NCD – Customer-to-NCD Zerto Replication Tutorial
Zerto Virtual Replication allows you to automatically and continuously replicate application data and virtual machine (VM) images, as well as system configurations and dependencies, in order to facilitate disaster recovery.
Customer-to-NCD ZVR replicates an on-premise vCenter's VMs contained within defined Virtual Protection Groups (VPGs) to dedicated disaster recovery virtual applications (vApps) within NCD. ZVR can also be configured to replicate or move VMs from a Navisite Cloud Director environment to an on-premise customer site, if desired.
Note: If you wish to replicate only a portion of resources contained in a disaster recovery vApp from an NCD site to an on-premise customer site, you must first create separate vApps – one containing the VMs that you wish to replicate, and another containing the VMs you do not wish to replicate.
Consideration must be provided to other network-related settings and devices to ensure that the appropriate networking is in place to allow replicated VMs to communicate and interact as intended. Migrated network devices do not retain firewall or network address translation (NAT) rules, or access control list (ACL) settings.
When replicating between sites, consideration must also be provided to assigning new public IP addresses for publicly available services (e.g., web servers, SSH, RDP, etc.). These considerations are not addressed in this article.
Overview
This article provides examples and exercises serving as an introduction to Navisite Cloud Director Customer-to-NCD Replication functionality, including setup details and procedures necessary for:- Configuring on-premise customer site networking
- Configuring a Zerto Virtual Manager (ZVM) service at the on-premise customer site
- Creating an example customer site VM to be replicated
- Configuring Navisite Cloud Director (NCD) in order to support Zerto replication
- Connecting the NCD and on-premise customer sites
- Pairing the NCD and on-premise customer sites
- Configuring and testing Zerto replication between the sites
- A customer vCenter configuration, including a vCenter, ESXi Hosts and a ZVM that are on separate management (10.10.1.0/24) and replication (192.168.20.0/24) networks
- An NCD configuration, including a vCenter, ESXi Hosts, a ZCC and a ZVM that are on separate management (172.16.0.0/24) and replication(10.10.20.0/24) networks
- A virtual private network (VPN) connection between the customer replication network (192.168.20.0/24) and the NCD replication network (10.10.20.0/24)
Note: The IP addresses included in the following diagram are included for example purposes only, and are used as examples throughout this article. Your NCD data center and vCenter IP addressing schemes and implementations may vary. You should substitute the actual IP addresses for your implementations appropriately when performing your configuration.
Customer Site Setup
The on-premise customer site setup for the exercises detailed in this article includes:- Configuring on-premise customer site networking
- Configuring a Zerto Virtual Manager (ZVM) service at the on-premise customer site
- Creating a test VM within the on-premise customer site vCenter
Customer Site Networking Requirements
Zerto Virtual Replication disaster recovery protection between your on-premise virtual environment (VE) and your Navisite Cloud Director environment requires separate Management and Replication networks on both the customer and NCD sites, as illustrated (in red) in the previous diagram.The customer site Replication network is a separate virtual network within your vCenter environment that is used for Zerto replication-related network traffic. The customer site Replication network provides…
- a dedicated network for Zerto related replication.
- isolation of the Management network from Zerto-related traffic and bandwidth usage.
- a Zerto-specific VPN termination point for Customer-to-NCD networking.
Configuring a Customer Site ZVM
The Zerto Virtual Manager (ZVM) is a management and control console Windows® service that runs on a Microsoft® Windows virtual machine (VM) within a vCenter environment. The ZVM manages everything required for replication between the on-premise protected (customer site) and recovery (Navisite Cloud Director) sites, except for the actual replication of data.The ZVM interacts with vCenter Server to get VM, disk, network, and host inventory. The ZVM also monitors changes in the environment and reflects them accordingly (moving a protected VM between hosts, for example).
In order for a customer site to be able to pair with an NCD site for disaster recovery, a single ZVM must be installed and configured at each site managed by a vCenter Server.
Notes: A ZVM is pre-configured on the Navisite Cloud Director recovery site.
A single ZVM can manage (protect and recover) up to 5,000 VMs per vCenter instance.
Because the ZVM interacts both with the vCenter and other Zerto components, the Windows VM that is used to host the ZVM service must be configured to communicate on both the Management and Zerto Replication networks within the customer vCenter.
