VMware vCenter Site Recovery Manager - 5.5 Installation Manual

Site Recovery Manager Installation and

Configuration

vCenter Site Recovery Manager 5.5

This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.

EN-001111-00

Site Recovery Manager Installation and Configuration

You can find the most up-to-date technical documentation on the VMware Web site at:

http://www.vmware.com/support/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

docfeedback@vmware.com

Copyright © 2008–2013 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at

http://www.vmware.com/go/patents.

VMware is a registered trademark or trademark of VMware, Inc. in the United States and other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

VMware, Inc.

3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com

2 VMware, Inc.

About Site Recovery Manager Installation and Configuration 7

Overview of VMware vCenter Site Recovery Manager 9

About Protected Sites and Recovery Sites 10

Using Array-Based Replication with SRM 12

Using vSphere Replication with SRM 13

Using Array-Based Replication and vSphere Replication with SRM 17

SRM and vCenter Server 18

Site Recovery Manager System Requirements 21

SRM Licensing 21

SRM Network Ports 22

Operational Limits of SRM 22

Creating the SRM Database 23

Configure Microsoft SQL Server for SRM 23

Configure Oracle Server for SRM 24

Create an ODBC System DSN for SRM 24

SRM Authentication 27

Requirements When Using Public Key Certificates with SRM 28

Installing SRM 29

Install the SRM Server 29

Install the SRM Client Plug-In 32

Connect to SRM 33

Connect the Protected and Recovery Sites 33

Install the SRM License Key 34

Modify the Installation of an SRM Server 35

Repair the Installation of an SRM Server 36

VMware, Inc.

Upgrading SRM 39

Information That SRM Upgrade Preserves 39

Types of Upgrade that SRM Supports 40

Order of Upgrading vSphere and SRM Components 40

Upgrade SRM 41

Revert to a Previous Release of SRM 47

Configuring Array-Based Protection 49

Install Storage Replication Adapters 49

Configure Array Managers 50

Site Recovery Manager Installation and Configuration

Rescan Arrays to Detect Configuration Changes 51

Edit Array Managers 51

Installing vSphere Replication 53

Deploy the vSphere Replication Virtual Appliance 54

Configure vSphere Replication Connections 55

Reconfigure the vSphere Replication Appliance 56

Deploy an Additional vSphere Replication Server 67

Reconfigure vSphere Replication Server Settings 68

Unregister and Remove a vSphere Replication Server 69

Uninstall vSphere Replication 70

Unregister vSphere Replication from vCenter Server if the Appliance Was Deleted 70

Upgrading vSphere Replication 73

Upgrade vSphere Replication 74

Creating SRM Placeholders and Mappings 79

About Placeholder Virtual Machines 79

About Inventory Mappings 80

About Placeholder Datastores 81

Configure Datastore Mappings for vSphere Replication 82

Installing SRM to Use with a Shared Recovery Site 83

Limitations of Using SRM in Shared Recovery Site Configuration 85

SRM Licenses in a Shared Recovery Site Configuration 85

Install SRM In a Shared Recovery Site Configuration 86

Use Array-Based Replication in a Shared Recovery Site Configuration 91

Use vSphere Replication in a Shared Recovery Site Configuration 92

Troubleshooting SRM Installation and Configuration 95

Cannot Restore SQL Database to a 32-Bit Target Virtual Machine During SRM Upgrade 96

SRM Server Does Not Start 97

vSphere Client Cannot Connect to SRM 98

Site Pairing Fails Because of Different Certificate Trust Methods 99

Error at vService Bindings When Deploying the vSphere Replication Appliance 99

OVF Package is Invalid and Cannot be Deployed 100

vSphere Replication Appliance or vSphere Replication Server Does Not Deploy from the SRM

Interface 100

Connection Errors Between vSphere Replication and SQL Server Cannot be Resolved 100

404 Error Message when Attempting to Pair vSphere Replication Appliances 101

vSphere Replication Service Fails with Unresolved Host Error 102

Increase the Memory of the vSphere Replication Server for Large Deployments 102

vSphere Replication Appliance Extension Cannot Be Deleted 102

Uploading a Valid Certificate to vSphere Replication Results in a Warning 103

vSphere Replication Status Shows as Disconnected 103

vSphere Replication Server Registration Takes Several Minutes 103

vSphere Replication is Inaccessible After Changing vCenter Server Certificate 104

4 VMware, Inc.

Index 105

Contents

VMware, Inc. 5

Site Recovery Manager Installation and Configuration

6 VMware, Inc.

About Site Recovery Manager Installation and Configuration

Site Recovery Manager Installation and Configuration provides information about how to install, upgrade, and configure VMware vCenter Site Recovery Manager.

This information also provides a general overview of Site Recovery Manager.

For information about how to perform day-to-day administration of Site Recovery Manager, see Site Recovery Manager Administration.

Intended Audience

This information is intended for anyone who wants to install, upgrade, or configure Site Recovery Manager. The information is written for experienced Windows or Linux system administrators who are familiar with virtual machine technology and datacenter operations.

VMware, Inc.

Site Recovery Manager Installation and Configuration

8 VMware, Inc.

Overview of VMware vCenter Site Recovery

Manager 1

VMware vCenter Site Recovery Manager (SRM) is a business continuity and disaster recovery solution that helps you to plan, test, and run the recovery of virtual machines between a protected vCenter Server site and a recovery vCenter Server site.

You can configure SRM to work with several third-party disk replication mechanisms by configuring arraybased replication. Array-based replication surfaces replicated datastores to recover virtual machine workloads. You can also use host-based replication by configuring SRM to use VMware vSphere Replication to protect virtual machine workloads.

