Can someone please describe the replication and disaster recovery features that come with the Enterprise version of Vault? We are planning to have the OSS version deployed on an on-prem Kubernetes, and are wondering what these two features offer to see what we are missing.
Thanks in advance
Enrique
Hi Enrique,
Performance replication shares most of the data between clusters, except for local mounts, tokens, and leases. A performance replication secondary cluster can handle requests and can serve read operations locally, but forwards any operations that modifies data to the primary cluster. You can think of performance replication as a way to horizontally scale your Vault infrastructure.
Disaster recovery replication, as the name implies, is mainly used for disaster recovery scenarios, and replicates all data including token, leases, and local mounts. This is helpful in catastrophic failure scenarios where a primary cluster becomes unavailable. A DR secondary cluster can be promoted as the new primary and continue serving requests with little downtime. However, unlike performance replication secondary clusters, DR secondary clusters are unable to serve requests until they get promoted as the primary.
This page goes into more detail and comparison between the two forms of replication: https://www.vaultproject.io/docs/enterprise/replication/index.html#performance-replication-and-disaster-recovery-dr-replication
Thanks! Do you happen to know whether you can achieve horizontal scalling by deploying several instances of Vault with the same backend on Kubernetes?
Thanks again
Enrique
Hi @enrique-cano!
I recommend to have a look at https://www.vaultproject.io/docs/internals/high-availability.html#design-overview
If you deploy multiple Vault instances on Kubernetes with the same storage backend, only one instance will be active and and that instance will handle all incoming requests. All other nodes are hot standbys which do accept requests from clients but will simply forward them to the active node.
Cheers,
Michel