Implementation of Site Protection and Disaster Recovery for VMware Cloud Foundation

To provide site protection and disaster recovery of management components within VMware Cloud Foundation, you deploy Site Recovery Manager and vSphere Replication. Then, you configure replication and a recovery plan.

To implement and configure site protection and disaster recovery for the management applications of the SDDC, alternative methods exist:

Table 1. Validated Solution Implementation Options
Method	Description
Implementation by using PowerShell automation	End-to-end automated implementation by using PowerShell. See Automated PowerShell Implementation of Site Protection and Disaster Recovery Using PowerShell Automation.
Implementation by using component user interfaces	End-to-end manual implementation by using components' user interfaces. See User Interface Implementation of Site Protection and Disaster Recovery.

You implement disaster recovery for the clustered Workspace ONE Access instance, VMware Aria Automation, VMware Aria Suite Lifecycle, and VMware Aria Operations. Before you implement the Site Protection and Disaster Recovery for VMware Cloud Foundation validated solution, your environment must meet certain requirements for deployment and networking.

When you prepare for disaster recovery, you must determine which of your two VMware Cloud Foundation instances functions as the protected site and which one as the recovery site.

The protected site hosts the business-critical SDDC services and the VMware Aria products, including VMware Aria Operations, VMware Aria Suite Lifecycle and VMware Aria Automation, along with the clustered Workspace ONE Access instance, with failover that is activated in the event of a disaster.

The recovery site is an alternative location to which these VMware Aria applications migrate to in the event of a disaster.

In this guide, the protected site is referred to as the protected VMware Cloud Foundation instance and the recovery site is referred to as the recovery VMware Cloud Foundation instance.

Prerequisites

To complete the implementation of Site Protection and Disaster Recovery for VMware Cloud Foundation validated solution, verify that your system fulfills the following prerequisites.

Table 2. Prerequisites for Implementation of Site Protection and Disaster Recovery for VMware Cloud Foundation
Category	Prerequisite
Environment	Verify that your VMware Cloud Foundation version is listed in the Support Matrix for this solution. Verify that you configure your environment according to Before You Apply This Guidance. Verify that you capture all parameters for the Site Protection and Disaster Recovery tab of the VMware Cloud Foundation Planning and Preparation Workbook. Verify that your VMware Cloud Foundation instance is healthy and fully operational. See VMware Cloud Foundation Operations Guide.
Domain Name Service	Verify that the required DNS entries are created in the DNS server for associated forward and reverse zones.
Network	Verify that you have NSX overlay-backed segments in place for the VMware Aria Suite products. Verify that your VMware Cloud Foundation instances have connectivity between each other and that the connection supports jumbo frames and Layer 3 routing. Verify that you configure NSX Federation between the protected and recovery VMware Cloud Foundation instances. See Working with NSX Federation in VMware Cloud Foundation Verify that all uplinks, port channels, and VLANs that carry overlay and vSphere Replication traffic are configured for jumbo frames. Verify that your environment supports the maximum supported latency between VMware Cloud Foundation instances, which is 150 ms. Verify that there is sufficient bandwidth available for replication traffic. See the vSphere Replication Calculator at http://www.vmware.com/vrcalculator.
Software	Download the Site Recovery Manager .iso image and mount it on the machine that you use to access the vSphere Client. Download the vSphere Replication .iso image and mount it on the machine that you use to access the vSphere Client.
License	Verify that you have obtained a Site Recovery Manager license with a quantity that fulfills the requirements of your design.
Active Directory	Verify that Active Directory Domain Controllers are available in the environment. Verify that the required service accounts are created in Active Directory. Verify that the required security groups are created in Active Directory.
Certificate Authority	Verify that a Microsoft Certificate Authority is available for the environment. Install the PowerShell Module for VMware Validated Solutions together with the supporting modules to request an SSL certificate from your Microsoft Certificate Authority. Verify that you have OpenSSL 3.0 or later installed on the system that will run the PowerShell module. The OpenSSL Wiki has a list of third-party pre-compiled binaries for Microsoft Windows. openssl --version