NCD-to-NCD Zerto Replication Tutorial
Zerto Virtual Replication is a hypervisor (or virtual machine monitor)-based replication application that allows you to continuously replicate application data and VM images, as well as system configurations and dependencies, in order to facilitate disaster recovery.
Zerto Virtual Replication replicates vApp containers, and all of the VMs contained within a vApp. If you wish to replicate only a portion of the VMs currently contained in a vApp, you must first create separate vApps – one containing the VMs that you wish to replicate, and another containing the VMs you do not wish to replicate.
Consideration must be provided to other network-related settings and devices to ensure that the appropriate networking is in place to allow VMs that are replicated between data centers to communicate and interact as intended. Migrated network devices do not retain firewall or network address translation (NAT) rules, or access control list (ACL) settings.
When replicating between data centers, consideration must also be provided to assigning new public IP addresses for publicly available services (e.g., web servers, SSH, RDP, etc.). These considerations are not addressed in this article.
This article provides an exercise serving as an introduction to Navisite Cloud Director NCD-to-NCD Replication functionality, including:
- Setting up a primary NCD site in preparation for configuring Zerto NCD-to-NCD Replication
- Setting up secondary disaster recovery (DR) NCD site in preparation for configuring Zerto NCD-to-NCD Replication
- Configuring Zerto NCD-to-NCD replication
- Testing Zerto NCD-to-NCD replication failover
- Performing a final Zerto failover
- Configuring reverse replication
- Configuring a primary virtual Data Center (vDC), with a single vApp containing a single Red Hat® VM, connected to a vDC network
- Configuring the VM to allow Secure Shell (SSH) access via a public IP address
- Configuring a disaster recovery vDC
- Configuring networking at the disaster recovery vDC to allow SSH access to the VM once it is replicated
- Configuring Zerto replication from the primary site to the disaster recovery site
- Testing the replication
- Performing a full failover replication
Logging In
To log into Navisite Cloud Director:- Using a web browser, navigate to https://director.navisite.com. The Login page appears.
- Enter your username and password values at the Login page, and click Sign In.
Note: You must be assigned the Navisite Cloud Director "administrator" role to configure replication.
Upon successful login, the Dashboard page appears.
Creating the Primary vDC
To create a virtual data center within one of the NCD-provided physical data centers:- At the Dashboard page, click VDATACENTERS in the "Assets" section of the navigation bar on the left side of the page to display the vDataCenters page.
- Click +Create vDataCenter. The Create vDataCenter page appears.
- Enter Primary_Zerto_Test_VDC in the "Name" field.
- Select SantaClara01 from the "vCloud" drop-down menu. vClouds are identified by the physical location of the data center.
- Click Next-> to display the Limits and Storage Policies settings.
- Leave all Limits and Storage Policies settings unchanged, and click Finish to create the vDC. When the task completes, the newly created vDC is listed at the vDataCenters page.
Note: You can monitor the progress of the vDC creation by clicking the Recent Tasks icon in the upper right corner of the page.
Creating a vApp and VM in the Primary vDC
To create a virtual application (vApp) within the primary vDC and populate it with a virtual machine (VM):- At the Dashboard page, click VDATACENTERS in the "Assets" section of the navigation bar on the left side of the page to display the vDataCenters page.
- In the "vDataCenters" list, click Primary_Zerto_Test_VDC. The vDataCenter detail page appears.
- At the vDataCenter detail page, scroll down to the "Children" section and click vApps.
- Click +Create vApp. The Create vApp page appears.
- In the "vApp Name" field, enter Zerto_Test_vApp.
- Click Next-> to display the Choose a Template page. The Choose a Template page allows you to select a virtual machine (VM) template for the VM that will populate your new vApp.
- If necessary, click the "Public Templates" tab to view basic provided templates.
- In the template list, scroll down to display the "Red Hat Enterprise Linux 6.5 64-bit" template, and click Select.
- Windows 2003 and higher
- Red Hat Enterprise Linux versions 5 - 7.x
- SUSE Linux Enterprise versions 10 and 11
- Ubuntu 12.04, 12.10, 13.04, 13.10, 14.04, 14.10, 15.04
- CentOS versions 5-6.x
- Oracle Linux versions 5.9-6.6
- Click Next-> to display the Customize Networks page.
