Automating vSphere Replication and SRM with vRealize Orchestrator

With the release of the vSphere Replication plugin for vRealize Orchestrator there are a whole set of new automation capabilities when it comes to Disaster Recovery for your VMware environment. The new plugin enables you to configure vSphere Replication:

  • to vCloud Air Disaster Recovery Service
  • to another vCenter deployment
  • or even within the same vCenter deployment

I’d recommend reading the release notes for more details on what capabilities are on offer. In this blog post I want to demonstrate how you can easily combine the vSphere Replication plugin with the SRM plugin to automate the end to end replication and DR protection of your Virtual Machines. Without further ado here’s where we want to end up:

In this short video you saw that the administrator selected a handful of Virtual Machines they wanted to protect, invoked a VRO workflow from the context menu, and was able to completely configure the replication and protection of the VMs in just a few seconds! In fact most of the video was me driving the UI to show you all the items (replication schedules, protected VMs, protection groups, recovery plans, etc.) that were created by the workflow.

So What do We Need to Make It Work?

The demonstration used the following products:

How Did You Build The Workflow?

The workflow was built by linking together various out of the box workflows provided by the VR and SRM plugins. I actually built two workflows so I could separate out the workflow that linked together the two plugins capabilities, and another workflow that wrapped the more complex workflow with some predefined attributes and a little scripting to simplify the presentation and make it easy to call from the vSphere Web Client.

As you can see the workflow assigned to the context menu provides is basically a wrapper with a little scripting to allow me to use predefined RPO tiers when presenting the workflow and some predefined attributes to allow me to simplify the what I choose to present to the user.

vro-workflow-1

The workflow that ties the VR and SRM workflows together looks more complex, but most of it is simply chaining together out of the box workflows.

vro-workflow-2

The green and blue highlighted sections are the workflows provided by the VR and SRM plugins for vRO. The red highlighted section was custom built to handle a simple lookup from an instance of VC:VirtualMachine to an instance of SRM:UnassignedReplicatedVm. The script to do this is a one liner:

replVm = Server.findForType("SRM:UnassignedReplicatedVm", sourceVm.id);

Conclusion

Hopefully this has given you a glimpse into what you can achieve with these new automation capabilities. While there is a learning curve to vRealize Orchestrator there is also a lot of potential to streamline your operations. Being able to combine the automation capabilities of VR and SRM opens up a lot of new possibilities to explore.

Update: Presenting RPOs as a Dropdown list

One of my colleagues asked me how I was able to present the RPO values as a drop-down list. To do that required me to configure the presentation properties of the workflow. Within vRealize Orchestrator you are able to control how parameters are presented to the end user in the presentation tab. Here I simply added a set of Predefined answers to a field I called ReplicationTier (you can also order and group the parameters that you present to the customer as well in this tab).

vro-workflow-presentation

The selected value us then passed to a short script that parses the value selected by the user and determines what the RPO value, in minutes, should be set as:

RPO = 4 * 60; // set default to 240 minutes, i.e. 4 hours.
if (ReplicationTier.indexOf("Gold") > -1) {
    RPO = 15; // 15 minute RPO
} else if (ReplicationTier.indexOf("Silver") > -1) {
    RPO = 4 * 60; // 4 hour RPO
} else if (ReplicationTier.indexOf("Bronze") > -1) {
    RPO = 12 * 60; // 12 hour RPO
}

This is the Lookup RPO from tier script task in the first workflow schema image shared above. Of course this is not necessary, you can just ask for the RPO value as a number input (with min and max values) but I thought the dropdown selection was a nice option to demonstrate.

What You Need to Know About SRM 6.0

With the launch of VMware Site Recovery Manager 6.0 here are some useful resources for people that want to learn more about the new features, roll out a fresh deployment, or who are looking to upgrade.

What’s New

Here are my posts about some key changes in SRM 6:

I’d also recommend checking out the blogs by GS Khalsa for SRM 6.0 and Jeff Hunter for vSphere Replication 6.0.

