87
Disaster Recovery and Backup
The XenServer Disaster Recovery (DR) feature is designed to allow you to recover virtual machines (VMs) and
vApps from a catastrophic failure of hardware which disables or destroys a whole pool or site. For protection
against single server failures, see the section called “High Availability”
Note:
Disaster Recovery is only available for XenServer Platinum edition. To learn more about
XenServer Advanced or higher editions and to find out how to upgrade, visit the Citrix website
here.
You must be logged in as root or have the role of Pool Operator or higher to use this feature.
Understanding XenServer DR
XenServer DR works by storing all the information needed to recover your business-critical VMs and vApps on
storage repositories (SRs) that are then replicated from your primary (production) environment to a backup
environment. When a protected pool at your primary site goes down, the VMs and vApps in that pool can be
recovered from the replicated storage and recreated on a secondary (DR) site, with minimal application or user
downtime.
Note:
Citrix strongly recommends using the new XenServer 6.0 Disaster Recovery feature, as the
legacy Metadata Backup, Restore and Update mechanism (accessible via the XenServer host
console) will be depreciated in a future XenServer release. Citrix advises customers using the
legacy mechanism to migrate to the new, integrated feature.
In the event of a disaster, the Disaster Recovery wizard in XenCenter can be used to interrogate this storage and
import chosen VMs and vApps into a recovery pool. Once the VMs are running in the recovery pool, the recovery
pool metadata is also replicated to allow any changes to VM settings to be populated back to the primary pool,
should the primary pool be recovered. If the XenCenter wizard finds information for the same VM present in two
or more places (for example, storage from the primary site, storage from the disaster recovery site and also in
the pool that the data is to be imported into) then the wizard will ensure that only the most recent information
per Virtual Machine is used.
The Disaster Recovery feature can be used both with XenCenter and the xe CLI. See the section called “Disaster
Recovery (DR) Commands” for details on these commands.
Tip:
You can also use the Disaster Recovery wizard to run test failovers for non-disruptive testing
of your disaster recovery system. In a test failover, all the steps are the same as for failover,
but the VMs and vApps are not started up after they have been recovered to the DR site,
and cleanup is performed when the test is finished to remove all VMs, vApps and storage
recreated on the DR site.
XenServer VMs consist of two components:
• Virtual disks that are being used by the VM, stored on configured storage repositories (SRs) in the pool where
the VMs are located.
• Metadata describing the VM environment. This is all the information needed to recreate the VM if the original
VM is unavailable or corrupted. Most metadata configuration data is written when the VM is created and is
updated only when you make changes to the VM configuration. For VMs in a pool, a copy of this metadata is
stored on every server in the pool.
In a DR environment, VMs are recreated on a secondary (DR) site from the pool metadata – configuration
information about all the VMs and vApps in the pool. The metadata for each VM includes its name, description