VMware vCenter Site Recovery Manager - 5.5 Administrator’s Guide

Site Recovery Manager Administration

vCenter Site Recovery Manager 5.5

This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.

EN-001112-00

Site Recovery Manager Administration

You can find the most up-to-date technical documentation on the VMware Web site at:

http://www.vmware.com/support/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

docfeedback@vmware.com

Copyright © 2008–2013 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at

http://www.vmware.com/go/patents.

VMware is a registered trademark or trademark of VMware, Inc. in the United States and other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

VMware, Inc.

3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com

2 VMware, Inc.

About VMware vCenter Site Recovery Manager Administration 7

SRM Privileges, Roles, and Permissions 9

How SRM Handles Permissions 10

SRM and the vCenter Server Administrator Role 10

SRM and vSphere Replication Roles 11

Managing Permissions in a Shared Recovery Site Configuration 11

Assign SRM Roles and Permissions 13

SRM Roles Reference 14

vSphere Replication Roles Reference 17

Replicating Virtual Machines 21

How the Recovery Point Objective Affects Replication Scheduling 21

Replicating a Virtual Machine and Enabling Multiple Point in Time Instances 22

Configure Replication for a Single Virtual Machine 22

Configure Replication for Multiple Virtual Machines 24

Replicate Virtual Machines By Using Replication Seeds 25

Reconfigure Replications 26

Stop Replicating a Virtual Machine 27

Creating Protection Groups 29

About Array-Based Protection Groups and Datastore Groups 29

How SRM Computes Datastore Groups 30

Create Array-Based Protection Groups 31

Edit Array-Based Protection Groups 32

Create vSphere Replication Protection Groups 32

Edit vSphere Replication Protection Groups 33

Apply Inventory Mappings to All Members of a Protection Group 33

VMware, Inc.

Creating, Testing, and Running Recovery Plans 35

Testing a Recovery Plan 36

Test Networks and Datacenter Networks 37

Performing a Planned Migration or Disaster Recovery By Running a Recovery Plan 37

Running a Recovery with Forced Recovery 38

Differences Between Testing and Running a Recovery Plan 38

How SRM Interacts with DPM and DRS During Recovery 39

How SRM Interacts with Storage DRS or Storage vMotion 39

Using SRM with Array-Based Replication on Sites with Storage DRS or Storage vMotion 39

Using SRM with vSphere Replication on Sites with Storage DRS or Storage vMotion 40

How SRM Interacts with vSphere High Availability 41

Protecting Microsoft Cluster Server and Fault Tolerant Virtual Machines 41

Site Recovery Manager Administration

Create, Test, and Run a Recovery Plan 42

Create a Recovery Plan 43

Edit a Recovery Plan 43

Suspend Virtual Machines When a Recovery Plan Runs 44

Test a Recovery Plan 44

Clean Up After Testing a Recovery Plan 45

Run a Recovery Plan 45

Recover a Point-in-Time Snapshot of a Virtual Machine 46

Export Recovery Plan Steps 47

View and Export Recovery Plan History 47

Cancel a Test or Recovery 48

Delete a Recovery Plan 48

Reprotecting Virtual Machines After a Recovery 49

How SRM Performs Reprotect 50

Preconditions for Performing Reprotect 51

Reprotect Virtual Machines 51

Reprotect States 52

Restoring the Pre-Recovery Site Configuration By Performing Failback 53

Perform a Failback 54

Customizing a Recovery Plan 57

Recovery Plan Steps 57

Specify the Recovery Priority of a Virtual Machine 58

Creating Custom Recovery Steps 58

Types of Custom Recovery Steps 59

How SRM Handles Custom Recovery Steps 60

Create Top-Level Command Steps 60

Create Top-Level Message Prompt Steps 61

Create Command Steps for Individual Virtual Machines 61

Create Message Prompt Steps for Individual Virtual Machines 62

Guidelines for Writing Command Steps 62

Environment Variables for Command Steps 62

Customize the Recovery of an Individual Virtual Machine 63

Customizing IP Properties for Virtual Machines 65

Customize IP Properties For an Individual Virtual Machine 66

Report IP Address Mappings for Recovery Plans 67

Customizing IP Properties for Multiple Virtual Machines 67

Syntax of the DR IP Customizer Tool 68

Structure of the DR IP Customizer CSV File 69

Modifying the DR IP Customizer CSV File 72

Run DR IP Customizer to Customize IP Properties for Multiple Virtual Machines 77

Advanced SRM Configuration 79

Configure Protection for a Virtual Machine or Template 79

Configure Resource Mappings for a Virtual Machine 80

4 VMware, Inc.

Specify a Nonreplicated Datastore for Swap Files 80

Recovering Virtual Machines Across Multiple Hosts on the Recovery Site 81

Resize Virtual Machine Disk Files During Replication Using Replication Seeds 82

Resize Virtual Machine Disk Files During Replication Without Using Replication Seeds 82

Reconfigure SRM Settings 82

Change Local Site Settings 83

Change Logging Settings 83

Change Recovery Settings 85

Change Remote Site Settings 86

Change the Timeout for the Creation of Placeholder Virtual Machines 86

Change Storage Settings 86

Change Storage Provider Settings 87

Change vSphere Replication Settings 88

Modify Settings to Run Large SRM Environments 89

Contents

Troubleshooting SRM Administration 93

Limitations to Protection and Recovery of Virtual Machines 93

vSphere Replication Limitations 96

SRM Events and Alarms 96

How SRM Monitors Connections Between Sites 96

Configure SRM Alarms 97

SRM Events Reference 97

vSphere Replication Events and Alarms 106

Configure vSphere Replication Alarms 106

List of vSphere Replication Events 106

Collecting SRM Log Files 109

Collect SRM Log Files By Using the SRM Interface 109

Collect SRM Log Files Manually 110

Access the vSphere Replication Logs 112

Manually Access the vSphere Replication Logs 112

Resolve SRM Operational Issues 113

SRM Doubles the Number of Backslashes in the Command Line When Running Callouts 113

Powering on Many Virtual Machines Simultaneously on the Recovery Site Can Lead to Errors 114

LVM.enableResignature=1 Remains Set After a SRM Test Failover 114

Adding Virtual Machines to a Protection Group Fails with an Unresolved Devices Error 115

