Home » Posts tagged 'vSphere'

Tag Archives: vSphere

vSphere 6 and SRM 6 Installation and Configuration

 

Server Overview:
AMSTERDAM:

  • esxpsc404: platform services controller
  • esxvcs405: vCenter & Update Manager
  • esxsrm406: SRM
  • esxdbs403: external database server with MS SQL 2014

ROTTERDAM:

  • esxpsc004: platform services controller
  • esxvcs005: vCenter & Update Manager
  • esxsrm006: SRM
  • esxdbs003: external database server with MS SQL 2014

All servers run Windows Server 2012 R2

Installation software:

  • vCenter components: VMware-VIMSetup-all-6.0.0-2800571.iso (6b)

First Component: Platform Services Controller

  • Start VMware vCenter Installer
  • Click on Install in the vCenter Server for Windows screen and accept the license agreement.
  • In the Select deployment Type screen click Platform Services Controller:

vsphere6-01.jpg 

  • Leave the system name as it is, note that the name cannot be changed after the platform services controller has been deployed:

vsphere6-02.jpg 

  • Fill in the Single Sign-On Domain information. Do not use the DNS suffix as a domain name:

vsphere6-03.jpg 

  • Leave the default ports in place:

vsphere6-04.jpg 

  • Change the installation directory to not the C-drive:

vsphere6-05.jpg 

  • Review the configuration and start the installation.

Second component: vCenter Server

Service Account

  • Create service account in AD: SRV-ESX-APPL
    • Member of the Domain User group
    • User cannot change password
    • Password never expires
    • A password compliant with your password policy
    • Member of the local Administrators group on BOTH the database server and the vCenter server
      • Navigate to Configuration –> Local Users and Groups –> Groups and open the Administrators group
      • Add the service account to the local administrators group
    • “Log on as a service” permission on the vCenter server
      • Open gpedit.msc, navigate to the Group Policy Editor under Computer Configuration
      • Navigate to Windows Settings → Security Settings → Local Policies → User Rights Assignment
      • Add the service account to the appropriate permissions
  • Public and sysadmin role on database server in MSSQL

vCenter Database

For vCenter we’ll use the Windows Authentication (with the created service account) so we’ll have to configure this. We’ll use a script for this as well, that needs to be executed from SQL Management Studio while connected to the database server:

USE [master]
GO
CREATE DATABASE [VCDB] ON PRIMARY
(NAME = N'vcdb', FILENAME = N'D:\MSSQL12.MSSQLSERVER\MSSQL\DATA\VCDB.mdf', FILEGROWTH = 10% )
LOG ON
(NAME = N'vcdb_log', FILENAME = N'D:\MSSQL12.MSSQLSERVER\MSSQL\DATA\VCDB.ldf', FILEGROWTH = 10%)
COLLATE SQL_Latin1_General_CP1_CI_AS
GO
USE VCDB
GO
sp_grantlogin @loginame=[SHIFT\SRV-ESX-APPL]
GO
sp_defaultdb @loginame=[SHIFT\SRV-ESX-APPL], @defdb='VCDB'
GO
ALTER LOGIN [SHIFT\SRV-ESX-APPL] WITH DEFAULT_LANGUAGE = us_english;
GO
CREATE USER [SHIFT\SRV-ESX-APPL] FOR LOGIN [SHIFT\SRV-ESX-APPL]
GO
sp_addrolemember @rolename = 'db_owner', @membername = 'SHIFT\SRV-ESX-APPL'
GO
USE MSDB
GO
CREATE USER [SHIFT\SRV-ESX-APPL] FOR LOGIN [SHIFT\SRV-ESX-APPL]
GO
sp_addrolemember @rolename = 'db_owner', @membername = 'SHIFT\SRV-ESX-APPL'
GO

This script uses three settings that need to be adjusted to your environment:

  • D:\MSSQL12.MSSQLSERVER\MSSQL\DATA\VCDB.mdf’ = The location of the database
  • D:\MSSQL12.MSSQLSERVER\MSSQL\DATA\VCDB.ldf’ = The location of the log
  • SHIFT\SRV-ESX-APPL = The vCenter service account name with the domain name (NETBIOS format)

This script basically does:

  • Create a database named VCDB.
  • Add the domain service account we created to the SQL server
  • Set the default database for the service account
  • Set the default language for the service account
  • Give service account db_owner permissions to VCDB
  • Give service account db_owner permissions to msdb

Create a 64-Bit DSN

The vCenter Server system must have a 64-bit DSN. This requirement applies to all supported databases.

