VMware Cloud Expert

VMware Cloud Expert  /   /  Day 4

Lab 09 - DRaaS with VMware Cloud Disaster Recovery

Updated on

Introduction

VMware Cloud Disaster Recovery is an on-demand disaster recovery service that provides an easy-to-use Software-as-a-Service (SaaS) solution, and offers cloud economics to keep your disaster recovery costs under control.

You can use VMware Cloud Disaster Recovery to protect your vSphere virtual machines (VMs) by replicating them to the cloud, and recovering them as needed to a target VMware Cloud Software Defined Data Center (SDDC) on VMware Cloud on AWS. You can create the target "recovery" SDDC immediately prior to performing a recovery, and it does not need to be provisioned to support replications in the steady state.

Using VMware Cloud Disaster Recovery you can protect your On-premises and/or VMC on AWS SDDCs and recover  them into the cloud.

VMware Cloud Disaster Recovery lets you deploy a recovery SDDC in VMware Cloud on AWS (or add an existing SDDC) to use for recovery and testing of your DR plans. You can add hosts, clusters, new networks, request public IP addresses, configure NAT rules, and also delete the recovery SDDC. In the event of a disaster or planned recovery operation, you can recover VMs from your protected site to your recovery SDDC.

TASKS

Task 1 - Connect an Existing SDDC to VCDR

VMware Cloud Disaster Recovery leverages the VMware Cloud on AWS Recovery Software Defined Data Center ("SDDC") as a disaster recovery site, which you can use if disaster strikes (or for testing) and you need to fail over your protected vCenter to the cloud. A new SDDC can be created from the VCDR Console for this purpose or you can Import an existing SDDC.

When you add an SDDC a cloud file system is attached to it, and both the SDDC and cloud file system must be in the same AWS availability zone (AZ). If no cloud file systems are available, then you can deploy a cloud file system.

NOTE: Because we are using a shared environment, this step has already been completed for you. You are provided as a recorded video for this step instead.

To access the video for this task select the link below
https://www.screencast.com/t/a7JqsOiw3

Task 2 - Add and configure a Protected Site

The VMware Cloud Disaster Recovery DRaaS Connector is a stateless software appliance that enables replicating VM snapshot deltas from "protected" vSphere sites (on-premises or VMware Cloud on AWS) to cloud backup sites, and back, driven by policies you set in protection groups.

You install the DRaaS Connector as a virtual machine into an on-premises vSphere environment or on a VMware Cloud on AWS SDDC (one connector per-vCenter), transforming your vSphere into a "protected site". A VMware Cloud Disaster Recovery protected site encompasses vCenters, protection groups, and DR plans.

Once you configure the protected vSphere site, you can create policies in protection groups that replicate snapshots to a cloud file system. You can then use available snapshots from the cloud file system to recover protected VMs into your Recovery SDDC in VMware Cloud on AWS. Once the protected site is available again, you can initiate failback.

NOTE: Because we are using a shared environment, this step has already been completed for you. You are provided as a recorded video for this step instead.

To access the video for this task select the link below
https://www.screencast.com/t/ssNcAU0fatmR

Task 3 - Review the Environment

In these sub-tasks we will review the Cloud Services console, the VMC on AWS SDDC environment and the On-Prem.

Task 3.1 - Review VCDR settings

  1. From the Horizon VDI Desktop, log into the VMC on AWS Cloud Console.
    Go to https://vmc.vmware.com
  2. Login in as
    • vmcexpert#-XX@vmware-hol.com
    • VMware1!
  3. In the upper right-hand corner of the Cloud Console, Click the Drop-down next to your account
  4. Click the Drop-down next to Change organization and select Your VCDR Org (VMCEXPERT2-VCDR##)
  1. Under My Services Click the VMware Cloud DR Tile, to review the VCDR settings
  2. In the Main Menu Click Sites
  3. Click Cloud File System to Review the Cloud File System that will be used for storing the Protected Virtual Machine Images
  4. Click Protected Sites to review your Protected Datacenter. You will notice two connector appliances have been deployed to the Protected DC and are in a healthy state.
    You'll also notice that the On-Premises vCenter has been added.
  5. Click Recovery SDDC, to review the recovery SDDC and its settings
  6. Take note of the following items, we will confirm them when we access the SDDC in the next task:
    • SDDC ID
    • Number of Cluster & Hosts
    • Networks
    • Firewall Rules

Task 3.2 - Review Recovery SDDC Settings

  1. From the Horizon VDI Desktop, open a new Browser tab.
    Click the VMware Cloud SDDC Chrome Bookmark
  2. If prompted, login in as
    • vmcexpert#-XX@vmware-hol.com
    • VMware1!
  3. In the upper right-hand corner of the Cloud Console, Click the Drop-down next to your account
  4. Click the Drop-down next to Change organization and select Your VCDR Org (VMCEXPERT2-VCDR##)
  5. Click View Details on the VCDR SDDC Tile
  6. On the Summary tab confirm the number of Clusters, Hosts you captured in the previous task
  7. On the Support Tab confirm the SDDC ID you captured in the previous task
  8. Click the Networking & Security tab
  9. Click Segments to confirm the Segments recorded form the previous task
  10. Click Gateway Firewall. Review both the Compute Gateway and Management Gateway Firewall rules

You'll notice, the Compute Gateway has rules allowing the Cloud Proxy Appliance access to the Scale-Out File System and Vice-Versa

On the Management Gateway You'll notice the VCDR Cloud resources are granted access to vCenter

While in the Gateway firewall, let's create appropriate firewall rules to allows access to the recovery SDDC vCenter. We will perform these steps so as to review the vCenter Inventory.

  1. Click the Networking & Security tab
  2. Click Groups 
  3. Click Management Groups 
  4. Click View Members next to On-Prem Mgmt-Net to confirm that the Public IP of your VDI (On-Premises Environment) is included
  5. Click IP Addresses
  6. Click CLOSE

NOTE: If your public IP (66.216.10.x) is not in the range(s). Please notify your instructor.

Your Public IP should be available in your Lab input workbook or you can go to http://www.whatismyip.com from the VDI desktop to discover the Public IP Address

  1. Click Gateway Firewall 
  2. Click Management Gateway
  3. Review the On-Prem to vCenter Inbound rule and confirm the following
    • Source: On-Prem Mgmt-Net (Mouse over the source field and click the pencil
    • Destination: vCenter
    • Services: HTTPS, SSO
  1. Click the Settings Tab
  2. Expand the Default vCenter User and vSphere Client (HTML5) sections
  3. Take note of and copy the values for:
    • Username
    • Password
    • vSphere Client URL
  4. In a new browser tab from within the VDI Desktop paste in the vCenter URL and login using the information you saved from the previous step
  1. Expand the vCenter Inventory and you'll notice a VM Named CloudDR-Proxy. Take note of the IP address of the Cloud Proxy. You'll notice its with the  Subnet defined in the Gateway firewall rule for the CloudDR-ProxyNetworkPrefixes Group
  2. Switch to the Datastores View
  3. You'll notice an NFS Datastore names ds01
    VCDR Mounts recovered VMs from this datastore.
Task 4 - Create a Protection Group

Protection groups allows you to create regularly scheduled snapshots of your VMs which replicate to a VMware Cloud Disaster Recovery cloud file system.

A protection group consists of:

  • Site selection (on-premises or SDDC)
  • Members (VMs)
  • Policies for snapshots (schedule, retention)
  • Cloud file system (SCFS)

Protection groups can then be added to a DR plan, which ensures that if a failure occurs, you can orchestrate recovery to a new site using selected snapshots of your VMs to re-instantiate the source vCenter site.

The members of a single protection group must share the same vCenter. In other words, you cannot create a protection group that contains VMs from two different vCenters.

 

  1. From the VDI desktop access your VMware Cloud DR Browser tab. If you previously closed the tab or if your session timed out please see Task 3.1, steps 1-4
  2. In the VMware Cloud Disaster Recovery UI, click the Protection groups tab
  3. Click Create protection group, in the upper right side
  4. Configure the protection group as follows:
    • Name: VMCEXPERT#-XX_PG (Where # is your Environment Id and XX is your student number)
    • Protected Site: <Leave default>
    • vCenter: <Leave default>
    • Group Membership
      • VM name pattern
        • VM name pattern: *XX (where XX is your student number. i.e. *31)
  5. Click Preview VMs to identify your Virtual Machine
  6. Click OK
  7. Click Next
  1. Set  the following values for the Protection schedule:
    • Take Snapshot: Daily
    • At: <The next hour from now>  If it's currently 11:25 AM, choose Noon.
    • Keep snapshots for: <Leave default>
    • Click New Schedule if you'd like to add an additional schedule
  2. Click Finish

Once the protection group appears in the Protection groups list, you can add it to a DR Plan for testing and execution.

Instead of waiting to the schedule we defined we will take a manual snapshot

  1. Click the hamburger menu (3 dashes) to the right of your protection group
  2. Click Take Snapshot
  3. For retention, select For 1 Day
  4. Click Take Snapshot
  1. Monitor the Snapshot in the Running Tasks pane to the right of the UI.
    This could take as much as 15 mins depending on the number of concurrent snapshots happening
  2. One the Snapshot process has completed, double-click <your protection group> to view the snapshot
Task 5 - Create a DR Plan

A DR Plan defines the orchestration configuration for disaster recovery and workload mobility.

Plans run either for recovery as an actual DR plan operation, or they run as a test recovery, which performs all of the plan’s recovery operations in a test site for validation.

Execution pacing is configurable. When a plan runs, a running instance of the plan launches and typically continues executing its recovery steps to completion. A recovery or test plan can also continue to specific points in the process and wait for user input, or it can stop and wait for a specified time limit, and then continue until the next stop or to completion. You can also add pre or post-scripting to a VM’s recovery step.

VMware Cloud Disaster Recovery performs a set of continuous compliance checks for all active plans and resources, and it reports on environmental changes, such as vSphere misconfigurations or network outages. Compliance Checks detect any compromised plan integrity at the time of misconfiguration or equipment failure. Compliance checks give the user an opportunity to address issues and restore the plan's integrity before disaster occurs. For developing and retaining the skill set of related DR activities, you should still perform periodic full DR exercises with the staff involved.

VMware Cloud Disaster Recovery can maintain multiple plans of different types, and multiple plans can be in various stages of execution at any given time, even concurrently.

  1. From the VDI desktop access your VMware Cloud DR Browser tab. If you previously closed the tab or if your session timed out please see Task 3.1, steps 1-4
  2. In the VMware Cloud Disaster Recovery UI, click the DR Plans tab
  3. Click Create plan
  4. In the Create Plan dialog, configure the Plan as follows:
    • Plan Name: VMCEXPERT#-XX_DR_Plan  (Where # is your Environment Id and XX is your student number)
    • Description: <Leave default>
    • Recovery Site: Existing recovery SDDC
    • Protected Site: <Leave default>
    • vCenter: <Leave default>
    • Groups: <Choose_your_protection_group> i.e. VMCEXPERT2-31_PG
    • vCenter Failover mapping: <Leave default>
    • vCenter Folder Mapping: Select Map Folder button
      • In the Source (On-Premises) vCenter Select vAppXX (where XX is your student number)
      • In the SDDC vCenter Select Workloads
      • Click Add
      • Click Ok
  1. Click Next, and continue configuring your Plan
    • Compute Resources Failover mapping Click Map Compute Resources button
      • In the Source (On-Premises) vCenter Select Cluster01
      • In the SDDC vCenter Select Compute-ResourcePool
      • Click Add
      • Click Ok
  1. Click Next, and continue configuring your Plan
    • Virtual Network Failover mapping Click Map Virtual Network button
      • In the Source (On-Premises) vCenter Select <vDS-Production-vAppXX> (where XX is your student number)
      • In the SDDC vCenter Select sddc-cgw-network-1
      • Click Add
      • Click Ok
  1. Click Next, and continue configuring your Plan
    • On the IP Addresses page Click Next.
      We will not provide an IP address rule. The Migrated VMs will use DHCP once recovered
    • Script VM: <Leave default>, Click Next  
    • Recovery Steps: <Leave default>, Click Next  
    • On the Alerts Page, click Finish
  1. Once created, click your DR Plan to review and manage it.
Task 6 - Execute a Failover

When you run a DR Plan as a failover, a running instance of the plan recovery steps launches and the plan continues to completion, or until a pause for user input, or upon encountering an error (if configured).