Configuring Protection fails with Placeholder Creation Error 115

Planned Migration Fails Because Host is in an Incorrect State 116

Recovery Fails with a Timeout Error During Network Customization for Some Virtual

Machines 116

Recovery Fails with Unavailable Host and Datastore Error 117

Reprotect Fails with a vSphere Replication Timeout Error 117

Recovery Plan Times Out While Waiting for VMware Tools 117

Reprotect Fails After Restarting vCenter Server 118

Rescanning Datastores Fails Because Storage Devices are Not Ready 118

Scalability Problems when Replicating Many Virtual Machines with a Short RPO to a Shared

VMFS Datastore on ESXi Server 5.0 119

Application Quiescing Changes to File System Quiescing During vMotion to an Older Host 120

Reconfigure Replication on Virtual Machines with No Datastore Mapping 120

Configuring Replication Fails for Virtual Machines with Two Disks on Different Datastores 121

VMware, Inc. 5

Site Recovery Manager Administration

vSphere Replication RPO Violations 121

vSphere Replication Does Not Start After Moving the Host 122

Unexpected vSphere Replication Failure Results in a Generic Error 122

Generating Support Bundles Disrupts vSphere Replication Recovery 123

Recovery Plan Times Out While Waiting for VMware Tools 123

Index 125

6 VMware, Inc.

About VMware vCenter Site Recovery Manager Administration

VMware vCenter Site Recovery Manager (SRM) is an extension to VMware vCenter Server that delivers a business continuity and disaster recovery solution that helps you plan, test, and run the recovery of vCenter Server virtual machines. SRM can discover and manage replicated datastores, and automate migration of inventory from one vCenter Server instance to another.

Intended Audience

This book is intended for SRM administrators who are familiar with vSphere and its replication technologies, such as host-based replication and replicated datastores. This solution serves the needs of administrators who want to configure protection for their vSphere inventory. It might also be appropriate for users who need to add virtual machines to a protected inventory or to verify that an existing inventory is properly configured for use with SRM.

VMware, Inc.

Site Recovery Manager Administration

8 VMware, Inc.

SRM Privileges, Roles, and

Permissions 1

SRM provides disaster recovery by performing operations for users. These operations involve managing objects, such as recovery plans or protection groups, and performing operations, such as replicating or powering off virtual machines. SRM uses roles and permissions so that only users with the correct roles and permissions can perform operations.

SRM adds several roles to vCenter Server, each of which includes privileges to complete SRM and vCenter Server tasks. You assign roles to users to permit them to complete tasks in SRM.

Privilege

Role

Permission

For information about the roles that SRM adds to vCenter Server and the privileges that users require to complete tasks, see “SRM Roles Reference,” on page 14.

How SRM Handles Permissions on page 10

SRM determines whether a user has permission to perform an operation, such as configuring protection or running the individual steps in a recovery plan. This permission check ensures the correct authentication of the user, but it does not represent the security context in which the operation is performed.

SRM and the vCenter Server Administrator Role on page 10

If a user or user group has the vCenter Server administrator role on a vCenter Server instance when you install SRM, that user or user group obtains all SRM privileges.

The right to perform an action, for example to create a recovery plan or to modify a protection group.

A collection of privileges. Default roles provide the privileges that certain users require to perform a set of SRM tasks, for example users who manage protection groups or perform recoveries. A user can have at most one role on an object, but roles can be combined if the user belongs to multiple groups that all have roles on the object.

A role granted to a particular user or user group on a specific object. A user or user group is also known as a principal. A permission is a combination of a role, an object, and a principal. For example, a permission is the privilege to modify a specific protection group.

VMware, Inc.

SRM and vSphere Replication Roles on page 11

When you install vSphere Replication with SRM, the vCenter Server administrator role inherits all of the SRM and vSphere Replication privileges.

Managing Permissions in a Shared Recovery Site Configuration on page 11

You can configure SRM to use with a shared recovery site. The vCenter Server administrator on the shared recovery site must manage permissions so that each customer has sufficient privileges to configure and use SRM, but no customer has access to resources that belong to another customer.

Site Recovery Manager Administration

Assign SRM Roles and Permissions on page 13

During installation, SRM administrator rights are assigned to the vCenter Server administrator role. At this time, only vCenter Server administrators can log in to SRM, unless they explicitly grant access to other users.

SRM Roles Reference on page 14

SRM includes a set of roles. Each role includes a set of privileges, which allow users with those roles to complete different actions.

How SRM Handles Permissions

SRM performs operations in the security context of the user ID that is used to connect the sites, or in the context of the ID under which the SRM service is running, for example, the local system ID.

After SRM verifies that a user has the appropriate permissions on the target vSphere resources, SRM performs operations on behalf of users by using the vSphere administrator role.

For configuration operations, SRM validates user permissions when the user requests the operation. Operations other than configuration operations require two phases of validation.

1 During configuration, SRM verifies that the user configuring the system has the correct permissions to

complete the configuration on the vCenter Server object. For example, a user must have permission to protect a virtual machine and use resources on a secondary vCenter Server that the recovered virtual machine uses.

2 The user performing the configuration must have the correct permissions to complete the task that they

are configuring. For example, a user must have permissions to run a recovery plan. SRM then completes the task on behalf of the user as a vCenter Server administrator.

As a result, a user who completes a particular task, such as a recovery, does not necessarily require permissions to act on vSphere resources. The role authorizes the action, but the action is performed by SRM acting as an administrator. SRM performs the operations by using the administrator credentials that you provide when you connect the protected and recovery sites.

SRM maintains a database of permissions for internal SRM objects that uses a model similar to the one the vCenter Server uses. SRM verifies its own SRM privileges even on vCenter Server objects. For example, SRM checks for the Resource.Recovery Use permission on the target datastore rather than checking multiple lowlevel permissions, such as Allocate space.

SRM and the vCenter Server Administrator Role

If a user or user group has the vCenter Server administrator role on a vCenter Server instance when you install SRM, that user or user group obtains all SRM privileges.

SRM does not perform verification of roles or permissions after installation. If you assign the vCenter Server administrator role to users or user groups after you install SRM, you must manually assign the SRM roles to those users.

You can assign SRM roles to users or user groups that do not have the vCenter Server administrator role. In this case, those users have permission to perform SRM operations, but they do not have permission to perform all vCenter Server operations.