- Click Link vDC Network, and select "Primary_Zerto_Test_VDC vDC Net" from the drop-down menu. The vDC network is added to the Customize Networks page list, and designated as a "Linked vDC Network." This attaches the Zerto_Test_vApp directly to the vDC network instead of creating a separate vApp network.
- Click Delete to remove the default "VM Network" vApp network.
- Click Next-> to display the Customize VMs page, which allows you to specify settings for the new VM contained in your vApp. The fields on the Customize VMs page are pre-populated with settings specified by the selected VM template.
- Enter Zerto-Test-VM in the "Name" field.
- Enter Zerto-Test-VM-rh6-5-64 in the "Hostname" field.
- Specify an administrator password by selecting Specify password from the "Admin password" drop-down menu, and entering the desired password in the entry field.
- Click Finish to create the vApp and its VM. When the task completes, the newly created vApp is listed at the vApps page.
- When the vApp creation process is completed, power on your new VM by clicking the Start button at the top of the vApp detail page. Doing so powers on the VMs within the vApp and deploys its network gateways.
Note: The "vCloud" and "vDataCenter" fields are pre-populated with values determined by your vDataCenter settings, and cannot be edited.
Note: This exercise requires reconfiguration of the VM's virtual network interface (VNIC). The following VMs support VNIC reconfiguration:
In addition, the VM should utilize the latest version of VMWare® Tools.
Note: Record your administrator password for later use in this exercise.
Note: You can monitor the progress of the vApp and VM creation by clicking the Recent Tasks icon in the upper right corner of the page.
Note: In order to perform Zerto replication, the VM(s) being replicated must be powered on. Zerto Virtual Replication Applicances (VRAs) require an active I/O stack on each VM in order to access the VM data being synchronized between sites.
Determining Primary Site IP Addresses
In order to assign a public Secure Shell (SSH) behavior to your test VM, you must determine the public IP address assigned to the environment, as well as the IP address of the test VM, as follows:Determining the Primary vDC Public IP Address
To determine the public IP address assigned to the environment:- At the Dashboard page, click VDATACENTERS in the "Assets" section of the navigation bar on the left side of the page to display the vDataCenters page.
- In the "vDataCenters" list, click Primary_Zerto_Test_VDC. The vDataCenter detail page appears.
- At the vDataCenter detail page, scroll down to the "Configuration" section and click Public IPs.
- Note the IP address listed in the "IP Address" column of the "Public IPs" table for later use in this exercise.
Determining the Test VM IP Address
In order to configure the NAT rules for the test VM's public SSH behavior, you must determine the IP address assigned to the VM, as follows:- At the vDataCenter detail page, scroll down to the "Children" section and click vApps.
- In the "vApps" section, click Zerto_Test_vApp. The vApp detail page appears.
- At the vApp detail page, scroll down to the "Children" section and click VMs.
- Note the IP address listed in the "vDC Net IP" column of the "VMs" table for later use in this exercise.
Configuring Primary Site Firewall and NAT Rules for SSH Access
To add the necessary firewall and NAT rules to allow SSH access to the VM at the primary site:- At the Dashboard page, click VDATACENTERS in the "Assets" section of the navigation bar on the left side of the page to display the vDataCenters page.
- In the "vDataCenters" list, click Primary_Zerto_Test_VDC. The vDataCenter detail page appears.
- At the vDataCenter detail page, scroll down to the "Network Services" section and click Firewall.
- Click the "gear" icon in the upper right corner of the "Firewall" section to display the Firewall page.
- Click +Add Rule. The Add Firewall Rule page appears.
- If necessary, select the "Enabled" checkbox to enable the new rule.
- Enter Zerto_SSH_FW_Rule in the "Name" field.
- Select TCP&UDP from the "Protocol" drop-down menu.
- In the "Action" field, select the Allow radio button.
- Select Any from the "Source Suggestions…" drop-down menu. This value is populated in the "Source" field.
