VMware vSphere Replication - 6.1 User’s Manual
vSphere Replication for
Disaster Recovery to
Cloud
vSphere Replication 6.1
vSphere Replication for Disaster Recovery to Cloud
You can find the most up-to-date technical documentation on the VMware website at:
https://docs.vmware.com/
If you have comments about this documentation, submit your feedback to
docfeedback@vmware.com
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
Copyright © 2017 VMware, Inc. All rights reserved. Copyright and trademark information.
VMware, Inc. 2
Contents
About Disaster Recovery to Cloud 4
1
Updated Information 5
Disaster Recovery to Cloud System Requirements and Compatibility 6
2
Roles and Permissions that Disaster Recovery to Cloud Requires 7
Installing and Configuring vSphere Replication to Cloud 8
3
Installing vSphere Replication for Disaster Recovery to Cloud 8
Upgrading vSphere Replication from Earlier Product Versions 9
Configure NTP Synchronisation in Your Environment 9
How vSphere Replication Connects to Cloud 10
Configuring the Connection to the Cloud 12
Replicating Virtual Machines to Cloud 18
4
Configure a Replication to Cloud for a Single Virtual Machine 19
Configure a Cloud Replication Task for Multiple Virtual Machines 22
Using Replication Seeds for Replications to Cloud 25
Reconfiguring Replications to the Cloud 26
5
Reconfigure a Replication to Cloud 26
Recovering Virtual Machines to Cloud 27
6
Test Recovery to Cloud 27
Planned Migration to Cloud 29
Configuring Replications from Cloud 31
7
Configure a Replication From Cloud 32
Configure a Reverse Replication from Cloud 34
Monitoring and Managing Replication Tasks 36
8
Monitoring the Status of Replication Tasks 36
Pause or Resume a Replication Task 37
Stop a Replication To Cloud 38
Stop a Replication From Cloud 39
Troubleshooting vSphere Replication for Disaster Recovery to Cloud 41
9
vSphere Replication UI is Missing After a vCenter Server Upgrade 41
VMware, Inc.
3
About
Disaster Recovery to Cloud 1
You can subscribe to a Disaster Recovery service to protect your vSphere workloads.
Disaster Recovery lets administrators of small sites to protect their vSphere virtual workloads from a wide
class of disasters by replicating those workloads into the cloud. Disaster Recovery uses the host-based
replication feature of vSphere Replication to copy the protected source virtual machines into the
infrastructure of the cloud provider. If a disaster occurs, the Disaster Recovery servers can convert the
replicated data into vApps and virtual machines in the cloud.
VMware, Inc. 4
Updated Information
This vSphere Replication for Disaster Recovery to Cloud document is updated with each release of the
product or when necessary.
This table provides the update history of the vSphere Replication for Disaster Recovery to Cloud
document.
Revision Description
EN-001621-02
EN-001621-01
EN-001621-00 Initial release.
n
Updated the information in topic Chapter 2 Disaster Recovery to Cloud System Requirements and
Compatibility.
n
Updated the information in topic Upgrading vSphere Replication from Earlier Product Versions.
n
Updated the information about the Interoperability of vSphere Replication in topics Configure a Replication to
Cloud for a Single Virtual Machine, and Configure a Cloud Replication Task for Multiple Virtual Machines.
n
Updated the information in topic Select Recovery Networks on the Target Virtual Data Center.
n
Updated the information in topic Configure a Replication From Cloud.
n
Corrected information on supported vCenter Server versions in Chapter 2 Disaster Recovery to Cloud System
Requirements and Compatibility.
n
Corrected product name in topic Select Recovery Networks on the Target Virtual Data Center.
VMware, Inc. 5
Disaster Recovery to Cloud
System Requirements and
Compatibility 2
To enable replications to the cloud, your environment must meet certain requirements in terms of
additional configuration and specific versions of the VMware products that you use.
System Requirements
Disaster Recovery to Cloud has the same requirements to the environment as vSphere Replication. In
addition, Disaster Recovery to Cloud requires that ports 10000 to 10010 of ESXi hosts are open for
outgoing traffic . The required ports are open automatically when you install a VIB on each supported
ESXi host in the environment where the vSphere Replication appliance is deployed. See How vSphere
Replication Connects to Cloud.
Product Compatibility
Replications to the cloud require that you run certain versions of VMware products on the source site and
on the target site. Your cloud provider ensures that the target environment is configured for replications to
cloud. You must verify that you run a supported version of the following products on the source site.
