WARNING.  This script is to be used for informational and learning purposes only.  Should you choose to modify and or include this script in your test or production environments, you do so at your own risk.  Custom scripts are only supported by Embotics, when they are produced by an Embotics Application Architect as part of a paid service engagement.

Should you require assistance modifying or troubleshooting the script, please contact your Customer Advocate who will provide you with a quote for Professional Services.

This article describes a means by which vCommander® administrators can configure integration with Zerto disaster recovery to provide optional DR services when customers request vCenter VMs, and disable protection when it is no longer required. Optional configuration is provided for a command workflow. Additionally, details are provided for setting up a scheduled task to keep information synchronized between the Zerto and vCommander applications.




Requirements


Additionally, the vCommander application server must trust the Zerto ZVM. If you are using a self-signed certificate on the ZVM, this means you must logon to Windows on the vCommander application server and manually trust the certificate. See the Zerto documentation for more details.


Scripts

Download and extract the scripts to your vCommander application server. Embotics recommends storing all scripts called by vCommander in a single location, using sub-folders to identify the functions of particular scripts. With the scripts extracted to C: on the vCommander server, the file system will look like this:


C:\Scripts\Zerto\Production\ZertovCommanderOrg_Add.ps1

C:\Scripts\Zerto\Production\ZertovCommanderOrg_Remove.ps1

C:\Scripts\Zerto\Production\ZertotovCommander_Sync.ps1


In order to use these scripts without modification beyond the basics listed below, the organization names in vCommander must match the names of the Zerto Virtual Protection Group (VPG). Otherwise, you must edit the scripts to include "if" statements to line up the organizations and VPGs.



Note that the Timeout line only appears in the ZertovCommanderOrg_Add.ps1 script. All other lines appear in each of the three scripts.


Creating the Custom Attributes

In order for this solution to work, you must first create two custom attributes, which will be used to control user preferences and note the DR preferences on a per VM basis. One of the custom attributes also contributes to cost calculation, if you are tracking costs associated with use of Zerto.

The first custom attribute will simply indicate whether or not the VM will be registered with Zerto DR.


  1. Under the Configuration menu, click Custom Attributes.
  2. Click Add.
  3. On the Define  Attributes page, configure the options as follows and then click Next:

    Name: Protect VM?
    Description: Controls whether or not the VM will be registered with Zerto DR.
    Type: List
    Applies To: Services (VMs, Virtual Services, etc.)
    Edit in Service Portal: Disabled

  4. Add the values Yes and No to the list, then click Finish.


Important! If you will associate charges with VMs being protected by Zerto, you must assign a value to the custom attribute in your active cost model(s).


The other custom attribute will define the Virtual Protection Group of which the VM is a member.

  1. Under the Configuration menu, click Custom Attributes.
  2. Click Add.
  3. On the Define  Attributes page, configure the options as follows and then click Next:

    Name: Zerto Protection Group
    Description: The name of the Zerto VPG.
    Type: Text
    Applies To: Services (VMs, Virtual Services, etc.)
    Edit in Service Portal: Disabled

  4. Select Free Form and click Finish.


Creating Compatible Services

 You'll be able to use this solution with any or all of the services in your Service Catalog, but you may wish to create a subset of services specifically to use with the Zerto Completion Workflow described in this article. If that's the case, also consider creating a category that you can use to quickly filter your Service catalog down to Zerto-compatible services. You can also import a Zerto icon to make it even more clear.



Creating the Service Form

Here's where you'll need to decide what's appropriate for your business. Our assumption in this article is that you'll only be interested in using Zerto to protect production VMs, and so you're going to create a new Service Form assigned specifically to an organization used by IT to deploy production VMs. This means only they will see the Zerto option when making new VM requests. There are other valid use cases. For example, managed services providers (MSPs) may offer Zerto as a paid value-add. If you need any assistance designing the forms, please contact the Embotics Technical Support Team.


  1. Under the Configuration menu, click Service Request Configuration.
  2. Switch to the Form Designer tab.
  3. Under the Form Library section, click Add.
  4. Configure the form as follows, then click OK:

    Form Name: Production Requests
    Form Type: New Request Form
    Select Publish - Specific Organizations, users and groups and apply to orgs enabled to deploy to production


  5. Configure the form with whatever tools are relevant to your business. You must include the Custom Attribute form element and configure it for the attribute Protect VM? at a minimum. Click Save.



Creating the Completion Workflow

Your existing Approval Workflows can be used with this solution, but you'll need to update your existing Completion Workflows or create a new Completion Workflow to handle the process of adding the deployed VMs to Zerto VPGs. 


  1. Under the Configuration menu, choose Service Request Configuration.
  2. Switch to the Completion Workflow tab and click Add.
  3. Enter an appropriate Name and choose to Apply this workflow: after a VM is deployed. Click Next.


  4. On the Steps page, click Add > Wait for Event and configure the step as follows:

    Step Name: Wait for IP/DNS
    Step Execution: Always Execute
    Wait For: Service to obtain IP address and DNS name
    Wait Time: 300 seconds
    Wait Time Exceeded: Mark workflows step as failed: do not proceed


  5. Click Add > Execute Script and configure the step as follows:

    Name: Zerto Registration
    Step Execution: Execute when conditions are met - #{target.settings.customAttribute['Protect VM']} -eq "yes"


    Timeout: 600 Seconds
    Script Output: Capture script output as comment
    When Step Fails: Mark workflow step as failed: do not proceed
    Command Line:

    powershell.exe  -ExecutionPolicy Bypass -command "&{C:\Scripts\Zerto\Production\ZertovCommanderOrg_Add.ps1 "#{request.organization.name}" "#{target.deployedName}"}"

     


  6. Add any other steps as appropriate. You may consider steps to notify users that the action has been complete, for example. Click Next.

