hashicorp · jonathanfrappier · Nov 14, 2025 · Nov 14, 2025 · Nov 14, 2025
@@ -0,0 +1,157 @@
+---
+page_title: Enable cross region disaster recovery
+sidebar_title: Enable cross region disaster recovery
+description: >-
+  Enable disaster recovery for your HCP Vault Dedicated cluster.
+---
+
+# Enable HCP Vault Dedicated cross region disaster recovery
+
+<Highlight title="Production tier feature">
+
+Cross region disaster recovery is available on HCP Vault Dedicated essential and
+standard tier clusters.
+
+</Highlight>
+
+HCP Vault Dedicated supports disaster recovery (DR) replication to a different region
+without having to manually manage the setup, failover, or failback.
+
+## What is cross region disaster recovery?
+
+Cross region disaster recovery replicates data from your primary cluster to a
+secondary cluster in a different region. Unlike self-managed Vault, cross-region
+disaster recovery is managed by the HCP platform.
+
+![Diagram explaining cross region disaster recovery replicating from the primary
+cluster to the disaster recovery cluster](/img/docs/vault/diagram-dr-replication-dark.png#dark-theme-only)
+![Diagram explaining cross region disaster recovery replicating from the primary
+cluster to the disaster recovery cluster](/img/docs/vault/diagram-dr-replication-light.png#light-theme-only)
+
+The primary cluster is the system of record. Data streams
+from the primary cluster to the secondary cluster. You can configure the primary
+cluster to stream data to both disaster recovery secondary clusters and [performance
+replication clusters](/hcp/docs/vault/perf-replication).
+
+You can create a cross region DR cluster by selecting a **Backup network** for
+new, or existing essentials or plus tier clusters.
+
+## How does cross region disaster recovery work?
+
+The HashiCorp Cloud Platform automates the creation of the secondary cluster and
+the replication of data from the primary cluster to the secondary cluster.
+
+HashiCorp manages the full disaster recovery lifecycle, including:
+
+1. Monitoring the health of every HCP region and availability zone.
+
+1. Working with each cloud provider during an outage to determine if a disaster
+   event is occurring, or if the outage is temporary.
+
+1. If a disaster event is occurring, HashiCorp initiates and manages a failover
+   to the secondary cluster.
+
+1. The secondary cluster becomes accessible to your clients using the same
+   address as the primary cluster. You do not need to make changes to your clients.
+
+1. When the cloud provider resolves the issue, HashiCorp initiates and manages a failback
+   to the primary cluster.
+
+## Enable cross region disaster recovery
+
+Before you begin, ensure you have a [HashiCorp Virtual Network
+(HVN)](/hcp/docs/hcp/network) created in the region you want to deploy the DR
+secondary cluster.
+
+The HVN for the DR secondary cluster must:
+
+- Be in a different region than the primary HVN.
+- Use a non-overlapping CIDR block than the primary HVN.
+
+If the HVN for the DR cluster is in the same region, or the CIDR block overlaps
+with the primary cluster's HVN, you will not be able to enable cross region
+disaster recovery.
+
+<Tabs>
+<Tab heading="New cluster">
+
+1. Log into the HCP Portal.
+
+1. Click **Vault Dedicated**.
+
+1. From the **Vault overview** page click **Create cluster**.
+
+1. Under **Vault tier**, select **Essentials** or **Standard**.
+
+1. Under **Network**, select the HVN for the primary cluster.
+
+1. Click the toggle switch for **Backup network**.
+
+1. Click the pull-down menu and select the HVN for the DR secondary cluster.
+
+1. Click **Create cluster**.
+
+The HCP Platform creates the cluster and configures cross region disaster recovery
+between the primary and DR secondary cluster.
+
+</Tab>
+<Tab heading="Existing cluster">
+
+<Warning title="Expected downtime">
+
+When you enable cross region disaster recovery for an existing cluster, the
+cluster is unavailable for approximately 10 minutes while the HCP Platform
+configures the cluster for cross region disaster recovery.
+
+</Warning>
+
+1. Log into the HCP Portal.
+
+1. Click **Vault Dedicated**.
+
+1. From the **Vault overview** page click the cluster you want to enable
+   cross region disaster recovery for.
+
+1. Click the **Manage** pull-down menu and select **Edit configuration**.
+
+1. Click the toggle switch for **Backup network**.
+
+1. Click the pull-down menu and select the HVN for the DR secondary cluster.
+
+1. Click **Next**.
+
+1. Review the changes and click **Apply changes**.
+
+The HCP Platform creates the cluster and configures cross region disaster recovery
+between the primary and DR secondary cluster.
+
+</Tab>
+</Tabs>
+
+## Test cross region disaster recovery
+
+If you would like to test the disaster recovery process, [contact HCP
+support](https://support.hashicorp.com/hc/en-us/requests/new) to initiate a
+failover.
+
+## Audit log and metric monitoring during a disaster event
+
+During the failover, the HCP Platform continues to send audit
+logs and metrics to the same destinations as the primary cluster. However, you
+must update or create DR cluster specific queries or alerts using the ID of the
+DR secondary cluster.
+
+To retrieve the DR secondary cluster's ID:
+
+1. From the primary Vault cluster's **Overview** page, click the name of the **Backup
+   network** in the **Cluster networking** pane.
+
+1. Click **Connected clusters** in the left navigation menu.
+
+1. Set any queries or alerts that rely on the primary cluster's ID to the
+   **Resource** value of the DR secondary cluster.
+
+## Tutorial
+
+- [Get started with HCP Vault Dedicated](/vault/tutorials/get-started-hcp-vault-dedicated)
+- [Well-Architected Framework - Disaster recovery](/well-architected-framework/design-resilient-systems/principles/disaster-recovery)
@@ -597,6 +597,10 @@
         "title": "Configure private DNS forwarding<sup>Beta</sup>",
         "path": "vault/private-dns"
       },
+      {
+        "title": "Enable cross region disaster recovery",
+        "path": "vault/cross-region-disaster-recovery"
+      },
       {
         "title": "Enable performance replication",
         "path": "vault/perf-replication"