VMware vCenter Site Recovery Manager - 6.1 Administrator’s Guide

Site Recovery Manager Administration

Site Recovery Manager 6.1

This document supports the version of each product listed and
supports all subsequent versions until the document is
replaced by a new edition. To check for more recent editions
of this document, see http://www.vmware.com/support/pubs.

EN-001772-01

Site Recovery Manager Administration

You can find the most up-to-date technical documentation on the VMware Web site at:

http://www.vmware.com/support/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

docfeedback@vmware.com

Copyright © 2008–2015 VMware, Inc. All rights reserved. Copyright and trademark information.

VMware, Inc.

3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com

2 VMware, Inc.

Contents

About VMware Site Recovery Manager Administration 7

Updated Information 9

Site Recovery Manager Privileges, Roles, and Permissions 11

1

How Site Recovery Manager Handles Permissions 12

Site Recovery Manager and the vCenter Server Administrator Role 13

Site Recovery Manager and vSphere Replication Roles 13

Managing Permissions in a Shared Recovery Site Configuration 14

Assign Site Recovery Manager Roles and Permissions 15

Site Recovery Manager Roles Reference 17

Replicating Virtual Machines 23

2

Using Array-Based Replication with Site Recovery Manager 23

Configure Array-Based Replication 24

Using vSphere Replication with Site Recovery Manager 28

Replicating a Virtual Machine and Enabling Multiple Point in Time Instances 29

Using Array-Based Replication and vSphere Replication with Site Recovery Manager 30

Configuring Mappings 33

3

Inventory Mappings for Array-Based Replication Protection Groups and vSphere Replication

Protection Groups 34

Inventory Mappings for Storage Policy Protection Groups 34

Configure Temporary Placeholder Mappings 35

Users Gain Access to Virtual Machines After Configuring Temporary Placeholder Mappings 37

Configure Inventory Mappings 37

About Storage Policy Mappings 39

Select Storage Policy Mappings 39

VMware, Inc.

About Placeholder Virtual Machines 41

4

What Happens to Placeholder Virtual Machines During Recovery 42

Select a Placeholder Datastore 43

Creating and Managing Protection Groups 45

5

About Array-Based Replication Protection Groups and Datastore Groups 46

How Site Recovery Manager Computes Datastore Groups 46

About vSphere Replication Protection Groups 47

About Storage Policy Protection Groups 48

Prerequisites for Storage Policy Protection Groups 49

Limitations of Storage Policy Protection Groups 50

Storage Policy Protection Groups and Periodic Polling 52

3

Site Recovery Manager Administration

Storage Policy Protection Groups and Nonprotected Virtual Machines 52

Create Protection Groups 53

Organize Protection Groups in Folders 55

Add or Remove Datastore Groups or Virtual Machines to or from a Protection Group 56

Apply Inventory Mappings to All Members of a Protection Group 57

Configure Inventory Mappings for an Individual Virtual Machine in a Protection Group 58

Modifying the Settings of a Protected Virtual Machine 59

Remove Protection from a Virtual Machine 60

Protection Group Status Reference 61

Virtual Machine Protection Status Reference 62

Creating, Testing, and Running Site Recovery Manager Recovery Plans 65

6

Testing a Recovery Plan 66

Test Networks and Datacenter Networks 67

Performing a Planned Migration or Disaster Recovery By Running a Recovery Plan 67

Running a Recovery with Forced Recovery 68

Differences Between Testing and Running a Recovery Plan 69

Performing Test Recovery of Virtual Machines Across Multiple Hosts on the Recovery Site 70

Create, Test, and Run a Recovery Plan 70

Create a Recovery Plan 71

Organize Recovery Plans in Folders 71

Edit a Recovery Plan 72

Test a Recovery Plan 72

Clean Up After Testing a Recovery Plan 73

Run a Recovery Plan 74

Recover a Point-in-Time Snapshot of a Virtual Machine 75

Cancel a Test or Recovery 76

Export Recovery Plan Steps 76

View and Export a Recovery Plan History 77

Delete a Recovery Plan 77

Recovery Plan Status Reference 77

Configuring a Recovery Plan 81

7

Recovery Plan Steps 81

Creating Custom Recovery Steps 82

Types of Custom Recovery Steps 83

How Site Recovery Manager Handles Custom Recovery Step Failures 84

Create Top-Level Message Prompts or Command Steps 84

Create Message Prompts or Command Steps for Individual Virtual Machines 85

Guidelines for Writing Command Steps 86

Environment Variables for Command Steps 86

Suspend Virtual Machines When a Recovery Plan Runs 87

Specify the Recovery Priority of a Virtual Machine 88

Configure Virtual Machine Dependencies 88

Enable vSphere vMotion for Planned Migration 89

Configure Virtual Machine Startup and Shutdown Options 90

Limitations to Protection and Recovery of Virtual Machines 91

4 VMware, Inc.

Customizing IP Properties for Virtual Machines 93

8

Manually Customize IP Properties For an Individual Virtual Machine 94

Customizing IP Properties for Multiple Virtual Machines 95

Customizing IP Properties for Multiple Virtual Machines By Using the DR IP Customizer Tool 95

Customize IP Properties for Multiple Virtual Machines by Defining IP Customization Rules 109

Contents

Reprotecting Virtual Machines After a Recovery 111

9

How Site Recovery Manager Reprotects Virtual Machines with Array Based Replication 112

How Site Recovery Manager Reprotects Virtual Machines with vSphere Replication 113

How Site Recovery Manager Reprotects Virtual Machines with Storage Policy Protection 113

Preconditions for Performing Reprotect 114

Reprotect Virtual Machines 115

Reprotect States 115

Restoring the Pre-Recovery Site Configuration By Performing Failback 117

10

Perform a Failback 118

Interoperability of Site Recovery Manager with Other Software 121

11

Site Recovery Manager and vCenter Server 122

Using Site Recovery Manager with VMware Virtual SAN Storage and vSphere Replication 122

How Site Recovery Manager Interacts with DPM and DRS During Recovery 123

How Site Recovery Manager Interacts with Storage DRS or Storage vMotion 123

Using Site Recovery Manager with Array-Based Replication on Sites with Storage DRS or

Storage vMotion 123

Using Site Recovery Manager with vSphere Replication on Sites with Storage DRS or Storage

vMotion 124

How Site Recovery Manager Interacts with vSphere High Availability 125

How Site Recovery Manager Interacts with Stretched Storage 125

Using Site Recovery Manager with VMware NSX 127

Site Recovery Manager and vSphere PowerCLI 127

Site Recovery Manager and vRealize Orchestrator 128

Automated Operations That the vRealize Orchestrator Plug-In for Site Recovery Manager

Provides 128

Protecting Microsoft Cluster Server and Fault Tolerant Virtual Machines 130

Using Site Recovery Manager with SIOC Datastores 131

Using Site Recovery Manager with Admission Control Clusters 131

Site Recovery Manager and Virtual Machines Attached to RDM Disk Devices 132

Site Recovery Manager and Active Directory Domain Controllers 132

Advanced Site Recovery Manager Configuration 133

12

Reconfigure Site Recovery Manager Settings 133

Change Connections Settings 133

Change Site Recovery Manager History Report Collection Setting 134

Change Local Site Settings 134

Change Logging Settings 135

Change Recovery Settings 137

Change Remote Manager Settings 140

Change Remote Site Settings 141

VMware, Inc. 5

Site Recovery Manager Administration

Change Replication Settings 141

Change SSO Setting 142

Change Storage Settings 142

Change ABR Storage Policy Setting 143

Change Storage Provider Settings 144

Change vSphere Replication Settings 146

Modify Settings to Run Large Site Recovery Manager Environments 147

Settings for Large Site Recovery Manager Environments 148

Site Recovery Manager Events and Alarms 151

13

How Site Recovery Manager Monitors Connections Between Sites 151

Configure Site Recovery Manager Alarms 152

Site Recovery Manager Events Reference 153

Collecting Site Recovery Manager Log Files 163

14

Collect Site Recovery Manager Log Files By Using the Site Recovery Manager Interface 163

Collect Site Recovery Manager Log Files Manually 164

Change Size and Number of Site Recovery Manager Server Log Files 164

Configure Site Recovery Manager Core Dumps 166

Troubleshooting Site Recovery Manager 169

15

Site Recovery Manager Doubles the Number of Backslashes in the Command Line When Running

Callouts 170

Powering on Many Virtual Machines Simultaneously on the Recovery Site Can Lead to Errors 171

LVM.enableResignature=1 Remains Set After a Site Recovery Manager Test Recovery 171

Adding Virtual Machines to a Protection Group Fails with an Unresolved Devices Error 172

Configuring Protection fails with Placeholder Creation Error 172

Rapid Deletion and Recreation of Placeholders Fails 173

Planned Migration Fails Because Host is in an Incorrect State 173

Recovery Fails with a Timeout Error During Network Customization for Some Virtual Machines 174

Recovery Fails with Unavailable Host and Datastore Error 174

Reprotect Fails with a vSphere Replication Timeout Error 175

Recovery Plan Times Out While Waiting for VMware Tools 175

Synchronization Fails for vSphere Replication Protection Groups 175

Rescanning Datastores Fails Because Storage Devices are Not Ready 176

Recovery Sticks at 36% During Planned Migration 177

Operations Fail with Error About a Nonreplicated Configuration File 177

Index 179

6 VMware, Inc.

About VMware Site Recovery Manager Administration

VMware Site Recovery Manager is an extension to VMware vCenter Server that delivers a business
continuity and disaster recovery solution that helps you plan, test, and run the recovery of vCenter Server
virtual machines. Site Recovery Manager can discover and manage replicated datastores, and automate
migration of inventory from one vCenter Server instance to another.

Intended Audience

This book is intended for Site Recovery Manager administrators who are familiar with vSphere and its
replication technologies, such as host-based replication and replicated datastores. This solution serves the
needs of administrators who want to configure protection for their vSphere inventory. It might also be
appropriate for users who need to add virtual machines to a protected inventory or to verify that an existing
inventory is properly configured for use with Site Recovery Manager.

VMware, Inc.

7

Site Recovery Manager Administration

8 VMware, Inc.

Updated Information

Site Recovery Manager Administration is updated with each release of the product or when necessary.

This table provides the update history of Site Recovery Manager Administration.

Revision Description

EN-001772-01

EN-001772-00 Initial release.

Revised and expanded the information in “Inventory Mappings for Storage Policy Protection

n

Groups,” on page 34.

Revised and expanded the information about storage policy protection groups throughout Chapter 5,

n

“Creating and Managing Protection Groups,” on page 45.

Added stretched storage information to “Recovery Plan Steps,” on page 81.

n

Added “Enable vSphere vMotion for Planned Migration,” on page 89.

n

Added “How Site Recovery Manager Reprotects Virtual Machines with Storage Policy Protection,”

n

on page 113.

Corrected the supported version of VMware Virtual SAN in “Using Site Recovery Manager with

n

VMware Virtual SAN Storage and vSphere Replication,” on page 122.

Added “How Site Recovery Manager Interacts with Stretched Storage,” on page 125.

n

Added “Using Site Recovery Manager with VMware NSX,” on page 127.

n

Revised and expanded “Recovery Plan Steps,” on page 81, adding subtopics about adding recovery

n

settings to VMs in a recovery plan and in a protection group.

Added “Operations Fail with Error About a Nonreplicated Configuration File,” on page 177.

n

VMware, Inc. 9

Site Recovery Manager Administration

10 VMware, Inc.

Site Recovery Manager Privileges,

Roles, and Permissions 1

Site Recovery Manager provides disaster recovery by performing operations for users. These operations
involve managing objects, such as recovery plans or protection groups, and performing operations, such as
replicating or powering off virtual machines. Site Recovery Manager uses roles and permissions so that only
users with the correct roles and permissions can perform operations.

Site Recovery Manager adds several roles to vCenter Server, each of which includes privileges to complete
Site Recovery Manager and vCenter Server tasks. You assign roles to users to permit them to complete tasks
in Site Recovery Manager.

Privilege

Role

Permission

For information about the roles that Site Recovery Manager adds to vCenter Server and the privileges that
users require to complete tasks, see “Site Recovery Manager Roles Reference,” on page 17.

How Site Recovery Manager Handles Permissions on page 12

n

Site Recovery Manager determines whether a user has permission to perform an operation, such as
configuring protection or running the individual steps in a recovery plan. This permission check
ensures the correct authentication of the user, but it does not represent the security context in which
the operation is performed.

Site Recovery Manager and the vCenter Server Administrator Role on page 13

n

If a user or user group has the vCenter Server administrator role on a vCenter Server instance when
you install Site Recovery Manager, that user or user group obtains all Site Recovery Manager
privileges.

The right to perform an action, for example to create a recovery plan or to
modify a protection group.

A collection of privileges. Default roles provide the privileges that certain
users require to perform a set of Site Recovery Manager tasks, for example
users who manage protection groups or perform recoveries. A user can have
at most one role on an object, but roles can be combined if the user belongs to
multiple groups that all have roles on the object.

A role granted to a particular user or user group on a specific object. A user
or user group is also known as a principal. A permission is a combination of
a role, an object, and a principal. For example, a permission is the privilege to
modify a specific protection group.

VMware, Inc.

Site Recovery Manager and vSphere Replication Roles on page 13

n

When you install vSphere Replication with Site Recovery Manager, the vCenter Server administrator
role inherits all of the Site Recovery Manager and vSphere Replication privileges.

11

Site Recovery Manager Administration

Managing Permissions in a Shared Recovery Site Configuration on page 14

n

You can configure permissions on Site Recovery Manager to use a shared recovery site. The
vCenter Server administrator on the shared recovery site must manage permissions so that each user
has sufficient privileges to configure and use Site Recovery Manager, but no user has access to
resources that belong to another user.

Assign Site Recovery Manager Roles and Permissions on page 15

n

During installation of Site Recovery Manager, users with the vCenter Server administrator role are
granted the administrator role on Site Recovery Manager. At this time, only vCenter Server
administrators can log in to Site Recovery Manager, unless they explicitly grant access to other users.

Site Recovery Manager Roles Reference on page 17

n

Site Recovery Manager includes a set of roles. Each role includes a set of privileges, which allow users
with those roles to complete different actions.

How Site Recovery Manager Handles Permissions

Site Recovery Manager determines whether a user has permission to perform an operation, such as
configuring protection or running the individual steps in a recovery plan. This permission check ensures the
correct authentication of the user, but it does not represent the security context in which the operation is
performed.

Site Recovery Manager performs operations in the security context of the user ID that is used to connect the
sites, or in the context of the ID under which the Site Recovery Manager service is running, for example, the
local system ID.

After Site Recovery Manager verifies that a user has the appropriate permissions on the target vSphere
resources, Site Recovery Manager performs operations on behalf of users by using the vSphere
administrator role.

For operations that configure protection on virtual machines, Site Recovery Manager validates the user
permissions when the user requests the operation. Operations require two phases of validation.

1 During configuration, Site Recovery Manager verifies that the user configuring the system has the

correct permissions to complete the configuration on the vCenter Server object. For example, a user
must have permission to protect a virtual machine and use resources on the secondary vCenter Server
instance that the recovered virtual machine uses.

2 The user performing the configuration must have the correct permissions to complete the task that they

are configuring. For example, a user must have permissions to run a recovery plan.
Site Recovery Manager then completes the task on behalf of the user as a vCenter Server administrator.

As a result, a user who completes a particular task, such as a recovery, does not necessarily require
permissions to act on vSphere resources. The user only requires the permission to run a recovery in
Site Recovery Manager. The role authorizes the action, but the action is performed by
Site Recovery Manager acting as an administrator. Site Recovery Manager performs the operations by using
the administrator credentials that you provide when you connect the protected and recovery sites.

Site Recovery Manager maintains a database of permissions for internal Site Recovery Manager objects that
uses a model similar to the one the vCenter Server uses. Site Recovery Manager verifies its own
Site Recovery Manager privileges even on vCenter Server objects. For example, Site Recovery Manager
checks for the Resource.Recovery Use permission on the target datastore rather than checking multiple low­level permissions, such as Allocate space. Site Recovery Manager also verifies the permissions on the
remote vCenter Server instance.

To use Site Recovery Manager with vSphere Replication, you must assign vSphere Replication roles to users
as well as Site Recovery Manager roles. For information about vSphere Replication roles, see
vSphere Replication Administration.

12 VMware, Inc.

Chapter 1 Site Recovery Manager Privileges, Roles, and Permissions

Site Recovery Manager and the vCenter Server Administrator Role

If a user or user group has the vCenter Server administrator role on a vCenter Server instance when you
install Site Recovery Manager, that user or user group obtains all Site Recovery Manager privileges.

If you assign the vCenter Server administrator role to users or user groups after you install
Site Recovery Manager, you must manually assign the Site Recovery Manager roles to those users on
Site Recovery Manager objects.

You can assign Site Recovery Manager roles to users or user groups that do not have the vCenter Server
administrator role. In this case, those users have permission to perform Site Recovery Manager operations,
but they do not have permission to perform all vCenter Server operations.

Site Recovery Manager and vSphere Replication Roles

When you install vSphere Replication with Site Recovery Manager, the vCenter Server administrator role
inherits all of the Site Recovery Manager and vSphere Replication privileges.

If you manually assign a Site Recovery Manager role to a user or user group, or if you assign a
Site Recovery Manager role to a user or user group that is not a vCenter Server administrator, these users do
not obtain vSphere Replication privileges. The Site Recovery Manager roles do not include the privileges of
the vSphere Replication roles. For example, the Site Recovery Manager Recovery Administrator role
includes the privilege to run recovery plans, including recovery plans that contain vSphere Replication
protection groups, but it does not include the privilege to configure vSphere Replication on a virtual
machine. The separation of the Site Recovery Manager and vSphere Replication roles allows you to
distribute responsibilities between different users. For example, one user with the VRM administrator role is
responsible for configuring vSphere Replication on virtual machines, and another user with the
Site Recovery Manager Recovery Administrator role is responsible for running recoveries.

In some cases, a user who is not vCenter Server administrator might require the privileges to perform both
Site Recovery Manager and vSphere Replication operations. To assign a combination of
Site Recovery Manager and vSphere Replication roles to a single user, you can add the user to two user
groups.

Example: Assign Site Recovery Manager and vSphere Replication Roles to a
User

By creating two user groups, you can grant to a user the privileges of both a Site Recovery Manager role and
a vSphere Replication role, without that user being a vCenter Server administrator.

1 Create two user groups.

2 Assign a Site Recovery Manager role to one user group, for example Site Recovery Manager

administrator.

3 Assign a vSphere Replication role to the other user group, for example VRM administrator.

4 Add the user to both user groups.

The user has all the privileges of the Site Recovery Manager administrator role and of the VRM
administrator role.

VMware, Inc. 13

Site Recovery Manager Administration

Managing Permissions in a Shared Recovery Site Configuration

You can configure permissions on Site Recovery Manager to use a shared recovery site. The vCenter Server
administrator on the shared recovery site must manage permissions so that each user has sufficient
privileges to configure and use Site Recovery Manager, but no user has access to resources that belong to
another user.

In the context of a shared recovery site, a user is the owner of a pair of Site Recovery Manager Server
instances. Users with adequate permissions must be able to access the shared recovery site to create, test,
and run the recovery plans for their own protected site. The vCenter Server administrator at the shared
recovery site must create a separate user group for each user. No user's user accounts can be a member of
the vCenter Server Administrators group. The only supported configuration for a shared recovery site is for
one organization to manage all of the protected sites and the recovery site.

CAUTION Certain Site Recovery Manager roles allow users to run commands on
Site Recovery Manager Server, so you should assign these roles to trusted administrator-level users only.
See “Site Recovery Manager Roles Reference,” on page 17 for the list of Site Recovery Manager roles that
run commands on Site Recovery Manager Server.

On a shared recovery site, multiple customers share a single vCenter Server instance. In some cases,
multiple customers can share a single ESXi host on the recovery site. You can map the resources on the
protected sites to shared resources on the shared recovery site. You might share resources on the recovery
site if you do not need to keep all of the customers' virtual machines separate, for example if all of the
customers belong to the same organization.

You can also create isolated resources on the shared recovery site and map the resources on the protected
sites to their own dedicated resources on the shared recovery site. You might use this configuration if you
must keep all of the customers' virtual machines separate from each other, for example if all of the
customers belong to different organizations.

Guidelines for Sharing User Resources

Follow these guidelines when you configure permissions for sharing user resources on the shared recovery
site:

All users must have read access to all folders of the vCenter Server on the shared recovery site.

n

Do not give a user the permission to rename, move, or delete the datacenter or host.

n

Do not give a user the permission to create virtual machines outside of the user’s dedicated folders and

n

resource pools.

Do not allow a user to change roles or assign permissions for objects that are not dedicated to the user’s

n

own use.

To prevent unwanted propagation of permissions across different organizations’ resources, do not

n

propagate permissions on the root folder, datacenters, and hosts of the vCenter Server on the shared
recovery site.

Guidelines for Isolating User Resources

Follow these guidelines when you configure permissions for isolating user resources on the shared recovery
site:

Assign to each user a separate virtual machine folder in the vCenter Server inventory.

n

Set permissions on this folder to prevent any other user from placing their virtual machines in it.

n

For example, set the Administrator role and activate the propagate option for a user on that user's
folder. This configuration prevents duplicate name errors that might otherwise occur if multiple
users protect virtual machines that have identical names.

14 VMware, Inc.

Chapter 1 Site Recovery Manager Privileges, Roles, and Permissions

Place all of the user's placeholder virtual machines in this folder, so that they can inherit its

n

permissions.

Do not assign permissions to access this folder to other users.

n

Assign dedicated resource pools, datastores, and networks to each user, and configure the permissions

n

in the same way as for folders.

CAUTION A deployment in which you isolate user resources still assumes trust between the vSphere sites.
Even though you can isolate user resources, you cannot isolate the users themselves. This is not a suitable
deployment if you must keep all users completely separate.

Viewing Tasks and Events in a Shared Recovery Site Configuration

In the Recent Tasks panel of the vSphere Client, users who have permissions to view an object can see tasks
that other users start on that object. All users can see all of the tasks that other users perform on a shared
resource. For example, all users can see the tasks that run on a shared host, datacenter, or the vCenter Server
root folder.

Events that all of the instances of Site Recovery Manager Server generate on a shared recovery site have
identical permissions. All users who can see events from one instance of Site Recovery Manager Server can
see events from all Site Recovery Manager Server instances that are running on the shared recovery site.

Assign Site Recovery Manager Roles and Permissions

During installation of Site Recovery Manager, users with the vCenter Server administrator role are granted
the administrator role on Site Recovery Manager. At this time, only vCenter Server administrators can log in
to Site Recovery Manager, unless they explicitly grant access to other users.

To allow other users to access Site Recovery Manager, vCenter Server administrators must grant them
permissions in the Site Recovery Manager interface in the vSphere Web Client. You assign site-wide
permission assignments on a per-site basis. You must add corresponding permissions on both sites.

Site Recovery Manager requires permissions on vCenter Server objects as well as on Site Recovery Manager
objects. To configure permissions on the remote vCenter Server installation, start another instance of the
vSphere Web Client. You can change Site Recovery Manager permissions from the same
vSphere Web Client instance on both sites after you connect the protected and recovery sites.

Site Recovery Manager augments vCenter Server roles and permissions with additional permissions that
allow detailed control over Site Recovery Manager specific tasks and operations. For information about the
permissions that each Site Recovery Manager role includes, see “Site Recovery Manager Roles Reference,”
on page 17.

You can assign more granular permissions to users by assigning them permissions on specific
Site Recovery Manager objects, including individual array managers, protection groups, and recovery plans.
You can also allow users to access specific groups of protections groups, recovery plans, and array managers
by assigning permissions to protection group and recovery plan folders, and to all of the array managers for
a site.

Procedure

1 In the vSphere Web Client, select the objects on which to assign permissions.

Option Description

Assign site-wide permissions

Assign permissions to an individual
protection group

VMware, Inc. 15

Click Site Recovery > Sites, and select a site.

Click Site Recovery, expand Inventories, click Protection Groups, and
select a protection group.

Site Recovery Manager Administration

Option Description

Assign permissions to a protection
group folder

Assign permissions to an individual
recovery plan

Assign permissions to a recovery
plan folder

Assign permissions to an individual
array manager

Assign permissions to all array
managers for a site

2 In the Manage tab, click Permissions, then click the Add Permission icon.

3 Identify a user or group for the role.

a Click Add in the Users and Groups column.

b From the Domain drop-down menu, select the domain that contains the user or group.

c Enter a user or user group name in the Search text box or select a name from the User/Group list.

Click Site Recovery, expand Inventory Trees, click Protection Groups and
select a protection group folder. You can assign permissions to the root
folder or to a subfolder.

Click Site Recovery, expand Inventories, click Recovery Plans, and select
a recovery plan.

Click Site Recovery, expand Inventory Trees, click Recovery Plans and
select a recovery plan folder. You can assign permissions to the root folder
or to a subfolder.

Click Site Recovery > Array Based Replication, and select an array
manager.

Click Site Recovery, expand Inventory Trees, click Array Based
Replication and select a site folder.

d Click Add and click OK.

4 Select a role from the Assigned Role drop-down menu to assign to the user or user group that you

selected in Step 3.

