Zerto ZVM Win v9.7 to Linux Appliance v10

With v10, Zerto has opted to move away from the Windows based ZVM service in favour of utilising a Linux based appliance. Zerto have developed a migration tool to assist users in migrating from their existing Windows ZVM’s to the Linux Appliance (ZVMA). The below instructions include links to Zerto documentation as well as tips to help smooth the migration of your own environment.

Important notes before you begin

Zerto 10.0 will not install on the Hyper-V hypervisor and will not include a Windows-based ZVM deployment option. Users will not be able to use Zerto 10.0 to protect virtual machines on the Hyper-V hypervisor, but can continue protecting Hyper-V using Zerto 9.7. Legacy ZVM VMs can be migrated to the new appliances during the upgrade to Zerto 10.0 As with traditional Zerto upgrade policies, only the latest Zerto 9.7 version can be upgraded to Zerto 10.0.

  • The Migration utility supports vCenter and vCenter Cloud Director only. Zerto may introduce support for additional platforms in future releases.

  • To migrate your Windows ZVM to the latest available version of the ZVM Appliance (Linux), you must follow a migration process:

    • Deploy the latest supported version of the ZVM Appliance for migration. See ZVM Appliance Deployment.

    • Run the Zerto Migration Utility.

    • Once migration is complete, and you have successfully switched to the new Linux-based appliance, remove the Windows VM from the inventory. Do not run the Zerto uninstaller, as this would result in uninstalling the VRAs.

  • Duration: migration is expected to take 10-20 min. The migration of a ZVM using an external database should be much shorter.

  • The utility must be executed on the Windows ZVM machine. This will allow the utility to easily access the ZVM and gather the data needed for a successful migration.

  • The migration utility supports both internal and external databases.

Minimum Requirements

  • Storage: 180 GB

  • vSphere: 6.7, 7 or 8

  • Database: If using an external database: MS SQL 2012 or later, installed on Windows Server 2016 or later

Compatibility

Please be sure to check the Zerto compatibility matrix to ensure all components are compatible prior to initiating the migration: Interoperability Matrix - MyZerto

Linux Appliance Deployment

Zerto have included guides on their website for the deployment and configuration of the Linux Appliance (ZVMA).

ZVM Appliance Deployment

Appliance Manager Menu

Tips:

  • Default User/Pass for the Appliance is: zadmin/Zertodata123!

  • Ensure a static IP is used in the configuration

  • Make sure any included DNS servers in the configuration are valid as if any are wrong, this can cause issues with the migration

  • DO NOT manually configure the vCenter or external SQL server via the https://<ZVMA IP>/management portal. This will be handled by the migration tool

Keycloak (Optional)

The Linux Appliance utilises an internal Keycloak server for authentication going forward. If you have multiple users or do not want to use the default admin login, You’ll need to setup users within Keycloak in order to log into the ZVM going forward. This can be done prior to the migration.

You can access the Keycloak instance via https://<ZVMA IP>/auth

Zerto Guides:

Creating and Managing Users in Keycloak

ZVM Appliance Roles and Permissions

User Federation LDAP Provider

Note: It is possible to configure LDAP for Keycloak however Zettagrid will be unable to provide support for the setup of User Federation

Tips:

  • Default User/Pass for Keycloak: admin/admin

  • Be sure to switch the Keycloak realm to ‘Zerto’ before configuring anything. This can be found in the top left hand dropdown box

  • By default, all users will have admin access to the ZVM until you log into the https://<ZVMA IP>/management portal and under Security and RBAC, select ‘No Access’. This option is not available until AFTER the migration

    • If you are only using the default admin login, leave this option on ‘All Allowed’ otherwise the default admin account will be locked out

 

Migration Tool

The migration tool can be downloaded from downloaded from our support page here: https://zettagrid.atlassian.net/servicedesk/customer/portal/9/article/124912482

Prerequisites

  • Enable SSH on the ZVMA

  • The Windows ZVM must use a single Network Interface Card configured with a single static IP address.

    • If you use DHCP, configure the Windows ZVM to use a static IP address before initiating the migration process.

    • If you use multiple IP addresses, configure the Windows ZVM to use a single IP address before initiating the migration process.