Recommended VM Specifications for the Customer Site ZVM
The recommended specifications for the VM used to host the ZVM service are:- Windows Server® 2008
- 100 GB disk storage
- 2 CPUs
- 4 GB RAM
- 2 NICs
- NIC0 – configured for a static IP on the vCenter Management network
- NIC1 – configured for a static IP on the Zerto Replication network
- Route table updated to allow bidirectional network traffic on both Management and Replication networks
Installing the ZVM Service
To install the ZVM service on your Windows VM:- Open a console session to the VM.
- In the console session, open a web browser and navigate to:
https://navisite.uservoice.com/knowledgebase/articles/360319
- Locate and click the Click here to download the ZVM package link to download a .zip file containing the ZVM installation media.
- When the ZVM download is complete, extract the files to the VM's local disk drive.
- When the file extraction is complete, locate and double-click the Zerto Virtual Replication Installer.exe file to perform an express installation.
- When the installer prompts you for vCenter Server information, provide the following:
- IP/Hostname – the IP address or host name of the on-premise customer site vCenter Server
- Username – the name of an administrator user account within vCenter (in username or domain\username format)
- Password – the password for the provided username
- Site Name – a name to identify the Zerto ZVM site. Your Navisite Cloud Director Organization name is recommended; this helps to identify the replication site for alerting purposes, and differentiate between other replication customer sites.
Creating a Test VM at the On-Premise Customer Site
In order to perform the exercises detailed in this article, create a virtual machine (VM) within the on-premise customer site vCenter. This VM is to be replicated to the NCD site.Note: The exercises included in this article require reconfiguration of the VM's virtual network interface (VNIC). The following VMs support VNIC reconfiguration:
In addition, the VM should utilize the latest version of VMWare® Tools.
- Windows 2008 and higher
- Red Hat Enterprise Linux versions 5 - 7.x
- SUSE Linux Enterprise versions 10 and 11
- Ubuntu 12.04, 12.10, 13.04, 13.10, 14.04, 14.10, 15.04
- CentOS versions 5-6.x
- Oracle Linux versions 5.9-6.6
To create the test VM:
- Log into your on-premise vCenter environment and create a Red Hat Enterprise Linux version 5 - 7.x VM named ZertoTestVm.
- Note the administrator password value configured for the VM for later use.
- Power on the new VM.
Note: In order to perform Zerto replication, the VM(s) being replicated must be powered on. Zerto Virtual Replication Appliances (VRAs) require an active I/O stack on each VM in order to access the VM data being synchronized between sites.
Navisite Cloud Director Site Setup
The Navisite Cloud Director site setup for the exercises detailed in this article includes:- Creating a virtual data center (vDC) within an NCD-provided physical data center to serve as a Zerto recovery site
- Creating a vDC network and defining its gateway IP address
- Configuring the necessary firewall and NAT rules to allow SSH access to the replicated VM
- Requesting the Customer-to-NCD replication service
Logging In
To log into Navisite Cloud Director:- Using a web browser, navigate to https://proximity.navisite.com. The Login page appears.
- Enter your username and password values at the Login page, and click Sign in.
Note: You must be assigned the Navisite Cloud Director "administrator" role to configure replication.
Upon successful login, the Dashboard page appears.
Configuring a Navisite Cloud Director Zerto Disaster Recovery Site
Configure a Zerto recovery site by creating a virtual data center (vDC) within an NCD-provided physical data center, and creating a vDC network with a specified gateway IP address.Creating a Virtual Data Center (vDC)
To create a virtual data center within one of the NCD-provided physical data centers to serve as a Zerto disaster recovery site:- At the NCD Dashboard page, click VDATACENTERS in the "Assets" section of the navigation bar on the left side of the page to display the vDataCenters page.
- Click +Create vDataCenter. The Create vDataCenter page appears.
- Enter a name for the new vDC in the "Name" field (example: Cust-NCD-Zerto-Test).
- Select a data center from the "vCloud" drop-down menu (example: SantaClara01). vClouds are identified by the physical location of the data center.
- Click Next-> to display the Limits and Storage Policies settings.
- Leave all Limits and Storage Policies settings unchanged, and click Finish to create the vDC. When the task completes, the newly created vDC is listed at the vDataCenters page.
Note: You can monitor the progress of the vDC creation by clicking the Recent Tasks icon in the upper right corner of the page.
