Thursday, 27 June 2013

How to configure NetApp vFilers in a DMZ Context for VMware SRM 5

In this following post, we walk through the steps to setup DMZ vFilers and SnapMirror replication to work with VMware Site Recovery Manager 5. We will set up the vfilers vfiler_lon_dmz in the production site, and vfiler_frk_dmz in the DR Site. Remember, vFiler DR is not supported as an SRM array pairing (both arrays need to be online!)

The below diagram gives an idea of the vfiler_lon_dmz IP configuration at Site A (since this was run in a lab environment, the option to use VLANs was not available - which would not be the case in real life - and so we use dedicated interfaces)!

Image: vfiler_lon_dmz IP Addressing

The DMZ network is not route-able but presented to the ESX hosts.
We will have two volumes to be replicated - v_lon_dmz_vol1 and v_lon_dmz_vol2 - by SnapMirror for SRM.

A listing of the systems that will make up this lab:

Site A (London)
LONDMC01 - Domain Controller
LONNTP01 - NetApp Sim 8.1.2
+ with vfiler_lon_dmz
LONVCS01 - vCenter Server & SRM & VSC
LONESX01 - ESXi Host

Site B (Frankfurt)
FRKDMC01 - Domain Controller
FRKNTP01 - NetApp Sim 8.1.2
+ with vfiler_frk_dmz
FRKVCS01 - vCenter Server & SRM & VSC
FRKESX01 - ESXi Host

A listing of the IP addresses used on the storage:

Site A (London)
10.0.1.25 Mgmt (e0a)
10.0.1.31 Vfiler Mgmt (e0b)
192.168.101.31 Vfiler DMZ (e0c)
10.1.0.31 Vfiler Replication (e0d)

Site B (Frankfurt)
10.0.2.25 Mgmt (e0a)
10.0.2.31 Vfiler Mgmt (e0b)
192.168.102.31 Vfiler DMZ (e0c)
10.2.0.31 Vfiler Replication (e0d)

Note: The choice of London and Frankfurt here is completely arbitrary and has no relation to any real-world production environment!

PART 1: Configuring dmz vfiler on LONNTP01

## Licensing multistore and enabling
license add MULTISTORE_CODE
options licensed_feature.multistore.enable on

## Downing interfaces for the dmz_vfiler after removing any assigned IPs
ifconfig e0b 0.0.0.0
ifconfig e0b down
ifconfig e0c 0.0.0.0
ifconfig e0c down
ifconfig e0d 0.0.0.0
ifconfig e0d down

## Creating the ipspace
ipspace create ipspace_dmz_vfiler
ipspace assign ipspace_dmz_vfiler e0b
ipspace assign ipspace_dmz_vfiler e0c
ipspace assign ipspace_dmz_vfiler e0d

## Creating the vfiler
vol create v_lon_dmz_root -s none aggr2 1g
vfiler create vfiler_lon_dmz -s ipspace_dmz_vfiler -i 10.0.1.31 /vol/v_lon_dmz_root

Running Through the Create Script on LONNTP01’s dmz vfiler

Configure vfiler IP address 10.0.1.31? [y]:
Interface to assign this address to {e0b, e0c, e0d}: e0b
Netmask to use: [255.255.255.0]:
Please enter the name or IP address of the administration host:
Do you want to run DNS resolver? [n]:
Do you want to run NIS client? [n]:
New password:
Retype new password:
Do you want to setup CIFS? [y]: n

Creating/Adding Additional Volumes and IP Addresses

vol create v_lon_dmz_local -s none aggr2 10g
vol create v_lon_dmz_vol1 -s none aggr2 10g
vol create v_lon_dmz_vol2 -s none aggr2 10g
vfiler add vfiler_lon_dmz /vol/v_lon_dmz_local
vfiler add vfiler_lon_dmz /vol/v_lon_dmz_vol1
vfiler add vfiler_lon_dmz /vol/v_lon_dmz_vol2
vfiler add vfiler_lon_dmz -i 192.168.101.31
vfiler add vfiler_lon_dmz -i 10.1.0.31
vfiler run vfiler_lon_dmz setup