You can use SRM to implement different types of recovery from the protected site to the recovery site.

Planned Migration

Disaster Recovery

SRM orchestrates the recovery process with the replication mechanisms, to minimize data loss and system down time.

At the protected site, SRM shuts down virtual machines cleanly, if the protected site is still running.

SRM powers on the replicated virtual machines at the recovery site according to a recovery plan.

A recovery plan specifies the order in which virtual machines start up on the recovery site. A recovery plan specifies network parameters, such as IP addresses, and can contain user-specified scripts that SRM can run to perform custom recovery actions.

SRM lets you test recovery plans. You conduct tests by using a temporary copy of the replicated data in a way that does not disrupt ongoing operations at either site.

About Protected Sites and Recovery Sites on page 10

In a typical SRM installation, the protected site provides business-critical datacenter services. The recovery site is an alternative facility to which SRM can migrate these services.

The orderly evacuation of virtual machines from the protected site to the recovery site. Planned Migration prevents data loss when migrating workloads in an orderly fashion. For planned migration to succeed, both sites must be running and fully functioning.

Similar to planned migration except that disaster recovery does not require that both sites be up and running, for example if the protected site goes offline unexpectedly. During a disaster recovery operation, failure of operations on the protected site are reported but otherwise ignored.

VMware, Inc.

Using Array-Based Replication with SRM on page 12

When you use array-based replication, one or more storage arrays at the protected site replicate data to peer arrays at the recovery site. With storage replication adapters (SRAs), you can integrate SRM with a wide variety of arrays.

Site Recovery Manager Installation and Configuration

Using vSphere Replication with SRM on page 13

SRM can use vSphere Replication to replicate data to servers at the recovery site.

Using Array-Based Replication and vSphere Replication with SRM on page 17

You can use a combination of array-based replication and vSphere Replication in your SRM deployment.

SRM and vCenter Server on page 18

SRM Server operates as an extension to the vCenter Server at a site. Because the SRM Server depends on vCenter Server for some services, you must install and configure vCenter Server at a site before you install SRM.

About Protected Sites and Recovery Sites

In a typical SRM installation, the protected site provides business-critical datacenter services. The recovery site is an alternative facility to which SRM can migrate these services.

The protected site can be any site where vCenter Server supports a critical business need. The recovery site can be located thousands of miles away from the protected site. Conversely, the recovery site can be in the same room as a way of establishing redundancy. The recovery site is usually located in a facility that is unlikely to be affected by environmental, infrastructure, or other disturbances that affect the protected site.

The vSphere configurations at each site must meet requirements for SRM.

Each site must have at least one datacenter.

If you are using array-based replication, identical replication technologies must be available at both

sites and the sites must be paired.

The recovery site must have hardware, network, and storage resources that can support the same

virtual machines and workloads as the protected site. You can oversubscribe the recovery site by running additional virtual machines there that are not protected. In this case, during a recovery you must suspend non-critical virtual machines on the recovery site.

The sites must be connected by a reliable IP network. If you are using array-based replication, ensure

that your network connectivity meets the arrays' network requirements.

The recovery site should have access to comparable public and private networks as the protected site,

although not necessarily the same range of network addresses.

Pairing the Protected and Recovery Sites

You must pair the protected and recovery sites before you can use SRM.

SRM includes a wizard that guides you through the site-pairing process. You must establish a connection between the sites and you must provide authentication information for the two sites so that they can exchange information. Site pairing requires vSphere administrative privileges at both sites. To begin the sitepairing process, you must know the user name and password of a vSphere administrator at each site. If you are using vSphere Replication, you must pair the vSphere Replication appliances.

10 VMware, Inc.

appsOSapps

Site A

Protected

site goes

offline

Replica

virtual

machines

power on

Virtual machines replicate from site A to site B

Site B

appsOSapps

Protection group

Chapter 1 Overview of VMware vCenter Site Recovery Manager

Figure 1‑1. SRM Site Pairing and Recovery Process

Bidirectional Protection

You can use a single set of paired SRM sites to protect virtual machines in both directions. Each site can simultaneously be a protected site and a recovery site, but for a different set of virtual machines.

You can implement bidirectional protection by using either array-based replication or vSphere Replication. If you are using array-based replication, each of the array’s LUNs replicates in only one direction. Two LUNs in paired arrays can replicate in different directions from each other.

For information about the numbers of virtual machines for which you can establish bidirectional protection between two sites, see http://kb.vmware.com/kb/2034768.

Heterogeneous Configurations on the Protected and Recovery Sites

The configurations of the SRM and vCenter Server installations can be different on each of the protected and recovery sites.

Some components in the SRM and vCenter Server installations must be identical on each site. Because the protected and recovery sites are often in different physical locations, some components on the protected site can be of a different type to their counterparts on the recovery site.

Although components can be different on each site, you must use the types and versions of these components that SRM supports. See the Site Recovery Manager Compatibility Matrixes for information.

Table 1‑1. Heterogeneity of SRM Components Between Sites

Component Heterogeneous or Identical Installations

SRM Server Must be the same version on both sites. The SRM version

must be the same as the vCenter Server version.

vCenter Server Must be the same version on both sites.

vSphere Replication Must be the same version on both sites. The

vSphere Replication version must be the same as the SRM version and the vCenter Server version.

Authentication method Must be the same on both sites. If you use autogenerated

certificates to authenticate between the SRM Server instances on each site, you must use autogenerated certificates on both sites. If you use custom certificates that are signed by a certificate authentication service, you must use such certificates on both sites. Similarly, the authentication method that you use between SRM Server and vCenter Server must be the same on both sites. If you use different authentication methods on each site, site

VMware, Inc. 11

vCenter Server Appliance or standard vCenter Server instance

pairing fails.

