This section describes how to configure Recovery Appliance replication with a time-controlled limited network access, such as the Virtual Air Gap solution for a data vault scenario.

In the vault scenario, the downstream Recovery Appliance is considered "the vault" and has its replication network closed. The upstream Recovery Appliance has a watcher that pauses replication until it sees that downstream replication network is available. The downstream Recovery Appliance determines when its replication network is available (open or limited) and for how long (timeout). Once the upstream watcher sees that the downstream replication is available, it resumes replication. In the limited access mode when the timeout period expires, the downstream replication network automatically closes, causing the upstream watcher to pause replication.

Configuring the limited replication network happens after you establish a replication partnership between the upstream and downstream Recovery Appliances. You manage the replication network traffic between the two environments. The network control is implemented on the replication network only (bondeth1, replication SCAN network and VIPs).

The following tasks describe in general the sequence to create a lmited replication network (assuming the replication partnership already exists).

Task 1: Set up a watcher on the upstream Recovery Appliance

On the upstream Recovery Appliance, the watcher is turned on throught the replication server.

racli alter replication_server --auto_enable=true

Later during normal operation:

• If the upstream Recovery Appliance replication server was paused and if the downstream replication network became available (open or limited), then the watcher automatically resumes the replication activies to the downstream.

• If the downstream replication network became unavailable (closed) and if the upstream Recovery Appliance replication server was running, then the watcher automatically pauses the replication activies to the downstream.

Task 2: Close the downstream replication network

The replication network must initially be in closed state. From the downstream Recovery Appliance, issue the following commands.

racli status replication_network
racli configure replication_network --mode=closed
racli status replication_network

Task 3: Open the downstream replication network for a limited time

Issue the following command with a <TIMEOUT> in minutes of your chosing. This opens the downstream replication network for the specified timeout period. After this period expires, the replication network is automatically closed.

racli configure replication_network --mode=limited [--timeout=<TIMEOUT>]

The timeout is in minutes and defaults to 60 minutes.

Normal Limited Access or Vault Operations

Once task 1 and 2 are completed, the vault configuration is complete.

Thereafter, task 3 is repeated on the downstream Recovery Appliance (the vault) on whatever manual or automated schedule is appropriate for the your application.

• Whenever the downstream replication network became available (open or limited), the paused upstream Recovery Appliance replication server automatically resumes the replication activies to the downstream.

• When the downstream replication network became unavailable (closed), the upstream Recovery Appliance replication server pauses the replication activies to the downstream.

Turn off limited access and turn on normal replication

To turn on normal replication between an upstream Recovery Appliance and the downstream, you open the downstream replication network.

racli configure replication_network --mode=open

If you no longer need limited access capabilities, you can stop the watch for the replication server on the upstream Recovery Appliance.

racli alter replication_server --auto_enable=false

If you turn off the upstream watcher (without opening the downstream replication network), the result may be replication log errors for the periods when the downstream replication network isn't available.