Where Can I Download the Bits?

Planning a Fresh Install or Upgrade to SRM 6?

Here are some resources you will find useful when planning the setup and deployment of SRM:

In addition to the SRM documentation I highly recommend reading the vSphere installation documentation and the following KB articles and white papers that are relevant to a multi-site and multi-product deployment:

Network Ports to Open for SRM and vSphere Replication 6.0

Because you do actually want to replicate the VMs don’t you?

What Do I Need to Know About Deploying SRM 6 in Larger Environments?

SRM 6.0 now supports up to 2,000 VMs replicated with vSphere Replication (up from 500 in the 5.8 release). SRM 6.0 continues to support protection of up to 5,000 VMs with array based replication.

What Site Topologies Does SRM 6 Support?

SRM 6.0 continues to support a variety of deployment topologies:

Where Can I Learn More?

The SRM Administration Guide is a great resource, also Eric Shank’s SRM 5.8 guide is also largely applicable to SRM 6.0. If you have any questions on SRM I’d recommend posting in the SRM community at VMTN.

 

SRM 6 Inventory Mapping Improvements

With the release of SRM 5.8 the user interface was significantly updated to integrate with the vSphere Web Client for the first time. As part of the update of the user interface we improved a lot of things, like being able to add paired array managers at the same time, creating reverse inventory mappings, or my personal favorite enabling rule based IP reconfiguration.

When demoing these new improvements to customers the feedback on these changes was very positive. One piece of feedback that I heard consistently (even in the SRM 5.8 beta) was the need to make it easier to create inventory mappings, especially at scale. As a result of that customer feedback one of the UI enhancements introduced in the recent SRM 6.0 release is the introduction of streamlined inventory mapping for networks and folder structures.

Introducing A New Option To Create Inventory Mappings by Matching Folder and Network Names

Picture a scenario where you have a large number of folders or networks that you want to create inventory mappings for. In SRM 5.8 that process involved you either creating the mapping one-by-one in the user interface (and being able to create the reverse mapping automatically) or automating the process via the SRM public API or VRO plug-in. Now with SRM 6.0 you can just select the root of a hierarchy you want to map and all the child elements will be automatically matched by name for you.

If you maintain consistent folder or network naming across sites this could potentially save a lot of time in creating the initial inventory mappings, especially for large inventories.

Walkthrough Auto-Mapping Folders by Name

A lot of customers use folders to organize their VM inventory, in this example the VMs are organized by department and the same naming scheme is used on both sites for consistency. Here are the two sites, Anaheim and Boulder, with all the departmental folders organized under a top level “Production” folder at each site.

srm-6-mapping-1

When creating an inventory mapping you are now prompted to either select the existing mapping behavior where you select items manually, or the new automatic behavior based on matching names. Choose the new option and proceed to the next screen.

srm-6-mapping-2

Now you will select the source and target “roots” for the folders you want to map. You choose the root folder on the left for the first site, followed by the target folder on the right for the second site. Then click the Add mappings button to generate the automatic mappings.

srm-mapping-3

A small confirmation box will pop-up showing the results of the automatic mapping.

srm-mapping-4

Next you can review the suggested mappings and go onto the next step in the mapping process.

srm-mapping-5

The final step is to decide whether you want to create the reverse mappings or not for these folders. If you do you can either select them one by one, or just click the “Select all applicable” link to select them all at once and then complete the folder mapping dialog by clicking finish.

srm-mapping-6

Walkthrough Auto-Mapping Networks by Name

Just as we could use name based matching to speed up the creation of inventory mappings for folders we can also do the same thing for networks.Here’s an abbreviated walkthrough showing the same approach to configuring inventory mappings of distributed switches.