  • Download and install the SQL Native client from http://www.microsoft.com/en-us/download/details.aspx?id=29065
  • In the Start screen, type ODBC Data Sources, and select 64 bits
  • Go to the system DSN tab. Click Add, select the SQL Native Client version 10 or 11. IN the connection details make sure to enter the FQDN of the database server.
  • Select With Integrated Windows Authentication
  • Set the default database to VCDB and leave all other settings default
  • Test the connectivity at the end of the installation setup

The system now has a DSN that is compatible with vCenter Server. When the vCenter Server installer prompts you for a DSN, select the 64-bit DSN.

Install vCenter

  • Log on to servers as SRV-ESX-APPL
  • Start VMware vCenter Installer
  • Click on Install in the vCenter Server for Windows screen and accept the license agreement.
  • In the Select deployment Type screen click vCenter Server:

vsphere6-06.jpg 

  • Leave the system name as it is, note that the name cannot be changed after vCenter has been deployed:

vsphere6-07.jpg 

  • Fill in the settings for the Platform Services Controller as installed before:

vsphere6-08.jpg 

  • Specify the user service account, which is required for Integrated Windows authentication for the external database:

vsphere6-09.jpg 

  • Select the DSN name as created before, mine was called vCenter:

vsphere6-10.jpg 

  • Leave the default ports in place:

vsphere6-11.jpg 

  • Change the installation directory to not the C-drive:

vsphere6-12.jpg 

  • Review the configuration and start the installation. When the installation is completed you are presented a quick way to start the vSphere web client:

vsphere6-13.jpg 

Configure Identity Source

The first step is to configure AD as a Identity Source.

  • Log in to the vsphere web client: https://esxvcs405.shift.local/vsphere-client/ (requires flash)
  • Go to Administration → Single Sign-On → Configuration → Identity Sources
  • Click on the green + sign to add a Identity Source, as a Active Directory (Integrated Windows Authentication):

vsphere6-14.jpg 

  • Then select the domain and click the change default domain button to make it the default domain:

vsphere6-16.jpg 

Then to assign permissions to your administrator group:

  • Go to Global Permissions (still within the Administration part) → Manage
  • Click on the green + sign to add a global permission. In the new screen, click on Add and select the AD domain in the domain dropdown box. Search for the group:

vsphere6-15.jpg 

  • Click on OK and again on OK (the administrator role is the one selected by default)
  • Log out and in again as a member of the selected group to check the configuration.

Also assign a administrator group the “SystemConfiguration Administrators” permission:

  • Go to Administration → Single Sign-On → Configuration → Users and Groups
  • Add the group to the list of members of the “SystemConfiguration Administrators”

Add New Host

  • Set root password and added to keepass
  • Set IP address, DNS, hostname, disabled IPv6
  • Reboot host

In vCenter

  • Create datacenter: The Netherlands
  • Create cluster: AMSTERDAM EMAIL
    • DRS and HA enabled
  • Added host to vCenter

vSphere 6 Second Site ROTTERDAM

Server Overview:

ROTTERDAM:

  • esxpsc004: platform services controller
  • esxvcs005: vCenter & Update Manager
  • esxsrm006: SRM
  • esxdbs003: external database server with MS SQL 2014

All servers run Windows Server 2012 R2

Installation software:

  • vCenter components: VMware-VIMSetup-all-6.0.0-2800571.iso (6b)

First: Platform Services Controller

This is partly the same installation as before. Only the different steps have been screenshotted.

  • Start VMware vCenter Installer
  • Click on Install in the vCenter Server for Windows screen and accept the license agreement.
  • In the Select deployment Type screen click Platform Services Controller
  • Leave the system name as it is, note that the name cannot be changed after the platform services controller has been deployed
  • Join the Single Sign-On Domain we created earlier:

vsphere6-17.jpg 

  • Create a new site:

vsphere6-18.jpg 

  • Leave the default ports in place
  • Change the installation directory to not the C-drive
  • Review the configuration and start the installation.

Second: vCenter Server

Service Account

  • Use the same service account in AD: SRV-ESX-APPL
  • Member of the local Administrators group on BOTH the database server and the vCenter server
  • Public and syasadmin role on database server in MSSQL

vCenter Database

You can use exactly the same script as used for the vCenter server database on the first site.

Create a 64-Bit DSN

You can use exactly the same procedure as on the vCenter server on the first site.

Install vCenter

This is partly the same installation as before. Only the different steps have been screenshotted.