The Assigned Role drop-down menu includes all of the roles that vCenter Server and its plug-ins make
available. Site Recovery Manager adds several roles to vCenter Server.

Option Action

Allow a user or user group to
perform all Site Recovery Manager
configuration and administration
operations.

Allow a user or user group to
manage and modify protection
groups and to configure protection
on virtual machines.

Allow a user or user group to
perform recoveries and test
recoveries.

Allow a user or user group to
create, modify, and test recovery
plans.

Allow a user or user group to test
recovery plans.

Assign the SRM Administrator role.

Assign the SRM Protection Groups Administrator role.

Assign the SRM Recovery Administrator role.

Assign the SRM Recovery Plans Administrator role.

Assign the SRM Recovery Test Administrator role.

When you select a role, the hierarchical list displays the privileges that the role includes. Click a
privilege in the hierarchical list to see a description of that privilege. You cannot modify the list of
privileges that each role includes.

16 VMware, Inc.

Chapter 1 Site Recovery Manager Privileges, Roles, and Permissions

5 Select Propagate to Children to apply the selected role to all of the child objects of the inventory objects

that this role can affect.

For example, if a role contains privileges to modify folders, selecting this option extends the privileges
to all the virtual machines in a folder. You might deselect this option to create a more complex
hierarchy of permissions. For example, deselect this option to override the permissions that are
propagated from the root of a certain node from the hierarchy tree, but without overriding the
permissions of the child objects of that node.

6 Click OK to assign the role and its associated privileges to the user or user group.

7 Repeat Step 2 through Step 6 to assign roles and privileges to the users or user groups on the other

Site Recovery Manager site.

You assigned a given Site Recovery Manager role to a user or user group. This user or user group has
privileges to perform the actions that the role defines on the objects on the Site Recovery Manager site that
you configured.

Example: Combining Site Recovery Manager Roles

You can assign only one role to a user or user group. If a user who is not a vCenter Server administrator
requires the privileges of more than one Site Recovery Manager role, you can create multiple user groups.
For example, a user might require the privileges to manage recovery plans and to run recovery plans.

1 Create two user groups.

2 Assign the SRM Recovery Plans Administrator role to one group.

3 Assign the SRM Recovery Administrator role to the other group.

4 Add the user to both user groups.

By being a member of groups that have both the SRM Recovery Plans Administrator and the SRM
Recovery Administrator roles, the user can manage recovery plans and run recoveries.

Site Recovery Manager Roles Reference

Site Recovery Manager includes a set of roles. Each role includes a set of privileges, which allow users with
those roles to complete different actions.

Roles can have overlapping sets of privileges and actions. For example, the Site Recovery Manager
Administrator role and the Site Recovery Manager Protection Groups Administrator have the Create
privilege for protection groups. With this privilege, the user can complete one aspect of the set of tasks that
make up the management of protection groups.

Assign roles to users on Site Recovery Manager objects consistently on both sites, so that protected and
recovery objects have identical permissions.

All users must have at least the System.Read privilege on the root folders of vCenter Server and the
Site Recovery Manager root nodes on both sites.

NOTE If you uninstall Site Recovery Manager Server, Site Recovery Manager removes the default
Site Recovery Manager roles but the Site Recovery Manager privileges remain. You can still see and assign
Site Recovery Manager privileges on other roles after uninstalling Site Recovery Manager. This is standard
vCenter Server behavior. Privileges are not removed when you unregister an extension from vCenter Server.

VMware, Inc. 17

Site Recovery Manager Administration

Table 1‑1. Site Recovery Manager Roles

Role

Site Recovery
Manager
Administrator

Site Recovery
Manager Protection
Groups
Administrator

Actions that this
Role Permits Privileges that this Role Includes

The
Site Recovery
Manager
Administrator grants
permission to perform
all
Site Recovery
Manager
configuration and
administration
operations.

Configure

n

advanced settings.

Configure

n

connections.

Configure

n

inventory
preferences.

Configure

n

placeholder
datastores.

Configure array

n

managers.

Manage

n

protection groups.

Manage recovery

n

plans.

Perform reprotect

n

operations.

Configure

n

protection on
virtual machines.

Edit protection

n

Site Recovery Manager.Advanced Settings.Modify

Site Recovery Manager.Array Manager.Configure

Site Recovery Manager.Diagnostics.Export

Site Recovery Manager.Inventory Preferences.Modify

Site Recovery Manager.Placeholder
Datastores.Configure

Site Recovery Manager.Protection Group.Assign to
Plan

Site Recovery Manager.Protection Group.Create

Site Recovery Manager.Protection Group.Modify

Site Recovery Manager.Protection Group.Remove

Site Recovery Manager.Protection Group.Remove from
Plan

Site Recovery Manager.Recovery History .View
Deleted Plans

Site Recovery Manager.Recovery Plan.Configure

Site Recovery Manager.Recovery Plan.Create

Site Recovery Manager.Recovery Plan.Modify

Site Recovery Manager.Recovery Plan.Remove

Site Recovery Manager.Recovery Plan.Reprotect

Site Recovery Manager.Recovery Plan.Test

Site Recovery Manager.Remote Site.Modify

Datastore.Replication.Protect

Datastore.Replication.Unprotect.Stop

Resource.Recovery Use

Virtual Machine. SRM Protection.Protect

Virtual Machine. SRM Protection.Stop

Site Recovery Manager.Profile-driven storage.Profile­driven storage view

groups.

Remove

n

protection groups.

View storage

n

policy objects.

Users with this role
cannot run recoveries.
Only users with the
Site Recovery
Manager Recovery
Administrator role can
perform recoveries.

The
Site Recovery
Manager Protection
Groups Administrator
role allows users to
manage protection
groups.

Site Recovery Manager.Protection Group.Create

Site Recovery Manager.Protection Group.Modify

Site Recovery Manager.Protection Group.Remove

Datastore.Replication.Protect

Datastore.Replication.Unprotect.Stop

Resource.Recovery Use

Objects in
vCenter
Server
Inventory
that this
Role Can
Access

Virtual

n

machin
es

Datasto

n

res

vCenter

n

Server
folders

Resourc

n

e pools

Site

n

Recover
y
Manage
r
service
instance
s

Networ

n

ks

Site

n

Recover
y
Manage
r
folders

Protecti

n

on
groups

Recover

n

y plans

Array

n

manage
rs

Site

n

Recover
y
Manage
r
folders

18 VMware, Inc.

Table 1‑1. Site Recovery Manager Roles (Continued)

Actions that this

Role

Site Recovery
Manager Recovery
Administrator

Role Permits Privileges that this Role Includes

Create protection

n

groups.

Modify protection

n

Virtual Machine. SRM Protection.Protect

Virtual Machine. SRM Protection.Stop

groups.

Add virtual

n

machines to
protection groups.

Delete protection

n

groups.

Configure

n

protection on
virtual machines.

Remove

n

protection from
virtual machines.

Users with this role
cannot perform or test
recoveries or create or
modify recovery
plans.

The
Site Recovery
Manager Recovery
Administrator role
allows users to
perform recoveries
and reprotect
operations.

Remove

n

protection groups
from recovery

Site Recovery Manager.Protection Group.Remove from
plan

Site Recovery Manager.Recovery Plan.Modify

Site Recovery Manager.Recovery Plan.Test

Site Recovery Manager.Recovery Plan.Recovery

Site Recovery Manager.Recovery Plan.Reprotect

Site Recovery Manager.Recovery
Plan.Configure.Configure commands

Site Recovery Manager.Recovery History.View deleted
plans

plans.

Test recovery

n

plans.

Run recovery

n

plans.

Run reprotect

n

operations.

Configure custom

n

command steps
on virtual
machines.

View deleted

n

recovery plans.

Edit virtual

n

machine recovery
properties.

Users with this role
cannot configure
protection on virtual
machines, or create or
modify recovery
plans.

Chapter 1 Site Recovery Manager Privileges, Roles, and Permissions

Objects in
vCenter
Server
Inventory
that this
Role Can
Access

Protecti

n

on
groups

Protecti

n

on
groups

Recover

n

y plans

Site

n

Recover
y
Manage
r
service
instance
s

VMware, Inc. 19

Site Recovery Manager Administration

Table 1‑1. Site Recovery Manager Roles (Continued)

Role

Site Recovery
Manager Recovery
Plans Administrator

Site Recovery
Manager Test
Administrator

Actions that this
Role Permits Privileges that this Role Includes

The
Site Recovery
Manager Recovery
Plans Administrator
role allows users to
create and test
recovery plans.

Add protection

n

groups to
recovery plans.

Remove

n

protection groups

Site Recovery Manager.Protection Group.Assign to
plan

Site Recovery Manager.Protection Group.Remove from
plan

Site Recovery Manager.Recovery Plan.Configure
Commands

Site Recovery Manager.Recovery Plan.Create

Site Recovery Manager.Recovery Plan.Modify

Site Recovery Manager.Recovery Plan.Remove

Site Recovery Manager.Recovery Plan.Test

Resource.Recovery Use

from recovery
plans.

Configure custom

n

command steps
on virtual
machines.

Create recovery

n

plans.

Test recovery

n

plans.

Cancel recovery

n

plan tests.

Edit virtual

n

machine recovery
properties.

Users with this role
cannot configure
protection on virtual
machines, or perform
recoveries or reprotect
operations.

The
Site Recovery

Site Recovery Manager.Recovery Plan.Modify

Site Recovery Manager.Recovery Plan.Test

Manager Test
Administrator role
only allows users to
test recovery plans.

Test recovery

n

plans.

Cancel recovery

n

plan tests.

Edit virtual

n

machine recovery
properties.

Users with this role
cannot configure
protection on virtual
machines, create

Objects in
vCenter
Server
Inventory
that this
Role Can
Access

Protecti

n

on
groups

Recover

n

y plans

vCenter

n

Server
folders

Datasto

n

res

Resourc

n

e pools

Networ

n

ks

Recovery
plans

20 VMware, Inc.

Table 1‑1. Site Recovery Manager Roles (Continued)

Actions that this

Role

Role Permits Privileges that this Role Includes

protection groups or
recovery plans, or
perform recoveries or
reprotect operations.

Chapter 1 Site Recovery Manager Privileges, Roles, and Permissions

Objects in
vCenter
Server
Inventory
that this
Role Can
Access

VMware, Inc. 21

Site Recovery Manager Administration

22 VMware, Inc.

Replicating Virtual Machines 2

Before you create protection groups, you must configure replication on the virtual machines to protect.

You can replicate virtual machines by using either array-based replication, vSphere Replication, or a
combination of both.

This chapter includes the following topics:

“Using Array-Based Replication with Site Recovery Manager,” on page 23

n

“Using vSphere Replication with Site Recovery Manager,” on page 28

n

“Using Array-Based Replication and vSphere Replication with Site Recovery Manager,” on page 30

n

Using Array-Based Replication with Site Recovery Manager

When you use array-based replication, one or more storage arrays at the protected site replicate data to peer
arrays at the recovery site. With storage replication adapters (SRAs), you can integrate
Site Recovery Manager with a wide variety of arrays.

To use array-based replication with Site Recovery Manager, you must configure replication first before you
can configure Site Recovery Manager to use it.

If your storage array supports consistency groups, Site Recovery Manager is compatible with vSphere
Storage DRS and vSphere Storage vMotion. You can use Storage DRS and Storage vMotion to move virtual
machine files within a consistency group that Site Recovery Manager protects. If your storage array does not
support consistency groups, you cannot use Storage DRS and Storage vMotion in combination with
Site Recovery Manager.

You can protect virtual machines that contain disks that use VMware vSphere Flash Read Cache storage.
Since the host to which a virtual machine recovers might not be configured for Flash Read Cache,
Site Recovery Manager disables Flash Read Cache on disks when it starts the virtual machines on the
recovery site. Site Recovery Manager sets the reservation to zero. Before performing a recovery on a virtual
machine that is configured to use vSphere Flash Read Cache, take a note of virtual machine's cache
reservation from the vSphere Web Client. After the recovery, you can migrate the virtual machine to a host
with Flash Read Cache storage and manually restore the original Flash Read Cache setting on the virtual
machine.

If you protect virtual machines by using storage policy protection groups, you must replicate those virtual
machines by using array-based replication.

Storage Replication Adapters

Storage replication adapters are not part of a Site Recovery Manager release. Your array vendor develops
and supports them. You must install an SRA specific to each array that you use with Site Recovery Manager
on the Site Recovery Manager Server host. Site Recovery Manager supports the use of multiple SRAs.

VMware, Inc.

23

SRM plug-in

vSphere Web Client

Protected Site

Recovery Site

ESXi

Server

ESXi

Server

vCenter Server

VMFS

VMFS

Storage

VMFS

VMFS

Storage

ESXi

Server

SRM Server SRM Server

SRA

ESXi

Server

ESXi

Server

vCenter Server

SRA

Array based replication

SRM plug-in

vSphere Web Client

Site Recovery Manager Administration

Figure 2‑1. Site Recovery Manager Architecture with Array-Based Replication

Configure Array-Based Replication

To protect virtual machines that you replicate by using array-based replication, including virtual machines
that you protect by using storage policy protection groups, you must configure storage replication adapters
(SRAs) at each site.

Install Storage Replication Adapters

If you protect virtual machines by using array-based replication or by using array-based replication with
storage policy protection, you must install a Storage Replication Adapter (SRA) specific to each storage
array that you use with Site Recovery Manager. An SRA is a program that an array vendor provides that
enables Site Recovery Manager to work with a specific kind of array.

You must install an appropriate SRA on the Site Recovery Manager Server hosts at the protected and
recovery sites. If you use more than one type of storage array, you must install the SRA for each type of
array on both of the Site Recovery Manager Server hosts.

NOTE You can configure Site Recovery Manager to use more than one type of storage array, but you cannot
store the virtual machine disks for a single virtual machine on multiple arrays from different vendors. You
must store all of the disks for a virtual machine on the same array.

Storage replication adapters come with their own installation instructions. You must install the version of an
SRA that corresponds to a specific Site Recovery Manager version. Install the same version of the SRA at
both sites. Do not mix SRA versions.

If you are using vSphere Replication, you do not require an SRA.

Prerequisites

Check the availability of an SRA for your type of storage by consulting the VMware Compatibility Guide

n

for Site Recovery Manager at

http://www.vmware.com/resources/compatibility/search.php?deviceCategory=sra.

24 VMware, Inc.

Chapter 2 Replicating Virtual Machines

Download the SRA by going to https://my.vmware.com/web/vmware/downloads, selecting VMware

n

vCenter Site Recovery Manager > Download Product, then selecting Drivers & Tools > Storage
Replication Adapters > Go to Downloads.

If you obtain an SRA from a different vendor site, verify that it has been certified for the

n

Site Recovery Manager release you are using by checking the VMware Compatibility Guide for
Site Recovery Manager at

http://www.vmware.com/resources/compatibility/search.php?deviceCategory=sra.

Read the documentation provided with your SRA. SRAs do not support all features that storage arrays

n

support. The documentation that your SRA provides details what the SRA supports and requires. For
example, HP and EMC have detailed physical requirements which must be met for the SRA to perform
as expected.

Install Site Recovery Manager Server before you install the SRAs.

n

Your SRA might require the installation of other vendor-provided components. You might need to

n

install some of these components on the Site Recovery Manager Server host. Other components might
require only network access by the Site Recovery Manager Server. For the latest information on such
requirements, review the release notes and readme files for the SRAs you are installing.

Enable the storage array's capability to create snapshot copies of the replicated devices. See your SRA

n

documentation.

Procedure

1 Install the SRA on each Site Recovery Manager Server host.

The installer installs the SRA in C:\Program Files\VMware\VMware vCenter Site Recovery

Manager\storage\sra.

2 In the vSphere Web Client, go to Site Recovery > Sites, and select a site.

3 In the Monitor tab, click SRAs, and click the Rescan SRAs button.

This action refreshes SRA information, allowing Site Recovery Manager to discover the SRAs.

Configure Array Managers

After you pair the protected site and recovery site, configure their respective array managers so that
Site Recovery Manager can discover replicated devices, compute datastore groups, and initiate storage
operations.

You typically configure array managers only once after you connect the sites. You do not need to
reconfigure them unless array manager connection information or credentials change, or you want to use a
different set of arrays.

Prerequisites

Connect the sites as described in Connect the Protected and Recovery Sites in Site Recovery Manager

n

Installation and Configuration.

Install SRAs at both sites as described in “Install Storage Replication Adapters,” on page 24.

n

Procedure

1 In the vSphere Web Client, click Site Recovery > Array Based Replication.

2 In the Objects tab, click the icon to add an array manager.

3 Select from two options:

Add a pair of array managers

n

Add a single array manager

n

VMware, Inc. 25

Site Recovery Manager Administration

4 Select a site or pair of sites for the array manager and click Next.

5 Select the array manager type that you want Site Recovery Manager to use from the SRA Type table

and click Next.

If no manager type appears, rescan for SRAs or check that you have installed an SRA on the
Site Recovery Manager Server host.

6 Enter a name for the array in the Display Name text box and click Next..

Use a descriptive name that makes it easy for you to identify the storage associated with this array
manager.

7 Provide the required information for the type of SRA you selected.

For more information about how to fill in these text boxes, see the documentation that your SRA vendor
provides. Text boxes vary between SRAs, but common text boxes include IP address, protocol
information, mapping between array names and IP addresses, and user name and password.

8 If you chose to add a pair of array managers, on the Enable array pairs page, select the the array pair to

enable, then click Next.

You can also configure array pairs in the single option mode if the array manager on the peer site is
already created.

9 Review the configuration and click Finish.

10 Repeat steps to configure an array manager for the recovery site, if necessary.

Rescan Arrays to Detect Configuration Changes

By default, Site Recovery Manager checks arrays for changes to device configurations by rescanning arrays
every 24 hours. However, you can force an array rescan at any time.

You can reconfgure the frequency with which Site Recovery Manager performs regular array scans by
changing the storage.minDsGroupComputationInterval option in Advanced Settings. See Change Storage

Settings.

Configuring array managers causes Site Recovery Manager to compute datastore groups based on the set of
replicated storage devices that it discovers. If you change the configuration of the array at either site to add
or remove devices, Site Recovery Manager must rescan the arrays and recompute the datastore groups.

Procedure

1 In the vSphere Web Client, click Site Recovery > Array Based Replication.

2 Select an array.

3 In the Manage tab, select Array Pairs.

The Array Pairs tab provides information about all the storage devices in the array, including the local
device name, the device it is paired with, the direction of replication, the protection group to which the
device belongs, whether the datastore is local or remote, and the consistency group ID for each SRA
device.

4 Right-click an array pair and select Discover Devices to rescan the arrays and recompute the datastore

groups.

26 VMware, Inc.

Chapter 2 Replicating Virtual Machines

Edit Array Managers

Use the Edit Array Manager wizard to modify an array manager's name or other settings, such as the IP
address or user name and password.

For more information about how to fill in the adapter fields, see the documentation that your SRA vendor
provides. While fields vary among SRAs, common fields include IP address, protocol information, mapping
between array names and IP addresses, and user names and passwords.

Procedure

1 In the vSphere Web Client, click Site Recovery > Array Based Replication.

2 Right-click an array and select Edit Array Manager.

3 Modify the name for the array in the Display Name field.

Use a descriptive name that makes it easy for you to identify the storage associated with this array
manager. You cannot modify the array manager type.

4 Modify the adapter information.

These fields are created by the SRA.

5 Enable the array pair and click Next.

6 Click Finish to complete the modification of the array manager.

Specify an Unreplicated Datastore for Swap Files

Every virtual machine requires a swap file. By default, vCenter Server creates swap files in the same
datastore as the other virtual machine files. To prevent Site Recovery Manager from replicating swap files,
you can configure virtual machines to create them in an unreplicated datastore.

Under normal circumstances, you should keep the swap files in the same datastore as other virtual machine
files. However, you might need to prevent replication of swap files to avoid excessive consumption of
network bandwidth. Some storage vendors recommend that you do not replicate swap files. Only prevent
replication of swap files if it is absolutely necessary.

NOTE If you are using an unreplicated datastore for swap files, you must create an unreplicated datastore
for all protected hosts and clusters at both the protected and recovery sites. The unreplicated datastore must
be visible to all hosts in a cluster, otherwise vMotion will not work.

Procedure

1 In the vSphere Web Client, select Hosts and Clusters, select a host, and click Manage > Settings.

2 Under Virtual Machines, select Swap file location, and click Edit.

3 Select Use a specific datastore, and select an unreplicated datastore.

4 Click OK.

5 Power off and power on all of the virtual machines on the host.

Resetting the guest operating system is not sufficient. The change of swapfile location takes effect after
you power off then power on the virtual machines.

6 Browse the datastore that you selected for swapfiles and verify that VSWP files are present for the

virtual machines.

VMware, Inc. 27

Site Recovery Manager Administration

Isolating Devices For Stretched Storage During Disaster Recovery

In a disaster recovery with stretched storage, the failover command must isolate devices at the recovery site.

If some hosts at the protected site are still operational and continue running virtual machines when you
initiate a disaster recovery, Site Recovery Manager cannot power on the corresponding virtual machines at
the recovery site due to file locks. If the storage array isolates the devices at the recovery site, the ESX hosts
at the recovery site can break the necessary locks and power on the virtual machines.

Site Recovery Manager must use isolation="true" in the failover SRA command for the stretched devices
that were not deactivated at the protected site.

Implementation details of isolation for stretched storage is specific to array vendors. Some array vendors
might make the devices inaccessible at the protected site after running the failover SRA command with
isolation. Some array vendors might break the communication between source and target site for that
particular device.

Using vSphere Replication with Site Recovery Manager

Site Recovery Manager can use vSphere Replication to replicate data to servers at the recovery site.

You deploy the vSphere Replication appliance and configure vSphere Replication on virtual machines
independently of Site Recovery Manager. See the vSphere Replication documentation at

https://www.vmware.com/support/pubs/vsphere-replication-pubs.html for information about deploying

and configuring vSphere Replication.

vSphere Replication does not require storage arrays. The vSphere Replication storage replication source and
target can be any storage device, including, but not limited to, storage arrays.

You can configure vSphere Replication to regularly create and retain snapshots of protected virtual
machines on the recovery site. Taking multiple point-in-time (PIT) snapshots of virtual machines allows you
to retain more than one replica of a virtual machine on the recovery site. Each snapshot reflects the state of
the virtual machine at a certain point in time. You can select which snapshot to recover when you use
vSphere Replication to perform a recovery.

28 VMware, Inc.

Figure 2‑2. Site Recovery Manager Architecture with vSphere Replication

Protected Site

SRM plug-in

vSphere Web Client

SRM plug-in

vSphere Web Client

Recovery Site

ESXi

Server

VR Agent

ESXi

Server

VR Agent

vCenter Server

VMFS

VMFS

Storage

VMFS

VMFS

Storage

ESXi

Server

VR Agent

SRM Server

VR Appliance

Network

File Copy

ESXi

SRM Server

Additional

VR Server

Network

File Copy

ESXi

VR Appliance

vSphere replication

vCenter Server

Chapter 2 Replicating Virtual Machines

Replicating a Virtual Machine and Enabling Multiple Point in Time Instances

You can recover virtual machines at specific points in time (PIT) such as the last known consistent state.

When you configure replication of a virtual machine, you can enable multiple point in time (PIT) instances
in the recovery settings in the Configure Replication wizard. vSphere Replication retains a number of
snapshot instances of the virtual machine on the target site based on the retention policy that you specify.
vSphere Replication supports a maximum of 24 snapshot instances. After you recover a virtual machine,
you can revert it to a specific snapshot.

During replication, vSphere Replication replicates all aspects of the virtual machine to the target site,
including any potential viruses and corrupted applications. If a virtual machine suffers from a virus or
corruption and you have configured vSphere Replication to keep PIT snapshots, you can recover the virtual
machine and then revert it to a snapshot of the virtual machine in its uncorrupted state.

You can also use the PIT instances to recover the last known good state of a database.

NOTE vSphere Replication does not replicate virtual machine snapshots.

VMware, Inc. 29

vSphere Web Client

VR Appliance

t1

VM

VM VM VM

t3t2

vSphere Web Client

VR Appliance

VM

Replication

Source Site

Target Site

t0

Site Recovery Manager Administration

Figure 2‑3. Recovering a Virtual Machine at Points in Time (PIT)

Using Array-Based Replication and vSphere Replication with Site Recovery Manager

You can use a combination of array-based replication and vSphere Replication in your
Site Recovery Manager deployment.

To create a mixed Site Recovery Manager deployment that uses array-based replication and
vSphere Replication, you must configure the protected and recovery sites for both types of replication.

Set up and connect the storage arrays and install the appropriate storage replication adapters (SRA) on

n

both sites.

Deploy vSphere Replication appliances on both sites and configure the connection between the

n

appliances.

Configure virtual machines for replication using either array-based replication or vSphere Replication,

n

as appropriate.

NOTE Do not attempt to configure vSphere Replication on a virtual machine that resides on a datastore
that you replicate by using array-based replication.

You create array-based protection groups for virtual machines that you configure with array-based
replication, and vSphere Replication protection groups for virtual machines that you configure with
vSphere Replication. You cannot mix replication types in a protection group. You can mix array-based
protection groups and vSphere Replication protection groups in the same recovery plan.