Running Through the Setup Script on LONNTP01’s dmz vfiler

===== vfiler_lon_dmz
The setup command will rewrite the /etc/exports, /etc/hosts, /etc/hosts.equiv, /etc/nsswitch.conf, and /etc/resolv.conf files …
Are you sure you want to continue? [yes]
Change binding for vfiler IP address 10.0.1.31? [n]:
Configure vfiler IP address 192.168.101.31? [y]:
Interface to assign this address to {e0b, e0c, e0d}: e0c
Netmask to use: [255.255.255.0]:
Configure vfiler IP address 10.1.0.31? [y]:
Interface to assign this address to {e0b, e0c, e0d}: e0d
Netmask to use: [255.255.255.0]:
Please enter the name or IP address of the administration host:
Do you want to run DNS resolver? [n]:
Do you want to run NIS client? [n]:

Note: It is very important to remember that re-running vfiler setup will rewrite the /etc/exports, /etc/hosts, /etc/hosts.equiv, /etc/nsswitch.conf, and /etc/resolv.conf files - if you already had any of these setup, the contents must be restored from the .bak files!

PART 2: Configuring dmz vfiler on FRKNTP01

## Licensing multistore and enabling
license add MULTISTORE_CODE
options licensed_feature.multistore.enable on

## Downing interfaces for the dmz_vfiler after removing any assigned IPs
ifconfig e0b 0.0.0.0
ifconfig e0b down
ifconfig e0c 0.0.0.0
ifconfig e0c down
ifconfig e0d 0.0.0.0
ifconfig e0d down

## Creating the ipspace
ipspace create ipspace_dmz_vfiler
ipspace assign ipspace_dmz_vfiler e0b
ipspace assign ipspace_dmz_vfiler e0c
ipspace assign ipspace_dmz_vfiler e0d

## Creating the vfiler
vol create v_frk_dmz_root -s none aggr2 1g
vfiler create vfiler_frk_dmz -s ipspace_dmz_vfiler -i 10.0.2.31 /vol/v_frk_dmz_root

Running Through the Create Script on FRKNTP01’s dmz vfiler

Configure vfiler IP address 10.0.2.31? [y]:
Interface to assign this address to {e0b, e0c, e0d}: e0b
Netmask to use: [255.255.255.0]:
Please enter the name or IP address of the administration host:
Do you want to run DNS resolver? [n]:
Do you want to run NIS client? [n]:
New password:
Retype new password:
Do you want to setup CIFS? [y]: n

Creating/Adding Additional Volumes and IP Addresses

vol create v_frk_dmz_local -s none aggr2 10g
vol create v_lon_dmz_vol1 -s none aggr2 10g
vol create v_lon_dmz_vol2 -s none aggr2 10g
vfiler add vfiler_frk_dmz /vol/v_frk_dmz_local
vfiler add vfiler_frk_dmz /vol/v_lon_dmz_vol1
vfiler add vfiler_frk_dmz /vol/v_lon_dmz_vol2
vfiler add vfiler_frk_dmz -i 192.168.102.31
vfiler add vfiler_frk_dmz -i 10.2.0.31
vfiler run vfiler_frk_dmz setup

Running Through the Setup Script on FRKNTP01’s dmz vfiler

===== vfiler_frk_dmz
The setup command will rewrite …
Are you sure you want to continue? [yes]
Change binding for vfiler IP address 10.0.2.31? [n]:
Configure vfiler IP address 192.168.102.31? [y]:
Interface to assign this address to {e0b, e0c, e0d}: e0c
Netmask to use: [255.255.255.0]:
Configure vfiler IP address 10.2.0.31? [y]:
Interface to assign this address to {e0b, e0c, e0d}: e0d
Netmask to use: [255.255.255.0]:
Please enter the name or IP address of the administration host:
Do you want to run DNS resolver? [n]:
Do you want to run NIS client? [n]:

