Prerequisites for replication to Azure by using Azure Site Recovery

The Azure Site Recovery service contributes to your business continuity and disaster recovery (BCDR) strategy by orchestrating replication of on-premises physical servers and virtual machines to the cloud (Azure), or to a secondary datacenter. When outages occur in your primary location, you can fail over to a secondary location to keep apps and workloads available. You can fail back to your primary location when it returns to normal operations. For more about Site Recovery, see What is Site Recovery?.

This article summarizes the prerequisites required to begin Site Recovery replication to Azure.

Post any comments at the bottom of the article, or ask technical questions on the Azure Recovery Services Forum.

Azure requirements

Requirement Details
Azure account A Microsoft Azure account.

You can start with a free trial.
Site Recovery service For more about Site Recovery pricing, see Site Recovery pricing.
Azure storage You need an Azure storage account to store replicated data, and it must be in the same region as the Recovery Services vault. Replicated data is stored in Azure storage, and Azure VMs are created when failover occurs.

Depending on the resource model you want to use for failed over Azure VMs, you can set up an account in the Azure Resource Manager model or in the classic model.

You can use geo-redundant storage or locally redundant storage. We recommend geo-redundant storage so that data is resilient if a regional outage occurs, or if the primary region can't be recovered.

You can use standard or premium storage. Premium storage is typically used for virtual machines that need a consistently high IO performance and low latency to host IO intensive workloads. If you use premium storage for replicated data, you also need a standard storage account to store replication logs that capture ongoing changes to on-premises data.

Storage limitations You can't move storage accounts used in Site Recovery across resource groups, or within or across subscriptions.

Replicating to premium storage accounts in Central India and South India isn't currently supported.
Azure network You need an Azure network to which Azure VMs will connect after failover, and it must be in the same region as the Recovery Services vault.

In the Azure portal, you can create networks in the Resource Manager model or in the classic model.

If you replicate from System Center Virtual Machine Manager to Azure, you will set up network mapping between Virtual Machine Manager VM networks and Azure networks to ensure that Azure VMs connect to appropriate networks after failover.
Network limitations You can't move network accounts used in Site Recovery across resource groups, or within or across subscriptions.
Network mapping If you replicate Hyper-V VMs in Virtual Machine Manager clouds, you need to set up network mapping so that Azure VMs are connected to appropriate networks when they're created after failover.
Note

The following sections describe the prerequisites for various components in the customer environment. For more about support for specific configurations, read the support matrix.

Disaster recovery of VMware virtual machines or physical Windows or Linux servers to Azure

Following are the required components for disaster recovery of VMware virtual machines or physical Windows or Linux servers in addition to the ones mentioned in Azure requirements.

Configuration server or additional process server: You will need to set up an on-premises machine as the configuration server to coordinate communications between the on-premises site and Azure, and to manage data replication.

  1. VMware vCenter or vSphere host
Component Requirements
vSphere One or more VMware vSphere hypervisors.

Hypervisors should be running vSphere version 6.0, 5.5, or 5.1 with the latest updates.

We recommend that vSphere hosts and vCenter servers are located in the same network as the process server. This is the network in which the configuration server is located, unless you’ve set up a dedicated process server.
vCenter We recommend that you deploy a VMware vCenter server to manage your vSphere hosts. It should be running vCenter version 6.0 or 5.5, with the latest updates.

Limitation: Site Recovery does not support cross vCenter vMotion. Storage DRS and Storage vMotion is also not supported on Master target virtual machine post a reprotect operation.
  1. Replicated machine prerequisites
Component Requirements
On-premises (VMware VMs) Replicated VMs should have VMware tools installed and running.

VMs should conform with Azure prerequisites for creating Azure VMs.

Individual disk capacity on protected machines shouldn’t be more than 1,023 GB.

A minimum 2 GB of available space on the installation drive is required for component installation.

Port 20004 should be opened on the VM local firewall if you want to enable multi-VM consistency.

Machine names should contain between 1 and 63 characters (letters, numbers, and hyphens). The name must start with a letter or number and end with a letter or number. After you've enabled replication for a machine, you can modify the Azure name.

Windows machines (physical or VMware) The machine should be running a supported 64-bit operating system: Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 with at least SP1.

The operating system should be installed on drive C. The OS disk should be a Windows basic disk and not dynamic. The data disk can be dynamic.

Linux machines (physical or VMware) You need a supported 64-bit operating system: Red Hat Enterprise Linux 6.7, 6.8, 7.1, or 7.2; Centos 6.5, 6.6, 6.7, 6.8, 7.0, 7.1, or 7.2; Oracle Enterprise Linux 6.4 or 6.5 running either the Red Hat compatible kernel or Unbreakable Enterprise Kernel Release 3 (UEK3), SUSE Linux Enterprise Server 11 SP3, SUSE Linux Enterprise Server 11 SP4.

