# AWS DRS individual replication settings
<a name="individual-replication-settings"></a>

 AWS Elastic Disaster Recovery attempts to reduce costs by consolidating the replication of as many source servers as possible onto the same Replication Server based on the individual Source Server **Replication Settings**. Source Servers must have identical **Replication Settings** to be considered for consolidation, and must not have [Use dedicated replication instance](#dedicated-replication-server) enabled. For example, DRS does not consolidate Source Servers that have a different **Staging area subnet** specified in their **Replication Settings**. To reduce EC2 usage, we recommend having as many as possible Source Servers have identical **Replication Settings** to one another. 

 Modifying the **Replication Settings** of an existing Source Server can impact existing replication, depending on the settings configured. Additionally, most **Replication Settings** options can be modified in bulk for multiple Source Servers through the AWS Elastic Disaster Recovery Console: 


| Replication Setting | Impact | Bulk Editing | 
| --- | --- | --- | 
|  Staging area subnet  |  Small pause while reconnecting Source Server to new Replicator.  |  Supported  | 
|  Replication server instance type  |  Small pause while reconnecting Source Server to new Replicator.  |  Supported  | 
|  Dedicated instance for replication server  |  Small pause while reconnecting Source Server to new Replicator.  |  Supported  | 
|  EBS encryption  |  Full Sync may be required.  |  Supported  | 
|  Data Routing (Private IP)  |  No impact.  |  Supported  | 
|  IP Version  |  Small pause while reconnecting Source Server to new Replicator.  |  Supported  | 
|  Network Bandwidth Throttling  |  No impact.  |  Supported  | 
|  Point in time (PIT) policy  |  Replication server is disconnected as a safety measure. This ensures proper handling of retention policy changes that might affect replication state.  |  Supported  | 
|  MAP program tagging  |  No impact.  |  Supported  | 
|  Tags  |  No impact.  |  Supported  | 

## Replication server configuration
<a name="replication-server-settings"></a>

 Replication Servers are AWS EC2 Instances automatically launched by AWS Elastic Disaster Recovery to support Continuous Data Replication from Source Servers. 

### Staging area subnet
<a name="replication-server-subnet"></a>

The **Staging area subnet** setting defines which VPC Subnet that the Replication Server for a Source Server uses. A Source Server must be able to successfully initialize connections to the subnet configured within its **Staging area subnet** setting. The best practice is to create a single dedicated, separate subnet for recovery in your AWS Account. Learn more about creating subnets in [this AWS VPC article](https://docs.aws.amazon.com/vpc/latest/userguide/working-with-vpcs.html). Unless [Use private ip](https://docs.aws.amazon.com/) is enabled and valid routing within the VPC exists, Replication Servers must be in a [Public subnet](https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html#subnet-types). By default, a Replication Server assigns itself a [Public IPv4](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html#concepts-public-addresses) without any additional configuration needed. 

------
#### [ DRS Console ]

**Updating the Staging area subnet**

1.  Navigate to the AWS Elastic Disaster Recovery Console. In the left navigation pane, select **Source Servers**. 

1.  Select one or more source servers, then select **Replication**. 

1.  Select **Edit replication settings**. 

1.  Navigate to **Replication server configuration**, then select the drop down box under **Staging area subnet**. 

1.  Select a new VPC Subnet from the drop down box. 

1.  Save settings by selecting **Save replication settings**. 

------
#### [ Command Line ]

**Updating the Staging area subnet**
+  Updating the Staging area subnet via command line 
  +  [describe-recovery-instances](https://docs.aws.amazon.com/cli/latest/reference/drs/describe-recovery-instances.html) (AWS CLI) 

    ```
    aws drs describe-recovery-instances --source-server-id s-123456789abcdefgh --staging-area-subnet-id subnet-123456789abcd 
    ```
  +  [Update-EDRSReplicationConfiguration](https://docs.aws.amazon.com/powershell/latest/reference/items/Update-EDRSReplicationConfiguration.html) (DRS Tools for Windows PowerShell) 

    ```
    Update-EDRSReplicationConfiguration -SourceServerID s-123456789abcdefgh -StagingAreaSubnetId subnet-123456789abcd 
    ```

------

### Replication server instance type
<a name="instance-type"></a>

 The **Replication server instance type** determines the EC2 Instance type and size that is used for the launch of a source server's replication server. DRS Replicators only support EC2 Instances with x86\$164 CPU architecture. 