Can be different on each site. You can run a vCenter Server Appliance on one site and a standard vCenter Server instance on the other site.

Site Recovery Manager Installation and Configuration

Table 1‑1. Heterogeneity of SRM Components Between Sites (Continued)

Component Heterogeneous or Identical Installations

Storage arrays for array-based replication Can be different on each site. You can use different

SRM database Can be different on each site. You can use different

Host operating system of the SRM Server installation Can be different on each site. You can run different

Host operating system of the vCenter Server installation Can be different on each site. You can run different

Example: Heterogenous Configurations on the Protected and Recovery Sites

The SRM and vCenter Server installations might be in different countries, with different setups.

versions of the same type of storage array on each site, or different types of storage array. The SRM Server instance on each site requires the appropriate storage replication adapter (SRA) for each type or version of storage array for that site. Check SRA compatibility with all versions of storage array to ensure compatibility.

versions of the same type of database on each site, or different types of database on each site.

versions of the host operating system and the host operating system can run in different locales on each site.

Site A in Japan:

SRM Server runs on Windows Server 2008 in the Japanese locale

SRM extends a vCenter Server Appliance instance

SRM Server uses an SQL Server database

Site B in the United States:

SRM Server runs on Windows Server 2012 in the English locale

SRM extends a standard vCenter Server instance that runs on Windows Server 2008 in the English

locale

SRM Server uses an Oracle Server database

Using Array-Based Replication with SRM

To use array-based replication with SRM, you must configure replication first before you can configure SRM to use it.

If your storage array supports consistency groups, SRM is compatible with vSphere Storage DRS and vSphere Storage vMotion. You can use Storage DRS and Storage vMotion to move virtual machine files within a consistency group that SRM protects. If your storage array does not support consistency groups, you cannot use Storage DRS and Storage vMotion in combination with SRM.

You can protect virtual machines that contain disks that use VMware Virtual Flash storage. Since the host to which a virtual machine recovers might not be configured for Virtual Flash, SRM disables Virtual Flash on disks when it starts the virtual machines on the recovery site. After the recovery, you can migrate the virtual machine to a host with Virtual Flash storage and manually restore the original Virtual Flash setting on the virtual machine.

12 VMware, Inc.

ESXi

Server

ESXi

Server

SRM plug-in

vSphere Client

Protected Site

SRM plug-in

vSphere Client

Recovery Site

ESXi

Server

ESXi

Server

vCenter Server

VMFS

Storage

VMFS

Storage

ESXi

Server

SRM Server SRM Server

SRA

vCenter Server

SRA

Array based replication

Chapter 1 Overview of VMware vCenter Site Recovery Manager

Storage Replication Adapters

Storage replication adapters are not part of an SRM release. Your array vendor develops and supports them. You can download storage replication adapters by going to

https://my.vmware.com/web/vmware/downloads and selecting VMware vCenter Site Recovery Manager >

View Components > Go to Downloads. VMware does not support SRAs that you download from other sites. You must install an SRA specific to each array that you use with SRM on the SRM Server host. SRM supports the use of multiple SRAs.

Figure 1‑2. SRM Architecture with Array-Based Replication

Using vSphere Replication with SRM

SRM can use vSphere Replication to replicate data to servers at the recovery site.

You deploy vSphere Replication as a virtual appliance. The vSphere Replication appliance contains two components.

A vSphere Replication management server:

Configures the vSphere Replication server on the recovery site.

Enables replication from the protected site.

Authenticates users and checks their permissions to perform vSphere Replication operations.

Manages and monitors the replication infrastructure.

A vSphere Replication server:

Listens for virtual machine updates from the vSphere Replication host agent on the protected site.

Applies the updates to the virtual disks on the recovery site.

If necessary, you can deploy multiple vSphere Replication servers on a site to balance the replication load across your virtual infrastructure.

VMware, Inc. 13

SRM plug-in

vSphere Client

Protected Site

SRM plug-in

vSphere Client

Recovery Site

ESXi

Server

VR Agent

ESXi

Server

VR Agent

vCenter Server

VMFS

Storage

VMFS

Storage

ESXi

Server

VR Agent

SRM Server

VR Appliance

Network

File Copy

ESXi

SRM Server

Additional

VR Server

Network

File Copy

ESXi

VR Appliance

vSphere replication

vCenter Server

Site Recovery Manager Installation and Configuration

For information about the loads that a vSphere Replication management server and a vSphere Replication server can support, see http://kb.vmware.com/kb/2034768.

vSphere Replication does not require storage arrays. The vSphere Replication storage replication source and target can be any storage device, including, but not limited to, storage arrays. You can use Virtual SAN (VSAN) storage with vSphere Replication.

NOTE vSphere 5.5 includes Virtual SAN as an experimental feature. You can perform testing with Virtual SAN, but it is not supported for use in a production environment. See the release notes for this release for information about how to enable Virtual SAN.

You can configure vSphere Replication to regularly create and retain snapshots of protected virtual machines on the recovery site. Taking multiple point-in-time (MPIT) snapshots of virtual machines allows you to retain more than one replica of a virtual machine on the recovery site. Each snapshot reflects the state of the virtual machine at a certain point in time. You can select which snapshot to recover when you use vSphere Replication to perform a recovery.

vSphere Replication is compatible with vSphere Storage vMotion and vSphere Storage DRS on the protected site. You can use Storage vMotion and Storage DRS to move the disk files of a virtual machine that vSphere Replication protects, with no impact on replication.

