question

AntonioSamedi-0370 avatar image
0 Votes"
AntonioSamedi-0370 asked amon-2590 commented

Azure Cross Region Restore access

Hello,

So I was able to restore a VM to our environment in the west data center. Originally, My plan was to allow peering between the two networks, the west, and east Datacenter. after chatting with colleagues, if the east data center is down. The peering will fail.

So my question is what is the best practice for network setting when setting up the DR. network. Do I need two Virtual gateways? One in the east and one in the west. Then connect both to my onsite VPN?

Also, it still looks like there is no Powershell for this module, which will explain why the deploy template is unavailable?

azure-backupazure-virtual-machines-backup
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@AntonioSamedi-0370 This is taken care by service if you are creating a VM in secondary region. However, while restoring disk, during the template deployment ensure to provide the network settings corresponding to secondary region.


If the response helped, do "Accept Answer" and up-vote it

0 Votes 0 ·

1 Answer

amon-2590 avatar image
0 Votes"
amon-2590 answered amon-2590 commented

DR is all about balancing between availability and cost. Gateway's are only available in zonal redundancy. Should you decide that your VPN is mission critical, you would have to set up a seond gateway in your recovery geography.
Here is a short overview of Azure site recovery that could help explain your options.

Generally speaking this is without understanding your specific requirements VPN's are not regarded as so critical, because it could be replaced with a new VPN on the recovery site within minutes (assuming you have automated the process). If it were me, I would be more concerned about making sure I do not lose data or traffic while failing over to the DR.

Here are a couple of reference architectures you might find useful:
1. SMB DR
2. Enterprise scale DR


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for the response.

Currently, our office uses a VPN to connect and access our Azure resource. This would be important for users to stay productive. Right now while testing, I restored a VM to the west datacenter. Unfortunately, I am unable to access it. I would assume it's because I don't have any routes in my firewall to send me to azure, and this server does not have a public IP address.

We have opted not to use Azure site recovery. ( a little high on the costs side). So I'm guessing the best way to ensure the I can access this data is to build another SSL VPN connection from my office to azure west. I did see something about a Traffic manager in one of the links you sent, which looks like it would handle the cut-over if a connection isn't available.

0 Votes 0 ·

Hi @AntonioSamedi-0370

Azure Traffic Manager works on the DNS layer, so unfortunately wouldn't help you with the VPN.
For you to be able to reach your secondary site network you could either use Azure network peering or set up a second VPN.
This is how to configure VPN transit gateway


0 Votes 0 ·