This article will present the concepts and steps required to set up Zerto Virtual Replication on your Hosted Private Cloud (HPC) or Managed Baremetal platform.
Prerequisites
- Must have two HPC or Managed Baremetal platforms on two different datacenters
- In each datacenter, a free public IP must be available
Topics
- Zerto Virtual Replication Concepts
- Activating Zerto in the OVHcloud Manager
- Configuring a Virtual Protection Group (VPG)
- Performing a Failover Test
- Launching a Live Failover
Zerto Virtual Replication Concepts
Zerto Virtual Replication is a disaster recovery solution for vSphere. It enables the replication of VMs between HPC platforms by capturing and propagating all disk operations to the secondary side. It also allows for automation and orchestration of actual failover or failover tests between sites.
Zerto works by deploying a specific VM on each hypervisor called a Virtual Replication Appliance (VRA). VRAs have a predefined configuration:
- 1 vCPU
- 2 GB RAM
- 13 GB Storage
During deployment, VRAs are deployed on the source and destination sites. The VRAs are then paired together to start the replication. Since Zerto does not encrypt the data sent between VRAs, OVHcloud automatically deploys a virtual private network (VPN) tunnel between the VRAs via the L2VPN appliance to protect data in transit.
Before the replication can proceed, VMs must be grouped into a logical container called a Virtual Protection Group (VPG), on which all replication parameters will be defined. VPGs allow for the consistent application of parameters across a group of VMs that share the same replication requirements (typically, VMs that belong to the same function or application). VPGs can be prioritized to most efficiently use available bandwidth.
Activating Zerto in the OVHcloud Manager
To begin activating Zerto, first log into the OVHcloud Manager. On the left-hand sidebar, under Private Cloud, choose the HPC datacenter on which you wish to activate Zerto. Then, click the Disaster Recovery Plan (DRP) tab.
Choose the Between two OVH Private Cloud solutions or Between two Managed Bare Metal servers button and click the Enable Zerto DRP button. For the primary datacenter, select an available public IP.
For the "Secondary datacenter" step, select the secondary HPC, secondary datacenter, and a public IP address.
Click the Install button once you have confirmed that everything is correct.
Zerto is a big application and it takes time to deploy. Please allow up to an hour for it to fully install. When it is finished, you will receive an email containing the instructions for accessing your primary and secondary ZVMs via a web browser. Log in using the same credentials you use to access the PCC environment in question. Once you are logged in, we can begin configuring a VPG.
Configuring a Virtual Protection Group (VPG)
Log into the ZVM using the link provided in the email you received. You will see the Zerto dashboard as follows:
On this dashboard, you will see:
- The status of your VPGs
- Key indicators for the Zerto platform
- Network and I/O consumption figures
- Logs for alerts and messages
Select VPGs on the left-hand column and click + New VPG on the top-right of the ensuing page.
On the General tab, enter a name for the VPG. The "Priority" menu lets you choose how Zerto will prioritize bandwidth allocation. In most cases, you can leave the priority as "Medium". For the VPG type, you have two options:
- Remote DR and Continuous Backup - this option will configure your remote DR site and duplicate the workloads you have selected based on the selections made within the VPG
- Local Continuous Backup - this option will generate a local backup of the selected workloads which will be continuously updated based on the options selected
Click the Next button. On the VMs tab, select the VMs that will be in the VPG and click the right arrow to add them.
Note: A VM cannot belong to multiple VPGs.
Click Next once you have added all of the VMs you wish to add to the VPG. Next, we will select the recovery site on the Replication tab. The primary datacenter will be designated with (Local) in parentheses. Finally, choose the host and datastore on which you wish to store the backup.
Click Next once you have selected your recovery site. On the Storage tab, you can override the default recovery resources for specific VMs.
If you do not need to override the default recovery resources for any VMs, just click Next. Now define the default network to be used for test and actual failovers. For the "Failover/Move Network", choose the default vSphere port group for an actual failover. For the "Failover Test Network", choose the default vSphere port group for a test failover. For "Default Recovery", select the folder where you wish for your VMs to be saved.