Figure 1‑3. SRM Architecture with vSphere Replication

14 VMware, Inc.

Chapter 1 Overview of VMware vCenter Site Recovery Manager

How vSphere Replication Works

With vSphere Replication, you can configure replication of a virtual machine from a source site to a target site, monitor and manage the status of the replication, and recover the virtual machine at the target site.

When you configure a virtual machine for replication, the vSphere Replication agent sends changed blocks in the virtual machine disks from the source site to the target site, where they are applied to the copy of the virtual machine. This process occurs independently of the storage layer. vSphere Replication performs an initial full synchronization of the source virtual machine and its replica copy. You can use replication seeds to reduce the amount of time and bandwidth required for the initial replication.

During replication configuration, you can set a recovery point objective (RPO) and enable retention of instances from multiple points in time (MPIT).

As administrator, you can monitor and manage the status of the replication. You can view information for incoming and outgoing replications, source and target site status, replication issues, and for warnings and errors.

vSphere Replication stores replication configuration data in its embedded database. You can also configure vSphere Replication to use an external database.

Contents of the vSphere Replication Appliance

The vSphere Replication appliance provides all the components that vSphere Replication requires.

An embedded database that stores replication configuration and management information.

A vSphere Replication Management Server and a vSphere Replication Server that provide the core of

the vSphere Replication infrastructure.

You can use vSphere Replication immediately after you deploy the appliance. The vSphere Replication appliance provides a virtual appliance management interface (VAMI) that you can use to reconfigure the appliance after deployment, if necessary. For example, you can use the VAMI to change the appliance security settings, change the network settings, or configure an external database. You can deploy additional vSphere Replication Servers using a separate .ovf package.

Compatibility of vSphere Replication with Other vSphere Features

vSphere Replication is compatible with certain other vSphere management features.

You can safely use vSphere Replication in combination with certain vSphere features, such as vSphere vMotion. Some other vSphere features, for example vSphere Distributed Power Management, require special configuration for use with vSphere Replication.

Table 1‑2. Compatibility of vSphere Replication with Other vSphere Features

Compatible with

vSphere Feature

vSphere vMotion Yes You can migrate replicated virtual machines by using vMotion.

vSphere Storage vMotion

vSphere High Availability

vSphere Replication Description

Replication continues at the defined recovery point objective (RPO) after the migration is finished.

Yes You can move the disk files of a replicated virtual machine on the source

site using Storage vMotion with no impact on the ongoing replication.

Yes You can protect a replicated virtual machine by using HA. Replication

continues at the defined RPO after HA restarts a virtual machine. vSphere Replication does not perform any special HA handling. You can protect the vSphere Replication appliance itself by using HA.

VMware, Inc. 15

Site Recovery Manager Installation and Configuration

Table 1‑2. Compatibility of vSphere Replication with Other vSphere Features (Continued)

Compatible with

vSphere Feature

vSphere Fault Tolerance

vSphere DRS Yes Replication continues at the defined RPO after resource redistribution is

vSphere Storage DRS

VMware Virtual SAN datastore

vSphere Distributed Power Management

VMware vSphere Flash Read Cache

vCloud APIs Not applicable No interaction with vSphere Replication.

vCenter Chargeback

VMware Data Recovery

vSphere Replication Description

No vSphere Replication cannot replicate virtual machines that have fault

Yes You can move the disk files of a replicated virtual machine on the source

Experimental You can use VMware Virtual SAN datastores as a target datastore when

Yes vSphere Replication coexists with DPM on the source site.

Yes You can replicate virtual machines that contain disks that use VMware

Not applicable No interaction with vSphere Replication

Not applicable No interaction with vSphere Replication.

tolerance enabled. You cannot protect the vSphere Replication appliance itself with FT.

finished.

site using Storage DRS with no impact on the ongoing replication.

configuring replications. See “Using vSphere Replication with Virtual

SAN Storage,” on page 16.

vSphere Replication does not perform any special DPM handling on the source site. Disable DPM on the target site to allow enough hosts as replication targets.

vSphere Flash Read Cache storage. Since the host to which a virtual machine recovers might not be configured for Flash Read Cache, vSphere Replication disables Flash Read Cache on disks when it starts the virtual machines on the target site. After the recovery, you can migrate the virtual machine to a host with Flash Read Cache storage and restore the original Flash Read Cache setting on the virtual machine.

Using vSphere Replication with Virtual SAN Storage

You can use VMware Virtual SAN datastores as a target datastore when configuring replications.

vSphere Replication does not support replicating or recovering virtual machines to the root folders with user-friendly names on Virtual SAN datastores. These names can change, which causes replication errors. When selecting Virtual SAN datastores, always select folders with UUID names, which do not change.

Configuring Replications

When configuring replications for a single virtual machine, vSphere Replication creates the destination folder that you choose, obtains the UUID reference for that folder, and then uses the UUID name rather than the user-friendly name. The UUID name is visible when vSphere Replication displays the target folders when reconfiguring replications.

When configuring replication for multiple virtual machines using the multi-VM wizard, create a root folder in the vSAN datastore, obtain its UUID name and use this folder by the UUID in the replication wizard.

16 VMware, Inc.

Chapter 1 Overview of VMware vCenter Site Recovery Manager

Configuring Replications by Using Replication Seeds

When copying replication seed files to the target datastore, you can use the vSphere Web Client to create a new root folder on a virtual SAN datastore, or place the files in an existing folder. When you configure replications that use replication seeds, you must select the folder by using its UUID name. Selecting the user-friendly folder names is not supported.