Your /etc/hosts files on protected machines should contain entries that map the local host name to IP addresses associated with all network adapters.

If you want to connect to an Azure virtual machine running Linux after failover by using a Secure Shell client (ssh), ensure that the Secure Shell service on the protected machine is set to start automatically on system boot and that firewall rules allow an ssh connection to it.

The host name, mount points, device names, and Linux system paths and file names (for example, /etc/; /usr) should be in English only.

The following directories (if set up as separate partitions/file-systems) must all be on the same disk (the OS disk) on the source server: / (root), /boot, /usr, /usr/local, /var, /etc

XFS v5 features such as metadata checksum are currently not supported by ASR on XFS filesystems. Ensure that your XFS filesystems aren't using any v5 features. You can use the xfs_info utility to check the XFS superblock for the partition. If ftype is set to 1, then XFSv5 features are being used.

On Red Hat Enterprise Linux 7 and CentOS 7 servers, the lsof utility must be installed and available.

Disaster recovery of Hyper-V virtual machines to Azure (no Virtual Machine Manager)

Following are the required components for disaster recovery of Hyper-V virtual machines in Virtual Machine Manager clouds, in addition to the ones mentioned in Azure requirements.

Prerequisite Details
Hyper-V host One or more on-premises servers running Windows Server 2012 R2 with the latest updates and the Hyper-V role enabled, or Microsoft Hyper-V Server 2012 R2.

The Hyper-V servers should contain one or more virtual machines.

Hyper-V servers should be connected to the Internet, either directly or via a proxy.

Hyper-V servers should have fixes mentioned in KB2961977 installed.
Provider and agent During Azure Site Recovery deployment, you’ll install Azure Site Recovery Provider. The Provider installation will also install Azure Recovery Services Agent on each Hyper-V server running virtual machines you want to protect.

All Hyper-V servers in a Site Recovery vault should have the same versions of the Provider and agent.

The Provider will need to connect to Azure Site Recovery over the Internet. Traffic can be sent directly or through a proxy. HTTPS-based proxy is not supported. The proxy server should allow access to:

*.accesscontrol.windows.net: Used for access control and identity management

\*.backup.windowsazure.com: Used for replication data transfer and orchestration

\*.blob.core.windows.net: Used for access to the storage account that stores replicated data

\*.hypervrecoverymanager.windowsazure.com: Used for replication management operations and orchestration

time.nist.gov and time.windows.com: Used to check time synchronization between system and global time

URLs for Azure Government Cloud: - .ugv.hypervrecoverymanager.windowsazure.us - .ugv.backup.windowsazure.us - .ugi.hypervrecoverymanager.windowsazure.us - .ugi.backup.windowsazure.us

If you have IP address-based firewall rules on the server, ensure that the rules allow communication to Azure.

Allow the Azure datacenter IP ranges, and the HTTPS (443) port.

Allow IP address ranges for the Azure region of your subscription, and for the western US (used for access control and identity management).

Disaster recovery of Hyper-V virtual machines in Virtual Machine Manager clouds to Azure

Following are the required components for disaster recovery of Hyper-V virtual machines in Virtual Machine Manager clouds, in addition to the ones mentioned in Azure requirements.

Prerequisite Details
Virtual Machine Manager One or more Virtual Machine Manager servers running on System Center 2012 R2 or later. Each Virtual Machine Manager server should have one or more clouds configured.

A cloud should contain:
- One or more Virtual Machine Manager host groups.
- One or more Hyper-V host servers or clusters in each host group.

For more about setting up Virtual Machine Manager clouds, see How to create a cloud in VMM 2012.
Hyper-V Hyper-V host servers must be running at least Windows Server 2012 R2 with Hyper-V role or Microsoft Hyper-V Server 2012 R2 and have the latest updates installed.

A Hyper-V server should contain one or more VMs.

A Hyper-V host server or cluster that includes VMs you want to replicate must be managed in a Virtual Machine Manager cloud.

Hyper-V servers must be connected to the Internet, either directly or via a proxy.

Hyper-V servers must have the fixes mentioned in article 2961977 installed.