30 VMware, Inc.

Recovery Site

ESXi

Server

VR Agent

ESXi

Server

VR Agent

vCenter Server

VMFS

VMFS

Storage

VMFS

VMFS

Storage

Array based replication

ESXi

Server

VR Agent

SRM Server

VR Appliance

Network

File Copy

ESXi

SRM Server

Additional

VR Server

Network

File Copy

ESXi

VR Appliance

vSphere replication

SRA

vCenter Server

SRA

SRM plug-in

vSphere Web Client

Protected Site

SRM plug-in

vSphere Web Client

Chapter 2 Replicating Virtual Machines

Figure 2‑4. Site Recovery Manager Architecture with Array-Based Replication and vSphere Replication

VMware, Inc. 31

Site Recovery Manager Administration

32 VMware, Inc.

Configuring Mappings 3

Mappings allow you to specify how Site Recovery Manager maps virtual machine resources on the
protected site to resources on the recovery site.

You can configure site-wide mappings to map objects in the vCenter Server inventory on the protected site
to corresponding objects in the vCenter Server inventory on the recovery site.

Networks, including the option to specify a different network to use for recovery plan tests

n

Datacenters or virtual machine folders

n

Compute resources, including resource pools, standalone hosts, vApps, or clusters

n

During a recovery, when virtual machines start on the recovery site, the virtual machines use the resources
on the recovery site that you specify in the mappings. To enable bi-directional protection and reprotect, you
can configure reverse mappings, to map the objects on the recovery site back to their corresponding objects
on the protected site. You can also configure different mappings in the opposite direction, so that recovered
virtual machines on a site use different resources to protected virtual machines on that site.

Site Recovery Manager applies inventory mappings differently depending on whether you use array-based
protection groups and vSphere Replication protection groups, or storage policy protection groups. For
information about the differences between how Site Recovery Manager applies inventory mappings to the
different types of protection group, see “Inventory Mappings for Array-Based Replication Protection

Groups and vSphere Replication Protection Groups,” on page 34 and “Inventory Mappings for Storage
Policy Protection Groups,” on page 34.

VMware, Inc.

If you use storage policy protection groups, in addition to mapping inventory objects, you map storage
polices on the protected site to storage policies on the recovery site.

This chapter includes the following topics:

“Inventory Mappings for Array-Based Replication Protection Groups and vSphere Replication

n

Protection Groups,” on page 34

“Inventory Mappings for Storage Policy Protection Groups,” on page 34

n

“Configure Inventory Mappings,” on page 37

n

“About Storage Policy Mappings,” on page 39

n

“Select Storage Policy Mappings,” on page 39

n

33

Site Recovery Manager Administration

Inventory Mappings for Array-Based Replication Protection Groups and vSphere Replication Protection Groups

For array-based protection and vSphere Replication protection, Site Recovery Manager applies inventory
mappings to all virtual machines in a protection group when you create that group.

Site Recovery Manager creates a placeholder virtual machine when you create an array-based or
vSphere Replication protection group. Site Recovery Manager derives the resource assignments for the
placeholder from the site-wide inventory mappings.

If you configure site-wide inventory mappings, you can reapply the inventory mappings to a protection
group whenever necessary, for example if you add new virtual machines to an existing protection group.

If you change the site-wide inventory mappings for a site, the changes do not affect virtual machines that
Site Recovery Manager already protects in an existing protection group. Site Recovery Manager only applies
the new mappings to previously protected virtual machines if you reconfigure protection on them.

Site Recovery Manager cannot protect a virtual machine unless it has valid inventory mappings. However,
configuring site-wide inventory mappings is not mandatory for array-based replication protection groups
and vSphere Replication protection groups. If you create an array-based replication protection group or
vSphere Replication protection group without having defined site-wide inventory mappings, you can
configure each virtual machine in the group individually. You can override site-wide inventory mappings
by configuring the protection of the virtual machines in a protection group. You can also create site-wide
inventory mappings after you create a protection group, and then apply those site-wide mappings to that
protection group.

For information about configuring site-wide inventory mappings, see “Configure Inventory

n

Mappings,” on page 37.

For information about configuring mappings on virtual machines individually, see “Configure

n

Inventory Mappings for an Individual Virtual Machine in a Protection Group,” on page 58.

For information about applying site-wide inventory mappings to an existing protection group, see

n

“Apply Inventory Mappings to All Members of a Protection Group,” on page 57.

Because placeholder virtual machines do not support NICs, you cannot change the network configurations
of placeholder virtual machines. You can only change the network for a placeholder virtual machine in the
inventory mappings. If no mapping for a network exists, you can specify a network when you configure
protection for an individual virtual machine. Changes that you make to the placeholder virtual machine
override the settings that you establish when you configure the protection of the virtual machine.
Site Recovery Manager preserves these changes at the recovery site during the test and recovery.

Inventory Mappings for Storage Policy Protection Groups

For storage policy protection, Site Recovery Manager applies inventory mappings to virtual machines when
you run a recovery plan that contains a storage policy protection group.

With array-based and vSphere Replication protection groups, Site Recovery Manager applies inventory
mappings at the moment that you configure protection on a virtual machine. With storage policy protection
groups, because storage policy protection is dynamic, Site Recovery Manager only applies the inventory
mappings at the moment that you run a recovery plan. Virtual machine placement decisions are made
according to the inventory mappings when a recovery plan runs, so Site Recovery Manager does not create
placeholder virtual machines on the recovery site.

34 VMware, Inc.

Chapter 3 Configuring Mappings

Because Site Recovery Manager applies inventory mappings for storage policy protection groups when you
run a recovery plan, you cannot configure individual mappings on virtual machines in storage policy
protection groups. Site Recovery Manager always uses the site-wide inventory mappings when you run a
recovery with storage policy protection. Test recovery, planned migration, and disaster recovery of recovery
plans that contain storage policy protection groups fail if inventory mappings are missing.

NOTE If the network mapping is missing but the other mappings are present and you run a test recovery,
Site Recovery Manager uses the auto-generated test network and the test succeeds with a warning. If a test
recovery succeeds with a warning about the missing network mapping, configure the network mapping and
run the test again. Planned migration and disaster recovery do not use the test network and fail if the
network mapping is missing.

If a recovery plan fails due to missing mappings and the protected site is available, configure the missing
mappings and run the plan again. For information about how to configure site-wide inventory mappings,
see “Configure Inventory Mappings,” on page 37.

Temporary Placeholder Mappings for Storage Policy Protection

Site Recovery Manager applies inventory mappings for storage policy protection at the moment that you
run a recovery plan. If you run a recovery plan that contains storage policy protection groups and you have
not configured inventory mappings, or if the objects that you mapped are missing, test recovery, planned
migration, and disaster recovery fail.

You can usually only configure inventory mappings when both the protected site and the recovery site are
available. If a recovery plan with storage policy protection groups fails due to missing mappings and the
protected site is not available, you cannot configure the missing mappings in the normal way. To mitigate
this situation, when a recovery fails due to missing mappings and the protected site is not available,
Site Recovery Manager creates temporary placeholder mappings. Temporary placeholder mappings allow
you to configure the missing mappings so that you can run the recovery successfully when the protected site
is offline. Temporary placeholder mappings are incomplete mappings that identify inventory objects on the
protected site that contain virtual machines that are included in the recovery plan. The temporary
placeholder mappings do not include target objects on the recovery site. When a recovery fails due to
missing mappings, the protected site is unavailable, and Site Recovery Manager creates temporary
placeholder mappings, you can complete the temporary placeholder mappings and rerun the recovery
successfully.

For information about how to configure temporary placeholder mappings, see “Configure Temporary

Placeholder Mappings,” on page 35.

Configure Temporary Placeholder Mappings

If a recovery plan that contains a storage policy protection group fails due to missing mappings and the
protected site is unavailable, Site Recovery Manager creates temporary placeholder mappings. You
complete these temporary placeholder mappings so that the recovery can succeed.

Because Site Recovery Manager applies inventory mappings to virtual machines in storage policy protection
groups at the moment that you run a recovery plan, storage policy protection groups require site-wide
inventory mappings. If site-wide inventory mappings are missing, recovery tests, planned migrations, and
disaster recovery of recovery plans that contain storage policy protection groups fail.

If a recovery plan that contains a storage policy protection group fails due to missing mappings and the
protected site is available, configure the missing mappings in the normal way and run the recovery again.
For information about how to configure site-wide inventory mappings, see “Configure Inventory

Mappings,” on page 37.

VMware, Inc. 35

Site Recovery Manager Administration

If a recovery plan that contains a storage policy protection group fails due to missing mappings and the
protected site is unavailable, you cannot configure the missing mappings normally. To allow the recovery to
succeed, you must complete the temporary placeholder mappings that Site Recovery Manager creates when
a recovery plan fails due to missing mappings.

Prerequisites

The protected site is unavailable.

n

You ran a disaster recovery on a recovery plan that contains a storage policy protection group.

n

The recovery failed due to missing inventory mappings.

n

Procedure

1 Select Site Recovery > Recovery Plans and select the recovery plan that failed.

2 Select Monitor > Recovery Steps and expand the steps that are in an error state.

3 Hover your pointer over an error message to see the full message.

If inventory mappings are missing, you see an error about missing mappings.

For example, if resource mappings are missing, you see Cannot fetch hosts associated with

placeholder VMs. Mapping for resourcePool address missing in resource mappings.

4 Select Site Recovery > Sites and select the recovery site.

You see a message informing you that the protected site is offline and that Site Recovery Manager has
created temporary placeholder mappings.

5 Select each of the Network Mappings, Folder Mappings, Resource Mappings, and Storage Policies

tabs.

Where mappings are missing, Site Recovery Manager has selected a resource on the protected site. The
corresponding resource on the recovery site shows Mapping is missing.

6 Select the temporary placeholder mapping and click the icon to edit the mapping.

7 Select a resource on the recovery site to map to from the resource on the protected site that

Site Recovery Manager selected, and click OK.

8 Select Site Recovery > Recovery Plans, select the recovery plan that failed, and run the recovery plan

again.

If you configured all of the missing mappings, the recovery succeeds. If there are still missing
mappings, the recovery fails.

9 If the recovery fails again, repeat steps Step 2 to Step 8 until the recovery succeeds.

What to do next

When the protected site is available again, configure site-wide inventory mappings in the normal way and
run recovery again so that Site Recovery Manager can complete the recovery steps on the protected site.

NOTE Site Recovery Manager does not retain temporary placeholder mappings. The temporary placeholder
mappings that you configured are lost if you restart Site Recovery Manager Server on the recovery site.
Always configure normal inventory mappings after you have run a recovery in which you had to configure
temporary placeholder mappings.

36 VMware, Inc.

Chapter 3 Configuring Mappings

Users Gain Access to Virtual Machines After Configuring Temporary Placeholder Mappings

Users who complete temporary placeholder mappings when the protected site is unavailable might gain
access to virtual machines that they should not.

Problem

The protected site is unavailable during a disaster recovery and Site Recovery Manager creates temporary
placeholder mappings. The user who runs the recovery plan completes the temporary placeholder
mappings and reruns the plan. After the recovery, the user has access to virtual machines on the recovery
site that they did not have permission to access on the protected site.

A user runs a disaster recovery when the protected site is unavailable.

n

The user does not have permission to access all of the inventory objects on the protected site.

n

Site Recovery Manager detects missing mappings, and creates temporary placeholder mappings that

n

include objects on the protected site that the user does not have permission to access.

The user configures the target mappings from the objects on the protected site to objects on the recovery

n

site to which they do have access.

After the recovery, because the recovered virtual machines use resources on the recovery site that the

n

user has permission to access, the user can access virtual machines that they did not have permission to
access when those virtual machines were on the protected site.

Cause

If the protected site is unavailable, Site Recovery Manager cannot perform permission checks on inventory
objects on the protected site before it uses them to create temporary placeholder mappings.

Solution

Verify that users who have permission to run recovery plans also have permission to access all of the objects
on both sites.

Configure Inventory Mappings

Inventory mappings provide default objects in the inventory on the recovery site for the recovered virtual
machines to use when you run recovery.

For array-based protection and vSphere Replication protection, if you configure site-wide inventory
mappings before you create protection groups, you do not have to configure protection individually on each
virtual machine when you create a protection group. Site Recovery Manager applies the site-wide mappings
to all virtual machines in an array-based replication protection group or a vSphere Replication protection
group at the moment that you create the protection group.

When you use storage policy protection, Site Recovery Manager applies inventory mappings at the moment
that a recovery plan runs. You cannot configure protection individually on the virtual machines in a storage
policy protection group. As a consequence, you must configure site-wide inventory mappings if you use
storage policy protection.

Procedure

1 In the vSphere Web Client, click Site Recovery > Sites, and select a site.

VMware, Inc. 37

Site Recovery Manager Administration

2 On the Manage tab, select the type of resource to configure.

Option Action

Network Mappings

Folder Mappings

Resource Mappings

3 Click the icon to create a new mapping.

4 Select whether to create the mapping automatically or manually and click Next.

This step only applies to network mappings and folder mappings. Automatic mapping is only available
for network and folder mappings. You must configure resource mappings manually.

Option Description

Automatically

Manually

5 Select the items on the protected site to map to items on the recovery site.

Map networks on the protected site to networks on the recovery site.

Map datacenters or virtual machine folders on the protected site to
datacenters or virtual machine folders on the recovery site.

Map resource pools, standalone hosts, vApps, or clusters on the protected
site to resource pools, standalone hosts, vApps, or clusters on the recovery
site. You can map any type of resource on one site to any type of resource
on the other site.

NOTE You cannot map individual hosts that are part of clusters to other
resource objects.

Site Recovery Manager automatically maps networks and folders on the
protected site to networks and folders on the recovery site that have the
same name.

To map specific networks and folders on the protected site to specific
networks, folders, and resources on the recovery site.

If you selected automatic mapping, expand the inventory items on the left to select a parent node

n

on the local site, for example a datacenter or a folder, then expand the inventory items on the right
to select a parent node on the remote site.

If you selected manual mapping, expand the inventory items on the left to select a specific object on

n

the local site, then expand the inventory items on the right to select the object on the remote site to
which to map this object.

If you select manual mapping, you can map multiple items on the local site to a single item on the
remote site. You can select only one item at a time on the remote site.

NOTE Auto-mapping for NSX universal wires is only supported with storage policy protection groups.
If you are using virtual machine protection groups, you must explicity configure network mapping
between the two ends of the universal wire to ensure that the virtual machines recover on the same
universal wire. See “Using Site Recovery Manager with VMware NSX,” on page 127.

6 Click Add mappings.

The mappings appear at the bottom of the page. If you selected automatic mapping,
Site Recovery Manager automatically maps all of the items under the node that you selected on the
protected site to items that have the same name under the node that you selected on the recovery site.

7 Click Next.

38 VMware, Inc.

8 (Optional) If you are configuring network mappings, in the Select test networks page, click the network

in the Test Network column and use the drop-down menu to select the network to use when you test
recovery plans.

You can configure Site Recovery Manager to create an isolated network on the recovery site for when
you test a recovery plan. Creating an isolated test network allows the test to proceed without adding
extra traffic on the production network on the recovery site.

Select Isolated network (auto created) to automatically create an isolated network on the recovery

n

site to use for tests. This is the default option.

Select an existing network on the recovery site to use for tests.

n

9 (Optional) On the Prepare reverse mappings page, select the check box for a mapping.

Selecting this option creates corresponding mappings from the item on the remote site to the item on
the local site. You require reverse mappings to establish bidirectional protection and to run reprotect
operations. You cannot select this option if two or more mappings have the same target on the remote
site.

10 Click Finish to create the mappings.

11 Repeat Step 2 through Step 10 to establish mappings for the remaining resource types.

About Storage Policy Mappings

Chapter 3 Configuring Mappings

You can protect virtual machines that you have associated with storage policies by including them in
storage policy protection groups.

Storage policies place virtual machines in the vCenter Server inventory and on datastores according to rules
and tags that you define in vCenter Server. Storage policies can move virtual machines in the inventory or to
different datastores, to accommodate changes in the vCenter Server environment.

If you map storage policies on the protected site to storage policies on the recovery site, when you run a
recovery plan, Site Recovery Manager places the recovered virtual machines in the vCenter Server inventory
and on datastores on the recovery site according to the storage policy that you mapped to on the recovery
site.

Select Storage Policy Mappings

If you map storage policies on the protected site to storage policies on the recovery site, when you run a
recovery plan, Site Recovery Manager can place the recovered virtual machines in the vCenter Server
inventory and on datastores on the recovery site according to the storage policy that you mapped to on the
recovery site.

Prerequisites

You created storage policies on both the protected site and the recovery site.

Procedure

1 In the vSphere Web Client, click Site Recovery > Sites, and select a site.

2 On the Manage tab, select Storage Policy Mappings.

3 Click the icon to create a new mapping.

VMware, Inc. 39

Site Recovery Manager Administration

4 Select whether to create the mapping automatically or manually and click Next.

Option Description

Automatically

Manually

5 Select the storage policies on the protected site to map to storage policies on the recovery site.

If you selected automatic mapping, Site Recovery Manager selects any storage policies on the

n

protected site for which a storage policy with the same name exists on the recovery site.

If you selected manual mapping, select a specific storage policy on the protected site, then select

n

the storage policy on the recovery site to which to map this storage policy.

If you select manual mapping, you can map multiple storage policies on the local site to a single storage
policy on the remote site. You can select only one item at a time on the remote site.

6 Click Add mappings.

The mappings appear at the bottom of the page.

7 Click Next.

Site Recovery Manager automatically maps storage policies on the
protected site to storage policies on the recovery site that have the same
name.

To map specific storage policies on the protected site to specific storage
policies on the recovery site.

8 (Optional) On the Prepare reverse mappings page, select the check box for a mapping.

Selecting this option creates corresponding mappings from the storage policy on the remote site to the
storage policy on the local site. You require reverse mappings to establish bidirectional protection and
to run reprotect operations. You cannot select this option if two or more mappings have the same target
on the remote site.

9 Click Finish to create the mappings.

40 VMware, Inc.

About Placeholder Virtual Machines 4

When you create an array-based replication protection group that contains datastore groups or a
vSphere Replication protection group that contains individual virtual machines, Site Recovery Manager
creates a placeholder virtual machine at the recovery site for each of the virtual machines in the protection
group.

A placeholder virtual machine is a subset of virtual machine files. Site Recovery Manager uses that subset of
files to register a virtual machine with vCenter Server on the recovery site.

The files of the placeholder virtual machines are very small, and do not represent full copies of the protected
virtual machines. The placeholder virtual machine does not have any disks attached to it. The placeholder
virtual machine reserves compute resources on the recovery site, and provides the location in the
vCenter Server inventory to which the protected virtual machine recovers when you run recovery.

The presence of placeholder virtual machines on the recovery site inventory provides a visual indication to
vCenter Server administrators that the virtual machines are protected by Site Recovery Manager. The
placeholders also indicate to vCenter Server administrators that the virtual machines can power on and start
consuming local resources when Site Recovery Manager runs tests or runs a recovery plan.

When you recover a protected virtual machine by testing or running a recovery plan,
Site Recovery Manager replaces the placeholder with the recovered virtual machine and powers it on
according to the settings of the recovery plan. After a recovery plan test finishes, Site Recovery Manager
restores the placeholders and powers off the recovered virtual machines as part of the cleanup process.

NOTE Site Recovery Manager does not create placeholder virtual machines for storage policy protection
groups. For information about how Site Recovery Manager places virtual machines on the recovery site
when you use storage policy protection groups, see “Inventory Mappings for Storage Policy Protection

Groups,” on page 34 and “About Storage Policy Mappings,” on page 39.

About Placeholder Virtual Machine Templates

When you protect a template on the protected site, Site Recovery Manager creates the placeholder template
by creating a virtual machine in the default resource pool of a compute resource and then by marking that
virtual machine as a template. Site Recovery Manager selects the compute resource from the set of available
compute resources in the datacenter on the recovery site to which the folder of the virtual machine on the
protected site is mapped. All the hosts in the selected compute resource must have access to at least one
placeholder datastore. At least one host in the compute resource must support the hardware version of the
protected virtual machine template.

VMware, Inc.

41

Site Recovery Manager Administration

About Placeholder Datastores

If you use array-based replication to protect datastore groups, or if you use vSphere Replication to protect
individual virtual machines, you must identify a datastore on the recovery site in which
Site Recovery Manager can store the placeholder virtual machine files.

NOTE Site Recovery Manager does not create placeholder virtual machines for storage policy protection
groups. You do not need to identify a placeholder datastore if you only use storage policy protection
groups.

Placeholder virtual machine files are very small, so the placeholder datastore does not need to be large
enough to accommodate the full virtual machines.

To enable planned migration and reprotect, you must select placeholder datastores on both sites.

This chapter includes the following topics:

“What Happens to Placeholder Virtual Machines During Recovery,” on page 42

n

“Select a Placeholder Datastore,” on page 43

n

What Happens to Placeholder Virtual Machines During Recovery

When you create array-based protection groups and vSphere Replication protection groups,
Site Recovery Manager creates placeholder virtual machines on the recovery site. When you run a recovery
plan that contains these protection groups, Site Recovery Manager replaces the placeholders with real
virtual machines.

NOTE Site Recovery Manager does not create placeholder virtual machines for storage policy protection
groups. This example applies to array-based protection groups and to vSphere Replication protection
groups. It does not apply to storage policy protection groups. For information about how
Site Recovery Manager recovers virtual machines when you use storage policy protection groups, see

“About Storage Policy Protection Groups,” on page 48.

This example illustrates the process by which Site Recovery Manager replaces placeholder virtual machines
on the recovery site with real virtual machines when you run recovery plans that contain array-based
protection groups and vSphere Replication protection groups.

1 Virtual machines replicate to the recovery site independently of Site Recovery Manager, according to

the type of replication that you use.

For datastore-based replication, the storage array replicates datastores that contain virtual machine

n

files as raw storage in the target storage array.

vSphere Replication replicates individual virtual machines by making copies of the virtual

n

machines in the datastore that you configure as the vSphere Replication target. These virtual
machine copies are not powered on.

2 You designate a datastore on the recovery site for Site Recovery Manager to use to store placeholder

virtual machine files.

3 When you configure Site Recovery Manager protection on a virtual machine by adding a datastore

group or an individual virtual machine to a protection group, Site Recovery Manager creates a
placeholder for that virtual machine in the placeholder datastore on the recovery site.

42 VMware, Inc.

4 When you run a recovery plan, Site Recovery Manager shuts down the virtual machines on the

protected site, and activates the virtual machines on the recovery site according to the type of
replication that you use.

For datastore-based replication, Site Recovery Manager surfaces the raw storage on the recovery

n

site that contains the replicated virtual machines as a vCenter Server datastore.
Site Recovery Manager registers the recovered datastore with the ESXi host or cluster with which
the placeholder datastore is registered.

vSphere Replication powers on the copies of the virtual machines on the recovery site.

n

5 Site Recovery Manager sends a request to vCenter Server to swap the identity of the placeholder virtual

machines for the replicated virtual machines that have surfaced on the recovery site.

Select a Placeholder Datastore

If you use array-based protection groups or vSphere Replication protection groups, you must specify a
placeholder datastore on the recovery site for Site Recovery Manager to use to store placeholder virtual
machines.

You must configure a placeholder datastore on both sites in the pair to establish bidirectional protection and
to perform reprotect.

NOTE Site Recovery Manager does not create placeholder virtual machines for storage policy protection
groups. You do not need to select a placeholder datastore if you only use storage policy protection groups.

Chapter 4 About Placeholder Virtual Machines

Prerequisites

Verify that you connected and paired the protected and recovery sites.

n

Placeholder datastores must meet certain criteria.

n

For clusters, the placeholder datastores must be visible to all of the hosts in the cluster.

n

You cannot select as placeholder datastores any datastores that are replicated by using array-based

n

replication.

Do not select as placeholder datastores any datastores that you use as the replication target

n

datastore for vSphere Replication.

Procedure

1 In the vSphere Web Client, click Site Recovery > Sites, and select a site.

2 On the Manage tab, click Placeholder Datastores.

3 Click the icon to configure a placeholder datastore.

4 Select a datastore to designate as the location for placeholder virtual machines on the local site, and

click OK.

Previously configured datastores appear but you cannot select them. If a datastore is replicated, but
Site Recovery Manager does not have an array manager for that datastore, the option to select the
replicated datastore might be available. Do not select replicated datastores that Site Recovery Manager
does not manage.

IMPORTANT If you use vSphere Replication, do not select a placeholder datastore that you already use
as the target datastore for replications. Selecting the same datastore for placeholder virtual machines as
you use to contain the replica virtual machines that vSphere Replication creates can cause problems
when you run reprotect.

Make sure placeholder datastores are not in the same Storage DRS cluster as the vSphere Replication
replica target datastores.

VMware, Inc. 43

Site Recovery Manager Administration

5 Select the other site in the pair.

6 Repeat Step 2 to Step 4 to configure a placeholder datastore on the other site.

44 VMware, Inc.

Creating and Managing Protection

Groups 5

After you configure a replication solution, you can create protection groups. A protection group is a
collection of virtual machines that Site Recovery Manager protects together.

You can include one or more protection groups in a recovery plan. A recovery plan specifies how
Site Recovery Manager recovers the virtual machines in the protection groups that it contains.

