Jump to content
Welcome to our new Citrix community!
  • How to Setup a Nutanix Protection Domain to Replicate VMs from One Cluster to Another.


    raydavis22rnd-1.jpg by Ray Davis, CTA

    This is a quick blog to show the power of a protection domain in an AHV setup. First, I wanted to explain that my lab is not complex yet. Meaning I don't have firewall rules, different VLANS, or any kind of segmentation. It's a flat Network with 2 Nutanix AHV Host. When I started writing a blog on how to setup a Nutanix protection domain, I was doing this on a production and DR site at a previous company. It worked like a treat, and I was able to move AHV virtual machines from different clusters to a DR cluster and back with no problem.  

    But since then, I  moved on to another company where they don't have Nutanix :(. I don't have access to the environment anymore. My lab is 100% AHV. Why? Well, because I got into Nutanix 2 years ago or more. I love what they offer and the Hypervisor's easy use and other software they provide. I am using the Nutanix CE version. However, the Nutanix CE version is behind compared to what is released now. I noticed in an AOS 6.0 setup that some of the options are in different areas compared to the CE version. The CE version is based on 5.18, from what I can tell. I am not sure when they will release a newer build for the CE edition either at this time. 

    This allowed me to maintain base skills set in the Nutanix realm. I know it's not 100% solution when compared to what many are running in a Prod setup.  But It's the same steps in a production environment. I am now rewriting this blog around my lab setup instead of what I originally had written up. Since I need to get my Virtual Machines off the other AHV host, I decided to write a little blog on protection domains VM replication. This blog shows you and gives you an idea of what it really can do. It is very straightforward. The biggest issue I had back when I was doing it in a Production setup was Firewalls. It is critical to make sure this is right. If not, you will struggle. Ask me how I know :). We all have to go through the firewall setups with Information Security or whoever manages your firewalls. Just make sure it's set up correctly.

    As I was saying above, my lab is simple. It is just for me to test things and keep up to date with my CVADS/CVAD journey.

    In my lab, I will be referring to names called:



    I created two Single Node Clusters, so I can have the option to do failovers and try to mirror a source and destination AHV cluster.


    I was in a situation where I needed to get another Lab server. So after searching online, I found a great site called Refurbished/Used Dell & HP Servers, Hard Disk Drives – TechMikeNY

    I ended up ordering this. This is all I needed for my second host at this time.

    Items QtySubtotal
     Dell PowerEdge R630 8-Bay 2.5" 1U ServerDELL_PE_R630_8B1$364.00
     Dell 0C34X6 2TB SSD SATA 2.5'' 6Gbps Solid State Drive2TB_SSD_SATA_SFF_6G2$408.50
     Intel Xeon E5-2698 v3 2.30GHz 16-Core LGA 2011 / Socket R-3 Processor SR1XE2-30Ghz_E5-2698_V3_16C2$245.60
     32GB PC4-2133P ECC-Registered Server Memory RAM32GB_PC4-2133P8$683.20
     Dell 1100W 80+ Platinum Power SupplyDELL_1100W_80-PLUS2$153.80
     Dell iDRAC8 Enterprise Remote Access LicenseiDRAC8_Enterprise1$67.20
     Dell HBA330 12Gbps SAS HBA Controller (NON-RAID) MiniCardHBA330_Mini1$62.70
     200GB SSD SATA 2.5'' 6Gbps Solid State Drive200GB_SSD_SATA_SFF_6G2$73.30
     Dell 0R1XFC I350 Quad-Port 1GBe Daughter CardDELL_0R1XFC1$21.00
     64GB SATA Disk-On-Module SATADOM SATA III 6Gbps Drive64GB_SATADOM_6G1$15.50
     Dell 2.5in R-Series CaddyR-Series_SFF_Caddies4$19.00
    Grand total$2,169.40


    Here are the firewall Ports

    Ports and Protocols ANY - Disaster Recovery - Protection Domain (nutanix.com)

    Protection Domains (nutanix.com)

    You need to create a Protection domain to do this first. This is what tells Nutanix what to replication and how often.

    Let's start by setting up a protection domain on NTX-Cluster-01

    Drop down, select data protection.


    Click + protection domain


    Please give it a name. Give it something that makes sense to what you are working with.


    Now it will ask you for the VM names.


    You can select what schedule fits you best in the setup. I set this up to run every day as an example. The 10 minutes in the screen show is to show you the schedule options.