Hyper-V host servers need Internet access for data replication to Azure.
Provider and agent During Azure Site Recovery deployment, install Azure Site Recovery Provider on the Virtual Machine Manager server, and install Recovery Services Agent on Hyper-V hosts. The Provider and agent need to connect to Azure over the Internet directly or through a proxy. An HTTPS-based proxy isn't supported. The proxy server on the Virtual Machine Manager server and Hyper-V hosts should allow access to:

*.accesscontrol.windows.net: Used for access control and identity management

\*.backup.windowsazure.com: Used for replication data transfer and orchestration

\*.blob.core.windows.net: Used for access to the storage account that stores replicated data

\*.hypervrecoverymanager.windowsazure.com: Used for replication management operations and orchestration

time.nist.gov and time.windows.com: Used to check time synchronization between system and global time

URLs for Azure Government Cloud: - .ugv.hypervrecoverymanager.windowsazure.us - .ugv.backup.windowsazure.us - .ugi.hypervrecoverymanager.windowsazure.us - .ugi.backup.windowsazure.us

If you have IP address-based firewall rules on the Virtual Machine Manager server, ensure that the rules allow communication to Azure.

Allow the Azure datacenter IP ranges and the HTTPS (443) port.

Allow IP address ranges for the Azure region of your subscription, and for the western US (used for access control and identity management).

Replicated machine prerequisites

Component Details
Protected VMs Site Recovery supports all operating systems that are supported by Azure.

VMs should conform with Azure prerequisites for creating Azure VMs. Machine names should contain between 1 and 63 characters (letters, numbers, and hyphens). The name must start with a letter or number and end with a letter or number.

You can modify the name after you've enabled replication for the VM.

Individual disk capacity on protected machines shouldn’t be more than 1,023 GB. A VM can have up to 16 disks (thus up to 16 TB).

Disaster recovery of Hyper-V virtual machines in Virtual Machine Manager clouds to a customer-owned site

Following are the required components for disaster recovery of Hyper-V virtual machines in Virtual Machine Manager clouds to a customer-owned site, in addition to the ones mentioned in Azure requirements.

Components Details
Virtual Machine Manager We recommend that you deploy a Virtual Machine Manager server in the primary site and a Virtual Machine Manager server in the secondary site.

You can replicate between clouds on a single VMM server. To do this, you need at least two clouds configured on the Virtual Machine Manager server.

Virtual Machine Manager servers should be running at least System Center 2012 SP1 with the latest updates.

Each Virtual Machine Manager server must have at least one or more clouds. All clouds must have the Hyper-V Capacity profile set.

Clouds must contain one or more Virtual Machine Manager host groups. For more about setting up Virtual Machine Manager clouds, see Prepare for Azure Site Recovery deployment.
Hyper-V Hyper-V servers must be running at least Windows Server 2012 with the Hyper-V role, and have the latest updates installed.

A Hyper-V server should contain one or more VMs.

Hyper-V host servers should be located in host groups in the primary and secondary VMM clouds.

If you run Hyper-V in a cluster on Windows Server 2012 R2, we recommend installing update 2961977.

If you run Hyper-V in a cluster on Windows Server 2012 and have a static IP address-based cluster, cluster broker isn't created automatically. You must configure the cluster broker manually. For more about the cluster broker, see Configure replica broker role cluster to cluster replication.
Provider During Site Recovery deployment, install Azure Site Recovery Provider on Virtual Machine Manager servers. The Provider communicates with Site Recovery over HTTPS 443 to orchestrate replication. Data replication occurs between the primary and secondary Hyper-V servers over the LAN or a VPN connection.

The Provider running on the Virtual Machine Manager server needs access to these URLs:

*.accesscontrol.windows.net: Used for access control and identity management

\*.backup.windowsazure.com: Used for replication data transfer and orchestration

\*.blob.core.windows.net: Used for access to the storage account that stores replicated data

\*.hypervrecoverymanager.windowsazure.com: Used for replication management operations and orchestration

time.nist.gov and time.windows.com: Used to check time synchronization between system and global time

URLs for Azure Government Cloud: - .ugv.hypervrecoverymanager.windowsazure.us - .ugv.backup.windowsazure.us - .ugi.hypervrecoverymanager.windowsazure.us - .ugi.backup.windowsazure.us

The Provider must allow firewall communication from the Virtual Machine Manager servers to the Azure datacenter IP ranges and allow the HTTPS (443) protocol.

URL access

These URLs should be available from VMware, VMM, and Hyper-V host servers.

URL VMM to VMM VMM to Azure Hyper-V to Azure VMware to Azure
*.accesscontrol.windows.net Allow Allow Allow Allow
*.backup.windowsazure.com Not required Allow Allow Allow
*.hypervrecoverymanager.windowsazure.com Allow Allow Allow Allow
*.store.core.windows.net Allow Allow Allow Allow
*.blob.core.windows.net Not required Allow Allow Allow
https://dev.mysql.com/get/archives/mysql-5.5/mysql-5.5.37-win32.msi Not required Not required Not required Allow for SQL download
time.windows.com Allow Allow Allow Allow
time.nist.gov Allow Allow Allow Allow