 By default, AWS Elastic Disaster Recovery utilizes the t3.small instance type, and should work well for most common workloads. We recommend monitoring the Cloudwatch metrics of a replication server, if your Source Server is experiencing frequent Lag or Backlog. Metrics to monitor include EBSWriteBytes or EBSWriteOps, which may indicate the **Replication server instance type** is improperly sized to protect your source server. 

 AWS Elastic Disaster Recovery supports replicating Source Servers with up to 60 volumes, however the **Replication server instance type** must also support an equal or greater number of EBS Volume attachments. We recommend reviewing the [ Dedicated Amazon EBS volume limit Documentation](https://docs.aws.amazon.com//AWSEC2/latest/UserGuide/volume_limits.html#dedicated-limit) to ensure an appropriately sized EC2 Instance Type is selected. 

------
#### [ DRS Console ]

**Updating the Replication server instance type**

1.  Navigate to the AWS Elastic Disaster Recovery Console. In the left navigation pane, select **Source Servers**. 

1.  Select one or more source servers, then select **Replication**. 

1.  Select **Edit replication settings**. 

1.  Navigate to **Replication server configuration**, then select the drop down box under **Dedicated instance for replication server**. 

1.  Select **Replication server instance** from the drop down box. 

1.  Save settings by selecting **Save replication settings**. 

------
#### [ Command Line ]

**Modifying Dedicated instance for replication server**
+  Updating the Replication server instance type via command line 
  +  [update-replication-configuration](https://docs.aws.amazon.com/cli/latest/reference/drs/update-replication-configuration.html) (AWS CLI) 

    ```
    aws drs update-replication-configuration --source-server-id s-123456789abcdefgh --replication-server-instance-type m5.large 
    ```
  +  [Update-EDRSReplicationConfiguration](https://docs.aws.amazon.com/powershell/latest/reference/items/Update-EDRSReplicationConfiguration.html) (DRS Tools for Windows PowerShell) 

    ```
    Update-EDRSReplicationConfiguration -SourceServerID s-123456789abcdefgh -ReplicationServerInstanceType  m5.large 
    ```

------

### Dedicated instance for replication server
<a name="dedicated-replication-server"></a>

The **Dedicated instance for replication server** setting specifies whether or not the Source Server can use a Replication Server shared with other Source Servers. By default, AWS Elastic Disaster Recovery attempts to consolidate as many Source Servers as possible onto a single Replication Server, based on a variety of factors. Setting **Dedicated instance for replication server** to **use dedicated replication instance** ensures that only this Source Server replicates data to the Replication Server. 

We recommend leaving **Dedicated instance for replication server** as **do not use dedicated replication instance** unless the Source Server is experiencing frequent Lag or Backlog due to sharing a Replication Server with other Source Servers. Using a dedicated replication server may increase EC2 costs associated with protecting a Source Server. 

------
#### [ DRS Console ]

**Enabling Dedicated instance for replication server**

1.  Navigate to the AWS Elastic Disaster Recovery Console. In the left navigation pane, select **Source Servers**. 

1.  Select one or more source servers, then select **Replication**. 

1.  Select **Edit replication settings**. 

1.  Navigate to **Replication server configuration**, then select the drop down box under **Dedicated instance for replication server**. 

1.  Select **use dedicated replication instance** from the drop down box. 

1.  Save settings by selecting **Save replication settings**. 

------
#### [ Command Line ]

**Modifying Dedicated instance for replication server**

1.  Enabling Dedicated instance for replication server via command line 
   +  [update-replication-configuration](https://docs.aws.amazon.com/cli/latest/reference/drs/update-replication-configuration.html) (AWS CLI) 

     ```
     aws drs update-replication-configuration --source-server-id s-123456789abcdefgh --use-dedicated-replication-server
     ```
   +  [Update-EDRSReplicationConfiguration](https://docs.aws.amazon.com/powershell/latest/reference/items/Update-EDRSReplicationConfiguration.html) (DRS Tools for Windows PowerShell) 

     ```
     Update-EDRSReplicationConfiguration -SourceServerID s-123456789abcdefgh -UseDedicatedReplicationServer $true 
     ```

1.  Disabling Dedicated instance for replication server via commandline 
   +  [update-replication-configuration](https://docs.aws.amazon.com/cli/latest/reference/drs/update-replication-configuration.html) (AWS CLI) 

     ```
     aws drs update-replication-configuration --source-server-id s-123456789abcdefgh --no-use-dedicated-replication-server
     ```
   +  [Update-EDRSReplicationConfiguration](https://docs.aws.amazon.com/powershell/latest/reference/items/Update-EDRSReplicationConfiguration.html) (DRS Tools for Windows PowerShell) 

     ```
     Update-EDRSReplicationConfiguration -SourceServerID s-123456789abcdefgh -UseDedicatedReplicationServer $false 
     ```

------

# Amazon EBS volumes
<a name="volumes-drs"></a>

Set the default Amazon EBS volume type used by the replication servers, whether to use Amazon EBS encryption, and whether to automatically replicate newly added disks. 