  • Log on to servers as SRV-ESX-APPL
  • Start VMware vCenter Installer
  • Click on Install in the vCenter Server for Windows screen and accept the license agreement.
  • In the Select deployment Type screen click vCenter Server
  • Leave the system name as it is, note that the name cannot be changed after vCenter has been deployed
  • Fill in the settings for the Platform Services Controller as installed before in the second site
  • Specify the user service account, which is required for Integrated Windows authentication for the external database
  • Select the DSN name as created before, mine was called vCenter
  • Leave the default ports in place:

vsphere6-11.jpg 

  • Change the installation directory to not the C-drive:

vsphere6-12.jpg 

  • Review the configuration and start the installation. When the installation is completed you are presented a quick way to start the vSphere web client:

vsphere6-13.jpg 

Add New Host

  • Set root password and added to keepass
  • Set IP address, DNS, hostname, disabled IPv6
  • Reboot host

In vCenter

  • Create datacenter: The Netherlands
  • Create cluster: ROTTERDAM EMAIL
    • DRS and HA enabled
    • Disable admission control
  • Added host to vCenter

Install vSphere Client

  • Start VMware vCenter Installer
  • Click on Install in vSphere Client and follow the prompts to do a default installation.

Hosts activeren

Storage

Adding the HBA card WWWNs to the storage initiator group in production:

esx001:
WWNN: 20:00:00:24:ff:09:c7:71 20:00:00:24:ff:09:c5:8d
WWPN: 21:00:00:24:ff:09:c7:71 21:00:00:24:ff:09:c5:8d

esx002
WWNN: 20:00:00:24:ff:09:c9:03 20:00:00:24:ff:09:c7:36
WWPN: 21:00:00:24:ff:09:c9:03 21:00:00:24:ff:09:c7:36

esx003
WWNN: 20:00:00:24:ff:09:c6:85 20:00:00:24:ff:09:c7:02
WWPN: 21:00:00:24:ff:09:c6:85 21:00:00:24:ff:09:c7:02

esx401:
WWNN: 20:00:00:24:ff:09:c7:72 20:00:00:24:ff:09:c7:17
WWPN: 21:00:00:24:ff:09:c7:72 21:00:00:24:ff:09:c7:17

esx402:
WWNN: 20:00:00:24:ff:09:c8:61 20:00:00:24:ff:09:c7:9c
WWPN: 21:00:00:24:ff:09:c8:61 21:00:00:24:ff:09:c7:9c

esx403:
WWNN: 20:00:00:24:ff:10:8a:8d 20:00:00:24:ff:10:8a:e0
WWPN: 21:00:00:24:ff:10:8a:8d 21:00:00:24:ff:10:8a:e0
  • Added to the LUN Initiator groups op storage
  • Storage scan done

Network

  • Added both network adapters to the vSwitch0

Cluster

  • Reconfigured the hosts for HA
  • Cluster is available now

Post Install

Enable clipboard on ESX Guest

Log in to the ESX/ESXi host as a root user, make a backup of /etc/vmware/config and then open /etc/vmware/config file using a text editor.

Add these entries to the file:

isolation.tools.copy.disable="FALSE"
isolation.tools.paste.disable="FALSE"

Configure The Syslog Host

Select the host and go to the Configuration tab, then in the Software panel click the Advanced Settings button and in the pop-up window go to Syslog. Fill in the syslog server in the “Syslog.global.logHost” advanced setting:

udp://192.168.10.93:514

To allow for outgoing syslog traffic go again to the Configuration tab and in the Software panel click the Security Profile. You’ll see the current firewall settings and in the right the option to configure the Properties. In the pop-up window you can check the syslog checkbox and click OK.

Set NTP time settings

Set NTP settings on the host in Configuration → Time Configuration

NTP Server = 192.166.123.123

Startup Policy = Start and stop with host

Creating a Scratch Partition

When using ESXi while running from an usb drive a random datastore is selected by ESXi to store the host’s logfiles. If you would detach this datastore the logfiles are lost, which is not really something you want. This part shows how to create a scratch partition and how to tell ESXi to use it. Note that you’ll need a reboot and this is only necessary on ESXi hosts running without local storage.

The procedure for doing this is pretty straight forward:

  • Attach the datastore (SAN0006_LOGS and SAN4006_LOGS) to the host and create a directory in it
    • The VMware default for the directory name is .locker-hostname
  • Configure scratch partition on host’s advanced settings
    • Go to Configuration tab → Advanced Settings → ScratchConfig
      • Fill in the ScratchConfig.ConfiguredScratchLocation variable like this: /vmfs/volumes/SAN4006_LOGS/.locker-esxXX
      • Or like this for ROTTERDAM: /vmfs/volumes/SAN0006_LOGS/.locker-esxXX
    • Note that after a reboot the friendly name will dissappear and change to /vmfs/volumes/50d82ad0-872feb40-a440-5cf3fcdbf838/.locker-esx57
    • Als note that this friendly name is still used when browsing through the datastore using the Datastore Brwoser utility
  • Reboot host
  • Check that files have been created in the directory

Setup NetApp/N-Series Array Based Replication

Source Filer Config

Login as root and do:

