Replicate Azure virtual machines running in Proximity Placement Groups to another region
This article describes how to replicate, failover and failback virtual machines running in a Proximity Placement Group to a secondary region.
Proximity Placement Groups is an Azure Virtual Machine logical grouping capability that you can use to decrease the inter-VM network latency associated with your applications. When the VMs are deployed within the same proximity placement group, they are physically located as close as possible to each other. Proximity placement groups are particularly useful to address the requirements of latency-sensitive workloads.
Disaster recovery with Proximity Placement Groups
In a typical scenario, you may have your virtual machines running in a proximity placement group to avoid the network latency between the various tiers of your application. While this can provide your application optimal network latency, you would like to protect these applications using Site Recovery for any region level failure. Site Recovery replicates the data from one region to another Azure region and brings up the machines in disaster recovery region in an event of failover.
- The best effort will be to failover/failback the virtual machines into a proximity placement group. However, if VM is unable to be brought up inside Proximity Placement during failover/failback, then failover/failback will still happen, and virtual machines will be created outside of a proximity placement group.
- If an Availability Set is pinned to a Proximity Placement Group and during failover/failback VMs in the availability set have an allocation constraint, then the virtual machines will be created outside of both the availability set and proximity placement group.
- Site Recovery for Proximity Placement Groups is not supported for unmanaged disks.
Azure Site Recovery does not support failback from managed disks for Hyper-V to Azure scenarios. Hence, failback from Proximity Placement Group in Azure to Hyper-V is not supported.
- Make sure that you have the Azure PowerShell Az module. If you need to install or upgrade Azure PowerShell, follow this Guide to install and configure Azure PowerShell.
- The minimum Azure PowerShell Az version should be 4.1.0. To check the current version, use the below command -
Get-InstalledModule -Name Az
Set up Site Recovery for Virtual Machines in Proximity Placement Group
Make sure that you have the unique ID of target Proximity Placement Group handy. If you're creating a new Proximity Placement Group, then check the command here and if you're using an existing Proximity Placement Group, then use the command here.
Azure to Azure
- Sign in to your account and set your subscription.
- Get the details of the virtual machine you’re planning to replicate as mentioned here.
- Create your recovery services vault and set the vault context.
- Prepare the vault to start replication virtual machine. This involves creating a service fabric object for both primary and recovery regions.
- Create a Site Recovery protection container, for both the primary and recovery fabrics.
- Create a replication policy.
- Create a protection container mapping between primary and recovery protection container using these steps and a protection container mapping for failback as mentioned here.
- Create cache storage account by following these steps.
- Create the required network mappings as mentioned here.
- To replicate Azure virtual machine with managed disks, use the below PowerShell cmdlet -
