In the following articles, I will provide step-by-step guide to implement Azure Site Recovery to use Azure for Disaster Recovery.
Prepare Azure
Create a Recovery Services vault
- In the Azure portal, click +Create a resource, and search the Marketplace for Recovery.
- Click Backup and Site Recovery, and in the Backup and Site Recovery page, click Create.
- In Recovery Services vault > Name, enter a friendly name to identify the vault. For this set of tutorials we’re using ContosoVMVault.
- In Resource group, select an existing resource group or create a new one. For this tutorial we’re using contosoRG.
- In Location, select the region in which the vault should be located. We’re using West Europe.
- To quickly access the vault from the dashboard, select Pin to dashboard > Create.The new vault appears on Dashboard > All resources, and on the main Recovery Services vaults page.
Set up an Azure network
On-premises machines are replicated to Azure managed disks. When failover occurs, Azure VMs are created from these managed disks, and joined to the Azure network you specify in this procedure.
- In the Azure portal, select Create a resource > Networking > Virtual network.
- Keep Resource Manager selected as the deployment model.
- In Name, enter a network name. The name must be unique within the Azure resource group. I am using ArnaudASR-vNET.
- In Address space, enter the range for the network. I am using 10.1.0.0/16.
- In Subscription, select the subscription in which to create the network.
- Specify the resource group in which the network will be created. I am using the existing resource group ASR-RG.
- In Location, select the same region as that in which the Recovery Services vault was created. I am using East US 2. The network must be in the same region as the vault.
- In Subnet name provide a name.
- In Address range, enter the range for the network.I am using 10.1.0.0/24
- I am leaving the default options of basic DDoS protection, with no service endpoint on the network.
- Click Create.
The virtual network takes a few seconds to create. After it’s created, you see it in the Azure portal dashboard.
Prepare on-premises VMware servers for disaster recovery to Azure
Prepare an account for automatic discovery
Site Recovery needs access to VMware servers to:
- Automatically discover VMs. At least a read-only account is required.
- Orchestrate replication, failover, and failback. You need an account that can run operations such as creating and removing disks, and powering on VMs.
Create the account as follows:
- To use a dedicated account, create a role at the vCenter level. Give the role a name such as Azure_Site_Recovery.
- Assign the role the permissions summarized in the table below.
- Create a user on the vCenter server or vSphere host. Assign the role to the user.
Prepare an account for Mobility service installation
The Mobility service must be installed on machines you want to replicate. Site Recovery can do a push installation of this service when you enable replication for a machine, or you can install it manually, or using installation tools.
- I am going to install the Mobility service with the push installation.
- For this push installation, you need to prepare an account that Site Recovery can use to access the VM. You specify this account when you set up disaster recovery in the Azure console.
Prepare the account as follows:
Prepare a domain or local account with permissions to install on the VM.
- Windows VMs: To install on Windows VMs if you’re not using a domain account, disable Remote User Access control on the local machine. To do this, in the registry > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, add the DWORD entry LocalAccountTokenFilterPolicy, with a value of 1.
- Linux VMs: To install on Linux VMs, prepare a root account on the source Linux server.
Check VMware requirements
Make sure VMware servers and VMs comply with requirements.
- Verify VMware server requirements.
- For Linux VMs, check file system and storage requirements.
- Check on-premises network and storage support.
- Check what’s supported for Azure networking, storage, and compute, after failover.
- Your on-premises VMs you replicate to Azure must comply with Azure VM requirements.
- In Linux virtual machines, device name or mount point name should be unique. Ensure that no two devices/mount points have the same names. Note that name aren’t case-sensitive. For example, naming two devices for the same VM as device1 and Device1 isn’t allowed.
Prepare to connect to Azure VMs after failover
After failover, you might want to connect to the Azure VMs from your on-premises network.
To connect to Windows VMs using RDP after failover, do the following:
- Internet access. Before failover, enable RDP on the on-premises VM before failover. Make sure that TCP, and UDP rules are added for the Public profile, and that RDP is allowed in Windows Firewall > Allowed Apps, for all profiles.
- Site-to-site VPN access:
- Before failover, enable RDP on the on-premises machine.
- RDP should be allowed in the Windows Firewall -> Allowed apps and features for Domain and Private networks.
- Check that the operating system’s SAN policy is set to OnlineAll. Learn more.
- There should be no Windows updates pending on the VM when you trigger a failover. If there are, you won’t be able to sign in to the virtual machine until the update completes.
- On the Windows Azure VM after failover, check Boot diagnostics to view a screenshot of the VM. If you can’t connect, check that the VM is running and review these troubleshooting tips.
To connect to Linux VMs using SSH after failover, do the following:
- On the on-premises machine before failover, check that the Secure Shell service is set to start automatically on system boot.
- Check that firewall rules allow an SSH connection.
- On the Azure VM after failover, allow incoming connections to the SSH port for the network security group rules on the failed over VM, and for the Azure subnet to which it’s connected.
- Add a public IP address for the VM.
- You can check Boot diagnostics to view a screenshot of the VM.
Failback requirements
If you plan to fail back to your on-premises site, there are a number of prerequisites for failback. You can prepare these now, but you don’t need to. You can prepare after you fail over to Azure.
