To protect or migrate vSphere workloads between two vCenter Server sites, deploy two VMware Cloud Director Availability appliances, in each respective vCenter Server instance. Before installing each appliance, verify that each site meets the deployment requirements. Also, allow the network communication within the site and between the sites.

vSphere DR and migration
Between two vCenter Server instances, any user that is a member of ADMINISTRATORS, or VRADMINISTRATORS, or VRUSERS can protect or migrate vSphere workloads after pairing the following VMware Cloud Director Availability appliances in each site, deployed and configured by a user member of ADMINISTRATORS. Deploying the appliances creates the groups VRADMINISTRATORS and VRUSERS in the vCenter Server instance.

Appliances Deployment

  • To replicate workloads between provider vCenter Server and tenant vCenter Server, deploy and configure the following two appliances, then pair both appliances.
    vCenter Replication Management Appliance
    In the provider vCenter Server instance, as a vSphere administrator user deploy, license, and configure a vCenter Replication Management Appliance, then add it for metering in VMware vCloud ® Usage Meter.
    On-Premises to Cloud vCenter Replication Appliance
    In the tenant vCenter Server instance, as a vSphere administrator user, only deploy and configure an On-Premises to Cloud vCenter Replication Appliance.
  • Alternatively, to replicate workloads between provider vCenter Server instances, deploy, license, and configure a vCenter Replication Management Appliance in each provider vCenter Server instance. Then add the appliances for metering in vCloud Usage Meter. Finally, pair both appliances, similarly to the example for pairing a tenant and a provider instance.

The following architecture diagram shows an On-Premises to Cloud vCenter Replication Appliance and a vCenter Replication Management Appliance, deployed in each respective vCenter Server instance.On-Premises to Cloud vCenter Replication Appliance replicating to vCenter Replication Management Appliance.

Network Requirements

The following diagram shows the network connections and the required network ports for the communication between the vCenter Replication Management Appliance, the On-Premises to Cloud vCenter Replication Appliance, and the disaster recovery infrastructure.

Required open TCP ports for vSphere DR and migration between an on-premises vCenter Server instance and a cloud vCenter Server instance.

Both appliances expect to receive pairing requests on port 8048/TCP and depending on whether pairing them over a public network or whether pairing them directly over a private network:
Table 1. Pairing Network Requirements
Pairing Prerequisites Private Network Pairing Public Network Pairing
Destination Network Address Translation (DNAT) Do not configure DNAT rules. First, configure a DNAT rule for translating the public Service-Endpoint-IP-address:443 to the private Appliance-IP-address:8048
In the New Pairing window enter: For Service Endpoint, enter Appliance-IP-adress:8048. For Service Endpoint, enter the public Service-Endpoint-IP-address:443.
For a full list of the required firewall ports to be opened, see VMware Cloud Director Availability Network Ports.

Connectivity Requirements

The two appliances in each site must be able to communicate with each other and with the disaster recovery infrastructure in the sites. The appliances must have TCP access to the ESXi hosts, to the vCenter Server instance, where the vCenter Server Lookup service is hosted, and to the remote VMware Cloud Director Availability appliance in the remote site.
Note: VMware Cloud Director Availability uses end-to-end encryption for the communication across sites. For example, when the On-Premises to Cloud vCenter Replication Appliance is communicating to the vCenter Replication Management Appliance, VMware Cloud Director Availability expects that the TLS session is terminated at both appliances.

VMware Cloud Director Availability does not support any TLS terminating products or solutions placed between the appliances, for example, HAProxy, Nginx, Fortinet, and others. If such tools are in place, they must be configured in pass-thru mode, also known as TCP mode, to prevent from interfering with the TLS traffic of VMware Cloud Director Availability.

Hardware Requirements

From a hosting perspective, both appliances are virtual machines with the following hardware requirements.
  • 8 vCPUs
  • 8 GB RAM
  • 10 GB Storage

Deployment Requirements

Dedicated ESXi replication VMkernel interfaces
For production sites, to isolate the replication data traffic in the ESXi hosts, dedicate a VMkernel interface for that. By default, ESXi handles the replication data traffic through its management VMkernel interface. Since one VMkernel adapter must handle one traffic type, separate the management traffic from the replication traffic by creating a dedicated replication VMkernel interface.

In every ESXi host that is used as a replication source or as a replication destination, when creating a VMkernel interface dedicated for the replication traffic, use the following tags:

  • For replication sources, to configure each ESXi host for the outgoing replication traffic, select vSphere Replication. For more information, see Set Up a VMkernel Adapter for vSphere Replication Traffic on a Source Host in the vSphere Replication documentation.
  • For replication destinations, to configure each ESXi host for the incoming replication traffic, select vSphere Replication NFC.

To keep the replication traffic between the ESXi hosts and the appliance instances in the same broadcast domain, configure the dedicated replication VMkernel interface in its own IP subnet and connect each appliance instance to the same virtual port group. As a result, the uncompressed replication traffic avoids crossing a router and saves network bandwidth.