#Get the resource group that the virtual machine must be created in when failed over. $RecoveryRG = Get-AzResourceGroup -Name "a2ademorecoveryrg" -Location "West US 2" #Specify replication properties for each disk of the VM that is to be replicated (create disk replication configuration) #OS Disk $OSdisk = Get-AzDisk -DiskName $OSdiskName -ResourceGroupName $OSdiskResourceGroup $OSdiskId = $OSdisk.Id $RecoveryOSDiskAccountType = $OSdisk.Sku.Name $RecoveryReplicaDiskAccountType = $OSdisk.Sku.Name $OSDiskReplicationConfig = New-AzRecoveryServicesAsrAzureToAzureDiskReplicationConfig -ManagedDisk -LogStorageAccountId $EastUSCacheStorageAccount.Id -DiskId $OSdiskId -RecoveryResourceGroupId $RecoveryRG.ResourceId -RecoveryReplicaDiskAccountType $RecoveryReplicaDiskAccountType -RecoveryTargetDiskAccountType $RecoveryOSDiskAccountType #Data disk $datadisk = Get-AzDisk -DiskName $datadiskName -ResourceGroupName $datadiskResourceGroup $datadiskId1 = $datadisk.Id $RecoveryReplicaDiskAccountType = $datadisk.Sku.Name $RecoveryTargetDiskAccountType = $datadisk.Sku.Name $DataDisk1ReplicationConfig = New-AzRecoveryServicesAsrAzureToAzureDiskReplicationConfig -ManagedDisk -LogStorageAccountId $EastUSCacheStorageAccount.Id -DiskId $datadiskId1 -RecoveryResourceGroupId $RecoveryRG.ResourceId -RecoveryReplicaDiskAccountType $RecoveryReplicaDiskAccountType -RecoveryTargetDiskAccountType $RecoveryTargetDiskAccountType #Create a list of disk replication configuration objects for the disks of the virtual machine that are to be replicated. $diskconfigs = @() $diskconfigs += $OSDiskReplicationConfig, $DataDisk1ReplicationConfig #Start replication by creating replication protected item. Using a GUID for the name of the replication protected item to ensure uniqueness of name. $TempASRJob = New-AzRecoveryServicesAsrReplicationProtectedItem -AzureToAzure -AzureVmId $VM.Id -Name (New-Guid).Guid -ProtectionContainerMapping $EusToWusPCMapping -AzureToAzureDiskReplicationConfiguration $diskconfigs -RecoveryResourceGroupId $RecoveryRG.ResourceId -RecoveryProximityPlacementGroupId $targetPpg.Id
Once the start replication operation succeeds, virtual machine data is replicated to the recovery region.
The replication process starts by initially seeding a copy of the replicating disks of the virtual machine in the recovery region. This phase is called the initial replication phase.
After initial replication completes, replication moves to the differential synchronization phase. At this point, the virtual machine is protected, and a test failover operation can be performed on it. The replication state of the replicated item representing the virtual machine goes to the Protected state after initial replication completes.
Monitor the replication state and replication health for the virtual machine by getting details of the replication protected item corresponding to it.
Get-AzRecoveryServicesAsrReplicationProtectedItem -ProtectionContainer $PrimaryProtContainer | Select FriendlyName, ProtectionState, ReplicationHealth
- To do a test failover, validate and cleanup test failover, follow these steps.
- To failover, follow the steps as mentioned here.
- To reprotect and failback to the source region, use the below PowerShell cmdlet –
#Create Cache storage account for replication logs in the primary region $WestUSCacheStorageAccount = New-AzStorageAccount -Name "a2acachestoragewestus" -ResourceGroupName "A2AdemoRG" -Location 'West US' -SkuName Standard_LRS -Kind Storage #Use the recovery protection container, new cache storage account in West US and the source region VM resource group Update-AzRecoveryServicesAsrProtectionDirection -ReplicationProtectedItem $ReplicationProtectedItem -AzureToAzure -ProtectionContainerMapping $WusToEusPCMapping -LogStorageAccountId $WestUSCacheStorageAccount.Id -RecoveryResourceGroupID $sourceVMResourcegroup.ResourceId -RecoveryProximityPlacementGroupId $vm.ProximityPlacementGroup.Id
- To disable replication, follow the steps here.
VMware to Azure
- Make sure that you prepare your on-premises VMware servers for disaster recovery to Azure.
- Sign in to your account and set your subscription as specified here.
- Set up a Recovery Services Vault and set vault context.
- Validate your vault registration.
- Create a replication policy.
- Add a vCenter server and discover virtual machines and create storage accounts for replication.