SAN4A> vol create SAN4A_0A_011 -s none aggr1 900g
Creation of volume 'SAN4A_0A_011' with size 900g on containing aggregate
'aggr1' has completed.
SAN4A> vol autosize SAN4A_0A_011 -m 1000g -i 25g on
vol autosize: Flexible volume 'SAN4A_0A_011' autosize settings UPDATED.
SAN4A> vol options SAN4A_0A_011 nosnap on
SAN4A> vol options SAN4A_0A_011 no_atime_update on
SAN4A> vol options SAN4A_0A_011 fractional_reserve 0
SAN4A> snap reserve SAN4A_0A_011 0
SAN4A> sis on /vol/SAN4A_0A_011
SIS for "/vol/SAN4A_0A_011" is enabled.
Already existing data could be processed by running "sis start -s /vol/SAN4A_0A_011".

Target Filer Config

Note: always do a rdfile before you do a wrfile. Wrfile clears the file!

Login as root and do:

SAN0A> vol create SAN0A_4A_011 -s none aggr1 1000g
Creation of volume 'SAN0A_4A_011' with size 1000g on containing aggregate
'aggr1' has completed.
SAN0A> vol options SAN0A_4A_011 nosnap on
SAN0A> vol options SAN0A_4A_011 no_atime_update on
SAN0A> vol options SAN0A_4A_011 fractional_reserve 0
SAN0A> snap reserve SAN0A_4A_011 0
SAN0A> vol restrict SAN0A_4A_011
Volume 'SAN0A_4A_011' is now restricted.
SAN0A> snapmirror initialize -S 192.168.81.19:SAN4A_0A_011 SAN0A:SAN0A_4A_011
Transfer started.
Monitor progress with 'snapmirror status' or the snapmirror log.
SAN0A> rdfile /etc/snapmirror.conf
#20140606 sjoerd removed replication for bes servers
#20140314 sjoerd added replication for new storage environment
192.168.81.19:SAN4A_0A_001 SAN0A:SAN0A_4A_001 - * * * *
192.168.81.19:SAN4A_0A_003 SAN0A:SAN0A_4A_003 - * * * *
192.168.81.19:SAN4A_0A_005 SAN0A:SAN0A_4A_005 - * * * *
192.168.81.19:SAN4A_0A_007 SAN0A:SAN0A_4A_007 - * * * *
192.168.81.19:SAN4A_0A_009 SAN0A:SAN0A_4A_009 - * * * *
192.168.81.19:SAN4A_0A_012 SAN0A:SAN0A_4A_012 - * * * *

SAN0A> wrfile /etc/snapmirror.conf
#20150723 added volume for lync
#20140606 sjoerd removed replication for bes servers
#20140314 sjoerd added replication for new storage environment
192.168.81.19:SAN4A_0A_001 SAN0A:SAN0A_4A_001 - * * * *
192.168.81.19:SAN4A_0A_003 SAN0A:SAN0A_4A_003 - * * * *
192.168.81.19:SAN4A_0A_005 SAN0A:SAN0A_4A_005 - * * * *
192.168.81.19:SAN4A_0A_007 SAN0A:SAN0A_4A_007 - * * * *
192.168.81.19:SAN4A_0A_009 SAN0A:SAN0A_4A_009 - * * * *
192.168.81.19:SAN4A_0A_011 SAN0A:SAN0A_4A_011 - * * * *
192.168.81.19:SAN4A_0A_012 SAN0A:SAN0A_4A_012 - * * * *

read: error reading standard input: Interrupted system call
Note: always do a rdfile before you do a wrfile. Wrfile clears the file!

vSphere Storage Configuration for Replicated Volumes

  • Created LUNs for the servers
  • Attached the luns to the hosts
  • Configured the LUNs as VMFS 5 datastores

Add VM Networks

Add networks to all three hosts in ROTTERDAM and AMSTERDAM:

LAN0-VLAN1 : VLAN ID: None (0)

Add VMs to new Hosts as Test

  • shutdown email01
  • remove email01 from inventory
  • add email01 to inventory through SAN0A044_MSG
  • shutdown email02
  • remove email02 from inventory
  • add email02 to inventory through SAN0B041_MSG

SRM Installation Protected Site

Service Account

  • Create service account in AD: SRV-SRM-APPL
    • Member of the Domain User group
    • User cannot change password
    • Password never expires
    • A password compliant with your password policy
  • Member of the local Administrators group on BOTH the database server and the SRM server
  • Public and sysadmin role on database server in MSSQL

SRM Database

For SRM we’ll use the Windows Authentication (with the created service account) so we’ll have to configure this. We can’t use the same user as for the vCenter installation as both installations require the user to have their database as default. We’ll use a script for this as well, that needs to be executed from SQL Management Studio while connected to the database server:

