Written By: Vinod Kumar, Former Cloud Engineer, Powerupcloud Technologies.
Azure Site Recovery is Disaster Recovery as Service (DRaaS) from Microsoft Azure. It can protect Hyper-V, VMWare, and physical servers by continuously replicating servers as VM level to an Azure storage account. When there is a disaster, Site Recovery will co-ordinate with Azure fabric to spin VMs from storage. It has all the necessary qualities of an enterprise product with health monitoring and data encryption for replicated data etc.
We recently helped a customer create DR for a set of servers using Azure Site Recovery. Consider this — you have a tomcat web server, Oracle Database server with Standard Edition, a file server and a mail server like Zimbra. How do you go about setting up DR for it?
- Setting up a standby using manual log-shipping for Oracle not only requires DBA intervention and management overhead — Oracle has rather straightforward licensing policies. If you are running the Oracle database engine, you pay for it.
- You will probably create a toned-down web server (or make an image and keep it) and add DR server to your deployment routine to keep it updated
- You establish some kind of file system sync for file servers and Zimbra
Situations like these are exactly where Azure Site Recovery Excels. ASR allows you to replicate VMs to a storage account, set replication intervals, perform failovers and failback (failback on VMWare and Hyper-V) at minimal cost and less management overhead.
We had to set up a DR for a client recently where Azure Site Recovery made sense and we noted that there not many steps by step guides available on the internet. What follows is the step by step guide from our Azure Solution Architect, Vinod.
- An Azure account, obviously
- An Azure storage account to store replicated data
- An Azure virtual network that Azure VMs will connect to when failover occurs. The Azure virtual network must be in the same region as the
Recovery Services vault.
- VPN Connection to do failovers and failback etc
A configuration server (most of the times co-located with process server) is a VM that is deployed on an on-premise site for which DR is being configured. It coordinates communication between the on-premises environment and Azure and manages data replication and recovery. A process server is often deployed on the same server which is acting as a configuration server — its job is to act as a replication gateway, optimize with caching, compression and encryption, etc.
Take a look at prerequisites for VMWare and Hyper-V environments in detail at Azure Site Recovery Documentation. Pay attention to having the right network adapters like VMXNET3 etc. Since the purpose of this post is to show a step by step for VMWare to Azure, I am skipping the theory and jumping right into the action.
Create a Recovery Vault Site
- Sign in to the Azure portal.
- Click New > Management > Backup and Site Recovery (OMS). Alternatively, you can click Browse > Recovery Services Vault > Add.
Choose Your Protection Goals
- In the Recovery Services vaults, blade select your vault and click Settings.
- In Settings > Getting Started click Site Recovery > Step 1: Prepare Infrastructure > Protection goal.
* In Protection goal select To Azure, and select Yes, with VMware vSphere Hypervisor. Then click OK.
Setup Source Environment
- Click Step 1: Prepare Infrastructure > Source. In Prepare source if you don’t have a configuration server click +Configuration server to add one.
Run Site Recovery Unified Setup
- Run the Unified Setup installation file.
- Before you begin, select Install the configuration server and process server.
- On Third-Party Software License click I Accept to download and install MySQL.
- On Registration browse and select the registration key you downloaded from the vault.
- In the Internet, Settings specify how the Provider running on the configuration server will connect to Azure Site Recovery over the internet.
- If you want to connect with the proxy that’s currently set up on the machine select Connect with existing proxy settings.
- If you want the Provider to connect directly select Connect directly without a proxy.
- If the existing proxy requires authentication, or you want to use a custom proxy for the Provider connection, select Connect with custom proxy settings.
- If you use a custom proxy you’ll need to specify the address, port, and credentials
- In the Prerequisites Check setup runs a check to make sure that installation can run. If a warning appears about the Global time sync check verify that the time on the system clock (Date and Time settings) is the same as the time zone
- In MySQL Configuration create credentials for logging onto the MySQL server instance that will be installed.
In Environment Details select whether you’re going to replicate VMware VMs. If you are, then set up checks that PowerCLI 6.0 is installed.
In Install Location select where you want to install the binaries and store the cache. You can select a drive that has at least 5 GB of storage available but we recommend a cache drive with at least 600 GB of free space.
In-Network Selection specifies the listener on which the configuration server will send and receive replication data. You can modify the default port (9443). In addition to this port, port 443 will be used by a web server which orchestrates replication operations. 443 shouldn’t be used for receiving replication traffic.
In Summary, review the information and click Install. When the installation finishes a passphrase is generated. You’ll need it when you enable replication so copy it and keep it in a secure location.
Add the VMware account for automatic discovery
CSPSConfigtool.exe. It’s available as a shortcut on the desktop and located in the folder.
- Click Manage Accounts > Add Account
- In Account Details add the account that will be used for automatic discovery. Note that it can take 15 minutes or more for the account name to appear in the portal. To update immediately, click Configuration Servers > server name > Refresh Server.
Connect to vSphere hosts and vCenter servers
- Verify that the configuration server has network access to the vSphere hosts and vCenter servers.
- Click Prepare infrastructure > Source. In Prepare source select the configuration server, and click +vCenter to add a vSphere host or vCenter server.
- In Add, vCenter specifies a friendly name for the vSphere host or vCenter server, and specify the IP address or FQDN of the server. Leave the port as 443 unless your VMware servers are configured to listen for requests on a different port. Then select the account that will be used to connect to the VMware server. Click OK.
Setup the target environment
- Click Prepare infrastructure > Target and select the Azure subscription you want to use.