Table 2‑1. Compatible Product Versions on the Source Site for Replications to the Cloud
Product Supported Version
vSphere Replication appliance 6.x
ESXi host 5.0, 5.1.x, 5.5.x, and 6.0
vCenter Server 6.0
vSphere Web Client 6.0
VMware, Inc. 6
vSphere Replication for Disaster Recovery to Cloud
Roles and Permissions that Disaster Recovery to Cloud Requires
Replications to the cloud require certain users, roles, and permissions.
vSphere Web Client
On the source vSphere side, you need the same credentials as the ones required for
vSphere Replication. See the topic vSphere Replication Roles Reference in the VMware vSphere
Replication Administration document.
vCloud User Credentials
When you create a connection to the target virtual data center, you provide two pairs of credentials.
Connection Credentials Used for authenticating within the cloud organization, these credentials
initiate a user session with your cloud provider. The privileges for your user
account are managed by your cloud provider.
System Monitoring
Credentials
n
com.vmware.hcs.{com.vmware.hcs}:ManageRight
n
com.vmware.hcs.{com.vmware.hcs}:ViewRight
n
Organization.View Organization Networks
n
Organization.View Organizations
n
Organization VDC.View Organization VDCs
Credentials to the cloud are required for each target site, once per user
session, and not per operation in the vSphere Web Client. When the
authenticated user session to a target site expires, users are prompted to
input their credentials again.
Used at runtime to let the source and the target site communicate. These
credentials are stored in the vSphere Replication appliance on the source
site. The user name that you provide must be assigned the
vSphere Replication role, or the following rights in your cloud organization.
n
com.vmware.hcs.{com,vmware.hcs}:ManageRight
n
com.vmware.hcs.{com,vmware.hcs}:ViewRight
n
Organization.View Organization Networks
n
Organization.View Organizations
n
Organization VDC.View Organization VDCs
Although you can use the same credentials for both connection and system monitoring, a good practice is
to use different pairs of credentials.
VMware, Inc. 7
Installing and Configuring
vSphere Replication to Cloud 3
Before you configure replications to the cloud, you must deploy the vSphere Replication appliance on the
source site and set up your environment to enable connections to the cloud.
This section includes the following topics:
n
Installing vSphere Replication for Disaster Recovery to Cloud
n
Upgrading vSphere Replication from Earlier Product Versions
n
Configure NTP Synchronisation in Your Environment
n
How vSphere Replication Connects to Cloud
n
Configuring the Connection to the Cloud
Installing vSphere Replication for
Disaster Recovery to Cloud
vSphere Replication is distributed as an OVF virtual appliance.
You deploy vSphere Replication by using the vSphere OVF deployment wizard.
Depending on the version of the vCenter Server on which you install vSphere Replication, the deployment
procedure might vary.
Table 3‑1. vSphere Replication Deployment Procedures
vCenter Server Version vSphere Replication Deployment Procedure
vCenter Server 5.5.x See the topic Deploy the vSphere Replication Virtual Appliance
in the vSphere Replication 5.5 Administration document.
vCenter Server 6.0 See the topic Deploy the vSphere Replication Virtual Appliance
in the vSphere Replication 6.1 Administration document.
Important In these procedures, the steps for installing vSphere Replication on the target site apply to
vCenter Server to vCenter Server replications. If you intend to use vSphere Replication only for
replications to cloud, do not attempt to install vSphere Replication on the target site. Your cloud provider
ensures that the target site is configured for replications to cloud.
After installing the vSphere Replication appliance, you must configure it to synchronize with an external
NTP server. See Configure NTP Synchronisation in Your Environment.
VMware, Inc.
8
vSphere Replication for Disaster Recovery to Cloud
Upgrading vSphere Replication from Earlier Product Versions
You can upgrade vSphere Replication 5.5.x, 5.8 and 6.0.0.x to vSphere Replication 6.x.
To upgrade a previously installed version of vSphere Replication to vSphere Replication for
Disaster Recovery to Cloud, you must mount the vSphere Replication ISO file on a system in your
environment that is accessible from the vSphere Replication appliance, and apply the update through the
virtual appliance administration interface (VAMI) on port 5480. See Upgrade vSphere Replication by
Using the Downloadable ISO Image.
After upgrading the vSphere Replication appliance, you must configure it to synchronize with an external
NTP server. See Configure NTP Synchronisation in Your Environment.
Configure NTP Synchronisation in Your Environment
You must synchronize the time on the vSphere Replication appliance in your environment with an NTP
server.
By default, the vSphere Replication appliance is synchronized with the ESXi host on which it resides. You
must disable the NTP synchronization with the host and configure the vSphere Replication appliance and
the vCenter Server to synchronize with an external NTP server.
