AvePoint Docs
Graph API
My support tickets
Graph API
My support tickets
English

Home > Infrastructure Resilience > Create a Policy

Export to PDF

Create a Policy

For steps on creating a policy for Microsoft Azure or Amazon Web Services, refer to the sections below.

Create a Microsoft Azure Resilience Policy

To create a resilience policy for Microsoft Azure resources, complete the following steps:

  1. On Infrastructure resilience page, click Create.

  2. In the Create infrastructure resilience policy panel, complete the following steps:

    1. Define the resource scope – Select Microsoft Azure as the service type. Infrastructure resilience policies now allow you to add Azure Kubernetes service, SQL database, storage account, MySQL flexible server, PostgreSQL flexible server, virtual machines Web app (container mode), and virtual machine scale sets to the policy’s protection scope. To define the resource scope, complete the configurations:

      • App profile – Select an app profile you have added in AvePoint Online Services. Azure resources of the app profile’s tenant will be able to be included in this policy’s protection scope.

      • Add resources to protect – Click Add resources to resilience pack. In the dropdown list, select the resource type.

        In the Add resources to resilience pack panel, select the resources to add. You can also search for specific resources by their names in the search box or filter them by their type, subscription, or resource groups. After finishing selecting, click Add.

        In the Resource scope step, you can always click Manage on the resource tiles to change the protection scope. To remove a resource from the scope, click the Remove button.

        Note the following:

        • Protected resources will not be removed from the protection scope even after they are deleted in your Azure environments. However, replication jobs for the deleted resources will fail. You can restore the deleted resources if they were deleted accidentally. Or you can remove them from the protection scope if the deletion has been confirmed.

        • When protecting a storage account, make sure there are no more than one replication rule enabled for this storage account in your Azure environment. As the policy’s replication job will create a replication rule and a storage account cannot have more than two replication rules created in Azure.

        • Only Kubernetes clusters in running status can be replicated.

        • Replica databases created at the destination cannot be included in the protection scope as source database.

      Click Next when the resource scope configurations are completed.

    2. Set up the replication and failover target, including:

      • Target region – Select the target region.

      • Target subscription – Select the target subscription.

        *Note: PostgreSQL can only be replicated within the same Azure subscription.

      • Target resource group name – Select the target resource group name. If you cannot find the proper one, click Create at the end of the dropdown list to create a new resource group under the target subscription.

      Click Next to proceed.

    3. If you have added the following resources encrypted by Customer-managed key or Platform-managed and customer-managed keys, configure the key mappings between your source and destination keys to enable the replication and protection of these encrypted resources:

      • MySQL flexible server

      • PostgreSQL flexible server

      • Virtual machine

      • Virtual machine scale set

      In this step, select the Destination key vault and Destination key for each source key of the resources. Then, click Next to continue.

      *Note: The available keys are loaded based on the configured target region and subscription. If you cannot find the key in the selection list, check their regions, subscriptions, expiration data, and status.

    4. Configure policy settings, including:

      • Policy name and Description – Enter the name and description of this policy.

      • Webhook URL – Enter a Webhook URL to receive failover details in HTTP/HTTPS POST requests when the failover of this policy completes. For the details of the request triggered, refer to Run Failover.

        *Note: Test failovers do not trigger webhook requests.

      • Recovery point objective (RPO) – Configure the recovery point objective for this policy.

        Note the following:

        • Shorter recovery point objective (RPO) means more resources will be created in your target, resulting in a higher cost in your cloud environment. For the details on additional costs, refer to the Additional Costs section below.

        • Recovery point objectives (RPO) of Azure databases, storage accounts cannot be defined by this setting as they follow the Azure native RPO goals.

        When replicating Azure databases and storage accounts, only configurations and settings are replicated to AvePoint default storage, and the following replication jobs run based on the policy’s RPO.

        If a policy for SQL database or storage account is created, upon the first replication job, SQL database replication rule will be created in your target environment while storage account replication rule will be created in your Azure object replication page. Their following content replication will follow the RPO of Azure native replication.

        For details on the native Azure replication services, refer to for SQL databases, for storage accounts, for MySQL flexible service, and for PostgreSQL flexible server for PostgreSQL flexible server.

      • First replication time – Select the first replication time. The following scheduled replication jobs will run based on this time and your recovery point objective.

      • Retention – Only recovery points within the last 24 hours will be kept and this retention policy cannot be changed. If there are no recovery points within the last 24 hours, the latest recovery point will be kept.

      Click Next to proceed.

    5. Check your configurations overall. In the Resource scope details section, click Show all to view the detailed information of resources in the protection scope. To make any adjustments, click the corresponding step on top of this panel and edit accordingly.