    • If you use a multi-NIC setup, configure the Windows ZVM to use a single NIC before initiating the migration process.

    • After the migration, you can reconfigure the ZVM Appliance for a multi-NIC setup.

  • IMPORTANT: If you use an external SQL Database, we recommend you run the Zerto diagnostics tool to update the SQL server to use an IP address instead of DNS PRIOR to running the migration tool.

  • The migration tool will request 1 additional static IP to move the Win ZVM to as part of the migration

Zerto Guide:

Migration Wizard

Tips:

  • Perform a manual backup of your SQL database prior to upgrade

  • Ensure the account used in the SQL database for managing the Zerto database is able to connect from the Win ZVM and has permissions to run a backup

  • The Upgrade seems to create a duplicate of the existing database as part of the migration, ensure you have enough space

  • Take a snapshot of ZVMA (Linux appliance) prior to the migration. Should the migration fail, the migration tool will require a fresh install of the appliance which can be avoided with a snap revert

Post-Migration

Zerto Guides:

Post-migration Guide

Tips:

  • Web portal access is now on 443. Be sure to update any bookmarks

  • Default ZVM login: admin/admin

  • Check any internal DNS to ensure the ZVM IP is correct

  • If you opted to use the internal Keycloak, now is the time to log into https://<ZMVA IP>/managment and update the ‘Security & RBAC’ to ‘No Access’

Post Migration - ZORG not found in storage

As part of the migration from 9.7 to 10. A Known issue occurs where a table in the ZVM database is filled with incorrect data. On 10 U2 this does not present itself but upon upgrading to 10 U4, you may see an error on VPGs to the effect of ‘ZORG not found in storage’. To clear this error, please refer to the two sets of instructions below. One for customers with Internal Databases and one for External Databases

Internal Database

  1. Run the following command to stop the ZVM service: kubectl scale deployment zvm-service --replicas=0

  2. Run "k get pods" to check the status of the service shutdown. This will be complete when the 'zvm-service' disappears from the list

  3. Snapshot the ZVMA

  4. Run the following command to clear the table: kubectl exec -it $(kubectl get pods | awk '{print $1}' | grep zvm-db) -- /opt/mssql-tools/bin/sqlcmd -S localhost -U sa -P "zvmapp-5T^d#ak*Y6" -Q "use zvm_db; delete CloudConfigurationIdentifierStorageObject;"
    You should receive a message advising '1 rows affected'

  5. Run the following command to restart the ZVM service: kubectl scale deployment zvm-service --replicas=1

External Database

  1. Run the following command to stop the ZVM service: kubectl scale deployment zvm-service --replicas=0

  2. Run "k get pods" to check the status of the service shutdown. This will be complete when the 'zvm-service' disappears from the list

  3. Snapshot the ZVMA

  4. Connect to External SQL database and manually backup DB

  5. Identify the table CloudConfigurationIdentifierStorageObject (should be 1 line) and run a truncate command to delete all contents but leave the table itself.

  6. Run the following command to restart the ZVM service: kubectl scale deployment zvm-service --replicas=1

SSL Update

If you use an internal SSL certificate for your ZVM portal, you can use the below instructions to update the SSL certificate.

Certs are located /var/data/zerto/zappliance/ingress/certs
Ensure you have SSH enabled on the Appliance for this process

  1. Perform a backup on the existing SSL Certs
    cp /var/data/zerto/zappliance/ingress/certs/tls.key /var/data/zerto/zappliance/ingress/certs/tls.key.bak

    cp /var/data/zerto/zappliance/ingress/certs/tls.crt /var/data/zerto/zappliance/ingress/certs/tls.crt.bak

  2. Transfer the new certificates to the Appliance

  3. Copy files to directory
    cp tls.crt /var/data/zerto/zappliance/ingress/certs/tls.crt
    cp tls.key /var/data/zerto/zappliance/ingress/certs/tls.key

  4. Replace the SSL Certificate
    kubectl delete secret ingress-cert-secret

    kubectl create secret tls ingress-cert-secret --key /var/data/zerto/zappliance/ingress/certs/tls.key --cert /var/data/zerto/zappliance/ingress/certs/tls.crt

No reboot or service refresh is required