Procedure
1 Configure NTP synchronization on the vSphere Replication appliance.
a In the vSphere inventory tree, locate the vSphere Replication appliance, right-click and select
Edit Settings.
b On the VM Options tab, click VMware Tools.
c Deselect the Synchronize guest time with host check box.
d In the virtual appliance console, run the command chkconfig ntp on to run NTP
synchronization every time the vSphere Replication appliance starts up.
e To configure the vSphere Replication appliance to synchronize with an NTP server, edit
the /etc/ntp.conf file to enter the address of an NTP server.
Add the following line in the ntp.conf file:
server <your_ntp_server_address>
f Run the service ntp start command.
2 Configure the vCenter Server on the source site to synchronize with the NTP server that you
configured in the vSphere Replication appliance.
VMware, Inc. 9
vSphere Replication for Disaster Recovery to Cloud
How vSphere Replication Connects to Cloud
When you create a connection to the cloud, the vCloud Tunneling Agent in the vSphere Replication
appliance creates a tunnel to secure the transfer of replication data to your cloud Organization.
When a tunnel is created, the vCloud Tunneling Agent opens a port on the vSphere Replication
appliance. ESXi hosts connect to that port to send replication data to a cloud organization. The port is
picked randomly from a configurable range. The default port range is 10000-10010 TCP.
By default, ports 10000-10010 are not open on ESXi hosts. When you power on the vSphere Replication
appliance, a vSphere Installation Bundle (VIB) is installed on all supported ESXi hosts in the
vCenter Server inventory where the appliance is deployed. The VIB creates a firewall rule, Replication-to-
Cloud Traffic, that opens TCP ports 10000 to 10010 for outgoing traffic. The rule is enabled automatically
and takes effect immediately when you power on the vSphere Replication appliance, or when a host is
registered or connected in the vCenter Server. If an administrator removes the VIB from a host, for
example by using the esxcli utility, the vSphere Replication appliance reinstalls the VIB the next time
you restart the appliance or when a host is restarted or reconnected to the inventory. If you do not want
ports 10000 to 10010 to be open on an ESXi host, and if you do not plan to use this host as a replication
source, you can disable the Replication-to-Cloud Traffic rule. See Allow or Deny Access to an ESXi
Service or Management Agent with the vSphere Web Client.
To reduce the number of open ports or to change the ports that are used for communication between
ESXi hosts and the vCloud Tunneling Agent, you can create a custom firewall rule and reconfigure the
agent.
Change the Cloud Tunnel Ports on ESXi Hosts
When you power on the vSphere Replication appliance, it automatically configures all ESXi hosts in your
environment to open TCP ports 10000-10010 for outgoing data transfers.
The vCloud Tunneling Agent in the vSphere Replication appliance uses ports 10000-10010 to receive
data from ESXi instances that host replication sources.
If you do not want to have unused open ports on your ESXi hosts, if the number of open ports is
insufficient, or if you want to change which ports are open, you can reconfigure your firewall settings.
To change the default ports that are used to transfer replication data from ESXi hosts to the vCloud
Tunneling Agent, you must configure each ESXi instance that hosts a replication source virtual machine,
and the vCloud Tunneling Agent.
Procedure
1 Disable the default Replication-to-cloud Traffic rule that is created by the vSphere Replication
appliance.
For detailed procedure, see Allow or Deny Access to an ESXi Service or Management Agent with the
vSphere Web Client.
VMware, Inc. 10
vSphere Replication for Disaster Recovery to Cloud
2 Create a custom firewall rule on each ESXi server that hosts replication source machines.
See Creating custom firewall rules in VMware ESXi 5.0 (KB 2008226).
3 Enable the custom firewall rule that you created on each ESXi host.
See Allow or Deny Access to an ESXi Service or Management Agent with the vSphere Web Client.
What to do next
Configure the vCloud Tunneling Agent to use the ports that you configured on ESXi hosts.
Customize the Ports that vSphere Replication Uses for Tunneling
By default, the vCloud Tunneling Agent in the vSphere Replication appliance is configured to use TCP
ports ranging between 10000 and 10010 to create tunnels to the cloud. All ESXi instances that might host
replication source virtual machines must have their firewall configured to allow outgoing traffic on these
ports.
For each tunnel to cloud, the vCloud Tunneling Agent allocates one unique port from the specified range.
You can reconfigure ESXi hosts and the vCloud Tunneling Agent to reduce the number of open ports or to
change the ports that are used to create tunnels to cloud.
After you reconfigure the ESXi hosts to use custom ports, you must configure the vCloud Tunneling Agent
to use the same custom ports.
