To outline the steps required to update Site recovery Manager with the new network references.
VMC on AWS SDDC went through migration to CVDS.
Network mappings in Site Recovery Manager are empty.
Protected VMs show configuration issue for the NIC device.
During CVDS migration, network references are changed from an OpaqueNetwork type and value such as network-oNN to a DistributedVirtualPortgroup type and value such as dvportgroup-NN. The network name is preserved by the CVDS migration.
Before resuming use of Site Recovery Manager (running operation on a Recovery Plan or configuring new VMs for protection), Site Recovery Manager configuration must be updated with the new network references - network mappings and protected VM recovery location settings.
SRM Recovery Plan operations are expected to fail until the import is done, as SRM would point to the old network references.
VMware has automatically updated the configuration for VMC on AWS to VMC on AWS SRM pairings.
For each SRM pairing b/w the VMC on AWS SDDC and on-premises follow the below steps to execute import of Site Recovery Manager configuration that was automatically exported before the CVDS migration. This import will update the network references by looking up the new references from the network name.
At some machine that has network connectivity to the VMC on AWS SDDC vCenter Server and Site Recovery Manager and also on-premises vCenter Server/Platform Services Controller and Site Recovery Manager:
Before you can use the APIs to retrive a list of Site Recovery Manager nodes and to download the Site Recovery Manager configuration export file, you must obtain an access token.
To obtain the token follow https://kb.vmware.com/s/article/79543.
A. Linux:export
REFRESH_TOKEN=...
export
AUTH_TOKEN=$(curl
"https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize"
-X POST -d
"api_token=$REFRESH_TOKEN"
| jq -r .access_token)
export
DRAAS_BACKEND_URL=https:
//vmc
.vmware.com
export
ORG_ID=...
export
SDDC_ID=...
B. Windows PowerShell:$REFRESH_TOKEN=
"..."
$AUTH_TOKEN=Invoke
-WebRequest
-Method
Post
-Uri
"https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize"
-Body
@{
"api_token"
= $REFRESH_TOKEN} | ConvertFrom
-Json
|
Select-Object
-ExpandProperty
access_token
$DRAAS_BACKEND_URL=
"https://vmc.vmware.com"
$ORG_ID=
"..."
$SDDC_ID="..."
C. Windows PowerShell + curl + jq:$REFRESH_TOKEN=
"..."
$AUTH_TOKEN=$(curl.exe
"https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize"
-X
POST
-d
"api_token=$REFRESH_TOKEN"
| jq-win64.exe
-r
.access_token)
$DRAAS_BACKEND_URL=
"https://vmc.vmware.com"
$ORG_ID=
"..."
$SDDC_ID="..."
Note the id and hostname of each Site Recovery Manager node.
A. Linux:curl
"$DRAAS_BACKEND_URL/vmc/draas/api/orgs/$ORG_ID/sddcs/$SDDC_ID/site-recovery"
-X GET -H
"csp-auth-token: $AUTH_TOKEN"
| jq .srm_nodes
curl
"$DRAAS_BACKEND_URL/vmc/draas/api/orgs/$ORG_ID/sddcs/$SDDC_ID/site-recovery"
-X GET -H
"csp-auth-token: $AUTH_TOKEN"
| jq -r '.srm_nodes[] | .id + " " + .hostname'
B. Windows PowerShell:Invoke
-WebRequest
-Method
Get
-Uri
"$DRAAS_BACKEND_URL/vmc/draas/api/orgs/$ORG_ID/sddcs/$SDDC_ID/site-recovery"
-Headers
@{
"csp-auth-token"
= $AUTH_TOKEN} | ConvertFrom
-Json
|
Select-Object
-ExpandProperty
srm_nodes
Invoke
-WebRequest
-Method
Get
-Uri
"$DRAAS_BACKEND_URL/vmc/draas/api/orgs/$ORG_ID/sddcs/$SDDC_ID/site-recovery"
-Headers
@{
"csp-auth-token"
= $AUTH_TOKEN} | ConvertFrom
-Json
|
Select-Object
-ExpandProperty
srm_nodes |
Select-Object
id, hostname
C. Windows PowerShell + curl + jq:curl.exe
"$DRAAS_BACKEND_URL/vmc/draas/api/orgs/$ORG_ID/sddcs/$SDDC_ID/site-recovery"
-X
GET
-H
"csp-auth-token: $AUTH_TOKEN"
| jq-win64.exe
-r
.srm_nodes
curl.exe
"$DRAAS_BACKEND_URL/vmc/draas/api/orgs/$ORG_ID/sddcs/$SDDC_ID/site-recovery"
-X
GET
-H
"csp-auth-token: $AUTH_TOKEN"
| jq-win64.exe
-r
'.srm_nodes[] | .id + \" \" + .hostname'
Pairings such as vcenter.sddc-A-B-C-D.vmwarevmc.com <-> vcenter.sddc-E-F-G-H.vmwarevmc.com, are VMC to VMC and the Site Recovery Manager configuration import is handled automatically for these after CVDS migration.
All the other pairings (excluding Replications within the same vCenter Server) are VMC to on-prem and the steps below must be followed - to do Site Recovery Manager configuration import after CVDS migration.