- Specify the deployment model you want to use for VMs after failover.
- Site Recovery checks that you have one or more compatible Azure storage accounts and networks.
Configure Replication Settings
- To create a new replication policy click Prepare infrastructure > Replication Settings > +Create and Associate.
- Create and associate policy specify a policy name.
- In the RPO threshold: specify the RPO limit. Alerts will be generated when continuous replication exceeds this limit.
- In Recovery point retention, specify in hours how long the retention window will be for each recovery point. Protected machines can be recovered to any point within a window. Up to 24 hours retention is supported for machines replicated to premium storage.
- In App-consistent snapshot frequency, specify how often (in minutes) recovery points containing application-consistent snapshots will be created.
- When you create a replication policy, by default a matching policy is automatically created for failback. For example, if the replication policy is rep-policy then the failback policy will be rep-policy-failback. This policy isn’t used until you initiate a failback.
- When you create a new policy it’s automatically associated with the configuration server. Click OK.
Go through Capacity Planning step
Install the Mobility service
- For enabling protection for virtual machines and physical servers is to install the Mobility service
- Install the Mobility service manually
- The installers are available on the process server in
C:\Program Files (x86)\Microsoft Azure Site Recovery\home\svsystems\pushinstallsvc\repository
Note: Only 2008R2, 2012 and 2012R2 Servers support Mobility service
- Download and run the relevant installer.
- Before you begin select Mobility service.
- In Configuration, Server Details specify the IP address of the configuration server and the passphrase that was generated when you ran Unified Setup. You can retrieve the passphrase by running:
\home\sysystems\bin\genpassphrase.exe –non the configuration server.
- Click Step 2: Replicate application > Source. After you’ve enabled replication for the first time you’ll click +Replicate in the vault to enable replication for additional machines.
- In the Source blade > Source select the configuration server.
- In Machine, type select Virtual Machines or Physical Machines.
- In vCenter/vSphere Hypervisor select the vCenter server that manages the vSphere host, or selects the host. This setting isn’t relevant if you’re replicating physical machines.
- Select the process server. If you haven’t created any additional process servers this will be the name of the configuration server. Then click OK.
- In Target select the vault subscription, and in the Post-failover deployment model select the model (resource management) that you want to use in Azure after failover.
- In Virtual Machines > Select virtual machines click and select each machine you want to replicate. You can only select machines for which replication can be enabled. Then click OK.
- In Properties > Configure properties, select the account that will be used by the process server to automatically install the Mobility service on the machine. By default, all disks are replicated. Click All Disks and clear any disks you don’t want to replicate. Then click OK. You can set additional properties later.
- In Replication settings > Configure replication settings verify that the correct replication policy is selected. You can modify replication policy settings in Settings > Replication policies > policy name > Edit Settings. Changes you apply to a policy will be applied to replicating and new machines.
- Click Enable Replication. You can track the progress of the Enable Protection job in Settings >Jobs > Site Recovery Jobs. After the Finalize Protection job runs the machine is ready for failover
View and Manage VM Properties
- Click Settings > Replicated items > and select the machine. The Essentials blade shows information about machine settings and status.
- In Properties, you can view replication and failover information for the VM.
Test the Deployment
Run a Test Failover
To failover, a single machine, in Settings > Replicated Items, click the VM > +Test Failover icon
– To failover a recovery plan, in Settings > Recovery Plans, right-click the plan > Test Failover. — In Test Failover select the Azure network to which Azure VMs will be connected after failover occurs. — Click OK to begin the failover. You can track progress by clicking on the VM to open its properties, or on the Test Failover job in vault name > Settings > Jobs > Site Recovery jobs.
Run The Failback
Reprotect Azure VMs
- In the Vault,> replicated items > select the VM that’s been failed over and right-click to Re-Protect. You can also click the machine and select the reprotect from the command buttons.
- In the blade, you can see that the direction of protection “Azure to On-premises” is already selected.
- In Master Target Server and Process Server select the on-premises master target server and the Azure VM process server.
- Select the Datastore to which you want to recover the disks on-premises. This option is used when the on-premises VM is deleted and new disks need to be created. This option is ignored if the disks already exist, but you still need to specify a value.
- Retention Drive is used for stopping the points in time when the VM replicated back to on-premises. Some of the criteria of a retention drive are as below, without which the drive will not be listed for the master target server. a. Volume shouldn’t be in use for any other purpose(target of replication etc.) b. Volume shouldn’t be in lock mode. c. Volume shouldn’t be cache volume. ( MT installation shouldn’t exist on that volume. PS+MT custom installation volume is not eligible for retention volume. Here installed PS+MT volume is cache volume of MT. ) d. The Volume File system type shouldn’t be FAT and FAT32. e. The volume capacity should be non-zero. e. The default retention volume for Windows is R volume.
- The failback policy will be auto-selected.
- After you click OK to begin reprotection a job begins to replicate the VM from Azure to the on-premises site. You can track the progress on the Jobs tab.
Reprotect The On-prem Site
After failback completes, you will need to commit the virtual machine to ensure the VMs recovered in Azure are deleted. — Right-click on the protected item and click Commit. A job will trigger that will remove the former recovered virtual machines in Azure. After commit completes your data will be back on the on-premises site, but won’t be protected. To start replicating to Azure again do the following:
– In the Vault > Setting > Replicated items, select the VMs that have failed back and click Re-Protect. — Give the value of a Process server that needs to be used to send data back to Azure. — Click OK to begin the re-protect job.
– Once the reprotect completes, the VM will be replicating back to Azure and you can do a failover.