Reconfiguring Replications

If you want to change the destination folder for a disk or the virtual machine config files, you must use the following options:

Select the UUID name of an existing folder.

Allow vSphere Replication to create a new folder and obtain its UUID name.

Using Array-Based Replication and vSphere Replication with SRM

You can use a combination of array-based replication and vSphere Replication in your SRM deployment.

To create a mixed SRM deployment that uses array-based replication and vSphere Replication, you must configure the protected and recovery sites for both types of replication.

Set up and connect the storage arrays and install the appropriate storage replication adapters (SRA) on

both sites.

Deploy vSphere Replication appliances on both sites and configure the connection between the

appliances.

Configure virtual machines for replication using either array-based replication or vSphere Replication,

as appropriate.

NOTE Do not attempt to configure vSphere Replication on a virtual machine that resides on a datastore that you replicate by using array-based replication.

You create array-based protection groups for virtual machines that you configure with array-based replication, and vSphere Replication protection groups for virtual machines that you configure with vSphere Replication. You cannot mix replication types in a protection group. You can mix array-based protection groups and vSphere Replication protection groups in the same recovery plan.

VMware, Inc. 17

SRM plug-in

vSphere Client

Protected Site

SRM plug-in

vSphere Client

Recovery Site

ESXi

Server

VR Agent

ESXi

Server

VR Agent

vCenter Server

VMFS

Storage

VMFS

Storage

Array based replication

ESXi

Server

VR Agent

SRM Server

VR Appliance

Network

File Copy

ESXi

SRM Server

Additional

VR Server

Network

File Copy

ESXi

VR Appliance

vSphere replication

SRA

vCenter Server

SRA

Site Recovery Manager Installation and Configuration

Figure 1‑4. SRM Architecture with Array-Based Replication and vSphere Replication

SRM and vCenter Server

SRM takes advantage of vCenter Server services, such as storage management, authentication, authorization, and guest customization. SRM also uses the standard set of vSphere administrative tools to manage these services.

You can use SRM and vSphere Replication with the vCenter Server Appliance or with a standard vCenter Server installation. You can have vCenter Server Appliance on one site and a standard vCenter Server installation on the other.

How Changes to vCenter Server Inventory Affect SRM

Because SRM protection groups apply to a subset of the vCenter Server inventory, changes to the protected inventory made by vCenter Server administrators and users can affect the integrity of SRM protection and recovery. SRM depends on the availability of certain objects, such as virtual machines, folders, resource pools, and networks, in the vCenter Server inventory at the protected and recovery sites. Deletion of resources such as folders or networks that are referenced by recovery plans can invalidate the plan. Renaming or relocating objects in the vCenter Server inventory does not affect SRM, unless it causes resources to become inaccessible during test or recovery.

SRM can tolerate certain changes at the protected site without disruption.

Deleting protected virtual machines.

Deleting an object for which an inventory mapping exists.

18 VMware, Inc.

Chapter 1 Overview of VMware vCenter Site Recovery Manager

SRM can tolerate certain changes at the recovery site without disruption.

Moving placeholder virtual machines to a different folder or resource pool.

Deleting an object for which an inventory map exists.

SRM and the vCenter Server Database

If you update the vCenter Server installation that SRM extends, do not reinitialize the vCenter Server database during the update. SRM stores identification information about all vCenter Server objects in the SRM database. If you reinitialize the vCenter Server database, the identification data that SRM has stored no longer matches identification information in the new vCenter Server instance and objects are not found.

SRM and Other vCenter Server Solutions

You can run other VMware solutions such as vCenter Update Manager, vCenter Server Heartbeat, VMware Fault Tolerance, vSphere Storage vMotion, vSphere Storage DRS, and vCenter CapacityIQ in deployments that you protect using SRM. However, use caution before connecting other VMware solutions to the vCenter Server instance to which the SRM Server is connected. Connecting other VMware solutions to the same vCenter Server instance as SRM might cause problems when you upgrade SRM or vSphere. Check the compatibility and interoperability of these solutions with SRM before by consulting the VMware Product Interoperability Matrixes at http://partnerweb.vmware.com/comp_guide2/sim/interop_matrix.php?.

VMware, Inc. 19

Site Recovery Manager Installation and Configuration

20 VMware, Inc.

Site Recovery Manager System

Requirements 2

The system on which you install vCenter Site Recovery Manager must meet specific hardware requirements.

Table 2‑1. SRM System Requirements

Component Requirement

Processor 2.0GHz or higher Intel or AMD x86 processor

Memory 2GB minimum

Disk Storage 5GB minimum

Networking 1 Gigabit recommended for communication between SRM

sites.

Use a trusted network for the management of ESXi hosts.

For information about supported platforms and databases, see the Site Recovery Manager Compatibility Matrixes, at https://www.vmware.com/support/srm/srm-compat-matrix-5-5.html.

SRM Licensing on page 21

After you install SRM, it remains in evaluation mode until you install an SRM license key.

SRM Network Ports on page 22

SRM Server instances use several network ports to communicate with each other, with client plug-ins, and with vCenter Server. If any of these ports are in use by other applications or are blocked on your network, you must reconfigure SRM to use different ports.

Operational Limits of SRM on page 22

Each SRM server can support a certain number of virtual machines, protection groups, datastore groups, vSphere Replication management server instances per host, and vSphere Replication servers per vSphere Replication appliance.

SRM Licensing

After you install SRM, it remains in evaluation mode until you install an SRM license key.

After the evaluation license expires, existing protection groups remain protected and you can recover them, but you cannot create new protection groups or add virtual machines to an existing protection group until you obtain and assign a valid SRM license key. Obtain and assign SRM license keys as soon as possible after installing SRM.