  1. From the Summary page of your DR Plan you created in the previous task. Click the Failover button
  1. In the DR Failover wizard click Next and select the following options:
    • Snapshot <Your_Previous_or_latest_Snapshot>
    • Runtime Settings: <Leave default>
    • Preview: Review the steps to be performed as part of the Failover and click Next
  2. On the Confirmation Page Type FAILOVER in the confirmation textbox
  3. Click Start failover
  1. Monitor the Failover process. This can take as much as 10 mins
  2. Once the Plan execution has completed without error(s), click Commit
  3. In the commit dialog:
    • Select the Checkbox to Create a failback plan
    • Select the On-Premises Datastore Protected DC01/datastore/NFS SharedDS01
    • Type COMMIT FAILOVER
    • Click Commit
  1. On the Summary page of the DR plan, click the Create PDF report button. To generate and download a report of the failover execution. This report con be used for audit and compliance purposes
Task 7 - Review the Recovered Virtual Machine
  1. In a new Browser tab, click the VMware Cloud SDDC Chrome Bookmark
  2. If prompted, login in as
    • vmcexpert#-XX@vmware-hol.com
    • VMware1!
  3. In the upper right-hand corner of the Cloud Console, Click the Drop-down next to your account
  4. Click the Drop-down next to Change organization and select Your VCDR Org (VMCEXPERT2-VCDR##)
  5. Click Open vCenter  on the VCDR SDDC Tile
  6. Click Show Credentials
  7. Copy the vCenter Password and Click Open vCenter
  1. Log into the VMC on AWS SDDC as:
  2. In the vCenter Inventory expand SDDC-Datacenter --> Cluster-1 --> Compute-ResourcePool
    to find your recovered vm <vm-studentxx> (where xx is your student number)
  3. Select <your Virtual Machine>
  4. Select the Monitor tab
  5. Click Tasks to review the vSphere tasks performed when recovering the Virtual Machine

Conclusion

VMware Cloud Disaster Recovery is VMware's on-demand disaster recovery service that is delivered as an easy-to-use SaaS solution and offers cloud economics to help keep your disaster recovery costs under control.

In the latest August Release the following features and capabilities were added:

  • Bring your existing recovery SDDC: Maximize your investment in VMware Cloud on AWS by using an existing SDDC created from the VMware Cloud console, for recovery with VMware Cloud Disaster Recovery. Clusters and hosts added to VMware Cloud DR from VMware Cloud console are automatically recognized by VMware Cloud Disaster Recovery.
  • User actions added to events list: View a log of user actions such as log in, log out, configuration changes, and DR Plan executions in the Monitor view of the VMware Cloud Disaster Recovery UI. The user ID and the source IP address are shown for each item in the Events list, enhancing your ability to audit user actions.
  • Protect workloads running in VMware Cloud Foundation: Expand your DR strategy to include protection of your virtual machines running in VMware Cloud Foundation (VCF) 4.2 and newer versions.
  • DR protection for up to 2500 VMs per AWS region per VMware Cloud organization: Protect larger environments by replicating up to 2500 virtual machines to a single AWS region in a VMware Cloud organization. You might need to split 2500 VMs across multiple VMware Cloud Disaster Recovery cloud file systems for larger protected capacity scale. See VMware Configuration Maximum tool for operational scale limits of VMware Cloud Disaster Recovery.
  • Replication throughput in UI: See the network throughput of the replication data traffic between the source site and the target VMware Cloud Disaster Recovery cloud file system. The throughput can be viewed in the Dashboard Topology map and on the Protected Sites page in the VMware Cloud Disaster Recovery UI.
  • AWS Europe (Milan) region: You can now protect and recover your vSphere virtual machines in the AWS Europe (Milan) region.

 

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Message

Download Article PDF Print Article