Home > Storage > PowerFlex > White Papers > Implementing Dell PowerFlex SRA with VMware Site Recovery Manager > Reprotection
After a recovery plan has run, there are often cases where the environment must continue to be protected against failure to ensure its resilience and to meet objectives for disaster recovery. SRM offers reprotection which is an extension to recovery plan management that enables the environment at the recovery site to establish replication and protection of the environment back to the original protected site. This behavior allows users to recover the environment quickly and easily back to the original site if necessary.
It is important to note that a unassisted reprotection by SRM may not always be possible depending on the circumstances and results of the preceding recovery operation. Recovery plans run in planned migration mode are the likeliest candidates for a subsequent successful automated reprotection by SRM. Exceptions to this occur if certain failures or changes have occurred between the time the recovery plan was run and the reprotection operation was initiated. Those situations may cause the reprotection to fail. Similarly, if a recovery plan was run in disaster recovery mode, any persisting failures may cause a partial or complete failure of a reprotection of a recovery plan.
These different situations are described in the following sections.
The scenario leading to a successful reprotection is one after a planned migration. In the case of a planned migration there are no failures in either the storage or compute environment that preceded the recovery operation. Therefore, reversing recovery plans/protections groups and swapping and establishing replication in the reverse direction is possible.
If failed-over virtual machines eventually need to be returned to the original site or if they require PowerFlex replication protection, it is recommended to run a reprotect operation as soon as possible after a migration.
Reprotect is only available after a recovery operation has occurred, which is indicated by the recovery plan being in the Recovery complete state. Later versions of SRM warn the user about Reprotect needed as shown in Figure 91.
A reprotect can be run by selecting the appropriate recovery plan and then selecting the REPROTECT links as shown in Figure 92.
The reprotect operation does the following things:
The PowerFlex GUI events log records the reversal of replication. An example is shown in Figure 93.
Figure 90 shows the steps involved in a reprotect operation.Note: If the command syncOnce fails during reprotect, the process still completes successfully.
The previous section describes the best possible scenario for a smooth reprotection because it follows a planned migration where no errors are encountered. For recovery plans failed over in disaster recovery mode, this may not be the case.
Disaster recovery mode allows for failures ranging from a small to a full site failure of the protection data center. If these failures are temporary and recoverable a fully successful reprotection may be possible once those failures have been rectified. In this case, a reprotection behaves similar to the scenario described in the previous section. If a reprotection is run before the failures are corrected or certain failures cannot be fully recovered, an incomplete reprotection operation occurs. This section describes this scenario.
For reprotect to be available, the following steps must first occur:
If the protected site SRM server was disconnected during failover and is reconnected later. The SRM wants to retry certain recovery operations before allowing reprotect. This typically occurs if the recovery plan was not able to connect to the protected side vCenter server and power off the virtual machines due to network connectivity issues. If network connectivity is restored after the recovery plan was failed over. The SRM detects this situation and requires the recovery plan to be re-run in order to power those VMs down.
A reprotection operation fails if it encounters any errors the first time it runs. If so, the reprotect must be run a second time but with the Force cleanup option selected as shown in Figure 96.
Once the force option is selected, any errors are acknowledged and reported but ignored. This allows the reprotect operation to continue even if the operation has experienced errors. All the possible steps are attempted and completed. Therefore, in certain situations, the PowerFlex replication may not be properly reversed even though the recovery plan and protection groups were. If the Configure Storage to Reverse Direction step fails, manual user intervention with PowerFlex GUI or CLI may be required to complete the process. The user should ensure that:
If a temporary storage failure or replication partition happens, it is likely that manual intervention is required prior to performing a reprotect operation. In this situation, the source devices may not have been unmounted.
In extreme circumstances, the storage and/or the compute environment may be rendered completely unrecoverable due to a disaster. In this scenario, reprotect might not be possible. Therefore, the process of reprotection of the original recovery site is no different than the original setup of the protection groups and recovery plans from scratch. An example of an unrecoverable failure would be if the protection site array was lost and then replaced, requiring new RCG pair relationships.