PART 3: Further Configuration of dmz vfiler on LONNTP01

# Check IP addresses are assigned correctly
vfiler status -r

# Change context to the dmz vfiler
vfiler context vfiler_lon_dmz

# Create a route for replication traffic
route add host 10.2.0.31 10.1.0.1 1

PART 4: Further Configuration of dmz vfiler on FRKNTP01

# Check IP addresses are assigned correctly
vfiler status -r

# Change context to the dmz vfiler
vfiler context vfiler_frk_dmz

# Create a route for replication traffic
route add host 10.1.0.31 10.2.0.1 1

PART 5: Test connectivity

# From vfiler_lon_dmz@LONNTP01
ping 10.2.0.31

# From vfiler_frk_dmz@FRKNTP01
ping 10.1.0.31

PART 6: Update the configuration files

## Update rc file to make routes persistent across reboots ##

# From LONNTP01>
rdfile /etc/rc
wrfile -a /etc/rc route add host 10.2.0.31 10.1.0.1 1

# From FRKNTP01>
rdfile /etc/rc
wrfile -a /etc/rc route add host 10.1.0.31 10.2.0.1 1

## Update hosts file for replication network host name resolution ##

# From LONNTP01>
rdfile /vol/v_lon_dmz_root/etc/hosts
wrfile -a /vol/v_lon_dmz_root/etc/hosts vfiler_lon_dmz 10.1.0.31
wrfile -a /vol/v_lon_dmz_root/etc/hosts vfiler_frk_dmz 10.2.0.31

# From FRKNTP01>
rdfile /vol/v_frk_dmz_root/etc/hosts
wrfile -a /vol/v_frk_dmz_root/etc/hosts vfiler_lon_dmz 10.1.0.31
wrfile -a /vol/v_frk_dmz_root/etc/hosts vfiler_frk_dmz 10.2.0.31

PART 7: Configure SnapMirror

# From LONNTP01>
vfiler context vfiler_lon_dmz
options snapmirror.access host=10.2.0.31
snapmirror on

# From FRKNTP01>
vfiler context vfiler_frk_dmz
options snapmirror.access host=10.1.0.31
snapmirror on
vol restrict v_lon_dmz_vol1
vol restrict v_lon_dmz_vol2
vfiler context vfiler0
wrfile -a /vol/v_frk_dmz_root/etc/snapmirror.conf vfiler_lon_dmz:v_lon_dmz_vol1 vfiler_frk_dmz:v_lon_dmz_vol1 - - - - -
wrfile -a /vol/v_frk_dmz_root/etc/snapmirror.conf vfiler_lon_dmz:v_lon_dmz_vol2 vfiler_frk_dmz:v_lon_dmz_vol2 - - - - -
vfiler context vfiler_frk_dmz
snapmirror initialize -S vfiler_lon_dmz:v_lon_dmz_vol1 vfiler_frk_dmz:v_lon_dmz_vol1
snapmirror initialize -S vfiler_lon_dmz:v_lon_dmz_vol2 vfiler_frk_dmz:v_lon_dmz_vol2
snapmirror status
snapmirror status -l

Note 1: The snapmirror schedule is set to - - - - - here (we will let the VSC handle triggering of SnapMirror updates)
Note 2: After this stage, snapmirror running from inside the dmz vfilers context should be working AOK!

PART 8: Final NetApp vFiler Configurations for SRM (if not done already)

# From vfiler_lon_dmz@LONNTP01>
options httpd.admin.enable on
options httpd.enable on

# From vfiler_frk_dmz@FRKNTP01>
options httpd.admin.enable on
options httpd.enable on

PART 9: Configuring SRM

Configuring SRM is beyond the scope of this post. All being well, you should be able to add both dmz vfilers as arrays, see the SnapMirror volume relationships, place some VMs on the storage and test!

Note 1: If you are using NetApp SRA 2.0.1.0 and receiving the error “Element 'SourceDevices' is not valid for content model: (SourceDevice)” updating the SRA to 2.0.1P2 as per http://support.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=642115 fixes this issue.

Note 2: If this is for NFS datastores and you’re getting problems, double-check your exports file is configured correctly - for instance, if you are mounting a Qtree to VMware, be sure the Qtree is referenced in the exports file. An example is below:

# Corrected LONNTP01 with Qtrees export file
wrfile /vol/v_lon_dmz_root/etc/exports
# Press ctrl-c to exit
/vol/v_lon_dmz_root -sec=sys,rw,anon=0
/vol/v_lon_dmz_vol1/q_lon_dmz_vol1 -sec=sys,rw=192.168.101.0/24
/vol/v_lon_dmz_vol2/q_lon_dmz_vol2 -sec=sys,rw=192.168.101.0/24

# Corrected FRKNTP01 with Qtrees export file
wrfile /vol/v_frk_dmz_root/etc/exports
# Press ctrl-c to exit
/vol/v_frk_dmz_root -sec=sys,rw,anon=0
/vol/v_lon_dmz_vol1/q_lon_dmz_vol1 -sec=sys,rw=192.168.101.0/24

/vol/v_lon_dmz_vol2/q_lon_dmz_vol2 -sec=sys,rw=192.168.101.0/24

No comments:

Post a Comment