Home > Articles > VMware

This chapter is from the book

Configuring Inventory Mappings

The next stage in the configuration is to configure inventory mappings. This involves mapping the resources (clusters and resource pools), folders, and networks of the Protected Site to the Recovery Site. Ostensibly, this happens because we have two separate vCenter installations that are not linked by a common data source. This is true despite the use of linked mode in vSphere. The only things that are shared between two or more vCenters in linked mode are licensing, roles, and the search functionality. The remainder of the vCenter metadata (datacenters, clusters, folders, and resource pools) is still locked inside the vCenter database driven by Microsoft SQL, Oracle, or IBM DB2.

When your Recovery Plan is invoked for testing or for real, the SRM server at the Recovery Site needs to know your preferences for bringing your replicated VMs online. Although the recovery location has the virtual machine files by virtue of third-party replication software, the metadata that comprises the vCenter inventory is not replicated. It is up to the SRM administrator to decide how this "soft" vCenter data is handled. The SRM administrator needs to be able to indicate what resource pools, networks, and folders the replicated VMs will use. This means that when VMs are recovered they are brought online in the correct location and function correctly. Specifically, the important issue is network mappings. If you don't get this right, the VMs that are powered on at the Recovery Site might not be accessible across the network.

Although this "global default" mapping process is optional, the reality is that you will use it. If you wish, you can manually map each individual VM to the appropriate resource pool, folder, and network when you create Protection Groups. The Inventory Mappings Wizard merely speeds up this process and allows you to set your default preferences. It is possible to do this for each virtual machine individually, but that is very administratively intensive. To have to manually configure each virtual machine to the network, folder, and resource pool it should use in the Recovery Site would be very burdensome in a location with even a few hundred virtual machines. Later in this book we will look at these per-virtual-machine inventory mappings as a way to deal with virtual machines that have unique settings. In a nutshell, think of inventory mappings as a way to deal with virtual machine settings as though they are groups and the other methods as though you were managing them as individual users.

It is perfectly acceptable for certain objects in the inventory mappings to have no mapping at all. After all, there may be resource pools, folders, and networks that do not need to be included in your Recovery Plan. So, some things do not need to be mapped to the Recovery Site, just like not every LUN/volume in the Protected Site needs replicating to the Recovery Site. For example, test and development virtual machines might not be replicated at all, and therefore the inventory objects that are used to manage them are not configured. Similarly, you may have "local" virtual machines that do not need to be configured; a good example might be that your vCenter and its SQL instance may be virtualized. By definition, these "infrastructure" virtual machines are not replicated at the Recovery Site because you already have duplicates of them there; that's part of the architecture of SRM, after all. Other "local" or site-specific services may include such systems as anti-virus, DNS, DHCP, Proxy, Print, and, depending on your directory services structure, Active Directory domain controllers. Lastly, you may have virtual machines that provide deployment services—in my case, the UDA—that do not need to be replicated at the Recovery Site as they are not business-critical, although I think you would need to consider how dependent you are on these ancillary virtual machines for your day-to-day operations. In previous releases, such objects that were not included in the inventory mapping would have the label "None Selected" to indicate that no mapping had been configured. In this new release, VMware has dispensed with this label. Remember, at this stage we are not indicating which VMs will be included in our recovery procedure. This is done at a later stage when we create SRM Protection Groups. Let me remind you (again) of my folder, resource pool, and network structures (see Figure 9.8, Figure 9.9, and Figure 9.10).

Figure 9.8

Figure 9.8 My vSwitch configuration at the Protected and Recovery Sites

Figure 9.9

Figure 9.9 My resource pool configuration at the Protected and Recovery Sites

Figure 9.10

Figure 9.10 My VM folder configuration at the Protected and Recovery Sites

The arrows represent how I will be "mapping" these resources from the Protected Site to the Recovery Site. SRM uses the term resource mapping to refer to clusters of ESX hosts and the resource pools within.

Finally, it's worth mentioning that these inventory mappings are used during the reprotect and failback processes. After all, if VMs have been failed over to specific folders, resource pools, and networks, when a failback occurs, those VMs must be returned to their original locations at the Protected Site. No special configuration is required to achieve this—the same inventory mappings used to move VMs from the Protected to the Recovery Site are used when the direction is reversed.

Configuring Resource Mappings

To configure resource mappings, follow these steps.

