• 6 min read

Offering Managed DR for IaaS Workloads with ASR and Azure Pack

Azure Site Recovery integration with Azure Pack now enable Service Providers to offer Managed DR service to their customers on top of IaaS workloads

A few weeks back we  announced new capabilities in Azure Site Recovery that unlock different scenarios for Service Providers which enable them to offer value-added service on top of ASR. Specifically, with ASR and Azure Pack, Service Providers can now offer Managed DR as a premium service to their customers on top of IaaS workloads.

In this blog we will look at how Service Providers can leverage ASR integration with Azure Pack to offer Managed DR service to their customers while needing minimum configuration changes and user training. This blog will also give you an overview of how simple it is to create DR plans/add-ons, onboarding tenants and accessing virtual machines post failover.

1.2

As you can see in the architectural diagram above, Azure Pack, System Center Virtual Machine Manager (SCVMM) and Windows Server forms the foundation for delivering Azure consistent services.

As a Service Provider, to start offering DR you need to prepare your infrastructure, which can be done with few simple pre-requisites:

Once the initial setup is complete, you are ready to roll out DR plans and leverage ASR capabilities that include automated protection, asynchronous replication and orderly recovery of the virtual workloads.

The following sections will walk you through the steps of creating a DR plan/add-on, scheduling ASR runbooks, onboarding tenants, managing failover drills and accessing VMs post failover.

Create a DR Plan/add-on

To offer a DR plan, you need to create and publish a plan, link a DR add-on to it and finally create a corresponding private recovery plan on secondary Azure Pack admin portal. To explain these steps in detail, let us use a plan named “Gold Plan” that we will link to a DR add-on.

To create a DR add-on expand PLAN, click on CREATE ADD-ON and give it a name as “DRAddon”. Now your add-on is created but it still needs to be configured. To configure an add-on click on the ADD-ONS in your Azure Pack and select the newly created add-on. You will see that under add-on services, “Virtual Machine Clouds” is not activated.

 3.3

Click on the “Virtual Machine Clouds” and select the name of “VMM MANAGEMENT SERVER” and “VIRTUAL MACHINE CLOUD” that you have configured to use with Azure Pack in your primary data center.

4.4

Complete rest of the details like usage limit of cores, memory etc. depending upon your offering and check mark “Enable protection for all virtual machines” under custom settings, which is the latest addition with Azure Pack UR4 release.

Enableprotection checkbox

You have now successfully created a DR add-on and next thing is to link it to the plan. To Link an add-on click on “Link a plan” and select “Gold Plan”.

By this step our DR Plan is ready for customers but this plan needs to have a corresponding private plan on the secondary Azure Pack. This private plan is the one that ensures that tenant’s subscriptions have the exact same services and offerings on the DR site. ASR automatically adds your tenant’s subscriptions from primary plan to the private plan on the secondary data center which helps in providing a consistent and seamless experience to tenants across both the datacenters.

To create a private plan login to the secondary Azure Pack admin portal and create a plan named “Gold Plan–Recovery”. It is important to note that the name of private plan should start with primary plan name followed by the suffix that could be anything but it would be recommended to use “-Recovery” for ease of identification

Recoveryplan

Once the private plan is created, you need to configure it similarly as mentioned in the earlier steps by selecting name of the secondary datacenter SCVMM Server and Virtual Machine Cloud.

5.5

Master Runbook

ASR runbooks help you deploy protection automatically, taking away the pain of manually enabling protection for each tenant. There are five runbooks in total that you need to import into your primary Azure Pack admin portal but you only need to configure and schedule the master runbook named “Invoke-AzureSiteRecoveryProtectionJob.ps1”. Rest of the runbooks are internally invoked by the master runbook for querying tenant subscriptions, enabling protection and adding copy of subscriptions from primary Azure Pack admin portal to secondary Azure Pack admin portal.

For scheduling and configuring the master runbook browse “AUTOMATION” in primary Azure Pack admin portal, select the master runbook and click on schedule. Provide a user friendly name to the schedule and specify frequency and time for the runbook. To complete the schedule you have to provide name of the assets  as runbook parameters.

