1. Prepare Azure resources for Hyper-V disaster recovery
Azure Site Recovery helps business continuity and disaster recovery (BCDR) by keeping business apps running during planned and unplanned outages. Site Recovery manages and orchestrates disaster recovery of on-premises machines and Azure virtual machines (VMs), including replication, failover, and recovery.
a) Sign in to the Azure portal.
b) Verify account permissions
To enable replication for a new virtual machine, you must have permission to:
· Create a VM in the selected resource group.
· Create a VM in the selected virtual network.
· Write to the selected storage account.
To complete these tasks, your account should be assigned the Virtual Machine Contributor built-in role. To manage Site Recovery operations in a vault, your account should be assigned the Site Recovery Contributor built-in role.
c) Create a storage account
Images of replicated machines are held in Azure storage. Azure VMs are created from the storage when you fail over from on-premises to Azure. The storage account must be in the same region as the Recovery Services vault.
1. In the Azure portal menu, select Create a resource > Storage > Storage account — blob, file, table, queue.
2. In Create storage account, enter a name for the account. The name you choose must be unique within Azure, be from 3 to 24 characters long, and only use lowercase letters and numbers. For this tutorial, use contosovmsacct1910171607.
3. In Deployment model, select Resource Manager.
4. In Account kind, select Storage (general-purpose v1). Don’t select blob storage.
5. In Replication, select the default Read-access geo-redundant storage for storage redundancy. Leave the Secure transfer required setting as Disabled. Click here to know about other Data Redundancy.
6. In Performance, select Standard. Next, in Access tier, select the default option of Hot.
7. In Subscription, choose the subscription in which you want to create the new storage account.
8. In Resource group, enter a new resource group. An Azure resource group is a logical container in which Azure resources are deployed and managed. For this tutorial, use ContosoRG.
9. In Location, choose the geographic location for your storage account. For this tutorial, use West Europe.
10. Select Create to create the storage account.
d) Create a recovery services vault
1. In the Azure portal, select +Create a resource, and then search the Azure Marketplace for Recovery Services.
2. Select Backup and Site Recovery (OMS). Next, on the Backup and Site Recovery page, select Create.
3. In Recovery services vault > Name, enter a friendly name to identify the vault. For this tutorial, use ContosoVMVault.
4. In Resource group, select an existing resource group or create a new one. For this tutorial, use contosoRG.
5. In Location, select the region where the vault should be located. For this tutorial, use West Europe.
6. To quickly access the vault from the dashboard, select Pin to dashboard > Create.
The new vault appears on Dashboard > All resources, and on the main Recovery Services vaults page.
e) Set up an Azure network
When Azure VMs are created from storage after failover, they’re joined to this network.
1. In the Azure portal, select Create a resource > Networking > Virtual network. Leave Resource Manager selected as the deployment model.
2. In Name, enter a network name. The name must be unique within the Azure resource group. For this tutorial, use ContosoASRnet.
3. Specify the resource group in which to create the network. For this tutorial, use the existing resource group contosoRG.
4. In Address range, enter 10.0.0.0/24 as the range for the network. There’s no subnet for this network.
5. In Subscription, select the subscription in which to create the network.
6. In Location, choose West Europe. The network must be in the same region as the Recovery Services vault.
7. Leave the default options of basic DDoS protection, with no service endpoint on the network.
8. Select Create.
2. Prepare on-premises Hyper-V servers for disaster recovery to Azure
How to prepare a on-premises Hyper-V infrastructure when we want to set up disaster recovery of Hyper-VMs to Azure, using Azure Site Recovery.
Before we start Make sure we’ve prepared Azure as described in our last step.
a) Review requirements and prerequisites
Make sure Hyper-V hosts and VMs comply with requirements.
1. Verify on-premises server requirements.
2. Check the requirements for Hyper-V VMs you want to replicate to Azure.
3. Check Hyper-V host networking; and host and guest storage support for on-premises Hyper-V hosts.
4. Check what is supported for Azure networking, storage, and compute, after failover.
5. In on-premises VMs we replicate to Azure must comply with Azure VM requirements.
b) Verify internet access
1. For the purposes of the tutorial, the simplest configuration is for the Hyper-V hosts to have direct access to the internet without using a proxy.
2. Make sure that Hyper-V hosts can access the required URLs below.
Name
Commercial URL
Government URL
Description
Azure Active Directory
login.microsoftonline.com
login.microsoftonline.us
for access control and identity management by using Azure AD.
Backup
*.backup.windowsazure.com
*.backup.windowsazure.us
Replication
*.hypervrecoverymanager.windowsazure.com
*.hypervrecoverymanager.windowsazure.us
3. If you’re controlling access by IP address, make sure that:
o IP address-based firewall rules can connect to Azure Datacenter IP Ranges, and the HTTPS (443) port.
o Allow IP address ranges for the Azure region of our subscription.
c) Prepare to connect to Azure VMs after failover
During a failover scenario you may want to connect to your replicated on-premises network.
To connect to Windows VMs using RDP after failover, allow access as follows:
1. To access over the internet, enable RDP on the on-premises VM before failover. Make sure that TCP, and UDP rules are added for the Public profile, and that RDP is allowed in Windows Firewall > Allowed Apps for all profiles.
2. To access over site-to-site VPN, enable RDP on the on-premises machine. RDP should be allowed in the Windows Firewall -> Allowed apps and features for Domain and Private networks. Check that the operating system’s SAN policy is set to OnlineAll. There should be no Windows updates pending on the VM when you trigger a failover. If there are, you won’t be able to sign in to the virtual machine until the update completes.
3. On the Windows Azure VM after failover, check Boot diagnostics to view a screenshot of the VM. If you can’t connect, check that the VM is running and review these troubleshooting tips.
After failover, you can access Azure VMs using the same IP address as the replicated on-premises VM, or a different IP address. Learn more about setting up IP addressing for failover.
3. Set up disaster recovery of on-premises Hyper-V VMs to Azure
The Azure Site Recovery service contributes to your disaster-recovery strategy by managing and orchestrating replication, failover, and failback of on-premises machines and Azure virtual machines. Let’s see how to set up disaster recovery of on-premises Hyper-V VMs to Azure.
Before you begin Prepare Azure Prepare on-premises Hyper-V
a) Select a replication goal
1. In the Azure portal, go to Recovery Services vaults and select the vault. We prepared the vault ContosoVMVault in the previous tutorial.
2. In Getting Started, select Site Recovery, and then select Prepare Infrastructure.
3. In Protection goal > Where are your machines located? select On-premises.
4. In Where do you want to replicate your machines? select To Azure.
5. In Are your machines virtualized? select Yes, with Hyper-V.
6. In Are you using System Center VMM to manage your Hyper-V hosts, select No.
7. Select OK.
b) Confirm deployment planning
1. In Deployment planning, if you’re planning a large deployment, download the Deployment Planner for Hyper-V from the link on the page.
2. For this tutorial, we don’t need the Deployment Planner. In Have you completed deployment planning?, select I will do it later, and then select OK.
c) Set up the source environment
To set up the source environment, you create a Hyper-V site and add to that site the Hyper-V hosts containing VMs that you want to replicate. Then, you download and install the Azure Site Recovery Provider and the Azure Recovery Services agent on each host, and register the Hyper-V site in the vault.
1. Under Prepare Infrastructure, select Source.
2. In Prepare source, select + Hyper-V Site.
3. In Create Hyper-V site, specify the site name. We’re using ContosoHyperVSite.
4. After the site is created, in Prepare source > Step 1: Select Hyper-V site, select the site you created.
5. Select + Hyper-V Server.
6. Download the installer for the Microsoft Azure Site Recovery Provider.
7. Download the vault registration key. You need this key to install the Provider. The key is valid for five days after you generate it.
d) Install the Provider
Install the downloaded setup file (AzureSiteRecoveryProvider.exe) on each Hyper-V host that you want to add to the Hyper-V site. Setup installs the Azure Site Recovery Provider and Recovery Services agent on each Hyper-V host.
1. Run the setup file.
2. In the Azure Site Recovery Provider Setup wizard > Microsoft Update, opt in to use Microsoft Update to check for Provider updates.
3. In Installation, accept the default installation location for the Provider and agent, and select Install.
4. After installation, in the Microsoft Azure Site Recovery Registration Wizard > Vault Settings, select Browse, and in Key File, select the vault key file that you downloaded.
5. Specify the Azure Site Recovery subscription, the vault name (ContosoVMVault), and the Hyper-V site (ContosoHyperVSite) to which the Hyper-V server belongs.