Set up disaster recovery to Azure for on-premises VMware VMs
Select a protection goal
- In Recovery Services vaults, select the vault name.I am using ArnaudVMVault for this scenario.
- In Getting Started, select Site Recovery. Then select Prepare Infrastructure.
- In Protection goal > Where are your machines located, select On-premises.
- In Where do you want to replicate your machines, select To Azure.
- In Are you performing a migration, select No.
- In Are your machines virtualized, select Yes, with VMware vSphere Hypervisor. Then click OK.
- In Deployment planning > Have you completed deployment planning?, select I will do it later and click OK
- In Source > Prepare Source, click on + Configuration Server
Set up the source environment
In your source environment, you need a single, highly available, on-premises machine to host these on-premises Site Recovery components:
- Configuration server: The configuration server coordinates communications between on-premises and Azure, and manages data replication.
- Process server: The process server acts as a replication gateway. It receives replication data; optimizes it with caching, compression, and encryption, and sends it to a cache storage account in Azure. The process server also installs the Mobility Service agent on VMs you want to replicate, and performs automatic discovery of on-premises VMware VMs.
- Master target server: The master target server handles replication data during failback from Azure.
All of these components are installed together on the single on-premises machines that’s known as the configuration server. By default, for VMware disaster recovery, we set up the configuration server as a highly available VMware VM. To do this, you download a prepared Open Virtualization Application (OVA) template, and import the template into VMware to create the VM.
- The latest version of the configuration server is available in the portal. You can also download it directly from the Microsoft Download Center.
- If for some reason you can’t use an OVA template to set up a VM, follow these instructions to set up the configuration server manually.
- The license provided with OVF template is an evaluation license valid for 180 days. Windows running on the VM must be activated with the required license.
Download the VM template
- In the vault, go to Prepare Infrastructure > Source.
- In Prepare source, click on +Configuration server.
- In Add Server, check that Configuration server for VMware appears in Server type.
- Download the OVF template for the configuration server.
Import the template in VMware
- Sign in to the VMware vCenter server or vSphere ESXi host with the VMWare vSphere Client.
- On the File menu, select Deploy OVF Template to start the Deploy OVF Template Wizard.
- On Select source, enter the location of the downloaded OVF.
- On Review details, click on Next.
- On Select name and folder click on Select configuration, accept the default settings.
- On Select storage, for best performance select Thick Provision Eager Zeroed in Select virtual disk format.
- On the rest of the wizard pages, accept the default settings.
- On Ready to complete, to set up the VM with the default settings, click on Power on after deployment > Finish.
Register the configuration server
After the configuration server is set up, you register it in the vault.
- From the VMWare vSphere Client console, turn on the VM.
- The VM boots up into a Windows Server 2016 installation experience. Accept the license agreement, and enter an administrator password.
- After the installation finishes, sign in to the VM as the administrator.
- The first time you sign in, the Azure Site Recovery Configuration Tool starts within a few seconds.
- Provide a Computer Name and click on Next.
- The tool checks that the VM can connect to Azure. After the connection is established, click on Sign in to sign in to your Azure subscription. The credentials must have access to the vault in which you want to register the configuration server.
- The tool performs some configuration tasks and then reboots.
- Sign in to the machine again. In a few seconds, the Configuration Server Management Wizard starts automatically.
Note: Assign a static IP to the VM Site Recovery Configuration Server
Configure settings and add the VMware server
Finish setting up and registering the configuration server.
- In the configuration server management wizard, click on Setup connectivity. From the dropdowns, first select the NIC that the in-built process server uses for discovery and push installation of mobility service on source machines, and then select the NIC that Configuration Server uses for connectivity with Azure. Then select Save and Continue. You cannot change this setting after it’s configured.
- In Select Recovery Services vault, select your Azure subscription and the relevant resource group and vault (if you are no signed, click on Click to Sign in).
- In Install third-party software, accept the license agreement. Click on Download and Install to install MySQL Server. If you placed MySQL in the path, this step is skipped.
- In Validate appliance configuration, prerequisites are verified before you continue.
- In Configure vCenter Server/vSphere ESXi server, enter the FQDN or IP address of the vCenter server, or vSphere host, where the VMs you want to replicate are located. Enter the port on which the server is listening. Enter a friendly name to be used for the VMware server in the vault.
- Enter user credentials to be used by the configuration server to connect to the VMware server. Ensure that the user name and password are correct and is a part of the Administrators group of the virtual machine to be protected. Site Recovery uses these credentials to automatically discover VMware VMs that are available for replication. Click on Add, and then click on Continue.
- In Configure virtual machine credentials, enter the user name and password that will be used to automatically install Mobility Service on VMs when replication is enabled.
- For Windows machines, the account needs local administrator privileges on the machines you want to replicate.
- For Linux, provide details for the root account.
- Click on Finalize configuration to complete registration.
- After registration finishes, in the Azure portal, verify that the configuration server and VMware server are listed on the Source page in the vault. Then click on OK to configure target settings.
After the configuration server is registered, Site Recovery connects to VMware servers by using the specified settings, and discovers VMs.
In the next part we will see the Azure configuration and the remaining steps.
Stay tuned!