You configure virtual machines and create protection groups differently depending on whether you use
array-based replication, vSphere Replication, or storage policy protection. You cannot create protection
groups that combine virtual machines for which you configured array-based replication with virtual
machines for which you configured vSphere Replication or storage policy protection. You can include a
combination of array-based replication protection groups and vSphere Replication protection groups in the
same recovery plan. You cannot include storage policy protection groups in the same recovery plan as
array-based replication protection groups and vSphere Replication protection groups.

After you configure replication on virtual machines, you must assign each virtual machine to an existing
resource pool, folder, and network on the recovery site. You can specify site-wide defaults for these
assignments by selecting inventory mappings. For array-based replication protection groups and
vSphere Replication protection groups, if you do not specify inventory mappings, you configure mappings
individually for each virtual machine in the protection group. You cannot configure mappings individually
for virtual machines in storage policy protection groups, so you must configure site-wide inventory
mappings if you use storage policy protection groups.

VMware, Inc.

After you create an array-based replication protection group or a vSphere Replication protection group,
Site Recovery Manager creates placeholder virtual machines on the recovery site and applies the inventory
mappings to each virtual machine in the group. If Site Recovery Manager cannot map a virtual machine to a
folder, network, or resource pool on the recovery site, Site Recovery Manager sets the virtual machine to the
Mapping Missing status, and does not create a placeholder for it. For storage policy protection groups,
Site Recovery Manager applies inventory mappings when you run a recovery plan. Site Recovery Manager
does not create placeholder virtual machines for storage policy protection groups.

Site Recovery Manager cannot protect virtual machines on which you did not configure or on which you
incorrectly configured replication. In the case of array-based replication, this is true even if the virtual
machines reside on a protected datastore.

This chapter includes the following topics:

“About Array-Based Replication Protection Groups and Datastore Groups,” on page 46

n

“About vSphere Replication Protection Groups,” on page 47

n

“About Storage Policy Protection Groups,” on page 48

n

“Create Protection Groups,” on page 53

n

“Organize Protection Groups in Folders,” on page 55

n

45

Site Recovery Manager Administration

“Add or Remove Datastore Groups or Virtual Machines to or from a Protection Group,” on page 56

n

“Apply Inventory Mappings to All Members of a Protection Group,” on page 57

n

“Configure Inventory Mappings for an Individual Virtual Machine in a Protection Group,” on

n

page 58

“Modifying the Settings of a Protected Virtual Machine,” on page 59

n

“Remove Protection from a Virtual Machine,” on page 60

n

“Protection Group Status Reference,” on page 61

n

“Virtual Machine Protection Status Reference,” on page 62

n

About Array-Based Replication Protection Groups and Datastore Groups

When you create a protection group for array-based replication, you specify array information and
Site Recovery Manager computes the set of virtual machines to a datastore group. Datastore groups contain
all the files of the protected virtual machines.

You add virtual machines to an array-based replication protection group by placing them in a datastore that
belongs to a datastore group that Site Recovery Manager associates with a protection group.
Site Recovery Manager recomputes the datastore groups when it detects a change in a protected virtual
machine. For example, if you add a hard disk that is on another LUN to a protected virtual machine,
Site Recovery Manager adds the LUN to the datastore group of that protection group. You must reconfigure
the protection to protect the new LUN. Site Recovery Manager computes consistency groups when you
configure an array pair or when you refresh the list of devices.

You can also add virtual machines to the protection group by using Storage vMotion to move their files to
one of the datastores in the datastore group. You can remove a virtual machine from an array-based
replication protection group by moving the virtual machine's files to another datastore.

If your storage array supports consistency groups, Site Recovery Manager is compatible with vSphere
Storage DRS and vSphere Storage vMotion. You can use Storage DRS and Storage vMotion to move virtual
machine files within a consistency group that Site Recovery Manager protects. If your storage array does not
support consistency groups, you cannot use Storage DRS and Storage vMotion in combination with
Site Recovery Manager.

How Site Recovery Manager Computes Datastore Groups

Site Recovery Manager determines the composition of a datastore group by the set of virtual machines that
have files on the datastores in the group, and by the devices on which those datastores are stored.

When you use array-based replication, each storage array supports a set of replicated datastores. On storage
area network (SAN) arrays that use connection protocols such as Fibre Channel and iSCSI, these datastores
are called logical storage units (LUN) and are composed of one or more physical datastores. On network file
system (NFS) arrays, the replicated datastores are typically referred to as volumes. In every pair of
replicated storage devices, one datastore is the replication source and the other is the replication target. Data
written to the source datastore is replicated to the target datastore on a schedule controlled by the
replication software of the array. When you configure Site Recovery Manager to work with a storage
replication adapter (SRA), the replication source is at the protected site and the replication target is at the
recovery site.

46 VMware, Inc.

Chapter 5 Creating and Managing Protection Groups

A datastore provides storage for virtual machine files. By hiding the details of physical storage devices,
datastores simplify the allocation of storage capacity and provide a uniform model for meeting the storage
needs of virtual machines. Because any datastore can span multiple devices, Site Recovery Manager must
ensure that all devices backing the datastore are replicated before it can protect the virtual machines that use
that datastore. Site Recovery Manager must ensure that all datastores containing protected virtual machine
files are replicated. During a recovery or test, Site Recovery Manager must handle all such datastores
together.

To achieve this goal, Site Recovery Manager aggregates datastores into datastore groups to accommodate
virtual machines that span multiple datastores. Site Recovery Manager regularly checks and ensures that
datastore groups contain all necessary datastores to provide protection for the appropriate virtual machines.
When necessary, Site Recovery Manager recalculates datastore groups. For example, this can occur when
you add new devices to a virtual machine, and you store those devices on a datastore that was not
previously a part of the datastore group.

A datastore group consists of the smallest set of datastores required to ensure that if any of a virtual
machine's files is stored on a datastore in the group, all of the virtual machine's files are stored on datastores
that are part of the same group. For example, if a virtual machine has disks on two different datastores, then
Site Recovery Manager combines both datastores into a datastore group. Site Recovery Manager combines
devices into datastore groups according to set criteria.

Two different datastores contain files that belong to the same virtual machine.

n

Datastores that belong to two virtual machines share a raw disk mapping (RDM) device on a SAN

n

array, as in the case of a Microsoft cluster server (MSCS) cluster.

Two datastores span extents corresponding to different partitions of the same device.

n

A single datastore spans two extents corresponding to partitions of two different devices. The two

n

extents must be in a single consistency group and the SRA must report consistency group information
from the array in the device discovery stage. Otherwise, the creation of protection groups based on this
datastore is not possible even though the SRA reports that the extents that make up this datastore are
replicated.

Multiple datastores belong to a consistency group. A consistency group is a collection of replicated

n

datastores where every state of the target set of datastores existed at a specific time as the state of the
source set of datastores. Informally, the datastores are replicated together such that when recovery
happens using those datastores, software accessing the targets does not see the data in a state that the
software is not prepared to deal with.

Protecting Virtual Machines on VMFS Datastores that Span Multiple LUNs or
Extents

Not all SRAs report consistency group information from the storage array, because not all storage arrays
support consistency groups. If an SRA reports consistency group information from the array following a
datastore discovery command, the LUNs that constitute a multi-extent VMFS datastore must be in the same
storage array consistency group. If the array does not support consistency groups and the SRA does not
report any consistency group information, Site Recovery Manager cannot protect virtual machines located
on the multi-extent datastore.

About vSphere Replication Protection Groups

You can include virtual machines that you configured for vSphere Replication in vSphere Replication
protection groups.

Virtual machines in the vCenter Server inventory that are configured for vSphere Replication are available
for selection when you create or edit a vSphere Replication protection group.

VMware, Inc. 47

Site Recovery Manager Administration

You select a target location on a datastore on the remote site when you configure vSphere Replication on a
virtual machine. When you include a virtual machine with vSphere Replication in a protection group,
Site Recovery Manager creates a placeholder virtual machine for recovery. It is possible for the replication
target for vSphere Replication and the placeholder virtual machine that Site Recovery Manager creates to
both be on the same datastore on the recovery site because they are created in different datastore folders.
When the replication target and the placeholder virtual machines are in the same datastore,
Site Recovery Manager creates the placeholder virtual machine name by using the replication target name
with the suffix (1). To avoid confusion, the best practice is to use different datastores for the
vSphere Replication replication target and for the Site Recovery Manager placeholder virtual machines.
Site Recovery Manager applies the inventory mappings to the placeholder virtual machine on the recovery
site.

vSphere Replication synchronizes the disk files of the replication target virtual machine according to the
recovery point objective that you set when you configured vSphere Replication on the virtual machine.
When you perform a recovery with Site Recovery Manager, Site Recovery Manager powers on the
replication target virtual machine and registers it with vCenter Server on the recovery site in the place of the
placeholder virtual machine.

When using vSphere Replication protection groups, Site Recovery Manager is dependent on
vSphere Replication, but vSphere Replication is not dependent on Site Recovery Manager. You can use
vSphere Replication independently of Site Recovery Manager. For example, you can use
vSphere Replication to replicate all of the virtual machines in the vCenter Server inventory, but only include
a subset of those virtual machines in protection groups. Changes that you make to vSphere Replication
configuration can affect the Site Recovery Manager protection of the virtual machines that you do include in
protection groups.

Site Recovery Manager monitors the vSphere Replication status of the virtual machines in

n

vSphere Replication protection groups. If replication is not functioning for a virtual machine in a
protection group, Site Recovery Manager cannot recover the virtual machine.

If you unconfigure vSphere Replication on a virtual machine, Site Recovery Manager continues to

n

include that virtual machine in protection groups in which you included it. Site Recovery Manager
cannot recover that virtual machine until you reconfigure replication. If you unconfigure
vSphere Replication on a virtual machine, you can remove it from the protection group manually.

If you configured vSphere Replication on a virtual machine that resides on a datastore that

n

Site Recovery Manager already protects with array-based replication, Site Recovery Manager reports an
error if you try to include that virtual machine in a vSphere Replication protection group.

If you remove a virtual machine with vSphere Replication from a protection group, vSphere Replication
continues to replicate the virtual machine to the recovery site. The virtual machine does not recover with the
rest of the virtual machines in the protection group if you run an associated recovery plan.

About Storage Policy Protection Groups

Storage policy protection groups enable the automatic protection of virtual machines that are associated
with a storage policy.

You use array-based replication to replicate the datastores from the protected site to the recovery site. If you
tag a datastore and you create a storage policy that maps to that tag, the datastore is automatically
associated with that storage policy. A storage policy protection group that includes that storage policy
automatically protects any virtual machines that have been tagged appropriately that reside on the
datastore. If you disassociate a virtual machine from the storage policy or move it off the datastore,
Site Recovery Manager automatically unprotects it.

When you create a storage policy protection group, Site Recovery Manager performs the following
operations:

Creates a managed object that represents the storage policy protection group on the local

n

Site Recovery Manager Server instance.

48 VMware, Inc.

Chapter 5 Creating and Managing Protection Groups

Associates the storage policies that you select with the storage policy protection group.

n

Site Recovery Manager protects all compliant storage policies that you include in the storage policy
protection group.

The local storage policy protection group actively protects the appropriate vSphere entities on the local

n

vCenter Server instance and determines the compliance of the storage policies that it contains. The
initial protection of the newly created storage policy protection group includes protecting all of the
virtual machines that are associated with the storage polices in the protection group, based on the latest
known state of the vSphere inventory.

NOTE The initial protection does not include any storage synchronization for the associated consistency
groups. You must replicate the storage according to its regular schedule, independently of vSphere and
Site Recovery Manager.

Starts vSphere inventory monitoring to detect any vSphere entities that are added to the inventory after

n

the initial protection. If Site Recovery Manager fails to protect any vSphere entities, the creation of the
storage policy protection group does not fail, but errors appear in the protection group properties.

Creates a peer managed object to represent the storage policy protection group on the

n

Site Recovery Manager Server instance on the recovery site. This object is ready for recovery
immediately after creation, even if the underlying storage is not yet ready for recovery.

After you create a storage policy protection group, you might need to synchronize the underlying storage to
make sure that the protected vSphere entities are recoverable. Run a test recovery with the option to
replicate recent changes as soon as possible after you create the protection group.

Prerequisites for Storage Policy Protection Groups

When you create storage policy protection groups, you must first create storage policies and ensure that
your environment meets certain prerequisites.

Prerequisites

Create datastore tags and assign them to datastores to associate with a storage policy:

n

If your environment does not use Enhanced Linked Mode, create tag categories and tags and

n

assign them to the datastores to protect on the protected site. Create tag categories and tags and
assign them to the datastores to which to recover virtual machines on the recovery site. The tag and
category names must be identical on both sites.

If your environment uses Enhanced Linked Mode, create tag categories and tags only on the

n

protected site. The tags are replicated to other vCenter Server instances in Enhanced Linked Mode
environments.

Create virtual machine storage polices in vCenter Server on both sites, that include the tags that you

n

assigned to the datastores to protect. Create virtual machine policies on both sites even if your
environment uses Enhanced Linked Mode. The storage policies can have different names on each site.

Associate virtual machines to protect with the appropriate storage policy on the protected site. You

n

must associate all of a virtual machine's disks with the same storage policy.

Configure array-based replication of the datastores from the protected site to the recovery site by using

n

the replication technology that your array vendor provides.

Configure inventory mappings in Site Recovery Manager. If you use storage policy protection groups

n

and you do not configure mappings, planned migration or disaster recovery fail and
Site Recovery Manager creates temporary placeholder mappings.

When Site Recovery Manager Server starts, Site Recovery Manager queries the storage policy-based

n

management and tag manager services in vCenter Server to find virtual machines that are associated
with a storage policy. These services and vCenter Server must be running when you start or restart
Site Recovery Manager Server. If they are not running, Site Recovery Manager Server does not start.

VMware, Inc. 49

Site Recovery Manager Administration

For information about how to create storage policies, see Virtual Machine Storage Policies in the VMware
vSphere ESXi and vCenter Server 6.0 Documentation.

For information about how to create inventory mappings, see “Configure Inventory Mappings,” on page 37.

For information about temporary placeholder mappings, see “Inventory Mappings for Storage Policy

Protection Groups,” on page 34.

For information about known limitations of storage policy protection groups, see “Limitations of Storage

Policy Protection Groups,” on page 50.

Limitations of Storage Policy Protection Groups

Storage policy protection groups are subject to limitations.

Adding Consistency Groups or Virtual Machines After Running a Recovery

Site Recovery Manager does not support the recovery of new consistency groups or virtual machines that
you add to a storage policy protection group that is in the Recovered or Partially Recovered states. Namely,
you cannot add consistency groups or virtual machines to a storage policy protection group if you have
successfully or unsuccessfully run a recovery plan that contains that protection group. Do not add new
consistency groups or virtual machines to a storage policy protection group in the Recovered or Partially
Recovered states. You can add new consistency groups or virtual machines to an existing storage policy
protection group that has never been included in a recovery plan run, or that has only been included in test
recoveries.

When you have run a recovery plan that contains a storage policy protection group, you must include any
new consistency groups or virtual machines in a new storage policy protection group. Remove new
consistency groups or virtual machines from the recovered storage policy protection group before you add
them to a new storage policy protection group. Site Recovery Manager only supports the protection of an
object in a single protection group.

Protecting Virtual Machine Templates

Datastores that are compliant with protected storage policies should not contain virtual machine templates.

Protecting Virtual Machines with RDM Disks

Datastores that are compliant with protected storage policies should not contain virtual machines with RDM
disks.

Duplicate Tags in Enhanced Linked Mode Environments

In an environment that uses Enhanced Linked Mode, if a temporary network partition occurs between
vCenter Server instances, it is possible to create a tag on one site and to create another tag with the same
name on another site. You might then tag one set of datastores on one site with the first tag, and another set
of datastores on the other site with the second, identical tag. Because Site Recovery Manager looks up tags
by name rather than by ID, when the network partition is removed, the datastores on both sites appear to be
tagged with the same tag. If you delete one of the duplicate tags, Site Recovery Manager might remove
protection from the consistency groups that reside in the datastore that bore that tag. The virtual machines
in those consistency groups lose their protection and the recovery settings for the virtual machines are
deleted.

To avoid this situation, resolve tag conflicts before creating storage policy protection groups and
configuring virtual machine recovery settings. If you encounter this situation after you have already created
storage policy protection groups, shut down the protected site temporarily and resolve the tag conflict.

50 VMware, Inc.

Chapter 5 Creating and Managing Protection Groups

Changing Array States Between Recovery and Reprotect

After running a recovery plan but before running reprotect, if you change the state of an array device, for
example to fix issues with reversal of replication, and you initiate a rescan of the storage devices,
Site Recovery Manager can stop unexpectedly. If this occurs, you must recreate the corresponding
protection groups and recovery plans.

Associating Nonreplicated Datastores with Storage Policies

It is possible to associate a nonreplicated datastore with a storage policy that you include in a storage policy
protection group. However, Site Recovery Manager does not protect the virtual machines that reside on a
nonreplicated datastore, even if that datastore is associated with a storage policy that is included in a
storage policy protection group. Any virtual machines that have files on a nonreplicated datastore appear
with errors in the protection group and are not recovered if you run a recovery plan that includes that
protection group.

Datastores Spanning Multiple Consistency Groups

Do not configure datastores to span multiple consistency groups. Site Recovery Manager cannot protect
such datastores or virtual machines that use multiple consistency groups and operations can fail.

The protection group might skip the consistency group if no other datastores backed by the consistency

n

group are part of the storage policy.

The protection group might not report problems related to the datastores.

n

Virtual machines using datastores that span consistency groups are in a nonprotected state even if the

n

virtual machines use the correct storage policy.

The datastores that span multiple consistency groups will appear to be nonreplicated and are not

n

protected by the storage policy protection group. Those datastores might disappear when
Site Recovery Manager migrates the protection group to the recovery site.

Protecting the Same Consistency Groups in both Array-Based Replication and
Storage Policy Protection Groups

If you tag a replicated datastore and associate it with a storage policy, you can include the storage policy
and its associated consistency groups in a storage policy protection group. It is also possible to include a
datastore group that contains the tagged datastore in an array-based replication protection group.
Consequently, consistency groups can end up being included in both an array-based replication protection
group and in a storage policy protection group.

When a storage policy protection group and an array-based replication protection group both attempt to
protect the same consistency group, the array-based replication protection group takes the ownership of the
consistency group and the virtual machines that it contains. The storage policy protection group marks the
consistency group and virtual machines in an error state. In this situation, you must remove the consistency
group from one of the protection groups.

To keep the consistency group in the array-based replication protection group, disassociate the affected

n

virtual machines from the storage policy. Also disassociate the consistency group from the storage
policy. This removes them from the storage policy protection group.

To keep the consistency group in the storage policy protection group, edit the array-based replication

n

protection group to remove the datastore and virtual machines. This automatically resolves the error in
the storage policy protection group.

VMware, Inc. 51

Site Recovery Manager Administration

Storage Policy Protection Groups and Periodic Polling

Storage policy protection groups attempt to protect virtual machines associated with storage policies only
during policy association when Site Recovery Manager Server starts. Site Recovery Manager does not
attempt to periodically protect virtual machines that are already associated with a storage policy.

As a result of the absence of periodic polling of the virtual machines in storage policy protection groups,
some limitations apply to storage policy protection groups.

If you make modifications to a virtual machine's storage policy associations while

n

Site Recovery Manager is disconnected from vCenter Server, the changes might not be reflected. This is
also true if you delete a virtual machine and it is automatically disassociated from its storage policy.

If you protect a virtual machine that is associated with two protection groups, where one is a storage

n

policy protection group, the storage policy protection group does not automatically protect the virtual
machine if you delete the other protection group. You must reapply the storage policy to the virtual
machine for it to be protected by the storage policy protection group.

If you protect a virtual machine that is associated with two protection groups, where one is a storage

n

policy protection group, the storage policy protection group does not automatically protect the virtual
machine if you reconfigured the other protection group to prevent virtual machine overlap. You must
reapply the storage policy to the virtual machine for it to be protected by the storage policy protection
group.

If you protect a virtual machine that is associated with two storage policy protection groups, migrate

n

the virtual machine, and update its storage policy to associate it with the newer protection group rather
than with the older one, the protection of the virtual machine might fail.

Storage policy protection groups do not automatically protect some virtual machines in certain
circumstances.

Virtual machines that are not initially protected due to licensing limits are not protected even after you

n

modify consistency groups and virtual machines to meet the licensing limit.

Virtual machines that are not initially protected due to licensing limits are not protected even after you

n

install a license for a larger number of virtual machines.

Virtual machine templates that are not initially protected are not protected even after you convert them

n

to standard virtual machines.

Virtual machines in vApps that are not initially protected are not protected even after you move them

n

to a standard resource pool.

To resolve these problems, reassociate the affected virtual machines with their current storage policies or
restart Site Recovery Manager Server.

Storage Policy Protection Groups and Nonprotected Virtual Machines

Your environment, the implementation of your storage policies, and the configuration of the datastores and
virtual machines to protect must meet the prerequisites for storage policy protection groups. If they do not
meet the prerequisites, Site Recovery Manager might not protect all of the virtual machines in a storage
policy protection group.

For the prerequisites that you must satisfy for storage policy protection, see “Prerequisites for Storage Policy

Protection Groups,” on page 49.

For example, virtual machines that are not associated with a storage policy can reside in a tagged datastore
alongside virtual machines that are associated with a storage policy. If you include the storage policy in a
storage policy protection group, because these virtual machines are not associated with that storage policy,
Site Recovery Manager does not protect them.

52 VMware, Inc.

Chapter 5 Creating and Managing Protection Groups

Nonprotected virtual machines can appear in storage policy protection groups for reasons other than the
non-association of virtual machines with the correct storage policy. For descriptions of other circumstances
in which nonprotected virtual machines can appear in storage policy protection groups, see “Limitations of

Storage Policy Protection Groups,” on page 50.

Similarly, because Site Recovery Manager does not periodically poll virtual machines in storage policy
protection groups, Site Recovery Manager might fail to protect virtual machines that change or that are
included in more than one storage policy protection group. For information about the limitations of storage
policy protection groups caused by the absence of polling, see “Storage Policy Protection Groups and

Periodic Polling,” on page 52.

If a storage policy protection group includes nonprotected virtual machines, these virtual machines appear
in the Related Objects > Virtual Machines view for the storage policy protection group. The protection
group appears in an error state.

How Site Recovery Manager handles nonprotected virtual machines depends on the type of recovery that
you run.

NOTE You can only attempt to protect nonprotected virtual machines in storage policy protection groups on
which you have never run recovery. If you have successfully or unsuccessfully run recovery on a storage
policy protection group that contains nonprotected virtual machines, you must remove those virtual
machines from the storage policy protection group.

If you run a test recovery on a storage policy protection group that contains nonprotected virtual

n

machines, the operation fails with errors. If a test recovery fails due to nonreplicated virtual machines,
run cleanup before you attempt to protect or remove the nonprotected virtual machines, then run the
test again. After you have run cleanup, if you have never run a recovery on this protection group,
attempt to fix the protection of the affected virtual machines, for example by associating them with the
correct storage policy, or by moving virtual machine files from a nonreplicated datastore to a replicated
datastore.

If you run planned migration on a storage policy protection group that contains nonprotected virtual

n

machines, the operation fails and the recovery plan shows the Incomplete Recovery state. During the
deactivation step of planned migration, nonprotected virtual machines on the protected site can prevent
Site Recovery Manager from making the storage read-only, or virtual machines might lose access to
their data. If a protection group is in the Incomplete Recovery state, you must remove the nonprotected
virtual machines out of the protected datastore and disassociate them from the storage policy.

If you run disaster recovery on a storage policy protection group that contains nonprotected virtual

n

machines, the operation succeeds but Site Recovery Manager does not recover the nonprotected virtual
machines. When the protected site comes back online and you attempt to run planned migration to
complete the recovery, the planned migration fails if nonprotected virtual machines are still present on
the protected site. If a protection group is in the Incomplete Recovery state, you must remove the
nonprotected virtual machines out of the protected datastore and disassociate them from the storage
policy.

Create Protection Groups

You create protection groups to enable Site Recovery Manager to protect virtual machines.

You can organize protection groups in folders. Different views in the vSphere Web Client display the names
of the protection groups, but they do not display the folder names. If you have two protection groups with
the same name in different folders, it might be difficult to tell them apart in some views in the
vSphere Web Client. Consequently, ensure that protection group names are unique across all folders. In
environments in which not all users have view privileges for all folders, to be sure of the uniqueness of
protection group names, do not place protection groups in folders.

VMware, Inc. 53

Site Recovery Manager Administration

When you create protection groups, wait to ensure that the operations finish as expected. Make sure that
Site Recovery Manager creates the protection group and that the protection of the virtual machines in the
group is successful.

Prerequisites

Verify that you performed one of the following tasks:

Included virtual machines in datastores for which you configured array-based replication

n

Satisfied the requirements in “Prerequisites for Storage Policy Protection Groups,” on page 49 and

n

reviewed the “Limitations of Storage Policy Protection Groups,” on page 50.

Configured vSphere Replication on virtual machines

n

Performed a combination of some or all of the above

n

Procedure

1 In the vSphere Web Client, click Site Recovery > Protection Groups.

2 On the Objects tab, click the icon to create a protection group.

3 On the Name and location page, enter a name and description for the protection group, select a pair of

sites or a folder, and click Next.