To obtain SRM license keys, go to the SRM Product Licensing Center at

http://www.vmware.com/products/site-recovery-manager/buy.html, or contact your VMware sales

representative.

VMware, Inc.

Site Recovery Manager Installation and Configuration

SRM License Keys and vCenter Server Instances in Linked Mode

If your vCenter Server instances are connected with vCenter Server instances in linked mode, you install the same SRM license on both vCenter Server instances.

SRM License Keys and Protected and Recovery Sites

SRM requires a license key that specifies the number of virtual machines that you can protect at a site.

Install SRM license keys at one site to enable recovery.

Install the same SRM license keys at both sites to enable bidirectional operation, including reprotect.

SRM checks for a valid license whenever you add a virtual machine to or remove a virtual machine from a protection group. If licenses are not in compliance, vSphere triggers a licensing alarm. Configure alerts for triggered licensing events so that licensing administrators receive a notification by email.

Example: SRM Licenses Required for Recovery and Reprotect

You have a site that contains 25 virtual machines for SRM to protect.

For failover, you require a license for 25 virtual machines, that you install on the protected site to allow

one-way protection from the protected site to the recovery site.

For reprotect, you require a license for 25 virtual machines, that you install on the protected and the

recovery site to allow bidirectional protection between both sites.

SRM Network Ports

SRM uses default network ports for intrasite communication between hosts at a single site and intersite communication between hosts at the protected and recovery sites. You can change these defaults when you install SRM. Beyond these standard ports, you must also meet network requirements of your particular array-based replication provider.

You can change the network ports from the defaults when you first install SRM. You cannot change the network ports after you have installed SRM.

For a list of all the ports that must be open for SRM and vSphere Replication, see

http://kb.vmware.com/kb/1009562.

For the list of default ports that all VMware products use, see http://kb.vmware.com/kb/1012382.

Operational Limits of SRM

For details about the operational limits of SRM and vSphere Replication, see

http://kb.vmware.com/kb/2034768.

22 VMware, Inc.

Creating the SRM Database 3

The SRM Server requires its own database, which it uses to store data such as recovery plans and inventory information.

The SRM database is a critical part of an SRM installation. You must create the SRM database and establish a database connection before you can install SRM.

SRM cannot use the vCenter Server database because it has different database schema requirements. You can use the vCenter Server database server to create and support the SRM database.

Each SRM site requires its own instance of the SRM database. Use a different database server instance to run the individual SRM databases for each site. If you use the same database server instance to run the databases for both sites, and if the database server experiences a problem, neither SRM site will work and you will not be able to perform a recovery.

SRM does not require the databases on each site to be identical. You can run different versions of a supported database from the same vendor on each site, or you can run databases from different vendors on each site. For example, you can run different versions of Oracle Server on each site, or you can have an Oracle Server database on one site and an SQL Server database on the other.

If you are updating SRM to a new version, you can use the existing database. Before you attempt an SRM environment upgrade, make sure that both SRM Server databases are backed up. Doing so helps ensure that you can revert back to the previous version after the upgrade, if necessary.

For the list of database software that SRM supports, see the Site Recovery Manager Compatibility Matrixes.

Configure Microsoft SQL Server for SRM on page 23

When you create a Microsoft SQL Server database, you must configure it correctly to support SRM.

Configure Oracle Server for SRM on page 24

When you create a Oracle Server database, you must configure it correctly to support SRM.

Create an ODBC System DSN for SRM on page 24

You must provide SRM with a system database source name (DSN) for a 64-bit open database connectivity (ODBC) connector. The ODBC connector allows SRM to connect to the SRM database.

Configure Microsoft SQL Server for SRM

When you create a Microsoft SQL Server database, you must configure it correctly to support SRM.

You use SQL Server Management Studio to create and configure an SQL Server database for SRM to use.

This information provides the general steps that you must perform to configure an SQL Server database for SRM to use. For specific instructions, see the SQL Server documentation.

VMware, Inc.

Site Recovery Manager Installation and Configuration

If you install SQL Server on a different machine to SRM Server, both of the SRM Server and SQL Server machines must belong to the same domain. You then create a domain user that has the SQL Server login and that also has access to SRM Server.

For information about database sizing, see the Sizing calculator for vCenter Site Recovery Manager databases - MSSQL at http://www.vmware.com/products/site-recovery-manager/resource.html.

Procedure

1 Select an authentication mode when you create the database instance.

Option Description

Windows authentication

SQL Authentication

2 Create the SRM database user account.

3 Grant the SRM database user account the bulk insert, connect, and create table permissions.

4 Create the database schema.

The SRM database schema must have the same name as the database user account.

5 Set the SRM database user as the owner of the SRM database schema.

The database user account must be the same user account that you use to run the SRM service.

Leave the default local system user.

6 Set the SRM database schema as the default schema for the SRM database user.

7 (Optional) If you are using SQL Server 2012, configure the NT AUTHORITY\SYSTEM login.

Option Action

General:: Default database

Server Roles

User Mapping

Type the database name.

Select the Public and Admin roles.

Select the check box to map the login to the database.

Configure Oracle Server for SRM

When you create a Oracle Server database, you must configure it correctly to support SRM.

You create and configure an Oracle Server database for SRM by using the tools that Oracle Server provides.

This information provides the general steps that you must perform to configure an Oracle Server database for SRM. For instructions about how to perform the relevant steps, see the Oracle documentation.