Creating a vDC Network
To create a vDC network with a specified gateway IP address:- At the NCD Dashboard page, click VDATACENTERS in the "Assets" section of the navigation bar on the left side of the page to display the vDataCenters page.
- In the "vDataCenters" list, click the name of the newly created vDC (example: Cust-NCD-Zerto-Test). The vDataCenter detail page appears.
- At the vDataCenter detail page, scroll down to the "Children" section and click Networks.
- In the "Networks" list, click Delete to remove the default vDC network (example: Cust-NCD-Zerto-Test vDC Net). Allow Navisite Cloud Director to complete the operation before proceeding.
- Click +Create vDC Network. The Create vDC Network page appears.
- In the "Name" field, enter a name for the vDC network (example: Cust-NCD-Zerto-Test vDC Net).
- In the "Gateway Address" field, enter the Edge Gateway IP address (example: 10.10.20.1) for the NCD Replication network.
- Leave the "Connection" field setting its default value (example: Cust-NCD-Zerto-Test Edge).
- Click Create vDC Network.
- Allow NCD to complete the creation of the vDC network before proceeding.
Note: You can monitor the progress of the vDC network deletion by clicking the Recent Tasks icon in the upper right corner of the page.
Note: You can monitor the progress of the vDC network creation by clicking the Recent Tasks icon in the upper right corner of the page.
Determining the vDC Public IP Address
To determine the public IP address assigned to the environment:- At the NCD Dashboard page, click VDATACENTERS in the "Assets" section of the navigation bar on the left side of the page to display the vDataCenters page.
- In the "vDataCenters" list, click the name of the newly created vDC (example: Cust-NCD-Zerto-Test). The vDataCenter detail page appears.
- At the vDataCenter detail page, scroll down to the "Configuration" section and click Public IPs.
- Note the IP address listed in the "IP Address" column of the "Public IPs" table for later use.
Configuring Firewall and NAT Rules for SSH Access
To add the necessary firewall and NAT rules to allow SSH access to the replicated VMs following disaster recovery:- At the NCD Dashboard page, click VDATACENTERS in the "Assets" section of the navigation bar on the left side of the page to display the vDataCenters page.
- In the "vDataCenters" list, click the name of the newly created vDC (example: Cust-NCD-Zerto-Test). The vDataCenter detail page appears.
- At the vDataCenter detail page, scroll down to the "Network Services" section and click Firewall.
- Click the "gear" icon in the upper right corner of the "Firewall" section to display the Firewall page.
- Click +Add Rule. The Add Firewall Rule page appears.
- If necessary, select the "Enabled" checkbox to enable the new rule.
- Enter a name for the firewall rule in the "Name" field (example: Zerto_SSH_FW_Rule).
- Select TCP & UDP from the "Protocol" drop-down menu.
- In the "Action" field, select the Allow radio button.
- Select Any from the "Source Suggestions…" drop-down menu. This value is populated in the "Source" field.
- Select SSH (port 22) from the "Source Port" drop-down menu.
- In the "Destination" field, enter the vDC public IP address for the new vDC, as noted previously in this article.
- Select SSH (port 22) from the "Destination Port" drop-down menu.
- Click Add Firewall Rule to add the new rule and return to the Firewall page.
- At the Firewall page, click Save.
- Allow NCD to complete the creation of the firewall rule before proceeding.
- Return to the vDataCenter detail page, scroll down to the "Network Services" section and click NAT.
- Click the "gear" icon in the upper right corner of the "NAT" section to display the NAT page.
- At the NAT page, click +Add NAT Rule. The Add NAT Rule page appears.
- If necessary, select the "Enabled" checkbox to enable the new rule.
- In the "Type" field, select the Destination radio button.
- Select TCP&UDP from the "Protocol" drop-down menu.
- From the "Applied On" drop-down menu, select the name of the vDC data center external (internet-facing) network on which the NAT rule is to be applied (example: sa01-internet01).
- In the "Original IP" field, enter the vDC public IP address for the new vDC, as noted previously in this article.
- Select SSH (port 22) from the "Original Port" drop-down menu.
- In the "Translated IP" field, enter the IP address for the recovered resource (for the example exercise included in this article, the test VM is assigned 10.10.20.100 following replication).
- Select SSH (port 22) from the "Translated Port" drop-down menu.
- Click Add NAT Rule to add the new rule and return to the NAT page.
- At the NAT page, click Save.