    Now you need to add the Remote site (NTX-Cluster-03) to which you want it to send. You will do this on the source cluster and add the Remote location to the source cluster.

    NTX-Cluster-01 >>>>>>> NTX-Cluster-03


    Once both sites are set up to talk to each other, we will need to come back here.


    Go to the remote Site Cluster and Log in.

    Go to the Data Protection section.

    Then create the new remote site connection.

    NTX-Cluster-013 >>>>>>> NTX-Cluster-01 ( this is for reverse sync) Basically to replicate it back if needed. In my case, it's not. But in a Prod setup, you would want to send it back once your DR failover activities are completed.


    Again once we get the sites talking I will come back here to update the mappings.


    Now to check the connections from NTX-Cluster-01 >>>>>>> NTX-Cluster-03

    Now, as you can see, 03 is talking to 01


    Then you can see that 01 is talking to 03

    NTX-Cluster-03 >>>>>>> NTX-Cluster-01


    Now let's set the mappings. We can start on NTX-Cluster-01.

    Go back to the Remote Site and edit "Update" the Remote site settings.


    Click on Settings, and scroll down.

    Add the Network Mappings and vStore Name mappings. This is just setting up the Source and destination network and storage.


    On Cluster-01

    So AHV: Data-Cluster01 will send to AHV: Data-Cluster-03

    My network name is the same as the test sites. This would be different in your environment based on what you have the Network name when creating a base VLAN. I used the default storage location as well on both Clusters.




    Go back to the Remote Site (NTX-Cluster-03)  and do the same but in reverse.

    On NTX-Cluster-03

    So AHV: Data-Cluster03 will send to AHV: Data-Cluster-01

    My network name is the same as the test sites.

    Save settings


    NTX-Cluster-03 updated with the remote site info.


    Replication has started


    On the remote tab, you can see the data completed along with start times, and then it shows outgoing.


    Now, if I log into my "remote site" NTX-Cluster-03

    I should see incoming and some stats. You can see it listing NTX-Cluster-01 as the remote site. This is because we are logged into NTX-Cluster-03.


    Now it's done:


    I would like to migrate the server from NTX-Cluster-01 to NTX-Cluster-03.

    Go to the source Prism Element, and click on the Async DR tab. Then click Migrate option.

    Now click on Migrate.


    As you can see, it's gone from the Prod location


    Check the Remote location or DR NTX-Cluster-03, and you will see it now.


    Now let's power it one.


    Up and online


    Now, in this case,  I am going to migrate it back.



    Now it will, Snapshot the VM and send it back to NTX-Cluster-01.

    Now let's check NTX-Cluster-01 and it's back.


    In the next example, I need to move most of my lab VMs from NXT-Cluster-01 to NXT-Cluster-03 to free up resources on a host.


    I selected more this time.


    This time around, I will let the schedule do what it needs to do. This will give you an idea of how it works.

    Starts at 5 pm, and now it's 4:53 pm.


    At 5 pm we will see a local snapshot start, then it will start replicating to NTX-Cluster-03.

    Snapshot Started


    Replication started.




    Now to fail them over.

    Click on Async DR,  The Protection Domain name, Entities.


    Click Migrate


    They're gone and now on NTX-Cluster-03.


    I am powering them up now.

    They are all online.




    I hope you find this helpful if you want to play around with Protection domains. As I stated above, this is in my lab.  But I have used this in a production environment to move workloads around. I mainly used this to move resources from one cluster to another in preparation for a data center migration involving a CVAD setup. It worked like a charm and saved me big time in areas where this was needed.

    See more posts from Ray Davis.

    User Feedback

    Recommended Comments

    Do you know if it is possible to bring the servers up on the DR side, without taking them down on the prod side? We us a DR bubble for audit testing. We use Zerto to bring them online in DR during the middle of the day, and then just destroy them without committing changes back. Problem is, Zerto doesn't like MCS provisioned machines.
    Link to comment
    Share on other sites

    Hey Craig, Good question. I am not certain on that to be honest. But I will do some checking and find out. Give me some time :)
    Link to comment
    Share on other sites

    Hey Craig, I am not 100% on that. But Let me see what I can do on getting you an answer. I only used them to failover things and back. I understand what you are saying though, I am just not sure. But again, let me see what I can do for an answer.
    Link to comment
    Share on other sites

    Hey Craig, I reach out and found out that you can't do this with Protection domains. However, with DR orchestration (Leap) that will allow you to test failovers from Prism Central.





    Link to comment
    Share on other sites

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

  • Create New...