4 On the Protection group type page, select the direction of protection and the protection group type, and

click Next.

Option Action

Create an array-based replication
protection group

Create a vSphere Replication
protection group

Create a storage policy protection
group

Select Datastore groups (array-based replication) and select an array pair.

Select Individual VMs (vSphere Replication).

Select Storage Policies (array-based replication).

5 Select datastore groups, virtual machines, or storage policies to add to the protection group.

Option Action

Array-based replication protection
groups

vSphere Replication protection
groups

Storage policy protection groups

Select datastore groups and click Next.

When you select a datastore group, the virtual machines that the group
contains appear in the Virtual machines table.

Select virtual machines from the list, and click Next.

Only virtual machines that you configured for vSphere Replication and
that are not already in a protection group appear in the list.

Select storage policies from the list, and click Next.

6 Review your settings and click Finish.

You can monitor the progress of the creation of the protection group on the Objects tab.

For array-based replication and vSphere Replication protection groups, if Site Recovery Manager

n

successfully applied inventory mappings to the protected virtual machines, the protection status of
the protection group is OK.

For storage policy protection groups, if Site Recovery Manager successfully protected all of the

n

virtual machines associated with the storage policy, the protection status of the protection group is
OK.

54 VMware, Inc.

Chapter 5 Creating and Managing Protection Groups

For array-based replication and vSphere Replication protection groups, if you did not configure

n

inventory mappings, or if Site Recovery Manager was unable to apply them, the protection status
of the protection group is Not Configured.

For storage policy protection groups, if Site Recovery Manager could not protect all of the virtual

n

machines associated with the storage policy, the protection status of the protection group is Not
Configured.

What to do next

For array-based replication and vSphere Replication protection groups, if the protection status of the
protection group is Not Configured, apply inventory mappings to the virtual machines:

To apply site-wide inventory mappings, or to check that inventory mappings that you have already set

n

are valid, see Select Inventory Mappings in Site Recovery Manager Installation and Configuration. To apply
these mappings to all of the virtual machines, see “Apply Inventory Mappings to All Members of a

Protection Group,” on page 57.

To apply inventory mappings to each virtual machine in the protection group individually, see

n

“Configure Inventory Mappings for an Individual Virtual Machine in a Protection Group,” on

page 58.

For storage policy protection groups, if the protection status of the protection group is Not Configured,
verify that you satisfied the prerequisites in “Prerequisites for Storage Policy Protection Groups,”
on page 49, review “Limitations of Storage Policy Protection Groups,” on page 50, modify the storage policy
implementation accordingly, and attempt to recreate the protection group.

Organize Protection Groups in Folders

You can create folders in which to organize protection groups.

Organizing protection groups into folders is useful if you have many protection groups. You can limit the
access to protection groups by placing them in folders and assigning different permissions to the folders for
different users or groups. For information about how to assign permissions to folders, see “Assign Site

Recovery Manager Roles and Permissions,” on page 15.

Procedure

1 In the Home view of the vSphere Web Client, click Site Recovery.

2 Expand Inventory Trees and click Protection Groups.

3 Select the Related Objects tab and click Folders.

4 Click the Create Folder icon, enter a name for the folder to create, and click OK.

5 Add new or existing protection groups to the folder.

Option Description

Create a new protection group

Add an existing protection group

6 (Optional) To rename or delete a folder, right-click the folder and select Rename Folder or Delete

Folder.

Right-click the folder and select Create Protection Group.

Drag and drop protection groups from the inventory tree into the folder.

You can only delete a folder if it is empty.

VMware, Inc. 55

Site Recovery Manager Administration

Add or Remove Datastore Groups or Virtual Machines to or from a Protection Group

You can add or remove datastore groups in an array-based replication protection group, or add or remove
virtual machines in a vSphere Replication protection group. You can also change the name and description
of an array-based or vSphere Replication protection group.

NOTE You cannot edit storage policy protection groups after their initial creation. You add virtual machines
to or remove virtual machines from an existing storage policy protection group by modifying the storage
policy associations of virtual machines in protected datastores. You can only add or remove virtual
machines in a storage policy protection group if recovery has never been run on that protection group. For
more information, see “Limitations of Storage Policy Protection Groups,” on page 50.

Prerequisites

You created an array-based replication protection group or a vSphere Replication protection group.

Procedure

1 In the vSphere Web Client, click Site Recovery > Protection Groups.

2 Right-click a protection group and select Edit Protection Group.

3 (Optional) Change the name or description of the protection group and click Next.

You cannot change the Location setting.

4 Click Next.

You cannot change the Protected Site or Replication Type settings. For array-based replication
protection groups, you cannot change the array pair.

5 Modify the datastore groups or virtual machines that the protection group contains.

For array-based protection groups, select or deselect datastore groups to add them to or remove

n

them from the protection group, and click Next.

For vSphere Replication protection groups, select or deselect virtual machines to add them to or

n

remove them from the protection group, and click Next.

6 Review the settings and click Next to apply the settings.

You cannot revert or cancel the changes while Site Recovery Manager updates the protection group.

7 Click Finish to close the wizard.

If you configured site-wide inventory mappings, Site Recovery Manager applies the mappings to the virtual
machines that you added to the protection group. If successful, the status for the virtual machines is OK.

NOTE When you add datastores or virtual machines to a protection group, inventory mappings only apply
to the new virtual machines. For example, if you change inventory mappings, then add a datastore to a
protection group that is in the OK state, Site Recovery Manager applies the new mappings to the newly
protected virtual machines that reside in the new datastore. The previously protected virtual machines
continue to use the old mappings.

If you have not configured site-wide inventory mappings, the status for the protection group is Not
Configured and the status for the new virtual machines is Mapping Missing.

56 VMware, Inc.

Chapter 5 Creating and Managing Protection Groups

What to do next

If the status of the protection group is Not Configured and the status for the new virtual machines is
Mapping Missing, apply inventory mappings to the virtual machines:

To apply site-wide inventory mappings, or to check that inventory mappings that you have already set

n

are valid, see Select Inventory Mappings in Site Recovery Manager Installation and Configuration. To apply
these mappings to all of the virtual machines, see “Apply Inventory Mappings to All Members of a

Protection Group,” on page 57.

To apply inventory mappings to each virtual machine in the protection group individually, see

n

“Configure Inventory Mappings for an Individual Virtual Machine in a Protection Group,” on

page 58.

Apply Inventory Mappings to All Members of a Protection Group

If the status of an array-based or vSphere Replication protection group is Not Configured, you can configure
protection for all of the unconfigured virtual machines by using existing site-wide inventory mappings, in
one step.

NOTE Site Recovery Manager applies site-wide inventory mappings to virtual machines in storage policy
protection groups when you run a recovery plan. This information only applies to array-based replication
and vSphere Replication protection groups.

Site Recovery Manager applies site-wide inventory mappings to virtual machines in array-based replication
or vSphere Replication protection groups when you create the protection group. If you change the site-wide
inventory mappings after you create an array-based or vSphere Replication protection group or add virtual
machines to an array-based or vSphere Replication protection group, the virtual machines continue to
recover with the original inventory mappings. To apply new inventory mappings, you must reconfigure
protection on the virtual machines in the protection group.

The status of a protection group can be Not Configured for several reasons:

You did not configure site-wide inventory mappings before you created the protection group.

n

You did not configure placeholder datastore mappings before you created the protection group.

n

You added virtual machines to a protection group after you created it.

n

Virtual machines lost their protection, possibly because you reconfigured them after you added them to

n

a protection group. For example, you added or removed virtual disks or devices.

Prerequisites

Configure or reconfigure site-wide inventory mappings. To select inventory mappings, see Select

n

Inventory Mappings in Site Recovery Manager Installation and Configuration.

Configure or reconfigure placeholder datastore mappings. To configure a placeholder datastore, see

n

Configure a Placeholder Datastore in Site Recovery Manager Installation and Configuration.

Procedure

1 In the vSphere Web Client, click Site Recovery > Protection Groups.

2 Select a protection group and on the Related Objects tab, click the Virtual Machines tab.

3 Click the Configure All icon.

At least one virtual machine in the protection group must be in the Not Configured state for the
Configure All button to be activated.

VMware, Inc. 57

Site Recovery Manager Administration

4 Click Yes to confirm that you want to apply inventory mappings to all unconfigured virtual machines.

If Site Recovery Manager successfully applied inventory mappings to the virtual machines, the

n

status of the protection group is OK.

If Site Recovery Manager was unable to apply some or all of the inventory mappings, the status of

n

the virtual machines is Not Configured or Mapping Missing.

If Site Recovery Manager applied the inventory mappings, but was unable to create placeholders

n

for virtual machines, the status of the virtual machines is Placeholder VM creation error.

5 (Optional) If the status of the virtual machines is Not Configured or Mapping Missing, check the

inventory mappings and click Configure All again.

6 (Optional) If the status of the virtual machines is Placeholder VM creation error, check the placeholder

datastore mapping and try to recreate the placeholder virtual machines.

To recreate the placeholder for an individual virtual machine, right-click a virtual machine and

n

select Recreate Placeholder.

To recreate the placeholder for several virtual machines, right-click the protection group and select

n

Restore Placeholder VMs.

Configure Inventory Mappings for an Individual Virtual Machine in a Protection Group

You can configure the mappings for the virtual machines in an array-based or vSphere Replication
protection group individually. This ability allows you to use different resources on the recovery site for
different virtual machines.

NOTE Site Recovery Manager applies site-wide inventory mappings to virtual machines in storage policy
protection groups when you run a recovery plan. You cannot configure individual mappings on virtual
machines in storage policy protection groups. This information only applies to array-based replication and
vSphere Replication protection groups.

You can configure individual inventory mappings on virtual machines in an array-based or
vSphere Replication protection group even if you configured site-wide inventory mappings. If you did
configure site-wide inventory mappings, you can remove protection from an individual virtual machine and
configure the folder and resource mappings to override the site-wide mappings. You can change the
network mapping for an individual virtual machine without removing protection.

You cannot specify placeholder datastores for individual virtual machines. You must map datastores on the
protected site to placeholder datastores on the recovery site at the site level. To configure a placeholder
datastore, see Configure a Placeholder Datastore .

Prerequisites

You created an array-based or vSphere Replication protection group.

Procedure

1 In the vSphere Web Client, click Site Recovery > Protection Groups.

2 Select the protection group that includes the virtual machine to configure.

3 On the Related Objects tab, click the Virtual Machines tab.

4 Right-click the virtual machine and select Configure Protection.

5 Configure inventory mappings by expanding the resources whose status is Not Configured and

selecting resources on the recovery site.

You can only change the folder, resource pool, and network mappings.

58 VMware, Inc.

Chapter 5 Creating and Managing Protection Groups

6 (Optional) To apply these mappings to all protected virtual machines on the site, select the Save as

Inventory Mapping check box for each resource.

If you do not select the check box, the mapping is only applied to this virtual machine.

7 Click OK.

If Site Recovery Manager successfully applied inventory mappings to the virtual machine, the

n

status of the virtual machine is OK.

If Site Recovery Manager was unable to apply some or all of the inventory mappings, the status of

n

the virtual machine is Not Configured or Mapping Missing.

If Site Recovery Manager applied the inventory mappings but was unable to create a placeholder

n

virtual machine, the status of the virtual machine is Placeholder VM creation error.

8 (Optional) If the status of the virtual machine is Not Configured or Mapping Missing, select Configure

Protection again and check the inventory mappings.

9 (Optional) If the status of the virtual machine is Placeholder VM creation error, check the placeholder

datastore mapping at the site level, right-click the virtual machine, and select Recreate Placeholder.

Modifying the Settings of a Protected Virtual Machine

Modifying the settings of a virtual machine that is included in a protection group, to add or change storage
devices, such as hard disks or DVD drives, can affect the protection of that virtual machine.

NOTE You cannot modify the settings of a virtual machine that you protect in a storage policy protection
group.

If you use array-based replication, adding or changing devices on a protected virtual machine affects
protection depending on how you create the new device.

If the new device is on a replicated datastore that is not part of a protection group, the protection group

n

that contains the virtual machine goes into the Not Configured state. Reconfigure the protection group
to add the datastore that contains the new device to the protection group.

If the new device is on a replicated datastore that a different protection group protects, the protection of

n

the virtual machine is invalid.

If the new device is on an unreplicated datastore, you must replicate the datastore or remove protection

n

from the device.

If you use Storage vMotion to move a virtual machine to an unreplicated datastore, or to a replicated

n

datastore on an array for which Site Recovery Manager does not have a storage replication adapter
(SRA), the protection of the virtual machine is invalid. You can use Storage vMotion to move a virtual
machine to a datastore that is part of another protection group.

If you add a device to a virtual machine that you protect by using vSphere Replication, you must
reconfigure vSphere Replication on the virtual machine to select the replication options for the new device.
For information about reconfiguring vSphere Replication settings, see the vSphere Replication
documentation at https://www.vmware.com/support/pubs/vsphere-replication-pubs.html.

After you modify virtual machines in array-based and vSphere Replication protection groups, you must
reconfigure protection for any virtual machines that have a status of Not Configured, Device Not Found,
Unresolved Devices, or Mapping Missing. See “Apply Inventory Mappings to All Members of a Protection

Group,” on page 57 and “Configure Inventory Mappings for an Individual Virtual Machine in a Protection
Group,” on page 58.

VMware, Inc. 59

Site Recovery Manager Administration

Remove Protection from a Virtual Machine

You can temporarily remove protection from a replicated virtual machine in an array-based replication or
vSphere Replication protection group without removing it from its protection group.

NOTE You cannot temporarily remove protection from virtual machines in storage policy protection
groups.

Removing protection deletes the placeholder virtual machine on the recovery site. If you remove protection
from a virtual machine in an array-based replication or vSphere Replication protection group, the states of
the virtual machine and the protection group are set to Not Configured. Running a recovery plan that
contains the protection group succeeds for the protected virtual machines, but Site Recovery Manager does
not recover the virtual machines or protection groups that are in the Not Configured state. If you ran
planned migration, the plan enters the Recovery Incomplete state.

In array-based replication, a distinction exists between the Site Recovery Manager protection of a virtual
machine and the Site Recovery Manager storage management for that virtual machine. If you remove
protection from a virtual machine in an array-based replication protection group, Site Recovery Manager no
longer recovers the virtual machine, but it continues to monitor and manage the storage of the virtual
machine files.

You might remove protection from a virtual machine for different reasons:

You use vSphere Replication and you want to exclude a protected virtual machine from a protection

n

group.

You use array-based replication, and someone moves to a replicated datastore a virtual machine that

n

you do not want to protect. If you remove protection from the virtual machine, the protection group
shows the Not Configured state. Test recovery and planned migration fail for the whole group. Disaster
recovery succeeds, but only for the protected virtual machines in the group and certain operations on
the protected site are skipped. The recovery plan enters the Recovery required state. In this case, move
the virtual machine off the protected datastore.

You use array-based replication and a virtual machine has devices that are stored on an unreplicated

n

datastore. You can remove protection from the virtual machine so that disaster recovery succeeds for all
of the other virtual machines in the group while you relocate the device files.

Removing protection from a virtual machine affects protection groups differently, according to whether you
use array-based replication or vSphere Replication.

If you remove protection from a virtual machine that is part of array-based replication protection

n

group, you must move the files of that virtual machine to an unprotected datastore. If you leave the
files of an unprotected virtual machine in a datastore that Site Recovery Manager has included in a
datastore group, test recovery and planned migration fail for the entire datastore group. Disaster
recovery succeeds, but only for the protected virtual machines in the datastore group, and you must
move the unprotected virtual machine before you can run planned migration to complete the recovery.

If you disable vSphere Replication on a virtual machine that you included in a protection group,

n

recovery fails for this virtual machine but succeeds for all of the correctly configured virtual machines
in the protection group. You must remove protection from the virtual machine and remove the virtual
machine from the protection group, either by editing the protection group or by clicking Remove VM.
See “Add or Remove Datastore Groups or Virtual Machines to or from a Protection Group,” on page 56.

Procedure

1 In the vSphere Web Client, click Site Recovery > Protection Groups.

2 Select an array-based replication or a vSphere Replication protection group and select Related Objects

> Virtual Machines.

60 VMware, Inc.

3 Right-click a virtual machine and select Remove Protection.

4 Click Yes to confirm the removal of protection from the virtual machine.

Protection Group Status Reference

You can monitor the status of a protection group and determine the operation that is allowed in each state.

Table 5‑1. Protection Group States

State Description

Loading Appears briefly while the interface is loading until the

OK Group is idle. All virtual machines are in OK state. You can

Not Configured Group is idle. Some virtual machines might not be in OK

Testing Group is used in a plan running a test. You cannot edit the

Test Complete Group is used in a plan running a test. You cannot edit the

Cleaning Up Group is used in a plan that is cleaning up after a test. You

Recovering Group is used in a plan that is running a recovery. You

Partially Recovered Group is in a plan that completed a recovery, but recovery

Recovered Group is in a plan that successfully completed a recovery.

Reprotecting Group is used in a plan running reprotect. You cannot edit

Partially Reprotected The group is in a plan that failed a reprotect. You can

Configuring Protection Protection operations are in progress on virtual machines

Removing Protection Removing protection from virtual machines in the group is

Restoring Placeholders Creation of placeholders is in progress for virtual machines

Operations in Progress A combination of at least one Configure Protection and one

Chapter 5 Creating and Managing Protection Groups

protection group status appears.

edit the group.

state. You can edit the group.

group.

group. Group returns to the OK or Not Configured state
when cleanup is successful.

cannot edit the group. Group returns to the OK or Not
Configured state when cleanup is successful. If cleanup
fails, the group goes to the Testing state.

cannot edit the group. If recovery succeeds, the group goes
to Recovered state. If recovery fails, group status changes
to Partially Recovered.

failed for some virtual machines. You can remove virtual
machines, but cannot configure or restore them.

You can remove virtual machines, but cannot configure or
restore them.

the group. Group returns to OK or Not Configured state
when reprotect is successful. If reprotect fails, the group
goes to Partially Reprotected state.

remove virtual machines, but cannot configure or restore
them.

in the group.

in progress.

in the group.

Remove Protection operations are in progress in the group.

VMware, Inc. 61

Site Recovery Manager Administration

Virtual Machine Protection Status Reference

You can monitor the status of a virtual machine in a protection group and determine the operation that is
allowed in each state.

Table 5‑2. Virtual Machine Protection States

State Description

Placeholder VM Not Found You deleted the placeholder virtual machine. The Restore

Placeholder icon is enabled.

Original protected VM not found You deleted the original production virtual machine after

failover and before reprotect. The Restore Placeholder icon
is enabled.

Datastore name used by VM is missing from group The virtual machine requires a datastore that is not in the

protection group. Edit the protection group to include the
datastore.

Datastore name used by VM is protected in a different
group

Device not found: device name You added an unreplicated disk or device to a protected

Mapping missing: Folder name; Network name ; Resource
pool name

Placeholder VM creation error: error string from server Error during placeholder virtual machine creation.

OK The protected virtual machine exists, and both provider

Invalid: error The virtual machine is not valid because the home

Not configured You added a new virtual machine after creating the

Error: error Error can be one of the following:

Configuring protection Virtual machine operation.

Removing protection Virtual machine operation.

Restoring placeholder Virtual machine operation.

Loading Appears briefly while the interface is loading until the

Mapping Conflict Site Recovery Manager Server reported an inventory

The virtual machine requires a datastore that is in a
different protection group. Remove the datastore from the
other protection group and edit the current protection
group to include the datastore. You cannot include a
datastore in two protection groups.

virtual machine. You must edit the replication of the virtual
machine to either include or remove the device from
protection.

Folder, resource pool, or network mappings are not
configured for this VM. Fix the inventory mappings for the
site or manually configure the virtual machine.

and placeholder status are clean.

datastore is not replicated or the virtual machine has been
deleted. The error string from the server contains the
details. Remove protection from the virtual machine
manually.

protection group. Use Configure All to configure
protection on the virtual machine.

Recovery site resource pool, folder, or network are not

n

in the same datacenter.

Placeholder datastore not found.

n

Any vCenter Server error that occurred when creating

n

placeholder, such as connection or permission
problems.

virtual machine status appears.

conflict. The resource pool and folder of the virtual
machine are in different datacenters.

62 VMware, Inc.

Chapter 5 Creating and Managing Protection Groups

Table 5‑2. Virtual Machine Protection States (Continued)

State Description

Replication Error vSphere Replication reports an error about the virtual

machine.

Replication Warning vSphere Replication reports a warning about the virtual

machine.

VMware, Inc. 63

Site Recovery Manager Administration

64 VMware, Inc.

Creating, Testing, and Running
Site Recovery Manager Recovery

Plans 6

After you configure Site Recovery Manager at the protected and recovery sites, you can create, test, and run
a recovery plan.

A recovery plan is like an automated run book. It controls every step of the recovery process, including the
order in which Site Recovery Manager powers on and powers off virtual machines, the network addresses
that recovered virtual machines use, and so on. Recovery plans are flexible and customizable.

A recovery plan includes one or more protection groups. You can include a protection group in more than
one recovery plan. For example, you can create one recovery plan to handle a planned migration of services
from the protected site to the recovery site, and another plan to handle an unplanned event such as a power
failure or natural disaster. In this example, having these different recovery plans referencing one protection
group allows you to decide how to perform recovery.

You can run only one recovery plan at a time to recover a particular protection group. If you simultaneously
test or run multiple recovery plans that specify the same protection group, only one recovery plan can
operate on the protection group. Other running recovery plans that specify the same protection group
report warnings for that protection group and the virtual machines it contains. The warnings explain that
the virtual machines were recovered, but do not report other protection groups that the other recovery plans
cover.

Testing a Recovery Plan on page 66

n

When you create or modify a recovery plan, test it before you try to use it for planned migration or for
disaster recovery.

Performing a Planned Migration or Disaster Recovery By Running a Recovery Plan on page 67

n

You can run a recovery plan under planned circumstances to migrate virtual machines from the
protected site to the recovery site. You can also run a recovery plan under unplanned circumstances if
the protected site suffers an unforeseen event that might result in data loss.

Differences Between Testing and Running a Recovery Plan on page 69

n

Testing a recovery plan has no lasting effects on either the protected site or the recovery site, but
running a recovery plan has significant effects on both sites.

Performing Test Recovery of Virtual Machines Across Multiple Hosts on the Recovery Site on

n

page 70

You can create recovery plans that recover virtual machines across multiple recovery site hosts in a
quarantined test network.

Create, Test, and Run a Recovery Plan on page 70

n

You perform several sets of tasks to create, test, and run a recovery plan.

VMware, Inc.

65

Site Recovery Manager Administration

Export Recovery Plan Steps on page 76

n

You can export the steps of a recovery plan in various formats for future reference, or to keep a hard
copy backup of your plans.

View and Export a Recovery Plan History on page 77

n

You can view and export reports about each run of a recovery plan, test of a recovery plan, or test
cleanup.

Delete a Recovery Plan on page 77

n

You can delete a recovery plan if you do not need it.

Recovery Plan Status Reference on page 77

n

You can monitor the status of a recovery plan and determine the operation that is allowed in each
state. The state of a recovery plan is determined by the states of the protection groups within the plan.

Testing a Recovery Plan

When you create or modify a recovery plan, test it before you try to use it for planned migration or for
disaster recovery.

By testing a recovery plan, you ensure that the virtual machines that the plan protects recover correctly to
the recovery site. If you do not test recovery plans, an actual disaster recovery situation might not recover all
virtual machines, resulting in data loss.

Testing a recovery plan exercises nearly every aspect of a recovery plan, although Site Recovery Manager
makes several concessions to avoid disrupting ongoing operations on the protected and recovery sites.
Recovery plans that suspend local virtual machines do so for tests as well as for actual recoveries. With this
exception, running a test recovery does not disrupt replication or ongoing activities at either site.

If you use vSphere Replication, when you test a recovery plan, the virtual machine on the protected site can
still synchronize with the replica virtual machine disk files on the recovery site. The vSphere Replication
server creates redo logs on the virtual machine disk files on the recovery site, so that synchronization can
continue normally. When you perform cleanup after running a test, the vSphere Replication server removes
the redo logs from the disks on the recovery site and persists the changes accumulated in the logs to VM
disks.

If you use array-based replication, when you test a recovery plan, the virtual machines on the protected site
are still replicated to the replica virtual machines' disk files on the recovery site. During test recovery, the
array creates a snapshot of the volumes hosting the virtual machines' disk files on the recovery site. Array
replication continues normally while the test is in progress. When you perform cleanup after running a test,
the array removes the snapshots that were created earlier as part of test recovery workflow.

You can run test recoveries as often as necessary. You can cancel a recovery plan test at any time.

Before running a failover or another test, you must successfully run a cleanup operation. See “Clean Up

After Testing a Recovery Plan,” on page 73.

Permission to test a recovery plan does not include permission to run a recovery plan. Permission to run a
recovery plan does not include permission to test a recovery plan. You must assign each permission
separately. See “Assign Site Recovery Manager Roles and Permissions,” on page 15.