- Allow NCD to complete the creation of the NAT rule before proceeding.
Note: You can monitor the progress of the firewall rule creation by clicking the Recent Tasks icon in the upper right corner of the page.
Note: You can monitor the progress of the NAT rule creation by clicking the Recent Tasks icon in the upper right corner of the page.
Requesting Zerto Replication Service
Request Customer-to-NCD replication service as follows:- At the NCD Dashboard page, click NCD SERVICES in the "Services" section of the navigation bar on the left side of the page to display the NCD Services page.
- At the Services page, click Customer-to-NCD Replication to display the "Customer-to-NCD Replication" section.
- Click Request access in the row corresponding to the vCloud instance to which you wish to replicate (example: SantaClara01). The Request Customer-to-NCD Replication Access pop-up window appears.
- From the "VPN vDC Network" drop-down menu, select an internet-connected vDC network through which replication traffic will flow via a VPN connection (example: Cust-NCD-Zerto-Test vDC Net).
- Use the arrows and drop-down menu in the "Storage Needs" field to provide an estimate of how much storage will be replicated to Navisite Cloud Director. This estimate should be equal to the average size of the VMs to be replicated multiplied by the number of VMs to be replicated. This estimate does not need to be precise. Available units of measurement include gigabytes (GB) and terabytes (TB).
- Click Send request.
- Creating a Zerto Cloud Connector (ZCC) appliance at the NCD site, which will be assigned an unused IP on the vDC network specified in the service request.
- Providing access to the Zerto Virtual Replication Manager (ZVM) appliance at the NCD site via the newly created ZCC appliance.
Note: Review the listed prerequisites for the service.
Notes: To avoid conflicts with existing IPs or network configurations, it is recommended that you select a network that will be used solely for Zerto replication, and that is not used for non-replication purposes prior or subsequent to this configuration.
The provided VPN vDC Network must be an Org Network routed by your Org Edge Gateway; it will be connected via VPN to your on-premise virtual environment (VE).
Upon receiving your access request, NaviSite configures all necessary replication services in NCD, including:
Once NaviSite completes the tasks related to the access request, the table in the Customer-to-NCD Replication section of the Services page displays the name of the VPN vDC Network. In addition, you will receive an email indicating that the replication request was completed. This email contains the IP address to be used when pairing the customer and NCD sites – note this IP address for later use.
VPN Setup
After configuring the on-premise customer and NCD sites, establish a VPN connection between the replication networks at each site, add a static network route, and test the connection.Configuring the Navisite Cloud Director VPN Connection to Your On-Premise vCenter Environment
To create the dedicated VPN connection between the NCD Replication network and your on-premise Replication network's Edge Gateway:- Log into Navisite Cloud Director. The Dashboard page appears.
- Click VDATACENTERS in the "Assets" section of the navigation pane at the left side of the page. The vDataCenters page appears, displaying a list of your vDCs.
- Click the name of the desired vDC in the "Name" column of the vDC list (example: Cust-NCD-Zerto-Test). The vDataCenter detail page appears.
- At the vDataCenter detail page, scroll down to the "Network Services" section and click VPN.
- Click +Create VPN beneath the "Third Party VPNs" heading to create a new VPN connection. The Create VPN page appears.
- In the "Local site" section, configure the NCD-specific VPN configuration settings:
- ID (IKE ID) – the external (public) IP address of the NCD site Replication network's Edge Gateway (example: 213.35.6.127), as noted previously in this article.
- Link Networks – select the checkbox corresponding to the NCD site Replication network to be made available using this VPN connection (example: Cust-NCD-Zerto-Test vDC Net).
- In the "Peer site" section, define your on-premise VPN configuration settings:
- IP Address – the publicly-accessible IP address of your on-premise Replication network's Edge Gateway (example: 207.127.97.73).
- Link Networks – the on-premise Replication network to be connected using the VPN, in Classless Inter-Domain Routing (CIDR) notation (example: 192.168.20.0/24).
Note: The routing prefix specification for the provided on-premise network address must match that of the connected vDC network address in order for the VPN to function.
- Specify the remaining VPN settings:
- Name – a descriptive name for the VPN connection. This value displays prominently in NCD.
- Enabled – select the "Enabled" checkbox to enable the VPN connection.
- Encryption – the encryption protocol to be applied to the connection.
Note: The selected encryption protocol must also be used when configuring the VPN connection at the on-premise site. Note this selection for later use.
