VMware Disaster Recovery To Azure Step-By-Step – Part 2

In the 1st part, we saw how to deploy and configure the Azure Site Recovery Configuration Server, in this 2nd part we will see how to configure Azure.

Prepare the target environment for disaster recovery of VMware VMs to Azure

After completing the Step 1: Select Protection goal and Step 2: Deployment planning and  Step 3: Prepare Source, you are taken to Step 4: Target

• Click on + Network

• You can accept default values or add you own and click on OK

• When Virtual Network is created, click on OK

Configure and manage replication policies for VMware disaster recovery to Azure

• Click on + Create and Associate

• Specify the policy name.
• In RPO threshold, specify the RPO limit. Alerts are generated when continuous replication exceeds this limit.
• In Recovery point retention, specify (in hours) the duration of the retention window for each recovery point. Protected machines can be recovered to any point within a retention window. Up to 24 hours of retention is supported for machines replicated to premium storage. Up to 72 hours is supported for standard storage.
• In App-consistent snapshot frequency, choose from the dropdown how often (in hours) recovery points that contain application-consistent snapshots should be created. If you wish to turn off generation of application consistency points, choose “Off” value in the dropdown.
• Click OK. The policy should be created in 30 to 60 seconds.

• Click on OK

• Click on OK

When you create a replication policy, a matching failback replication policy is automatically created, with the suffix “failback”. After creating the policy, you can edit it by selecting it > Edit Settings.

Mobility service for VMware VMs

When you set up disaster recovery for VMware VMs and physical servers using Azure Site Recovery, you install the Site Recovery Mobility service on each on-premises VMware VM and physical server. The Mobility service captures data writes on the machine, and forwards them to the Site Recovery process server. You can deploy the Mobility Service using the following methods:

• Push installation: Site Recovery installs mobility agent on the server when protection is enabled via Azure portal.
• Install manually: You can install the Mobility service manually on each machine through UI or command prompt.
• Automated deployment: You can automate installation with software deployment tools such as System Center Configuration Manager.

Push installation

Push installation is an integral part of “Enable Replication” job triggered in the portal. After choosing the set of virtual machines you wish to protect and trigger “Enable Replication”, configuration server pushes mobility agent on to the servers, installs the agent and complete registration of agent with configuration server. For successful completion of this operation,

• Ensure that all push installation prerequisites are met.
• Ensure that all configurations of servers fall under support matrix of VMware to Azure DR scenario.

Prepare source machine for push installation of mobility agent

Install on Windows machine

On each Windows machine you want to protect, do the following:

1. Ensure that there’s network connectivity between the machine and the process server. If you haven’t set up a separate process server, then by default it’s running on the configuration server.
2. Create an account that the process server can use to access the computer. The account should have administrator rights, either local or domain. Use this account only for the push installation and for agent updates.
3. If you don’t use a domain account, disable Remote User Access control on the local computer as follows:
   • Under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System registry key, add a new DWORD: LocalAccountTokenFilterPolicy. Set the value to 1.
   • To do this at a command prompt, run the following command:
     `REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d
4. In Windows Firewall on the machine you want to protect, select Allow an app or feature through Firewall. Enable File and Printer Sharing and Windows Management Instrumentation (WMI). For computers that belong to a domain, you can configure the firewall settings by using a Group Policy object (GPO).
5. Add the account that you created in CSPSConfigtool. To do this, sign in to your configuration server.
6. Open cspsconfigtool.exe. It’s available as a shortcut on the desktop and in the %ProgramData%\ASR\home\svsystems\bin folder.
7. On the Manage Accounts tab, select Add Account.
8. Add the account you created.
9. Enter the credentials you use when you enable replication for a computer.

I will use a Domain Account named push which is local administrator on all my VMs.

