Configure the Recovery Site
This article describes the prerequisite configuration for the recovery (Oracle Cloud VMware Solution) site.
Understand Default Network Settings
Oracle Cloud VMware Solution deployment is one-click fully automated and ready to use. As part of the automation, the following network settings are configured by default.
| VLANS | Network Security Groups (NSGS) | Route Tables |
|---|---|---|
|
|
|
Subnet-V is the default subnet that’s created as part of the Oracle Cloud VMware Solution network setup. It’s used to host the VMware ESXi hosts. A separate security list called Security list for subnet-v is created for Subnet-V.
Prepare Network and Connectivity
Understand the following considerations and prerequisites for networking and connectivity:
- The Oracle Cloud Infrastructure tenancy is connected to your on-premises data center through either FastConnect or IPSec VPN. The type of connectivity depends on your architectural and other requirements.
- The VLAN-S-vSphere network is used to host SRM, vSphere Replication appliance, and any such additional components.
- A dynamic routing gateway (DRG) is used to terminate the IPSec VPN or FastConnect traffic and accepts the communication between the on-premises SDDC and Oracle Cloud VMware Solution.
- Create a private subnet in the VCN to host the DNS server. This subnet uses the default security list and default route table.
- Create a public subnet in VCN to host the bastion server. This subnet uses the default security list and default route table.
- Create one internet gateway for public communication.
- Create one NAT gateway for internet access to the private subnet.
- Create one service gateway for access to Oracle Cloud Infrastructure services.
- Calculate the vSphere replication bandwidth requirement to analyze the link-speed requirement.
- Deploy and configure the DNS server according to the instructions in the article, Configure DNS for an Oracle Cloud VMware Solution SDDC, below.
Configure Routing and Communication
In the default route table for VMware-SDDC-VCN, add the following route rules:
- Target type Internet Gateway for destination 0.0.0.0/0 to enable public access for the bastion host.
- Target type Dynamic Routing Gateway for the on-premises destination network.
- Target type NAT Gateway for internet access to private instances.
- Target type Dynamic Routing Gateway for the on-premises destination network.
Configure Network Security and Network Security Groups
When configuring network security and security groups, you should follow these considerations and prerequisites:
- Update the default security lists for VMware-SDDC-VCN and Subnet-V for communication between on-premises and Oracle Cloud VMware Solution for the DNS and ESXi hosts.
- Add the following ingress rules in NSG for VLAN-S-vSphere:
- Accept communication from on-premises network subnets.
- Accept communication from the VCN subnet that hosts the DNS server, bastion host, and other such components.
- Accept communication from the on-premises ESXi host. This is required for vSphere Replication to work.
Obtain Access and Management Permissions
Ensure that required permissions are available to perform SRM operations on-premises and in Oracle Cloud VMware Solution. The default vCenter administrator can perform the SRM operations.
Pair Sites Over FastConnect or IPSec VPN
Configure the peering connection to pair both sites.
- The FastConnect configuration process is described in "FastConnect" in the Oracle Cloud Infrastructure documentation.
- The IPSec VPN, configuration process is described in "Connection Over IPSec VPN" in Oracle Cloud Infrastructure documentation.