Chapter 9: Active-Active Solution for VxRail

In Chapter 8, Active-Passive Solution for VxRail, we understood the advantages of the active-passive solution for VxRail. We learned how to use both VMware Site Recovery Manager and vSphere Replication to extend the disaster recovery feature on VxRail appliances across two locations.

In this chapter, we will learn about the advanced solution in the VxRail system. We will learn what a vSAN stretched cluster on VxRail is. This includes the active-active-passive solution with VMware Site Recovery Manager (SRM). We will learn how to plan and design this solution in this chapter, including the deployment of a VxRail vSAN stretched cluster, and how to extend the disaster recovery feature on a VxRail vSAN stretched cluster.

In this chapter, we're going to cover the following main topics:

• Overview of the active-active solution for VxRail
• Deploying the active-active solution for VxRail
• Overview of the active-active-passive solution for VxRail

Technical requirements

In this chapter, you'll need to make sure your workstation (laptop) is running on the Windows platform, and that a web browser is installed on your laptop. The latest versions of Firefox, Google Chrome, and Microsoft Internet Explorer 10 or above are all supported. The VxRail software is running version 4.7.300 or above.

For the network requirements of the vSAN stretched cluster on VxRail, the latency or Round-Trip Time (RTT) between the primary and secondary sites hosting virtual machine (VM) objects should not be greater than 5 milliseconds, and the bandwidth between the primary and secondary sites should be a minimum of 10 Gbps or greater. In the vSAN stretched cluster configurations, the latency or RTT between the primary and secondary sites hosting VM objects and the witness node should not be greater than 200 milliseconds.

For the disaster recovery solution, there is a set of VxRail clusters (a minimum of four nodes each) running at both primary and secondary sites in a healthy state, and the VM replication network for vSphere Replication is deployed and ready across the primary and secondary sites. Additional licenses are required for VMware Site Recovery Manager when defining the SRM recovery plan.

The requirements of the SRM appliance configuration are that we must deploy an SRM appliance at each site. The version of the SRM appliance must be the same. The Domain Name System (DNS) name of the vCenter Platform Service Controller (PSC), vCenter Server, and the SRM appliance must be configured with an appropriate DNS and IP address.

As regards the requirements of the vSphere Replication configuration, we must deploy a vSphere replication appliance at each site. vSphere Replication is configured with a dual-core or quad-core CPU, a 13 GB and a 9 GB hard disk, and 8 GB of memory. The DNS name of the vCenter PSC, vCenter Server, and vSphere Replication appliance has been configured to incorporate the DNS with the relevant IP address.

Overview of the active-active solution for VxRail

The vSAN stretched cluster on VxRail can deliver an active-active cluster between two geographically separate locations and synchronously replicate data between sites. This feature allows an entire site failure to be tolerated. It extends the concept of fault domains to data center awareness domains. The vSAN stretched cluster must build on between two separate sites (the preferred and secondary site). Each stretched cluster includes two data sites and one witness site. The witness host contains the witness components of the VM objects. The witness host is used as a decision maker that monitors the availability of datastore components when the network connection between the preferred and secondary sites is lost. The witness host can either be a VM or a physical machine.

Now we will have an overview of the logical diagram of the active-active solution for VxRail. In Figure 9.1, we can see that there are three separate sites: they are Preferred Site, Secondary Site, and Witness Site. The VxRail cluster must be deployed across the primary and secondary sites in an active-active configuration (vSAN stretched cluster), with four VxRail nodes deployed at each site. There are two 10 GB top-of-switches for VxRail network connections at the primary and secondary sites. At the witness site, there is a vSAN witness appliance deployed. The VxRail cluster with eight E560 nodes is managed by the vCenter Server Appliance. The VxRail system's VMs are running on this VxRail cluster, that is, the vCenter Server Appliance, vCenter PSC, VxRail Manager, and vRealize Log Insight:

Figure 9.1 – A logical diagram of the active-active solution for VxRail

In the next section, we will discuss the requirements for this solution.