10 VMware, Inc.

Chapter 1 SRM Privileges, Roles, and Permissions

SRM and vSphere Replication Roles

When you install vSphere Replication with SRM, the vCenter Server administrator role inherits all of the SRM and vSphere Replication privileges.

If you manually assign an SRM role to a user or user group, or if you assign an SRM role to a user or user group that is not a vCenter Server administrator, these users do not obtain vSphere Replication privileges. The SRM roles do not include the privileges of the vSphere Replication roles. For example, the SRM Recovery Administrator role includes the privilege to run recovery plans, including recovery plans that contain vSphere Replication protection groups, but it does not include the privilege to configure vSphere Replication on a virtual machine. The separation of the SRM and vSphere Replication roles allows you to distribute responsibilities between different users. For example, one user with the VRM administrator role is responsible for configuring vSphere Replication on virtual machines, and another user with the SRM Recovery Administrator role is responsible for running recoveries.

In some cases, a user who is not vCenter Server administrator might require the privileges to perform both SRM and vSphere Replication operations. To assign a combination of SRM and vSphere Replication roles to a single user, you can add the user to two user groups.

Example: Assign SRM and vSphere Replication Roles to a User

By creating two user groups, you can grant to a user the privileges of both an SRM role and a vSphere Replication role, without that user being a vCenter Server administrator.

1 Create two user groups.

2 Assign an SRM role to one user group, for example SRM administrator.

3 Assign a vSphere Replication role to the other user group, for example VRM administrator.

4 Add the user to both user groups.

The user has all the privileges of the SRM administrator role and of the VRM administrator role.

Managing Permissions in a Shared Recovery Site Configuration

In the context of a shared recovery site, a customer is the owner of a pair of SRM Server instances. Customers with adequate permissions must be able to access the shared recovery site to create, test, and run the recovery plans for their own protected site. The vCenter Server administrator at the shared recovery site must create a separate user group for each customer. No customer's user accounts can be a member of the vCenter Server Administrators group. The only supported configuration for a shared recovery site is for one organization to manage all of the protected sites and the recovery site.

CAUTION Certain SRM roles allow users to run commands on SRM Server, so you should assign these roles to trusted administrator-level users only. See “SRM Roles Reference,” on page 14 for the list of SRM roles that run commands on SRM Server.

On a shared recovery site, multiple customers share a single vCenter Server instance. In some cases, multiple customers can share a single ESXi host on the recovery site. You can map the resources on the protected sites to shared resources on the shared recovery site. You might share resources on the recovery site if you do not need to keep all of the customers' virtual machines separate, for example if all of the customers belong to the same organization.

VMware, Inc. 11

Site Recovery Manager Administration

You can also create isolated resources on the shared recovery site and map the resources on the protected sites to their own dedicated resources on the shared recovery site. You might use this configuration if you must keep all of the customers' virtual machines separate from each other, for example if all of the customers belong to different organizations.

Guidelines for Sharing Customer Resources

Follow these guidelines when you configure permissions for sharing customer resources on the shared recovery site:

All customers must have read access to all folders of the vCenter Server on the shared recovery site.

Do not give a customer the permission to rename, move, or delete the datacenter or host.

Do not give a customer the permission to create virtual machines outside of the customer’s dedicated

folders and resource pools.

Do not allow a customer to change roles or assign permissions for objects that are not dedicated to the

customer’s own use.

To prevent unwanted propagation of permissions across different organizations’ resources, do not

propagate permissions on the root folder, datacenters, and hosts of the vCenter Server on the shared recovery site.

Guidelines for Isolating Customer Resources

Follow these guidelines when you configure permissions for isolating customer resources on the shared recovery site:

Assign to each customer a separate virtual machine folder in the vCenter Server inventory.

Set permissions on this folder to prevent any other customer from placing their virtual machines in

it. For example, set the Administrator role and activate the propagate option for a customer on that customer's folder. This configuration prevents duplicate name errors that might otherwise occur if multiple customers protect virtual machines that have identical names.

Place all of the customer's placeholder virtual machines in this folder, so that they can inherit its

permissions.

Do not assign permissions to access this folder to other customers.

Assign dedicated resource pools, datastores, and networks to each customer, and configure the

permissions in the same way as for folders.

Viewing Tasks and Events in a Shared Recovery Site Configuration

In the Recent Tasks panel of the vSphere Client, users who have permissions to view an object can see tasks that other users start on that object. All customers can see all of the tasks that other users perform on a shared resource. For example, all users can see the tasks that run on a shared host, datacenter, or the vCenter Server root folder.

Events that all of the instances of SRM Server generate on a shared recovery site have identical permissions. All users who can see events from one instance of SRM Server can see events from all SRM Server instances that are running on the shared recovery site.

12 VMware, Inc.

Assign SRM Roles and Permissions

To allow other users to access SRM, vCenter Server administrators must grant them permissions in the SRM interface. Permission assignments apply on a per-site basis. You must add corresponding permissions on both sites.

SRM requires permissions on vCenter Server objects as well as on SRM objects. To configure permissions on the remote vCenter Server installation, start another instance of the vSphere Client. You can change SRM permissions from the same interface on both sites after you connect the protected and recovery sites.

SRM augments vCenter Server roles and permissions with additional permissions that allow detailed control over SRM specific tasks and operations. For information about the permissions that each SRM role includes, see “SRM Roles Reference,” on page 14.

Procedure

1 Click Sites in the SRM interface, and select the site on which to assign permissions.

2 Click the Permissions tab.

Chapter 1 SRM Privileges, Roles, and Permissions

3 Right-click anywhere in the panel for either the local or remote sites and select Add Permission.

4 Click Add.

5 Identify a user or group for the role.

a From the Domain drop-down menu, select the domain that contains the user or group.

b Enter a user or user group name in the Search text box or select a name from the Name list.

c Click Add and click OK.

6 Select a role from the Assigned Role drop-down menu to assign to the user or user group that you

selected.

The Assigned Role drop-down menu includes all of the roles that vCenter Server and its plug-ins make available. SRM adds several roles to vCenter Server.

Option Action

Allow a user or user group to perform all SRM configuration and administration operations.

Allow a user or user group to manage and modify protection groups and to configure protection on virtual machines.

Allow a user or user group to perform recoveries and test recoveries.

Allow a user or user group to create, modify, and test recovery plans.

Allow a user or user group to test recovery plans.