- Select SSH from the "Source Port" drop-down menu.
- In the "Destination" field, enter the primary vDC public IP address noted earlier in this exercise.
- Select SSH from the "Destination Port" drop-down menu.
- Click Add Firewall Rule to add the new rule and return to the Firewall page.
- At the Firewall page, click Save.
- Allow NCD to complete the creation of the firewall rule before proceeding.
- Return to the vDataCenter detail page, scroll down to the "Network Services" section and click NAT.
- Click the "gear" icon in the upper right corner of the "NAT" section to display the NAT page.
- At the NAT page, click +Add NAT Rule. The Add NAT Rule page appears.
- If necessary, select the "Enabled" checkbox to enable the new rule.
- In the "Type" field, select the Destination radio button.
- Select TCP&UDP from the "Protocol" drop-down menu.
- Select sa01-internet01 from the "Applied On" drop-down menu. This is the vDC network on which the NAT rule is to be applied.
- In the "Original IP" field, enter the primary vDC public IP address noted earlier in this exercise.
- Select SSH from the "Original Port" drop-down menu.
- In the "Translated IP" field, enter the test VM IP address noted earlier in this exercise.
- Select SSH from the "Translated Port" drop-down menu.
- Click Add NAT Rule to add the new rule and return to the NAT page.
- At the NAT page, click Save.
- Allow NCD to complete the creation of the NAT rule before proceeding.
Note: You can monitor the progress of the firewall rule creation by clicking the Recent Tasks icon in the upper right corner of the page.
Note: You can monitor the progress of the NAT rule creation by clicking the Recent Tasks icon in the upper right corner of the page.
Testing SSH Access to the Test VM
Using a local UNIX-compatible operating system with internet access, enter the following at the command line:ssh root@<public ip>
- The
<public ip>
value is the primary vDC public IP address noted earlier in this exercise. - When prompted for a password, provide the administrator password value specified when creating the test VM earlier in this exercise.
Creating the Disaster Recovery (DR) vDC
To create a disaster recovery virtual data center within another of the NCD-provided physical data centers:- At the Dashboard page, click VDATACENTERS in the "Assets" section of the navigation bar on the left side of the page to display the vDataCenters page.
- Click +Create vDataCenter. The Create vDataCenter page appears.
- Enter DR_Zerto_Test_VDC in the "Name" field.
- Select RedHill01 from the "vCloud" drop-down menu. vClouds are identified by the physical location of the data center.
- Click Next-> to display the Limits and Storage Policies settings.
- Leave all Limits and Storage Policies settings unchanged, and click Finish to create the vDC. When the task completes, the newly created vDC is listed at the vDataCenters page.
Note: You can monitor the progress of the vDC creation by clicking the Recent Tasks icon in the upper right corner of the page.
Determining Disaster Recovery Site IP Addresses
In order to provide Secure Shell (SSH) behavior to your test VM when it is migrated to the disaster recovery (DR) site, you must determine the public IP address assigned to the DR environment, as well as the IP address that will be assigned to the test VM after migration, as follows:Determining the Disaster Recovery vDC Public IP Address
To determine the public IP address assigned to the DR environment:- At the Dashboard page, click VDATACENTERS in the "Assets" section of the navigation bar on the left side of the page to display the vDataCenters page.
- In the "vDataCenters" list, click DR_Zerto_Test_VDC. The vDataCenter detail page appears.
- At the vDataCenter detail page, scroll down to the "Configuration" section and click Public IPs.
- Note the IP address listed in the "IP Address" column of the "Public IPs" table for later use in this exercise.
Determining the Disaster Recovery Test VM IP Address
To determine the IP address that will be assigned the test VM after migration:- At the vDataCenter detail page, scroll down to the "Children" section and click Networks.
- The DR_Zerto_Test_VDC vDC Net IP address is listed in the "Gateway" column of the "Networks" table (
x.x.x.1
).
After migration, the IP of the migrated Zerto_Test_VM will be the first available address following the "Gateway" IP address (x.x.x.2
). Note this IP address for later use in this exercise.
