1. Protect your VMware SDDC in the cloud against disasters
  2. Configure Primary and Recovery Sites

Configure Primary and Recovery Sites

Because both the primary and recovery environments are based on Oracle Cloud VMware Solution, all prerequisites are the same for both sites.

Understand Default Network Settings

Oracle Cloud VMware Solution deployment is one-click fully automated and ready to use. As part of the automation, the following network settings are configured by default.

VLANS Network Security Groups (NSGS) Route Tables
  • VLAN-S-vSphere
  • VLAN-S-NSX VTEP
  • VLAN-S-vSAN
  • VLAN-S-vMotion
  • VLAN-S-NSX Edge Uplink 1
  • VLAN-S-NSX Edge Uplink 2
  • VLAN-S-NSX Edge VTEP
  • NSG for VLAN-S-vMotion
  • NSG for VLAN-S-vSphere
  • NSG for VLAN-S-vSAN
  • NSG for VLAN-S-NSX Edge Uplink 1
  • NSG for VLAN-S-NSX VTEP
  • NSG for VLAN-S-NSX Edge VTEP
  • Route table for VLAN-V-vMotion
  • Route table for VLAN-V-vSphere
  • Route table for VLAN-V-NSX Edge Uplink 2
  • Route table for VLAN-V-NSX Edge Uplink 1
  • Route table for Subnet-V
  • Default route table for VMware-SDDC-VCN

Subnet-V is the default subnet that’s created as part of the Oracle Cloud VMware Solution network setup. It’s used to host the VMware ESXi hosts. A separate security list called Security list for subnet-v is created for Subnet-V.

Prepare Network and Connectivity

Following are considerations and prerequisites for networking and connectivity:

  • Both Oracle Cloud VMware Solution clusters are connected over a local peering gateway (LPG).
  • VLAN-S-vSphere is used to host SRM, vSphere Replication appliance, and any such additional components on both sites.
  • Create a private subnet in the VCN to host the DNS server. This subnet uses the default security list and default route table.
  • Create a public subnet in the VCN to host the bastion server. This subnet uses the default security list and default route table.
  • Create one LPG for each Oracle Cloud VMware Solution VCN cluster to connect to the other Oracle Cloud VMware Solution VCN.
  • Create one internet gateway for public communication.
  • Create one NAT gateway for internet access to the private subnet.
  • Create one service gateway for access to Oracle Cloud Infrastructure services.
  • Deploy and configure the DNS server according to the instructions in the article “Oracle Cloud VMware Solution DNS Configuration”.
  • Create a local peering connection between the sites’ LPGs.

Configure Routing and Communication

Add route rules as follows:

  • In the default route table for VMware-SDDC-VCN, add the following route rules:
    • Target type Internet Gateway for destination 0.0.0.0/0 to enable public access for the bastion host.
    • Target type Local Peering Gateway for the other site’s Oracle Cloud VMware Solution cluster network.
  • In the route table for VLAN-V-vSphere, add the following route rules:
    • Target type NAT Gateway for internet access to the private subnet.
    • Target type Local Peering Gateway for the other site’s Oracle Cloud VMware Solution cluster network.

Configure Network Security and Network Security Groups

Following are considerations and prerequisites for network security:

  • Update the default security lists for VMware-SDDC-VCN and Subnet-V for communication between the Oracle Cloud VMware Solution clusters deployed within the region and for the DNS and ESXi hosts.
  • Add the following ingress rules in NSG for VLAN-S-vSphere:
    • Accept communication from the VCN subnets in the other site’s Oracle Cloud VMware Solution cluster. This is required for vSphere Replication to work.
    • Accept communication from the VCN subnet that hosts the DNS server, bastion server, and other such components.

Obtain Access and Management Permissions

Ensure that required permissions are available to perform SRM operations on-premises and in Oracle Cloud VMware Solution. The default vCenter administrator can perform the SRM operations.

Pair Sites by Using LPG

Configure the local peering connection to pair both sites.

This procedure is beyond the scope of this document. If necessary, familiarize yourself with the process as described in "Local VCN Peering (Across Regions)" in the Oracle Cloud Infrastructure documentation.

Configure the DNS

To ensure that both sites can communicate with each other using FQDN, verify that both the primary and recovery DNS servers have all forward and reverse lookup entries for both sites’ vCenter, SRM, vSphere Replication, and NSX.