- Shared Key – a 32-to-128-character alphanumeric string that is specified identically at both sites for authentication. This must include at least one uppercase letter, one lowercase letter, and one number.
Note: Shared key mismatches are a common error encountered when configuring VPN connections, and are normally logged as "psk mismatch" errors. Remember to verify the Shared Key value when troubleshooting a VPN connection.
If you continue to encounter shared key mismatch errors after verifying the Shared Key value, it can be helpful to disable and re-enable the VPN to re-authenticate the key.
Note this value for use during the on-premise site VPN setup. - MTU – the maximum transmission unit (MTU), defining the size of the largest allowable packet size for the VPN connection, in bytes.
Note: It is recommended that this value be set to the default value of 1500. Note this selection for use during the on-premise site VPN setup.
- Firewall Rules – allow Navisite Cloud Director to configure the firewall rules necessary to accommodate the VPN connection by selecting the Configure local firewall to allow traffic to/from peer networks radio button.
- Click Create VPN to create the VPN connection. Allow NCD to complete the creation of the VPN connection before proceeding.
On the Create VPN page, the "Local site" section (on the left side of the page) offers VPN configuration options for the NCD side of the VPN connection, and the "Peer site" section (on the right side of the page) offers configuration options for your on-premise Replication network.
Configuring Your On-Premise vCenter Environment VPN Connection to Navisite Cloud Director
To configure the VPN connection between your on-premise Replication network's Edge Gateway and the NCD Replication network:- Log into your vCenter environment.
- Navigate to your on-premise Replication network's Edge Gateway device.
- Configure the VPN connection using the following settings:
- Local Network – the on-premise Replication network to be made available using the VPN, in Classless Inter-Domain Routing (CIDR) notation (example: 192.168.20.0/24).
- Peer Network – the NCD site Replication network to be connected using this VPN connection, in Classless Inter-Domain Routing (CIDR) notation (example: 10.10.20.0/24).
- Local ID – the publicly-accessible IP address of your on-premise Replication network's Edge Gateway (example: 207.127.97.73).
- Peer ID and Peer IP – the external (public) IP address of the NCD site Replication network's Edge Gateway (example: 213.35.6.127).
- Encryption – the encryption protocol to be applied to the connection.
Note: This value should match the encryption protocol setting for the VPN connection at the NCD site.
- MTU – the maximum transmission unit (MTU), defining the size of the largest allowable packet size for the VPN connection, in bytes.
Note: This value should match the MTU setting for the VPN connection at the NCD site. It is recommended that this value be set to the default value of 1500.
- Shared Key – a 32-to-128-character alphanumeric string that is specified identically at both sites for authentication. This must include at least one uppercase letter, one lowercase letter, and one number. This value must match the shared key value setting for the VPN connection at the Navisite Cloud Director site.
Note: Shared key mismatches are a common error encountered when configuring VPN connections, and are normally logged as "psk mismatch" errors. Remember to verify the Shared Key value when troubleshooting a VPN connection.
If you continue to encounter shared key mismatch errors after verifying the Shared Key value, it can be helpful to disable and re-enable the VPN to re-authenticate the key.
On-Premise Device Configuration
Below are Navisite Cloud Director Edge Gateway settings that must be matched when configuring on-premise devices (firewall or other VPN endpoint) at your on-premise ("peer site") connection to the VPN being added. If these settings are not matched exactly, the VPN connection will not function.Important: You should verify that these settings are correctly configured, and remember to consider them when troubleshooting a VPN connection.
IKE Phase 1 Parameters
- Main mode
- AES/ AES 256 Preferred/ TripleDES /
- SHA-1
- MODP (DH) group 2 (MODP1024 bits)
- pre-shared secret [Configurable]
- SA lifetime of 28800 seconds (eight hours) with no kbytes rekeying
- ISAKMP aggressive mode disabled
IKE Phase 2 Parameters
- AES/ AES 256 Preferred/ TripleDES /
- SHA-1
- ESP tunnel mode
- Perfect forward secrecy for rekeying
- MODP (DH) group 2 (MODP1024 bits)
- SA lifetime of 3600 seconds (one hour) with no kbytes rekeying
- Selectors for all IP protocols, all ports, between the two networks, using IPv4 subnets
Note: Perfect forward secrecy (PFS) must be enabled.