Configuring Firewall and NAT Rules for Migrated VM SSH Access
To add the necessary firewall and NAT rules to allow SSH access to the test VM at the disaster recovery site after migration:- At the Dashboard page, click VDATACENTERS in the "Assets" section of the navigation bar on the left side of the page to display the vDataCenters page.
- In the "vDataCenters" list, click DR_Zerto_Test_VDC. The vDataCenter detail page appears.
- At the vDataCenter detail page, scroll down to the "Network Services" section and click Firewall.
- Click the "gear" icon in the upper right corner of the "Firewall" section to display the Firewall page.
- At the Firewall page, select the "Allow" radio button in the "Default Action" field.
- Click +Add Rule. The Add Firewall Rule page appears.
- If necessary, select the "Enabled" checkbox to enable the new rule.
- Enter Zerto_SSH_FW_Rule in the "Name" field.
- Select TCP&UDP from the "Protocol" drop-down menu.
- In the "Action" field, select the Allow radio button.
- Select Any from the "Source Suggestions…" drop-down menu. This value is populated in the "Source" field.
- Select SSH from the "Source Port" drop-down menu.
- In the "Destination" field, enter the disaster recovery vDC public IP address noted earlier in this exercise.
- Select SSH from the "Destination Port" drop-down menu.
- Click Add Firewall Rule to add the new rule and return to the Firewall page.
- At the Firewall page, click Save.
- Allow NCD to complete the creation of the firewall rule before proceeding.
- Return to the vDataCenter detail page, scroll down to the "Network Services" section and click NAT.
- Click the "gear" icon in the upper right corner of the "NAT" section to display the NAT page.
- At the NAT page, click +Add NAT Rule. The Add NAT Rule page appears.
- If necessary, select the "Enabled" checkbox to enable the new rule.
- In the "Type" field, select the Destination radio button.
- Select TCP&UDP from the "Protocol" drop-down menu.
- Select re01-internet01 from the "Applied On" drop-down menu. This is the disaster recovery vDC network on which the NAT rule is to be applied.
- In the "Original IP" field, enter the disaster recovery vDC public IP address noted earlier in this exercise.
- Select SSH from the "Original Port" drop-down menu.
- In the "Translated IP" field, enter the disaster recovery VM IP address (
x.x.x.2
) noted earlier in this exercise. - Select SSH from the "Translated Port" drop-down menu.
- Click Add NAT Rule to add the new rule and return to the NAT page.
- At the NAT page, click Save.
- Allow NCD to complete the creation of the NAT rule before proceeding.
Note: You can monitor the progress of the firewall rule creation by clicking the Recent Tasks icon in the upper right corner of the page.
Note: You can monitor the progress of the NAT rule creation by clicking the Recent Tasks icon in the upper right corner of the page.
Configuring Zerto Replication
To configure Zerto replication from the primary site to the disaster recovery site:- At the Dashboard page, click NCD SERVICES in the "Services" section of the navigation bar on the left side of the page to display the NCD Services page.
- At the Services page, click NCD-to-NCD Replication to display a list of the vClouds available for replication.
- Click Configure in the row corresponding to the SantaClara01 vCloud. The Zerto Virtual Replication interface opens in a separate browser tab.
Creating a Virtual Protection Group (VPG)
To create a new Zerto Virtual Protection Group:- Click NEW VPG in the upper right corner of the Zerto Virtual Replication interface.
The Create VPG pop-up window appears. - Enter Zerto_Test_vApp in the "VPG Name" field.
- Select the Zerto_Test_vApp radio button in the "unprotected VMs" table.
- From the "Recovery Site" drop-down menu, select RedHill01 to specify the datacenter to which the selected vApp is to be replicated.
- Select DR_Zerto_Test_VDC from the "Org vDC" drop-down menu.
- Select 15 Minute RPO from the "Service Profile" drop-down menu.
- Click Save to save your configuration. A "Zerto_Test_vApp" entry appears in the VPG list on the "VPGs" tab.
- Allow Zerto to create and initialize the new VPG (progress can be monitored in the "State" column of the "Zerto_Test_vApp" list entry). Zerto initializes the VPG and creates a representation of the protected vApp at the disaster recovery site. When initialization completes, the "Protection Status" column indicates "Meeting SLA" (Service Level Agreement).