Prerequisites
n
Verify that the ports you selected to use for cloud tunnels are open for outgoing traffic on all ESXi
servers that host replication sources.
n
Verify that you know the IP address of the vSphere Replication appliance in your environment. To
check the IP address of the vSphere Replication appliance, select the vCenter Server in the inventory
tree, navigate to the Manage tab, click vSphere Replication, and click About.
n
Verify that you have root user credentials for the vSphere Replication appliance.
n
Verify that TCP port 22 is open on the vSphere Replication appliance, and that SSH connections are
enabled. See topic Unable to Establish an SSH Connection to the vSphere Replication Appliance in
the vSphere Replication Administration document.
Procedure
1 Use an SSH client to connect to the vSphere Replication appliance and log in as the root user.
2 Run the following command to configure the ports for tunnel connections.
/opt/vmware/vcta/bin/cell-management-tool
configure-vcta-server -prl LOW -prh HIGH
Where LOW and HIGH define the range of ports to be used for tunnel connections. To use only one
port, type the port number as the value for LOW and HIGH.
VMware, Inc. 11
vSphere Replication for Disaster Recovery to Cloud
For example, the following command configures the vCloud Tunneling Agent to use only port 10001.
/opt/vmware/vcta/bin/cell-management-tool
configure-vcta-server -prl 10001 -prh 10001
Note You can designate any free TCP port in your environment for the communication between
ESXi hosts and the vCloud Tunneling Agent, but you must verify that all ESXi hosts and the vCloud
Tunneling Agent are configured to use the same ports.
3 Run the following command to restart the vCloud Tunneling Agent.
service vmware-vcd restart
Configuring the Connection to the Cloud
In addition to installing and configuring the vSphere Replication appliance, you must configure the
connection to your cloud provider.
You can configure a connection to the cloud provider before you start the Configure Replication wizard
or while you configure a replication task.
Connect to a Cloud Provider Site
Before you configure replication tasks to the cloud, you configure the connections between your vSphere
environment and virtual data centers that belong to your cloud organizations.
You can connect a vCenter Server to multiple virtual data centers, and a virtual data center can be
connected to multiple vCenter Server instances. However, you can have only one connection between a
source vCenter Server and a target virtual data center.
Prerequisites
Verify that you have user credentials for a cloud organization in which vCloud Director is enabled. Your
cloud provider enables the Disaster Recovery to Cloud service per your contract.
Procedure
1 Click the Configure tab, click vSphere Replication > Target Sites, and click the cloud connection
icon .
The Connect to a Cloud Provider wizard opens.
2 On the Connection settings page, type the address of your cloud provider, the organization name,
and credentials to authenticate with the cloud.
By default, vSphere Replication uses these credentials to establish a user session to the cloud and
for system monitoring purposes. To enable system monitoring, these credentials will be stored in the
vSphere Replication appliance, unless you select to use another user account for system monitoring.
VMware, Inc. 12
vSphere Replication for Disaster Recovery to Cloud
3 (Optional) If you do not want to store the credentials that you used for authentication, select the Use a
different account for system monitoring check box, and type the credentials to be used for system
monitoring.
These credentials are encrypted and stored in the vSphere Replication database.
4 Click Next.
The Connect to a Cloud Provider wizard displays a list of virtual data centers to which you can
connect. If a virtual data center is already connected to the vCenter Server, that data center does not
appear in the list.
5 From the list of virtual data centers, select a target for the connection and click Next.
6 Review your settings and click Finish.
The connection to the cloud organization appears in the list of target sites. The status of the connection is
Missing network settings.
What to do next
Select the networks on the target site that vSphere Replication must use for recovery operations. See
Select Recovery Networks on the Target Virtual Data Center
Select Recovery Networks on the Target Virtual Data Center
To finalize the configuration of a connection to the target site, you must specify the networks that the
Disaster Recovery to Cloud service should use for tests and recovery operations.
When you add a new connection to the cloud, at first it appears in Missing mapping status.
When you subscribe to the Disaster Recovery to Cloud service, VMware automatically creates two default
networks for your service—an isolated network and an external routed network. The Edge Gateway for
the routed network has a public IP address on an external interface so that it is accessible through the
Internet. You can use these networks for your virtual machines protected by the
Disaster Recovery to Cloud service, or create other networks in your cloud organization.
When you run a test recovery, vSphere Replication configures the replicated virtual machine on the target
site to connect to the test network. This lets you access the target virtual machine and verify that it
operates as expected and that data is replicated correctly per your replication settings.
The recovery network is used when you perform planned migrations and recovery operations.
vSphere Replication configures the replicated virtual machine on the target site and connects it to the
recovery network, so that you can have access.
Although you can use the same network for all recovery workflows, a good practice is to run test
recoveries in a separate network.
Note You can configure only one pair of networks for a cloud virtual data center.
VMware, Inc. 13
Loading...