DR to the Cloud introduction
I showed a live demo of a disaster recovery of a test workload from a vSphere 6.0 environment to a VMware vCloud Air Disaster recovery instance at our Technical Update Session (TUS2015) on June 24th. What I showed in roughly 20 minutes was a non-disruptive test of a disaster recovery and a planned migration of a small MicroCore Linux VM. Because the user interface is pretty intuitive and setting up and actually using vSphere Replication with vCloud Air DR is so easy, I feel the significance of what the demo was actually showing – what was happening on a global scale in a matter of minutes – was lost a bit. Therefore, I am writing a blog series about my demo setup and disaster recovery to vCloud Air in general. This is the first part where I will elaborate in some more detail on my demo setup. I will break down the blog series in the major parts that make up my demo infrastructure:
• Part 1. DR to the Cloud introduction and on-premises setup (this blog)
• Part 2: vCloud Air VPC OnDemand and vCloud Air Disaster Recovery setup
• Part 3: vSphere Replication
• Part 4: Disaster Recovery
As part of a DR to the cloud I first needed a vSphere environment to pose as a local datacenter. I needed a reliable internet connection over which I could setup an IPSec VPN tunnel to my cloud instance. My colleague Arjan Timmerman introduced me to Ravello Systems. Ravello runs a distributed, nested virtualization engine called HVX on top of either Amazon Web Services or Google Compute Engine. Ravello also uses Software defined networking and a storage overlay to fully encapsulate workloads so they are independent from the underlying cloud infrastructure. There are a number of excellent blogs already out there about this awesome product so I won’t go into the underlying details of Ravello much further. I do recommend checking out the Ravello website and sign-up for a FREE 14 day trial. The folks at Ravello are very helpful and are eager to work with you to set up your proof of concept. Also worth noting is that Ravello is presenting at Virtualization Field Day 5 #VFD5 on June 26th. There will be a live webstream available on http://techfieldday.com/event/vfd5/.
Using Ravello I deployed a basic 3-node ESXi 6.0 VSAN cluster. I tried to keep my setup as clean and simple as possible. My main purpose with this demo was to replicate a VM to vCloud Air and perform a disaster recovery of that VM. Nothing more. So I kept everything very plain and very simple: one /24 subnet for my entire “on premises” datacenter, a single standard vSwith with a single uplink and one VMkernel port for just about everything. I know, not very scalable and resilient but hey, it’s just a demo. I deployed a Windows 2012 R2 based Domain Controller directly on Ravello and I added another Windows based machine which I used as a RDP jumphost and to install vCenter 6.0 for Window on. The number of disks that come with the Linux based vCenter 6.0 appliance exceed the number of supported disks per controller on Ravello. It is actually a limitation of the underlying cloud infrastructure and Ravello gives you an error when you try to upload VCSA6.0 as an OVF. I spent some time trying to alter the VCSA harddisk layout in Fusion on my local workstation but decided it would be just easier to install vCenter 6.0 for Windows on my jumphost. Thinking of it, it’s pretty funny that – as a real Windows guy – I was actually really trying to NOT use the Windows version of vCenter. I think that says a lot about the quality of the recent Linux based vCenter appliances!
Finally, I needed something to set up a VPN to vCloud Air with. Ravello provides a nice step-by-step guide on how to deploy and set up a pfSense virtual firewall appliance, so I went with that. Of course I could also have set up vShield Networking and Security or even NSX-v, but the resource overhead and added complexity outweighed the benefits. Deploying and setting up pfSense was very easy but getting the IPSec tunnel to vCloud Air up and running was a pain. Making sure that both sides of the VPN are using the exact same settings can be a challenge when you are using different products. In the end I got the IPSec tunnel to pass traffic successfully using these settings:
Because not all of these detailed settings are available in the vCloud Air Edge Gateway GUI, it was difficult to find the right settings. In the end this VMware KB article helped me to complete the setup.
Because it is just a demo setup (and because I couldn’t get the tunnel up and running at first) I decided to allow all traffic through the firewalls. I also port forwarded RDP traffic on TCP3389 from the WAN interface of the firewall to my jumphost so I could RDP to it directly.
To summarize, I now have a 3 node ESXi6.0 VSAN cluster, a Windows based jumphost which was running vCenter 6.0, a domain controller and a firewall appliance with an IPSec VPN tunnel to my cloud instance. In the Ravello interface the network setup looks like this:
All instances connect to the 192.168.62.0/24 network and the pfSense firewall is also connected to the internet through a Ravello supplied router. The Ravello network settings of the pfSense appliance are:
In my next blog I will tell you in detail how I set up my vCloud Air instances. Yes, plural. I’ll explain why…