Manage VMware vCenter Server
This article summarizes management actions on a VMware vCenter Server in Azure Site Recovery.
Verify prerequisites for vCenter Server
The prerequisites for vCenter Servers and VMs during disaster recovery of VMware VMs to Azure are listed in the support matrix.
Set up an account for automatic discovery
When you set up disaster recovery for on-premises VMware VMs, Site Recovery needs access to the vCenter Server/vSphere host. The Site Recovery process server can then automatically discover VMs, and fail them over as needed. By default, the process server runs on the Site Recovery configuration server. Add an account for the configuration server to connect to the vCenter Server/vSphere host as follows:
Sign in to the configuration server.
Open the configuration server tool (cspsconfigtool.exe) using the Desktop shortcut.
On the Manage Account tab, click Add Account.
Provide the account details, and click OK to add it. The account should have the privileges summarized in the account permissions table.
Note
It takes about 15 minutes to synchronize account information with Site Recovery.
Account permissions
Task | Account | Permissions | Details |
---|---|---|---|
VM discovery/migration (without failback) | At least a read-only user account. | Data Center object –> Propagate to Child Object, role=Read-only | User assigned at datacenter level, and has access to all the objects in the datacenter. To restrict access, assign the No access role with the Propagate to child object, to the child objects (vSphere hosts, datastores, virtual machines, and networks). |
Replication/failover | At least a read-only user account. | Data Center object –> Propagate to Child Object, role=Read-only | User assigned at datacenter level, and has access to all the objects in the datacenter. To restrict access, assign the No access role with the Propagate to child object to the child objects (vSphere hosts, datastores, virtual machines, and networks). Useful for migration purposes, but not full replication, failover, failback. |
Replication/failover/failback | We suggest you create a role (AzureSiteRecoveryRole) with the required permissions, and then assign the role to a VMware user or group. | Data Center object –> Propagate to Child Object, role=AzureSiteRecoveryRole Datastore -> Allocate space, browse datastore, low-level file operations, remove file, update virtual machine files Network -> Network assign Resource -> Assign VM to resource pool, migrate powered off VM, migrate powered on VM Tasks -> Create task, update task Virtual machine -> Configuration Virtual machine -> Interact -> answer question, device connection, configure CD media, configure floppy media, power off, power on, VMware tools install Virtual machine -> Inventory -> Create, register, unregister Virtual machine -> Provisioning -> Allow virtual machine download, allow virtual machine files upload Virtual machine -> Snapshots -> Remove snapshots |
User assigned at datacenter level, and has access to all the objects in the datacenter. To restrict access, assign the No access role with the Propagate to child object, to the child objects (vSphere hosts, datastores, virtual machines, and networks). |
Add VMware server to the vault
When you set up disaster recovery for on-premises VMware VMs, you add the vCenter Server/vSphere host on which you're discovering VMs to the Site Recovery vault, as follows:
- In vault > Site Recovery Infrastructure > Configuration Severs, open the configuration server.
- In Details page, click vCenter.
- In Add vCenter, specify a friendly name for the vSphere host or vCenter server.
- Specify the IP address or FQDN of the server.
- Leave the port as 443 unless your VMware servers are configured to listen for requests on a different port.
- Select the account used to connect to the VMware vCenter or vSphere ESXi server. Then click OK.
Modify credentials
If necessary, you can modify the credentials used to connect to the vCenter Server/vSphere host as follows:
Sign in to the configuration server.
Open the configuration server tool (cspsconfigtool.exe) using the Desktop shortcut.
Click Add Account on the Manage Account tab.
Provide the new account details, and click OK. The account needs the permissions listed in the account permissions table.
In the vault > Site Recovery Infrastructure > Configuration Severs, open the configuration server.
In Details, click Refresh Server.
After the Refresh Server job finishes, select the vCenter Server.
In Summary, select the newly added account in vCenter server/vSphere host account, and click Save.
Delete a vCenter Server
In the vault > Site Recovery Infrastructure > Configuration Severs, open the configuration server.
On the Details page, select the vCenter server.
Click on the Delete button.
Modify the IP address and port
You can modify the IP address of the vCenter Server, or the ports used for communication between the server and Site Recovery. By default, Site Recovery accesses vCenter Server/vSphere host information through port 443.
In the vault > Site Recovery Infrastructure > Configuration Servers, click on the configurations server to which the vCenter Server is added.
In vCenter servers, click on the vCenter Server you want to modify.
In Summary, update the IP address and port, and save the changes.
For changes to become effective, wait for 15 minutes or refresh the configuration server.
Migrate all VMs to a new server
If you want to migrate all VMs to use a new vCenter Server, you just need to update the IP address assigned to the vCenter Server. Don't add another VMware account, since that might lead to duplicate entries. Update the address as follows:
- In the vault > Site Recovery Infrastructure > Configuration Servers, click on the configurations server to which the vCenter Server is added.
- In the vCenter servers section, click on the vCenter Server that you want to migrate from.
- In Summary, update the IP address to that of the new vCenter Server, and save the changes.
- As soon as the IP address is updated, Site Recovery starts receiving VM discovery information from the new vCenter Server. This doesn't impact ongoing replication activities.
Migrate a few VMs to a new server
If you only want to migrate a few of your replicating VMs to a new vCenter Server, do the following:
- Add the new vCenter Server to the configuration server.
- Disable replication for VMs that will move to the new server.
- In VMware, migrate the VMs to the new vCenter Server.
- Enable replication for the migrated VMs again, selecting the new vCenter Server.
Migrate most VMs to a new server
If the number of VMs that you want to migrate to a new vCenter Server is higher than the number of VMs that will remain on the original vCenter Server, do the following:
- Update the IP address assigned to the vCenter Server in the configuration server settings, to the address of the new vCenter Server.
- Disable replication for the few VMs that remain on the old server.
- Add the old vCenter Server and its IP address to the configuration server.
- Re-enable replication for the VMs that remain on the old server.
Next steps
If you have any issues, see Troubleshoot vCenter Server discovery failures.