Protection Groups and Recovery Plans for SRM on Google Cloud VMware Engine
Site Recovery Manager is dependent on vSphere Replication, but vSphere Replication is not dependent on Site Recovery Manager. You can use vSphere Replication independently of Site Recovery Manager. For example, you can use vSphere Replication to replicate all the virtual machines in the vCenter Server inventory, but only include a subset of those virtual machines in protection groups. Changes that you make to vSphere Replication configuration can affect the Site Recovery Manager protection of the virtual machines that you do include in protection groups.
Site Recovery Manager monitors the vSphere Replication status of the virtual machines in vSphere Replication protection groups. If replication is not functioning for a virtual machine in a protection group, Site Recovery Manager cannot recover the virtual machine.
If you unconfigure vSphere Replication on a virtual machine, Site Recovery Manager continues to include that virtual machine in protection groups in which you included it. Site Recovery Manager cannot recover that virtual machine until you reconfigure replication. If you unconfigure vSphere Replication on a virtual machine, you must remove it from the protection group manually.
If you remove a virtual machine with vSphere Replication from a protection group, vSphere Replication continues to replicate the virtual machine to the recovery site. The virtual machine does not recover with the rest of the virtual machines in the protection group if you run an associated recovery plan.
Creating Protection Groups
A protection group is a collection of virtual machines that the Site Recovery Manager protects together. Protection group are a per SDDC configuration and needs to be created on each SDDC if VMs are replicated in bi-directionally.
There are two ways to connect a VM to the protection group.
- Create/Attach a protection group while enabling vSphere replication on the virtual machine.
- Create a new Protection group and add Virtual machines in the vCenter Server inventory that are configured for replication.
Create Recovery Plans
A recovery plan is like an automated runbook. It controls every step of the recovery process, including the order in which Site Recovery Manager powers on and powers off virtual machines, the network addresses that recovered virtual machines use, and so on. Recovery plans are flexible and customizable.
A recovery plan runs a series of steps that must be performed in a specific order for a given workflow such as a planned migration or reprotection. You cannot change the order or purpose of the steps, but you can insert your own steps that display messages and run commands.
A recovery plan includes one or more protection groups. Conversely, you can include a protection group in more than one recovery plan. For example, you can create one recovery plan to handle a planned migration of services from the protected site to the recovery site for the whole SDDC and another set of plans per individual departments. Thus, having multiple recovery plans referencing one protection group allows you to decide how to perform recovery.
You can run only one recovery plan at a time to recover a particular protection group. If you test or run a recovery plan with a protection group that is shared in other recovery plans, the other recovery plans change the state of the protection group to “ProtectionGroup In Use” and you cannot run them.
- Site Recovery Manager runs the recovery plan steps in different ways depending on the configuration.
- Runs some of the steps during all recoveries
- Runs some of the steps only during test recoveries
- Some of the steps are always skipped during test recoveries
Like protection groups, recovery plans are also SDDC- specific and must be created on each SDDC, if replication is configured bi-directionally.
You can configure a recovery plan to perform many actions/tasks:
- Run commands on a virtual machine
- Display messages that require a response when the plan runs on the Site Recovery Manager Server or in the guest OS
- Suspend non-essential virtual machines during recovery
- Configure dependencies between virtual machines
- Customize virtual machine network settings
- Change the recovery priority of protected virtual machines.
Administrators can add pre or post-scripts to a VM’s recovery plan and configure the execution of the plan in a few different ways:
- Execute recovery steps to completion
- Wait for user inputs at specific points in the process
- Stop and wait for a specified time limit, continue, stop again and then complete the plan.
When you run a recovery plan, Site Recovery Manager performs the following operations:
- Powers off the virtual machines according to the priority that you set, with high-priority virtual machines powering off last. Site Recovery Manager skips this step when you test a recovery plan.
- Powers on groups of virtual machines on the recovery site according to the priority that you set. Before a priority group starts, all the virtual machines in the next-higher priority group must recover or fail to recover.