- To replicate VMware Virtual Machines, check the details here and follow the below PowerShell cmdlet –
#Get the target resource group to be used $ResourceGroup = Get-AzResourceGroup -Name "VMwareToAzureDrPs" #Get the target virtual network to be used $RecoveryVnet = Get-AzVirtualNetwork -Name "ASR-vnet" -ResourceGroupName "asrrg" #Get the protection container mapping for replication policy named ReplicationPolicy $PolicyMap = Get-AzRecoveryServicesAsrProtectionContainerMapping -ProtectionContainer $ProtectionContainer | where PolicyFriendlyName -eq "ReplicationPolicy" #Get the protectable item corresponding to the virtual machine CentOSVM1 $VM1 = Get-AzRecoveryServicesAsrProtectableItem -ProtectionContainer $ProtectionContainer -FriendlyName "CentOSVM1" # Enable replication for virtual machine CentOSVM1 using the Az.RecoveryServices module 2.0.0 onwards to replicate to managed disks # The name specified for the replicated item needs to be unique within the protection container. Using a random GUID to ensure uniqueness $Job_EnableReplication1 = New-AzRecoveryServicesAsrReplicationProtectedItem -VMwareToAzure -ProtectableItem $VM1 -Name (New-Guid).Guid -ProtectionContainerMapping $PolicyMap -ProcessServer $ProcessServers -Account $AccountHandles -RecoveryResourceGroupId $ResourceGroup.ResourceId -logStorageAccountId $LogStorageAccount.Id -RecoveryAzureNetworkId $RecoveryVnet.Id -RecoveryAzureSubnetName "Subnet-1" -RecoveryProximityPlacementGroupId $targetPpg.Id
- You can check the replication state and replication health of the virtual machine with the Get-ASRReplicationProtectedItem cmdlet.
Get-AzRecoveryServicesAsrReplicationProtectedItem -ProtectionContainer $ProtectionContainer | Select FriendlyName, ProtectionState, ReplicationHealth
- Configure the failover settings by following the steps here.
- Run a test failover.
- Failover to Azure using these steps.
Hyper-V to Azure
Make sure that you prepare your on-premises Hyper-V servers for disaster recovery to Azure.
Sign in to Azure.
Create a Hyper-V Site.
Install the provider and agent.
Create a replication policy.
Enable replication by using the below steps –
a. Retrieve the protectable item that corresponds to the VM you want to protect, as follows:
$VMFriendlyName = "Fabrikam-app" #Name of the VM $ProtectableItem = Get-AzRecoveryServicesAsrProtectableItem -ProtectionContainer $protectionContainer -FriendlyName $VMFriendlyName
b. Protect the VM. If the VM you're protecting has more than one disk attached to it, specify the operating system disk by using the OSDiskName parameter.
$OSType = "Windows" # "Windows" or "Linux" $DRjob = New-AzRecoveryServicesAsrReplicationProtectedItem -ProtectableItem $VM -Name $VM.Name -ProtectionContainerMapping $ProtectionContainerMapping -RecoveryAzureStorageAccountId $StorageAccountID -OSDiskName $OSDiskNameList[$i] -OS $OSType -RecoveryResourceGroupId $ResourceGroupID -RecoveryProximityPlacementGroupId $targetPpg.Id
c. Wait for the VMs to reach a protected state after the initial replication. This can take a while, depending on factors such as the amount of data to be replicated, and the available upstream bandwidth to Azure. When a protected state is in place, the job State and StateDescription are updated as follows:
$DRjob = Get-AzRecoveryServicesAsrJob -Job $DRjob $DRjob | Select-Object -ExpandProperty State $DRjob | Select-Object -ExpandProperty StateDescription
d. Update recovery properties (such as the VM role size) and the Azure network to which to attach the VM NIC after failover.
$nw1 = Get-AzVirtualNetwork -Name "FailoverNw" -ResourceGroupName "MyRG" $VMFriendlyName = "Fabrikam-App" $rpi = Get-AzRecoveryServicesAsrReplicationProtectedItem -ProtectionContainer $protectionContainer -FriendlyName $VMFriendlyName $UpdateJob = Set-AzRecoveryServicesAsrReplicationProtectedItem -InputObject $rpi -PrimaryNic $VM.NicDetailsList.NicId -RecoveryNetworkId $nw1.Id -RecoveryNicSubnetName $nw1.Subnets.Name $UpdateJob = Get-AzRecoveryServicesAsrJob -Job $UpdateJob $UpdateJob | Select-Object -ExpandProperty state Get-AzRecoveryServicesAsrJob -Job $job | Select-Object -ExpandProperty state
Run a test failover.
To perform reprotect and failback for VMware to Azure, follow the steps outlined here.
For more information, see Failover in Site Recovery.