  1. Log on with the vSphere client to the Protected Site's vCenter.
  2. Click the Site Recovery icon.
  3. Select the Protected Site (in my case, this is New York), and then select the Resource Mapping tab.
  4. Double-click your resource pool or the cluster you wish to map, or click the Configure Mapping link as shown in Figure 9.11.
    Figure 9.11

    Figure 9.11 In the foreground is the Mapping for DB dialog box where the resource pool in New York is mapped to the NYC_DR\DB resource pool in New Jersey.

Notice how the "Mapping for..." dialog box also now includes the new option to create a new resource pool if it's needed. Remember that the use of resource pools is by no means mandatory. You can run all your VMs from the DRS-enabled cluster, if you prefer. Once you understand the principle of inventory mappings this becomes a somewhat tedious but important task of mapping the correct Protected Site vCenter objects to the Recovery Site vCenter objects.

Configuring Folder Mappings

In my early days of using SRM, I used to take all the VMs from the Protected Site and dump them into one folder called "Recovery VMs" on the Recovery Site's vCenter. I soon discovered how limiting this would be in a failback scenario. I recommend more or less duplicating the folder and resource pool structure at the Recovery Site, so it exactly matches the Protected Site. This offers more control and flexibility, especially when you begin the failback process. I would avoid the casual and cavalier attitude of dumping virtual machines into a flat-level folder.

As you can see in Figure 9.12, I have not bothered to map every folder in the Protected Site to every other folder in the Recovery Site. I've decided I will never be using SRM to failover and failback VMs in the Infrastructure or Test & Dev VM folder. There's little point in creating a mapping if I have no intention of using SRM with these particular VMs.

Figure 9.12

Figure 9.12 My folder inventory mappings. Only the folders and resource pools that SRM will need in order to protect the VMs must be mapped.

Configuring Network Mappings

By default, when you run a test Recovery Plan the Recovery Site SRM will auto-magically put the replicated VMs into a bubble network which isolates them from the wider network using an internal vSwitch. This prevents possible IP and NetBIOS in Windows conflicts. Try to think of this bubble network as a safety valve that allows you to test plans with a guarantee that you will generate no conflicts between the Protected Site and the Recovery Site. So, by default, these network settings are only used in the event of triggering your Recovery Plan for real. If I mapped this "production" network to the "internal" switch, no users would be able to connect to the recovered VMs. Notice in Figure 9.13 how I am not mapping the VM Network or Virtual Storage Appliance port group to the Recovery Site. This is because the VMs that reside on that network deliver local infrastructure resources that I do not intend to include in my Recovery Plan.

Figure 9.13

Figure 9.13 Map only the port groups that you plan to use in your Recovery Plan.

Networking and DR can be more involved than you first think, and much depends on how you have the network set up. When you start powering on VMs at the Recovery Site they may be on totally different networks requiring different IP addresses and DNS updates to allow for user connectivity. The good news is that SRM can control and automate this process. One very easy way to simplify this for SRM is to implement stretched VLANs where two geographically different locations appear to be on the same VLAN/subnet. However, you may not have the authority to implement this, and unless it is already in place it is a major change to your physical switch configuration, to say the least. It's worth making it clear that even if you do implement stretched VLANs you may still have to create inventory mappings because of port group differences. For example, there may be a VLAN 101 in New York and a VLAN 101 in New Jersey. But if the administrative team in New York calls their port groups on a virtual switch "NYC-101" and the guys in Chicago call theirs "NJ-101" you would still need a port group mapping in the Inventory Mappings tab.

Finally, in my experience it is possible to map between the two virtual switch types of Distributed and Standard vSwitches (see Figure 9.14). This does allow you to run a lower-level SKU of the vSphere 5 product in the DR location. So you could be using Enterprise Plus in the Protected Site and the Advanced version of vSphere 5 in the Recovery Site. People might be tempted to do this to save money on licensing. However, I think it is fraught with unexpected consequences, and I do not recommend it; it's a recipe for negative unforeseen outcomes. For example, an eight-way VM licensed for Enterprise Plus in the Protected Site would not start in the Recovery Site. A version of vSphere 5 that doesn't support DRS clustering and the initial placement feature would mean having to map specific VMs to specific ESX hosts. So you certainly can map DvSwitches to SvSwitches, and vice versa. To SRM, port groups are just labels and it just doesn't care. But remember, if VM is mapped from a DvSwitch to the SvSwitch it may lose functionality that only the DvSwitch can provide.

Figure 9.14

Figure 9.14 Network mappings can include different switch types if needed.

Pearson IT Certification Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Pearson IT Certification and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Pearson IT Certification products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by Adobe Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.pearsonitcertification.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020