DR Architecture bests pratices

Mhh, when you have your vCenter server on the production site to manage production and DR vSphere, which vCenter will you use in disaster? I think you will need vCenter HA or similar…

Or you need to setup a supported backup of your vCenter and recreate it with this...

Is your connection between the sites strong enough to handle the backup and replica traffic? Otherwise you could add a second repository on the prod site and use this as a the target for your backup jobs and copy the backups at a time with less traffic.

The one major problem you’ll have here is that Veeam Disaster Recovery Orchestrator requires access to vCenter, it doesn’t support interacting with vSphere hosts directly. If your DR site is purely for DR and runs no production workloads then you may want to run vCenter from your DR site. You could look to run vCenter in HA but you’ll always have the issue of where the witness sits in a 2 site design.

More information on the vCenter requirement for VDRO is available here: https://helpcenter.veeam.com/docs/vdro/userguide/system_requirements.html?ver=50

Specifically “Note: The Orchestrator server must be connected to VMware vCenter Servers. Direct connections to vSphere hosts are not supported.”

Another excellent point here for Proxies. 

Hi @herbi,

Moving the “slave” vCenter and witness to the DR site would certainly keep your recovery a possibility in a DR scenario, but if you lost site to site connectivity, your production site would lose quorum. Have you got a third site you could use as a witness?

You’ve mentioned a 10Gb link between sites so you should be fine but do factor in the latency for vCenter HA over a stretched network must be below 10ms.

You could use Essentials but you’d have to have a second SSO domain as essentials won’t let you share this, could cause you some extra friction or administrative effort.

Have you already got vCenter configured as HA or were you thinking of deploying HA?

If the link is stable and redundant I’d suggest moving vCenter to your DR site if you’re only licensed for one site. Preferrably though I’d just buy a second vCenter license and link the two, no need to rely on any remote connectivity for vCenter management is best. The feature is vCenter enhanced linked mode and more information is available here: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vcenter.install.doc/GUID-4394EA1C-0800-4A6A-ADBF-D35C41868C53.html

vCenter being backed up by tools such as Veeam isn’t recommended before and would only complicate recovery efforts if it doesn’t exist so it’s not a step I would want to miss out on my recovery plan.

Hi there!
My recommendation would be to keep it as simple as possible,
IMHO:
when you enter in DR mode, it's very important to see everything clear and have a clear plan and priorities.
I would move the Veeam B&R vm to the DR Site, the Repos would set them up as Scale Out. to be able to add a future cloud or remote storage.
also the Veeam Storage I would set it in a virtual hard disk, presenting the Storage from the NAS to the DR Vsphere as NFS or so, as a Datastore, not presenting it directly to veeam as a CIFS repo.
And finally, if you have more than 1 ESXi host in the DR site, I would install a secondary vcenter in the DR site, and communicate both to have full access to the environment in case of DR, if the DR site has only 1 ESXi Host, I would keep it without secondary vcenter (I never had any issue spinning up a vcenter replica in a DR situation), saving budget and in case of DR, Spin up first the vcenter and the DCs for comms and logons, then the rest of vms.

Thanks @ger.itpro  for your suggestion.

Concerning the repository, the idea of a physical server withh iscsi seems very interesting to me. I could have a significant IOPs performances.

The benefit of SMB/CIFS is better flexible, I can easily browse the repository content directly on my NAS.

Regards