VMworld 2015

VMworld 2015 is about to kick off in a few days and will be a hectic few days up in San Francisco. I’ll be there mostly talking and presenting on a variety of things like Virtual Volumes (VVol), Storage Policy-Based Management (SPBM), vSphere APIs for IO Filtering (VAIO) as well as covering some interesting work the SRM and NSX teams have been working on together.

As always at VMworld there are far more sessions to see than time in which to see them, having said that here are a few sessions on topics I am interested in that look to be particularly interesting:

Normally I only try and present one session at VMworld but circumstances conspired to pull me into multiple sessions this year. If you want to see me on stage I will be involved with the following, sure to be awesome :-), sessions:

And I will also be taking part in a group discussion with @vmKen about VVols and a meet the experts session.

I’m looking forward to meeting lots of new faces this year! If you are going to VMworld feel free to reach out and connect with me on twitter - @BenMeadowcroft

Automating vSphere Replication and SRM with vRealize Orchestrator

With the release of the vSphere Replication plugin for vRealize Orchestrator there are a whole set of new automation capabilities when it comes to Disaster Recovery for your VMware environment. The new plugin enables you to configure vSphere Replication:

  • to vCloud Air Disaster Recovery Service
  • to another vCenter deployment
  • or even within the same vCenter deployment

I’d recommend reading the release notes for more details on what capabilities are on offer. In this blog post I want to demonstrate how you can easily combine the vSphere Replication plugin with the SRM plugin to automate the end to end replication and DR protection of your Virtual Machines. Without further ado here’s where we want to end up:

In this short video you saw that the administrator selected a handful of Virtual Machines they wanted to protect, invoked a VRO workflow from the context menu, and was able to completely configure the replication and protection of the VMs in just a few seconds! In fact most of the video was me driving the UI to show you all the items (replication schedules, protected VMs, protection groups, recovery plans, etc.) that were created by the workflow.

So What do We Need to Make It Work?

The demonstration used the following products:

How Did You Build The Workflow?

The workflow was built by linking together various out of the box workflows provided by the VR and SRM plugins. I actually built two workflows so I could separate out the workflow that linked together the two plugins capabilities, and another workflow that wrapped the more complex workflow with some predefined attributes and a little scripting to simplify the presentation and make it easy to call from the vSphere Web Client.

As you can see the workflow assigned to the context menu provides is basically a wrapper with a little scripting to allow me to use predefined RPO tiers when presenting the workflow and some predefined attributes to allow me to simplify the what I choose to present to the user.

vro-workflow-1

The workflow that ties the VR and SRM workflows together looks more complex, but most of it is simply chaining together out of the box workflows.

vro-workflow-2

The green and blue highlighted sections are the workflows provided by the VR and SRM plugins for vRO. The red highlighted section was custom built to handle a simple lookup from an instance of VC:VirtualMachine to an instance of SRM:UnassignedReplicatedVm. The script to do this is a one liner:

replVm = Server.findForType("SRM:UnassignedReplicatedVm", sourceVm.id);

Conclusion

Hopefully this has given you a glimpse into what you can achieve with these new automation capabilities. While there is a learning curve to vRealize Orchestrator there is also a lot of potential to streamline your operations. Being able to combine the automation capabilities of VR and SRM opens up a lot of new possibilities to explore.

Update: Presenting RPOs as a Dropdown list

One of my colleagues asked me how I was able to present the RPO values as a drop-down list. To do that required me to configure the presentation properties of the workflow. Within vRealize Orchestrator you are able to control how parameters are presented to the end user in the presentation tab. Here I simply added a set of Predefined answers to a field I called ReplicationTier (you can also order and group the parameters that you present to the customer as well in this tab).

vro-workflow-presentation

The selected value is then passed to a short script that parses the value selected by the user and determines what the RPO value, in minutes, should be set as:

RPO = 4 * 60; // set default to 240 minutes, i.e. 4 hours.
if (ReplicationTier.indexOf("Gold") > -1) {
    RPO = 15; // 15 minute RPO
} else if (ReplicationTier.indexOf("Silver") > -1) {
    RPO = 4 * 60; // 4 hour RPO
} else if (ReplicationTier.indexOf("Bronze") > -1) {
    RPO = 12 * 60; // 12 hour RPO
}

This is the Lookup RPO from tier script task in the first workflow schema image shared above. Of course this is not necessary, you can just ask for the RPO value as a number input (with min and max values) but I thought the dropdown selection was a nice option to demonstrate.

What You Need to Know About SRM 6.0

With the launch of VMware Site Recovery Manager 6.0 here are some useful resources for people that want to learn more about the new features, roll out a fresh deployment, or who are looking to upgrade.

What’s New

Here are my posts about some key changes in SRM 6:

I’d also recommend checking out the blogs by GS Khalsa for SRM 6.0 and Jeff Hunter for vSphere Replication 6.0.

Where Can I Download the Bits?

Planning a Fresh Install or Upgrade to SRM 6?

Here are some resources you will find useful when planning the setup and deployment of SRM:

In addition to the SRM documentation I highly recommend reading the vSphere installation documentation and the following KB articles and white papers that are relevant to a multi-site and multi-product deployment:

Network Ports to Open for SRM and vSphere Replication 6.0

Because you do actually want to replicate the VMs don’t you?

What Do I Need to Know About Deploying SRM 6 in Larger Environments?