USE [master]
GO
CREATE DATABASE [SRMDB] ON PRIMARY
(NAME = N'srmdb', FILENAME = N'D:\MSSQL12.MSSQLSERVER\MSSQL\DATA\SRMDB.mdf' , FILEGROWTH = 10% )
LOG ON
(NAME = N'srmdb_log', FILENAME = N'D:\MSSQL12.MSSQLSERVER\MSSQL\DATA\SRMDB.ldf' , FILEGROWTH = 10%)
COLLATE SQL_Latin1_General_CP1_CI_AS
GO
USE SRMDB
GO
sp_grantlogin @loginame= [SHIFT\SRV-SRM-APPL]
GO
sp_defaultdb @loginame= [SHIFT\SRV-SRM-APPL], @defdb ='SRMDB'
GO
ALTER LOGIN [SHIFT\SRV-SRM-APPL] WITH DEFAULT_LANGUAGE = us_english;
GO
CREATE USER [SHIFT\SRV-SRM-APPL] FOR LOGIN [SHIFT\SRV-SRM-APPL]
GO
sp_addrolemember @rolename = 'db_owner', @membername = 'SHIFT\SRV-SRM-APPL'
GO
Note that there are a bunch of requirements. Most are met like this, the others are taken care of by the installation.

Create a 64-Bit DSN

The SRM Server system must have a 64-bit DSN. This requirement applies to all supported databases.

  • Download and install the SQL Native client from http://www.microsoft.com/en-us/download/details.aspx?id=29065
  • In the Start screen, type ODBC Data Sources, and select 64 bits
  • Go to the system DSN tab. Click Add, select the SQL Native Client version 10 or 11. IN the connection details make sure to enter the FQDN of the database server.
  • Select With Integrated Windows Authentication
  • Set the default database to SRMDB and leave all other settings default
  • Test the connectivity at the end of the installation setup

The system now has a DSN that is compatible with SRM. When the SR< installer prompts you for a DSN, select the 64-bit DSN.

Install SRM

Used software:

  • VMware-srm-6.0.0-2700459.exe
  • ibm_n_sra_2.1_7mode.zip
  • Log on to servers as SRV-SRM-APPL
  • Start the SRM installer, select language, accept license agreement
  • Change the destination folder to D:\VMware\SRM\
  • Fill in the Platform Services Controller settings:

vsphere6-19.jpg 

  • Select the correct vCenter server address:

vsphere6-20.jpg 

  • Fill in the local site information:

vsphere6-21.jpg 

  • Keep the default Site Recovery Manager Plug-In Identifier
  • Select to automatically generate a certificate to use as the server endpoint certificate and provide certificate details
  • Select the external database server and select the created DSN:

vsphere6-22.jpg 

  • Keep the other database settings default
  • Provide the service account details:

vsphere6-23.jpg 

  • Finish the installation
  • After the installation you can logon to the vSphere Web Client which now shows a Site Recovery option under the Inventories.

SRM Installation Recovery Site

Service Account

  • Use the service account in AD: SRV-SRM-APPL
  • Member of the local Administrators group on BOTH the database server and the SRM server
  • Public and sysadmin role on database server in MSSQL

SRM Database

We will use the exact same script as used for the installation of the protected site.

Create a 64-Bit DSN

Use the exact same procedure to install and configure a system DSN on the SRM server on the recovery site. 

Install SRM

We will do the exact same installation, so I will only show screenshots only when necessary:

  • Log on to server as SRV-SRM-APPL
  • Start the SRM installer, select language, accept license agreement
  • Change the destination folder to D:\VMware\SRM\
  • Fill in the Platform Services Controller settings:

vsphere6-24.jpg 

  • Select the correct vCenter server address:

vsphere6-25.jpg 

  • Fill in the local site information:

vsphere6-26.jpg 

  • Keep the default Site Recovery Manager Plug-In Identifier
  • Select to automatically generate a certificate to use as the server endpoint certificate and provide certificate details
  • Select the external database server and select the created DSN
  • Keep the other database settings default
  • Provide the service account details
  • Finish the installation
  • After the installation you can logon to the vSphere Web Client which now shows a Site Recovery option under the Inventories.

Install SRA on Both Sites

Perform these steps on both SRM servers:

  • Log on to server as SRV-SRM-APPL
  • Extract the SRA zip package and start the installer.
  • The installation is simple, just accept the license agreement, install it for everyone and do a full install.
  • In the vSphere Web Client, go to Site Recovery > Sites, and select a site.
  • In the Monitor tab, click SRAs, and click the Rescan SRAs button.