When you have confirmed the settings are correct, press Next. On the NICs tab, you can override the default recovery networks for each VM and specify the IP addresses to use in case of a test or an actual failover.
If the actions on this tab are not necessary, click Next. Long term retention is disabled; click Next through the Retention Policy tab. This will take you to the Summary tab.
Once you have confirmed that all of your settings are correct, click the Done button. On the screen you will see the new VPG. Give it some time to finish creating. When it is finished, we are ready to configure a failover.
Performing a Failover Test
Now that you have configured a VPG, you can test the Zerto failover features.
Warning: A failover test will have no impact on the production site. You will need to make sure that the VMs that are being failed-over are starting in an isolated network using different IPs to avoid network conflicts. All of the VMs created during the failover tests are fully managed by Zerto; you should not remove or modify them. These VMs will be automatically removed at the end of the failover test. The VRA will function normally during a failover test.
To begin the test, click the Test button in the bottom-left corner of the ZVM dashboard. On the Select VPGs tab, you can choose the VPGs you wish to test. You can also test individual VMs by clicking the button with the cursor in the square to the right of a VPG.
Once you have made your selections, click the Next button. On the Execution Parameters page, select the checkpoint for the failover.
Once you have selected the checkpoint, click the Next button. On the Failover Test tab, you can confirm that your settings are correct.
Once you have confirmed your settings, click Start Failover Test. On the VPGs tab, you can see that the failover test is working.
You can confirm that the VMs are failing over to your secondary datacenter by logging into vSphere on the secondary HPC. When all checks have been performed, click the little red box, next to the words "Testing Failover".
Click the Stop button to stop the test and note whether it was a success or a failure. Cleanup operations will immediately launch on the secondary datacenter.
Launching a Live Failover
If your primary datacenter has been rendered unusable by a disaster, and that disaster is not that AI has taken over humanity, rendering your disaster recovery obsolete, you can launch a full failover from the secondary datacenter.
Warning: If you trigger an actual failover while the primary datacenter is still available, you run the risk of having an IP conflict between the primary and secondary datacenter sites. Make sure your network configurations account for this possibility. Additionally, during an actual failover, VRAs will stop replication operations.
Click the Failover button. On the Select VPGs tab, you can choose the VPGs you wish to failover. You can also failover individual VMs by clicking the button with the cursor in the square to the right of a VPG.
Once you have selected your VPGs or VMs, click the Next button. On the Execution Parameters tab, you can select the checkpoint, commit policy, and whether you wish to use reverse protection or not.
There are three types of commit policy:
- Auto-Rollback - If no action is taken, the rollback starts automatically after the timer elapses.
- Auto-Commit - If no action is taken, data changed on the secondary datacenter will now stay there by default and a manual reverse replication will need to be set up to fail back.
- None - Rollback and Commit will both need to be launched manually.
Reverse protection will ensure that after the failover the original VMs on the primary site are protected by synchronizing the VMs with each other. The synchronization uses the original protected disks. If you do not select reverse protection, these disks will be removed.
Once you have confirmed that these settings are correct, click the Next button.
Warning: Please read the summary and all of the warnings on the Failover tab carefully.
Click Start Failover once you are absolutely sure the failover is configured correctly. You will receive the following warning. If you select an automatic commit policy, you will receive the following warning:
Click Start Failover if this is correct. You will see the failover task on the VPGs tab.
You can follow the actions from the secondary datacenter. Validate that the VMs start successfully on the secondary platform.
As long as you have not committed to the failover or failed back the operation, you will see a check mark next to "Failover ended". Click the check mark and a menu will pop up allowing you to commit the data to the secondary datacenter. You will also be able to configure reverse protection at this time.
Click the Commit button to commit the failover.
If you check the VPG, you will see that the arrow in the replication direction column has changed. This means that a failover performed now would fail over to the primary datacenter provided that you enabled reverse protection. If you have not enabled reverse protection, you will need to create a new VPG and start this guide again from the beginning to perform a failback.
Conclusion
Having read this guide, you should now be able to configure a VPG from one OVHcloud HPC to another as well as create both, test failovers and live failovers with Zerto.