Tutorial: Set up Protection Between an On-Premises VMM Site and Azure
Azure Site Recovery contributes to your business and workload continuity strategy by orchestrating replication, failover and recovery of virtual machines in a number of deployment scenarios.
This tutorial describes how to deploy Azure Site Recovery to orchestrate protection between an on-premises VMM site and Azure using Hyper-V replication. The tutorial uses the quickest deployment path and default settings where possible.
Make sure you have everything in place before you begin the tutorial.
- Azure account—You'll need an Azure account. If you don't have one, see Azure free trial. Get subscription pricing information at Azure Site Recovery Manager Pricing Details.
- Azure storage account—You'll need an Azure storage account to store data replicated to Azure. The account needs geo-replication enabled. It should be in the same region as the Azure Site Recovery service, and be associated with the same subscription. To learn more about setting up Azure storage, see Introduction to Microsoft Azure Storage.
- VMM server—A VMM server running on System Center 2012 R2.
- VMM clouds—At least one cloud on the VMM server.The cloud should contain:
- One or more VMM host groups
- One or more Hyper-V host servers or clusters in each host group.
- One or more virtual machines located on the source Hyper-V server in the cloud. The virtual machines should be generation 1.
- Virtual machine—You'll need virtual machines that comply with Azure requirements. See Prerequisites and support in the Planning guide.
- For a full list of virtual machine support requirements for failover to Azure, read
After verifying the prerequisites, do the following:
Step 1: Create a vault
Sign in to the Management Portal.
Expand Data Services, expand Recovery Services, and click Site Recovery Vault.
Click Create New and then click Quick Create.
In Name, enter a friendly name to identify the vault.
In Region, select the geographic region for the vault. Available geographic regions include East Asia, West Europe, West US, East US, North Europe, Southeast Asia.
Click Create vault.
Check the status bar to confirm that the vault was successfully created. The vault will be listed as Active on the main Recovery Services page.
Step 2: Generate a registration key and install the Azure Site Recovery Provider
In the Recovery Services page, click the vault to open the Quick Start page. Quick Start can also be opened at any time using the icon.
In the dropdown list, select Between an on-premises Hyper-V site and Microsoft Azure.
In Prepare VMM Servers, click Generate registration key file. The key is valid for 5 days after it's generated. Copy the file to the VMM server. You'll need it when you set up the Provider.
On the Quick Start page, in Prepare VMM servers, click Download Microsoft Azure Site Recovery Provider for installation on VMM servers to obtain the latest version of the Provider installation file.
Run this file on the source VMM server.
In Pre-requirements Check select to stop the VMM service to begin Provider setup. The service stops and will restart automatically when setup finishes.
In Microsoft Update you can opt in for updates. With this setting enabled Provider updates will be installed according to your Microsoft Update policy.
After the Provider is installed continue setup to register the server in the vault.
In Internet Connection specify how the Provider running on the VMM server connects to the Internet. Select Use default system proxy settings to use the default Internet connection settings configured on the server.
In Registration Key, select that you downloaded from Azure Site Recovery and copied to the VMM server.
In Vault name, verify the name of the vault in which the server will be registered.
In Server name, specify a friendly name to identify the VMM server in the vault.
In Initial cloud metadata sync select whether you want to synchronize metadata for all clouds on the VMM server with the vault. This action only needs to happen once on each server. If you don't want to synchronize all clouds, you can leave this setting unchecked and synchronize each cloud individually in the cloud properties in the VMM console.
In Data Encryption you specify a location to save an SSL certificate that’s automatically generated for data encryption. This certificate is used if you enable data encryption for a cloud protected by Azure in the Azure Site Recovery portal. Keep this certificate safe. When you run a failover to Azure you’ll select it in order to decrypt encrypted data. This option isn’t relevant if you’re replicating from one on-premises site to another.
Click Register to complete the process. After registration, metadata from the VMM server is retrieved by Azure Site Recovery. The server is displayed on the ed on the Resources tab on the Servers page in the vault.
Step 3: Create an Azure storage account
If you don't have an Azure storage account click Add an Azure Storage Account. The account should have geo-replication enabled. It must in the same region as the Azure Site Recovery service, and be associated with the same subscription.
Use this tutorial to set up a quick proof-of-concept for Azure Site Recovery in an on-premises to Azure deployment. It uses the quickest path and default settings where possible. You'll create an Azure Site Recovery vault, install the Azure Site Recovery Provider in the source VMM server, install the Azure Recovery Services Agent on Hyper-V host servers in the VMM clouds, configure cloud protection settings, enable protection for virtual machines, and test your deployment.
Step 4: Install the Azure Recovery Services Agent on Hyper-V hosts
Install the Azure Recovery Services agent on each Hyper-V host server located in the VMM clouds you want to protect.
On the Quick Start page, click Download Azure Site Recovery Services Agent and install on hosts to obtain the latest version of the agent installation file.
Run the installation file on each Hyper-V host server that's located in VMM clouds you want to protect.
On the Prerequisites Check page click Next. Any missing prerequisites will be automatically installed.
On the Installation Settings page, specify where you want to install the Agent and select the cache location in which backup metadata will be installed. Then click Install.
