Home > Articles > VMware

  • Print
  • + Share This
This chapter is from the book

Configuring Inventory Mappings

The next stage in the configuration is to configure inventory mappings. This involves mapping the resources (clusters and resource pools), folders, and networks of the Protected Site to the Recovery Site. Ostensibly, this happens because we have two separate vCenter installations that are not linked by a common data source. This is true despite the use of linked mode in vSphere. The only things that are shared between two or more vCenters in linked mode are licensing, roles, and the search functionality. The remainder of the vCenter metadata (datacenters, clusters, folders, and resource pools) is still locked inside the vCenter database driven by Microsoft SQL, Oracle, or IBM DB2.

When your Recovery Plan is invoked for testing or for real, the SRM server at the Recovery Site needs to know your preferences for bringing your replicated VMs online. Although the recovery location has the virtual machine files by virtue of third-party replication software, the metadata that comprises the vCenter inventory is not replicated. It is up to the SRM administrator to decide how this "soft" vCenter data is handled. The SRM administrator needs to be able to indicate what resource pools, networks, and folders the replicated VMs will use. This means that when VMs are recovered they are brought online in the correct location and function correctly. Specifically, the important issue is network mappings. If you don't get this right, the VMs that are powered on at the Recovery Site might not be accessible across the network.

Although this "global default" mapping process is optional, the reality is that you will use it. If you wish, you can manually map each individual VM to the appropriate resource pool, folder, and network when you create Protection Groups. The Inventory Mappings Wizard merely speeds up this process and allows you to set your default preferences. It is possible to do this for each virtual machine individually, but that is very administratively intensive. To have to manually configure each virtual machine to the network, folder, and resource pool it should use in the Recovery Site would be very burdensome in a location with even a few hundred virtual machines. Later in this book we will look at these per-virtual-machine inventory mappings as a way to deal with virtual machines that have unique settings. In a nutshell, think of inventory mappings as a way to deal with virtual machine settings as though they are groups and the other methods as though you were managing them as individual users.

It is perfectly acceptable for certain objects in the inventory mappings to have no mapping at all. After all, there may be resource pools, folders, and networks that do not need to be included in your Recovery Plan. So, some things do not need to be mapped to the Recovery Site, just like not every LUN/volume in the Protected Site needs replicating to the Recovery Site. For example, test and development virtual machines might not be replicated at all, and therefore the inventory objects that are used to manage them are not configured. Similarly, you may have "local" virtual machines that do not need to be configured; a good example might be that your vCenter and its SQL instance may be virtualized. By definition, these "infrastructure" virtual machines are not replicated at the Recovery Site because you already have duplicates of them there; that's part of the architecture of SRM, after all. Other "local" or site-specific services may include such systems as anti-virus, DNS, DHCP, Proxy, Print, and, depending on your directory services structure, Active Directory domain controllers. Lastly, you may have virtual machines that provide deployment services—in my case, the UDA—that do not need to be replicated at the Recovery Site as they are not business-critical, although I think you would need to consider how dependent you are on these ancillary virtual machines for your day-to-day operations. In previous releases, such objects that were not included in the inventory mapping would have the label "None Selected" to indicate that no mapping had been configured. In this new release, VMware has dispensed with this label. Remember, at this stage we are not indicating which VMs will be included in our recovery procedure. This is done at a later stage when we create SRM Protection Groups. Let me remind you (again) of my folder, resource pool, and network structures (see Figure 9.8, Figure 9.9, and Figure 9.10).

Figure 9.8

Figure 9.8 My vSwitch configuration at the Protected and Recovery Sites

Figure 9.9

Figure 9.9 My resource pool configuration at the Protected and Recovery Sites

Figure 9.10

Figure 9.10 My VM folder configuration at the Protected and Recovery Sites

The arrows represent how I will be "mapping" these resources from the Protected Site to the Recovery Site. SRM uses the term resource mapping to refer to clusters of ESX hosts and the resource pools within.

Finally, it's worth mentioning that these inventory mappings are used during the reprotect and failback processes. After all, if VMs have been failed over to specific folders, resource pools, and networks, when a failback occurs, those VMs must be returned to their original locations at the Protected Site. No special configuration is required to achieve this—the same inventory mappings used to move VMs from the Protected to the Recovery Site are used when the direction is reversed.

Configuring Resource Mappings

To configure resource mappings, follow these steps.