Configure Site Recovery Manager

Pairing the Sites

Pairing the sites is the first step to take:

  • Connect to vSphere Web Client on one of the sites, and select Site Recovery > Sites.
  • On the Objects tab, right-click a site and select Pair Site.
  • Enter the address of the Platform Services Controller for the Site Recovery Manager Server on the remote site:

vsphere6-27.jpg 

  • Select the vCenter Server instance with which Site Recovery Manager Server is registered on the remote site, provide the vCenter Single Sign-On username and password, and click Finish:

vsphere6-28.jpg 

Add Array Manager

  • Connect to vSphere Web Client on the protected site, go to site recovery → Array Based Replication
  • Click on Add Array Manager
  • In the Add Array Manager select “Add a pair of array managers” :

vsphere6-29.jpg 

  • Select the location:

vsphere6-30.jpg 

  • Select the SRA Type:

vsphere6-31.jpg 

  • Configure the array manager like this:

vsphere6-32.jpg 

  • Configure the paired array manager
  • Enable the array pair:

vsphere6-33.jpg 

Then redo this for the other storage heads.

As we have a separate network for storage replication the array manager pairs can’t find each other because the information as provided does not match the snapmirror configuration in the storage heads. We need to configure this at the srm servers:

On both SRM servers, locate these files and make the required changes:

  • D:\VMware\SRM\storage\sra\IBM_ONTAP\ontap_config.txt
#use_ip_for_snapmirror_relation = on\off(default is off)
#20150816 sjoerd - Changed to on
use_ip_for_snapmirror_relation = on
  • D:\VMware\SRM\storage\sra\IBM_ONTAP\ip_hostname_mapping.txt
SAN0A = 192.168.61.19
SAN0B = 192.168.61.29
SAN4A = 192.168.81.19
SAN4B = 192.168.81.29
  • Right click on the heads for the recovery site and select “Discover array pairs”
  • Now you can enable both array pairs by clicking on “Enable selected array pairs”
  • The array pairs should now correctly see the incoming and outgoing replication:

vsphere6-34.jpg

vCenter Configuration

Add All Hosts to New vCenter

Per cluster, follow these steps:

In the correct datacenter, create cluster as showed already above, and then add the hosts. 

Cluster settings:

  • Enable DRS, default settings
  • Enable HA
    • Enable host monitoring
    • Disable admission control
    • Set percentage of cluster resources to a percentage matching to the number of hosts
    • Disable VM Monitoring
  • Disable EVC
  • Disable vSAN

Host settings

  • Take over licenses
  • Disable lockdown mode
  • Put all of the host’s virtual machines in the cluster’s root resource pool (default option)

Setup Folders and Permissions

For Global Permissions, in the vSphere Web Client, go to Home → Administration → Global Permissions. For other permissions, navigate to the entity in place and set permissions accordingly. 

Click Add and configure these permissions as Group, Role and Defined In:

  • SHIFT\UNIX Administrators
    • DatastoreConsumer
      • Global
  • SHIFT\SRV-BACKUP
    • Admin
      • Global
  • SHIFT\SRV-ESXSCRIPTS
    • Admin
      • Global
  • SHIFT\SRV-MONITORING
    • Read-Only
      • Global
  • SHIFT\Domain Admins
    • Admin
      • Global
  • SHIFT\adminkluns
    • ReadOnly
      • Linux Servers – Proxy Support (folder, AMS & RTD)
  • SHIFT\UNIX Administrators
    • Admin
      • Linux Servers – Proxy Support (folder)
Note that if read only permissions are assigned for the advanced and realtime statistics we need ReadOnly permissions on global level as well, since vSphere6 readonly on the object itself are not enough anymore!
  • After creating the folders and setting the permissions, place the VMs in the correct group.

Affinity Rules

To add an affinity rule:

  • Go to the cluster → manage → Settings → VM/Host Rules
  • Click Add

To create a group (required for VM to Host affinity):

  • Go to the cluster → manage → Settings → VM/Host Groups
  • Click Add

Configure the following affinity rules:

