You can run a recovery plan under planned circumstances to migrate virtual machines from the protected site to the recovery site. If the protected site experiences an unforeseen event that might result in data loss, you can also run a recovery plan under unplanned circumstances.
When you run a recovery plan to perform planned migration and disaster recovery, Site Recovery Manager makes changes at both sites that require significant time and effort to reverse. Because of this time and effort, you must assign the privilege to test a recovery plan and the privilege to run a recovery plan separately.
Planned Migration
During a planned migration, Site Recovery Manager synchronizes the virtual machine data on the recovery site with the virtual machines on the protected site.
Site Recovery Manager attempts to shut down the protected virtual machines gracefully and performs a final synchronization to prevent data loss, then powers on the virtual machines on the recovery site.
If errors occur during a planned migration, the plan stops so that you can resolve the errors and rerun the plan. You can reprotect the virtual machines after the recovery.
Disaster Recovery
During a disaster recovery, Site Recovery Manager first attempts a storage synchronization. If it succeeds, Site Recovery Manager uses the synchronized storage state to recover virtual machines on the recovery site to their most recent available state, according to the recovery point objective (RPO) that you set when you configure replication.
When you run a recovery plan to perform a disaster recovery, Site Recovery Manager attempts to shut down the virtual machines on the protected site. If Site Recovery Manager cannot shut down the virtual machines, Site Recovery Manager still powers on the copies at the recovery site.
In case the protected site comes back online after disaster recovery, the recovery plan goes into an inconsistent state, where production virtual machines are running on both sites, known as a split-brain scenario. Site Recovery Manager detects this state and you can run the plan again to power off the virtual machines on the protected site. Then the recovery plan goes back to a consistent state and you can run reprotect.
If Site Recovery Manager detects that a datastore on the protected site is in the all paths down (APD) state and is preventing a virtual machine from shutting down, Site Recovery Manager waits for a period before attempting to shut down the virtual machine again. The APD state is usually transient, so by waiting for a datastore in the APD state to come back online, Site Recovery Manager can gracefully shut down the protected virtual machines on that datastore.
Use of VMware Tools
Site Recovery Manager uses VMware Tools heartbeat to discover when a virtual machine is running on the recovery site. In this way, Site Recovery Manager can ensure that all virtual machines are running on the recovery site. VMware Tools are also used to shut down the guest operating system of protected virtual machines gracefully. For this reason, it is a best practice to install install VMware Tools on protected virtual machines. If you do not or cannot install VMware Tools on the protected virtual machines, you must configure Site Recovery Manager not to wait for VMware Tools to start in the recovered virtual machines and to skip the guest operating system shutdown step. See Change Recovery Settings.