First we can see that we have some distributed switches where the associated port groups have matching names across the two sites.

srm-mapping-7

In the same way we could select automatic mapping mapping for folders we can select the option to automatically map our networks as well.

srm-mapping-8

For the next step we select the distributed switches as the root of the mapping on both sites and click the “Add mappings” to generate the matches.

srm-mapping-9

After dismissing the popup and reviewing the proposed mappings we can continue on with the rest of the wizard to completion.

Summary

If you are doing a small scale SRM deployment with just a couple of folders or port groups these enhancements are not going to be a huge deal. If however you deal with 10′s of folders or networks and have adopted consistent naming across both sites there is the potential for this to make your initial setup of SRM much more efficient.

Further Reading

SRM 6.0 Simplified Certificates

One of the improvements I was most happy to see in VMware Site Recovery Manager 6.0 was the simplified experience deploying SRM with external certificates. With earlier SRM releases external certificates were used to both authenticate the SRM instances with each other and also authenticate SRM servers to their associated vCenter instance. This dual purpose meant that there were several requirements and restrictions placed on external certificates that made it more difficult to quickly deploy SRM when using external certs.

With the integration of SRM 6.0′s deeper integration with SSO the requirements imposed by the dual usage of certificates could be relaxed compared to earlier releases. These improvements will make it easier to deploy SRM with external certificates. The SRM 6.0 Installation and Configuration guide provides full details of the updated certificate requirements. A short list of the improvements taken from the guide are:

  • “If you use a custom certificate for vCenter Server and Platform Services Controller, you are not obliged to use a custom certificate for Site Recovery Manager, and the reverse.”
  • “Unlike in previous releases, there is no requirement for the certificate to also be a client certificate.”
  • “The Subject Name does not need to be the same for both members of a Site Recovery Manager Server pair.”

Another improvement in this release is that SRM 6.0 will warn customers who try and use certificates with SHA1 signature algorithms (SHA256 or stronger is recommended). Also in this release the insecure MD5 signature algorithm is no longer supported with SRM.

While improved certificate handling is a fairly small improvement (and there’s still more room to improve) I do think it is indicative of the focus that the SRM team has been putting on improving the overall operational experience of the product.

Further Reading

SRM 6 and vSphere 6 Storage DRS (SDRS) Improvements for Array Based Replication

With the announcement of vSphere 6 one of the touted features was improved integration between Site Recovery Manager 6 and vSphere 6′s Storage DRS feature when using array based replication. Since SRM 5.5 and vSphere 5.5 the two capabilities have been supported together with some caveats. With the newly announced release the integration between the two will be much simpler. This post will focus on array based replication but as noted in Cormac’s post the SDRS and vSphere Replication integration has also improved.

Okay, Tell Me More About Those Array Based Replication Caveats

Since SRM 5.5 you have been able to use Storage vMotion to move protected VMs between datastores belonging to the same consistency group. However there was nothing to warn users when they were migrating a VM outside of the consistency group (or even onto non-replicated datastores) or prevent Storage DRS doing the same.

To workaround this there are two key items customers have been doing:

So What Changes in vSphere 6 and SRM 6?

The SRM and Storage DRS teams have worked together to make SDRS aware of which datastores are being replicated and the consistency group membership. When SRM discovers replicated devices it associates information to the appropriate datastores in vSphere (e.g. that it is replicated and the consistency group), this information is then used by SDRS in deciding which automatic moves it can make, SDRS will not perform any automatic migrations that would impair the recoverability of a VM with SRM.

With this change you don’t have to be as fine-grained with your storage clusters, or alternatively as coarse in your failover granularity. Now you can mix non-replicated and replicated datastores in the same cluster, and even replicated datastores belonging to different consistency groups.

This reduces the operational burden of working with SRM and SDRS and provides much more flexibility in how you choose to organize your datastores and datastore clusters.

srm-sdrs

[Update March 17th 2015] – There is now a KB article, How Site Recovery Manager Handles Storage DRS Tagging (2108196), that goes into some more detail on how SRM and SDRS interoperate using tags.

Further Reading