  7. On the Assigned Components page, select the components under the services you created. Click Next.



  8. Click Finish.


(Optional) Creating a Command Workflow

Alternatively or in addition to using a Completion Workflow, you can also configure a Command Workflow and make it available for select vCommander and Service Portal users. 

  1. Under the Configuration menu, choose Command Workflows. Click Add.
  2. Configure the Name & Type page as follows, then click Next:

    Name: Protect with Zerto
    Icon: Choose an appropriate icon
    Target Type: VM

  3. Click Add > Execute Script and configure the step as follows, then click Next:

    Step Name: Execute Script
    Step Execution: Always execute
    Timeout: 300 Seconds
    Script Output: Capture script output as comment
    When Step Fails: Mark workflow step as failed: do not proceed
    Command Line:

     

    powershell.exe  -ExecutionPolicy Bypass -command "&{C:\Scripts\Zerto\Production\ZertovCommanderOrg_Add.ps1 "#{target.organization.name}" "#{target.deployedName}"}"

     



  4. Choose to either Allow everyone to access this workflow or Allow these specific users/groups to access this workflow, using the controls to assign specific users, groups or organizations if selecting the latter. Click Next.

  5. Check Display in Service Portal if you want to grant Service Portal users with permission to run command workflows access to register VMs with Zerto. Check Prompt for confirmation, updating the Confirmation Message if you choose. Click Next.

  6. Click Finish.


Creating Ownership Policies for Zerto Replication Folders

When there is a failover event, the failing VM is recreated with a functional duplicate. Because the duplicate does not have the same unique vCommander fingerprint, an ownership policy must be in place to make sure appropriate users will have continued access to the VM. You will need to create a policy for each organization's failover location in your infrastructure.


  1. Under the Configuration menu, choose Policy. Click Add.
  2. On the Choose a Policy page, choose Default Ownership and click Next.

     

  3. Provide a meaningful Name and Description, then click Next.

  4. Using either the Operational or VMs and Templates view type, check all targets in your infrastructure where Zerto will failover VMs for the applicable users/groups/organizations and click Next.

  5.  Set the options on the Configure the Policy page as follows, then click Next:

    Check Enable Policy 
    Set any desired Action (for example, you might want to run a workflow to notify someone that failover has occurred).
    Organization: choose the appropriate organization
    Login / Email: add any individual or AD security group and click Add.
    Check For any children of the selected target(s), allow the creation of another instance of this policy (allow override) if you need to create another policy in a child location of one or more targets set on the previous page.

  6. Click Finish.


Scheduling Zerto to vCommander Synchronization

Windows Task Scheduler is used to execute the script which synchronizes data between Zerto and vCommander on a schedule you define. The steps below are an example using Windows 2008 R2. Other versions of the server OS may introduce slight variations. If you encounter these, refer to Microsoft documentation or contact Embotics Technical Support for assistance.

  1. Logged in as an Administrator, open Task Scheduler from the Administrative Tools in the Start Menu.
  2. In the Actions pane, click Create Basic Task.
  3. Name the task Synchronize Zerto and vCommander and add a meaningful Description. Click Next.
  4. Choose to trigger the task Daily and click Next. Choose a time to run the task, and set it to recur every day. Click Next.

  5. Choose Start a program and click Next.
  6. Click Browse... to locate the PowerShell executable.
  7. Add the argument:

     

    & 'c:\Scripts\Zerto\ZertovCommander_Sync.ps1'

     

    using the correct path to your copy of the script. Click Next.

  8. Click Finish.


Creating the Unprotect Form and Workflow

Finally, you'll configure a decommissioning process that removes VMs which are no longer needed from Zerto. This involves creating another Completion Workflow and Form, similar to those created above. First, create the form. This time it's a Change Request form rather than a New Service Request form. 

  1. Under the Configuration menu, click Service Request Configuration.
  2. Switch to the Form Designer tab.
  3. Under the Form Library section, click Add.
  4. Configure the form as follows, then click OK:

    Form Name: Unprotect VM - Remove from Zerto
    Form Type: Change Request Form
    Select Publish - Specific Organizations, users and groups and apply to organizations who should be allowed to remove Zerto protection.

  5. Configure the form with whatever tools are relevant to your business. You must include the Component Name element and set it as required, at a minimum. Click Save.

Finally, create the Completion Workflow to associate with this form.

  1. Under the Configuration menu, click Service Request Configuration.
  2. Switch to the Completion Workflow tab and click Add.
  3. Enter an appropriate Name and choose to Apply this workflow: after a Change Request is fulfilled. Click Next.

  4. Click Add > Execute Script and configure the step as follows, then click Next:

    Step Name: Execute Script
    Step Execution: Execute when conditions are met - #{target.settings.customAttribute['Protect VM?']} -eq "yes"


    Timeout: 300 Seconds
    Script Output: Capture script output as comment
    When Step Fails: Mark workflow step as failed: do not proceed
    Command Line:

     

    powershell.exe  -ExecutionPolicy Bypass -command "&{C:\Scripts\Zerto\Production\ZertovCommanderOrg_Remove.ps1 "#{request.organization.name}" "#{target.deployedName}"}"


     

  5. Select Apply this workflow to the selected forms and choose the form Unprotect VM - Remove from Zerto, then click Next.

  6. Click Finish.


You can also create a change request form to add Zerto protection following the same steps, to make it clear to users that the option is available.