Configuring Replication
To configure your Zerto VPG to replicate between your primary and disaster recovery sites, and statically assign the IP of the disaster recovery test VM when it is migrated to the disaster recovery site:Note: This procedure also configures the VPG to allow reverse replication. If the primary site is failed over or moved to the disaster recovery site (becoming the primary site), Zerto can then be instructed to replicate back to the original site (becoming the disaster recovery site).
- In the Zerto Virtual Replication interface, select the "VPGs" tab.
- Click Zerto_Test_vApp in the "VPG Name" column. The "VPG: Zerto_Test_vApp" tab appears.
- Click EDIT VPG in the upper right corner of the "VPG: Zerto_Test_vApp" tab. The Edit VPG pop-up window appears.
- Click REPLICATION at the top of the Edit VPG pop-up window to display the VPG's replication settings.
- Select DR_Zerto_Test_VDC from the "Recovery Org vDC" drop-down menu.
- Click RECOVERY at the top of the Edit VPG pop-up window to display the VPG's recovery settings.
- Select the "vCD Guest Customization" checkbox to enable guest OS customization.
- Select
DR_Zerto_Test_VDC vDC Net
from the "Failover/Move Network" drop-down menu.
- Select DR_Zerto_Test_VDC vDC Net from the "Failover Test Network" drop-down menu.
- Click NICs at the top of the Edit VPG pop-up window to display the VPG's NIC settings for the VM included in the VPG.
- In the "Views:" box in the upper right corner of the pop-up window, click FAILOVER/MOVE.
- Select the checkbox for the Zerto-Test-VM in the list.
- Click EDIT SELECTED in the upper right corner of the pop-up window. The Edit vNIC pop-up window appears.
- Select Static – IP Pool from the "vNIC IP Mode" drop-down menus in the "Failover/Move" and "Test" columns in the pop-up window.
- In the "IP Address" fields in the "Failover/Move" and "Test" columns, enter the disaster recovery VM IP address (
x.x.x.2
) noted earlier in this exercise. - Click OK to save the vNIC configuration and return to the Edit VPG pop-up window.
- Click DONE to save your VPG configuration and return to the "VPG: Zerto_Test_vApp" tab.
Performing Failover Testing
A failover test confirms the ability of Zerto to successfully replicate your primary site to your disaster recovery site.Note: During a failover test, both sites are online and operational simultaneously. This is not problematic for the purpose of this exercise, but you should be aware of this aspect of the failover test in the event that it could cause problems in your implementation.
To perform the failover test:
- In the Zerto Virtual Replication interface, select the "VPGs" tab.
- Click Zerto_Test_vApp in the "VPG Name" column. The "VPG: Zerto_Test_vApp" tab appears.
- If necessary, move the "Failover" selector in the lower right corner of the tab to "Test."
- Click Failover. The Failover Test pop-up window appears in "SELECT VPGs" mode.
- Click Next. The Failover Test pop-up window proceeds to "EXECUTION PARAMETERS" mode.
- Click Next. The Failover Test pop-up window proceeds to "FAILOVER TEST" mode.
- Click START FAILOVER TEST to return to the "VPG: Zerto_Test_vApp" tab. A "Failover test" indicator appears at the bottom of the tab.
- When the "RUNNING TASKS" list displays a "Failover test" indicator along with a red "ABORT" button, test SSH access to the disaster recovery and primary test VMs as follows:
- To test SSH access to the disaster recovery test VM:
Using a local UNIX-compatible operating system with internet access, enter the following at the command line:
ssh root@<public ip>
- The
<public ip>
value is the disaster recovery vDC public IP address determined earlier in this exercise. - When prompted for a password, provide the administrator password value specified when creating the test VM earlier in this exercise.
- The
- To test SSH access to the primary test VM:
Using a local UNIX-compatible operating system with internet access, enter the following at the command line:
ssh root@<public ip>
- The
<public ip>
value is the primary vDC public IP address determined earlier in this exercise. - When prompted for a password, provide the administrator password value specified when creating the test VM earlier in this exercise.