  1. Log on with the vSphere client to the Protected Site's vCenter.
  2. Click the Site Recovery icon.
  3. Select the Protected Site (in my case, this is New York), and then select the Resource Mapping tab.
  4. Double-click your resource pool or the cluster you wish to map, or click the Configure Mapping link as shown in Figure 9.11.
    Figure 9.11

    Figure 9.11 In the foreground is the Mapping for DB dialog box where the resource pool in New York is mapped to the NYC_DR\DB resource pool in New Jersey.

Notice how the "Mapping for..." dialog box also now includes the new option to create a new resource pool if it's needed. Remember that the use of resource pools is by no means mandatory. You can run all your VMs from the DRS-enabled cluster, if you prefer. Once you understand the principle of inventory mappings this becomes a somewhat tedious but important task of mapping the correct Protected Site vCenter objects to the Recovery Site vCenter objects.

Configuring Folder Mappings

In my early days of using SRM, I used to take all the VMs from the Protected Site and dump them into one folder called "Recovery VMs" on the Recovery Site's vCenter. I soon discovered how limiting this would be in a failback scenario. I recommend more or less duplicating the folder and resource pool structure at the Recovery Site, so it exactly matches the Protected Site. This offers more control and flexibility, especially when you begin the failback process. I would avoid the casual and cavalier attitude of dumping virtual machines into a flat-level folder.

As you can see in Figure 9.12, I have not bothered to map every folder in the Protected Site to every other folder in the Recovery Site. I've decided I will never be using SRM to failover and failback VMs in the Infrastructure or Test & Dev VM folder. There's little point in creating a mapping if I have no intention of using SRM with these particular VMs.

Figure 9.12

Figure 9.12 My folder inventory mappings. Only the folders and resource pools that SRM will need in order to protect the VMs must be mapped.

Configuring Network Mappings

By default, when you run a test Recovery Plan the Recovery Site SRM will auto-magically put the replicated VMs into a bubble network which isolates them from the wider network using an internal vSwitch. This prevents possible IP and NetBIOS in Windows conflicts. Try to think of this bubble network as a safety valve that allows you to test plans with a guarantee that you will generate no conflicts between the Protected Site and the Recovery Site. So, by default, these network settings are only used in the event of triggering your Recovery Plan for real. If I mapped this "production" network to the "internal" switch, no users would be able to connect to the recovered VMs. Notice in Figure 9.13 how I am not mapping the VM Network or Virtual Storage Appliance port group to the Recovery Site. This is because the VMs that reside on that network deliver local infrastructure resources that I do not intend to include in my Recovery Plan.

Figure 9.13

Figure 9.13 Map only the port groups that you plan to use in your Recovery Plan.

Networking and DR can be more involved than you first think, and much depends on how you have the network set up. When you start powering on VMs at the Recovery Site they may be on totally different networks requiring different IP addresses and DNS updates to allow for user connectivity. The good news is that SRM can control and automate this process. One very easy way to simplify this for SRM is to implement stretched VLANs where two geographically different locations appear to be on the same VLAN/subnet. However, you may not have the authority to implement this, and unless it is already in place it is a major change to your physical switch configuration, to say the least. It's worth making it clear that even if you do implement stretched VLANs you may still have to create inventory mappings because of port group differences. For example, there may be a VLAN 101 in New York and a VLAN 101 in New Jersey. But if the administrative team in New York calls their port groups on a virtual switch "NYC-101" and the guys in Chicago call theirs "NJ-101" you would still need a port group mapping in the Inventory Mappings tab.

Finally, in my experience it is possible to map between the two virtual switch types of Distributed and Standard vSwitches (see Figure 9.14). This does allow you to run a lower-level SKU of the vSphere 5 product in the DR location. So you could be using Enterprise Plus in the Protected Site and the Advanced version of vSphere 5 in the Recovery Site. People might be tempted to do this to save money on licensing. However, I think it is fraught with unexpected consequences, and I do not recommend it; it's a recipe for negative unforeseen outcomes. For example, an eight-way VM licensed for Enterprise Plus in the Protected Site would not start in the Recovery Site. A version of vSphere 5 that doesn't support DRS clustering and the initial placement feature would mean having to map specific VMs to specific ESX hosts. So you certainly can map DvSwitches to SvSwitches, and vice versa. To SRM, port groups are just labels and it just doesn't care. But remember, if VM is mapped from a DvSwitch to the SvSwitch it may lose functionality that only the DvSwitch can provide.

Figure 9.14

Figure 9.14 Network mappings can include different switch types if needed.

  • + Share This
  • 🔖 Save To Your Account