joe_cole1
1 Nickel

Re: Help with DR setup for VMware 5.5 environment

echolaughmk wrote:

LAN can be on the same as the ESX/VNX - won't be a huge amount of communication going on there.

As for iSCSI, you should be OK with how you have them setup from a VLAN perspective.

I will need to add different iSCSI IPs for each vRPA since I will still be connecting the ESX host to the SAN via ISCSI at the same time.

So thinking the following:

ESX iSCSI host setup:

iSCSI1: 10.160.19.224 /27

iSCSI2: 10.160.19.96 /27


vRPA1:

iSCSI1: 10.160.19.225 /27

iSCSI2: 10.160.19.97 /27


vRPA2:

iSCSI1: 10.160.19.226 /27

iSCSI2: 10.160.19.98 /27



On the iSCSI side, the iSCSI traffic doesnt need to be routable between the protected and recovery site since the WAN will be used for the replication correct?

0 Kudos
echolaughmk
3 Silver

Re: Help with DR setup for VMware 5.5 environment

Correct...the vRPA WAN configuration will be doing the replication and not the iSCSI at each site (assuming you have a VNX at the target site setup the same way with the RPA's).

0 Kudos
joe_cole1
1 Nickel

Re: Help with DR setup for VMware 5.5 environment

echolaughmk wrote:

Correct...the vRPA WAN configuration will be doing the replication and not the iSCSI at each site (assuming you have a VNX at the target site setup the same way with the RPA's).

Just to make sure I'm not spazing out here. Are the vRPAs basically splitting the current iSCSI traffic that is established between the ESX hosts and the SAN/LUN?

0 Kudos
echolaughmk
3 Silver

Re: Help with DR setup for VMware 5.5 environment

The VNX will be your splitter still. The vRPA's are only using iSCSI to directly talk to the VNX for storage operations since they are virtual (repo, jvols, production and copy volumes). If they were physical RPA's, it would be in-band through FC, so nothing will change other than the hardware involved and how it talks to the array. You will end up masking those iSCSI ESX LUNs to the vRPAs just like what would happen if you were using the physical RPA's and dropping them all into a single storage group, but the splitter will still be the VNX splitter licensed for RP/SE (since you are using vRPA's).

0 Kudos
joe_cole1
1 Nickel

Re: Help with DR setup for VMware 5.5 environment

echolaughmk wrote:

The VNX will be your splitter still. The vRPA's are only using iSCSI to directly talk to the VNX for storage operations since they are virtual (repo, jvols, production and copy volumes). If they were physical RPA's, it would be in-band through FC, so nothing will change other than the hardware involved and how it talks to the array. You will end up masking those iSCSI ESX LUNs to the vRPAs just like what would happen if you were using the physical RPA's and dropping them all into a single storage group, but the splitter will still be the VNX splitter licensed for RP/SE (since you are using vRPA's).

So would it best to separate the current iSCSI traffic? Meaning create a separate iSCSI network for just for the vRPAs?

0 Kudos
echolaughmk
3 Silver

Re: Help with DR setup for VMware 5.5 environment

Yes, ideally. That was what I was trying to get at above. It can share it, but for performance and scalability it would be ideal to isolate it if you can on both the VNX side as well as the virtual side when you create the virtual networks.

0 Kudos
joe_cole1
1 Nickel

Re: Help with DR setup for VMware 5.5 environment

echolaughmk wrote:

Yes, ideally. That was what I was trying to get at above. It can share it, but for performance and scalability it would be ideal to isolate it if you can on both the VNX side as well as the virtual side when you create the virtual networks.

Little light bulb over my head lit up when I read your last breakdown. I really appreciate the help.

On the VNX unit, I will have to setup another iSCSI interface just for the vRPA connections? If so, would that require 2 interfaces since i see that vrpa setup is asking for two iSCSI networks?

0 Kudos
joe_cole1
1 Nickel

Re: Help with DR setup for VMware 5.5 environment

here's a quick update.

I have both vRPAs deployed per site and configured according to install details. However, I am seeing the following error when trying to connect one cluster to the other.

Fetching remote certificate

Internal error. Failed getting remote certificate: Socket is closed


I confirmed that i can ping both WAN IPs from both sites, and vice verse.

Any advice or directions will be truly appreciated.

0 Kudos
brettesinclair
3 Silver

Re: Re: Help with DR setup for VMware 5.5 environment

Looks like you have progressed pretty well to this point.

Have you opened up the required firewall ports between the two sites as per the security guide ?

There's numerous ports required for both tcp and udp, so you may find it easier to open up all ports between the RPA's at either side of the WAN, but this will depend on your policy.

0 Kudos
joe_cole1
1 Nickel

Re: Help with DR setup for VMware 5.5 environment

Would it be possible to provide the security guide?

Thanks

0 Kudos