VMWARE

Rajesh Radhakrishnan

17/08/2022 Published 3 weeks ago

https://vmarena.com/wp-content/uploads/2024/12/VCDR.png

VMware Cloud Disaster Recovery (VCDR) Solution Deployment And Configuration Part 2

In my previous blog post, I have explained about VMware Cloud Disaster Recovery (VCDR) Onboarding and initial deployment . In this post, I will cover the initial configuration of VCDR solution

Before starting the configuration part we need to look in to the Pre-deployment Checklist which is very important

Main two points we need to consider is opening required firewall ports for the communication and setting up aws account

Open firewall ports :-

Firewall ports should be opened to allow for communication between your production sites and VMware Cloud DR Components.

Connectivity between on-premises and VCDR environment

Set up AWS account

Virtual Private Cloud (VPC), and Subnet. An AWS account must be linked to your VMware Cloud (VMC) organization before you can deploy a new SDDC. Your AWS VPC subnet, and AWS account also must meet certain requirements, which you can view here.

VMware Cloud DR provides a quick setup guide on the main dashboard that provides step-by-step guidelines for performing main tasks in the application.

Configure the API token

API tokens is used to authenticate yourself when you make authorized API connections. An API token is exchanged for an access token and authorizes access per organization. Generating API tokens is performed from your account page in Cloud Services Console or through the VMware Cloud Services. Tokens are generated using a special algorithm that picks up alphanumeric characters. Each token is a unique 65 characters combination.

When you generate a token, you determine its duration and scopes:

A token’s Time to Live (TTL) can range from several minutes to several months, or set to never expire. Note:- The default duration is six months.
Scopes provide a way to implement control over what areas in an organization your token can access – specifically which role in an organization, and what services and the level of permissions

When you create an API token, you define its scope of permissions by assigning specific organization roles and service roles. For VMware Cloud DR, you need to scope the following roles to the API token.

Organization Role: Organization Owner
Service Roles:
- VMware Cloud on AWS Administrator
- VMware Cloud on AWS NSX Cloud Admin

The maximum lifespan of a VMware Cloud Services API token is 60 months, after which you must regenerate a new token and configure it inside of VMware Cloud DR. If you do not regenerate a new token when the old one expires, the product features cannot function. The best practice in this case is to create an API token with the longest Time To Live (TTL) possible, to avoid service interruption.

On the Cloud Services Console toolbar, click your user name and select My Account

Click the Generate a New API Token link .

Enter a name for the token.
Specify the desired lifespan of the token and Click Generate
- You have option for enabling Send me email reminders when this token is about to expire in

Next you can add an Add the API Token

- From the left navigation, select Settings.
- Under API token, click the API token button.
- In the Configure API token dialog box, enter the API token.
- Click the Validate button.
- Click OK

Deploy a Cloud File System

The Cloud file systems and all Recovery SDDCs must be the same AZ inside one AWS region. This specific AZ is referred to as the “recovery” AZ, and is where you deploy Recovery SDDCs and add existing SDDCs for recovery operations .
Note:- In my current environment CFS is already deployed which is SCFS-01

Set up a Protected Site

We have two options available protect on-premises site or protect an SDDC site

In this scenarios, we are protecting on-premises vCenter by clicking the Set up a protected site link menu and follow below options
- Select On-Premises Site
- Select the type of connectivity
- Time zone
- and Enter your on-premises Site Name
- Click on SET UP

Protected site will be created and you will get option DEPLOY DRaaS Connector for the site
Click on DEPLOY

From the next screen you will get steps to follow to deploy the connector

First download the virtual appliance that will enable connectivity from the SDDC to the Cloud filesystem from Appliance OVA URL
- Note:- Site specific password will rest every 5 minute

- Note:- Few information about cloud connector
- Do not name the DRaaS Connector VM using the same naming conventions you use to name VMs in your vSphere environment.
- Avoid giving the DRaaS Connector VM a name that might match the VM name pattern you use when you define protection groups.
- If you are deploying the DRaaS Connector to a VMware Cloud SDDC with more than one cluster, you must choose a cluster to deploy the connector VM on.
- Each cluster in your SDDC must have the connector VM deployed on it in order for the VMs running on the cluster to be added to protection groups and replicated to a cloud backup site.
- Do not use non-ASCII characters for the connector name label.
- You can create multiple connector for single site based on capacity and number of VMs to be protected
After downloading the OVA by using the URL, upload the OVA to a Content Library and deploy from content library or deploy the OVA from vCenter directly by selecting local file option
Login to the vCenter and select deploy OVF template from Cluster

Browse and select the local connector OVA file and click NEXT

Select the location where connector to be deployed and click NEXT

Select the compute resource where connector to be deployed and Click VMware-Cloud-Disaster-Recovery-VCDR-Solution-Deployment

Review the detail and Click NEXT to continue

Select the storage , virtual disk format and click NEXT

Select the Network and click NEXT
Note :- IP address should be assigned manually

Validate all entered details and Click FINISH

Once the OVA is deployed manually power on the Virtual Machine

Once VM is booted up login with default credentials to start the configuration
- admin/vmware#1
- type network IP allocation option Static or DHCP
- In our scenario selected ‘a’ to start Static IP allocation

Enter a new IP address ,subnet mask and a DNS IP address , Once testing is completed and success you can move to next step

Enter the Cloud Orchestrator FQDN

Enter the passcode , once its validated you can enter the site label Label , After receiving the Success message to inform me that the setup was achieved.

Finally we have to validate the firewall rules has been automatically created in the SDDC , if not create we need to manually create the rules.

Verify the compute Gateway Firewall rules

Verify the Management Gateway Firewall rules

Note:- currently all ports are opened here between compute gateway source and destination , you can restrict the ports as per the best practices and requirements

Conclusion

We have successfully deployed VCDR connector and finished the initial configuration , in upcoming post will explain how tor register the on-premises vCenter , configure the recovery SDDC and how to protect the workloads .

Stay tuned for the next Blog on VMware Cloud Disaster Recovery (VCDR) Solution Deployment And Configuration