question

ZacharyHamilton-1154 avatar image
0 Votes"
ZacharyHamilton-1154 asked ·

Azure Migrate - how to use for failover

Hello,

We have a number of on-premise Hyper-V VMs. We are looking to backup a few of them to our Azure cloud in case our building would face a true disaster and be destroyed.

Would Azure VM "migration" be the ticket? We're not really looking to "migrate" as I understand the term, but rather, make a copy of the machine in Azure that we could spin up and fail over to if necessary.

I'm having difficulty sifting through the voluminous Microsoft documentation to get a clear answer on this. All I want is to know what time it is, and Microsoft wants to teach me how to build a clock.

Thanks for your help.

Zachary Hamilton

azure-virtual-machines
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

StephaneBudo avatar image
3 Votes"
StephaneBudo answered ·

Hi Zachary,

I know what you mean, the number of services in Azure (and the documentation) is huge these days, so hard to sift through the weeds to find what you need.

From what you describe above, you are after "Azure Site Recovery".
This service will continuously replicate your existing Virtual Machines to an encrypted Recovery Services Vault. From there, you can then fail over (for testing or during a real disaster) to Azure.

Process at a high level:

General overview of the service and all related documentation can be found here:
https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview

Hope this helps, but let us know if you have any questions/problems,
Stephane

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ZacharyHamilton-1154 avatar image
0 Votes"
ZacharyHamilton-1154 answered ·

Stephane,

Thanks for the response.

I'm getting a little stuck when I try to set up the Protection Goal. I get the following message:

"We strongly recommend that you use the new ‘Azure Migrate: Server Migration’ capability to migrate VMware, Hyper-V, and physical servers to Azure.​ Click here: https://portal.azure.com/#blade/Microsoft_Azure_Migrate/AmhResourceMenuBlade/overview

Should I use this, or should I stick to Azure Site Recovery?

Thanks,

Zachary Hamilton

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

StephaneBudo avatar image
1 Vote"
StephaneBudo answered ·

Hi Zachary,

I would stick with Azure Site Recovery.
Azure Migrate is a specific tool set to migrate to Azure, which includes Azure Site Recovery.
Since your intend is not to migrate, but simply protect your workloads, ASR is the way to go.

Cheers,
Stephane

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ZacharyHamilton-1154 avatar image
0 Votes"
ZacharyHamilton-1154 answered ·

Stephane,

So let me make sure I understand where I'm going...

We would continue to run our VMs locally, but if our building was destroyed by a hurricane or something, we could spin up those VMs in the Azure cloud and run them from there. Is my understanding correct?

Thanks for your help with this. I am awaiting delivery of some books on Azure. I have a couple decades of experience with on-prem stuff, but this is my first time working for a company that has a cloud component to the infrastructure. Lots to learn!

Thanks again.

Zachary Hamilton

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

StephaneBudo avatar image
0 Votes"
StephaneBudo answered ·

That's exactly right.

The Recovery Services Agent running on your Hyper-V hosts will replicate (block level) the disk changes up to the Recovery Service Vault (down to every 30 seconds for critical systems if needed), so if you have a disaster (either your entire on-premises datacentre goes up in flames, or even if one of your servers starts to blue screen), you can failover the servers up in Azure and continue to run the server(s) up there while you fix your datacentre.
When you initiate a fail over, the platform will copy the data out of the Vault, create the VM disks from it, then create the VMs associated and spin them up.

The few things to be aware of:

  • Make sure you have the network design done and setup well before a disaster. This involve creating the virtual networks in Azure (to which your VMs will connect to), as well as the connectivity to the network (and therefor your servers) should your datacentre becomes inaccessible.

  • Beware that the bandwidth required from your datacentre to Azure has to be sufficient to sustain the rate of change and upload of the data to the vault. This is also valid for the disk access once the VM is in Azure itself.
    Microsoft has developed an assessment tool that will calculate it all based on your existing workloads: found here

  • I would recommend to have your network in Azure connected back to your on-premises network and to deploy a domain controller up in Azure. That way, you have an existing domain controller always available should your datacentre go down (Domain controllers are a bit hard to failover due to the IP addressing change as well as the domain topology, so it's easier to have one already up and running as opposed to failover your existing ones).

I did a quick Azure Site Recovery demo video, and although it's a bit old now (about 3 years ago) and the tooling/portal might have slightly changed, the principles in there are still valid, so worth watching:
https://www.youtube.com/watch?v=ZNImiAslDyQ

Feel free to reach out if you have more questions :-)
(and don't forget to mark the answers as accepted if you feel I've answered the questions correctly :-))

Thank you,

Stephane

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ZacharyHamilton-1154 avatar image
0 Votes"
ZacharyHamilton-1154 answered ·

Another question if I may: I set up the virtual network with a different subnet. I did a test failover of the VM and it seems to be working according to the Azure dashboard. However, I can't connect to it through either RDP or Bastion (didn't try SSH). Is there a secret to this that will get me going quickly? I found some RDP troubleshooting docs, but again, it's quite a lot to go through for what I'm guessing would be a simple fix if I knew where to look.

Thanks,

Zach

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

StephaneBudo avatar image
0 Votes"
StephaneBudo answered ·

Hey Zach,

The RDP connection should work, but there are a few things to watch out for:

  • Since the IP addresses of the servers have changed, is Windows Firewall blocking the connection?

  • How do you connect to the VNet? Are you using a VPN gateway or a public IP assigned to each VMs? If you are using a VPN Gateway, make sure that the server knows the route back to your workstation. If you are using Public IP, make sure the Windows Firewall allows the connection and that there is the appropriate NSG in place on the Subnet and NIC to allow the RDP connection.

  • Are you allowing pings in Windows Firewall? If so, can you ping the VM? (i.e. is the network connectivity working and it's only RDP that doesn't work?)

In most cases that I see, Windows Firewall is the culprit in those situation...

Cheers,

Stephane



·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ZacharyHamilton-4558 avatar image
0 Votes"
ZacharyHamilton-4558 answered ·

I didn't have a public IP assigned to the NIC. I got connected. Thanks for all your help.

Zachary Hamilton

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.