The following article will go through the considerations, creation and configuration of Virtual Protection Group (VPG) in Zerto. The instructions are part of the DRaaS with Zerto setup process. Please refer to our Quickstart documentation for more information.
When creating VPGs, the main thing to consider is how you wish to group your VMs for replication and recovery. You may have a large variety of servers that manage different services or applications as well as servers on multiple networks. Whilst creating a separate VPG for each VM is possible and would facilitate granularity during failovers, it is also the most time-consuming approach.
The first VPG that you should consider creating is one for Domain Controllers and other core infrastructure VMs, i.e. DNS or NTP servers. In the event of a failover, you want to make sure this is the first VPG to failover to ensure that your domain services are available on the recovery side before the other servers boot up. You may run into issues if a SQL database or Exchange Server powers on before the Active Directory servers do, as that will restrict access or communication with the domain.
When it comes to creating VPGs for the rest of your servers, it’s good to establish a methodology and stick to it. A good idea might be to group servers that are dependent on each other for running an application. If you have a web server that needs to communicate with a database server, you might want to group these servers together. This way, if there is a failover scenario, you know these two servers will failover together. You can also set a boot order within the VPG, so in our case, we may want to make sure that during a failover, our database server powers on first, followed by the web server. Depending on your set up, you may have multiple database servers and application servers that are not part of the same application stack. You could consider grouping servers by their services. For instance, placing the Active Directory Domain Services and other critical servers in 1 or 2 VPGs. Next, you might have the Exchange Mailbox and SQL database servers in their own groups. Lastly, frontend application servers, i.e. web servers, Exchange Client Access Servers would be grouped together in one or more VPGs. So, during a failover, you would first kick off the critical Domain Services groups, then the mailbox and database VPGs, and lastly your application servers. The goal is to try to have your VMs grouped so that it provides an easy and understandable flow during failover scenarios.
For more details, please review our online VPG Considerations and Best Practices blog post.
1. With your ZVM and VRAs installed, you are now ready to create VPGs.
2. Click the VPGs tab on the left and then click the New VPG button near the top right section.
3. Fill in the VPG Name and set the VPG Priority and then hit next.
4. To add VMs to this VPG select the VMs you would like to add on the left pane and then click the Right Arrow in the middle of the window. You can also click Define Boot Order to create a boot order for the VMs in the VPG during failover.
5. In this window, you can create boot groups for your servers. Click Add Group then specify its name and drag and drop VMs to it. Then click Save. You can then set a time delay that affects the NEXT group of VMs. The screenshot below shows a boot order set to start the first VM, wait 30 seconds and then boot the second group.
6. Once you have added the VMs and have the boot order defined click Next.
7. In the Replication Tab, you will configure the global replication settings for the VPG.
9. On the Storage tab Zerto will confirm the configured disk settings of the original VM; thin or thick. It is recommended to leave the settings at their defaults. What’s worth remembering is that changing this setting later would force a full sync of the drive.
Please note the Swap column. This is a feature that enables you to exclude the swap file (Windows) or swap space (Linux) from replication. As Zerto works on the hypervisor level and can't "see" into the operating system this feature requires the VM to have it's swap file/space is on a dedicated VMDK. You can then tick the box in the Swap column to exclude that VMDK from replication. This is especially recommended for VMs with a large memory allocation, which determines the recommended size of the swap file/space, and a large change rate. A classic example would be database servers, like SQL Server or Exchange Mailbox Servers. As the swap data is recreating upon boot of the OS anyway, and as the VMs will boot up upon failover, replicating a large amount of swap data puts an unnecessary load on the replication VPN tunnel.
10. On the Recovery Tab, you will select the network to use during a Live or Test Failover.
If you prefer, you can use a separate test failover network, this allows you to run a failover test and connect to the failover environment through an IPSec VPN tunnel. If you would like to use a Failover Test network, please inform your iland Project Manager.
Zerto will display all your networks built in your iland Secure Cloud environment. Make sure you do not select the replication network for your VPG. This network is only used for data replication.
11. On the NICs tab you can perform the required settings by hovering over the selected field and clicking a the little pencil that appears. Remember that the settings are set separately for Live and test failovers. There's a drop down menu that allows you to select which mode you are modifying. You can also check a NIC of a VM and then choose Edit Selected to configure the IP Address of any NIC.
12. If a custom Service Profile was selected you will see some greyed out setting on the Retention Policy tab. They pertain to Zertos Long Term retention settings. As iland does not utilize this functionality please click Next.
13. Please review the Summary tab of the VPG and hit done when you are ready to create the VPG.
14. Once the VPG is created it will automatically begin initial replication and enter the "Initializing" state.
Once you've setup the VPGs you can monitor their health in the Zerto Virtual Manager. If you would prefer to receive email alerts you can configure them by going to Site Settings and selecting the Email Settings option on the left.
You can specify the email server settings and the account that will be used to send the alerts. Please be mindful that the ZVM has not fields for TLS/SSL settings or account credentials, so an online mail service, like Office 365 can't be used.
To send an email when an alert is issued, select Enable sending alerts. This will send an email once the RPO configured for a specific VPG has been reached, i.e. if you specyfied a VPG to have a recovery point within 5 minutes once that threshold is reached you will receive an email with the alert.
If you do not have a dedicated connection for Zerto replication or if you do not utilise any rate limiting on your VPN tunnel configuration it would be prudent to enable bandwidth throttling in the ZVM. This would prevent Zerto from using more bandwidth then you are happy to allocate for replication. It should especially be considered when performing an initial sync of multiple VMs. The throttling settings can be found in Site Settings, under the Performance and Throttling section.
If you tick the first checkbox you will enable throttling that will be applied 24/7. The following example would throttle Zerto at 10 Megabytes per second (80 Megabits per second) at all times.
An interesting option is the time based throttling. It allows you to specify the time of day, business hours for example, of when replication traffic will be throttled. In the following example replication will be capped at 5 Megabytes per second (40 Megabits per second) from 8AM to 6PM. Unfortunately there's no way to differentiate between the days of the week and setup a separate schedule for Saturday and Sunday.
Interesting results can be achieved when combining the two options. In the example below replication traffic will be throttled to 3 Megabytes per second (24 Megabits per second) from 9AM to 5PM but will be throttled to 6 Megabytes per second (48 Megabits per second) outside of that timeframe.
Please be mindful that the bandwidth provided by your ISP will be provided in Megabits (Mb) but the value of Zerto throttling is specified in Megabytes (MB). 1 Megabyte is equal to 8 Megabits. Please remember to perform the conversion as needed. If you would like to allocate 100 Mb to replication traffic for example please specify 12 MB in the Throttling settings, as 100/8=12.5 so we can round it up to 12.