6. In Proxy Settings, select Connect directly to Azure Site Recovery without a proxy.
7. In Registration, after the server is registered in the vault, select Finish.
Metadata from the Hyper-V server is retrieved by Azure Site Recovery, and the server is displayed in Site Recovery Infrastructure > Hyper-V Hosts. This process can take up to 30 minutes.
e) Set up the target environment
Select and verify target resources:
1. Select Prepare infrastructure > Target.
2. Select the subscription and the resource group ContosoRG in which the Azure VMs will be created after failover.
3. Select the Resource Manager” deployment model.
Site Recovery checks that you have one or more compatible Azure storage accounts and networks.
f) Set up a replication policy
1. Select Prepare infrastructure > Replication Settings > +Create and associate.
2. In Create and associate policy, specify a policy name. We’re using ContosoReplicationPolicy.
3. For this tutorial, we’ll leave the default settings:
o Copy frequency indicates how often delta data (after initial replication) will replicate. The default frequency is every five minutes.
o Recovery point retention indicates that recovery points will be retained for two hours. The maximum allowed value for retention when protecting virtual machines hosted on Hyper-V hosts is 24 hours.
o App-consistent snapshot frequency indicates that recovery points containing app-consistent snapshots will be created every hour.
o Initial replication start time indicates that initial replication will start immediately.
4. After the policy is created, select OK. When you create a new policy, it’s automatically associated with the specified Hyper-V site. In our tutorial, that’s ContosoHyperVSite.
g) Enable replication
1. In Replicate application, select Source.
2. In Source, select the ContosoHyperVSite site. Then, select OK.
3. In Target, verify the target (Azure), the vault subscription, and the Resource Manager deployment model.
4. If you’re using tutorial settings, select the contosovmsacct1910171607 storage account created in the previous tutorial for replicated data. Also select the ContosoASRnet network, in which Azure VMs will be located after failover.
5. In Virtual machines > Select, select the VM that you want to replicate. Then, select OK.
You can track progress of the Enable Protection action in Jobs > Site Recovery jobs. After the Finalize Protection job finishes, the initial replication is complete, and the VM is ready for failover.
4. Run a disaster recovery drill to Azure
How to run a disaster recovery drill for an on-premises machine to Azure using the Azure Site Recovery service. A drill validates your replication strategy without data loss.
Before you start-
1. Make sure you’ve set up Azure for on-premises disaster recovery of Hyper-V VMs to Azure.
2. Prepare your on-premises Hyper-V environment for disaster recovery.
3. Set up disaster recovery for Hyper-V VMs.
a) Verify VM properties
Before you run a test failover, verify the VM properties, and make sure that the Hyper-V VM complies with Azure requirements.
1. In Protected Items, click Replicated Items > and the VM.
2. In the Replicated item pane, there’s a summary of VM information, health status, and the latest available recovery points. Click Properties to view more details.
3. In Compute and Network, you can modify the Azure name, resource group, target size, availability set, and managed disk settings.
4. You can view and modify network settings, including the network/subnet in which the Azure VM will be located after failover, and the IP address that will be assigned to it.
5. In Disks, you can see information about the operating system and data disks on the VM.
b) Create a network for test failover
We recommended that for test failover, you choose a network that’s isolated from the production recovery site network specific in the Compute and Network settings for each VM. By default, when you create an Azure virtual network, it is isolated from other networks. The test network should mimic your production network:
- The test network should have same number of subnets as your production network. Subnets should have the same names.
- The test network should use the same IP address range.
- Update the DNS of the test network with the IP address specified for the DNS VM in Compute and Network settings. Read test failover considerations for Active Directory for more details.
c) Run a test failover for a single VM
When you run a test failover, the following happens:
1. A prerequisites check runs to make sure all of the conditions required for failover are in place.
2. Failover processes the data, so that an Azure VM can be created. If you select the latest recovery point, a recovery point is created from the data.
3. An Azure VM is created using the data processed in the previous step.
Run the test failover as follows:
1. In Settings > Replicated Items, click the VM > +Test Failover.
2. Select the Latest processed recovery point for this tutorial. This fails over the VM to the latest available point in time. The time stamp is shown. With this option, no time is spent processing data, so it provides a low RTO (recovery time objective).
3. In Test Failover, select the target Azure network to which Azure VMs will be connected after failover occurs.
4. Click OK to begin the failover. You can track progress by clicking on the VM to open its properties. Or you can click the Test Failover job in vault name > Settings > Jobs > Site Recovery jobs.
5. After the failover finishes, the replica Azure VM appears in the Azure portal > Virtual Machines. Check that the VM is the appropriate size, that it’s connected to the right network, and that it’s running.
6. You should now be able to connect to the replicated VM in Azure.
7. To delete Azure VMs created during the test failover, click Cleanup test failover on the VM. In Notes, record and save any observations associated with the test failover.
In some scenarios, failover requires additional processing that takes around eight to ten minutes to complete.
d) Connect after failover
If you want to connect to Azure VMs using RDP/SSH after failover, prepare to connect. If you encounter any connectivity issues after failover, follow the troubleshooting guide.
5. Fail over Hyper-V VMs to Azure
How to fail over Hyper-V VMs to Azure with Azure Site Recovery. After you’ve failed over, you fail back to your on-premises site when it’s available.
a) Prepare for failover
Make sure there are no snapshots on the VM, and that the on-premises VM is turned off during failback. It helps ensure data consistency during replication. Don’t turn on on-premises VM during failback.
Failover and failback have three stages:
1. Failover to Azure: Failover Hyper-V VMs from the on-premises site to Azure.
2. Failback to on-premises: Failover Azure VMs to your on-premises site when the on-premises site is available. It starts synchronizing data from Azure to on-premises and on completion, it brings up the VMs on on-premises.
3. Reverse replicate on-premises VMs: After failed back to on-premises, reverse replicate the on-premises VMs to start replicating them to Azure.
b) Verify VM properties
Before failover verify the VM properties, and make sure that the VM meets with Azure requirements.
In Protected Items, click Replicated Items > VM.
1. In the Replicated item pane, there’s a summary of VM information, health status, and the latest available recovery points. Click Properties to view more details.
2. In Compute and Network, you can modify the Azure name, resource group, target size, availability set, and managed disk settings.
3. You can view and modify network settings, including the network/subnet in which the Azure VM will be located after failover, and the IP address that will be assigned to it.
4. In Disks, you can see information about the operating system and data disks on the VM.
c) Fail over to Azure
1. In Settings > Replicated items, click the VM > Failover.
2. In Failover, select the Latest recovery point.
3. Select Shut down machine before beginning failover. Site Recovery attempts to do a shutdown of source VMs before triggering the failover. Failover continues even if shutdown fails. You can follow the failover progress on the Jobs page.
4. After you verify the failover, click Commit. It deletes all the available recovery points.
d) Connect to failed-over VM
1. If you want to connect to Azure VMs after failover by using Remote Desktop Protocol (RDP) and Secure Shell (SSH), verify that the requirements have been met.
2. After failover, go to the VM and validate by connecting to it.
3. Use Change recovery point if you want to use a different recovery point after failover. After you commit the failover in the next step, this option will no longer be available.
4. After validation, select Commit to finalize the recovery point of the VM after failover.
5. After you commit, all the other available recovery points are deleted. This step completes the failover.
6. Run a failback for Hyper-V VMs
How to fail back Azure VMs that were created after failover of Hyper-V VMs from an on-premises site to Azure, with Azure Site Recovery.
- Fail back Hyper-V VMs from Azure by running a planned failover from Azure to the on-premises site. If the failover direction is from Azure to on-premises, it’s considered a failback.
- Since Azure is a highly available environment and VMs are always available, failback from Azure is a planned activity. You can plan for a small downtime so that workloads can start running on-premises again.
- Planned failback turns off the VMs in Azure, and downloads the latest changes. No data loss is expected.
vmvmBefore you start-
1. Review the types of failback you can use — original location recovery and alternate location recovery.
2. Ensure that the Azure VMs are using a storage account and not managed disks. Failback of Hyper-V VMs replicated using managed disks isn’t supported.
3. Check that the on-premises Hyper-V host (or System Center VMM server if you’re using with Site Recovery) is running and connected to Azure.
4. Make sure that failover and commit are complete for the VMs. You don’t need to set up any specific Site Recovery components for failback of Hyper-V VMs from Azure.