Configuring VM Routing
In order for your on-premise ZVM VM to be able to communicate with the NCD Replication network using the configured VPN connection, a static network route must be added for the Replication network that is attached to the VM using NIC1.The following diagram illustrates an example customer site vCenter configuration with…
- An isolated vCenter Management network (10.10.1.0/24)
- An isolated Zerto Replication network (192.168.20.0/24)
- A Windows ZVM VM that is on both the Management and Replication networks, configured with IPs 10.10.1.100 and 192.168.20.8 respectively
Note: The IP addresses shown in the following illustration are included for example purposes only. Your data center's IP addressing scheme and implementation may vary.
To add a static network route for the Replication network that is attached to the ZVM VM using NIC1, as illustrated above:
- Open a console session to the VM.
- In the console session, open a command prompt window.
- In the command prompt window, enter the following command to create a static network route to the Replication network's Edge Gateway (example: 192.168.20.1):
route add 10.10.20.0 mask 255.255.255.0 192.168.20.1 metric 6
Note: The IP addresses included in these steps correspond to the above illustration, and are for example purposes only. Your data center's IP addressing scheme and implementation may vary. You should substitute the actual IP addresses for your data center appropriately when adding the static route.
Testing the VPN Connection
Test the VPN connection by executing a continuous ping request from the on-premise Windows VM hosting the ZVM service to the gateway of the Navisite Cloud Director Replication network.Note: In order to perform this test, you may need to configure the on-premise Windows VM hosting the ZVM service to allow ICMP (ping) traffic through the Windows firewall.
To perform the test:
- Open a console session to the VM.
- In the console session, click the Windows Start button, enter cmd in the "Search programs and files" field, and press Enter. A Command window appears.
- In the Command window, type the following and press Enter:
ping [NCD Replication network gateway IP address] –t
Example NCD Replication network gateway IP address: 10.10.20.1
If the settings are correct at each end of the VPN connection, the ping succeeds.
Pairing Your On-Premise and Navisite Cloud Director Sites
To pair your on-premise and NCD sites:- Log into the ZVM service hosted at your on-premise Windows VM. To do so:
- Open a console session to the VM.
- In the console session, open a web browser and navigate to:
https://localhost:9669
The Zerto Virtual Manager Web Client Login window appears.
- Log into the ZVM service using the username and password specified during ZVM installation.
- From any machine residing on your on-premise Management network, open a web browser and navigate to:
https://[ZVM Management network IP]:9669
The Zerto Virtual Manager Web Client Login window appears. - Log into the ZVM service using the username and password specified during ZVM installation.
Upon successful login, the Zerto Virtual Manager Web Client License window appears.
- Select the Pair to a site with a license radio button.
- In the "Site Address" field, enter the pairing IP address provided in the email received from NaviSite following the NCD replication request.
- Click Start. The Zerto Virtual Manager window appears with the "DASHBOARD" tab displayed.
Installing Virtual Replication Appliances (VRAs) at Your On-Premise Site
- In the Zerto Virtual Manager window, select the "SETUP" tab.
- At the "SETUP" tab, select the "VRAs" box at the upper left side of the tab.
- Click NEW VRA at the upper right side of the tab. The Configure and Install VRA pop-up window appears.
- From the "Host" drop-down menu, select the ESX/ESXi host on which the VRA is to be installed.
- In the "Host Root Password" field, specify the root password for the ESX/ESXi host on which the VRA is to be installed.
- From the "Datastore" drop-down menu, select a datastore to be used by the VRA to mirror replicated VMs and for journaling activities.
- From the "Network" drop-down menu, select the on-premise Replication network to be used to access the VRA.
- In the "VRA RAM" field, enter the amount of RAM to be allocated to the VRA.
Note: It is recommended that the "VRA RAM" field value be set to 3GB, unless there are resource constraints on the ESX/ESXi hosts.
- If necessary, select default_group from the "VRA Group" drop-down menu.
- Select Static from the "Configuration" drop-down menu.
- In the "Address" field, enter the desired VRA IP address (example: 192.168.20.10).
Note: The VRA IP address should be set to an available IP address on the on-premise Zerto Replication network.
- In the "Subnet Mask" field, enter the on-premise Zerto Replication network's subnet mask (example: 255.255.255.0).
- In the "Default Gateway" field, enter the IP address for the on-premise Zerto Replication network's default gateway.