VxRail cluster configuration

The VxRail cluster must be deployed across two separate sites in an active-active configuration. The following table shows the configuration of each VxRail appliance in the vSAN stretched cluster. The witness host must be installed on a witness site that has independent data paths to each data site. The maximum supported configuration of the vSAN stretched cluster is 15+15+1 (30 nodes + 1 witness). The witness host must be running the same version as the VxRail cluster; for example, if the VxRail cluster is running in vSphere 6.7, the witness host must be version 6.7. The stretched cluster supports the Failure Tolerance Method (FTM) of RAID-5/6 and RAID-1. RAID-5/6 must be in the configuration of vSAN All-Flash:

A vSAN stretched cluster uses fault domain (FD) technology to provide redundancy and failure protection across sites. Fault domains provide the core functionality of the vSAN stretched cluster. The supported number of fault domains in a vSAN stretched cluster is three. A stretched cluster requires three fault domains; these are the Preferred Site, the Secondary Site, and a Witness Host. The preferred and secondary sites are the data sites that are configured in a vSAN fault domain. The vSAN witness host can be either a physical host or a virtual appliance. The witness components are stored on the witness host and provide a quorum to prevent a split-brain scenario if the network is lost between the two data sites. This is the third fault domain. The following table shows the minimum number of VxRail nodes that depend on the VxRail software version and vSAN stretched cluster configuration.

Important note

VxRail appliances support vSAN stretched clusters with vSphere Standard edition. A vSAN Enterprise license is required for DRS.

In the following table, PFTT stands for the Primary Level of Failures to Tolerate, and SFTT stands for the Secondary Level of Failures to Tolerate:

Important note

Erasure coding can only be enabled on an All-Flash vSAN cluster.

In the next section, we will discuss the vCenter Server requirements for a vSAN stretched cluster for VxRail.

vCenter Server requirements

Starting with VxRail 4.5.200 and above, either the embedded vCenter Server Appliance or an external vCenter Server can be supported for vSAN stretched clusters. If we choose an external vCenter Server for vSAN stretched clusters on VxRail, the following are the external vCenter Server requirements:

• The external vCenter Server version must be identical to the VxRail vCenter Server Appliance version.
• The Fully Qualified Domain Name (FQDN) of an external vCenter Server is required.
• If the vCenter Platform Services Controller (PSC) is non-embedded, the FQDN of an external PSC is required. Please include vCenter license requirements as well.
• The Domain Name System (DNS) server must resolve all VxRail ESXi hostnames prior to initialization.
• Create a data center on the external vCenter Server before joining the VxRail cluster.
• Create a VxRail management user in Single Sign-On (SSO) that has no role and permission assigned. VxRail will make a new role and assign it to this user account.

In the next section, we will discuss the network requirements for a vSAN stretched cluster on VxRail.

Network requirements

A vSAN stretched cluster in VxRail requires Layer 2 connectivity for the management network between the preferred and secondary sites. Starting with VxRail 4.7.300, Layer 3 is also supported between the two data sites (preferred and secondary). As regards vSAN network connectivity, we can use either Layer 2 or Layer 3. It recommends a minimum of 10 Gbps or greater bandwidth between the preferred and secondary sites. The network connectivity between two data sites and the witness site must be in Layer 3. Figure 9.2 shows a supported network topology in the vSAN stretched cluster. The RTT, roundtrip latency, should not be more than 5 msec (one-way less than 2.5 msec). The data site to the witness RTT should not be more than 200 msec (one-way, less than 100 msec is acceptable). For 10+10+1 configurations, however, less than RTT-100 msec is preferred. For deployments bigger than 10+10+1, an RTT of less than 100 msec is required.

A vSAN stretched cluster includes the management network, vSAN network, vMotion network, and VM network. The management and vSAN networks must be connected to all three sites (the data sites and witness). In Figure 9.2, we can see that the connectivity for management and the vSAN network is in Layer 2 (the same VLAN ID) between the preferred and secondary sites. The network connectivity between the two data sites and the witness site is in Layer 3 (network routing):

Figure 9.2 – The supported network topology in the vSAN stretched cluster

In the next section, we will discuss how to deploy the active-active solution for VxRail.

Deploying the active-active solution for VxRail

In this section, we will discuss the deployment of an active-active solution for VxRail. This includes the deployment of a vSAN stretched cluster witness and the configuration of a VxRail vSAN stretched cluster. Let's assume that we are deploying a VxRail cluster (with eight E560 nodes) across the preferred site and the secondary site, and that a vSphere cluster is running at the witness site.

