Hello,
I have been playing with this in the lab for a bit. A customer had an issue and confusion doing this in VAO so that means I need to figure it out and write it up. So here we are.
Situation
We have virtual machines on two different VLANs that need to be able to talk to each other during a VAO Test Failover. This means the two VLANS need to chat, and do so without about being able to get outside the two VLANs. So these two VLANS are on a private, isolated, and non-routing network.
I will set through how to make it work. I will offer comments along the way.
Replicated VMs
I have some replicated virtual machines on each of the two VLANs. See below for one of them.
You can see it is on VLAN10.
Virtual Lab setup
This is the hard part for some. So I will step through it in detail.
You need to create a virtual lab. This is in Veeam Backup & Replication - and the one that is on the DR side - so lets start the console. Change to the Backup Infrastructure view, and select Virtual Labs. Use the Add Virtual Lab button to start the wizard.
The first panel in the wizard is easy.
We pick a name. Notice that I use VL to start it (virtual lab) and I use DR to show it is a VL for VAO rather than for SureBackup? Also, SureBackup Jobs (SBJ) are normally on the production site, and and DR holds the VLs for VAO.
Next we pick a host in the DR site.
Lots of room left on this host with only 7 VMs running on it.
Next we select a datastore.
Make sure you select a datastore that makes sense - on your DR site and accessible to all the hosts.
Next we configure the outside of our router that stands guard in front of our test environment.
I cannot imagine when you would not use the proxy appliance in the virtual lab. Disaster would likely follow. I normally find the production network properly selected but it might not always be selected right if you have a complex network environment. I normally use DHCP to configure the IP for the appliance and have not had issues with that.
On the next screen you would normally select the Advanced multi-host option. It is the best choice for hosting virtual labs as it means more than one host can be part of a test failover. If that is not required the Advanced single-host works good and doesn’t need a Distributed Switch.
The next screen is the most important one. Make darn sure you understand it well, and if not yell at me and I will add text, or clarify things or whatever.
You use the Add button to add your two VLANs, next you select the production network and it fills in the Isolated network name. BUT, you need to add something to make both lines different. Note above I used _MW and _MW2 to make sure both lines are different? Doing that means you can have two different VLAN IDs. In addition, the VLAN ID cannot be the default but must be changed. So above you see 11 instead of 10, and 21 instead of 20. This will keep your private test network private - BTW, don’t forget those are the VLANs that should be on your distributed switch and allows you to have your VMs talk to each other on different hosts. If you use the actual VLAN ID here you will not have a private test network.
The next screen is interesting as well.
You will use the Add button to add each of the virtual networks to this screen. In our case we have two VLANs so we have two virtual networks. I have DHCP enabled but that is your choice. The Appliance IP field should have the default gateway from the production network for each virtual network. The Masquerade IP is done by default and is for inward access so leave it alone for now.
BTW, I believe the max number of virtual network is currently 9.
Note I have selected the Route network traffic between vNICs option at the bottom of the screen? That means both VLANS can talk.
The next screen is about static mappings that is for letting people into your private test network. Don’t do that lightly!
Now we see the Ready info.
It is good to check things before you Apply / Finish.
VAO
You need to make sure that you use this virtual lab when want to test a failover using the VMs on these vLANs. I suggest doing the test failover and leaving the plan VMs running so you can check things out the first time - by seeing what you can and cannot ping.
End Result
Now when you to a Lab Test, and use this Virtual Lab, you will have VMs on both VLANs, and able to ping each other, but not outside the private lab, and no one will be able to ping or otherwise reach into this private network. Very cool.
Questions or comments are always welcome! Don’t forget that you can see all my technical VAO articles with this link.
Michael
=== END ===
