Configuring disaster recovery using VMware SRM

You can use your Google Cloud VMware Engine private cloud as a disaster recovery (DR) site for on-premises VMware workloads. This DR solution is based on vSphere replication and VMware Site Recovery Manager (SRM). You can follow a similar approach to use your private cloud as a primary site that's protected by your on-premises recovery site.

This recovery solution offers the following benefits:

  • Eliminates the need to set up a data center specifically for DR.
  • Lets you reduce deployment costs and total cost of ownership for establishing DR.

This solution requires the following from you:

  • Install, configure, and manage vSphere Replication and SRM in your private cloud.
  • Provide your own licenses for SRM when the private cloud is the protected site. You do not need any additional SRM licenses for the site when it is used as the recovery site.

With this solution, you have full control over vSphere Replication and SRM. You can also use your existing scripts and tools with the Google Cloud Console, gcloud command-line tool, and Compute Engine API interfaces.

You can use any versions of vSphere Replication appliance (vRA) and SRM that are compatible with your private cloud and on-premises environments. The examples in this guide use vRA 6.5 and SRM 6.5. These versions are compatible with vSphere 6.5.

Deploy a DR solution using SRM in your private cloud

The following sections describe how to deploy a DR solution using SRM in a private cloud.

Create a private cloud for your environment

Create a private cloud from the VMware Engine portal by following the instructions and sizing recommendations in Create a private cloud.

Verify that VMware product versions are compatible

To verify the versions of vCenter in your private cloud, view your vSphere management network:

  1. Access the Google Cloud VMware Engine portal
  2. Go to Resources.
  3. Select your private cloud and go to the vSphere Management Network tab.

The configurations in this guide are subject to the following compatibility requirements:

  • The same version of SRM must be deployed in your private cloud and your on-premises environment.
  • The same version of vSphere Replication must be deployed in your private cloud and your on-premises environment.
  • The versions of vCenter in your private cloud and your on-premises environment must be compatible.
  • The versions of SRM and vSphere Replication must be compatible with each other and with the versions of vCenter.

For more information, see the VMware Site Recovery Manager documentation.

Estimate the size of your DR environment

  1. Verify that your identified on-premises configuration is within supported limits. For SRM 6.5, the limits are documented in the VMware knowledge base article on operational limits for Site Recovery Manager 6.5.
  2. Ensure that you have sufficient network bandwidth to meet your workload size and RPO requirements. For more information, see Calculate Bandwidth for vSphere Replication.
  3. Use the sizer tool to estimate the resources that are needed in your DR site to protect your on-premises environment.

Set up private cloud networking for SRM

From the VMware Engine portal, set up private cloud networking for SRM.

Create a subnet for the SRM network and assign it a subnet CIDR. For more information, see Create and manage subnets.

Set up a site-to-site connection and open required ports

For information about how to set up site-to-site connectivity between your on-premises network and your private cloud, see Connect from on-premises to private cloud using VPN.

Set up infrastructure services in your private cloud

To help you manage your workloads and tools, configure infrastructure services in the private cloud.

Identify users from your on-premises Active Directory (AD) in your private cloud. Set up an AD in your private cloud for all users.

To provide IP address lookup, IP address management, and name resolution services for your workloads in the private cloud, set up a DHCP and DNS server as described in Set up DNS and DHCP applications and workloads in your private cloud.

The gve.goog domain is used by management VMs and hosts in your private cloud. To resolve requests to this domain, configure DNS forwarding on the DNS server as described in Create a conditional forwarder.

Install a vRA in your on-premises environment

Install a vSphere Replication appliance (vRA) in your on-premises environment by following the VMware documentation. The installation consists of these high-level steps:

  1. Prepare your on-premises environment for vRA installation.
  2. Deploy a vRA in your on-premises environment using the OVF in the VR ISO from VMware. For vRA 6.5, this VMware blog entry has the relevant information.
  3. Register your on-premises vRA with vCenter SSO at the on-premises site.

For information about vSphere Replication 6.5, see the VMware vSphere Replication 6.5 Installation and Configuration PDF.