For information about database sizing, see the Sizing calculator for vCenter Site Recovery Manager databases - Oracle at http://www.vmware.com/products/site-recovery-manager/resource.html.

Procedure

1 When creating the database instance, specify UTF-8 encoding.

2 Create the SRM database user account.

3 Grant the SRM database user account the connect, resource, create session privileges and permissions.

Create an ODBC System DSN for SRM

You must provide SRM with a system database source name (DSN) for a 64-bit open database connectivity (ODBC) connector. The ODBC connector allows SRM to connect to the SRM database.

You can create the ODBC system DSN before you run the SRM installer by running Odbcad32.exe, the 64-bit Windows ODBC Administrator tool.

24 VMware, Inc.

Chapter 3 Creating the SRM Database

Alternatively, you can create an ODBC system DSN by running the Windows ODBC Administrator tool during the SRM installation process.

Prerequisites

You created the database instance to connect to SRM.

Procedure

1 Double-click the Odbcad32.exe file at C:\Windows\System32 to open the 64-bit ODBC Administrator tool.

IMPORTANT Do not confuse the 64-bit Windows ODBC Administrator tool with the 32-bit ODBC Administrator tool located in C:\Windows\SysWoW64. Do not use the 32-bit ODBC Administrator tool.

2 Click the System DSN tab and click Add.

3 Select the appropriate ODBC driver for your database software and click Finish.

Option Action

SQL Server

Oracle Server

Select SQL Server Native Client 10.0.

Select Microsoft ODBC for Oracle.

4 (Optional) Create a SQL Server data source for the database.

a Provide the details for the data source.

Option Action

Name

Description

Server

Type a name for this data source, for example SRM.

Type a description of the data source, for example SRM.

Select the running database instance to which to connect or type the address of the database server.

b Select the authentication method that corresponds to the database that you created and click Next.

c Click Next to retain the default settings for this database connection and click Finish.

5 (Optional) Create an Oracle Server data source for the database and click Next.

Option Action

Data Source Name

Description

TNS Service Name

User ID

Type a name for this data source, for example SRM.

Type a description of the data source, for example SRM.

Type the address of the database server in the format database_server_address:1521/database_name.

Type the database user name.

6 Click Test Data Source to test the connection and click OK if the test succeeds.

If the test does not succeed, check the configuration information and try again.

7 Click OK to exit the Windows ODBC Administrator tool.

The ODBC driver for your database is ready to use.

VMware, Inc. 25

Site Recovery Manager Installation and Configuration

26 VMware, Inc.

SRM Authentication 4

All communications between SRM and vCenter Server instances take place over SSL connections and are authenticated by public key certificates or stored credentials.

When you install an SRM Server, you must choose either credential-based authentication or custom certificate-based authentication. By default, SRM uses credential-based authentication, but custom certificate-based authentication can alternatively be selected. The authentication method you choose when installing the SRM Server is used to authenticate connections between the SRM Server instances at the protected and recovery sites, and between SRM and vCenter Server.

IMPORTANT You cannot mix authentication methods between SRM Server instances at different sites and between SRM and vCenter Server.

Credential-Based Authentication

This is the default authentication method that SRM uses. If you are using credential-based authentication, SRM stores a user name and password that you specify during installation, and then uses those credentials when connecting to vCenter Server. SRM also creates a special-purpose certificate for its own use. This certificate includes additional information that you supply during installation.

NOTE Even though SRM creates and uses this special-purpose certificate when you choose credential-based authentication, credential-based authentication is not equivalent to certificate-based authentication in either security or operational simplicity.

Custom Certificate-Based Authentication

If you have or can acquire a PKCS#12 certificate signed by a trusted authority, use custom certificate-based authentication. Public key certificates signed by a trusted authority streamline many SRM operations and provide the highest level of security. Custom certificates that SRM uses have special requirements. See

“Requirements When Using Public Key Certificates with SRM,” on page 28.

If you use custom certificate-based authentication, you must use certificates signed by trusted authority on the vCenter Server and SRM Server instances on both the protected site and the recovery site.

Certificate Warnings

If you are using credential-based authentication, attempts by the SRM Server to connect to vCenter Server produce a certificate warning because the trust relationship asserted by the special-purpose certificates created by SRM and vCenter Server cannot be verified by SSL. A warning allows you to verify the thumbprint of the certificate used by the other server and confirm its identity. To avoid these warnings, use certificate-based authentication and obtain your certificate from a trusted certificate authority.

VMware, Inc.

Site Recovery Manager Installation and Configuration

Requirements When Using Public Key Certificates with SRM

If you installed SSL certificates issued by a trusted certificate authority (CA) on the vCenter Server that supports SRM, the certificates you create for use by SRM must meet specific criteria.

While SRM uses standard PKCS#12 certificate for authentication, it places a few specific requirements on the contents of certain fields of those certificates. These requirements apply to the certificates used by both members of an SRM Server pair.

NOTE The certificate requirements for vSphere Replication differ from those of SRM. If you use vSphere Replication with public key certificates, see “Requirements When Using a Public Key Certificate

with vSphere Replication,” on page 59.

The certificates must have a Subject Name value constructed from the following components.

A Common Name (CN) attribute, the value of which must be the same for both members of the

pair. A string such as SRM is appropriate here.

An Organization (O) attribute, the value of which must be the same as the value of this attribute in

the supporting vCenter Server certificate.

An Organizational Unit (OU) attribute, the value of which must be the same as the value of this

attribute in the supporting vCenter Server certificate.

The certificate used by each member of an SRM Server pair must include a Subject Alternative Name

attribute the value of which is the fully-qualified domain name of the SRM Server host. This value will be different for each member of the SRM Server pair. Because this name is subject to a case-sensitive comparison, use lowercase letters when specifying the name during SRM installation.

If you are using an openssl CA, modify the openssl configuration file to include a line like the

following if the SRM Server host's fully-qualified domain name is srm1.example.com:

subjectAltName = DNS: srm1.example.com

If you are using a Microsoft CA, refer to http://support.microsoft.com/kb/931351 for information on

how to set the Subject Alternative Name.

If both SRM Server and vCenter Server run on the same host machine, you must provide two

certificates, one for SRM and one for vCenter Server. Each certificate must have the Subject Alternative Name attribute set to the fully-qualified domain name of the host machine. Consequently, from a security perspective, it is better to run SRM Server and vCenter Server on different host machines.

The certificate used by each member of an SRM Server pair must include an extendedKeyUsage or

enhancedKeyUsage attribute the value of which is serverAuth, clientAuth. If you are using an openssl

CA, modify the openssl configuration file to include a line like the following:

extendedKeyUsage = serverAuth, clientAuth

The SRM certificate password must not exceed 31 characters.

The SRM certificate key length must be a minimum of 2048-bits.

SRM accepts certificates with MD5RSA and SHA1RSA signature algorithms, but these are not

recommended. Use SHA256RSA or stronger signature algorithms.

NOTE vSphere Replication does not support or accept MD5RSA certificates.

28 VMware, Inc.

Installing SRM 5

You must install an SRM Server at the protected site and also at the recovery site.

SRM requires a vCenter Server instance of the equivelent version at each site before you install SRM Server. The SRM installer must be able to connect with this vCenter Server instance during installation.

After you install the SRM Server instances, you can download the SRM client plug-in from the SRM Server instance by using the Manage Plug-ins menu from your vSphere Client. You use the SRM client plug-in to configure and manage SRM at each site.

Procedure

1 Install the SRM Server on page 29

You must install an SRM Server at the protected site and at the recovery site.

2 Install the SRM Client Plug-In on page 32

To install the SRM client plug-in, you use a vSphere Client to connect to the vCenter Server at the protected or recovery site. You download the plug-in from the SRM Server and enable it in the vSphere Client.

3 Connect to SRM on page 33

You use the vSphere Client to connect to SRM.

4 Connect the Protected and Recovery Sites on page 33

Before you can use SRM, you must connect the protected and recovery sites. The sites must authenticate with each other. This is known as site pairing.

5 Install the SRM License Key on page 34

The SRM Server requires a license key to operate. Install an SRM license key as soon as possible after you install SRM.

6 Modify the Installation of an SRM Server on page 35

To change the information that you supplied when you installed the SRM Server, you can run the SRM installer in modify mode.

7 Repair the Installation of an SRM Server on page 36

You can run the SRM installer in repair mode to repair an SRM Server installation.

Install the SRM Server

You must install an SRM Server at the protected site and at the recovery site.

SRM requires the equivalent version of vCenter Server. You must install the same version of SRM Server and vCenter Server on both sites. You cannot mix SRM and vCenter Server versions across sites.

VMware, Inc.

Site Recovery Manager Installation and Configuration

For environments with a small number of virtual machines to protect, you can run SRM Server and vCenter Server on the same system. For environments that approach the maximum limits of SRM and vCenter Server, install SRM Server on a system that is different from the system on which vCenter Server is installed. If SRM Server and vCenter Server are installed on the same system, administrative tasks might become more difficult to perform in large environments.

If you are upgrading an existing SRM installation, see Chapter 6, “Upgrading SRM,” on page 39.

Prerequisites

Install the same version of vCenter Server as the version of SRM to install.

Configure and start the SRM database service before you install the SRM Server. See Chapter 3,

“Creating the SRM Database,” on page 23.

Download the SRM installation file to a folder on the machine on which to install SRM.

SRM requires a database source name (DSN) for 64-bit open database connectivity (ODBC). You can

create the ODBC system DSN before you run the SRM installer, or you can create the DSN during the installation process. For details about creating the ODBC system DSN, see “Create an ODBC System

DSN for SRM,” on page 24.

Verify that you have the following information:

A user account with sufficient privileges to install SRM. This account is often an Active Directory

domain administrator, but can also be a local administrator.

The fully qualified domain name (FQDN) or IP address of the site’s vCenter Server instance. The

server must be running and accessible during SRM installation. You must use the address format that you use to connect SRM to vCenter Server when you later pair the SRM sites. Using FQDNs is preferred, but if that is not universally possible, use IP addresses for all cases.

The user name and password of the vCenter Server administrator account.

A user name and password for the SRM database.

If you are using certificate-based authentication, the pathname to an appropriate certificate file. See

Chapter 4, “SRM Authentication,” on page 27 and “Requirements When Using Public Key Certificates with SRM,” on page 28.

Procedure

1 Double-click the SRM installer icon, select an installation language, and click OK.

2 Follow the prompts and accept the license agreement.

3 Click Change to change the folder in which to install SRM, select a target volume, and click Next.

The default installation folder for SRM is C:\Program Files\VMware\VMware vCenter Site Recovery

Manager. If you use a different folder, the pathname cannot be longer than 170 characters including the

end slash, and cannot include non-ASCII characters.

4 Select whether to install vSphere Replication and click Next.

If you connect SRM to a vCenter Server instance that is already running vSphere Replication as a registered extension, you must still select the Install vSphere Replication option. Selecting this option installs components that SRM requires to work with vSphere Replication. You can also install vSphere Replication after you install SRM by running the installer again in Repair mode.

30 VMware, Inc.

+ 78 hidden pages