  3. Click Save to complete the policy creation. Click Save and run to save the policy and run a replication job immediately. However, this job’s running time will not overwrite the configured first replication time. A job will still run at your configured time and the following replication jobs will run by configured RPO based on the configured first replication time.

Create an Amazon Web Services’ Resilience Policy

To create a resilience policy for your AWS resources, complete the following steps:

  1. On Infrastructure resilience page, click Create.

  2. In the Create infrastructure resilience policy panel, complete the following steps:

    1. Define the resource scope – Select Amazon Web Services as the service type. Infrastructure resilience policies now allow you to add EC2 instances, Elastic Beanstalk (with Docker platform), Elastic Kubernetes Services, Aurora databases, DynamoDB tables, and RDS databases, and S3 buckets to the policy’s protection scope. To define the resource scope, complete the configurations:

      • App profile – Select an app profile you have added in AvePoint Online Services. AWS resources of the app profile’s tenant will be included in this policy’s protection scope.

      • Region – Select a region in which the resources can be added to this policy’s scope. One policy can only have resources from one region.

      • Add resources to protect – Click Add resources to resilience pack. In the dropdown list, select the resource type.

        In the Add resources to resilience pack panel, select the resources to add. You can also search for specific resources by their names in the search box. After finishing selecting, click Add.

        In the Resource scope step, you can always click Manage on the resource tiles to change the protection scope. To remove a resource from the scope, click the Remove button.

        Note the following:

        • Protected resources will not be removed from the protection scope even after they are deleted in your AWS environments. However, replication jobs for the deleted resources will fail. You can restore the deleted resources if they were deleted accidentally. Or you can remove them from the protection scope if the deletion has been confirmed.

        • Only Kubernetes clusters in running status can be replicated.

        • Aurora and RDS databases with Managed in AWS Secrets Manager – most secure configuration enabled cannot be protected by policies.

        • Replica databases created at the destination cannot be included in the protection scope as the source database.

        • Only specific versions of the Aurora MySQL and Aurora PostgreSQL database engines in certain AWS Regions support Aurora Global Database. For the complete list, see .

      Click Next when the resource scope configurations are completed.

    2. Set up the replication and failover target by selecting a target region. Then click Next to proceed.

    3. Complete KMS key mapping – If the resources in your protection scope is using KMS encryption, configure the mapping of your source and destination KMS keys to ensure the protection of encrypted resources.

    4. Configure policy settings, including:

      • Policy name and Description – Enter the name and description of this policy.

      • Webhook URL – Enter a Webhook URL to receive failover details in HTTP/HTTPS POST requests when the failover of this policy completes. For the details of the request triggered, refer to Run Failover.

        *Note: Test failovers do not trigger webhook requests.

      • Recovery point objective (RPO) – Configure the recovery point objective for this policy.

        Note the following:

        • Shorter recovery point objective (RPO) means more resources will be created in your target, resulting in a higher cost in your cloud environment.

        • Recovery point objectives (RPO) of Aurora databases, RDS databases, DynamoDB tables, and S3 buckets cannot be defined by this setting as they follow Amazon's native RPO goal.

        When replicating Aurora databases, RDS databases, DynamoDB tables, and S3 buckets, only configurations and settings are replicated to AvePoint default storage and their following replication jobs run based on the policy’s RPO.

        If a policy with S3 bucket or a database is created, upon the first replication job, S3 bucket replication rule will be created in your S3 bucket while database read replica will be created in your source database. Their following content replication will follow the native S3 replication rule and built-in replication feature of the DB engine.

        • For Aurora (MySQL Compatible), you can have up to five cross-region read replicas per source cluster. To ensure the cross-region read-replica can be created, you must turn on the source Aurora MySQL DB cluster. For more details, refer to .

        For details on the native AWS services, refer to for RDS databases and for S3 bucket.

      • First replication time – Select the first replication time. The following scheduled replication jobs will run based on this time and your recovery point objective.

      • Retention – Only recovery points within the last 24 hours will be kept and this retention policy cannot be changed. If there are no recovery points within the last 24 hours, the latest recovery point will be kept.

      Click Next to proceed.

    5. Check your configurations overall. In the Resource scope details section, click Show all to view the detailed information of resources in the protection scope. To make any adjustments, click the corresponding step on top of this panel and edit accordingly.

  3. Click Save to complete the policy creation. Click Save and run to save the policy and run a replication job immediately. However, this job’s running time will not overwrite the configured first replication time. A job will still run at your configured time and the following replication jobs will run by configured RPO based on the configured first replication time.