SRM 6.0 now supports up to 2,000 VMs replicated with vSphere Replication (up from 500 in the 5.8 release). SRM 6.0 continues to support protection of up to 5,000 VMs with array based replication.

What Site Topologies Does SRM 6 Support?

SRM 6.0 continues to support a variety of deployment topologies:

Where Can I Learn More?

The SRM Administration Guide is a great resource, also Eric Shank’s SRM 5.8 guide is also largely applicable to SRM 6.0. If you have any questions on SRM I’d recommend posting in the SRM community at VMTN.

 

SRM 6 Inventory Mapping Improvements

With the release of SRM 5.8 the user interface was significantly updated to integrate with the vSphere Web Client for the first time. As part of the update of the user interface we improved a lot of things, like being able to add paired array managers at the same time, creating reverse inventory mappings, or my personal favorite enabling rule based IP reconfiguration.

When demoing these new improvements to customers the feedback on these changes was very positive. One piece of feedback that I heard consistently (even in the SRM 5.8 beta) was the need to make it easier to create inventory mappings, especially at scale. As a result of that customer feedback one of the UI enhancements introduced in the recent SRM 6.0 release is the introduction of streamlined inventory mapping for networks and folder structures.

Introducing A New Option To Create Inventory Mappings by Matching Folder and Network Names

Picture a scenario where you have a large number of folders or networks that you want to create inventory mappings for. In SRM 5.8 that process involved you either creating the mapping one-by-one in the user interface (and being able to create the reverse mapping automatically) or automating the process via the SRM public API or VRO plug-in. Now with SRM 6.0 you can just select the root of a hierarchy you want to map and all the child elements will be automatically matched by name for you.

If you maintain consistent folder or network naming across sites this could potentially save a lot of time in creating the initial inventory mappings, especially for large inventories.

Walkthrough Auto-Mapping Folders by Name

A lot of customers use folders to organize their VM inventory, in this example the VMs are organized by department and the same naming scheme is used on both sites for consistency. Here are the two sites, Anaheim and Boulder, with all the departmental folders organized under a top level “Production” folder at each site.

srm-6-mapping-1

When creating an inventory mapping you are now prompted to either select the existing mapping behavior where you select items manually, or the new automatic behavior based on matching names. Choose the new option and proceed to the next screen.

srm-6-mapping-2

Now you will select the source and target “roots” for the folders you want to map. You choose the root folder on the left for the first site, followed by the target folder on the right for the second site. Then click the Add mappings button to generate the automatic mappings.

srm-mapping-3

A small confirmation box will pop-up showing the results of the automatic mapping.

srm-mapping-4

Next you can review the suggested mappings and go onto the next step in the mapping process.

srm-mapping-5

The final step is to decide whether you want to create the reverse mappings or not for these folders. If you do you can either select them one by one, or just click the “Select all applicable” link to select them all at once and then complete the folder mapping dialog by clicking finish.

srm-mapping-6

Walkthrough Auto-Mapping Networks by Name

Just as we could use name based matching to speed up the creation of inventory mappings for folders we can also do the same thing for networks.Here’s an abbreviated walkthrough showing the same approach to configuring inventory mappings of distributed switches.

First we can see that we have some distributed switches where the associated port groups have matching names across the two sites.

srm-mapping-7

In the same way we could select automatic mapping mapping for folders we can select the option to automatically map our networks as well.

srm-mapping-8

For the next step we select the distributed switches as the root of the mapping on both sites and click the “Add mappings” to generate the matches.

srm-mapping-9

After dismissing the popup and reviewing the proposed mappings we can continue on with the rest of the wizard to completion.

Summary

If you are doing a small scale SRM deployment with just a couple of folders or port groups these enhancements are not going to be a huge deal. If however you deal with 10′s of folders or networks and have adopted consistent naming across both sites there is the potential for this to make your initial setup of SRM much more efficient.

Further Reading

SRM 6.0 Simplified Certificates

One of the improvements I was most happy to see in VMware Site Recovery Manager 6.0 was the simplified experience deploying SRM with external certificates. With earlier SRM releases external certificates were used to both authenticate the SRM instances with each other and also authenticate SRM servers to their associated vCenter instance. This dual purpose meant that there were several requirements and restrictions placed on external certificates that made it more difficult to quickly deploy SRM when using external certs.

With the integration of SRM 6.0 with SSO the certificate requirements (imposed by the dual usage of certificates) could be relaxed compared to earlier releases. These improvements will make it easier to deploy SRM with external certificates. The SRM 6.0 Installation and Configuration guide provides full details of the updated certificate requirements. A short list of the improvements taken from the guide are:

  • “If you use a custom certificate for vCenter Server and Platform Services Controller, you are not obliged to use a custom certificate for Site Recovery Manager, and the reverse.”
  • “Unlike in previous releases, there is no requirement for the certificate to also be a client certificate.”
  • “The Subject Name does not need to be the same for both members of a Site Recovery Manager Server pair.”

Another improvement in this release is that SRM 6.0 will warn customers who try and use certificates with SHA1 signature algorithms (SHA256 or stronger is recommended). Also in this release the insecure MD5 signature algorithm is no longer supported with SRM.

While improved certificate handling is a fairly small improvement (and there’s still more room to improve) I do think it is indicative of the focus that the SRM team has been putting on improving the overall operational experience of the product.

Further Reading