- The
- To test SSH access to the disaster recovery test VM:
- After testing SSH access to the disaster recovery and primary test VMs, return to the "VPG: Zerto_Test_vApp" tab and click the red "STOP" button displayed with the "Failover test" indicator in the "RUNNING TASKS" list.
- Click Stop to stop the failover test and return to the "VPG: Zerto_Test_vApp" tab. A "Stopping Failover test" indicator appears in the "RUNNING TASKS" list.
- Allow the failover test to completely stop before proceeding to the next section of this exercise.
The Stop Test pop-up window appears.
Performing a Full Failover
To perform a full failover:- In the Zerto Virtual Replication interface, select the "VPGs" tab.
- Click Zerto_Test_vApp in the "VPG Name" column. The "VPG: Zerto_Test_vApp" tab appears.
- Move the "Failover" selector in the lower right corner of the tab to "Live."
- Click Failover. The Failover pop-up window appears in "SELECT VPGs" mode.
- Click Next. The Failover pop-up window proceeds to "EXECUTION PARAMETERS" mode.
- Click the "pencil" icon in the "Commit Policy" column.
- If necessary, select Auto-Commit from the resulting drop-down menu.
- Enter 2 in the "After _ Min" field. This allows 2 minutes to test the failover before it becomes permanent – within this 2 minute limit you have the option to roll back the failover if you find problems during testing.
- Click the "pencil" icon in the "VM Shutdown" column.
- Select No from the resulting drop-down menu.
- Leave the setting in the "Checkpoint" column at its default value (the latest available checkpoint).
- Click the "pencil" icon in the "Reverse Protection" column, and select the resulting checkbox. This setting allows Zerto to reverse replication to the current primary site once a failover to the current disaster recovery site is performed.
- Click Next. The Failover pop-up window proceeds to "FAILOVER" mode.
- Click START FAILOVER to initiate the failover and return to the "VPG: Zerto_Test_vApp" tab. A "Failing Over" message displays in the "RUNNING TASKS" list.
- Allow the failover to automatically commit before proceeding to the next section. To commit the failover immediately, click the check mark to the right of the "Failing Over" message in the "RUNNING TASKS" list. To roll back the failover, click the circular arrow icon to the right of the message.
Note: If you select Auto-Rollback from the drop-down menu, Zerto does not provide the option to enable reverse protection.
Note: In your implementation, you may wish to select an earlier checkpoint – for example to restore your environment to a point in time prior to a virus issue. To select a checkpoint, click the Date link in the "Checkpoint" column and set the value using the Zerto_Test_vApp: Checkpoints pop-up window.
Note: If reverse protection is not enabled, once a failover is committed, Zerto indicates that you are not meeting your SLA and provides multiple notifications that you should configure Zerto . Without reverse replication, no disaster recovery site is available if the new primary site fails.
Testing Your Full Failover
Once your failover is fully committed, test SSH access to the disaster recovery and primary test VMs as follows:Note: Following a full failover, SSH access to the former primary (new disaster recovery) site should NOT be successful.
Testing SSH Access to the Disaster Recovery Site
To test SSH access to the disaster recovery (new primary) site:Using a local UNIX-compatible operating system with internet access, enter the following at the command line:
ssh root@<public ip>
- The
<public ip>
value is the disaster recovery vDC public IP address noted earlier in this exercise. - When prompted for a password, provide the administrator password value specified when creating the test VM earlier in this exercise.
Testing SSH Access to the Primary Site
To test SSH access to the primary (new disaster recovery) site:Using a local UNIX-compatible operating system with internet access, enter the following at the command line:
ssh root@<public ip>
- The
<public ip>
value is the primary vDC public IP address noted earlier in this exercise.
Related Documentation
Refer to the following Zerto documentation for details on configuring Zerto Virtual Replication:- Zerto Virtual Replication Requirements
- Zerto Virtual Replication Installation Guide
- Zerto Virtual Replication: Enterprise Quick Reference
- Zerto Virtual Replication: Zerto Virtual Manager Administration Guide (Chapters 6-13)
- Zerto Cloud Manager Administration Guide