 Runbookparameter

The complete details of asset creation can be found  at Microsoft Script Center but to give you an idea, here is an example of creating one asset.

To create an asset for “PrimarySiteAdminConnection” parameter, browse to “AUTOMATION”, click “ASSETS” on the top and select “ADD SETTINGS” at the bottom middle

1.) Choose ADD CONNECTION

Asset1

2.) Select name of connection type as “MgmntSvcAdmin” and name it Primary Azure Pack Login

Asset2

3.) Provide Computer Name, Password, Username of the primary Azure Pack

Asset3

Similarly you can create rest of the assets and provide name of these assets in the master runbook.

Onboarding Tenants

Tenant onboarding is seamless as Tenants can see the new DR Plan/Add-on in their portal. As a tenant, one will subscribe to a DR Plan by going to his tenant portal account and signing up for the new plan. Once it is done, he has to add DR add-on to his subscription. Tenant account portal will look like below.

tenant1

Tenant can create virtual machines in his portal and they will be shown in the portal.

tenant2

There are no more additional steps for a tenant to perform !!

Automatic Protection

 Once the tenant has subscribed to the plan, ASR runbook will do the following two tasks:

  • Automatically detect subscriptions with DR-enabled plan on primary Azure Pack admin portal and add the copy of  that subscription to the secondary Azure Pack private plan
  • Enable protection for the tenant virtual machines and replicate all the virtual machines to the recovery Azure pack

Note: User accounts would not be added automatically by the runbooks to the Secondary Azure Pack and we assume that Service Provider would do that out-of-band using technologies like Active Directory Federation Services (ADFS).

In the screenshot below you can see that tenant subscription under “Gold Plan” from Azure Pack primary admin portal is added to the “Gold Plan-Recovery” on Azure Pack secondary admin portal.

Primary Azure Pack

subscription1

Secondary Azure Pack

subscription2

ASR runbooks have enabled protection for tenant’s virtual machines, which means runbooks have automatically triggered the job in Azure Site Recovery portal, as shown below, which otherwise would have been a manual step.

 

Enabling protection

In Primary Azure Pack admin portal you can also see the runbook jobs view to get the details of the jobs done by runbooks.

RB3

Perform Failover in ASR portal

Through Azure Site Recovery portal, Service Providers can manage both DR drills and failovers for customer applications. Service Providers can leverage the functionality of Recovery Plan, Test Failover and other failover operations in ASR portal and offer optimum RPORTO to their customers.

In this blog, we have used a ASR Recovery Plan to show how tenant virtual machines can be failed over. To do a planned failover, login to the Azure Site Recovery Portal and create a Recovery Plan. As you can see in the screenshot below, here in this Recovery Plan, tenant VMs are divided into two groups which means that the database server VM would boot up first on the recovery site followed by rest of the three VMs. This is to ensure that the backend virtual machines come up before the VMs that depends on it

RP1

Accessing VMs post Failover

With ASR and Azure Pack, tenants get a consistent experience on the secondary datacenter. As a Service Provider, you have to share the link of the Azure Pack tenant portal of secondary site with your customers. They can login to it and can seamlessly access their virtual machines in the exact same way as they were on the primary Azure Pack portal. Below screenshot shows the view when tenant login to the Azure Pack tenant portal on the secondary site. It shows all the 4 virtual machines are in running state after failover.

tenant2

In this post, you learnt  how Service Providers can rollout DR plans/add-ons to their customers and enable automatic protection using ASR runbooks. We also covered how easy it is for tenants to subscribe a DR plan and access their VMs post failover. ASR integration with Azure Pack not only allows Service Providers to provide DRaaS with minimal changes to their existing Azure Pack setup, it also provides them a unique opportunity to increase their revenues by offering complete solution of IaaS with DR.

If you are excited to try out, check out the getting started guide of Azure Site Recovery integration with WAP

If you have further questions, please visit the Azure Site Recovery forum on MSDN for additional information and to engage with other customers.