For each of the other pairings, click on VIEW DETAILS to inspect the hostname of the Site Recovery Manager appliance (local to the VMC SDDC) that is backing that pairing. Each Site Recovery Manager appliance with have unique hostname. The hostname does reflect the custom Site Recovery Manager extension key suffix if such is used in the pairing.
From the list of Site Recovery Manager node id and hostname values from the previous step, note the matching Site Recovery Manager node id values.
A. Linux:export
SRM_NODE_ID=...
curl
"$DRAAS_BACKEND_URL/vmc/draas/api/orgs/$ORG_ID/sddcs/$SDDC_ID/site-recovery/srm-nodes/$SRM_NODE_ID/config/export"
-X GET -H
"csp-auth-token: $AUTH_TOKEN"
-o srm_config_export_$SRM_NODE_ID.xml
B. Windows PowerShell:$SRM_NODE_ID=
"..."
Invoke
-WebRequest
-Method
Get
-Uri
"$DRAAS_BACKEND_URL/vmc/draas/api/orgs/$ORG_ID/sddcs/$SDDC_ID/site-recovery/srm-nodes/$SRM_NODE_ID/config/export"
-Headers
@{
"csp-auth-token"
= $AUTH_TOKEN}
-OutFile
srm_config_export_$SRM_NODE_ID.xml
C. Windows PowerShell + curl + jq:$SRM_NODE_ID=
"..."
curl.exe
"$DRAAS_BACKEND_URL/vmc/draas/api/orgs/$ORG_ID/sddcs/$SDDC_ID/site-recovery/srm-nodes/$SRM_NODE_ID/config/export"
-X
GET
-H
"csp-auth-token: $AUTH_TOKEN"
-o
srm_config_export_$SRM_NODE_ID.xml
Download and unzip the VMware Site Recovery Manager 8.5.0.5 Configuration Import/Export Tool (or later version) from https://customerconnect.vmware.com/en/downloads/details?downloadGroup=VMC&productId=1123&rPId=61545. Even if the on-premises Site Recovery Manager version is 8.3.x or 8.4.x.
Note that older versions of the Site Recovery Manager Configuration Import/Export Tool impex tool are not compatible with the CVDS migration workflow.
Perform the import:
In terms of the Site Recovery Manager config export file, the VMC on AWS SDDC is named "local site" and the on-premises site is named "remote site".
For the local site - specify address and credentials for the VMC SDDC. Use any member of CloudAdminGroup, such as the cloudadmin account.
For the remote site - specify the on-premises site address and credentials. Use an account with SRM Administrator privileges (vCenter Administrator will also work).
See below for how to perform the import.
Option A. Example of import in interactive mode:java -jar
import
-
export-tool-8.5.0.jar --importInteractive --path srm_config_export_$SRM_NODE_ID.xml --overrideProtectionSettings
Option B. Example of import in properties file mode:
Create a properties file named for example srm_configuration.properties and specify the:
xmllint --xpath
"//*[name()='localSiteName']/text()"
srm_config_export_$SRM_NODE_ID.xml
Select
-Xml
-Path
srm_config_export_$SRM_NODE_ID.xml
-XPath
"//localSiteName"
|
Select-Object
-expand
node |
Select-Object
-expand
'#text'
OR
[xml]$srmConfigExportXml
=
Get-Content
srm_config_export_$SRM_NODE_ID.xml
$srmConfigExportXml
.configurablesWrapper.childNodes.localSiteName
srm_configuration.properties |
lookup.service.address=vcenter.sddc-A-B-C-D.vmwarevmc.com port=443 local.srm.name=srm.sddc-A-B-C-D.vmwarevmc.com local.auth.credentials.vc.username=cloudadmin local.auth.credentials.vc.password=<password for the cloudadmin account> remote.auth.credentials.vc.username=Administrator remote.auth.credentials.vc.password=<password for Administrator> |
java -jar import
-
export
-tool-8.5.0.jar --importProperties srm_configuration.properties --path srm_config_export_$SRM_NODE_ID.xml --overrideProtectionSettings
Note: If the above command runs for more than a few minutes and this happens on a Linux OS, check if "head -1 /dev/random" blocks or immediately prints some value. If it is still blocked, try using rng-tools to ensure there is enough entropy in the system.
Verify the configuration in Site Recovery UI:
In case of issues - check the log file for the import. This is located within the folder that the import was executed. Evaluate whether to retry the import or manually re-create the missing network mappings and reconfigure protected VM recovery location settings.
When performing Import of SRM config exported with version 8.5 and imported in SRM version 8.6, import fails with following lines seen in impex.log :
2022-12-16 10:53:29,173 [srm-reactive-thread-13] WARN com.vmware.srm.client.impex.importers.advancedSettings.SiteAdvancedSettingsImporter - Unable to import advanced settings for server with guid 'SDDC_ID'. (vmodl.fault.InvalidType) { faultCause = null, faultMessage = null, argument = changedValue[remoteManager.xVcVMotionTimeout] }
This is a known issue and can be ignored. Advanced Settings import is the last stage in SRM config import. All previous stages are not dependent on this one. There is a difference in versions for the API call, it is expected to receive an array of all AdvancedSetting objects and any invalid object will fail the call.
If there are only few networks used in the SRM network mappings and only few protected VMs and there are issues with executing the SRM configuration import, you may choose to follow the below steps for manual configuration: