Azure Site Recovery. Disaster Recovery in the Cloud.
>>My Novice interactions with Azure Site Recovery.⌗
>>What is ASR?⌗
Azure Site Recovery orchestrates and manages disaster recovery for Azure VMs, and on-premises VMs and physical servers.
Most if not all of my development happens in or around Microsoft Azure. I wanted to try and find a DR plan that would fit with this and even keep me in the cloud. I came across Azure Site Recovery and after some tinkering found that it would be the right fit for me
Azure Site Recovery is great for both replicating applications across Azure Regions or taking your on premise infrastructure and replicating it in the cloud for Disaster Recovery. I’ll briefly talk about the On-Prem to Cloud offering as I was interested in Azure to Azure.
>>On-Prem to Azure DR. ⌗
ASR is a great option if you want to have DR but don’t want to spend a whole load of money on duplicating your existing infrastructure and then the cost of space to put it into a separate DC. With a 99.9% SLA and 24/7 support I don’t think On-Prem to Azure is a bad way to go for your DR purposes.
>>My Plan.⌗
My plan was to utilize ASR to make sure I have an effective fail-over and minimal downtime for one of our applications running on Azure. One Issue I had encountered is that with Azure VM replication it can only be done between 2 different regions. My data however had to stay in the UK. I believe this had something to do with me having my Recovery Services Vault being housed in the same region as my Vault.
I found out however that if instead of creating your ASR through “Create a resource” like the Microsoft Technet Post suggests and you create the Site Recovery from your VM listing you can have it hosted all in the same region but different DC’s. My VM is currently hosted in UK South DC and I wanted it do configure the DR to be in the UK West DC so all my data stayed within the UK but I still have full DR capabilities, My thinking being what are the chances that both UK DC’s have issues. See Images below.
⌗
>>Replication enabled!⌗
When you enable this replication a few things happen.
- A new VM Resource Group is Created
- A new Availability Set is Created
- A new Virtual network is Created
- A Site Vault is Created for you (this is where you can access all your DR Plans/Failovers. (Good to have this on your Azure Dashboard)
Failover test plans need to be created. One great feature with ASR is you can create and Test your Failover plans before you publish them and put them into production. It warns you that you haven’t done any test Failovers and advises against you running a Failover until they have been tested.
Make sure you visiting the Site Recovery Vault as it shows all your current protected VM/Services/Applications and gives a Infrastructure Overview. Its from here you have Start the Failover, Develop your Test Plans and see any current issues and health warnings.
>>Issues I Encountered. ⌗
One issue I encountered was that I didn’t set my Corresponding Outbound Connectivity IP address ranges within my NSG within Azure
Make sure that the preqs are followed.
These are taken from technet site here: https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-enable-replication
Configure outbound network connectivity⌗
For Site Recovery to work as expected, you need to make some changes in outbound network connectivity, from VMs that you want to replicate.
- Site Recovery doesn’t support use of an authentication proxy to control network connectivity.
- If you have an authentication proxy, replication can’t be enabled.
Outbound connectivity for IP address ranges⌗
If you want to control outbound connectivity using IP addresses instead of URLs, whitelist the appropriate datacenter ranges; Office 365 addresses; and service endpoint addresses, for IP-based firewalls, proxy, or NSG rules.
- Microsoft Azure Datacenter IP Ranges
- Windows Azure Datacenter IP Ranges in Germany
- Windows Azure Datacenter IP Ranges in China
- Office 365 URLs and IP address ranges
- Site Recovery service endpoint IP addresses
You can use this script to create required NSG rules.
>>Whats Next?⌗
After this has been done and your ASR is configured you need to think about your test plans and running the Failover Tests suggested. These are all accessible through the Site Recovery Vault that was created when you enabled your replication of the VM.