Zerto ZVM Win v9.7 to Linux Appliance v10
With v10, Zerto has opted to move away from the Windows based ZVM service in favour of utilising a Linux based appliance. Zerto have developed a migration tool to assist users in migrating from their existing Windows ZVM’s to the Linux Appliance (ZVMA). The below instructions include links to Zerto documentation as well as tips to help smooth the migration of your own environment.
Important notes before you begin
Zerto 10.0 will not install on the Hyper-V hypervisor and will not include a Windows-based ZVM deployment option. Users will not be able to use Zerto 10.0 to protect virtual machines on the Hyper-V hypervisor, but can continue protecting Hyper-V using Zerto 9.7. Legacy ZVM VMs can be migrated to the new appliances during the upgrade to Zerto 10.0 As with traditional Zerto upgrade policies, only the latest Zerto 9.7 version can be upgraded to Zerto 10.0.
The Migration utility supports vCenter and vCenter Cloud Director only. Zerto may introduce support for additional platforms in future releases.
To migrate your Windows ZVM to the latest available version of the ZVM Appliance (Linux), you must follow a migration process:
Deploy the latest supported version of the ZVM Appliance for migration. See ZVM Appliance Deployment.
Run the Zerto Migration Utility.
Once migration is complete, and you have successfully switched to the new Linux-based appliance, remove the Windows VM from the inventory. Do not run the Zerto uninstaller, as this would result in uninstalling the VRAs.
Duration: migration is expected to take 10-20 min. The migration of a ZVM using an external database should be much shorter.
The utility must be executed on the Windows ZVM machine. This will allow the utility to easily access the ZVM and gather the data needed for a successful migration.
The migration utility supports both internal and external databases.
Minimum Requirements
Storage: 180 GB
vSphere: 6.7, 7 or 8
Database: If using an external database: MS SQL 2012 or later, installed on Windows Server 2016 or later
Compatibility
Please be sure to check the Zerto compatibility matrix to ensure all components are compatible prior to initiating the migration: Interoperability Matrix - MyZerto
Linux Appliance Deployment
Zerto have included guides on their website for the deployment and configuration of the Linux Appliance (ZVMA).
Tips:
Default User/Pass for the Appliance is: zadmin/Zertodata123!
Ensure a static IP is used in the configuration
Make sure any included DNS servers in the configuration are valid as if any are wrong, this can cause issues with the migration
DO NOT manually configure the vCenter or external SQL server via the https://<ZVMA IP>/management portal. This will be handled by the migration tool
Keycloak (Optional)
The Linux Appliance utilises an internal Keycloak server for authentication going forward. If you have multiple users or do not want to use the default admin login, You’ll need to setup users within Keycloak in order to log into the ZVM going forward. This can be done prior to the migration.
You can access the Keycloak instance via https://<ZVMA IP>/auth
Zerto Guides:
Creating and Managing Users in Keycloak
ZVM Appliance Roles and Permissions
Note: It is possible to configure LDAP for Keycloak however Zettagrid will be unable to provide support for the setup of User Federation
Tips:
Default User/Pass for Keycloak: admin/admin
Be sure to switch the Keycloak realm to ‘Zerto’ before configuring anything. This can be found in the top left hand dropdown box
By default, all users will have admin access to the ZVM until you log into the https://<ZVMA IP>/management portal and under Security and RBAC, select ‘No Access’. This option is not available until AFTER the migration
If you are only using the default admin login, leave this option on ‘All Allowed’ otherwise the default admin account will be locked out
Migration Tool
The migration tool can be downloaded from downloaded from our support page here: https://zettagrid.atlassian.net/servicedesk/customer/portal/9/article/124912482
Prerequisites
Enable SSH on the ZVMA
The Windows ZVM must use a single Network Interface Card configured with a single static IP address.
If you use DHCP, configure the Windows ZVM to use a static IP address before initiating the migration process.
If you use multiple IP addresses, configure the Windows ZVM to use a single IP address before initiating the migration process.