66 VMware, Inc.

Chapter 6 Creating, Testing, and Running Site Recovery Manager Recovery Plans

Test Networks and Datacenter Networks

When you test a recovery plan, Site Recovery Manager can create a test network that it uses to connect
recovered virtual machines. Creating a test network allows the test to run without potentially disrupting
virtual machines in the production environment.

The test network is managed by its own virtual switch, and in most cases recovered virtual machines can
use the network without having to change network properties such as IP address, gateway, and so on. You
use the test network by selecting Auto when you configure the test network settings while creating a
recovery plan. A test network does not span hosts. You must configure a test network for every network
that a recovery plan uses during recovery.

You must recover any virtual machines that must interact with each other to the same test network. For
example, if a Web server accesses information on a database, those Web server and database virtual
machines should recover together to the same network.

A datacenter network is a network that typically supports existing virtual machines at the recovery site. You
can select a datacenter network for use as a test network. To use it, recovered virtual machines must
conform to its network address availability rules. These virtual machines must use a network address that
the network's switch can serve and route, must use the correct gateway and DNS host, and so on. Recovered
virtual machines that use DHCP can connect to this network without additional customization. Other
virtual machines require IP customization and additional recovery plan steps to apply the customization.

Performing a Planned Migration or Disaster Recovery By Running a Recovery Plan

You can run a recovery plan under planned circumstances to migrate virtual machines from the protected
site to the recovery site. You can also run a recovery plan under unplanned circumstances if the protected
site suffers an unforeseen event that might result in data loss.

During a planned migration, Site Recovery Manager synchronizes the virtual machine data on the recovery
site with the virtual machines on the protected site. Site Recovery Manager attempts to gracefully shut down
the protected machines and performs a final synchronization to prevent data loss, then powers on the
virtual machines on the recovery site. If errors occur during a planned migration, the plan stops so that you
can resolve the errors and rerun the plan. You can reprotect the virtual machines after the recovery.

During disaster recoveries, Site Recovery Manager first attempts a storage synchronization. If it succeeds,
Site Recovery Manager uses the synchronized storage state to recover virtual machines on the recovery site
to their most recent available state, according to the recovery point objective (RPO) that you set when you
configure your replication technology. When you run a recovery plan to perform a disaster recovery,
Site Recovery Manager attempts to shut down the virtual machines on the protected site. If
Site Recovery Manager cannot shut down the virtual machines, Site Recovery Manager still starts the copies
at the recovery site. In case the protected site comes back online after disaster recovery, the recovery plan
goes into an inconsistent state where production virtual machines are running on both sites, known as a
split-brain scenario. Site Recovery Manager detects this state and allows you to run the plan once more to
power off the virtual machines on the protected site. Then the recovery plan goes back to consistent state
and you can run reprotect.

If Site Recovery Manager detects that a datastore on the protected site is in the all paths down (APD) state
and is preventing a virtual machine from shutting down, Site Recovery Manager waits for a period before
attempting to shut down the virtual machine again. The APD state is usually transient, so by waiting for a
datastore in the APD state to come back online, Site Recovery Manager can gracefully shut down the
protected virtual machines on that datastore.

VMware, Inc. 67

Site Recovery Manager Administration

Site Recovery Manager uses VMware Tools heartbeat to discover when a virtual machine is running on the
recovery site. In this way, Site Recovery Manager can ensure that all virtual machines are running on the
recovery site. For this reason, VMware recommends that you install VMware Tools on protected virtual
machines. If you do not or cannot install VMware Tools on the protected virtual machines, you must
configure Site Recovery Manager not to wait for VMware Tools to start in the recovered virtual machines
and to skip the guest operating system shutdown step. See “Change Recovery Settings,” on page 137.

After Site Recovery Manager completes the final replication, Site Recovery Manager makes changes at both
sites that require significant time and effort to reverse. Because of this time and effort, you must assign the
privilege to test a recovery plan and the privilege to run a recovery plan separately.

Running a Recovery with Forced Recovery

If the protected site is offline and Site Recovery Manager cannot perform its usual tasks in a timely manner
which increases the RTO to an unacceptable level, you can run the recovery with the forced recovery option.
Forced recovery starts the virtual machines on the recovery site without performing any operations on the
protected site.

CAUTION Only use forced recovery in cases where the recovery time objective (RTO) is severely affected by
a lack of connectivity to the protection site.

Forced recovery is for use in cases where infrastructure fails at the protected site and, as a result, protected
virtual machines are unmanageable and cannot be shut down, powered off, or unregistered. In such a case,
the system state cannot be changed for extended periods. To resolve this situation, you can force recovery.
Forcing recovery does not complete the process of shutting down the virtual machines at the protected site.
As a result, a split-brain scenario occurs, but the recovery might complete more quickly.

Running disaster recovery with array-based replication when the protected site storage array is offline or
unavailable can affect the mirroring between the protected and the recovery storage arrays. After you run
forced recovery, you must check that mirroring is set up correctly between the protected array and the
recovery array before you can perform further replication operations. If mirroring is not set up correctly,
you must repair the mirroring by using the storage array software.

When running disaster recovery using vSphere Replication, Site Recovery Manager prepares
vSphere Replication storage for reprotect and you do not have to verify mirroring as you do with array­based replication.

When you enable forced recovery when the protected site storage is still available, any outstanding changes
on the protection site are not replicated to the recovery site before the sequence begins. Replication of the
changes occurs according to the recovery point objective (RPO) period of the storage array. If a new virtual
machine or template is added on the protection site and recovery is initiated before the storage RPO period
has elapsed, the new virtual machine or template does not appear on the replicated datastore and is lost. To
avoid losing the new virtual machine or template, wait until the end of the RPO period before running the
recovery plan with forced recovery.

To select forced recovery when running disaster recovery, you must enable the option

recovery.forceRecovery in Advanced Settings on the Site Recovery Manager Server on the recovery site. In

the Run Recovery Plan wizard, you can only select the forced recovery option in disaster recovery mode. It
is not available for planned migration.

68 VMware, Inc.

Chapter 6 Creating, Testing, and Running Site Recovery Manager Recovery Plans

After the forced recovery completes and you have verified the mirroring of the storage arrays, you can
resolve the issue that necessitated the forced recovery. After you resolve the underlying issue, run planned
migration on the recovery plan again, resolve any problems that occur, and rerun the plan until it finishes
successfully. Running the recovery plan again does not affect the recovered virtual machines at the recovery
site.

NOTE When you run planned migration after running a forced recovery, virtual machines on the protected
site might fail to shut down if the underlying datastores are read only or unavailable. In this case, log into
vCenter Server on the protected site and power off the virtual machines manually. After you have powered
off the virtual machines, run planned migration again.

Differences Between Testing and Running a Recovery Plan

Testing a recovery plan has no lasting effects on either the protected site or the recovery site, but running a
recovery plan has significant effects on both sites.

You need different privileges when testing and running a recovery plan.

Table 6‑1. How Testing a Recovery Plan Differs from Running a Recovery Plan

Area of Difference Test a Recovery Plan Run a Recovery Plan

Required privileges Requires Site Recovery

Manager.Recovery Plans.Test

permission.

Effect on virtual machines at
protected site

Effect on virtual machines at
recovery site

Effect on replication Site Recovery Manager creates

Network If you explicitly assign test networks,

Interruption of recovery plan You can cancel a test at any time. You can cancel the recovery at any time.

None Site Recovery Manager shuts down

Site Recovery Manager suspends
local virtual machines if the recovery
plan requires this.
Site Recovery Manager restarts
suspended virtual machines after
cleaning up the test.

temporary snapshots of replicated
storage at the recovery site. For
array-based replication,
Site Recovery Manager rescans the
arrays to discover them.

Site Recovery Manager connects
recovered virtual machines to a test
network. If virtual machine network
assignment is Auto,
Site Recovery Manager assigns
virtual machines to temporary
networks that are not connected to
any physical network.

Requires Site Recovery

Manager.Recovery Plans.Recovery

permission.

virtual machines in reverse priority order
and restores any virtual machines that are
suspended at the protected site.

Site Recovery Manager suspends local
virtual machines if the recovery plan
requires this.

During a planned migration,
Site Recovery Manager synchronizes
replicated datastores, then stops
replication, then makes the target devices
at the recovery site writable. During a
disaster recovery, Site Recovery Manager
attempts the same steps, but if they do not
succeed, Site Recovery Manager ignores
protected site errors.

Site Recovery Manager connects
recovered virtual machines to the user­specified datacenter network.

VMware, Inc. 69

Site Recovery Manager Administration

Performing Test Recovery of Virtual Machines Across Multiple Hosts on the Recovery Site

You can create recovery plans that recover virtual machines across multiple recovery site hosts in a
quarantined test network.

With Site Recovery Manager, the vSwitches can be DVS based and span hosts. If you accept the default test
network configured as Auto, then virtual machines that are recovered across hosts are placed in their own
test network during recovery plan tests. Each test switch is isolated between hosts. As a result, virtual
machines in the same recovery plan are isolated when the test recovery finishes. To allow the virtual
machines to communicate, establish and select DVS switches or VLANs. With an isolated VLAN that
connects all hosts to each other but not to a production network, you can more realistically test a recovery.
To achieve connectivity among recovery hosts, but maintain isolation from the production network, follow
these recommendations:

Create DVS switches that are connected to an isolated VLAN that is private. Such a VLAN allows hosts

n

and virtual machines to be connected, but to be isolated from production virtual machines. Use a
naming convention that clearly designates that the DVS is for testing use, and select this DVS in the
recovery plan test network column in the recovery plan editor.

Create test VLANs on a physical network, providing no route back to the protected site. Trunk test

n

VLANs to recovery site vSphere clusters and create virtual switches for test VLAN IDs. Use a clear
naming convention to identify that these switches are for testing. Select these switches from the test
recovery network column in the recovery plan editor.

Create, Test, and Run a Recovery Plan

You perform several sets of tasks to create, test, and run a recovery plan.

Procedure

1 Create a Recovery Plan on page 71

You create a recovery plan to establish how Site Recovery Manager recovers virtual machines.

2 Organize Recovery Plans in Folders on page 71

You can create folders in which to organize recovery plans.

3 Edit a Recovery Plan on page 72

You can edit a recovery plan to change the properties that you specified when you created it. You can
edit recovery plans from the protected site or from the recovery site.

4 Test a Recovery Plan on page 72

When you test a recovery plan, Site Recovery Manager runs the virtual machines of the recovery plan
on a test network and on a temporary snapshot of replicated data at the recovery site.
Site Recovery Manager does not disrupt operations at the protected site.

5 Clean Up After Testing a Recovery Plan on page 73

After you test a recovery plan, you can return the recovery plan to the Ready state by running a
cleanup operation. You must complete the cleanup operation before you can run a failover or another
test.

6 Run a Recovery Plan on page 74

When you run a recovery plan, Site Recovery Manager migrates all virtual machines in the recovery
plan to the recovery site. Site Recovery Manager attempts to shut down the corresponding virtual
machines on the protected site.

70 VMware, Inc.

Chapter 6 Creating, Testing, and Running Site Recovery Manager Recovery Plans

7 Recover a Point-in-Time Snapshot of a Virtual Machine on page 75

With vSphere Replication, you can retain point-in-time snapshots of a virtual machine. You can
configure Site Recovery Manager to recover a number of point-in-time (PIT) snapshots of a virtual
machine when you run a recovery plan.

8 Cancel a Test or Recovery on page 76

You can cancel a recovery plan test whenever the status is test in progress or failover in progress.

Create a Recovery Plan

You create a recovery plan to establish how Site Recovery Manager recovers virtual machines.

Procedure

1 In the vSphere Web Client, select Site Recovery > Recovery Plans.

2 On the Objects tab, click the icon to create a recovery plan.

3 Enter a name and description for the plan, select a folder, then click Next.

4 Select the recovery site and click Next.

5 Select the group type from the menu.

Option Description

VM protection groups

Storage policy protection groups

The default is VM protection groups.

Select this option to create a recovery plan that contains array-based
replication and vSphere Replication protection groups.

Select this option to create a recovery plan that contains storage policy
protection groups.

NOTE If using stretched storage, select Storage policy protection groups for the group type.

6 Select one or more protection groups for the plan to recover, and click Next.

7 Click the Test Network value, select a network to use during test recovery, and click Next.

The default option is to create an isolated network automatically.

8 Review the summary information and click Finish to create the recovery plan.

Organize Recovery Plans in Folders

You can create folders in which to organize recovery plans.

Organizing recovery plans into folders is useful if you have many recovery plans. You can limit the access to
recovery plans by placing them in folders and assigning different permissions to the folders for different
users or groups. For information about how to assign permissions to folders, see “Assign Site Recovery

Manager Roles and Permissions,” on page 15.

Procedure

1 In the Home view of the vSphere Web Client, click Site Recovery.

2 Expand Inventory Trees and click Recovery Plans.

3 Select the Related Objects tab and click Folders.

4 Click the Create Folder icon, enter a name for the folder to create, and click OK.

VMware, Inc. 71

Site Recovery Manager Administration

5 Add new or existing recovery plans to the folder.

Option Description

Create a new recovery plan

Add an existing recovery plan

6 (Optional) To rename or delete a folder, right-click the folder and select Rename Folder or Delete

Folder.

You can only delete a folder if it is empty.

Edit a Recovery Plan

You can edit a recovery plan to change the properties that you specified when you created it. You can edit
recovery plans from the protected site or from the recovery site.

Procedure

1 In the vSphere Web Client, select Site Recovery > Recovery Plans.

2 Right-click a recovery plan, and select Edit Plan.

You can also edit a recovery plan by clicking the Edit recovery plan icon in the Recovery Steps view in
the Monitor tab.

Right-click the folder and select Create Recovery Plan.

Drag and drop recovery plans from the inventory tree into the folder.

3 (Optional) Change the name or description of the plan in the Recovery Plan Name text box, and click

Next.

4 On the Recovery site page, click Next.

You cannot change the recovery site.

5 (Optional) Select or deselect one or more protection groups to add them to or remove them from the

plan, and click Next.

6 (Optional) Click the test network to select a different test network on the recovery site, and click Next.

7 Review the summary information and click Finish to make the specified changes to the recovery plan.

You can monitor the update of the plan in the Recent Tasks view.

Test a Recovery Plan

When you test a recovery plan, Site Recovery Manager runs the virtual machines of the recovery plan on a
test network and on a temporary snapshot of replicated data at the recovery site. Site Recovery Manager
does not disrupt operations at the protected site.

Testing a recovery plan runs all the steps in the plan, except for powering down virtual machines at the
protected site and forcing devices at the recovery site to assume mastership of replicated data. If the plan
requires the suspension of local virtual machines at the recovery site, Site Recovery Manager suspends those
virtual machines during the test. Running a test of a recovery plan makes no other changes to the
production environment at either site.

Testing a recovery plan creates a snapshot on the recovery site of all of the disk files of the virtual machines
in the recovery plan. The creation of the snapshots adds to the I/O latency on the storage. If you notice
slower response times when you test recovery plans and you are using VMware Virtual SAN storage,
monitor the I/O latency by using the monitoring tool in the Virtual SAN interface.

Procedure

1 In the vSphere Web Client, select Site Recovery > Recovery Plans, and select a recovery plan.

72 VMware, Inc.

Chapter 6 Creating, Testing, and Running Site Recovery Manager Recovery Plans

2 Right-click the plan and select Test.

You can also run a test by clicking the Test recovery plan icon in the Recovery Steps view in the
Monitor tab.

3 (Optional) Select Replicate recent changes to recovery site.

Selecting this option ensures that the recovery site has the latest copy of protected virtual machines, but
means that the synchronization might take more time.

4 Click Next.

5 Review the test information and click Finish.

6 Click the Recovery Steps in the Monitor tab to monitor the progress of the test and respond to

messages.

The Recovery Steps tab displays the progress of individual steps. The Test task in Recent Tasks tracks
overall progress.

NOTE Site Recovery Manager runs recovery steps in the prescribed order, except that it does not wait
for the Prepare Storage step to finish for all protection groups before continuing to the next steps.

What to do next

Run a cleanup operation after the recovery plan test finishes to restore the recovery plan to its original state
from before the test.

Clean Up After Testing a Recovery Plan

After you test a recovery plan, you can return the recovery plan to the Ready state by running a cleanup
operation. You must complete the cleanup operation before you can run a failover or another test.

Site Recovery Manager performs several cleanup operations after a test.

Powers off the recovered virtual machines.

n

Replaces recovered virtual machines with placeholders, preserving their identity and configuration

n

information.

Cleans up replicated storage snapshots that the recovered virtual machines used during the test.

n

Prerequisites

Verify that you tested a recovery plan.

Procedure

1 In the vSphere Web Client, select Site Recovery > Recovery Plans, and select a recovery plan.

2 Right-click the recovery plan and select Cleanup.

You can also run cleanup by clicking the cleanup icon in the Recovery Steps view in the Monitor tab.

3 Review the cleanup information and click Next.

4 Click Finish.

5 After the cleanup finishes, if it reports errors, run the cleanup again, selecting the Force Cleanup

option.

The Force Cleanup option forces the removal of virtual machines, ignoring any errors, and returns the
plan to the Ready state. If necessary, run cleanup several times with the Force Cleanup option, until the
cleanup succeeds.

VMware, Inc. 73

Site Recovery Manager Administration

Run a Recovery Plan

When you run a recovery plan, Site Recovery Manager migrates all virtual machines in the recovery plan to
the recovery site. Site Recovery Manager attempts to shut down the corresponding virtual machines on the
protected site.

CAUTION A recovery plan makes significant alterations in the configurations of the protected and recovery
sites and it stops replication. Do not run any recovery plan that you have not tested. Reversing these
changes might cost significant time and effort and can result in prolonged service downtime.

Prerequisites

To use forced recovery, you must first enable this function. You enable forced recovery by enabling the

n

recovery.forceRecovery setting as described in “Change Recovery Settings,” on page 137.

Ensure that you have configured full inventory mappings. If you have only configured temporary

n

placeholder inventory mappings and you run a planned migration with the Enable vMotion of eligible
VMs option, planned migration fails, even though both sites are running.

To use the Enable vMotion of eligible VMs option with planned migration, enable vMotion on the

n

virtual machines. For instructions about enabling vMotion on virtual machines, see “Enable vSphere

vMotion for Planned Migration,” on page 89.

Procedure

1 In the vSphere Web Client, select Site Recovery > Recovery Plans, and select a recovery plan.

2 Right-click the recovery plan and select Run.

3 Review the information in the confirmation prompt, and select I understand that this process will

permanently alter the virtual machines and infrastructure of both the protected and recovery
datacenters.

4 Select the type of recovery to run.

Option Description

Planned Migration

Disaster Recovery

Recovers virtual machines to the recovery site when both sites are running.
If errors occur on the protected site during a planned migration, the
planned migration operation fails. If your array supports stretched storage,
select the Enable vMotion of eligible VMs check box.

Recovers virtual machines to the recovery site if the protected site
experiences a problem. If errors occur on the protected site during a
disaster recovery, the disaster recovery continues and does not fail.

5 (Optional) Select the Forced Recovery - recovery site operations only check box.

This option is available if you enabled the forced recovery function and you selected Disaster Recovery.

6 Click Next.

74 VMware, Inc.

Chapter 6 Creating, Testing, and Running Site Recovery Manager Recovery Plans

7 Review the recovery information and click Finish.

When you run planned migration of a recovery plan that contains a storage policy protection group,
Site Recovery Manager checks that the protection groups are synchronized on both of the protected and
recovery sites before it runs the recovery plan. This check happens when you click Finish. If the
protection group is synchronized on both sites, the planned migration begins. If the protection group is
not synchronized at both sites, you see the error The peer site has not finished synchronizing

changes to protection group.

If you see this error, dismiss the error message and click Finish again. If the synchronization has

n

completed, the planned migration begins.

If the error persists, cancel the planned migration, wait a short time, and attempt to run the

n

planned migration again.

8 Click the Monitor tab and click Recovery Steps.

The Recovery Steps tab displays the progress of individual steps. The Recent Tasks area reports the
progress of the overall plan.

Recover a Point-in-Time Snapshot of a Virtual Machine

With vSphere Replication, you can retain point-in-time snapshots of a virtual machine. You can configure
Site Recovery Manager to recover a number of point-in-time (PIT) snapshots of a virtual machine when you
run a recovery plan.

You configure the retention of PIT snapshots when you configure vSphere Replication on a virtual machine.
For more information about PIT snapshots, see “Replicating a Virtual Machine and Enabling Multiple Point

in Time Instances,” on page 29.

To enable PIT snapshots, configure replication of a virtual machine by using the vSphere Replication
interface in the vSphere Web Client.

Site Recovery Manager only recovers the most recent PIT snapshot during a recovery. To recover older
snapshots, you must enable the vrReplication > preserveMpitImagesAsSnapshots option in Advanced
Settings in the Site Recovery Manager interface. If you recover a PIT snapshot of a virtual machine for which
you have configured IP customization, Site Recovery Manager only applies the customization to the most
recent PIT snapshot. If you recover a virtual machine with IP customization and revert to an older PIT
snapshot, you must configure the IP settings manually.

Point-in-time recovery is not available with array-based replication.

Procedure

1 Configure Site Recovery Manager to retain older PIT snapshots by setting the vrReplication >

preserveMpitImagesAsSnapshots option.

2 Use the vSphere Replication interface to configure replication of a virtual machine, selecting the option

to retain a number of PIT snapshots.

3 In the Site Recovery Manager interface, add the virtual machine to a vSphere Replication protection

group.

4 Include the vSphere Replication protection group in a recovery plan.

5 Run the recovery plan.

When the recovery plan is finished, the virtual machine is recovered to the recovery site, with the
number of PIT snapshots that you configured.

6 In the VMs and Templates view, right-click the recovered virtual machine and select Snapshot >

Snapshot Manager.

VMware, Inc. 75

Site Recovery Manager Administration

7 Select one of the PIT snapshots of this virtual machine and click Go to.

The recovered virtual machine reverts to the PIT snapshot that you selected.

8 (Optional) If you have configured the virtual machine for IP customization, and if you select an older

PIT snapshot than the most recent one, manually configure the IP settings on the recovered virtual
machine.

Cancel a Test or Recovery

You can cancel a recovery plan test whenever the status is test in progress or failover in progress.

When you cancel a test or recovery, Site Recovery Manager does not start processes, and uses certain rules
to stop processes that are in progress. Canceling a failover requires you to re-run the failover.

Processes that cannot be stopped, such as powering on or waiting for a heartbeat, run to completion

n

before the cancellation finishes.

Processes that add or remove storage devices are undone by cleanup operations if you cancel.

n

The time it takes to cancel a test or recovery depends on the type and number of processes that are currently
in progress.

Procedure

1 In the vSphere Web Client, select Site Recovery > Recovery Plans, and select a recovery plan.

2 Right-click the recovery plan and select Cancel. You can also cancel the plan from the Recovery Steps

tab.

What to do next

Run a cleanup after canceling a test.

Export Recovery Plan Steps

You can export the steps of a recovery plan in various formats for future reference, or to keep a hard copy
backup of your plans.

You cannot export the recovery plan steps while a test recovery or a real recovery is in progress.

Prerequisites

Verify that you have a recovery plan.

Procedure

1 In the vSphere Web Client, select Site Recovery > Recovery Plans, and select a recovery plan.

2 In the Monitor tab, click Recovery Steps.

3 Click the Export Recovery Plan Steps icon.

You can save the recovery plan steps as HTML, XML, CSV, or MS Excel or Word document.

4 Click Generate Report.

5 Click Download Report and close the window.

76 VMware, Inc.

Chapter 6 Creating, Testing, and Running Site Recovery Manager Recovery Plans

View and Export a Recovery Plan History

You can view and export reports about each run of a recovery plan, test of a recovery plan, or test cleanup.

Recovery plan histories provide information about each run, test, or cleanup of a recovery plan. The history
contains information about the result and the start and end times for the whole plan and for each step in the
plan. You can export history at any time, but history always contains entries only for completed operations.
If an operation is in progress, the history appears after the operation completes.

SRM preserves history for deleted recovery plans. You can export history reports for existing and deleted
plans. To export a history report for a deleted plan, select a site, then select Monitor > Recovery Plans
History.

To export a history report for an existing plan, follow this procedure.

Prerequisites

You ran or tested a recovery plan, or cleaned up after a test.

Procedure

1 In the vSphere Web Client, select Site Recovery > Recovery Plans, and select a recovery plan.

2 On the Monitor tab, click History.

3 (Optional) Click the Export icon for the recovery plan history for a specific time period, recovery plan

run, test, or cleanup operation.

You can save the recovery plan history as HTML, XML, CSV, or MS Excel or Word document.

Delete a Recovery Plan

You can delete a recovery plan if you do not need it.

The recovery plan must be a consistent state before you can delete it.

Procedure

1 In the vSphere Web Client, select Site Recovery > Recovery Plans, and select a recovery plan.

2 (Optional) On the Monitor tab, click History, and click Export History Report to download the history

of the plan.

You can view the history for deleted plans in History.

3 Right-click the recovery plan to delete and select Delete Recovery Plan.

Recovery Plan Status Reference

You can monitor the status of a recovery plan and determine the operation that is allowed in each state. The
state of a recovery plan is determined by the states of the protection groups within the plan.

Table 6‑2. Recovery States

State Description

Ready Recovery steps are cleared.

Test in progress Canceling a test moves plan to Cancel in Progress state.

