If a site failure occurs in the protected VMware Cloud Foundation instance, initiate a disaster recovery of the clustered Workspace ONE Access instance and VMware Aria Suite Lifecycle to restore the life cycle management and authentication services of the SDDC.

Under normal operating conditions, you use the VMware Aria Suite LifecyclePower on workflow to successfully start a clustered Workspace ONE Access instance. This workflow includes powering on the virtual machines at a vSphere level and a sequence of internal Workspace ONE Access startup tasks. However, after a failover, VMware Aria Suite Lifecycle is unable to locate the Workspace ONE Access virtual machines, because they are moved to a different vCenter Server instance. Therefore, you use the following sequence of steps.

  1. Start the virtual machines as part of the Site Recovery Manager recovery plan.

  2. Run the VMware Aria Suite LifecyclePower on workflow.

  3. Retry the failed VMware Aria Suite LifecyclePower on workflow with the vidmPowerOnSkip flag set to true.

Procedure

  1. Log in to Site Recovery Manager at https://<srm_fqdn/dr> in the recovery VMware Cloud Foundation instance as [email protected].

  2. In the existing site pair, click View details.

  3. Click the Recovery plans tab and click the recovery plan for VMware Aria Suite Lifecycle and the clustered Workspace ONE Access instance according to the value in your VMware Cloud Foundation Planning and Preparation Workbook.

  4. Click the Recovery steps tab and click Run.

    The Recovery wizard appears.

  5. On the Confirmation options page, configure these settings and click Next.

    Setting

    Value

    I understand that this process will permanently alter the virtual machines and infrastructure of both the protected and recovery datacenters.

    Selected

    Recovery type

    Disaster recovery

  6. On the Ready to complete page, to initiate the failover of the clustered Workspace ONE Access instance and VMware Aria Suite Lifecycle, click Finish.

    This operations takes several minutes to complete.

  7. When prompted, verify that the load balancer virtual server for the clustered Workspace ONE Access instance is available and responds to ping requests, and click Dismiss.

    The NSX load balancer is now running in the recovery VMware Cloud Foundation instance.

  8. When prompted to Run VMware Aria Suite Lifecycle Power On Workflow for the clustered Workspace ONE Access, first verify the DNS names of the clustered Workspace ONE Access nodes, and proceed to step 9.

    1. Log in to the management domain vCenter Server in the recovery VMware Cloud Foundation instance at https://<recovery_instance_vcenter_server_fqdn>/ui as [email protected].

    2. In the VMs and templates inventory, navigate to the clustered Workspace ONE Access virtual machine folder.

    3. Select the first clustered Workspace ONE Access virtual machine and verify that the Summary tab shows the corresponding DNS name.

    4. Repeat this step for each of the remaining clustered Workspace ONE Access virtual machines.

  9. Recover the clustered Workspace ONE Access instance.

    1. Log in to VMware Aria Suite Lifecycle at https://<aria_suite_lifecycle_fqdn> as vcfadmin@local.
    2. On the My services page, click Lifecycle operations.

    3. In the left navigation pane, click Environments.

    4. On the Environments page, in the globalenvironment card, click View details.

    5. On the VMware Identity Manager tab, click the horizontal ellipsis and select Power on.

    6. In the Power on VMware Identity Manager dialog box, click Submit.

    7. Monitor the request in VMware Aria Suite Lifecycle.

      The request fails because VMware Aria Suite Lifecycle cannot locate the clustered Workspace ONE Access virtual machines which are now running in a different vCenter Server instance.

    8. Click Retry and, in the vidmPowerOnSkip text box, enter true.

    9. Click Submit.

      VMware Aria Suite Lifecycle proceeds to bring the clustered Workspace ONE Access instance online gracefully.

  10. In the Site Recovery Manager recovery plan, at the prompt, click Dismiss.

  11. If the domain controllers from the protected VMware Cloud Foundation instance are unavailable, when the clustered Workspace ONE Access instance is online, reconfigure the directory to use the domain controllers in the recovery VMware Cloud Foundation instance.

    1. Log in to the clustered Workspace ONE Access instance at https://<clustered_workspace_one_access_fqdn>/SAAS/admin with a user assigned the administrator role.

    2. Click the Identity & access management tab.

    3. Click the directory name, and click Sync settings > Domains.

    4. To update the domain controller priority to use the domain controllers in the recovery site, on the Domains tab, click Save.

What to do next

  1. Verify that the clustered Workspace ONE Access instance is operational. See Proactive Diagnostics of VMware Cloud Foundation with Skyline Health Diagnostics.

  2. Verify that VMware Aria Suite Lifecycle is operational. See Proactive Diagnostics of VMware Cloud Foundation with Skyline Health Diagnostics.

  3. Prepare the clustered Workspace ONE Access instance and VMware Aria Suite Lifecycle for failback by reprotecting the virtual machines in Site Recovery Manager. See Reprotect the Clustered Workspace ONE Access instance and VMware Aria Suite Lifecyclefor Site Protection and Disaster Recovery for VMware Cloud Foundation.