Install a vRA in your private cloud

Before you begin, verify that you have the following:

  • IP reachability from subnets in your on-premises environment to the management subnet of your private cloud
  • IP reachability from the replication subnet in your on-premises vSphere environment to the SRM subnet of your private cloud

For more information, see Configure a VPN connection to your private cloud. The steps are similar to those for the on-premises installation.

Google recommends using fully qualified domain names (FQDNs) instead of IP addresses during the vRA and SRM installation. To find the FQDN of the vCenter in your private cloud, do the following:

  1. Access the Google Cloud VMware Engine portal
  2. Go to Resources.
  3. Select your private cloud and go to the vSphere Management Network tab.

Create a user in private cloud for vRA and SRM installation

You must install vRA and SRM using a new user with administrator privileges in the vCenter SSO domain. This is done to help ensure high uptime and availability for your private cloud vCenter environment.

To create the new administrator user, do the following:

  1. In the VMware Engine portal, elevate the vCenter privileges of the CloudOwner user.
  2. Sign in to vCenter using CloudOwner user credentials.
  3. Create a new user, srm-soln-admin, in vCenter and add it to the administrators group in vCenter.
  4. Sign out of vCenter as the CloudOwner user and sign in as the srm-soln-admin user.

For more information about the default private cloud user and permission model, see Learn the private cloud permission model.

Configure firewall rules for vRA

To open ports to enable the following network communications, configure firewall rules as described in Set up firewall tables and rules. This process enables communication between the following:

  • A vRA in the SRM network and vCenter and ESXi hosts in the management network
  • vRA appliances at the two sites

For a list of port numbers that must be open for vSphere Replication 6.5, see Port numbers that must be open for vSphere Replication.

Install SRM server in your on-premises environment

Before you begin, verify the following:

  • A vSphere Replication appliance is installed in your on-premises and private cloud environments.
  • The vSphere Replication appliances at both sites are connected to each other.
  • You have reviewed the VMware information on prerequisites and best practices. For SRM 6.5, you can refer to the VMware document Prerequisites and Best Practices for SRM 6.5.

Follow VMware documentation to install SRM server in the deployment model Two-Site Topology with One vCenter Instance per Platform Services Controller, as described in Site Recovery Manager in a Two-Site Topology with One vCenter Server Instance per Platform Services Controller.

Installation instructions for SRM 6.5 are available in the VMware document Installing Site Recovery Manager.

Install SRM server in your private cloud

Before you begin, verify the following:

The following steps describe the private cloud SRM installation.

Install SRM through vCenter

Sign in to vCenter using the srm-soln-admin credentials, then follow the VMware documentation to install SRM server in the deployment model Two-Site Topology with One vCenter Instance per Platform Services Controller, as described in Site Recovery Manager in a Two-Site Topology with One vCenter Server Instance per Platform Services Controller.

Installation instructions for SRM 6.5 are available in the VMware document Installing Site Recovery Manager.

Configure firewall rules for SRM

Configure firewall rules in the VMware Engine portal as described in Set up firewall tables and rules to allow communication between the following:

  • The SRM server and vCenter in the private cloud
  • The SRM servers at both sites

For a list of port numbers that must be open for vSphere Replication 6.5, see Port numbers that must be open for vSphere Replication 6.5.

Configure SRM through vCenter

After SRM is installed in the private cloud, perform the following tasks to configure SRM through vCenter:

  • Connect the SRM server instances on the protected and recovery sites.
  • Establish a client connection to the cloud SRM Server instance.
  • Install the SRM License Key.

For SRM 6.5, see Installing Site Recovery Manager.

Restore privileges in VMware Engine

For information about how to restore privileges, see Restore privileges.

Ongoing management of SRM

You have full control over vSphere Replication and SRM software in your private cloud and are expected to perform necessary software lifecycle management. Ensure that any new version of software is compatible with the private cloud vCenter before updating or upgrading vSphere Replication or SRM.

Multiple replication configuration

You can use both array-based replication and vSphere Replication technologies together with SRM at the same time in your on-premises environment. For more information, see SRM – Array Based Replication vs. vSphere Replication.

Either array-based replication or vSphere Replication must be applied to a set of VMs. A given VM can be protected either by array-based replication or vSphere Replication, but not both. You can configure the VMware Engine site as a recovery site for multiple protected sites. For information about multi-site configurations, see SRM Multi-Site Options.

References

What's next