• <1 minute

Best Practices: How to deploy Azure Site Recovery Mobility Service

With large Enterprises deploying Azure Site Recovery(ASR) as their Trusted Disaster Recovery(DR) solution, many of their DR Architects have asked us about what we think are the best practices to be followed while deploying ASR in production environments...

With large enterprises deploying Azure Site Recovery (ASR) as their trusted Disaster Recovery (DR) solution for application-aware DR, their DR architects have asked us about the best practices to be followed while deploying ASR in production environments. Given ASR’s multi-VM consistency promise to provide full application recovery on Microsoft Azure, the mobility service is a critical piece in the VMware to Azure scenario. In this blog, we take a look at the various options to deploy the ASR mobility service during different stages of a production ASR rollout.

Deployment Considerations

At a high level the challenges that we hear about day to day can be summarized as shown in the below table.

Firewall and Network Security
  • My organization has tight security policies. It does not allow me to change servers’ firewall settings to allow push install of ASR mobility service on the servers we want to protect.
Credential Management
  • My organization’s password expiry policy forces application owners to change the administrator password periodically. This causes ASR workflows that install and upgrade the mobility service to fail. Can I manage ASR mobility service deployment using software deployment tools (like System Center Configuration Manager) so that I don’t have to worry about these credentials?
  • As a hosting service provider, I want to provide DR as a Service to my customers, and I don’t like providing the customer’s virtual machine’s credentials to ASR, for it to push the mobility service. Can I manage the ASR mobility service initial deployment and upgrades using software deployment tools?
At Scale Deployment
  • My ASR proof of concept is done, and now we are starting a full-fledged production rollout. I have thousands of servers to protect. Is there a solution other than the push install service that we can use to deploy the ASR mobility service to all our production servers?
  • I want to pre-install the ASR mobility service during our planned software maintenance window, but replication should not start immediately. I want to start replicating virtual machines in batches to ensure that the initial replication traffic does not clog our network, and also finishes in a predictable desired timeframe.

Deployment Best Practices

Our goal here at Microsoft is to make Azure Site Recovery easy to deploy and use. We know that each enterprise environment is different and needs a customized solution to suite its security and audit needs. Therefore, we have support for multiple different ways in which you can install the ASR mobility service on the servers you want to protect. 

Note: All the ASR mobility service installation methods listed below can be used to deploy the mobility service on supported Microsoft Windows and Linux operating systems.

Push install mobility service during Enable Protection

Push install is the easiest method to deploy the ASR mobility service on the virtual machines you want to protect. This method is best suited for a proof of concept demonstration and deployment in production environments where firewall and network security rules are less stringent. To perform push install, your environment needs to meet the pre-requisites mentioned in our Prepare for push install documentation.

Install mobility service using software deployment tools

Enterprises use software deployment tools like System Center Configuration Manager (SCCM), Windows Server Update Service (WSUS), or other third party software deployment tools to push software on servers in their environment. ASR allows out-of-band installation of the mobility service via these software deployment tools. The documentation page Automate Mobility Service installation using software deployment tools, provides you instructions and scripts that allows you to use your favorite software deployment tool to install the ASR mobility service in your production environment – the documentation uses SCCM as an example.

This method is best suited for a production rollout of Azure Site Recovery and gives you the following advantages:

  1. No need to add firewall exceptions
  2. Deploy at enterprise scale
  3. No need to manage guest (protected virtual machine) credentials

Install mobility service using Azure Automation Desired State Configuration (DSC)

In organizations that heavily use Azure services in their production environment, Azure Automation Desired State Configuration can be used to deploy and manage the deployment of ASR mobility service. The documentation page Deploy the Mobility Service with Azure Automation DSC for replication of VM talks in detail about how to use Azure Automation DSC to install and manage the lifecycle of the ASR mobility service.

This method is best suited for a production rollout of Azure Site Recovery assuming you use Microsoft Azure Services to manage your IT infrastructure, and gives you the following advantages:

  1. No need to add firewall exceptions
  2. Deploy at enterprise scale
  3. No need to manage guest (protected virtual machine) credentials
  4. Enforces software configuration on your protected servers

Manual install (command line and GUI Based)

The ASR mobility service can be installed manually via command line or GUI. If you plan to protect 5-10 servers, and don’t have a software deployment tool being used in your organization, then you can use the manual install method. The manual install method can also be used for proof of concept deployments. The command line install method can be used to create scripts to automate installations in your production environment. You can find both of these methods documented at Install Mobility Service using command line and Install Mobility Service using GUI.

Closing Notes

The below decision tree helps to summarize how to choose the best deployment option that suites your environment.

image

You can check out additional product information and start replicating your workloads to Microsoft Azure using Azure Site Recovery today. You can use the powerful replication capabilities of Site Recovery for 31 days at no charge for every new physical server or virtual machine that you replicate. Visit the Azure Site Recovery forum on MSDN for additional information and to engage with other customers, or use the ASR UserVoice to let us know what features you want us to enable next.

Azure Site Recovery, as part of Microsoft Operations Management Suite, enables you to gain control and manage your workloads no matter where they run (Azure, AWS, Windows Server, Linux, VMware, or OpenStack) with a cost-effective, all-in-one cloud IT management solution. Existing System Center customers can take advantage of the Microsoft Operations Management Suite add-on, empowering them to do more by leveraging their current investments. Get access to all the new services that OMS offers, with a convenient step-up price for all existing System Center customers. You can also access only the IT management services that you need, enabling you to on-board quickly and have immediate value, paying only for the features that you use.