Every customer of Zettagrid uses our products differently. As such the networking requirements of their VMs are different too.
If you are reading this it means that you have decided to protect the VMs in your VDC by replicating them to another Availability Zone using SecondSite Interzone.
You will fall into one of the following categories;
- Using an NSX Edge.
- NSX Edges deployed in HA mode. Essentially 2 NSX Edges.
- vShield Edge.
- Vyatta deployment of some description.
- A third party firewall/networking virtual or physical appliance that you fully manage.
Why does it matter what I use
For every SecondSite deployment we automatically deploy an NSX Edge for free. If you are using an NSX Edge in the production site then things will be very similar. If you are using one of other options above then things will be a little different.
In all scenarios there needs to be some thought on the networking as this will be a task that is required in every scenario.
Example production VDC
As you can see below this is an example of a simple VDCs firewall, NAT and DHCP configuration, these need to be recreated on the new NSX Edge for SecondSite Interzone.
Recreate the networks in DR site
As we have seen above there is a few networking components we need to recreate.
Log into the new SecondSite Interzone service from your MyAccount page and configure the base networks as per How Do I Setup Interzone Replication
Now recreate the rules as per the example above.
Please note! If you are not already using an NSX Edge in your production VDC then you will need to log onto whatever device you are using and note down all the networking rules that you currently use.
Please note! The main difference between your production and DR site will be that the external IP address/addresses will be different in each zone.
In the production site in the above example the external IP address is 184.108.40.206 and as such the rules specify this IP. As you can see in the below screenshot from the new NSX Edge in the DR site the external IP address is now 220.127.116.11.
Proceed to the DHCP, NAT and Firewall tabs now and one by one duplicate the rules you have created on the production site.
Help with the configuration
The following links will give you step by steps in creating the required DHCP, NAT and Firewall rules;
- Internet Access in a NSX VDC
- RDP Access in a NSX VDC
- Networks Tab
- Load Balancing
- IPSec VPN
- Dynamic Routing
- Syslog Configuration
Implications if you don’t recreate the Networking Configuration
If you forgot to recreate the rules or do not create everything you require then do not worry.
Your VMs will still fail over in a few minutes and will still be fully accessible via MyAccount. Depending on how you normally access the VMs though this will likely mean that users in the office can not access the file server if its in Zettagrid. Or customers will not be able to access your website if that is what you are hosting until such time as you setup the required NAT and Firewall rules.
At that point you will need to log onto the MyAccount page and setup these critical networking steps. As always our support team is available for assistance if you are not yet comfortable with the NSX Edge GUI and have been through the above links.