Deploying a vSAN stretched cluster witness

We will deploy a vSAN witness appliance in a vSphere cluster at the witness site. The following is the procedure for deploying the vSAN witness appliance:

1. Go to the VMware website (https://my.vmware.com/web/vmware/downloads/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/6_7#drivers_tools) and select the corresponding version on the Select Version menu. For VxRail version 4.7.x, select 6.7. We can download the latest version of the VMware Virtual SAN Witness Appliance 6.7U3j OVA file on the VMware vSAN Tools, Plug-ins and Appliances menu:
   

   Figure 9.3 – Download page of the VMware vSAN witness appliance

2. Assume there is a vSphere cluster running at the witness site. We upload the vSAN witness OVA file and deploy it into this vSphere cluster. Then, click the NEXT button:
   

   Figure 9.4 – Deploy OVF Template

3. Specify the witness hostname, select the target location, and then click the NEXT button:
   

   Figure 9.5 – Selecting a target folder

4. Select the target data center. Then, click the NEXT button:
   

   Figure 9.6 – Selecting a target data center

5. Review the template details. Then, click the NEXT button:
   

   Figure 9.7 – Reviewing the template details

6. Accept all license agreements. Then, click the NEXT button:
   

   Figure 9.8 – Accepting all license agreements

7. Select the Medium configuration for deployment. Then, click the NEXT button:
   

   Figure 9.9 – Selecting the deployment configuration of the witness host

8. Select the target datastore. Then, click the NEXT button:
   

   Figure 9.10 – Selecting the target datastore

9. Select the network port group for Management Network and Witness Network on the Destination Network menu. Then, click the NEXT button:
   

   Figure 9.11 – Selecting the target network

10. Specify the root account password and click the NEXT button:
    

    Figure 9.12 – Specifying the root account password

11. Review the configuration and click the FINISH button to deploy the vSAN witness host:
    

    Figure 9.13 – Reviewing the configuration

12. Once the vSAN witness appliance is deployed, we need to power on this virtual appliance. We log in to the appliance as a root account. The vSAN witness appliance has two virtual network adapters (vmnic0 and vmnic1). vmnic0 is used for the vSphere management network, while vmnic1 is used for the vSAN network. Go to Configure Management Network and select vmnic0:
    

    Figure 9.14 – Configure Management Network on a vSAN witness appliance

13. Choose Set static IPv4 address and network configuration and specify the IP address, subnet mask, and default gateway. Then, press Enter:
    

    Figure 9.15 – Set static IPv4 address and network configuration

    Important note

    The management network on the witness host must be able to reach the vCenter Server Appliance on VxRail.

14. Configure the DNS servers and hostname and then press Enter:
    

    Figure 9.16 – DNS Configuration

15. Go to Testing Management Network to verify that all the tests have passed:
    

    Figure 9.17 – ESXi management network testing

16. Go to the vCenter server that manages the VxRail cluster across the preferred and secondary sites and then create a new data center, VxRail-Witness-Datacenter, for the witness host. Use the Add Host wizard to add the vSAN witness host to this new data center:
    

    Figure 9.18 – Adding the witness host to a data center

17. Select the witness host and go to the Configure tab, choose vmk1 on the witnessPg port group, and then click the Edit… button:
    

    Figure 9.19 – vSAN witness port group

18. Select the vSAN service and set the MTU as 1500:
    

    Figure 9.20 – Port properties on vmk1

19. Go to the IPv4 settings and select Use static IPv4 settings. Specify the IP address and the subnet mask for the vSAN network, and then click the OK button:

Figure 9.21 – IPv4 settings on vmk1

Now that we've concluded management of the network and the vSAN network for the vSAN witness host, we will discuss the configuration of the VxRail vSAN stretched cluster in the next section.

Configuring the VxRail vSAN stretched cluster

In this section, we will discuss the configuration of the VxRail vSAN stretched cluster. The following is the procedure for deploying the VxRail vSAN stretched cluster:

1. Go to the vCenter server on the VxRail cluster, choose the Configure tab, and select Fault Domains under vSAN. Then, click the CONFIGURE STRETCHED CLUSTER button:
   

   Figure 9.22 – Creating the stretched cluster

2. We must create two fault domains, Preferred and Secondary. Move the corresponding VxRail nodes into each fault domain and click the NEXT button:
   

   Figure 9.23 – Configuring the fault domains

3. Select the witness host, and then click the NEXT button:
   

   Figure 9.24 – Selecting the witness host

4. Claim disks for the witness host. Select a cache tier and a capacity tier. Then, click the NEXT button:
   

   Figure 9.25 – Claim disks for witness host

5. Review the configuration and then click the FINISH button:
   

   Figure 9.26 – Confirming the configuration of the stretched cluster

6. Once the configuration of the stretched cluster is completed successfully, we go to the Monitor tab and select vSAN health. Make sure that all the tests have passed:
   