## Amazon EBS volume type
<a name="ebs-volume"></a>

Each disk has minimum and maximum sizes and varying performance metrics and pricing. Learn more about Amazon EBS volume types in [this Amazon EBS article](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html). The best practice is to not change the default **Auto volume type selection** volume type, unless there is a business need for doing so. 

Choose the default **Amazon EBS volume type** to be used by the replication servers for large disks: 
+ With **Auto volume type selection** the service dynamically switches between performance/cost optimized volume type according to the replicated disk write throughput. 
**Note**  
This option only affects disks over 125 GiB (by default, smaller disks always use Magnetic HDD volumes). 
+ The default **Lower cost, Throughput Optimized HDD (st1)** option utilizes slower, less expensive disks. 

  You may want to use this option if:
  + You want to keep costs low
  + Your large disks do not change frequently
  + You are not concerned with how long the Initial Sync process takes
+ The **Faster, General Purpose SSD (gp2)** and Faster, **General Purpose SSD (gp3)** options utilize faster, but more expensive disks. 

  You may want to use this option if:
  + Your source server has disks with a high write rate or if you want faster performance in general 
  + You want to speed up the initial sync process
  + You are willing to pay more for speed

**Note**  
You can customize the Amazon EBS volume type used by each disk within each source server in that source server's settings. [Learn more about changing individual source server volume types](disk-settings.md). 

## Amazon EBS encryption
<a name="ebs-encryption"></a>

Choose your encryption approach: 
+ When you choose **Default**, the default key is used. This can be an EBS-managed key or a customer-managed key. This option encrypts your replicated data at rest on the staging area subnet disks and the replicated disks.
+ Choose **Custom** and then enter the ARN or key ID of a customer-managed key from your account or another AWS account in the **EBS encryption key** field. Enter the key, such as a cross-account KMS key, in standard key ID format. For example, KMS key format is `1234abcd-12ab-34cd-56ef-1234567890ab`. This option encrypts your replicated data at rest on the staging area subnet disks and the replicated disks.
+ Choose **Create an AWS KMS key** to be redirected to the Key Management Service (KMS) Console where you can create a new key to use. 

Learn more about EBS Volume Encryption in [Amazon EBS encryption](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html). 

**Important**  
Changing the encryption option after data replication has started causes data replication to start from the beginning. 

## Automatic replication of new disks
<a name="auto-replicate"></a>

AWS Elastic Disaster Recovery (AWS DRS) allows you to automatically replicate newly added disks. When you add new disks to your source environment, AWS DRS initiates data replication to the staging area subnet in your AWS account.

Automating replication of new disks assists you in maintaining continuous data replication, saves time and resources, and reduces the risk of data loss in the event of a disruption.

This feature is activated automatically for newly added servers.

To deactivate or reactivate this feature for newly added servers:
+ Under **Settings** on the left-hand navigation menu, choose **Default replication settings**.
+ Select **Edit**.
+ Under **Volumes**, uncheck the **Automatically replicate new disks** checkbox.

To activate or deactivate or reactivate this feature for a specific server:
+ Go to the replication settings.
+ Select **Edit**.
+ Under **Volumes**, uncheck the **Automatically replicate new disks** checkbox.

**Note**  
This feature is only supported for new agent versions (version 4.6 or higher). For older versions, you must reinstall your agent to activate automatic replication of new disks.
Auto replication of new disks is not supported with --force-volumes.
It might take up to 10 minutes for new disks to start replicating.
New disks are only replicated once the feature is activated and are not replicated retroactively.

