WARNING. This script is to be used for informational and learning purposes only. Should you choose to modify and or include this script in your test or production environments, you do so at your own risk. Custom scripts are only supported by Embotics, when they are produced by an Embotics Application Architect as part of a paid service engagement.
Should you require assistance modifying or troubleshooting the script, please contact your Customer Advocate who will provide you with a quote for Professional Services.
This article describes a means by which vCommander® administrators can configure integration with Zerto disaster recovery to provide optional DR services when customers request vCenter VMs, and disable protection when it is no longer required. Optional configuration is provided for a command workflow. Additionally, details are provided for setting up a scheduled task to keep information synchronized between the Zerto and vCommander applications.
Requirements
- Embotics® vCommander™ 5.7.4 or later
- vCommander REST API PowerShell libraries
- vCommander PowerShell Client 2.7
- Zerto 5.0 Update 3
- PowerShell v4 installed on the vCommander application server
- vCommander scripts
Scripts
Download and extract the scripts to your vCommander application server. Embotics recommends storing all scripts called by vCommander in a single location, using sub-folders to identify the functions of particular scripts. With the scripts extracted to C: on the vCommander server, the file system will look like this:
C:\Scripts\Zerto\Production\ZertovCommanderOrg_Add.ps1
C:\Scripts\Zerto\Production\ZertovCommanderOrg_Remove.ps1
C:\Scripts\Zerto\Production\ZertotovCommander_Sync.ps1
In order to use these scripts without modification beyond the basics listed below, the organization names in vCommander must match the names of the Zerto Virtual Protection Group (VPG). Otherwise, you must edit the scripts to include "if" statements to line up the organizations and VPGs.
Note that the Timeout line only appears in the ZertovCommanderOrg_Add.ps1 script. All other lines appear in each of the three scripts.
Creating the Custom Attributes
In order for this solution to work, you must first create two custom attributes, which will be used to control user preferences and note the DR preferences on a per VM basis. One of the custom attributes also contributes to cost calculation, if you are tracking costs associated with use of Zerto.
- Under the Configuration menu, click Custom Attributes.
- Click Add.
- On the Define Attributes page, configure the options as follows and then click Next:
Name: Protect VM?
Description: Controls whether or not the VM will be registered with Zerto DR.
Type: List
Applies To: Services (VMs, Virtual Services, etc.)
Edit in Service Portal: Disabled Add the values Yes and No to the list, then click Finish.
- Under the Configuration menu, click Custom Attributes.
- Click Add.
- On the Define Attributes page, configure the options as follows and then click Next:
Name: Zerto Protection Group
Description: The name of the Zerto VPG.
Type: Text
Applies To: Services (VMs, Virtual Services, etc.)
Edit in Service Portal: Disabled Select Free Form and click Finish.
Creating Compatible Services
You'll be able to use this solution with any or all of the services in your Service Catalog, but you may wish to create a subset of services specifically to use with the Zerto Completion Workflow described in this article. If that's the case, also consider creating a category that you can use to quickly filter your Service catalog down to Zerto-compatible services. You can also import a Zerto icon to make it even more clear.
Creating the Service Form
Here's where you'll need to decide what's appropriate for your business. Our assumption in this article is that you'll only be interested in using Zerto to protect production VMs, and so you're going to create a new Service Form assigned specifically to an organization used by IT to deploy production VMs. This means only they will see the Zerto option when making new VM requests. There are other valid use cases. For example, managed services providers (MSPs) may offer Zerto as a paid value-add. If you need any assistance designing the forms, please contact the Embotics Technical Support Team.
- Under the Configuration menu, click Service Request Configuration.
- Switch to the Form Designer tab.
- Under the Form Library section, click Add.
- Configure the form as follows, then click OK:
Form Name: Production Requests
Form Type: New Request Form
Select Publish - Specific Organizations, users and groups and apply to orgs enabled to deploy to production Configure the form with whatever tools are relevant to your business. You must include the Custom Attribute form element and configure it for the attribute Protect VM? at a minimum. Click Save.
Creating the Completion Workflow
Your existing Approval Workflows can be used with this solution, but you'll need to update your existing Completion Workflows or create a new Completion Workflow to handle the process of adding the deployed VMs to Zerto VPGs.
- Under the Configuration menu, choose Service Request Configuration.
- Switch to the Completion Workflow tab and click Add.
- Enter an appropriate Name and choose to Apply this workflow: after a VM is deployed. Click Next.
On the Steps page, click Add > Wait for Event and configure the step as follows:
Step Name: Wait for IP/DNS
Step Execution: Always Execute
Wait For: Service to obtain IP address and DNS name
Wait Time: 300 seconds
Wait Time Exceeded: Mark workflows step as failed: do not proceedClick Add > Execute Script and configure the step as follows:
Name: Zerto Registration
Step Execution: Execute when conditions are met - #{target.settings.customAttribute['Protect VM']} -eq "yes"
Timeout: 600 Seconds
Script Output: Capture script output as comment
When Step Fails: Mark workflow step as failed: do not proceed
Command Line:powershell.exe -ExecutionPolicy Bypass -command "&{C:\Scripts\Zerto\Production\ZertovCommanderOrg_Add.ps1 "#{request.organization.name}" "#{target.deployedName}"}"
Add any other steps as appropriate. You may consider steps to notify users that the action has been complete, for example. Click Next.