- Click Install to install the VRA.
- Repeat Steps 3-14 until a VRA has been installed on each available ESX/ESXi host.
Troubleshooting VRA Installation
If you encounter problems during VRA installation, refer to the following:ZVM to ESXi Host Connection
If the VRA install fails, verify that network connectivity exists between the ZVM and the ESXi host(s). If the ESXi hosts are identified within the ZVM by their hostname, it should be possible to resolve the ESXi hostname on your ZVM VM (DNS and/or host settings may be necessary to allow the ESXi hostname to resolve).ESXi Host Root Password
If the VRA installation fails, attempt to log into the ESXs host(s) directly to ensure that the correct password for the root account is being used.More Information
More information on the status of the VRA installation can be found by logging into your vCenter instance using a vSphere web client connection and displaying task information.Configuring Zerto Replication Between Your On-Premise and Navisite Cloud Director Sites
This section provides an exercise serving as an introduction to the following Navisite Cloud Director Customer-to-NCD Replication configuration tasks:- Configuring a Zerto Virtual Protection Group (VPG) to be used to recover resources to the NCD site
- Testing the failover replication
- Performing a full failover replication
Creating a Virtual Protection Group (VPG)
- Log into the ZVM service hosted at your on-premise Windows VM. To do so:
- Open a console session to the VM.
- In the console session, open a web browser and navigate to:
https://localhost:9669
The Zerto Virtual Manager Web Client Login window appears.
- Log into the ZVM service using the username and password specified during ZVM installation.
- From any machine residing on your on-premise Management network, open a web browser and navigate to:
https://[ZVM Management network IP]:9669
The Zerto Virtual Manager Web Client Login window appears. - Log into the ZVM service using the username and password specified during ZVM installation.
Upon successful login, the Zerto Virtual Manager Web Client appears with the "DASHBOARD" tab displayed.
- Select the "VPGs" tab.
- Click NEW VPG in the upper right corner of the page. The Create VPG pop-up window appears in "NEW VPG" mode.
- In the "VPG Name" field, enter ZertoTestVpg.
- Leave the "Priority" field setting at Medium.
- Click NEXT. The Create VPG pop-up window proceeds to "VMs" mode.
- In the "Unprotected VMs" list, locate and select the checkbox for the ZertoTestVm VM.
Note: You can add multiple VMs to your VPG by selecting their checkboxes from the "Unprotected VMs" list.
- Click the Right Arrow button between the lists to move the selected VM to the "Selected VMs" list.
- Click NEXT. The Create VPG pop-up window proceeds to "REPLICATION" mode.
- Select the SantaClara01 vDC from the "Recovery Site" drop-down menu.
- Select Cust-NCD-Zerto-Test from the "Recovery Org vDC" drop-down menu.
- Select 15 Minute RPO from the "Service Profile" drop-down menu.
- Click NEXT. The Create VPG pop-up window proceeds to "STORAGE" mode.
- If necessary, select the "Thin" checkbox in the ZertoTestVm row in the list.
- Click NEXT. The Create VPG pop-up window proceeds to "RECOVERY" mode.
- If necessary, select the "vCD Guest Customization" checkbox.
- Select Cust-NCD-Zerto-Test vDC Net from the "Failover/Move Network" drop-down menu.
- Select Cust-NCD-Zerto-Test vDC Net from the "Failover Test Network" drop-down menu.
- Click NEXT. The Create VPG pop-up window proceeds to "NICs" mode.
- Select the checkbox for ZertoTestVm in the list.
- Select FAILOVER/MOVE from the "Views:" box in the upper right corner of the pop-up window.
- Click EDIT SELECTED above the "Views:" box. The Edit vNIC pop-up window appears.
- Select Cust-NCD-Zerto-Test vDC Net from the "Network" drop-down menus in the "Failover/Move" and "Test" columns.
- Leave the "MAC Address" drop-down menu settings at their default selections.
- If necessary, select Static- IP Pool from the "vNIC IP Mode" drop-down menus in the "Failover/Move" and "Test" columns.
- In the "IP Address" fields in the "Failover/Move" and "Test" columns, enter the IP address to be assigned to the test VM resource after replication (example: 10.10.20.100).
- Click OK to return to the Create VPG pop-up window in "NICs" mode.
- Click NEXT. The Create VPG pop-up window proceeds to "BACKUP" mode.