# Elastic Disaster Recovery security groups
<a name="drs-security-group"></a>

A security group acts as a virtual firewall, which controls the inbound and outbound traffic of the staging area. We recommend that you have AWS Elastic Disaster Recovery automatically attach and monitor the default Elastic Disaster Recovery security group. This group opens inbound TCP Port 1500 for receiving the transferred replicated data. When you use the default Elastic Disaster Recovery security group, Elastic Disaster Recovery constantly monitors whether the rules within this security group are enforced, in order to maintain uninterrupted data replication. If these rules are altered, Elastic Disaster Recovery automatically fixes the issue. Choose:
+ Recommended - Select **Always use AWS Elastic Disaster Recovery security group** to allow data to flow from your source servers to the replication servers, and so that the replication servers can communicate their state to the AWS Elastic Disaster Recovery servers.
+ Not recommended - Deselect **Always use AWS Elastic Disaster Recovery security group** option. Then, select the drop-down menu to choose from the list of available security groups. The list of available security groups changes according to the **Staging area subnet** that you selected.
  + To search for a specific security group, use the search box.
  + If you add security groups via the AWS Console, they appear on the Security group drop-down list in the AWS Elastic Disaster Recovery Console. Learn more about AWS security groups in [this VPC article](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html).
  + Any security group that you select is added to the default AWS Elastic Disaster Recovery group, because the default security group is essential for the operation of AWS Elastic Disaster Recovery. 

# Data routing and throttling
<a name="data-routing"></a>

AWS Elastic Disaster Recovery lets you control how data is routed from your source servers to the replication servers on AWS through the **Data routing and throttling** settings. By default, data is sent from the source servers to the replication servers over the public internet, using the public IPv4 address that was automatically assigned to the replication servers. Transferred data is always encrypted in transit. Choose **Use private IP for data replication...** if you want to route the replicated data from your source servers to the staging area subnet through a private network with a VPN, AWS Direct Connect, VPC peering, or another type of existing private connection. Data replication does not work unless you have already set up the VPN, AWS Direct Connect, or VPC peering in the AWS Console. Use this option if you want to:
+ Allocate a dedicated bandwidth for replication;
+ Use another level of encryption;
+ Add another layer of security by transferring the replicated data from one private IP address (source) to another private IP address (on AWS). 

**Note**  
If you selected the Default subnet, it is unlikely that the Private IP is used for that Subnet. Ensure that Private IP (VPN, AWS Direct Connect, or VPC peering) is used for your chosen subnet if you use this option. 
You can safely select and deselect **Use private IP for data replication....** even after data replication has begun. This switch causes a short pause in replication, and does not have long-term effects on the replication.
Choosing the **Use Private IP for data replication...** option does not create a new private connection. 
When you select the **Use private IP** option, you choose to **Create public IP**. Public IPs are used by default. 

## IP version
<a name="ip-version"></a>

The **IP version** setting controls the Internet Protocol version that AWS Elastic Disaster Recovery uses for data replication and for communication between your source servers and the staging area. You can choose between **IPv4** (default) and **IPv6**.

When you select **IPv6**, the following changes apply:
+ Data replication from the AWS Replication Agent to the replication server uses IPv6.
+ The replication server receives an IPv6 address and does not receive a public IPv4 address.
+ Communication during drills and recoveries uses IPv6.

**Important**  
Before you select **IPv6**, verify the following prerequisites:  
Your staging area subnet must have an IPv6 CIDR block.
Your replication server instance type must support IPv6.
There is no automatic fallback to IPv4 for data replication. If IPv6 connectivity between your source servers and the replication servers is unavailable, data replication fails.

**Note**  
When you select **IPv6**, other IP-related options (such as **Use private IP** and **Create public IP**) are hidden in the console. Your prior IPv4 configurations are preserved and take effect if you switch back to **IPv4**.

**Note**  
The **IP version** setting does not affect recovery instance networking. Recovery instances use the networking configuration defined in your launch settings.

**Note**  
If you use the Failback Client for failback to on-premises infrastructure, the Failback Client currently supports IPv4 only. In-AWS failback uses the configured IP version.

The **IP version** setting is separate from the `--dualstack` installer parameter. The `--dualstack` parameter controls which API endpoints the agent uses to communicate with AWS services, and does not change the IP version used for data replication. For more information, see [AWS Replication Agent Installer parameters](installer-parameters.md).

## Throttle network bandwidth
<a name="route-control"></a>

You can control the amount of network bandwidth used for data replication per server. By default, AWS Elastic Disaster Recovery uses all available network bandwidth over five concurrent connections. 

Choose **Throttle network bandwidth... ** to control the transfer rate of data sent from your source servers to the replication servers over TCP Port 1500. Enter the bandwidth in Mbps in the bandwidth field 

# Point in time (PIT) policy
<a name="point-in-time"></a>

AWS Elastic Disaster Recovery allows you to select the number of days for which point in time snapshots are retained through the **Point in time (PIT) policy** field. 

