.nodeGroups.get compute.nodeGroups.list
compute.nodeTemplates.list compute.projects.get compute.regionOperations.get
compute.regions.get compute.regions.list compute.subnetworks.get
compute.subnetworks.list compute.subnetworks.use compute.subnetworks.useExternalIp
compute.zoneOperations.get compute.zones.get compute.zones.list
iam.serviceAccounts.get iam.serviceAccounts.list resourcemanager.projects.get
storage.buckets.create storage.buckets.delete storage.buckets.get
storage.buckets.list storage.buckets.update storage.objects.create
storage.objects.delete storage.objects.get storage.objects.list
storage.objects.update compute.disks.resize runtimeconfig.variables.create
runtimeconfig.variables.delete runtimeconfig.variables.get runtimeconfig.variables.list
runtimeconfig.variables.update runtimeconfig.variables.watch

To ease the process of setting up these permissions Sureline has provided a script that can be run in a cloud shell in your account create a service account grant it the required roles and permissions. The script needs to be run under a user account with the following roles:

  • Owner: privileges for the project(s) into which systems will be recovered.
  • Organization Role Administrator privileges for the account; and
  • Organization Administrator privileges for the cloud account.

Note: If the systems being recovered will all be brought up within a single project, then the recovery can be achieved with permissions strictly enabled for that project. In this case the script can be run with only the project’s Owner role.

4.1.1 Running The Setup Script

To run the permissions setup script click the “Activate Cloud Shell” button at the top of the Google Cloud Platform Console.

A Cloud Shell session opens inside a new frame at the bottom of the Console and displays a command-line prompt. It can take a few seconds for the session to be initialized.

At the prompt Issue the command below to download a configuration script to create Google Cloud roles and service accounts: 

gsutil cp gs://sureline-release/DR/6.5.0/SUREedgePreDeployment/* .

This command copies the following files into the Cloud Shell environment: 

SUREedgeDRPreDeployment.py
sureedge_deployment.json

The script SUREedgeDRPreDeployment.py can then be run to create the required role and service account for SUREedge DR. The script’s usage is as follows:

python3 SUREedgePreDeployment.py [-h] -d <DEPLOYMENT_NAME> -p <PROJECT_ID> [-o <ORG_ID>]

where the arguments are:

Argument Description Required
-h, –help show this help message and exit No
-d <DEPLOYMENT_NAME> –deployment-name <DEPLOYMENT_NAME> A suffix that will be appended to the Service Account and Role names created by the script. Must be less than 8 characters and can only have lowercase letters and numbers. Yes
-p <PROJECT_ID>
–project-id PROJECT_ID		 The ID of the GCP project will host your DR instance. Yes
-o <ORG_ID>
–org-id <ORG_ID>		 The numeric GCP organization ID in which the role will be created, and which administers the project(s) where recovered systems will exist. No

For example, to create roles and permissions using the suffix sureorg2 for deployment of a SUREedge DR instance into the project sureline-demo within the organization whose ID is 012345678910 you would run the command: 

python3 SUREedgePreDeployment.py -d sureorg6 -p sureline-demo -o 012345678910

This will create the role SUREedge Manager sureorg6 within the organization with ID 012345678910 and within the project sureline-demo and create the service account sureedge-manager-sureorg6@sureline-demo.iam.gserviceaccount.com.

In the case where all recovery operations will occur within a single project the script can be run without the organization ID option (-o <ORG_ID> ):

python3 SUREedgePreDeployment.py -d sureproj -p sureline-demo

This command creates SUREedge Manager sureproj role and the service account sureedge-manager-sureproj@sureline-demo.iam.gserviceaccount.com service account in the sureline-demo project.

5. Contacting Support

The Sureline Systems website (https://www.surelinesystems.com) provides a support page where you can submit your issues. A ticket will be generated automatically, and the support team will contact you.

Email Us

Alternatively, you can write an email to support@surelinesystems.com with a detailed description of the issue. This will automatically create a support ticket, and a member of our customer support team will reach out to you soon after.

Telephone Support:

You can also contact us directly on this number 408–331-8750, if you wish to speak with a Sureline Systems Engineer directly.