   Figure 9.27 – vSAN health

7. Once the vSAN stretched cluster has been created successfully, we will create two stretched cluster host groups: one is used for the preferred site, and the other is used for the secondary site. Go to the Configure tab and select VM/Host Groups, click the Add button to add to the hosts from the preferred site to the host group's Preferred Site, and click the OK button. Then, select the hosts from the secondary site to add to the other host group's Secondary Site:
   

   Figure 9.28 – Create VM/Host Group

8. Once the host group has been created, we can see two host groups:
   

   Figure 9.29 – VM/Host Groups

9. We will create two stretched cluster VM groups: one is used for the preferred site, and the other is used for the secondary site. Click the Add button to select the VMs from the preferred site to add to the VM group's PreferredSite_VM and click the OK button. Then, select the VMs from the secondary site to add to the other host group's SecondarySite_VM:
   

   Figure 9.30 – Create VM/Host Group

10. Once the VM groups have been created, we can see two VM groups:
    

    Figure 9.31 – Creating host groups and VM groups

11. Once we have created two host groups and two VM groups, we need to create two VM/host rules to associate VM groups with host groups and ensure that selected VMs run on a particular site (preferred or secondary). Go to the Configure tab and select VM/Host Rules, click the Add button to create the should rule for the preferred and secondary sites, specify the rule name ShouldRunPreferred, and choose the host and VM groups that were created in Steps 7 and 9:
    

    Figure 9.32 – Create VM/Host Rule

12. Once two VM/host rules have been created, we can see two Should rules:
    

    Figure 9.33 – Creating the two "should" rules

13. Now we will set up Admission Control, ensuring that HA has sufficient resources available to restart VMs when a site failure occurs (preferred or secondary). Select Override calculated failover capacity.. Specify 50% of CPU and Memory. Then, click the OK button:
    

    Figure 9.34 – Admission Control settings

14. When using vSphere HA on a vSAN stretched cluster, we need to ensure that the isolation address for both preferred and secondary sites is configured. If we have only one default vSAN gateway, set only das.isolationaddress0; if we have two default vSAN gateways, set both das.isolationaddress0 and das.isolationaddress1. Click the Add button and enter each Option and Value:
    

    Figure 9.35 – Advanced Options on vSphere HA

15. If we are using Layer 3 switchings for the witnessPg port group in the vSAN stretched cluster witness (Step 18 in the Deploying a vSAN stretched cluster witness section), we must add the static routes of the witness and the VxRail nodes for communication.

    Enable SSH on each VxRail node. The SSH service is disabled by default on VxRail. SSH into each VxRail as root (the preferred and secondary sites). Execute the following command:

    esxcli network ip route ipv4 add -n <Witness VSAN subnet/24> -g <Local VSAN gateway>

    Enable SSH on the witness host. The SSH service is disabled by default on the witness host. SSH into the witness host as root. Execute the following command:

    esxcli network ip route ipv4 add -n <VxRail node VSAN subnet/24> -g <Local VSAN gateway>

16. When we've finished the configuration of the static route on the vSAN stretched cluster, we will set up the VM storage policy for the vSAN stretched cluster. Make sure Site disaster tolerance is set to Dual site mirroring (stretched cluster) and Failures to tolerate is set to 1 failure - RAID-1 (Mirroring):
    

    Figure 9.36 – Creating a VM storage policy

17. Once the VM storage has been created, we can assign this policy to the VMs.

In the next section, we will discuss an overview of the active-active-passive solution for VxRail.

Overview of the active-active-passive solution for VxRail

If we deployed the vSAN stretched cluster on VxRail between the primary and secondary sites, how could the disaster recovery solution for the vSAN stretched cluster be extended? VMware Site Recovery Manager (SRM) also supports extending the site-level protection to other sites. In Figure 9.37, we can see that there are four separate sites: they are Preferred Site, Secondary Site, Witness Site, and Remote Site. The vSAN stretched cluster builds on VxRail across the preferred and secondary sites, and the vSAN witness host is running at the witness site. The VxRail cluster is running at the remote site. The SRM is enabled with vSphere Replication between the vSAN stretched cluster and the VxRail cluster. If the vSAN stretched cluster has a fault, we could execute the SRM recovery plan to recover all the protected VMs on the vSAN stretched cluster in the VxRail cluster at the remote site:

Figure 9.37 – The logical diagram of the active-active-passive solution for VxRail

If you want the details of deploying the SRM solution with vSphere Replication on VxRail, you can go to Chapter 8, Active-Passive Solution for VxRail.