Assign the SRM Administrator role.

Assign the SRM Protection Groups Administrator role.

Assign the SRM Recovery Administrator role.

Assign the SRM Recovery Plans Administrator role.

Assign the SRM Recovery Test Administrator role.

When you select a role, the hierarchical list displays the privileges that the role includes. Click a privilege in the hierarchical list to see a description of that privilege. You cannot modify the list of privileges that each role includes.

VMware, Inc. 13

Site Recovery Manager Administration

7 Select Propagate to Child Objects to apply the selected role to all of the child objects of the inventory

objects that this role can affect.

For example, if a role contains privileges to modify folders, selecting this option extends the privileges to all the virtual machines in a folder. You might deselect this option to create a more complex hierarchy of permissions. For example, deselect this option to override the permissions that are propagated from the root of a certain node from the hierarchy tree, but without overriding the permissions of the child objects of that node.

8 Click OK to assign the role and its associated privileges to the user or user group.

9 Repeat Step 1 through Step 8 to assign roles and privileges to the users or user groups on the other SRM

site.

You assigned a given SRM role to a user or user group. This user or user group has privileges to perform the actions that the role defines on the objects on the SRM site that you configured.

Example: Combining SRM Roles

You can assign only one role to a user or user group. If a user who is not a vCenter Server administrator requires the privileges of more than one SRM role, you can create multiple user groups. For example, a user might require the privileges to manage recovery plans and to run recovery plans.

1 Create two user groups.

2 Assign the SRM Recovery Plans Administrator role to one group.

3 Assign the SRM Recovery Administrator role to the other group.

4 Add the user to both user groups.

By being a member of groups that have both the SRM Recovery Plans Administrator and the SRM Recovery Administrator roles, the user can manage recovery plans and run recoveries.

SRM Roles Reference

SRM includes a set of roles. Each role includes a set of privileges, which allow users with those roles to complete different actions.

Roles can have overlapping sets of privileges and actions. For example, the SRM Administrator role and the SRM Protection Groups Administrator have the Create privilege for protection groups. With this privilege, the user can complete one aspect of the set of tasks that make up the management of protection groups.

Assign roles to users on SRM objects consistently on both sites, so that protected and recovery objects have identical permissions.

All users must have at least the System.Read privilege on the root folders of vCenter Server and the SRM root nodes on both sites.

14 VMware, Inc.

Table 1‑1. SRM Roles

Role Actions that this Role Permits

SRM Administrator The SRM Administrator grants

permission to perform all SRM configuration and administration operations.

Configure advanced settings.

Configure connections.

Configure inventory

preferences.

Configure placeholder

datastores.

Configure array managers.

Manage protection groups.

Manage recovery plans.

Perform reprotect operations.

Configure protection on

virtual machines.

Edit protection groups.

Remove protection groups.

Users with this role cannot run recoveries. Only users with the SRM Recovery Administrator role can perform recoveries.

Chapter 1 SRM Privileges, Roles, and Permissions

Privileges that this Role Includes

Site Recovery Manager.Advanced Settings.Modify

Site Recovery Manager.Array Manager.Configure

Site Recovery Manager.Diagnostics.Ex port

Site Recovery Manager.Inventory Preferences.Modify

Site Recovery Manager.Placeholder Datastores.Configure

Site Recovery Manager.DiagnosticsEx port

Site Recovery Manager.Protection Group.Assign to Plan

Site Recovery Manager.Protection Group.Create

Site Recovery Manager.Protection Group.Modify

Site Recovery Manager.Protection Group.Remove

Site Recovery Manager.Protection Group.Remove from Plan

Site Recovery Manager.Recovery History .View Deleted Plans

Site Recovery Manager.Recovery Plan.Configure

Site Recovery Manager.Recovery Plan.Create

Site Recovery Manager.Recovery Plan.Modify

Site Recovery Manager.Recovery Plan.Remove

Site Recovery Manager.Recovery Plan.Reprotect

Site Recovery Manager.Recovery Plan.Test

Objects in vCenter Server Inventory that this Role Can Access

Virtual machines

Datastores

vCenter Server folders

Resource pools

SRM service instances

Networks

SRM folders

Protection groups

Recovery plans

Array managers

VMware, Inc. 15

Site Recovery Manager Administration

Table 1‑1. SRM Roles (Continued)

Role Actions that this Role Permits

SRM Protection Groups Administrator

SRM Recovery Administrator

The SRM Protection Groups Administrator role allows users to manage protection groups.

Create protection groups.

Modify protection groups.

Add virtual machines to

protection groups.

Delete protection groups.

Configure protection on

virtual machines.

Remove protection from

virtual machines.

Users with this role cannot perform or test recoveries or create or modify recovery plans.

The SRM Recovery Administrator role allows users to perform recoveries and reprotect operations.

Remove protection groups

from recovery plans.

Test recovery plans.

Run recovery plans.

Run reprotect operations.

Configure custom command

steps on virtual machines.

View deleted recovery plans.

Edit virtual machine recovery

properties.

Users with this role cannot configure protection on virtual machines, or create or modify recovery plans.

Privileges that this Role Includes

Site Recovery Manager.Remote Site.Modify

Datastore.Replication.P rotect

Datastore.Replication.U nprotect

Resource.Recovery Use

Virtual Machine. SRM Protection.Protect

Virtual Machine. SRM Protection.Stop

Site Recovery Manager.Protection Group.Create

Site Recovery Manager.Protection Group.Modify

Site Recovery Manager.Protection Group.Remove

Datastore.Replication.P rotect

Datastore.Replication.U nprotect

Resource.Recovery Use

Virtual Machine. SRM Protection.Protect

Virtual Machine. SRM Protection.Stop

Site Recovery Manager.Protection Group.Remove from plan

Site Recovery Manager.Recovery Plan.Modify

Site Recovery Manager.Recovery Plan.Test

Site Recovery Manager.Recovery Plan.Recovery

Site Recovery Manager.Recovery Plan.Reprotect

Site Recovery Manager.Recovery Plan.Configure commands

Site Recovery Manager.Recovery History.View deleted plans

Objects in vCenter Server Inventory that this Role Can Access

SRM folders

Protection groups

Recovery plans

SRM service instances

16 VMware, Inc.

Table 1‑1. SRM Roles (Continued)

Role Actions that this Role Permits

SRM Recovery Plans Administrator

SRM Test Administrator

The SRM Recovery Plans Administrator role allows users to create and test recovery plans.

