VCDR Design and Deployment

Key Features and considerations

Feature

Description

VCDR

vs VMware Site Recovery

VMWare Site Recovery

  • Uses vSphere Replication for replication and Site Recovery Manager for DR orchestration
  • Replicates to VSAN on SDDC
  • Faster RTO since failover capacity is already provisioned.
  • Smaller RPO since VM data can be replicated every 30 minutes or less. The available RPO range is from 5 minutes to 24 hours.

VCDR

  • replicates to a low costScale-out file system.
  • Uses DRaaS connector and Saas orchestrator for replication and orchestration
  • Lowest RPO is 30 mins.

VCDR Benefits

  • Instant Power-on: Live Mount feature allows you to instantly power-on your VMs in the cloud when testing or orchestrating your DR plans.
  • Immutable Snapshots: Protect your data from malware thanks to a deep history of immutable snapshots.
  • Continuous DR Health Checks: Essential for ransomware recovery, DR health checks drive recovery readiness and are run every 30 minutes.
  • Delta-based Failback: Minimize cloud data egress charges and optimize DR operational costs.
  • Detailed DR Reports: Provide proof that DR plans are being tested and executed correctly.

VMC Hosts for DR

The Service Offering does not include VMC hosts.

You must separately purchase the hosts to recover VMs

Pricing

VCDR price is combination of two parts

  • Per-TiB charge based on storage of protected VMs and incremental backups.
  • Per virtual machine charge based on the number of protected virtual machines.

Subscription and API Token

Protected Site

Supported sites

  • On prem vCenter
  • VMware on AWS SDDC

Currently, protected sites do not support stretched clusters

Cloud file system

If you want to deploy more than one cloud file system, contact VMware Support for assistance.

Recovery AZ

Recovery AZ

  • Cloud file systems and recovery SDDCs must be in the same AZ.
  • It is recommended not to have it in the same region where your on-premises data center is located.

Recovery SDDC

Deployment methods

  • On-demand : Deploy a new SDDC following a DR event.
  • Pilot light:
    • A smaller subset of SDDC hosts are deployed ahead of time
    • Extra SDDC hosts can be added in a failover event.

RTO

  • On Demand:
    • 4hours +
    • SDDC provisioning time +
    • mounting backup file system +
    • customization +
    • “VM Power On”
  • Pilot light:
    • 4 Hours +
    • mounting backup file system customization +
    • “VM Power On”

RPO

>=30 mins

Protection group

Protection groups allow you to schedule recurring VM snapshots.

A protection group cannot contain VMs from two different vCenters.

A VM can be part of multiple protection groups.

Snapshots

Snapshot Frequency

  • Standard frequency
  • High frequency
    • Snapshot Quiescing is not supported..

Mixed snapshot types in a protection group: A protection group can only be configured for one snapshot type: standard-frequency, high-frequency, or quiesced.

VMs with mixed snapshot types: If a VM is part of two or more protection groups with mixed types standard-frequency and high-frequency , all snapshots will be captured as high-frequency

Group membership

  • VM name pattern
  • Tags
  • VM folder
    • VMs in subfolders are not included automatically.

Protection schedules

Multiple schedules: A protection group can have a maximum of 10 schedules, each schedule with its own frequency and retention level

Other backup software: Protection group snapshots can exhibit errors if other VM backup software runs at the same time as VCDR snapshot schedule.

Recommendation: Multiple schedules; one for desired rpo, one for ransomware

Snapshot frequency

Snapshot retention

Recovery Plan

Allows you to recover all VMs in the protection groups or specific individual VMs

IP Address Mapping:

  • VMware Tools must be installed on the guest OS
  • To map IP addresses for Windows VMs, the system drive of the VMs must be mapped to c:\.

Actions that can be executed on DR plan:

  • Failover
  • Test Plan
  • Deactivate

On executing a recovery plan,it registers the VMs in vCenter , customizes and powers on the VMs.

Script VM

The Script VM allows you to add custom scripts to run on a dedicated VM during plan execution as a recovery step

Activate / deactivate

DR Plan

A plan is automatically deactivated upon committing a successful failover or failback.

You can explicitly re-activate a previously deactivated DR Plan by clicking Activate plan.

Recover Guest Files

For each snapshot in VMware Cloud DR, you can download the guest files of individual VMs as a ZIP package to your local system.

Supported file systems for recovering guest files:

  • Windows: NTFS and FAT32.
  • Linux: Ext3 and Ext4

Data transfer

VCDR uses SSL connection to securely transfer data from protected sites to Recovery SDDCs

SCFS Architecture

2 Tier Design:

  • Cache Tier: EC2 with local NVMe for IO performance
  • Capacity Tier: To store all data (S3)

Log Structured File System (LFS) Techniques:

  • All incoming data backups are converted to large ~10MB sequential segments and are stored as S3 objects
  • All new incoming data “always” goes to new locations , there is never any danger of overwriting blocks containing old backups.

SCFS checks the data integrity of each backup copy every single day.

In steady-state “backup-mode”, SCFS uses very little EC2 caching resources to keep the costs low and only launches more resources in the rare “recovery-mode” situations

Restore Specific Files

DRaaS Connector

The DRaaS Connector is a stateless software appliance that enables replicating VM snapshots to backup sites.

Each connector provides additional replication bandwidth for the site.

If the protected site is SDDC, you must deploy a DRaaS Connector on each cluster.

VCDR does not support an internet proxy server between the DRaaS Connector and the cloud

Number of connectors

Recommended one connector per 250 VMs (protected and unprotected)

Minimum 2 connectors per-protected site.

Maximum 4 connectors per-protected site, even if there are more than 1000 VMs.

Frequently asked questions

  1. Whether protection and replication continues during the test of a recovery plan? The answer is yes.

SCFS architecture

https://blogs.vmware.com/virtualblocks/2021/09/13/new-filesystem-rapid-ransomware-recovery/

SCFS
Protected Site
Recovery AZ

VCDR Network Connectivity Ports

Recover files

https://docs.vmware.com/en/VMware-Cloud-Disaster-Recovery/services/vmware-cloud-disaster-recovery/GUID-D9DB8EE8-0334-4717-A4B9-D53345651AB5.html

Step by Step Instructions

Step

Links

Request VCDR Service

vmarena

Generate token

Roles required for VCDR

– Organization Owner from the Organization Role

– VMware Cloud on AWS from Service Roles

Vmware blog

Configure API Token

Deploy Cloud file system

Setup protected site

vminded

Deploy connector

vminded

Register vCenter

Add Recovery SDDC

Create Protection group

vminded

Create DR Plan

vminded

References

  1. https://core.vmware.com/resource/vmware-cloud-disaster-recovery-technical-overview#sec17992-sub4
  2. https://vmc.techzone.vmware.com/resource/introduction-vmware-cloud-disaster-recovery-vcdr
  3. https://docs.vmware.com/en/VMware-Cloud-Disaster-Recovery/services/vmware-cloud-disaster-recovery.pdf
  4. https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/downloads/eula/vmw-cloud-disaster-recovery-service-description.pdf
  6. https://vmc.techzone.vmware.com/resource/replication-and-disaster-recovery-using-vmware-cloud-disaster-recovery-vcdr#introduction
  8. https://core.vmware.com/resource/vmware-cloud-disaster-recovery-technical-overview#section1
  9. https://vmc.techzone.vmware.com/resource/introduction-vmware-cloud-disaster-recovery-vcdr#deployment-considerations
  10. https://aws.amazon.com/blogs/apn/design-considerations-for-disaster-recovery-with-vmware-cloud-on-aws/