  • Affinity Type
    • Name
      • Cluster
        • Keep together
          • VMs & Hosts
  • Host Affinity
    • vCenter AMSTERDAM
      • Production
        • True
          • esxdbs403, esxpsc404, esxvcs405, esxsrm406, esx91, esx92
  • Host Affinity
    • vCenter
      • ROTTERDAM Production
        • True
          • esxdbs003, esxpsc004, esxvcs005, esxsrm006, esx19, esx20
  • VM Affinity
    • Backup
      • ANTWERPEN Production
        • True
          • bcksrv301 filsrv301 prisrv301
  • VM Affinity
    • Backup
      • BERLIN Production
        • True
          • bcksrv101 filsrv101 prisrv101
  • VM Affinity
    • Backup
      • LIVERPOOL Production
        • True
          • bcksrv601 filsrv601 prisrv601
  • VM Affinity
    • vCenterVMs
      • AMSTERDAM Production
        • True
          • esxdbs403, esxpsc404, esxvcs405, esxsrm406
  • VM Affinity
    • vCenterVMs
      • ROTTERDAM Production
        • True
          • esxdbs003, esxpsc404, esxvcs005, esxsrm006
  • VM Affinity
    • Enterprise Vault
      • AMSTERDAM Production
        • True
          • evssrv01 evssrv03 evsdbs01
  • VM Anti Affinity
    • Sharepoint Webservers
      • AMSTERDAM Production
        • False
          • shpweb401 shpweb402 shpweb403
  • VM Anti Affinity
    • Sharepoint Database Servers
      • AMSTERDAM Production
        • False
          • shpdbs401a shpdbs401b

Setup Alarms

Alarms have to be setup on both vCenters. Go to the vCenter object → Manage

  • Name
    • What
      • Trigger en waarden
        • Email en frequentie
  • Datastore usage on disk
    • Datastores
      • datastore disk usage % – 90/95
        • it_getshifting.com;helpdesk_getshifting.com;- once – –
  • SHIFT Datastore overprovisioned
    • Datastores
      • datastore disk provisioned % – 105/125
        • sjoerd_getshifting.com;it_getshifting.com;once once once once
  • SHIFT Host connection and power state
    • Hosts
      • Any (all alert)
      • Host connection state is equal to not responding
      • Host connection state is equal to disconnected
      • Host power state not equal to powered on
        • sjoerd_getshifting.com;it_getshifting.com;once once once once
  • SHIFT Host cpu usage
    • Hosts
      • Host cpu usage % 75/5m/90/5m
        • sjoerd_getshifting.com;it_getshifting.com;once once once once
  • SHIFT Host memory usage
    • Hosts
      • Host memory usage % 90/5m/95/5m
        • sjoerd_getshifting.com;it_getshifting.com;once once once once
  • SHIFT – VM Created
    • Virtual Machine events
      • Creating VM
      • Deploying VM
      • VM Created
      • VM being cloned
      • VM renamed
        • cmdb_getshifting.com;once once – –
  • SHIFT VM CPU Ready
    • Virtual Machines
      • VM CPU Ready Times (ms) is above
      • 2000 for 30 sec
      • 4000 for 30 sec
        • sjoerd_getshifting.com;once once – –

vCenter Email Settings

Go to vCenter inventory lists, vCenter

Go to Manage → Settings → General

Click edit, go to Mail and fill in mailhub.shift.local as the smtp server and vcenter-rot_getshifting.com or vcenter-ams_getshifting.com as sender.

SRM Configuration

Network Mappings

  • Go to Home → Site recovery → Sites → Select the protected site
  • Go to Manage → Network Mappings and click on the “new network mapping” icon
  • Select “prepare mappings manually”

Map according to this schedule:

  • Source Network → Target Network
  • The Netherlands LAN0-LAN → The Netherlands SRM_Uitwijk
  • The Netherlands LAN0-VLAN800 → The Netherlands SRM_iSCSI

Folder Mappings

  • Go to Home → Site recovery → Sites → Select the protected site
  • Go to Manage → Folder Mappings and click on the “new folder mapping” icon
  • Select “prepare mappings manually”
  • Map all folders to “SRM VMs”

Resource Mappings

  • Go to Home → Site recovery → Sites → Select the protected site
  • Go to Manage → Resource Mappings and click on the “new resource mapping” icon
  • Select “prepare mappings manually”

Map according to this schedule:

  • Source Resource → Target Resource
  • AMSTERDAM Oracle → ROTTERDAM BCP-Oracle
  • AMSTERDAM Production → ROTTERDAM BCP
  • AMSTERDAM ROAD → ROTTERDAM BCP
  • AMSTERDAM EMAIL → ROTTERDAM BCP

Placeholder Datastore

Note: this is done at the recovery site
  • Go to Home → Site recovery → Sites → Select the recovery site
  • Go to Manage → Placeholder Datastores and click on the “configure placeholder datastore” icon
  • Select the placehodler datastore: SAN0A250_BCP_SRM_MGMT

Advanced Settings

On both sites,

  • Go to Home → Site recovery → Sites → Manage → Advanced Settings
  • Go to Storage Provider and click edit
  • Set storageProvider.fixRecoveredDatastoreNames to enabled.