Add protection groups to

recovery plans.

Remove protection groups

from recovery plans.

Configure custom command

steps on virtual machines.

Create recovery plans.

Test recovery plans.

Cancel recovery plan tests.

Edit virtual machine recovery

properties.

Users with this role cannot configure protection on virtual machines, or perform recoveries or reprotect operations.

The SRM Test Administrator role only allows users to test recovery plans.

Test recovery plans.

Cancel recovery plan tests.

Edit virtual machine recovery

properties.

Users with this role cannot configure protection on virtual machines, create protection groups or recovery plans, or perform recoveries or reprotect operations.

Chapter 1 SRM Privileges, Roles, and Permissions

Privileges that this Role Includes

Site Recovery Manager.Protection Group.Assign to plan

Site Recovery Manager.Protection Group.Remove from plan

Site Recovery Manager.Recovery Plan.Configure Commands

Site Recovery Manager.Recovery Plan.Create

Site Recovery Manager.Recovery Plan.Modify

Site Recovery Manager.Recovery Plan.Remove

Site Recovery Manager.Recovery Plan.Test

Resource.Recovery Use

Site Recovery Manager.Recovery Plan.Modify

Site Recovery Manager.Recovery Plan.Test

Objects in vCenter Server Inventory that this Role Can Access

Protection groups

Recovery plans

vCenter Server folders

Datastores

Resource pools

Networks

Recovery plans

vSphere Replication Roles Reference

vSphere Replication includes a set of roles. Each role includes a set of privileges, which enable users with those roles to complete different actions.

NOTE When assigning permissions with no propagation, make sure that you have at least Read-only permission on all parent objects.

VMware, Inc. 17

Site Recovery Manager Administration

Table 1‑2. vSphere Replication Roles

Role Actions that this Role Permits Privileges that this Role Includes

VRM replication viewer

VRM virtual machine replication user

Requires a corresponding user with the same role on the target site and additionally vSphere Replication target datastore user role on the target datacenter, or datastore folder or each target datastore.

View replications.

Cannot change replication parameters.

View replications.

Manage datastores.

Configure and unconfigure replications.

Manage and monitor replications.

VRM remote.View VR

VRM remote.View VRM

VRM datastore mapper.View

Host.vSphere Replication.Manage replication

Virtual machine.vSphere Replication.Monitor replication

Datastore.Browse Datastore

VRM remote.View VR

VRM remote.View VRM

VRM datastore mapper.Manage

VRM datastore mapper.View

Host.vSphere Replication.Manage replication

Virtual machine.vSphere Replication.Configure replication

Virtual machine.vSphere Replication.Manage replication

Virtual machine.vSphere Replication.Monitor replication

Objects in vCenter Server Inventory that this Role Can Access

vCenter Server root folder with propagation, at source site (outgoing replications) and target site (incoming replications).

Alternatively, vCenter Server root folder without propagation on both sites and virtual machine without propagation on the source site.

vCenter Server root folder with propagation on both sites.

Alternatively, vCenter Server root folder without propagation on both sites, virtual machine without propagation on the source site, source datastores without propagation on the source site.

18 VMware, Inc.

Chapter 1 SRM Privileges, Roles, and Permissions

Table 1‑2. vSphere Replication Roles (Continued)

Role Actions that this Role Permits Privileges that this Role Includes

VRM administrator

VRM diagnostics

Incorporates all vSphere Replication privileges.

Generate, retrieve, and delete log bundles.

VRM remote.Manage VR

VRM remote.View VR

VRM remote.Manage VRM

VRM remote.View VRM

VRM datastore mapper.Manage

VRM datastore mapper.View

VRM diagnostics .Manage

VRM session .Terminate

Datastore.Browse datastore

Datastore.Low level file operations

Host.vSphere Replication.Manage replication

Resource.Assign virtual machine to resource pool

Virtual machine.Configuration.Add existing disk

Virtual machine.Configuration.Add or remove device

Virtual machine.Interaction.Power On

Virtual machine.Interaction.Device connection

Virtual machine.Inventory.Register

Virtual machine.vSphere Replication.Configure replication

Virtual machine.vSphere Replication.Manage replication

Virtual machine.vSphere Replication.Monitor replication

VRM remote.View VR

VRM remote.View VRM

VRM diagnostics .Manage

Objects in vCenter Server Inventory that this Role Can Access

vCenter Server root folder with propagation on both sites.

Alternatively, vCenter Server root folder without propagation on both sites, virtual machine without propagation on the source site, target datastore, target virtual machine folder with propagation on the target site, target host or cluster with propagation on the target site.

vCenter Server root folder on both sites.

VMware, Inc. 19

Site Recovery Manager Administration

Table 1‑2. vSphere Replication Roles (Continued)

Role Actions that this Role Permits Privileges that this Role Includes

VRM target datastore user

VRM virtual machine recovery user

Configure and reconfigure replications.

Used on target site in combination with the VRM virtual machine replication user role on both sites.

Recover virtual machines. Datastore.Browse datastore

Datastore.Browse datastore

Datastore.Low level file operations

Host.vSphere Replication.Manage replication

Virtual machine.Configuration.Add existing disk

Virtual machine.Configuration.Add or remove device

Virtual machine.Interaction.Power On

Virtual machine.Interaction.Device connection

Virtual machine.Inventory.Register

Resource.Assign virtual machine to resource pool

Objects in vCenter Server Inventory that this Role Can Access

Datastore objects on target site, or datastore folder with propagation at target site, or target datacenter with propagation.

Secondary vCenter Server root folder with propagation.

Alternatively, secondary vCenter Server root folder without propagation, target datastore without propagation, target virtual machine folder with propagation, target host or cluster with propagation.

20 VMware, Inc.

Replicating Virtual Machines 2

Before you create protection groups, you must configure replication on the virtual machines to protect.

You can replicate virtual machines by using either array-based replication, vSphere Replication, or a combination of both.

This information concerns replication using vSphere Replication. To configure array-based replication on virtual machines, consult the documentation from your storage array manager (SRA) vendor.