Create a Google Cloud Policy

To create a resilience policy for your Google Cloud Platform resources, complete the following steps:

  1. On Infrastructure resilience page, click Create.

  2. In the Create infrastructure resilience policy panel, complete the following steps:

    1. Define the resource scope – Select Google Cloud as the service type. To define the resource scope, complete the configurations:

      • Service account – Select a service account profile you have added in AvePoint Online Services. Resources of the service account’s tenant will be able to be included in this policy’s protection scope.

      • Project – Select a project.

        *Note: Resources can only be replicated within the same project.

      • Add resources to protect – Click Add resources to resilience pack. In the dropdown list, select the resource type.

        In the Add resources to resilience pack panel, select the resources to add. You can also search for specific resources by their names in the search box. After finishing selecting, click Add.

        In the Resource scope step, you can always click Manage on the resource tiles to change the protection scope. To remove a resource from the scope, click the Remove button.

        Note the following:

        • Protected resources will not be removed from the protection scope even after they are deleted in your Google Cloud environments. However, replication jobs for the deleted resources will fail. You can restore the deleted resources if they were deleted accidentally. Or you can remove them from the protection scope if the deletion has been confirmed.

        • Replica databases created at the destination cannot be included in the protection scope as the source database.

      Click Next when the resource scope configurations are completed.

    2. Set up the replication and failover target by selecting a target region. Then click Next to proceed.

    3. Complete KMS key mapping – If the resources in your protection scope is using KMS encryption, configure the mapping of your source and destination KMS keys to ensure the protection of encrypted resources.

    4. Configure policy settings, including:

      • Policy name and Description – Enter the name and description of this policy.

      • Webhook URL – Enter a Webhook URL to receive failover details in HTTP/HTTPS POST requests when the failover of this policy completes. For the details of the request triggered, refer to Run Failover.

        *Note: Test failovers do not trigger webhook requests.

      • Recovery point objective (RPO) – Configure the recovery point objective for this policy.

        Note the following:

        • Shorter recovery point objective (RPO) means more resources will be created in your target, resulting in a higher cost in your cloud environment.

        • Recovery point objectives (RPO) of cloud storage and SQL instances cannot be defined by this setting as they follow Google’s native RPO goal. For details on the native Google solutions, refer to and .

        When replicating cloud storage and SQL database instances, only configuration and setting metadata are replicated to AvePoint default storage and their following replication jobs run based on the policy’s RPO.

        • For SQL instance protection, upon the first replication job, read replica will be automatically created in the source SQL instance. For more details, refer to .

        • For cloud storage protection, upon the first replication job, cross-bucket replication will be enabled with the replication destination configured in the corresponding bucket.

        • Only Kubernetes clusters in running status can be replicated.

      • First replication time – Select the first replication time. The following scheduled replication jobs will run based on this time and your recovery point objective.

      • Retention – Only recovery points within the last 24 hours will be kept and this retention policy cannot be changed. If there are no recovery points within the last 24 hours, the latest recovery point of this policy will be kept.

      Click Next to proceed.

    5. Check your configurations overall. In the Resource scope details section, click Show all to view the detailed information of resources in the protection scope. To make any adjustments, click the corresponding step on top of this panel and edit accordingly.

  3. Click Save to complete the policy creation. Click Save and run to save the policy and run a replication job immediately. However, this job’s running time will not overwrite the configured first replication time. A job will still run at your configured time and the following replication jobs will run by configured RPO based on the configured first replication time.

Additional Costs

During the replication, additional costs may be triggered if you have certain configurations in your resilience policy. Refer to the following table for the possible additional costs.

Cloud Service TypeResourceAdditional CostPricing Reference
Microsoft AzureVirtual machineSnapshotsThe cost would be higher if you configure shorter RPO in your resilience policy, causing more snapshots created.For the snapshot pricing details, refer to Managed Disks pricing.
Microsoft AzureVirtual machineData transferThe cost will increase if the data is replicated to a different region.For the data transfer pricing details, refer to Bandwidth pricing.
Microsoft AzureSQL databaseDatabase replicationThe cost would increase if the database replicated to the target has larger storage.For the database replication pricing details, refer to Azure SQL Database pricing.
Microsoft AzureStorage accountBlob versioningResilience policy will enable the blob versioning for both the source and replicated storage accounts automatically and delete versions after 7 days, which would cause additional costs.For the blob versioning pricing details, refer to Pricing and billing.
Microsoft AzureStorage accountBlob change feedResilience policy will enable the blob change feed. The change feed records will be stored in your storage account at standard blob pricing cost.For the blob change feed details, refer to How the change feed works and Azure Blob Storage pricing.
Microsoft AzureStorage accountData transferThe cost will increase if the data is replicated to a different region.For the data transfer pricing details, refer to Azure Blob Storage pricing.
Microsoft AzureKubernetes ServiceSnapshotsThe cost would be higher if you configure shorter RPO in your resilience policy, causing more snapshots created.For the snapshot pricing details, refer to Managed Disks pricing.
Microsoft AzureMy SQL flexible serviceDatabase replicationThe cost would be higher if the database replicated to the target has larger storage.For the database replication pricing details, refer to Azure Database for MySQL pricing.
Microsoft AzureMy SQL flexible serviceRead replica chargesEach read replica is charged based on the provisioned compute in vCores and storage in GB/month.For the pricing details, refer to Azure Database for MySQL - Flexible Server service tiers.
Microsoft AzurePostgreSQL flexible serverDatabase replicationThe cost would be higher if the database replicated to the target has larger storage.For the database replication pricing details, refer to Azure Database for PostgreSQL pricing.
Microsoft AzurePostgreSQL flexible serverRead replica chargesEach read replica is charged based on the provisioned compute in vCores and storage in GB/month.For the pricing details, refer to Azure Database for MySQL - Flexible Server service tiers.
Amazon Web ServicesEC2 instanceSnapshotsThe cost would be higher if you configure shorter RPO in your resilience policy, causing more snapshots created.For the snapshot pricing details, refer to Amazon EBS pricing.
Amazon Web ServicesEC2 instanceData transferThe cost will increase if the data is replicated to a different region.For the data transfer pricing details, refer to Amazon EC2 On-Demand Pricing.
Amazon Web ServicesS3 bucketData transferThe cost will increase if the data is replicated to a different region.For the data transfer pricing details, refer to Amazon S3 Pricing.
Amazon Web ServicesS3 bucketBucket versioningResilience policy will enable bucket versioning for both the source and replicated bucket, which would cause additional costs.For bucket versioning pricing details, refer to Retaining multiple versions of objects with S3 Versioning.
Amazon Web ServicesAurora and RDS databaseDatabase replicationThe cost would increase if the database replicated to the target has larger storage.For database replication pricing details, refer to Amazon RDS pricing.
Amazon Web ServicesAurora and RDS databaseData transferThe cost will increase if the data is replicated to a different region.For data transfer pricing details, refer to Cross-Region replication costs.
Amazon Web ServicesDynamoDBDatabase replicationThe cost would increase if the database replicated to the target has larger storage.
Amazon Web ServicesElastic Kubernetes ServiceSnapshotThe cost would be higher if you configure shorter RPO in your resilience policy, causing more snapshots created.For the snapshot creation pricing details, refer to Amazon EBS Snapshots.
Google CloudCloud storageData processingThe cost would be higher if the data size to transfer, store, process, and retrieve is larger.For the data processing pricing details, refer to Cloud Storage pricing.
Google CloudCloud storageStorage transfer serviceCharges are incurred when transferring, rewriting, and deleting data of Cloud Storage buckets.For the storage transfer pricing details, refer to Storage Transfer Service pricing.
Google CloudCloud storagePub/SubThroughput costs for message publishing and deliveryData transfer costs associated with throughput that crosses a Google Cloud zone or region boundaryStorage costs associated with retaining messagesFor the Pub/Sub service pricing details, refer to Pub/Sub pricing.
Google CloudKubernetes EngineSnapshotThe cost would be higher if you configure shorter RPO in your resilience policy, causing more snapshots created.For the snapshot pricing details, refer to Storage PD Snapshot SKUs.
Google CloudSQL instanceDatabase replicationThe cost would be higher if the database replicated to the target has larger storage.For the SQL instance pricing details, refer to Cloud SQL pricing.
Google CloudSQL instanceTemporary disk during replicationDuring replication, a temporary disk is created, and a full backup is taken and stored on the temporary disk. The temporary disk is deleted after the replica creation process is complete. Normal storage billing rates apply to the temporary disk.For the disk pricing details, refer to Cloud SQL pricing.
Google CloudSQL instanceData transferThe cost will increase if the data is replicated to a different region.For the cross-region replication Network Egress cost details, refer to Cloud SQL pricing.
Google CloudVM instanceSnapshotThe cost would be higher if you configure shorter RPO in your resilience policy, causing more snapshots created.For the snapshot storage pricing details, refer to Storage PD Snapshot SKUs.
Google CloudVM instanceData transferThe cost will increase if the data is replicated to a different region.For the data transfer pricing details, refer to PD Snapshot egress SKUs.