Create Protection Groups

  • Go to Home → Site Recovery → Protection Groups
  • Click on the “Create Protection Group” icon
  • Fill in the name and description
  • Set AMSTERDAM as protected site
  • Select the correct Array Managers Type
  • Select the datastores you want to include in the protection group
  • Finish the wizard

Repeat this step for all required protectiongroups

Create Recovery Plans

  • Go to Home → Site Recovery → Recovery Plans
  • Click on the “Create Recovery Plan” icon
  • Fill in the name and description
  • Set the recovery site to ROTTERDAM
  • Include the correct protection groups
  • Map SRM_Uitijwk to SRM_Test for the test network
  • Map LAN0-VLAN800 to SRM_iSCSI for the test network
  • Finish the wizard

Repeat this step for all required recovery plans

Advanced Recovery Plan Settings

For all Recovery Plans, check and configure:

  • IP customization
    • Current only known: shpfil401
  • Prompts:
    • Prompt: Wait for the Create Writable Storage Snapshots to complete. [Make sure the step “Create Writable Storage Snapshots” is completely finished and then press dismiss.]
  • SRM Commands
    • Command: Snapmirror Off [c:\windows\system32\cmd.exe /c g:\scripts\storagescripts\snapmirroroff.bat > g:\scripts\storagescripts\snapoff.log]
    • Command: Snapmirror On [c:\windows\system32\cmd.exe /c g:\scripts\storagescripts\snapmirroron.bat > g:\scripts\storagescripts\snapon.log]
  • VM Startup priority, below standard leaves room to create extra startup priority without modifying all other servers:
    • Database servers first
    • Application Servers third
    • Web Servers fifth

Scripts

Snapmirror On

echo y | G:\scripts\networkscripts\plink  -ssh -pw XXXXXXXX root@SAN0A echo
G:\scripts\networkscripts\plink  -ssh -pw XXXXXXXX root@SAN0A snapmirror on

echo y | G:\scripts\networkscripts\plink -ssh -pw XXXXXXXX root@SAN0B echo
G:\scripts\networkscripts\plink -ssh -pw XXXXXXXX root@SAN0B snapmirror on

exit

Snapmirror Off

echo y | G:\scripts\networkscripts\plink  -ssh -pw XXXXXXXX root@SAN0A echo
G:\scripts\networkscripts\plink  -ssh -pw XXXXXXXX root@SAN0A snapmirror off

echo y | G:\scripts\networkscripts\plink -ssh -pw XXXXXXXX root@SAN0B echo
G:\scripts\networkscripts\plink -ssh -pw XXXXXXXX root@SAN0B snapmirror off

exit

SRM Permissions

http://pubs.vmware.com/srm-60/topic/com.vmware.srm.admin.doc/GUID-048A4928-B94A-41FA-BD2B-55B50EF7E4A7.html

Create these four groups and assign permissions accordingly:

  • Group
    • SRM Role
      • Defined In
  • NL-SRM-RP-Administrators
    • SRM Recovery Plans Administrator
      • Global
  • NL-SRM-PG-Administrators
    • SRM Protection Groups Administrator
      • Global
  • NL-SRM-Test-Administrators
    • SRM Recovery Test Administrator
      • Global
  • NL-vCenter-Administrators
    • Administrator
      • Global
  • NL-vCenter-Administrators
    • Read Only
      • Explicitly on both sites

Make the “Server Admins” member of all four groups. This gives the situation that all members of the “Server Admins” group can do everything in vCenter, except for running recoveries. To do that, you need to be member of the domain admin group.

SRM Alarms

SRM alarms are now fully integrated: http://pubs.vmware.com/srm-61/topic/com.vmware.srm.admin.doc/GUID-33E5966A-A8EA-4F61-8B16-D01E3B647D49.html

Configure alarms according to the following set-up:

  • Name
    • Settings
      • Action
  • SRM Protected VM deleted or invalid VM event:
    • Protected Virtual Machine Removed
    • Protected VM Invalid (only recovery site)
      • email srm-alarms_getshifting.com; once once — —-
  • SRM VM Not protected
    • VM event:
    • VM Not protected (only recovery site)
      • email srm-alarms_getshifting.com; once once — —-
  • SRM Placeholder Object Deleted
    • vCenter event
    • Placeholder VM deleted
    • Protected VM Deleted (only recovery site)
      • email srm-alarms_getshifting.com; once once — —-
  • SRM Recovery Plan Changed
    • vCenter event
    • Recovery plan edited (only recovery site)
      • email srm-alarms_getshifting.com; once once — —-
  • SRM Protection Group Changes
    • vCenter event
    • Protection Group Reconfigured (only recovery site)
      • email srm-alarms_getshifting.com; once once — —-

Host Upgrades

BCP RunBook

Export all runbooks and distribute them to the BCP Officer.

Source: http://www.getshifting.com/wiki/vsphere6