This chapter includes the following topics:

“How the Recovery Point Objective Affects Replication Scheduling,” on page 21

“Replicating a Virtual Machine and Enabling Multiple Point in Time Instances,” on page 22

“Configure Replication for a Single Virtual Machine,” on page 22

“Configure Replication for Multiple Virtual Machines,” on page 24

“Replicate Virtual Machines By Using Replication Seeds,” on page 25

“Reconfigure Replications,” on page 26

“Stop Replicating a Virtual Machine,” on page 27

How the Recovery Point Objective Affects Replication Scheduling

The Recovery Point Objective (RPO) value you set during replication configuration affects replication scheduling.

If you set an RPO of x minutes, the latest available replication instance can never reflect a state that is older than x minutes. A replication instance reflects the state of a virtual machine at the time the replication starts.

You set the RPO during replication configuration to 15 minutes. If the replication starts at 12:00 and it takes five minutes to transfer to the target site, the instance becomes available on the target site at 12:05, but it reflects the state of the virtual machine at 12:00. The next replication can start no later than 12:10. This replication instance is then available at 12:15 when the first replication instance that started at 12:00 expires.

If you set the RPO to 15 minutes and the replication takes 7.5 minutes to transfer an instance, vSphere Replication transfers an instance all the time. If the replication takes more than 7.5 minutes, the replication encounters periodic RPO violations. For example, if the replication starts at 12:00 and takes 10 minutes to transfer an instance, the replication finishes at 12:10. You can start another replication immediately, but it finishes at 12:20. During the time interval 12:15-12:20, an RPO violation occurs because the latest available instance started at 12:00 and is too old.

VMware, Inc.

vSphere Web Client

VR Appliance

VM VM VM

t3t2

vSphere Web Client

VR Appliance

Replication

Source Site

Target Site

Site Recovery Manager Administration

The replication scheduler tries to satisfy these constraints by overlapping replications to optimize bandwidth use and might start replications for some virtual machines earlier than expected.

To determine the replication transfer time, the replication scheduler uses the duration of the last few instances to estimate the next one.

Replicating a Virtual Machine and Enabling Multiple Point in Time Instances

You can recover virtual machines at specific points in time (PIT) such as the last known consistent state.

NOTE You cannot use the SRM interface to configure replication that uses point in time (PIT) snapshots. To enable PIT snapshots, configure replication of a virtual machine by using the vSphere Web Client. See

Configure Replication for a Single Virtual Machine in vSphere Replication Administration.

When you configure replication of a virtual machine, you can enable multiple point in time (PIT) instances in the recovery settings in the Configure Replication wizard. vSphere Replication retains instances of the virtual machine on the target site based on the number of retention policy that you specify. vSphere Replication supports maximum of 24 instances. After you recover a virtual machine, you can revert it to a specific snapshot.

During replication, vSphere Replication replicates all aspects of the virtual machine to the target site, including any potential viruses and corrupted applications. If a virtual machine suffers from a virus or corruption and you have configured vSphere Replication to keep PIT snapshots, you can recover the virtual machine and then revert it to a snapshot of the virtual machine in its uncorrupted state.

You can also use the PIT instances to recover the last known good state of a database.

NOTE vSphere Replication does not replicate virtual machine snapshots.

Figure 2‑1. Recovering a Virtual Machine at Points in Time (PIT)

SRM only recovers the most recent PIT snapshot during a recovery. To recover older snapshots, you must enable the vrReplication > preserveMpitImagesAsSnapshots option in Advanced Settings in the SRM interface. See “Change vSphere Replication Settings,” on page 88.

To recover a virtual machine from an older PIT snapshot, you must manually revert the virtual machine to that snapshot after the recovery. See “Recover a Point-in-Time Snapshot of a Virtual Machine,” on page 46.

Configure Replication for a Single Virtual Machine

vSphere Replication can protect individual virtual machines and their virtual disks by replicating them to another location.

22 VMware, Inc.

When you configure replication, you set a recovery point objective (RPO) to determine the period of time between replications. For example, an RPO of 1 hour seeks to ensure that a virtual machine loses no more than 1 hour of data during the recovery. For smaller RPOs, less data is lost in a recovery, but more network bandwidth is consumed keeping the replica up to date.

Chapter 2 Replicating Virtual Machines

Every time that a virtual machine reaches its RPO target, vSphere Replication records approximately 3800 bytes of data in the vCenter Server events database. If you set a low RPO period, this can quickly create a large volume of data in the database. To avoid creating large volumes of data in the vCenter Server events database, limit the number of days that vCenter Server retains event data. See Configure Database Retention Policy in the vCenter Server and Host Management Guide. Alternatively, set a higher RPO value.

Configure Replication for a Single Virtual Machine in vSphere Replication Administration.

vSphere Replication guarantees crash consistency amongst all the disks that belong to a virtual machine. If you use VSS quiescing, you might obtain a higher level of consistency. The available quiescing types are determined by the virtual machine's operating system. See Compatibility Matrixes for vSphere Replication

5.5 for Microsoft Volume Shadow Copy Service (VSS) quiescing support for Windows virtual machines.

You can configure virtual machines to replicate to a Virtual SAN datastore on the target site. See Using

vSphere Replication with Virtual SAN in Site Recovery Manager Installation and Configuration for the

limitations when using vSphere Replication with Virtual SAN.

NOTE vSphere 5.5 includes Virtual SAN as an experimental feature. You can perform testing with Virtual SAN, but it is not supported for use in a production environment. See the release notes for this release for information about how to enable Virtual SAN.

Prerequisites

Verify that you have deployed and connected vSphere Replication appliances and SRM Server instances at each site.

Procedure

1 On the vSphere Client Home page, click VMs and Templates.

2 Browse the inventory to find the single virtual machine to replicate using vSphere Replication.

3 Right-click the virtual machine and select vSphere Replication.

4 Use the RPO slider or enter a value to configure the maximum amount of data that can be lost in the

case of a site failure.

The available RPO range is from 15 minutes to 24 hours.

5 Select a Guest OS Quiescing configuration, if applicable to the source virtual machine operating system.

6 If no target file location is specified or to override the default determined by the datastore mappings,

click Browse to select a target location for the virtual machine.

Option Description

Place virtual machine in a datastore directly

Place virtual machine in a specific folder in a datastore

Select a datastore and click OK.

Select Specify datastore folder, click Browse to locate the folder, then double-click the desired folder.