Step 5: Configure cloud protection settings
After VMM servers are registered, you can configure cloud protection settings. You enabled the option Synchronize cloud data with the vault when you installed the Provider so all clouds on the VMM server will appear in the Protected Items tab in the vault.
- On the Quick Start page, click Set up protection for VMM clouds.
- On the Protected Items tab, click on the cloud you want to configure and go to the Configuration tab.
- In Target, select Microsoft Azure.
- In Storage Account, select the Azure storage you want to use to store Azure virtual machines.
- Set Encrypt stored data to Off. This setting specifies that data should be encrypted replicated between the on-premises site and Azure.
- In Copy frequency leave the default setting. This value specifies how frequently data should be synchronized between source and target locations.
- In Retain recovery points for, leave the default setting. With a default value of zero only the latest recovery point for a primary virtual machine is stored on a replica host server.
- In Frequency of application-consistent snapshots, leave the default setting. This value specifies how often to create snapshots. Snapshots use Volume Shadow Copy Service (VSS) to ensure that applications are in a consistent state when the snapshot is taken. If you do set a value, make sure it's less than the number of additional recovery points you configure.
In Replication start time, specify when initial replication of data to Azure should start. The timezone on the Hyper-V host server will be used. We recommend that you schedule the initial replication during off-peak hours.
After you save the settings a job will be created and can be monitored on the Jobs tab. All Hyper-V host servers in the VMM source cloud will be configured for replication.
After saving, cloud settings can be modified on the Configure tab. To modify the target location or target storage you'll need to remove the cloud configuration, and then reconfigure the cloud. Note that if you change the storage account the change is only applied for virtual machines that are enabled for protection after the storage account has been modified. Existing virtual machines are not migrated to the new storage account.
Step 6: Configure network mapping
This tutorial describes the simplest path to deploy Azure Site Recovery in a test environment. If you do want to configure network mapping as part of this tutorial, read Prepare for network mapping in the Planning Guide. To configure mapping follow the steps to Configure network mapping in the deployment guide.
Step 7: Enable protection for virtual machines
After servers, clouds, and networks are configured correctly, you can enable protection for virtual machines in the cloud. Note the following:
- Virtual machines must meet Azure requirements. Check these in Prerequisites and support in the Planning guide.
- To enable protection the operating system and operating system disk properties must be set for the virtual machine. When you create a virtual machine in VMM using a virtual machine template you can set the property. You can also set these properties for existing virtual machines on the General and Hardware Configuration tabs of the virtual machine properties. If you don't set these properties in VMM you'll be able to configure them in the Azure Site Recovery portal.
- To enable protection, on the Virtual Machines tab in the cloud in which the virtual machine is located, click Enable protection and then select Add virtual machines
From the list of virtual machines in the cloud, select the one you want to protect.
Verify the virtual machine properties and modify as required.
Track progress of the Enable Protection action in the Jobs tab, including the initial replication. After the Finalize Protection job runs the virtual machine is ready for failover. After protection is enabled and virtual machines are replicated, you’ll be able to view them in Azure.
Step 8: Test the deployment
To test your deployment you can run a test failover for a single virtual machine, or create a recovery plan consisting of multiple virtual machines and run a test failover for the plan. Test failover simulates your failover and recovery mechanism in an isolated network. Note the following:
- If you want to connect to the virtual machine in Azure using Remote Desktop after the failover, enable Remote Desktop Connection on the virtual machine before you run the test failover.
- After failover you'll use a public IP address to connect to the virtual machine in Azure using Remote Desktop. If you want to do this, ensure you don't have any domain policies that prevent you from connecting to a virtual machine using a public address.
On the Recovery Plans tab, add a new plan. Specify a name, VMM in Source type, and the source VMM server in Source, The target will be Azure.
On the Confirm Test Failover page select None. Note that a test failover with this setting will check that the virtual machine replicated correctly to Azure but doesn't check your replication network configuration. If you want to run the test with a specified Azure network, see a href="http://go.microsoft.com/fwlink/?LinkId=522292">Test an on-premises to Azure deployment.
When the failover reaches the Complete testing phase , click Complete Test to finish up the test failover. You can drill down to the Job tab to track failover progress and status, and to perform any actions that are needed.
After the failover is complete do the following:
- Verify that the virtual machines start successfully
- Click Notes to record and save any observations associated with the test failover.
- Click The test failover is complete. Clean up the test environment to automatically power off the test virtual machine and delete the test Azure network.
After he failover you'll be able to see the virtual machine test replica in the Azure portal. If you’re set up to access virtual machines from your on-premises network you can initiate a Remote Desktop connection to the virtual machine.
You can use the Jobs tab and Dashboard to view and monitor the main jobs performed by the Azure Site Recovery vault, including configuring protection for a cloud, enabling and disabling protection for a virtual machine, running a failover (planned, unplanned, or test), and committing an unplanned failover.
From the Jobs tab you view jobs, drill down into job details and errors, run job queries to retrieve jobs that match specific criteria, export jobs to Excel, and restart failed jobs.
From the Dashboard you can download the latest versions of Provider and Agent installation files, get configuration information for the vault, see the number of virtual machines that have protection managed by the vault, see recent jobs, manage the vault certificate, and resynchronize virtual machines.
For more information about interacting with jobs and the dashboard, see the Operations and Monitoring Guide.