On the Assigned Components page, select the components under the services you created. Click Next.
Click Finish.
(Optional) Creating a Command Workflow
Alternatively or in addition to using a Completion Workflow, you can also configure a Command Workflow and make it available for select vCommander and Service Portal users.
- Under the Configuration menu, choose Command Workflows. Click Add.
- Configure the Name & Type page as follows, then click Next:
Name: Protect with Zerto
Icon: Choose an appropriate icon
Target Type: VM Click Add > Execute Script and configure the step as follows, then click Next:
Step Name: Execute Script
Step Execution: Always execute
Timeout: 300 Seconds
Script Output: Capture script output as comment
When Step Fails: Mark workflow step as failed: do not proceed
Command Line:powershell.exe -ExecutionPolicy Bypass -command "&{C:\Scripts\Zerto\Production\ZertovCommanderOrg_Add.ps1 "#{target.organization.name}" "#{target.deployedName}"}"
Choose to either Allow everyone to access this workflow or Allow these specific users/groups to access this workflow, using the controls to assign specific users, groups or organizations if selecting the latter. Click Next.
Check Display in Service Portal if you want to grant Service Portal users with permission to run command workflows access to register VMs with Zerto. Check Prompt for confirmation, updating the Confirmation Message if you choose. Click Next.
Click Finish.
Creating Ownership Policies for Zerto Replication Folders
When there is a failover event, the failing VM is recreated with a functional duplicate. Because the duplicate does not have the same unique vCommander fingerprint, an ownership policy must be in place to make sure appropriate users will have continued access to the VM. You will need to create a policy for each organization's failover location in your infrastructure.
- Under the Configuration menu, choose Policy. Click Add.
- On the Choose a Policy page, choose Default Ownership and click Next.
Provide a meaningful Name and Description, then click Next.
Using either the Operational or VMs and Templates view type, check all targets in your infrastructure where Zerto will failover VMs for the applicable users/groups/organizations and click Next.
Set the options on the Configure the Policy page as follows, then click Next:
Check Enable Policy
Set any desired Action (for example, you might want to run a workflow to notify someone that failover has occurred).
Organization: choose the appropriate organization
Login / Email: add any individual or AD security group and click Add.
Check For any children of the selected target(s), allow the creation of another instance of this policy (allow override) if you need to create another policy in a child location of one or more targets set on the previous page.Click Finish.
Scheduling Zerto to vCommander Synchronization
- Logged in as an Administrator, open Task Scheduler from the Administrative Tools in the Start Menu.
- In the Actions pane, click Create Basic Task.
- Name the task Synchronize Zerto and vCommander and add a meaningful Description. Click Next.
- Choose to trigger the task Daily and click Next. Choose a time to run the task, and set it to recur every day. Click Next.
- Choose Start a program and click Next.
- Click Browse... to locate the PowerShell executable.
- Add the argument:
& 'c:\Scripts\Zerto\ZertovCommander_Sync.ps1'
- Click Finish.
Creating the Unprotect Form and Workflow
Finally, you'll configure a decommissioning process that removes VMs which are no longer needed from Zerto. This involves creating another Completion Workflow and Form, similar to those created above. First, create the form. This time it's a Change Request form rather than a New Service Request form.
- Under the Configuration menu, click Service Request Configuration.
- Switch to the Form Designer tab.
- Under the Form Library section, click Add.
- Configure the form as follows, then click OK:
Form Name: Unprotect VM - Remove from Zerto
Form Type: Change Request Form
Select Publish - Specific Organizations, users and groups and apply to organizations who should be allowed to remove Zerto protection.
Configure the form with whatever tools are relevant to your business. You must include the Component Name element and set it as required, at a minimum. Click Save.
- Under the Configuration menu, click Service Request Configuration.
- Switch to the Completion Workflow tab and click Add.
- Enter an appropriate Name and choose to Apply this workflow: after a Change Request is fulfilled. Click Next.
Click Add > Execute Script and configure the step as follows, then click Next:
Step Name: Execute Script
Step Execution: Execute when conditions are met - #{target.settings.customAttribute['Protect VM?']} -eq "yes"
Timeout: 300 Seconds
Script Output: Capture script output as comment
When Step Fails: Mark workflow step as failed: do not proceed
Command Line:
powershell.exe -ExecutionPolicy Bypass -command "&{C:\Scripts\Zerto\Production\ZertovCommanderOrg_Remove.ps1 "#{request.organization.name}" "#{target.deployedName}"}"
Select Apply this workflow to the selected forms and choose the form Unprotect VM - Remove from Zerto, then click Next.
Click Finish.