During recovery, dependencies between virtual machines within different priority groups are ignored. If dependencies exist between virtual machines in the same priority group, Site Recovery Manager first powers on the virtual machines on which other virtual machines depend on.
If Site Recovery Manager can meet the virtual machine dependencies, it attempts to power on as many virtual machines in parallel as vCenter Server supports.
A replicated VM configured under a Recovery plan provides the following recovery options.
Site Recovery Manager starts virtual machines on the recovery site according to the priority that you set. The recovery priority determines the shutdown and power-on order of virtual machines.
By default, Site Recovery Manager sets all virtual machines in a new recovery plan to recovery priority level 3. You can increase or decrease the recovery priority of a virtual machine. If you change the priority of a virtual machine, Site Recovery Manager applies the new priority to all recovery plans that contain this virtual machine.
Site Recovery Manager starts the priority 1 virtual machines first, then priority 2 virtual machines second, and so on. Site Recovery Manager uses VMware Tools heartbeat to discover when a virtual machine is running on the recovery site. In this way, it can ensure that all virtual machines of a given priority are running before it starts the virtual machines of the next priority.
If a virtual machine depends on services that run on another virtual machine in the same protection group, you can configure a dependency between the virtual machines. By configuring a dependency, you can ensure that the virtual machines start on the recovery site in the correct order. Dependencies are only valid if the virtual machines have the same priority.
When a recovery plan runs, Site Recovery Manager starts the virtual machines that other virtual machines depend on before it starts the virtual machines with the dependencies. If Site Recovery Manager cannot start a virtual machine that another virtual machine depends on, the recovery plan continues with a warning. You can only configure dependencies between virtual machines that are in the same recovery priority group. If you configure a virtual machine to be dependent on a virtual machine that is in a lower priority group, Site Recovery Manager overrides the dependency and first starts the virtual machine that is in the higher priority group.
If you remove a protection group that contains the dependent virtual machine from the recovery plan, the status of the protection group is set to Not in this Plan in the dependencies for the virtual machine with the dependency. If the configured virtual machine has a different priority than the virtual machine that it depends on, the status of the dependent virtual machine is set to Lower Priority or Higher Priority.
Shutdown and Startup Actions
You can configure how a virtual machine starts up and shuts down on the recovery site during a recovery.
You can configure whether to shut down the guest operating system of a virtual machine before it powers off on the protected site. You can configure whether to power on a virtual machine on the recovery site. You can also configure delays after powering on a virtual machine to allow VMware Tools or other applications to start on the recovered virtual machine before the recovery plan continues.
Recovery Plan Timeouts and Pauses
Several types of timeouts can be configured during the running of recovery plan steps. Timeouts cause the plan to pause for a specified interval to allow the step time to finish. This is configurable using the pre and post-power-on steps.
Message steps force the plan to pause until the user acknowledges the message. For example, a message can instruct an on-call administrator to plug in a network cable, or power on a specific piece of equipment in the on-premises datacenter. Before you add a message step to a recovery plan, ensure that the message is necessary.
An additional option in post power on steps is to run a command on the recovered VM.
As mentioned in the earlier section in this document, you can customize IP settings for virtual machines for the protected site and the recovery site. Customizing the IP properties of a virtual machine overrides the default IP settings when the recovered virtual machine starts at the destination site.
If you do not customize the IP properties of a virtual machine, Site Recovery Manager uses the IP settings for the recovery site during recovery or a test from the protection site to the recovery site. Site Recovery Manager uses the IP settings for the protection site after reprotect during the recovery or a test from the original recovery site to the original protection site.
Site Recovery Manager supports different types of IP customization.
- Use IPv4 and IPv6 addresses.
- Configure different IP customizations for each site.
- Use DHCP, Static IPv4, or Static IPv6 addresses.
- Customize addresses of Windows and Linux virtual machines.
- Customize multiple NICs for each virtual machine.
Note: You only configure one IP address per NIC.