VMware, Inc. 23

Site Recovery Manager Administration

7 Select a replication destination for each media device for the virtual machine.

The next pages are created dynamically depending on the media devices installed on the virtual machine. They might include multiple virtual drives, all of which you can configure individually. Configurable settings include whether the virtual drive is replicated, the virtual drive's replication destination, and information about how the replicated virtual drive is configured. If the disk is to be replicated, select a replication destination for the disk before proceeding.

8 Accept the automatic assignment of a vSphere Replication server or select a particular server on the

target site.

9 Review the settings and click Finish to establish replication.

Configure Replication for Multiple Virtual Machines

You can configure replication for multiple virtual machines using the multi-VM configure replication wizard.

NOTE You cannot use the SRM interface to configure replications that use point in time (PIT) snapshots. To enable PIT snapshots, configure replication of virtual machines by using the vSphere Web Client. See

Configure Replication for Multiple Virtual Machines in vSphere Replication Administration.

5.5 for Microsoft Volume Shadow Copy Service (VSS) quiescing support for Windows virtual machines.

You can configure virtual machines to replicate to a Virtual SAN datastore on the target site. See Using

vSphere Replication with Virtual SAN in Site Recovery Manager Installation and Configuration for the

limitations when using vSphere Replication with Virtual SAN.

Prerequisites

To replicate virtual machines using vSphere Replication, you must deploy the vSphere Replication appliance at the source and target sites. You must power on the virtual machines to begin replication.

Before you replicate multiple machines, configure datastore mappings in the SRM user interface. You configure the mappings so that information is available to SRM regarding the target datastore destinations for replication.

Procedure

1 On the vSphere Web Client Home page, click VMs and Templates.

24 VMware, Inc.

Chapter 2 Replicating Virtual Machines

2 Select a folder or datacenter in the left pane and click the Virtual Machines tab.

3 Select the virtual machines to replicate using the Ctrl or Shift keys.

4 Right-click the virtual machines and select vSphere Replication.

5 Use the RPO slider or enter a value to configure the maximum amount of data that can be lost in the

case of a site failure.

The available RPO range is from 15 minutes to 24 hours.

6 Select a Guest OS Quiescing configuration, if applicable to the source virtual machine operating system.

7 (Optional) Choose whether to enable Initial copies of .vmdk files have been placed on the target

datastore.

Select this option if you have physically copied VMDK files to the target site for use as replication seeds. SRM uses datastore mappings and source virtual machine information to find and use initial copies. SRM shows progress and status as it searches for initial copies. You can stop the search process or start it again.

8 Accept the automatic assignment of a vSphere Replication server or select a particular server on the

target site.

9 Review the settings and click Finish to establish replication.

10 Select the vSphere Replication view in the SRM interface.

11 Select the remote vSphere Replication site and click the Virtual Machines tab.

If you have configured the datastore mappings for vSphere Replication, the virtual machines synchronize with the target site.

What to do next

If you did not configure the datastore mappings for vSphere Replication before configuring replication, the virtual machines appear in red with the status Datastore mappings were not configured. Reconfigure vSphere Replication on the virtual machines manually.

Replicate Virtual Machines By Using Replication Seeds

You can make the initial replication of VDMK files more efficient by physically moving files onto a storage device. vSphere Replication uses the physically moved files as replication seeds.

You might need to use replication seeds if it is not practical to copy the files over the network because the amount of data is too large, the bandwidth available is too small, or some combination of the two.

When replicating virtual machines, ensure that virtual machines are replicated to subdirectories in datastores. Copied disks work if the transfer method preserves the identity information stored in the VMDK file.

Prerequisites

You deployed the vSphere Replication appliance at both sites.

You paired the SRM Server instances at each site, and you paired the vSphere Replication appliances.

Power off the source virtual machine before downloading the VMDK files to use as seeds for the

replication. Replication begins when the virtual machine is powered on.

Procedure

1 Use the vSphere Client to connect to a vCenter Server that can manage the virtual machines to be

physically moved.

2 Click Datastores.

VMware, Inc. 25

Site Recovery Manager Administration

3 In the left pane, browse to the datastore that contains the files for the virtual machine, select the

datastore, and in the right pane, click Browse this datastore.

4 Select the folders for all virtual machines to be physically moved, right-click the selection, and click

Download.

5 Select a destination to which to copy the files and click OK.

6 Click Yes.

7 After the download finishes, transfer the files to a location on the paired site to upload them.

8 On the vSphere Client Home page at the paired site, click Datastores.

9 In the left pane, browse to the datastore to contain the files for the virtual machine, select the datastore,

and in the right pane, click Browse this datastore.

10 Select the folder to contain the copies of the virtual machines, right-click the selection, and click Upload

Folder.

11 Select the folder containing the virtual machines, and click OK.

12 On the protected site, right-click the virtual machine to replicate and select vSphere Replication.

13 Set the recovery point objective and target file location as normal and click Next.

14 Click Browse in the Target Disk File Location panel.

15 Select the target datastore, select the Specify datastore folder check box, and click Browse.

16 Select the target datastore and click Open.

17 Select the datastore folder that contains the seed files, change the file type to All Files, select the VMDK

file to use as a replication seed, and click OK.

18 Click Yes to confirm that you want to use this file as an initial copy.

19 Follow the prompts to select a vSphere Replication server and click Finish to complete the

configuration.

Reconfigure Replications

You can reconfigure the replication to enable or disable a virtual machine disk file for replication, modify replication options, such as RPO or the quiescing method. You can also specify a different target datastore for replica configuration and disk files and move the virtual machine to a different vSphere Replication server.

Prerequisites

You configured vSphere Replication on one or more virtual machines.

Procedure

1 Select the vSphere Replication view of the SRM interface.

2 Select a vSphere Replication server and click the Virtual Machines tab.

3 Select a virtual machine or use the Ctrl or Shift keys to select multiple virtual machines, right-click and

select Configure Replication.

4 (Optional) Use the RPO slider or enter a value to reconfigure the maximum amount of data that can be

lost in the case of a site failure.

The available RPO range is from 15 minutes to 24 hours.

5 (Optional) Change the Guest OS Quiescing configuration, if applicable to the virtual machine guest

operating system

26 VMware, Inc.

6 (Optional) Change the target location for the virtual machine files.

Option Description

Reconfigure replication of a single virtual machine

Reconfigure replication of multiple virtual machines

Click Browse to change the target location for the virtual machine files.