For Storage Policy Protection Groups, Recovery steps do
not show virtual machines and consistency groups when a
recovery plan is in this state.

You can verify protected virtual machines in a recovery
plan in the Related Objects tab.

VMware, Inc. 77

Site Recovery Manager Administration

Table 6‑2. Recovery States (Continued)

State Description

Test complete Test completed with or without errors. If a failure occurs

Test interrupted Server failed while a test was running.

Cleanup in progress After successful cleanup, plan state goes to Ready.

Cleanup incomplete Errors occurred during cleanup.

Cleanup interrupted Site Recovery Manager failed during cleanup.

Recovery in progress If you cancel recovery, the state goes to Cancel in progress.

Disaster recovery complete During recovery at the protected site, VM shutdown

Recovery started A recovery started on the peer site, but if the sites are not

Recovery required (split brain) Sites were disconnected during recovery. Split brain

Recovery complete If errors, VMs are all recovered but with errors. Running

Recovery complete (2) Sites were disconnected during recovery. The connection

during the test, plan goes to Test Interrupted state.

If cleanup is incomplete, state goes to Cleanup Incomplete.

If you set the Force Cleanup option, state goes to Ready
after an error.

If a failure occurs during cleanup, state goes to Cleanup
Incomplete.

You can run the cleanup again.

When running cleanup from this state, the cleanup wizard
provides an option to ignore errors.

You cannot change recovery options.

enountered errors, possibly because the sites were not
connected, the step before split brain.

System prompt warns of split brain and to run recovery
again when sites reconnect.

When sites are connected, state goes to Recovery Required
(split brain)

connected, the exact state is unknown.

Log in to the recovery site or reconnect the sites to get the
current state.

scenario detected when sites reconnect.

System prompts you to run recovery again to synchronize
the sites.

For Storage Policy Protection Groups, Recovery steps do
not show virtual machines and consistency groups when a
recovery plan is in this state.

You can verify protected virtual machines in a recovery
plan in the Related Objects tab.

recovery again does not fix the errors.

Plan goes to this state after the split brain recovery is
resolved.

You can see the recover steps of the last recovery run.

For Storage Policy Protection Groups, Recovery steps do
not show virtual machines and consistency groups when a
recovery plan is in this state.

You can verify protected virtual machines in a recovery
plan in the Related Objects tab.

status is the only property that triggers this state.

If errors, VMs are all recovered but with errors. Running
recovery again does not fix the errors.

Plan goes to this state after the split brain recovery is
resolved.

78 VMware, Inc.

Chapter 6 Creating, Testing, and Running Site Recovery Manager Recovery Plans

Table 6‑2. Recovery States (Continued)

State Description

Incomplete recovery Canceled recovery or datastore error. Run recovery again.

You need to either resolve errors and rerun recovery, or
remove protection for VMs in error. The plan detects the
resolution of errors in either of these ways and updates
state to Recovery Complete.

Partial recovery Some but not all protection groups are recovered by an

overlapping plan.

Recovery interrupted A failure during recovery causes the recovery to pause.

Click Recovery to continue. You cannot change recovery
options.

Cancel in progress Canceling a test results in Test Complete with last result

canceled.

Canceling a recovery results in Incomplete Recovery with
last result canceled.

If the operation is canceled early enough, may result in a
Ready state.

Reprotect in progress If the server fails during this state, it goes to Reprotect

Interrupted.

Partial reprotect Overlapping plan was reprotected.

The already reprotected groups go to Ready state, but this
is valid, since the other groups are in the Recovered state.

Incomplete reprotect Reprotect did not complete the storage operations. Sites

must be connected for the reportect to succeed on the new
run.

Incomplete reprotect (2) Reprotect completed the storage operations but did not

complete creating shadow virtual machines. You can run
reprotect again even if the site running the virtual
machines is disconnected, then proceed to recovery
immediately after.

Reprotect interrupted If the Site Recovery Manager Server fails during reprotect,

run reprotect again to continue and properly clean up the
state.

Waiting for user input during test Test is paused. Dismiss the prompt to resume the test.

Waiting for user input during recovery Recovery is paused. Dismiss the prompt to resume

recovery.

Protection groups in use Plan contains groups that are being used for a test by

another plan. This state also occurs when the other plan
has completed a Test operation on the groups, but has not
run Cleanup.

Wait for the other plan to complete the test or cleanup or
edit the plan to remove the groups.

Direction error Groups are in a mixed state, which is an invalid state. Some

groups are Ready in both directions: a site is protected and
a site is recovered within a particular group. Remove some
protection groups.

For this error to occur, overlapping plans have run and
reprotected all the groups in the plan already.

Deleting Plan enters this brief state while waiting for deletion of a

peer plan. Plan automatically completes when the other
plan is deleted.

VMware, Inc. 79

Site Recovery Manager Administration

Table 6‑2. Recovery States (Continued)

State Description

Plan out of sync This state can occur under different circumstances:

No protection groups The plan contains no protection groups and the plan

Internal error A protection group with an unknown state is in the plan, or

Between a successful test recovery and a cleanup

n

operation. You cannot edit the plan when it is in this
state. Run cleanup to return the plan to the Ready state.
If the plan remains in the Plan Out of Sync state, edit
the plan.

During regular operation You can edit the plan.

n

Opening the plan for editing causes Site Recovery Manager
to force synchronization of Site Recovery Manager internal
data about the plan between protection and recovery
Site Recovery Manager servers, which clears the Plan Out
Of Sync status .

cannot run.

You can edit the plan including the recovery site.

You can create empty plans through the API or UI, or by
deleting protection groups.

some other unexpected error occurred.

You cannot run the plan but you can delete it.

80 VMware, Inc.

Configuring a Recovery Plan 7

You can configure a recovery plan to run commands on Site Recovery Manager Server or on a virtual
machine, display messages that require a response when the plan runs on the Site Recovery Manager Server
or in the guest OS, suspend non-essential virtual machines during recovery, configure dependencies
between virtual machines, customize virtual machine network settings, and change the recovery priority of
protected virtual machines.

A simple recovery plan that specifies only a test network to which the recovered virtual machines connect
and timeout values for waiting for virtual machines to power on and be customized can provide an effective
way to test a Site Recovery Manager configuration. Most recovery plans require configuration for use in
production. For example, a recovery plan for an emergency at the protected site might be different from a
recovery plan for the planned migration of services from one site to another.

NOTE A recovery plan always reflects the current state of the protection groups that it recovers. If any
members of a protection group show a status other than OK, you must correct the problems before you can
make any changes to the recovery plan. When a recovery plan is running, its state reflects the state of the
recovery plan run, rather than the state of the protection groups that it contains.

This chapter includes the following topics:

“Recovery Plan Steps,” on page 81

n

“Creating Custom Recovery Steps,” on page 82

n

“Suspend Virtual Machines When a Recovery Plan Runs,” on page 87

n

“Specify the Recovery Priority of a Virtual Machine,” on page 88

n

“Configure Virtual Machine Dependencies,” on page 88

n

“Enable vSphere vMotion for Planned Migration,” on page 89

n

“Configure Virtual Machine Startup and Shutdown Options,” on page 90

n

“Limitations to Protection and Recovery of Virtual Machines,” on page 91

n

Recovery Plan Steps

A recovery plan runs a series of steps that must be performed in a specific order for a given workflow such
as a planned migration or reprotect. You cannot change the order or purpose of the steps, but you can insert
your own steps that display messages and run commands.

Site Recovery Manager runs different recovery plan steps in different ways.

Some steps run during all recoveries.

n

Some steps run only during test recoveries.

n

VMware, Inc.

81

Site Recovery Manager Administration

Some steps are always skipped during test recoveries.

n

Some steps run only with stretched storage.

n

Understanding recovery steps, their order, and the context in which they run is important when you
customize a recovery plan.

Recovery Order

When you run a recovery plan, it starts by powering off the virtual machines at the protected site.
Site Recovery Manager powers off virtual machines according to the priority that you set, with high-priority
machines powering off last. Site Recovery Manager omits this step when you test a recovery plan.

Site Recovery Manager powers on groups of virtual machines on the recovery site according to the priority
that you set. Before a priority group starts, all of the virtual machines in the next-higher priority group must
recover or fail to recover. Dependencies between virtual machines within different priority groups are
ignored. If dependencies exist between virtual machines in the same priority group, Site Recovery Manager
first powers on the virtual machines on which other virtual machines depend. If Site Recovery Manager can
meet the virtual machine dependencies, Site Recovery Manager attempts to power on as many virtual
machines in parallel as vCenter Server supports.

Recovery Plan Timeouts and Pauses

Several types of timeouts can occur during the running of recovery plan steps. Timeouts cause the plan to
pause for a specified interval to allow the step time to finish.

Message steps force the plan to pause until the user acknowledges the message. Before you add a message
step to a recovery plan, make sure that it is necessary. Before you test or run a recovery plan that contains
message steps, make sure that a user can monitor the progress of the plan and respond to the messages as
needed.

Recovery Steps for Stretched Storage

The recovery plan wizard provides an option to use Cross vCenter Server vMotion to perform failover for
all protected, powered on virtual machines residing on stretched storage at the protected site. When this
option is selected, two additional steps occur during recovery immediately prior to powering off the
protected site virtual machines.

Preparing storage for VM migration. Site Recovery Manager changes the preference to the recovery

n

site for each consistency group.

Migrating VMs. If the production virtual machine is not powered on, the step fails. If the production

n

virtual machine is powered on, Site Recovery Manager initiates Cross vCenter Server vMotion to
migrate the virtual machine to the recovery site.

NOTE Virtual machines eligible for migration will not be migrated if they are at a lower priority than virtual
machines that are not eligible or that have dependencies on virtual machines that are not eligible.

Creating Custom Recovery Steps

You can create custom recovery steps that run commands or present messages to the user during a recovery.

Site Recovery Manager can run custom steps either on the Site Recovery Manager Server or in a virtual
machine that is part of the recovery plan. You cannot run custom steps on virtual machines that are to be
suspended.

During reprotect, Site Recovery Manager preserves all custom recovery steps in the recovery plan. If you
perform a recovery or test after a reprotect, custom recovery steps are run on the new recovery site, which
was the original protected site.

82 VMware, Inc.

Chapter 7 Configuring a Recovery Plan

After reprotect, you can usually use custom recovery steps that show messages directly without
modifications. You might need to modify some custom recovery steps after a reprotect, if these steps run
commands that contain site-specific information, such as network configurations.

You can configure commands and prompts in recovery plan steps that signify completion of a particular
operation. You cannot add commands and prompts before the Configure Test networks step.

You cannot add commands and prompts to these top-level steps relevant to storage policy protection
groups:

Test VMs Recovery complete

n

Test Consistency Groups recovery complete

n

Protection Groups test failover complete

n

VMs Recovery complete

n

Consistency Groups recovery complete

n

Protection Groups recovery complete

n

Protection Groups migration complete

n

Types of Custom Recovery Steps

You can create different types of custom recovery steps to include in recovery plans.

Custom recovery steps are either command recovery steps or message prompt steps.

Command Recovery Steps

Command recovery steps contain either top-level commands or per-virtual machine commands.

Top-Level Commands

Run on the Site Recovery Manager Server. For example, you might use these
commands to power on physical devices or to redirect network traffic.

Per-Virtual Machine
Commands

Site Recovery Manager associates per-virtual machine commands with
newly recovered virtual machines during the recovery process. You can use
these commands to complete configuration tasks after powering on a virtual
machine. You can run the commands either before or after powering on a
virtual machine. Commands that you configure to run after the virtual
machine is powered on can run either on the Site Recovery Manager Server
or in the newly recovered virtual machine. Commands that run on the newly
recovered virtual machine are run in the context of the user account that
VMware Tools uses on the recovered virtual machine. Depending on the
function of the command that you write, you might need to change the user
account that VMware Tools uses on the recovered virtual machine.

Message Prompt Recovery Steps

Present a message in the Site Recovery Manager user interface during the recovery. You can use this
message to pause the recovery and provide information to the user running the recovery plan. For example,
the message can instruct users to perform a manual recovery task or to verify steps. The only action users
can take in direct response to a prompt is to dismiss the message, which allows the recovery to continue.

Execution of Commands and Prompt Steps

For storage policy protection groups, if you add a command or prompt before the first priority virtual
machines, Site Recovery Manager executes the command or prompt after the step Apply VM policies
completes for all virtual machines.

VMware, Inc. 83

Site Recovery Manager Administration

For array-based replication protection groups and vSphere Replication protection groups, the first
command or prompt (or custom) step added between Create Writeable Storage Snapshot and the first non­empty VM priority group starts in parallel with the step Create Writeable Storage Snapshot to address
restart failure scenarios.

How Site Recovery Manager Handles Custom Recovery Step Failures

Site Recovery Manager handles custom recovery step failures differently based on the type of recovery step.

Site Recovery Manager attempts to complete all custom recovery steps, but some command recovery steps
might fail to finish.

Command Recovery Steps

By default, Site Recovery Manager waits for 5 minutes for command recovery steps to finish. You can
configure the timeout for each command. If a command finishes within this timeout period, the next
recovery step in the recovery plan runs. How Site Recovery Manager handles failures of custom commands
depends on the type of command.

Type of
Command Description

Top-level
commands

Per-virtual
machine
commands

If a recovery step fails, Site Recovery Manager logs the failure and shows a warning on the
Recovery Steps tab. Subsequent custom recovery steps continue to run.

Run in batches either before or after a virtual machine powers on. If a command fails, the
remaining per-virtual machine commands in the batch do not run. For example, if you add five
commands to run before power on and five commands to run after power on, and the third
command in the batch before power on fails, the remaining two commands to run before power on
do not run. Site Recovery Manager does not power on the virtual machine and so cannot run any
post-power on commands.

Message Prompt Recovery Steps

Custom recovery steps that issue a message prompt cannot fail. The recovery plan pauses until the user
dismisses the prompt.

Create Top-Level Message Prompts or Command Steps

You can add top-level recovery steps anywhere in the recovery plan. Top-level command steps are
commands or scripts that you run on Site Recovery Manager Server during a recovery. You can also add
steps that display message prompts that a user must acknowledge during a recovery.

Prerequisites

You have a recovery plan to which to add custom steps.

n

For information about writing the commands to add to command steps, see “Guidelines for Writing

n

Command Steps,” on page 86 and “Environment Variables for Command Steps,” on page 86.

Procedure

1 In the vSphere Web Client, select Site Recovery > Recovery Plans, and select a recovery plan.

2 On the Monitor tab, click Recovery Steps.

84 VMware, Inc.

Chapter 7 Configuring a Recovery Plan

3 Use the View drop-down menu to select the type of recovery plan run to which to add a step.

Option Description

Test Steps

Recovery Steps

Add a step to run when you test a recovery plan.

Add a step to run when you perform planned migration or disaster
recovery

You cannot add steps in the cleanup or reprotect operations.

4 To add a step before a step, right click the step and select Add Step Before. To add a step after the last

step, right click the last step and select Add Step After.

5 Select Command on SRM Server or Prompt.

6 In the Name text box, enter a name for the step.

The step name appears in the list of steps in the Recovery Steps view.

7 In the Content text box, enter a command, script, or message prompt.

If you selected Command on SRM Server, enter the command or script to run.

n

If you selected Prompt, enter the text of the message to display during the recovery plan run.

n

8 (Optional) Modify the Timeout setting for the command to run on Site Recovery Manager Server.

This option is not available if you create a prompt step.

9 Click OK to add the step to the recovery plan.

What to do next

You can right click the newly created step and select options to edit, delete or add steps before and after it.

Create Message Prompts or Command Steps for Individual Virtual Machines

You can create custom recovery steps to prompt users to perform tasks or for Site Recovery Manager to
perform tasks on a virtual machine before or after Site Recovery Manager powers it on.

Site Recovery Manager associates command steps with a protected or recovered virtual machine in the same
way as customization information. If multiple recovery plans contain the same virtual machine,
Site Recovery Manager includes the commands and prompts in all of the recovery plans .

Prerequisites

You have a recovery plan to which to add custom steps.

n

For information about writing the commands to add to command steps, see “Guidelines for Writing

n

Command Steps,” on page 86 and “Environment Variables for Command Steps,” on page 86.

Procedure

1 In the vSphere Web Client, select Site Recovery > Recovery Plans, and select a recovery plan.

2 On the Related Objects tab, click Virtual Machines.

3 Right-click a virtual machine and click Configure Recovery.

4 On the Recovery Properties tab, click Pre-Power On Steps or Post-Power On Steps.

5 Click the plus icon to add a step.

VMware, Inc. 85

Site Recovery Manager Administration

6 Select the type of step to create.

Option Description

Prompt

Command on SRM Server

Command on Recovered VM

7 In the Name text box, enter a name for the step.

The step name appears in the list of steps in the Recovery Steps view.

8 In the Content text box, enter a command, script, or message prompt.

If you selected Command on SRM Server or Command on Recovered VM, enter the command or

n

script to run.

If you selected Prompt, enter the text of the message to display during the recovery plan run.

n

9 (Optional) Modify the Timeout setting for the command to run on Site Recovery Manager Server.

This option is not available if you create a prompt step.

Prompts users to perform a task or to provide information that the user
must acknowledge before the plan continues to the next step. This option
is available for both pre-power on steps and post-power on steps.

Runs a command on Site Recovery Manager Server. This option is
available for both pre-power on steps and post-power on steps.

Runs a command on the recovered virtual machine. This option is only
available for post-power on steps.

10 Click OK to add the step to the recovery plan.

11 Click OK to reconfigure the virtual machine to run the command before or after it powers on.

Guidelines for Writing Command Steps

All batch files or commands for custom recovery steps that you add to a recovery plan must meet certain
requirements.

When you create a command step to add to a recovery plan, make sure that it takes into account the
environment in which it must run. Errors in a command step affect the integrity of a recovery plan. Test the
command on Site Recovery Manager Server on the recovery site before you add it to the plan.

You must start the Windows command shell using its full path on the local host. For example, to run a

n

script located in c:\alarmscript.bat, use the following command line:

c:\windows\system32\cmd.exe /c c:\alarmscript.bat

You must install batch files and commands on the Site Recovery Manager Server at the recovery site.

n

Batch files and commands must finish within 300 seconds. Otherwise, the recovery plan terminates

n

with an error. To change this limit, see “Change Recovery Settings,” on page 137.

Batch files or commands that produce output that contains characters with ASCII values greater than

n

127 must use UTF-8 encoding. Site Recovery Manager records only the final 4KB of script output in log
files and in the recovery history. Scripts that produce more output should redirect the output to a file
rather than sending it to the standard output to be logged.

Environment Variables for Command Steps

Site Recovery Manager makes environment variables available that you can use in commands for custom
recovery steps.

Command steps run with the identity of the LocalSystem account on the Site Recovery Manager Server host
at the recovery site. When a command step runs, Site Recovery Manager makes environment variables
available for it to use.

86 VMware, Inc.

Chapter 7 Configuring a Recovery Plan

Table 7‑1. Environment Variables Available to All Command Steps

Name Value Example

VMware_RecoveryName Name of the recovery plan that is

running.

VMware_RecoveryMode Recovery mode. Test or recovery

VMware_VC_Host Host name of the vCenter Server at

the recovery site.

VMware_VC_Port Network port used to contact

vCenter Server.

Plan A

vc_hostname.example.com

443

Site Recovery Manager makes additional environment variables available for per-virtual machine command
steps that run either on Site Recovery Manager Server or on the recovered virtual machine.

Table 7‑2. Environment Variables Available to Per-Virtual Machine Command Steps

Name Value Example

VMware_VM_Uuid UUID used by vCenter to uniquely identify

this virtual machine.

VMware_VM_Name Name of this virtual machine, as set at the

protected site.

VMware_VM_Ref Managed object ID of the virtual machine. vm-1199

VMware_VM_GuestName Name of the guest OS as defined by the VIM

API.

VMware_VM_GuestIp IP address of the virtual machine, if known. 192.168.0.103

VMware_VM_Path Path to this VMDK of this virtual machine.

4212145a-eeae-a02c-e525-ebba70b0d4f3

My New Virtual Machine

otherGuest

[datastore-123] jquser-vm2/jquser­vm2.vmdk

Suspend Virtual Machines When a Recovery Plan Runs

Site Recovery Manager can suspend virtual machines on the recovery site during a recovery and a test
recovery.

Suspending virtual machines on the recovery site is useful in active-active datacenter environments and
where non-critical workloads run on recovery sites. By suspending any virtual machines that host non­critical workloads on the recovery site, Site Recovery Manager frees capacity for the recovered virtual
machines. Site Recovery Manager resumes virtual machines that are suspended during a failover operation
when the failover runs in the opposite direction.

You can only add virtual machines to suspend at the recovery site.

Procedure

1 In the vSphere Web Client, select Site Recovery > Recovery Plans, and select a recovery plan.

2 In the Monitor tab, click Recovery Steps.

3 Right-click Suspend Non-critical VMs at Recovery Site and select Add Non-Critical VM.

4 Select virtual machines on the recovery site to suspend during a recovery.

5 Click OK.

Site Recovery Manager suspends the virtual machines on the recovery site when the recovery plan runs.

VMware, Inc. 87

Site Recovery Manager Administration

Specify the Recovery Priority of a Virtual Machine

By default, Site Recovery Manager sets all virtual machines in a new recovery plan to recovery priority level

3. You can increase or decrease the recovery priority of a virtual machine. The recovery priority specifies the
shutdown and power on order of virtual machines.

If you change the priority of a virtual machine, Site Recovery Manager applies the new priority to all
recovery plans that contain this virtual machine.

Site Recovery Manager starts virtual machines on the recovery site according to the priority that you set.
Site Recovery Manager starts priority 1 virtual machines first, then priority 2 virtual machines second, and
so on. Site Recovery Manager uses VMware Tools heartbeat to discover when a virtual machine is running
on the recovery site. In this way, Site Recovery Manager can ensure that all virtual machines of a given
priority are running before it starts the virtual machines of the next priority. For this reason, you must install
VMware Tools on protected virtual machines.

NOTE If a virtual machine that is eligible for stretched storage migration has a lower priority than a virtual
machine that is not eligible for stretched storage migration, the eligible virtual machine will not be migrated.

Procedure

1 In the vSphere Web Client, select Site Recovery > Recovery Plans, and select a recovery plan.

2 On the Related Objects tab, click Virtual Machines.

3 Right-click a virtual machine and select All Priority Actions.

4 Select a new priority for the virtual machine.

The highest priority is 1. The lowest priority is 5.

5 Click Yes to confirm the change of priority.

Configure Virtual Machine Dependencies

If a virtual machine depends on services that run on another virtual machine in the same protection group,
you can configure a dependency between the virtual machines. By configuring a dependency, you can
ensure that the virtual machines start on the recovery site in the correct order. Dependencies are only valid
if the virtual machines have the same priority.

NOTE Virtual machines eligible for stretched storage migration cannot be dependent on virtual machines
that are not eligible for stretched storage migration or they will not be migrated.

When a recovery plan runs, Site Recovery Manager starts the virtual machines that other virtual machines
depend on before it starts the virtual machines with the dependencies. If Site Recovery Manager cannot start
a virtual machine that another virtual machine depends on, the recovery plan continues with a warning.
You can only configure dependencies between virtual machines that are in the same recovery priority
group. If you configure a virtual machine to be dependent on a virtual machine that is in a lower priority
group, Site Recovery Manager overrides the dependency and first starts the virtual machine that is in the
higher priority group.

If you remove a protection group that contains the dependent virtual machine from the recovery plan the
status of the protection group is set to Not in this Plan in the dependencies for the virtual machine with
the dependency. If the configured virtual machine has a different priority than the virtual machine that it
depends on, the status of the dependent virtual machine is set to Lower Priority or Higher Priority.

Prerequisites

Verify that the virtual machine with the dependency and the virtual machine that it depends on are in

n

the same recovery plan.

88 VMware, Inc.

Chapter 7 Configuring a Recovery Plan

Verify that the virtual machine with the dependency and the virtual machine that it depends on are in

n

the same recovery priority group.

Procedure

1 In the vSphere Web Client, select Site Recovery > Recovery Plans, and select a recovery plan.

2 On the Related Objects tab, click Virtual Machines.

3 Right-click a virtual machine that depends on one or more other virtual machines and select Configure

Recovery.

4 Expand VM Dependencies.

5 Click Configure to add a new virtual machine dependency.

A dialog opens listing all virtual machines in the selected recovery plan.

6 Select one or more virtual machines from the list and click OK.

The selected virtual machines are added to the list of dependencies.

7 Verify the virtual machines in the VM Dependencies list are on and verify the status of the

dependencies is OK.

8 (Optional) To remove a dependency, select a virtual machine from the list of virtual machines that this

virtual machine depends on and click Remove.

9 Click OK.

Enable vSphere vMotion for Planned Migration

vSphere vMotion migration of a virtual machine is available only for a planned migration. You can enable
or disable vSphere vMotion from the Recovery Properties dialog.

Prerequisites

Before performing a vSphere vMotion migration, confirm that the VM belongs to a storage policy

n

protection group, is placed on stretched storage, and is powered on.

Ensure that you have configured full inventory mappings. If you have only configured temporary

n

placeholder inventory mappings and you run a planned migration with the Enable vMotion of eligible
VMs option, planned migration fails, even though both sites are running.