Enable replication to Azure for VMware VMs

Before you start

When you’re replicating VMware virtual machines, keep this information in mind:

• Your Azure user account needs to have certain permissions to enable replication of a new virtual machine to Azure.
• VMware VMs are discovered every 15 minutes. It can take 15 minutes or longer for VMs to appear in the Azure portal after discovery. Likewise, discovery can take 15 minutes or longer when you add a new vCenter server or vSphere host.
• It can take 15 minutes or longer for environment changes on the virtual machine (such as VMware tools installation) to be updated in the portal.
• You can check the last-discovered time for VMware VMs: See the Last Contact At field on the Configuration Servers page for the vCenter server/vSphere host.
• To add virtual machines for replication without waiting for the scheduled discovery, highlight the configuration server (but don’t click it), and select Refresh.
• When you enable replication, if the virtual machine is prepared, the process server automatically installs the Azure Site Recovery Mobility service on it.

Enable replication

Before you follow the steps in this section, note the following information:

• Azure Site Recovery now replicates directly to managed disks for all new replications. The process server writes replication logs to a cache storage account in the target region. These logs are used to create recovery points in replica managed disks that have naming convention of asrseeddisk.
• Powershell support for replicating to managed disks is available from Az.RecoveryServices module version 2.0.0 onwards
• At the time of failover, the recovery point that you select is used to create the target-managed disk.
• VMs that were previously configured to replicate to target storage accounts aren’t affected.
• Replication to storage accounts for a new virtual machine is only available via a Representational State Transfer (REST) API and Powershell. Use Azure REST API version 2016-08-10 or 2018-01-10 for replicating to storage accounts.

Please follow below steps to Enable Replication:

• Go to  your Vault select +Replicate in the vault to enable replication for additional virtual machines.
• In the Source page > Source, select the configuration server.
• For Machine type, select Virtual Machines or Physical Machines.
• In vCenter/vSphere Hypervisor, select the vCenter server that manages the vSphere host, or select the host. This setting isn’t relevant if you’re replicating physical computers.
• Select the process server. If there are no additional process servers created, inbuilt process server of configuration server will be available in the dropdown. Health status of each process server is indicated as per recommended limits and other parameters. Choose a healthy process server. A critical process server cannot be chosen. You can either troubleshoot and resolve the errors or set up a scale-out process server. 

• For Target, select the subscription and resource group where you want to create the failed-over virtual machines. Choose the deployment model that you want to use in Azure for the failed-over VMs.
• Select the Azure network and subnet that the Azure VMs will connect to after failover. The network must be in the same region as the Site Recovery service vault.Select Configure now for selected machines to apply the network setting to all virtual machines that you select for protection. Select Configure later to select the Azure network per virtual machine. If you don’t have a network, you need to create one. To create a network by using Azure Resource Manager, select Create new. Select a subnet if applicable, and then select OK.

• For Virtual machines > Select virtual machines, select each virtual machine that you want to replicate. You can only select virtual machines for which replication can be enabled. Then select OK. If you can’t see or select any particular virtual machine, see Source machine isn’t listed in the Azure portal to resolve the issue.

• For Properties > Configure properties, select the account that the process server uses to automatically install the Site Recovery Mobility service on the virtual machine. Also, choose the type of target managed disk to replicate to based on your data churn patterns.
• By default, all the disks of a source virtual machine are replicated. To exclude disks from replication, clear the Include check box for any disks that you don’t want to replicate. Then select OK. You can set additional properties later. Learn more about excluding disks.

• At Replication settings > Configure replication settings, verify that the correct replication policy is selected. You can modify replication policy settings at Settings > Replication policies > policy name > Edit Settings. Changes that you apply to a policy also apply to replicating and new virtual machines.
• Enable Multi-VM consistency if you want to gather virtual machines into a replication group. Specify a name for the group, and then select OK. 

Note:

Virtual machines in a replication group replicate together and have shared crash-consistent and app-consistent recovery points when they fail over.

Gather VMs and physical servers together so that they mirror your workloads. Enabling multi-VM consistency can affect workload performance. Do this only if the virtual machines are running the same workload, and you need consistency.

• Select Enable Replication. You can track the progress of the Enable Protection job at Settings > Jobs > Site Recovery Jobs. After the Finalize Protection job runs, the virtual machine is ready for failover.

All the configuration are now in place. The next steps will be to run Failover and FailBack.

It will be in the last article Part 3.

Stay tuned!