Select Initial copies of .vmdk files have been placed on the target datastore if you have copied replication seeds to a new target datastore.

7 (Optional) Change the replication destination for each media device for the virtual machine.

8 (Optional) Select a different vSphere Replication server to manage the replication of this virtual

machine.

9 Review the settings and click Finish to establish replication.

Stop Replicating a Virtual Machine

Chapter 2 Replicating Virtual Machines

If you do not need to replicate a virtual machine, you can stop the replication of that virtual machine.

Stopping replication of a virtual machine does not remove it from any protection groups of which it is a member.

Prerequisites

You have configured vSphere Replication on a virtual machine that you no longer need to protect.

Procedure

1 Select the vSphere Replication view of the SRM interface.

2 Select a vSphere Replication server and click the Virtual Machines tab.

3 Select a virtual machine and click Remove Replication.

4 Click Yes to confirm that you want to stop replicating this virtual machine.

5 Select the Protection Groups view of the SRM interface.

6 Select the protection group of which the virtual machine is a member, and click the Virtual Machines

tab.

7 Select the virtual machine on which you stopped replication and click Remove Protection.

8 Click Yes to confirm that you want to stop protecting this virtual machine.

The virtual machine does not replicate to the target site.

The virtual machine is no longer included in a protection group.

VMware, Inc. 27

Site Recovery Manager Administration

28 VMware, Inc.

Creating Protection Groups 3

After you configure a replication solution, you can create protection groups. A protection group is a collection of virtual machines and templates that you protect together by using SRM.

You include one or more protection groups in each recovery plan. A recovery plan specifies how SRM recovers the virtual machines in the protection groups that it contains.

You must configure the virtual machines in a protection group so that SRM can add them to the vCenter Server inventory at the recovery site.

You configure virtual machines and create protection groups differently depending on whether you use array-based replication or vSphere Replication. You cannot create protection groups that combine virtual machines for which you configured array-based replication with virtual machines for which you configured vSphere Replication. However, you can include array-based protection groups and vSphere Replication protection groups in the same recovery plan.

About Array-Based Protection Groups and Datastore Groups on page 29

When you create a protection group for array-based replication, you specify array information and then SRM computes the set of virtual machines into a datastore group. Datastore groups contain all the files of the protected virtual machines.

Create vSphere Replication Protection Groups on page 32

You can create protection groups that contain virtual machines that vSphere Replication protects.

Apply Inventory Mappings to All Members of a Protection Group on page 33

If you add virtual machines to a protection group, or if virtual machines lose their protection, you can configure protection for all unconfigured virtual machines by using the existing inventory mappings, in one step.

About Array-Based Protection Groups and Datastore Groups

You can add virtual machines to a protection group by creating them on one of the datastores that belong to the datastore groups that SRM associates with the protection group. You can also add virtual machines to the protection group by using Storage vMotion to move their storage to one of the datastores in the datastore group. You can remove a member from a protection group by moving the virtual machine's files to another datastore.

If you disable protection on a virtual machine, you must move the files of that virtual machine to an unprotected datastore. If you leave the files of an unprotected virtual machine in a protected datastore, recovery fails for all the virtual machines in that datastore.

VMware, Inc.

Site Recovery Manager Administration

To configure array-based replication, you must assign each virtual machine to a resource pool, folder, and network that exist at the recovery site. You can specify defaults for these assignments by selecting inventory mappings. SRM applies inventory mappings when you create the protection group. If you do not specify inventory mappings, you must configure them individually for each member of the protection group. SRM does not protect virtual machines that you did not configure or that you incorrectly configured for replication, even if they reside on a protected datastore.

If your storage array supports consistency groups, SRM is compatible with vSphere Storage DRS and vSphere Storage vMotion. You can use Storage DRS and Storage vMotion to move virtual machine files within a consistency group that SRM protects. If your storage array does not support consistency groups, you cannot use Storage DRS and Storage vMotion in combination with SRM.

How SRM Computes Datastore Groups on page 30

SRM determines the composition of a datastore group by the set of virtual machines that have files on the datastores in the group, and by the devices on which those datastores are stored.

Create Array-Based Protection Groups on page 31

You create array-based protection groups to enable the protection of virtual machines in datastore groups that you configure to use array-based replication.

Edit Array-Based Protection Groups on page 32

You can change the name and description of an array-based protection group and add or remove datastore groups that are part of the protection group.

How SRM Computes Datastore Groups

SRM determines the composition of a datastore group by the set of virtual machines that have files on the datastores in the group, and by the devices on which those datastores are stored.

When you use array-based replication, each storage array supports a set of replicated datastores. On storage area network (SAN) arrays that use connection protocols such as Fibre Channel and iSCSI, these datastores are called logical storage units (LUN) and are composed of one or more physical datastores. On network file system (NFS) arrays, the replicated datastores are typically referred to as volumes. In every pair of replicated storage devices, one datastore is the replication source and the other is the replication target. Data written to the source datastore is replicated to the target datastore on a schedule controlled by the replication software of the array. When you configure SRM to work with an SRA, the replication source is at the protected site and the replication target is at the recovery site.

A datastore provides storage for virtual machine files. By hiding the details of physical storage devices, datastores simplify the allocation of storage capacity and provide a uniform model for meeting the storage needs of virtual machines. Because any datastore can span multiple devices, SRM must ensure that all devices backing the datastore are replicated before it can protect the virtual machines that use that datastore. SRM must ensure that all datastores containing protected virtual machine files are replicated. During a recovery or test, SRM must handle all such datastores together.

To achieve this goal, SRM aggregates datastores into datastore groups to accommodate virtual machines that span multiple datastores. SRM regularly checks that datastore groups contain all necessary datastores to provide protection for the appropriate virtual machines. When necessary, SRM recalculates datastore groups. For example, this can occur when you add new devices to a virtual machine, and you store those devices on a datastore that was not previously a part of the datastore group.

A datastore group consists of the smallest set of datastores required to ensure that if any of a virtual machine's files is stored on a datastore in the group, all of the virtual machine's files are stored on datastores that are part of the same group. For example, if a virtual machine has disks on two different datastores, then SRM combines both datastores into a datastore group. SRM also combines devices into datastore groups according to set criteria.

A virtual machine has files on two different datastores.

30 VMware, Inc.

+ 98 hidden pages