5. The time needed to complete data synchronization and start the on-premises VM will depend on a number of factors. To speed up data download, you can configure the Microsoft Recovery Services agent to use more threads to parallelize the download.
a) Fail back to the original location
To fail back Hyper-V VMs in Azure to the original on-premises VM, run a planned failover from Azure to the on-premises site as follows:
1. In the vault > Replicated items, select the VM. Right-click the VM > Planned Failover. If you’re failing back a recovery plan, select the plan name and click Failover > Planned Failover.
2. In Confirm Planned Failover, choose the source and target locations. Note the failover direction. If the failover from primary worked as expected and all virtual machines are in the secondary location this is for information only.
3. In Data Synchronization, select an option:
· Synchronize data before failover (synchronize delta changes only) — This option minimizes downtime for VMs as it synchronizes without shutting them down.
o Phase 1: Takes a snapshot of Azure VM and copies it to the on-premises Hyper-V host. The machine continues running in Azure.
o Phase 2: Shuts down the Azure VM so that no new changes occur there. The final set of delta changes is transferred to the on-premises server and the on-premises VM is started.
· Synchronize data during failover only (full download) — This option is faster because we presume that most of the disk has changed, and don’t want to spend time calculating checksums. This option doesn’t perform any checksum calculations.
o It performs a download of the disk.
o We recommend you use this option if you’ve been running Azure for a while (a month or more) or if the on-premises VM is deleted.
4. For VMM only, if data encryption is enabled for the cloud, in Encryption Key, select the certificate that was issued when you enabled data encryption during Provider installation on the VMM server.
5. Initiate the failover. You can follow the failover progress on the Jobs tab.
6. If you selected the option to synchronize the data before the failover, after the initial data synchronization is complete and you’re ready to shut down the virtual machines in Azure, click Jobs > job name > Complete Failover. This does the following:
· Shuts down the Azure machine.
· Transfers the latest changes to the on-premises VM.
· Starts the on-premises VM.
7. You can now sign into the on-premises VM machine to check that it’s available as expected.
8. The virtual machine is in a commit pending state. Click Commit to commit the failover.
9. To complete the failback, click Reverse Replicate to start replicating the on-premises VM to Azure again.
· Synchronize data before failover (synchronize delta changes only) — This option minimizes downtime for VMs as it synchronizes without shutting them down.
o Phase 1: Takes a snapshot of Azure VM and copies it to the on-premises Hyper-V host. The machine continues running in Azure.
o Phase 2: Shuts down the Azure VM so that no new changes occur there. The final set of delta changes is transferred to the on-premises server and the on-premises VM is started.
· Synchronize data during failover only (full download) — This option is faster because we presume that most of the disk has changed, and don’t want to spend time calculating checksums. This option doesn’t perform any checksum calculations.
o It performs a download of the disk.
o We recommend you use this option if you’ve been running Azure for a while (a month or more) or if the on-premises VM is deleted.
b) Fail back to an alternate location
Fail back to an alternate location as follows:
1. If you’re setting up new hardware, install a supported version of Windows, and the Hyper-V role on the machine.
2. Create a virtual network switch with the same name that you had on the original server.
3. In Protected Items > Protection Group > <ProtectionGroupName> -> <VirtualMachineName>, select the VM you want to fail back, and then select Planned Failover.
4. In Confirm Planned Failovers, elect Create on-premises virtual machine if it does not exist.
5. In Host Name, select the new Hyper-V host server on which you want to place the VM.
6. In Data Synchronization, we recommend you select the option to synchronize the data before the failover. This minimizes downtime for VMs as it synchronizes without shutting them down. It does the following:
o Phase 1: Takes snapshot of the Azure VM and copies it to the on-premises Hyper-V host. The machine continues running in Azure.
o Phase 2: Shuts down the Azure VM so that no new changes occur there. The final set of changes is transferred to the on-premises server and the on-premises virtual machine is started up.
7. Click the checkmark to begin the failover (failback).
8. After the initial synchronization finishes and you’re ready to shut down the Azure VM, click Jobs > <planned failover job> > Complete Failover. This shuts down the Azure machine, transfers the latest changes to the on-premises VM, and starts it.
9. You can sign into the on-premises VM to verify that everything is working as expected.
10. Click Commit to finish the failover. Commit deletes the Azure VM and its disks, and prepares the on-premises VM to be protected again.
11. Click Reverse Replicate to start replicating the on-premises VM to Azure. Only the delta changes since the VM was turned off in Azure will be replicated.