Summary

In this chapter, we learned the advantages of the active-active solution for VxRail. We learned how to deploy and configure a vSAN stretched cluster on VxRail, using VMware Site Recovery Manager and vSphere Replication to extend the disaster recovery feature on VxRail appliances across three locations. We acquired the skills to deploy a VxRail vSAN stretched cluster and facilitate the disaster recovery solution across three separate locations in this chapter.

In the next chapter, we will learn about the migration methodology for migrating VMs into the VxRail system.

Questions

1. Which feature provides the active-active solution on VxRail?

   a. VMware Site Recovery Manager

   b. vSphere Replication

   c. A vSAN stretched cluster

   d. Dell EMC RecoverPoint for Virtual Machines

   e. All the above

2. What is the minimum number of sites required for a vSAN stretched cluster?

   a. Two data sites

   b. Three data sites

   c. One data site and one witness site

   d. Two data sites and one witness site

   e. Three data sites and two witness sites

   f. None of the above

3. What is the network requirement for a vSAN stretched cluster between the preferred and secondary sites?

   a. The network latency between two data sites should be more than 5 milliseconds.

   b. The network latency between two data sites should not be more than 5 milliseconds.

   c. The network latency between two data sites should not be more than 10 milliseconds.

   d. The network latency between two data sites should be more than 10 milliseconds.

   e. None of the above.

4. What is the bandwidth requirement for a vSAN stretched cluster between two data sites?

   a. 1 GB

   b. 10 GB or above

   c. 10 GB or above, and network latency should not be more than 5 milliseconds

   d. 1 GB and network latency should not be more than 10 milliseconds

   e. All the above

5. Which deployment configuration does it support for the vSAN witness host?

   a. Only a virtual server

   b. Only a physical server

   c. Either the virtual server or the physical server

   d. OVF format

   e. All the above

6. Where can we download the installation file for the vSAN witness host?

   a. The Dell EMC website

   b. Make a request to the Dell EMC support team

   c. Make a request to the VMware support team

   d. The VMware software website

   e. None of the above

7. How many virtual network adapters do we need to set up following vSAN witness appliance deployment?

   a. One virtual network adapter is used for the management network.

   b. Two virtual network adapters: one is used for the management network, and the other is used for the VM network.

   c. Two virtual network adapters: one is used for the management network, and the other is used for the vSAN network.

   d. One virtual network adapter is used for the vSAN network.

   e. None of the above

8. Which data protection software can support RPO set to zero?

   a. vSphere Replication

   b. Dell EMC Avamar

   c. Dell EMC RecoverPoint for Virtual Machines

   d. Site Recovery Manager

   e. VMware vRealize Operations Manager

9. Which replication mode can support vSphere Replication?

   a. Asynchronization

   b. Synchronization

   c. Asynchronization with RPO set to 0

   d. Synchronization with RPO set to 0

   e. All the above

10. How many vCenter servers and SRM servers does the SRM solution on VxRail require?

    a. One vCenter server and one SRM server

    b. Two vCenter servers and one SRM server

    c. Two vCenter servers, two SRM servers, and one vSphere Replication appliance

    d. Two vCenter servers, two SRM servers, and two vSphere Replication appliances

    e. None of the above

11. Which software requires an optional license when we set up the active-active-passive solution for VxRail?

    a. vCenter Server Appliance

    b. VxRail Manager

    c. vSphere Replication

    d. Site Recovery Manager

    e. All the above

12. How do we configure a VM storage policy for a vSAN stretched cluster on VxRail if PFTT is set to 1, SFTT is set to 1, and TDM is set to mirroring?

    a. We select Dual site mirroring (stretched cluster) on the Site Disaster Tolerance menu and select 1 failure - RAID-1 (Mirroring) on the Failure to tolerate menu.

    b. We select Dual site mirroring (stretched cluster) on the Site Disaster Tolerance menu.

    c. We select 1 failure - RAID-1 (Mirroring) on the Failure to tolerate menu.

    d. We select None - keep data on Preferred (stretched cluster) on the Site Disaster Tolerance menu and select 1 failure - RAID-1 (Mirroring) on the Failure to tolerate menu.

    e. We select None - keep data on Non-preferred (stretched cluster) on the Site Disaster Tolerance menu and select 1 failure - RAID-1 (Mirroring) on the Failure to tolerate menu.