- Click NEXT. The Create VPG pop-up window proceeds to "SUMMARY" mode.
- Click DONE.
- Allow Zerto to create and initialize the new VPG before proceeding.
Performing Failover Testing
A failover test confirms the ability of Zerto to successfully replicate your on-premise site to your disaster recovery site.Note: During a failover test, both sites are online and operational simultaneously. This is not problematic for the purpose of this exercise, but you should be aware of this aspect of the failover test in the event that it could cause problems in your implementation.
To perform the failover test:
- If necessary, log into the ZVM service hosted at your on-premise Windows VM to launch the Zerto Virtual Manager Web Client.
- Select the "DASHBOARD" tab.
- If necessary, move the "FAILOVER" selector in the lower right corner of the page to the "TEST" setting.
- Click FAILOVER. The Failover Test pop-up window appears in "SELECT VPGs" mode.
- Select the checkbox corresponding to the ZertoTestVpg VPG.
- Click NEXT. The Failover Test pop-up window proceeds to "EXECUTION PARAMETERS" mode.
- Click NEXT. The Failover Test pop-up window proceeds to "FAILOVER TEST" mode.
- Click START FAILOVER TEST. Allow Zerto to complete the failover before proceeding.
- Test SSH access to Zerto_Test_VM at the disaster recovery site, as follows:
- Using a local UNIX-compatible operating system with internet access, enter the following at the command line:
ssh root@<public ip>
- The
<public ip>
value is the Cust-NCD-Zerto-Test disaster recovery vDC public IP address determined earlier in this exercise (example: 213.35.6.127). - When prompted for a password, provide the administrator password value specified when creating the ZertoTestVm test VM earlier in this exercise.
- The
- Using a local UNIX-compatible operating system with internet access, enter the following at the command line:
- After testing SSH access to the disaster recovery test VM, stop the failover test as follows:
- If necessary, log into the ZVM service hosted at your on-premise Windows VM to launch the Zerto Virtual Manager Web Client.
- Select the "VPGs" tab.
- Stop the failover test by clicking the red button associated with ZertoTestVpg.
- Allow the failover test to fully stop before proceeding.
Performing a Full Failover
To perform a full failover:- If necessary, log into the ZVM service hosted at your on-premise Windows VM to launch the Zerto Virtual Manager Web Client.
- Select the "DASHBOARD" tab.
- If necessary, move the "FAILOVER" selector in the lower right corner of the page to the "LIVE" setting.
- Click FAILOVER. The Failover pop-up window appears in "SELECT VPGs" mode.
- Select the checkbox corresponding to the ZertoTestVpg VPG.
- Click NEXT. The Failover pop-up window proceeds to "EXECUTION PARAMETERS" mode.
- Click Auto-Commit in the "Commit Policy" column of the VPG list.
- Set the Auto-Commit time to 5 minutes. This allows 5 minutes to test the failover before it is committed and becomes permanent – within this 5 minute limit you have the option to roll back the failover if you find problems during testing.
- Click within the Reverse Protection column to enable reverse protection. This setting allows Zerto to reverse replication to the on-premise customer site once a failover to the NCD disaster recovery site is performed.
- Click NEXT. The Failover pop-up window proceeds to "FAILOVER" mode.
- Click START FAILOVER. Allow Zerto to complete the failover before proceeding.
- Test SSH access to Zerto_Test_VM at the disaster recovery site, as follows:
- Using a local UNIX-compatible operating system with internet access, enter the following at the command line:
ssh root@<public ip>
- The
<public ip>
value is the Cust-NCD-Zerto-Test disaster recovery vDC public IP address determined earlier in this exercise. - When prompted for a password, provide the administrator password value specified when creating the ZertoTestVm test VM earlier in this exercise.
- The
- Using a local UNIX-compatible operating system with internet access, enter the following at the command line:
- After successfully testing SSH access to Zerto_Test_VM at the disaster recovery site, commit the failover as follows:
- If necessary, log into the ZVM service hosted at your on-premise Windows VM to launch the Zerto Virtual Manager Web Client.
- Select the "VPGs" tab.
- Select the Commit option associated with the ZertoTestVpg VPG.
OR
- Allow the 5 minute AutoCommit time interval to expire, after which the failover is automatically committed.
Note: Following the full failover operation, log into your on-premise vCenter environment and verify that the Zerto_Test_VM virtual machine is no longer present.