If you use a multi-NIC setup, configure the Windows ZVM to use a single NIC before initiating the migration process.
After the migration, you can reconfigure the ZVM Appliance for a multi-NIC setup.
IMPORTANT: If you use an external SQL Database, we recommend you run the Zerto diagnostics tool to update the SQL server to use an IP address instead of DNS PRIOR to running the migration tool.
The migration tool will request 1 additional static IP to move the Win ZVM to as part of the migration
Zerto Guide:
Tips:
Perform a manual backup of your SQL database prior to upgrade
Ensure the account used in the SQL database for managing the Zerto database is able to connect from the Win ZVM and has permissions to run a backup
The Upgrade seems to create a duplicate of the existing database as part of the migration, ensure you have enough space
Take a snapshot of ZVMA (Linux appliance) prior to the migration. Should the migration fail, the migration tool will require a fresh install of the appliance which can be avoided with a snap revert
Post-Migration
Zerto Guides:
Tips:
Web portal access is now on 443. Be sure to update any bookmarks
Default ZVM login: admin/admin
Check any internal DNS to ensure the ZVM IP is correct
If you opted to use the internal Keycloak, now is the time to log into https://<ZMVA IP>/managment and update the ‘Security & RBAC’ to ‘No Access’
Post Migration - ZORG not found in storage
As part of the migration from 9.7 to 10. A Known issue occurs where a table in the ZVM database is filled with incorrect data. On 10 U2 this does not present itself but upon upgrading to 10 U4, you may see an error on VPGs to the effect of ‘ZORG not found in storage’. To clear this error, please refer to the two sets of instructions below. One for customers with Internal Databases and one for External Databases
Internal Database
Run the following command to stop the ZVM service:
kubectl scale deployment zvm-service --replicas=0
Run "k get pods" to check the status of the service shutdown. This will be complete when the 'zvm-service' disappears from the list
Snapshot the ZVMA
Run the following command to clear the table:
kubectl exec -it $(kubectl get pods | awk '{print $1}' | grep zvm-db) -- /opt/mssql-tools/bin/sqlcmd -S localhost -U sa -P "zvmapp-5T^d#ak*Y6" -Q "use zvm_db; delete CloudConfigurationIdentifierStorageObject;"
You should receive a message advising '1 rows affected'Run the following command to restart the ZVM service:
kubectl scale deployment zvm-service --replicas=1
External Database
Run the following command to stop the ZVM service:
kubectl scale deployment zvm-service --replicas=0
Run "k get pods" to check the status of the service shutdown. This will be complete when the 'zvm-service' disappears from the list
Snapshot the ZVMA
Connect to External SQL database and manually backup DB
Identify the table
CloudConfigurationIdentifierStorageObject
(should be 1 line) and run a truncate command to delete all contents but leave the table itself.Run the following command to restart the ZVM service:
kubectl scale deployment zvm-service --replicas=1
SSL Update
If you use an internal SSL certificate for your ZVM portal, you can use the below instructions to update the SSL certificate.
Certs are located /var/data/zerto/zappliance/ingress/certs
Ensure you have SSH enabled on the Appliance for this process
Perform a backup on the existing SSL Certs
cp /var/data/zerto/zappliance/ingress/certs/tls.key /var/data/zerto/zappliance/ingress/certs/tls.key.bak
cp /var/data/zerto/zappliance/ingress/certs/tls.crt /var/data/zerto/zappliance/ingress/certs/tls.crt.bak
Transfer the new certificates to the Appliance
Copy files to directory
cp tls.crt /var/data/zerto/zappliance/ingress/certs/tls.crt
cp tls.key /var/data/zerto/zappliance/ingress/certs/tls.key
Replace the SSL Certificate
kubectl delete secret ingress-cert-secret
kubectl create secret tls ingress-cert-secret --key /var/data/zerto/zappliance/ingress/certs/tls.key --cert /var/data/zerto/zappliance/ingress/certs/tls.crt
No reboot or service refresh is required