Procedure

1 In the vSphere Web Client, select Site Recovery > Recovery Plans, and select a recovery plan.

2 On the Related Objects tab, click Virtual Machines.

3 Right-click a virtual machine and select Configure Recovery.

Select Use vMotion for planned migration (VM should be powered on).

4 Click OK.

There is no power cycle during the planned migration. Configured shutdown or startup actions or steps
configured before power on are ignored. Steps configured after power on are executed.

VMware, Inc. 89

Site Recovery Manager Administration

Configure Virtual Machine Startup and Shutdown Options

You can configure how a virtual machine starts up and shuts down on the recovery site during a recovery.

You can configure whether to shut down the guest operating system of a virtual machine before it powers
off on the protected site. You can configure whether to power on a virtual machine on the recovery site. You
can also configure delays after powering on a virtual machine to allow VMware Tools or other applications
to start on the recovered virtual machine before the recovery plan continues.

Prerequisites

You created a recovery plan.

Procedure

1 In the vSphere Web Client, select Site Recovery > Recovery Plans, and select a recovery plan.

2 On the Related Objects tab, click Virtual Machines.

3 Right-click a virtual machine and select Configure Recovery.

4 Expand Shutdown Action and select the shutdown method for this virtual machine.

Option Description

Shutdown guest OS before power
off

Power off

5 Expand Startup Action and select whether to power on the virtual machine after a recovery.

Gracefully shuts down the virtual machine before powering it off. You can
set a timeout period for the shutdown operation. Setting the timeout
period to 0 is equivalent to the Power off option. This option requires that
VMware Tools are running on the virtual machine.

NOTE The virtual machine powers off when the timeout expires. If the OS
of the virtual machine has not completed its shutdown tasks when the
timeout expires, data loss might result. For a large virtual machine that
requires a long time to shut down gracefully, set an appropriately long
power-off timeout.

Powers off the virtual machine without shutting down the guest operating
system.

Option Description

Power on

Do not power on

Powers on the virtual machine on the recovery site.

Recovers the virtual machine but does not power it on.

6 (Optional) Select or deselect the Wait for VMware tools check box.

This option is only available if you selected Power on in Step 5.

If you select Wait for VMware tools, Site Recovery Manager waits until VMware Tools starts after
powering on the virtual machine before the recovery plan continues to the next step. You can set a
timeout period for VMware Tools to start.

7 (Optional) Select or deselect the Additional Delay before running Post Power On steps and starting

dependent VMs check box and specify the time for the additional delay.

This option is only available if you selected Power on in Step 5.

For example, you might specify an additional delay after powering on a virtual machine to allow
applications to start up that another virtual machine depends on.

90 VMware, Inc.

Chapter 7 Configuring a Recovery Plan

Limitations to Protection and Recovery of Virtual Machines

The protection and recovery by Site Recovery Manager of virtual machines is subject to limitations.

Protection and Recovery of Suspended Virtual Machines

When you suspend a virtual machine, vSphere creates and saves its memory state. When the virtual
machine resumes, vSphere restores the saved memory state to allow the virtual machine to continue without
any disruption to the applications and guest operating systems that it is running.

Protection and Recovery of Virtual Machines with Snapshots

Array-based replication supports the protection and recovery of virtual machines with snapshots, but with
limitations.

You can specify a custom location for storing snapshot delta files by setting the workingDir parameter in
VMX files. Site Recovery Manager does not support the use of the workingDir parameter.

Limitations also apply if you are running versions of ESX or ESXi Server older than version 4.1.

If the virtual machine has multiple VMDK disk files, all the disk files must be contained in the same

n

folder as the VMX file itself.

If a virtual machine is attached to a Raw Disk Mapping (RDM) disk device, you must store the mapping

n

file in the same folder as the VMX file. RDM snapshots are only available if you create the RDM
mapping using Virtual Compatibility Mode.

If you are running a ESX or ESXi Server 4.1 or later, these limitations do not apply.

vSphere Replication supports the protection of virtual machines with snapshots, but you can only recover
the latest snapshot. vSphere Replication erases the snapshot information in the recovered virtual machine.
As a consequence, snapshots are no longer available after recovery, unless you configure
vSphere Replication to retain multiple point-in-time snapshots. For information about recovering older
snapshots by using multiple point-in-time snapshots with vSphere Replication, see “Replicating a Virtual

Machine and Enabling Multiple Point in Time Instances,” on page 29.

Protection and Recovery of Virtual Machines with Memory State Snapshots

When protecting virtual machines with memory state snapshots, the ESXi hosts at the protection and
recovery sites must have compatible CPUs, as defined in the VMware knowledge base articles VMotion

CPU Compatibility Requirements for Intel Processors and VMotion CPU Compatibility Requirements for
AMD Processors. The hosts must also have the same BIOS features enabled. If the BIOS configurations of the

servers do not match, they show a compatibility error message even if they are otherwise identical. The two
most common features to check are Non-Execute Memory Protection (NX / XD) and Virtualization
Technology (VT / AMD-V).

Protection and Recovery of Linked Clone Virtual Machines

vSphere Replication does not support the protection and recovery of virtual machines that are linked clones.

Array-based replication supports the protection and recovery of virtual machines that are linked clones if all
the nodes in the snapshot tree are replicated.

VMware, Inc. 91

Site Recovery Manager Administration

Protection and Recovery of Virtual Machines with Reservations, Affinity Rules,
or Limits

When Site Recovery Manager recovers a virtual machine to the recovery site, it does not preserve any
reservations, affinity rules, or limits that you have placed on the virtual machine. Site Recovery Manager
does not preserve reservations, affinity rules, and limits on the recovery site because the recovery site might
have different resource requirements to the protected site.

You can set reservations, affinity rules, and limits for recovered virtual machines by configuring
reservations and limits on the resource pools on the recovery site and setting up the resource pool mapping
accordingly. Alternatively, you can set reservations, affinity rules, or limits manually on the placeholder
virtual machines on the recovery site.

Protection and Recovery of Virtual Machines with Components on Multiple
Arrays

Array-based replication in Site Recovery Manager depends on the concept of an array pair.
Site Recovery Manager defines groups of datastores that it recovers as units. As a consequence, limitations
apply to how you can store the components of virutal machines that you protect using array-based
replication.

Site Recovery Manager does not support storing virtual machine components on multiple arrays on the

n

protected site that replicate to a single array on the recovery site.

Site Recovery Manager does not support storing virtual machine components on multiple arrays on the

n

protected site that replicate to mulitple arrays on the recovery site, if the virtual machine components
span both arrrays.

If you replicate virtual machine components from multiple arrays to a single array or to a span of arrays on
the recovery site, the VMX configurations of the UUID of the datastores on the protected site do not match
the configurations on the recovery site.

The location of the VMX file of a virtual machine determines which array pair a virtual machine belongs to.
A virtual machine cannot belong to two array pairs, so if it has more than one disk and if one of those disks
is in an array that is not part of the array pair to which the virtual machine belongs, Site Recovery Manager
cannot protect the whole virtual machine. Site Recovery Manager handles the disk that is not on the same
array pair as the virtual machine as an unreplicated device.

As a consequence, store all the virtual disks, swap files, RDM devices, and the working directory for the
virtual machine on LUNs in the same array so that Site Recovery Manager can protect all the components of
the virtual machine.

92 VMware, Inc.

Customizing IP Properties for Virtual

Machines 8

You can customize IP settings for virtual machines for the protected site and the recovery site. Customizing
the IP properties of a virtual machine overrides the default IP settings when the recovered virtual machine
starts at the destination site.

If you do not customize the IP properties of a virtual machine, Site Recovery Manager uses the IP settings
for the recovery site during a recovery or a test from the protection site to the recovery site.
Site Recovery Manager uses the IP settings for the protection site after reprotect during the recovery or a test
from the original recovery site to the original protection site.

Site Recovery Manager supports different types of IP customization.

Use IPv4 and IPv6 addresses.

n

Configure different IP customizations for each site.

n

Use DHCP, Static IPv4, or Static IPv6 addresses.

n

Customize addresses of Windows and Linux virtual machines.

n

Customize multiple NICs for each virtual machine.

n

NOTE You only configure one IP address per NIC.

For the list of guest operating systems for which Site Recovery Manager supports IP customization, see the
Compatibility Matrixes for Site Recovery Manager 6.1 at https://www.vmware.com/support/srm/srm-compat-

matrix-6-1.html.

You associate customization settings with protected virtual machines. As a result, if the same protected
virtual machine is a part of multiple recovery plans, then all recovery plans use a single copy of the
customization settings. You configure IP customization as part of the process of configuring the recovery
properties of a virtual machine.

If you do not customize a NIC on the recovery site, the NIC continues to use the IP settings from the
protected site, and vice versa, and Site Recovery Manager does not apply IP customization to the virtual
machine during recovery.

You can apply IP customizations to individual or to multiple virtual machines.

VMware, Inc.

93

Site Recovery Manager Administration

If you configure IP customization on virtual machines, Site Recovery Manager adds recovery steps to those
virtual machines.

Guest OS Startup

The Guest Startup process happens in parallel for all virtual machines for
which you configure IP customization.

Customize IP

Guest OS Shutdown

Site Recovery Manager pushes the IP customizations to the virtual machine.

Site Recovery Manager shuts down the virtual machine and reboots it to
ensure that the changes take effect and that the guest operating system
services apply them when the virtual machine restarts.

After the IP customization process finishes, virtual machines power on according to the priority groups and
any dependencies that you set.

NOTE To customize the IP properties of a virtual machine, you must install VMware Tools or the VMware
Operating System Specific Packages (OSP) on the virtual machine. See

http://www.vmware.com/download/packages.html.

Manually Customize IP Properties For an Individual Virtual Machine on page 94

n

You can customize IP settings manually for individual virtual machines for both the protected site and
the recovery site.

Customizing IP Properties for Multiple Virtual Machines on page 95

n

You can customize the IP properties for multiple virtual machines on the protected and recovery sites
by using the DR IP Customizer tool and by defining subnet-level IP mapping rules.

Manually Customize IP Properties For an Individual Virtual Machine

You can customize IP settings manually for individual virtual machines for both the protected site and the
recovery site.

NOTE If you are using Storage Policy Protection Groups you must have a client connection to the virtual
machine's protected site in order to do manual IP customization.

Procedure

1 In the vSphere Web Client, select Site Recovery > Recovery Plans, and select a recovery plan.

2 On the Related Objects tab, click Virtual Machines.

3 Right-click a virtual machine and click Configure Recovery.

4 Click the IP Customization tab and select Manual IP customization.

5 Select the NIC for which you want to modify IP Settings.

6 Click Configure Protection or Configure Recovery, depending on whether you want to configure IP

settings on the protected site or on the recovery site.

7 Click the IPv4 tab to configure IPv4 settings, and select DHCP, or for static addresses, enter an IP

address, subnet information, and gateway server addresses.

Alternately, if the virtual machine is powered on and has VMware Tools installed, you can click
Retrieve to import current settings configured on the virtual machine.

8 Click the IPv6 tab to configure IPv6 settings, and select DHCP, or for static addresses, enter an IP

address, subnet information, and gateway server addresses.

Alternately, if the virtual machine is powered on and has VMware Tools installed, you can click
Retrieve to import current settings configured on the virtual machine.

94 VMware, Inc.

Chapter 8 Customizing IP Properties for Virtual Machines

9 Click the DNS tab to configure DNS settings.

a Choose how DNS servers are found.

You can use DHCP to find DNS servers or you can specify primary and alternate DNS servers.

b Enter a DNS suffix and click Add or select an existing DNS suffix and click Remove, Move Up, or

Move Down.

Alternately, if the virtual machine is powered on and has VMware Tools installed, you can click
Retrieve to import current settings configured on the virtual machine.

10 Click the WINS tab to enter primary and secondary WINS addresses.

The WINS tab is available only when configuring DHCP or IPv4 addresses for Windows virtual
machines.

11 Repeat Step 6 through Step 9 to configure recovery site or protected site settings, if required.

For example, if you configured IP settings for the recovery site, you might want to configure IP settings
for the protected site. Recovery site settings are applied during recovery. Protected site settings are
applied during failback.

12 Repeat the configuration process for other NICs, as required.

NOTE Virtual machines with manually defined IP customization are not subject to the IP Mapping Rule
evaluation during recovery. Manually-specified IP configuration takes precedence over IP mapping rules.

Customizing IP Properties for Multiple Virtual Machines

You can customize the IP properties for multiple virtual machines on the protected and recovery sites by
using the DR IP Customizer tool and by defining subnet-level IP mapping rules.

In previous releases of Site Recovery Manager, you customized IP properties for multiple virtual machines
by using the DR IP Customizer tool. In addition to DR IP Customizer, you can customize IP properties for
multiple virtual machines by defining subnet-level IP customization rules.

You can use subnet-level IP customization rules in combination with DR IP Customizer.

Using DR IP Customizer is a fast way to define explicit IP customization settings for multiple virtual

n

machines by using a CSV file.

You apply subnet-level IP customization rules to virtual machines by using the vSphere Web Client.

n

Virtual machines that you configure by using DR IP Customizer are not subject to subnet-level IP
customization rules. You can achieve the same IP customization results by using either DR IP Customizer or
IP subnet rules.

Customizing IP Properties for Multiple Virtual Machines By Using the DR IP Customizer Tool

The DR IP Customizer tool allows you to define explicit IP customization settings for multiple protected
virtual machines on the protected and recovery sites.

In addition to defining subnet IP mapping rules, you can use the DR IP Customizer tool to apply
customized networking settings to virtual machines when they start on the recovery site. You provide the
customized IP settings to the DR IP Customizer tool in a comma-separated value (CSV) file.

VMware, Inc. 95

Site Recovery Manager Administration

Rather than manually creating a CSV file, you can use the DR IP Customizer tool to export a CSV file that
contains information about the networking configurations of the protected virtual machines. You can use
this file as a template for the CSV file to apply on the recovery site by customizing the values in the file.

1 Run DR IP Customizer to generate a CSV file that contains the networking information for the

protected virtual machines.

2 Modify the generated CSV file with networking information that is relevant to the recovery site.

3 Run DR IP Customizer again to apply the CSV with the modified networking configurations to apply

when the virtual machines start up on the recovery site.

You can run the DR IP Customizer tool on either the protected site or on the recovery site. Virtual machine
IDs for protected virtual machines are different at each site, so whichever site you use when you run the DR
IP Customizer tool to generate the CSV file, you must use the same site when you run DR IP Customizer
again to apply the settings.

You can customize the IP settings for the protected and the recovery sites so that Site Recovery Manager
uses the correct configurations during reprotect operations.

For the list of guest operating systems for which Site Recovery Manager supports IP customization, see the
Compatibility Matrixes for Site Recovery Manager 6.1 at https://www.vmware.com/support/srm/srm-compat-

matrix-6-1.html.

Report IP Address Mappings for Recovery Plans on page 96

n

The IP address map reporter generates an XML document describing the IP properties of protected
virtual machines and their placeholders, grouped by site and recovery plan. This information can help
you understand the network requirements of a recovery plan.

Syntax of the DR IP Customizer Tool on page 97

n

The DR IP Customizer tool includes options that you can use to gather networking information about
the virtual machines that Site Recovery Manager protects. You can also use the options to apply
customizations to virtual machines when they start up on the recovery site.

Structure of the DR IP Customizer CSV File on page 99

n

The DR IP Customizer comma-separated value (CSV) file consists of a header row that defines the
meaning of each column in the file, and one or more rows for each placeholder virtual machine in a
recovery plan.

Modifying the DR IP Customizer CSV File on page 102

n

You modify the DR IP Customizer comma-separated value (CSV) file to apply customized networking
settings to virtual machines when they start on the recovery site.

Run DR IP Customizer to Customize IP Properties for Multiple Virtual Machines on page 107

n

You can use the DR IP Customizer tool to customize the IP properties for multiple virtual machines
that Site Recovery Manager protects.

Report IP Address Mappings for Recovery Plans

The IP address map reporter generates an XML document describing the IP properties of protected virtual
machines and their placeholders, grouped by site and recovery plan. This information can help you
understand the network requirements of a recovery plan.

Because the IP address mapping reporter must connect to both sites, you can run the command at either site.
You are prompted to supply the vCenter login credentials for each site when the command runs.

Procedure

1 Open a command shell on the Site Recovery Manager Server host at either the protected or recovery

site.

96 VMware, Inc.

Chapter 8 Customizing IP Properties for Virtual Machines

2 Change to the C:\Program Files\VMware\VMware vCenter Site Recovery Manager\bin directory.

3 Run the dr-ip-reporter.exe command.

If you have a Platform Services Controller with a single vCenter Server instance, run the following

n

command:

dr-ip-reporter.exe --cfg ..\config\vmware-dr.xml

--out path_to_report_file.xml

--uri https://Platform_Services_Controller_address[:port]/lookupservice/sdk

This example points dr-ip-reporter.exe to the vmware-dr.xml file of the
Site Recovery Manager Server and generates the report file for the vCenter Server instance that is
associated with the Platform Services Controller at https://Platform_Services_Controller_address.

If you have a Platform Services Controller that includes multiple vCenter Server instances, you

n

must specify the vCenter Server ID in the --vcid parameter.

dr-ip-reporter.exe --cfg ..\config\vmware-dr.xml

--out path_to_report_file.xml

--uri https://Platform_Services_Controller_address[:port]/lookupservice/sdk

--vcid vCenter_Server_ID

This example points dr-ip-reporter.exe to the vmware-dr.xml file of the
Site Recovery Manager Server and generates the report file for the vCenter Server instance with the
ID vCenter_Server_ID.

NOTE The vCenter Server ID is not the same as the vCenter Server name.

To restrict the list of networks to just the ones that a specific recovery plan requires, include the

n

-plan option on the command line:

dr-ip-reporter.exe --cfg ..\config\vmware-dr.xml

--out path_to_report_file.xml

--uri https://Platform_Services_Controller_address[:port]/lookupservice/sdk

--plan recovery_plan_name

Syntax of the DR IP Customizer Tool

The DR IP Customizer tool includes options that you can use to gather networking information about the
virtual machines that Site Recovery Manager protects. You can also use the options to apply customizations
to virtual machines when they start up on the recovery site.

NOTE This release of Site Recovery Manager allows you to define subnet-level IP mapping rules to
customize IP settings on virtual machines, as well as by using the DR IP Customizer tool. You can use
subnet-level IP mapping rules in combination with DR IP Customizer. For information about how you can
use subnet-level IP mapping rules and DR IP Customizer together, see “Customizing IP Properties for

Multiple Virtual Machines,” on page 95.

You find the dr-ip-customizer.exe executable file in C:\Program Files\VMware\VMware vCenter Site

Recovery Manager\bin on the Site Recovery Manager Server host machine. When you run dr-ip­customizer.exe, you specify different options depending on whether you are generating or applying a

comma-separated value (CSV) file.

dr-ip-customizer.exe

--cfg SRM Server configuration XML

--cmd apply/drop/generate
[--csv Name of existing CSV File]
[--out Name of new CSV file to generate]

--uri https://host[:port]/lookupservice/sdk

VMware, Inc. 97

Site Recovery Manager Administration

--vcid UUID
[--ignore-thumbprint]
[--extra-dns-columns]
[--verbose]

You can run the DR IP Customizer tool on either the protected site or on the recovery site. Virtual machine
IDs for protected virtual machines are different at each site, so whichever site you use when you run the DR
IP Customizer tool to generate the CSV file, you must use the same site when you run DR IP Customizer
again to apply the settings.

Some of the options that the DR IP Customizer tool provides are mandatory, others are optional.

Table 8‑1. DR IP Customizer Options

Option Description Mandatory

-h [ --help ]

--cfg arg

--cmd arg

--csv arg

-o [ --out ] arg

--uri arg

Displays usage information about
dr-ip-customizer.exe.

Path to the application XML
configuration file, vmware-dr.xml.

You specify different commands to
run DR IP Customizer in different
modes.

n

The apply command applies the
network customization settings
from an existing CSV file to the
recovery plans on the
Site Recovery Manager Server
instances.

n

The generate command
generates a basic CSV file for all
virtual machines that
Site Recovery Manager protects
for a vCenter Server instance.

n

The drop command removes the
recovery settings from virtual
machines specified by the input
CSV file.

Always provide the same
vCenter Server instance for the apply
and drop commands as the one that
you used to generate the CSV file.

Path to the CSV file.

Name of the new CSV output file that
the generate command creates. If
you provide the name of an existing
CSV file, the generate command
overwrites its current contents.

Lookup Service URL on the Platform
Service Controller with the form

https://host[:port]/lookupserv
ice/sdk. Specify the port if it is not

443 . The Site Recovery Manager
instance associates this address with
the primary site's infranode.

Use the same vCenter Server instance
for the apply and drop commands as
the one that you used to generate the
CSV file.

No

Yes

Yes

Yes, when running the apply and
drop commands.

Yes, when you run the generate
command.

Yes

98 VMware, Inc.

Chapter 8 Customizing IP Properties for Virtual Machines

Table 8‑1. DR IP Customizer Options (Continued)

Option Description Mandatory

--vcid arg

-i [ --ignore-thumbprint ]

-e [ --extra-dns-columns ]

-v [ --verbose ]

The primary sitevCenter Server
instance UUID.

Ignore the vCenter Server
thumbprint confirmation prompt.

Must be specified if the input CSV
file contains extra columns for DNS
information.

Enable verbose output. You can
include a --verbose option on any
dr-ip-customizer.exe command
line to log additional diagnostic
messages.

Optional, unless the primary site
infrastructure contains more than one
vCenter Server instance.

No

No

No

The tool can print the UUID to the Lookup Service whenever the --vcid value is unspecified as in this
example:

dr-ip-customizer.exe --cfg testConfig.xml -i --cmd generate -o c: \tmp\x.csv --uri
https://service.company.com:443/lookupservice/sdk --vcid ?

ERROR: Failed to locate VC instance. Use one of the following known VC instances: e07c907e­cd41-4fe7-b38a-f4c0e677a18c vc.company.com

The result is the vCenter Server instance UUID followed by the vCenter Server DNS hostname for each
vCenter Server registered with the Lookup Service.

Structure of the DR IP Customizer CSV File

The DR IP Customizer comma-separated value (CSV) file consists of a header row that defines the meaning
of each column in the file, and one or more rows for each placeholder virtual machine in a recovery plan.

NOTE This release of Site Recovery Manager allows you to define subnet-level IP mapping rules to
customize IP settings on virtual machines, as well as by using the DR IP Customizer tool. You can use
subnet-level IP mapping rules in combination with DR IP Customizer. For information about how you can
use subnet-level IP mapping rules and DR IP Customizer together, see “Customizing IP Properties for

Multiple Virtual Machines,” on page 95.

Configuring IP settings for both sites is optional. You can provide settings for only the protected site, or
settings for only the recovery site, or settings for both sites. You can configure each site to use a different set
of network adapters in a completely different way.

Certain fields in the CSV file must be completed for every row. Other fields can be left blank if no
customized setting is required.

VMware, Inc. 99

Site Recovery Manager Administration

Table 8‑2. Columns of the DR IP Customizer CSV File

Column Description Customization Rules

VM ID Unique identifier that DR IP

VM Name The human-readable name of the

vCenter Server Address of a vCenter Server instance

Adapter ID ID of the adapter to customize.

DNS Domain DNS domain for this adapter. Customizable. Can be left blank.

Net BIOS Select whether to activate NetBIOS

Primary WINS DR IP Customizer validates that

Customizer uses to collect
information from multiple rows for
application to a single virtual
machine. This ID is internal to DR IP
Customizer and is not the same as
the virtual machine ID that
vCenter Server uses.

virtual machine as it appears in the
vCenter Server inventory.

on either the protected site or the
recovery site. You set the IP settings
for a virtual machine on each site in
the vCenter Server column.

Adapter ID 0 sets global settings on
all adapters for a virtual machine.
Setting values on Adapter ID 1, 2, 3,
and so on, configures settings for
specific NICs on a virtual machine.

on this adapter.

WINS settings are applied only to
Windows virtual machines, but it
does not validate NetBIOS settings.

Not customizable. Cannot be blank.

Not customizable. Cannot be blank.

Not customizable. Cannot be blank.

This column can contain both
vCenter Server instances. Each
vCenter Server instance requires its
own row. You can configure one set of
IP settings to use on one site and
another set of IP settings to use on the
other site. You can also provide IP
settings to be used on both sites, for
reprotect operations.

Customizable. Cannot be left blank.

The only fields that you can modify for
a row in which the Adapter ID is 0 are
DNS Server(s) and DNS Suffix(es).
These values, if specified, are inherited
by all other adapters in use by that VM
ID.

You can include multiple DNS servers
on multiple lines in the CSV file. For
example, if you require two global
DNS hosts, you include two lines for
Adapter ID 0.

One line that contains all the

n

virtual machine information plus
one DNS host.

One line that contains only the

n

second DNS host.

To add another DNS server to a
specific adapter, add the DNS server to
the appropriate Adapter line. For
example, add the DNS server to
Adapter ID 1.

If you do enter a value, it must be in
the format example.company.com.

Customizable. Can be left blank.

If not left empty, this column must
contain one of the following strings:

disableNetBIOS, enableNetBIOS, or
enableNetBIOSViaDhcp.

Customizable. Can be left blank.

100 VMware, Inc.