HashiConf 2025 Don't miss the live stream of HashiConf Day 2 happening now View live stream
HashiCorp Cloud Platform
HashiCorp Cloud Platform Home

Enable HCP Vault Dedicated cross region disaster recovery

Production tier feature

Cross region disaster recovery is available on HCP Vault Dedicated essential and standard tier clusters.

HCP Vault Dedicated supports disaster recovery (DR) replication to a different region without having to manually manage the setup, failover, or failback.

What is cross region disaster recovery?

Cross region disaster recovery replicates data from your primary cluster to a secondary cluster in a different region. Unlike self-managed Vault, cross-region disaster recovery is managed by the HCP platform.

Diagram explaining cross region disaster recovery replicating from the primary cluster to the disaster recovery cluster Diagram explaining cross region disaster recovery replicating from the primary cluster to the disaster recovery cluster

The primary cluster is the system of record. Data streams from the primary cluster to the secondary cluster. You can configure the primary cluster to stream data to both disaster recovery secondary clusters and performance replication clusters.

You can create a cross region DR cluster by selecting a Backup network for new, or existing essentials or plus tier clusters.

How does cross region disaster recovery work?

The HashiCorp Cloud Platform automates the creation of the secondary cluster and the replication of data from the primary cluster to the secondary cluster.

HashiCorp manages the full disaster recovery lifecycle, including:

  1. Monitoring the health of every HCP region and availability zone.

  2. Working with each cloud provider during an outage to determine if a disaster event is occurring, or if the outage is temporary.

  3. If a disaster event is occurring, HashiCorp initiates and manages a failover to the secondary cluster.

  4. The secondary cluster becomes accessible to your clients using the same address as the primary cluster. You do not need to make changes to your clients.

  5. When the cloud provider resolves the issue, HashiCorp initiates and manages a failback to the primary cluster.

Enable cross region disaster recovery

Before you begin, ensure you have a HashiCorp Virtual Network (HVN) created in the region you want to deploy the DR secondary cluster.

The HVN for the DR secondary cluster must:

  • Be in a different region than the primary HVN.
  • Use a non-overlapping CIDR block than the primary HVN.

If the HVN for the DR cluster is in the same region, or the CIDR block overlaps with the primary cluster's HVN, you will not be able to enable cross region disaster recovery.

  1. Log into the HCP Portal.

  2. Click Vault Dedicated.

  3. From the Vault overview page click Create cluster.

  4. Under Vault tier, select Essentials or Standard.

  5. Under Network, select the HVN for the primary cluster.

  6. Click the toggle switch for Backup network.

  7. Click the pull-down menu and select the HVN for the DR secondary cluster.

  8. Click Create cluster.

The HCP Platform creates the cluster and configures cross region disaster recovery between the primary and DR secondary cluster.

Test cross region disaster recovery

If you would like to test the disaster recovery process, contact HCP support to initiate a failover.

Audit log and metric monitoring during a disaster event

During the failover, the HCP Platform continues to send audit logs and metrics to the same destinations as the primary cluster. However, you must update or create DR cluster specific queries or alerts using the ID of the DR secondary cluster.

To retrieve the DR secondary cluster's ID:

  1. From the primary Vault cluster's Overview page, click the name of the Backup network in the Cluster networking pane.

  2. Click Connected clusters in the left navigation menu.

  3. Set any queries or alerts that rely on the primary cluster's ID to the Resource value of the DR secondary cluster.

Tutorial

Edit this page on GitHub