You can select to save PIT snapshots for 1 to 365 days. Saving PIT snapshots for more days allows you more recovery options, but also results in increased costs. [Learn more about Point in time.](CloudEndure-Concepts.md#point-in-time-faq) 

**Important**  
The PIT policy must contain exactly three rules: one for MINUTE, one for HOUR, and one for DAY. The snapshot frequency intervals and retention durations for the MINUTE rule (`interval=10`, `retentionDuration=60`) and HOUR rule (`interval=1`, `retentionDuration=24`) are fixed and cannot be modified. Only the DAY rule's `retentionDuration` is configurable, with a value from 1 to 365 days.

------
#### [ DRS Console ]

**Adjusting PIT Retention Rate**

1.  Navigate to the AWS Elastic Disaster Recovery Console. In the left navigation pane, select **Source Servers** 

1.  Select one or more source servers, then select **Replication**. 

1.  Select **Edit replication settings**. 

1.  Navigate to **Point in time (PIT) policy**. 

1.  Enter a new Integer from 1 to 365 in **Snapshot retention (in days)**. 

1.  Select **Save replication settings**. 

------
#### [ Command Line ]

**Adjusting PIT Retention Rate**
+  [update-replication-configuration](https://docs.aws.amazon.com/cli/latest/reference/drs/update-replication-configuration.html) (AWS CLI) 

  ```
  aws drs update-replication-configuration --source-server-id s-123456789abcdefgh --pit-policy enabled=true,interval=10,retentionDuration=60,ruleID=1,units="MINUTE" enabled=true,interval=1,retentionDuration=24,ruleID=2,units="HOUR" enabled=true,interval=1,retentionDuration=14,ruleID=3,units="DAY" 
  ```

------

# Elastic Disaster Recovery tags
<a name="replication-tags"></a>

Add custom **tags** to resources created by AWS Elastic Disaster Recovery in your AWS account. You can add up to 50 tags. 

These are resources required to facilitate data replication, drilling and recovery. Each tag consists of a key and an optional value. You can add a custom tag to all of the AWS resources that are created on your AWS account during the normal operation of AWS Elastic Disaster Recovery. 

To add new tags:

1.  Choose **Add new tag**. 

1.  Enter a **custom tag key** and an optional tag value. 

**Note**  
AWS Elastic Disaster Recovery already adds tags to every resource it creates, including service tags and user tags.   
These resources include:  
Amazon EC2 instances
Amazon EC2 launch templates
Amazon EBS volumes
Snapshots

Learn more about AWS tags in [Tag your Amazon EC2 resources.](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) 

# MAP program tagging
<a name="map-program-tagging"></a>

 The AWS Migration Acceleration Program (MAP) provides tools that are designed to reduce costs, boost productivity, improve operational resilience and increase business agility.

 The DRS MAP program tagging is a feature that allows you to apply MAP program tags to your source servers and replication resources in order to offset the ongoing cost of protecting your servers.

[Learn more about the AWS Migration Acceleration Program (MAP)](https://aws.amazon.com/migration-acceleration-program).

Select **Add MAP tag to Launched Instances option**, if you want Application Migration Service to automatically tag your launched instances with the tag key and value combination required for the MAP program. Then, specify the MAP tag value that is used in your MAP tagging. Application Migration Service automatically tags your migrated resources with the key: “map-migrated”, and the value of the tag that you provided. For more details about the tag value that should be used here, please refer to the MAP tagging guide provided in your MAP term.

You can choose to add tags to:
+ One or more existing source servers and replication resources
+ All newly added source servers and replication resources

## Adding tags to existing source servers and replication sources
<a name="map-program-tagging-existing"></a>

To add tags to one or more existing source servers and replication sources:
+ Select the relevant source servers.
+ Select **Edit replication settings** from the replication drop-down menu 
+ Check the box to the left of **Add MAP tag to the source servers and replication resources**.
+ Specify the MAP tag value that is used in your MAP tagging.

DRS automatically tags your source servers and replication resources with the tag key "map-migrated” and the value of the tag that you provide.

## Adding tags to newly added source servers and replication sources
<a name="map-program-tagging-newly-added"></a>

To add tags to all newly added source servers and replication sources:
+ Select **Settings** from the left-hand menu.
+ Select **Edit ** to change the default replication settings.
+ Check the box to the left of **Add MAP tag to the source servers and replication resources** option.
+ Specify the MAP tag value that is used in your MAP tagging.
+ Select **Save changes**.

AWS Elastic Disaster Recovery automatically tags every newly-added source server and replication resources with the tag key “map-migrated” and the value of the tag that you provide.

For more details about the tag value that should be used here, please refer to the MAP tagging guide provided in your MAP term.