Deploy vSphere Replication for virtual machine replication in Site Recovery Manager considering the requirements for the operation of the management components that are failed over.

vSphere Replication uses a VMkernel management interface on the ESXi host to send replication traffic to the vSphere Replication appliance in the recovery region. To isolate vSphere Replication traffic so that it does not impact other vSphere management traffic, configure the vSphere Replication network in the following way.

Place vSphere Replication traffic on a dedicated VMkernel adapter.

Ensure that the vSphere Replication VMkernel adapter uses a dedicated replication VLAN in the region.

Attach the vSphere Replication server network adapter to the dedicated vSphere Replication VLAN in the region

Enable the service for vSphere Replication and vSphere Replication NFC traffic on the dedicated vSphere Replication VMkernel adapter.

vSphere Replication appliances and vSphere Replication servers are the target for the replication traffic that originates from the vSphere Replication VMkernel ports.

For more information about the vSphere Replication traffic on the management ESXi hosts, see Virtualization Network Design.

vSphere Replication Design Decisions

Decision ID

Design Decision

Design Justification

Design Implication

SDDC-OPS-DR-009

Set up a dedicated vSphere Replication distributed port group. 

Ensures that vSphere Replication traffic does not impact other vSphere management traffic. The vSphere Replication servers potentially receive large amounts of data from the VMkernel adapters on the ESXi hosts.

You must allocate a dedicated VLAN for vSphere Replication.

SDDC-OPS-DR-010

Set up a dedicated VMkernel adapter on the management ESXi hosts

Ensures that the ESXi server replication traffic is redirected to the dedicated vSphere Replication VLAN.

None.

SDDC-OPS-DR-011

Attach a virtual network adapter for the vSphere Replication VMs to the vSphere Replication port group.

Ensures that the vSphere Replication VMs can communicate on the correct replication VLAN.

vSphere Replication VMs might require additional network adapters for communication on the management and replication VLANs.

SDDC-OPS-DR-012

Enable point in time (PIT) instances within vSphere Replication, keeping 3 copies over a 24-hour period.

Ensures that the management application that is failing over after a disaster recovery event occurs has multiple recovery points to ensure application integrity.

Increasing the number of retained recovery point instances increases the disk usage on the vSAN datastore.

Site Recovery Manager creates a placeholder virtual machine on the recovery region for every machine from the Site Recovery Manager protection group. Placeholder virtual machine files are small because they contain virtual machine configuration metadata but no virtual machine disks. Site Recovery Manager adds the placeholder virtual machines as recovery region objects to the Management vCenter Server.

To perform failover tests, you must provide additional storage for the snapshots of the replicated VMs. This storage is minimal in the beginning, but grows as test VMs write to their disks. Replication from the protected region to the recovery region continues during this time. The snapshots created during testing are deleted after the failover test is complete.

Select a size for the vSphere Replication nodes to facilitate virtual machine replication of the SDDC management components according to the objectives of this design.

Compute Resources for a vShere Replication 4 vCPU Node

Attribute

Specification

Number of vCPUs

4

Memory

4 GB

Disk Capacity

18

Environment

Up to 2000 replications between nodes

Sizing is done according to IT organization requirements. However, this design uses calculations for a single region. The design then mirrors the calculations for the other region. You must protect a total of 14 virtual machines. For information about the node configuration of the management component per region that is used in the calculations, see SDDC Nodes with Failover Support.

Decision ID

Design Decision

Design Justification

Design Implication

SDDC-OPS-DR-013

Deploy vSphere Replication node of the 4 vCPU size.

Accommodate the replication of the expected 14 virtual machines of the following components:

vRealize Automation Components

vRealize Operations Manager Components

None.

You use a service account for authentication and authorization of vSphere Replication to vCenter Server for managing virtual machine replication and site pairing.

Authorization and Authentication Management Design Decisions

Decision ID

Design Decision

Design Justification

Design Implication

SDDC-OPS-DR-014

Configure a service account svc-vr in vCenter Server for application-to-application communication from vSphere Replication with vSphere.

Provides the following access control features:

vSphere Replication accesses vSphere with the minimum set of permissions that are required to virtual machine perform replication and site pairing.

In the event of a compromised account, the accessibility in the destination application remains restricted.

You can introduce improved accountability in tracking request-response interactions between the components of the SDDC.

You must maintain the service account's life cycle outside of the SDDC stack to ensure its availability.

SDDC-OPS-DR-015

Use global permissions when you create the svc-vr service account in vCenter Server.

Simplifies and standardizes the deployment of the service account across all vCenter Server instances in the same vSphere domain.

Provides a consistent authorization layer.

All vCenter Server instances must be in the same vSphere domain.