DRaaS dreams come true! vCloud Availability for vCloud Director (vCAV) – For Tenant

Following the previous lengthy setup of vCAV for the Service provider, and after we enabled a certain customer and one’s OVDC to have DRaaS to the cloud. We then need to start configuring the tenant side. And actually this is just thru’ one component, the vSphere replication appliance.

Tenant Setup

So, it’s comparatively easy for a tenant setup, as VMware doesn’t expect a Cloud User has to do a lot to consume the Cloud for DR. Actually, for production environment, you could only just need to setup the vSphere Replication at tenant side. But for test and development environment, we would need do a bit more. So followings are the steps to enable it.

  1. Prepare Your Environment to Install vSphere Replication – Check and Configure the vCenter FQDN Entry under advanced settings of the vCenter Server
  2. Deploy the vSphere Replication Virtual Appliance – I’m using 6.1.1. vSphere Replication for my testing, you can just deploy it like any ordinary vSphere Replication Appliance (as it is one actually).
  3. Register the vSphere Replication Appliance with vCenter Single Sign On
  4. Using a Self-Signed Certificate in a Development Environment –  then you would need to force trust the vCloud Director Cert from the ApplianceYou need to use the following command on the vSphere Appliance
    • # openssl s_client -connect cloud.vmwarehk.lab:443 -tls1 </dev/null 2>/dev/null | openssl x509 > /tmp/vcloud.pem
      # /usr/java/default/bin/keytool -noprompt -import -trustcacerts -alias vcloud -file /tmp/vcloud.pem -keystore /usr/java/default/lib/security/cacerts -storepass changeit

    • # service hms restart
      # service vmware-vcd restart

  5. Configure Cloud Provider – We need to add a Cloud Provider form the tenant side to replicate our VM into, this provides the exact same steps as if you are connecting to the vCloud Air for the DRaaS. Start doing this by click the highlighted icon which you may probably didn’t hit beforeThen you need to input the Address of your original VCD (NOT the Cloud Proxy) and input the organization and necessary credential Select the organization VDC from the list which has been enabled with the DRaaS  Confirm the setup and you will see an alert under the status So you need to click the alert entry to configure the networks for the Target Cloud Side, on setup the network, you have to problem Recovery Network and Test Network which would be used for an actual recovery and test drill correspondingly. Just like VMware Site Recovery Manager (SRM), you can map the recovery network to the network port group on premise And another network for DR Drill network Then you are good to click Finish to confirm the configuration The Alert will be gone after the configuration
  6. Configure Replication – So finally, you can configure the replication of your VM. This is just same as how you replicating a VM with ordinary vSphere Replication Operation. So you can start by right clicking a VM on premise Then Click “Replicate to a Cloud Provider”, amazing… this was only working with vCLoud Air Before Head… Boom! You can see your OVDC on your vCD environment, Click it And Select the Storage Policy to be copied towards Enable WAN Compression if you wanna save bandwidth Choose the RPO and enable Point in Time instances if you wanna recover the VM in different Snapshot of timeYo the replication starts. ***it’s normal to see unknown under VR server***

Great! Let’s perform the test! Yes, I think replication is not something you wanna test right? The test so called should be how we can perform DR Drill and Recovery, right?

DRaaS Testing

On completing both the service provider and tenant setup, we can finally perform the DRaaS test. So let’s start with looking at what your Cloud is like after the replication is completed. It’s as following:

You can see a replicated VM is being created on your Cloud. So let’s see what it will be when we are performing the testing recovery or actual recovery. And as mentioned, there is a new UI come with vCAV, the vCloud Availability for vCloud Director Portal. It’s designed to provide a dedicate portal for tenant to manipulate the DR actions. I will thus cover both the actions you can performed thru’ existing vSphere Web Client on premise and also by the vCAV UI at service provider side.

DR Drill (Test Recovery)

So let’s talk about vCAV UI first, this is by opening a browser and go to http://{vCAV-UI}:8443, login with the VCD credential and you will be directed to a summary page.

To trigger the test failover, go to the “Workspaces” tab and click the VM you would like to test failover with. And you could see the buttons on the right hand side control pane. Click the “Test” and “Start” afterwards to trigger the test failover.

The UI will reflect the status and result in failover

Of course, you can see the same result at the vSphere Web Client side.

So you can also trigger test recover from the vSphere Web Client directly too

But you would have to login on triggering the recovery, this is because you didn’t login the VCD on login the Web Client.

You got more option to choose from using the test recover in the Web Client

On confirmation the test recover will be executed

Again, the status and result of test failover will be visible from the vSphere Web Client

So how actually a test failover looks like? Just like the Site recovery Manager, you production workload will continue to run while the DR workload will be brought up but mapped to a testing network.

Two networks are visible on the VM at the Cloud, where one is for production in Actual recovery and a testing one for test recovery.

Test Recovery Clean Up

On completing the test failover, just like Site Recovery Manager again. We need to clean up the test recovered VMs, you can do that from both vCAV UI or vSphere Web Client again.

Do this by click the VM from the Workspaces tab, then select the “Cleanup” action from the right hand side pane.

Same action can be performed at the vSphere Web Client

Actual Recovery

On confirming the succeed in test recovery, we can confirm the actual recovery is good. Where we do not usually test an actual failover, we usually execute it in a planned migration or actually DR scenario. This is why VMware brings the vCAV UI actually, it makes a lot of sense for the later case, when you lost your vSphere Web Client on premise, you still can trigger the DR recovery.

Just like the test recovery action, you can trigger it by clicking the VM on the vCAV UI at the Workspaces tab and then trigger the Failover from the Right Hand Side Control Pane

You can Monitor the Recovery Status from the vCAV UI

Or you can also trigger the planned migration from the vSphere Web Client on premise, remember than you cannot trigger an actual DR here as the vSphere Web Client on premise is likely gone when DR scenario outbreak.

Again you can have more options in recovering a VM comparing with vCAV UI

From the vSphere Web Client, you can monitor the Status of Recovery too.


After recovery, when your site resumed, you could and you should reportect your VM in opposite direction to enable the DR protection even the VM is at the Cloud now.

This can be done at the vCAV UI with the Reverse button

Or the “Reverse Replication” button from the vSphere Web Client on premise

This simply help reversing the replication traffic to replicate the cloud VM back to on premise datacenter.


Finally, you can failback you VM back to the on premise datacenter after the reprotect has been completed. Of course, you should test recover again from the Cloud back to the datacenter first. But I would skip here.

Go to the vCAV UI, Workspaces, and click a VM under “Reversed” tab. Click the Failback button

In vSphere Web Client, instead you cannot see a “Reverse button”, but instead you need to go to the “Incoming Replication” which notes the Cloud to Datacenter replication. And Failback the VM by Start Recovery button

So on successful tailback, you should see all your VM back online in your datacenter and the tasks are Recovered Successfully

Great enough? That’s the DRaaS which is enabled by the vCAV and this is how simple you as an tenant can consume it from any of your vCAN service provider who has deployed it. I wish this is helpful for you!


DRaaS dreams come true! vCloud Availability for vCloud Director (vCAV) – For Service Provider
Horizon 7.1 unauthenticated access Horizon App

Leave a Reply

Your email address will not be published / Required fields are marked *