Set up the configuration server for disaster recovery of physical servers to Azure

This article describes how to set up your on-premises environment to start replicating physical servers running Windows or Linux into Azure.

Prerequisites

The article assumes that you already have:

  • A Recovery Services vault in the Azure portal.
  • A physical computer on which to install the configuration server.
  • If you've disabled TLS 1.0 on the machine on which you're installing the configuration server, make sure that TLs 1.2 is enabled, and that the .NET Framework version 4.6 or later is installed on the machine (with strong cryptography disabled). Learn more.

Configuration server minimum requirements

The following table lists the minimum hardware, software, and network requirements for a configuration server.

Configuration/Process server requirements

Component Requirement
HARDWARE SETTINGS
CPU cores 8
RAM 16 GB
Number of disks 3, including the OS disk, process server cache disk, and retention drive for failback
Free disk space (process server cache) 600 GB
Free disk space (retention disk) 600 GB
SOFTWARE SETTINGS
Operating system Windows Server 2012 R2
Windows Server 2016
Operating system locale English (en-us)
Windows Server roles Don't enable these roles:
- Active Directory Domain Services
- Internet Information Services
- Hyper-V
Group policies Don't enable these group policies:
- Prevent access to the command prompt.
- Prevent access to registry editing tools.
- Trust logic for file attachments.
- Turn on Script Execution.
Learn more
IIS - No pre-existing default website
- No preexisting website/application listening on port 443
- Enable anonymous authentication
- Enable FastCGI setting
NETWORK SETTINGS
IP address type Static
Ports 443 (Control channel orchestration)
9443 (Data transport)
NIC type VMXNET3 (if the Configuration Server is a VMware VM)
Internet access (The server needs access to following URLs - directly or via proxy):
*.backup.windowsazure.com Used for replicated data transfer and coordination
*.store.core.windows.net Used for replicated data transfer and coordination
*.blob.core.windows.net Used to access storage account that stores replicated data
*.hypervrecoverymanager.windowsazure.com Used for replication management operations and coordination
https://management.azure.com Used for replication management operations and coordination
*.services.visualstudio.com Used for telemetry purposes (It is optional)
time.nist.gov Used to check time synchronization between system and global time.
time.windows.com Used to check time synchronization between system and global time.
  • https://login.microsoftonline.com
  • https://secure.aadcdn.microsoftonline-p.com
  • https://login.live.com
  • https://graph.windows.net
  • https://login.windows.net
  • https://www.live.com
  • https://www.microsoft.com
OVF set up needs access to these URLs. They are used for access control and identity management by Azure Active Directory
https://dev.mysql.com/get/Downloads/MySQLInstaller/mysql-installer-community-5.7.20.0.msi To complete MySQL download
SOFTWARE TO INSTALL
VMware vSphere PowerCLI PowerCLI version 6.0 should be installed if the Configuration Server is running on a VMware VM.
MYSQL MySQL should be installed. You can install manually, or Site Recovery can install it. (Refer to configure settings for more information)

Configuration/Process server sizing requirements

CPU Memory Cache disk Data change rate Replicated machines
8 vCPUs

2 sockets * 4 cores @ 2.5 GHz
16GB 300 GB 500 GB or less < 100 machines
12 vCPUs

2 socks * 6 cores @ 2.5 GHz
18 GB 600 GB 500 GB-1 TB 100 to 150 machines
16 vCPUs

2 socks * 8 cores @ 2.5 GHz
32 GB 1 TB 1-2 TB 150 -200 machines

Note

HTTPS-based proxy servers are not supported by the configuration server.

Choose your protection goals

  1. In the Azure portal, go to the Recovery Services vaults blade and select your vault.

  2. In the Resource menu of the vault, click Getting Started > Site Recovery > Step 1: Prepare Infrastructure > Protection goal.

    Choose goals

  3. In Protection goal, select To Azure and Not virtualized/Other, and then click OK.

    Choose goals

Set up the source environment

  1. In Prepare source, if you don’t have a configuration server, click +Configuration server to add one.

    Set up source

  2. In the Add Server blade, check that Configuration Server appears in Server type.

  3. Download the Site Recovery Unified Setup installation file.

  4. Download the vault registration key. You need the registration key when you run Unified Setup. The key is valid for five days after you generate it.

    Set up source

  5. On the machine you’re using as the configuration server, run Azure Site Recovery Unified Setup to install the configuration server, the process server, and the master target server.

Run Azure Site Recovery Unified Setup

Tip

Configuration server registration fails if the time on your computer's system clock is more than five minutes off of local time. Synchronize your system clock with a time server before starting the installation.

  1. Run the Unified Setup installation file.

  2. In Before You Begin, select Install the configuration server and process server.

    Before you start

  3. In Third Party Software License, click I Accept to download and install MySQL.

    Third-party software

  4. In Registration, select the registration key you downloaded from the vault.

    Registration

  5. In Internet Settings, specify how the Provider running on the configuration server connects to Azure Site Recovery over the Internet. Make sure you've allowed the required URLs.

    • If you want to connect with the proxy that's currently set up on the machine, select Connect to Azure Site Recovery using a proxy server.
    • If you want the Provider to connect directly, select Connect directly to Azure Site Recovery without a proxy server.
    • If the existing proxy requires authentication, or if you want to use a custom proxy for the Provider connection, select Connect with custom proxy settings, and specify the address, port, and credentials. Firewall
  6. In Prerequisites Check, Setup runs a check to make sure that installation can run. If a warning appears about the Global time sync check, verify that the time on the system clock (Date and Time settings) is the same as the time zone.

    Prerequisites

  7. In MySQL Configuration, create credentials for logging on to the MySQL server instance that is installed.

    MySQL

  8. In Environment Details, select No if you're replicating Azure Stack VMs or physical servers.

  9. In Install Location, select where you want to install the binaries and store the cache. The drive you select must have at least 5 GB of disk space available, but we recommend a cache drive with at least 600 GB of free space.

    Install location

  10. In Network Selection, first select the NIC that the in-built process server uses for discovery and push installation of mobility service on source machines, and then select the NIC that Configuration Server uses for connectivity with Azure. Port 9443 is the default port used for sending and receiving replication traffic, but you can modify this port number to suit your environment's requirements. In addition to the port 9443, we also open port 443, which is used by a web server to orchestrate replication operations. Do not use port 443 for sending or receiving replication traffic.

    Network selection

  11. In Summary, review the information and click Install. When installation finishes, a passphrase is generated. You will need this when you enable replication, so copy it and keep it in a secure location.

    Summary

After registration finishes, the server is displayed on the Settings > Servers blade in the vault.

Note

The configuration server can be installed via a command line. Learn more.

Common issues

Installation failures

Sample error message Recommended action
ERROR Failed to load Accounts. Error: System.IO.IOException: Unable to read data from the transport connection when installing and registering the CS server. Ensure that TLS 1.0 is enabled on the computer.

Registration failures

Registration failures can be debugged by reviewing the logs in the %ProgramData%\ASRLogs folder.

Sample error message Recommended action
09:20:06:InnerException.Type: SrsRestApiClientLib.AcsException,InnerException.
Message: ACS50008: SAML token is invalid.
Trace ID: 1921ea5b-4723-4be7-8087-a75d3f9e1072
Correlation ID: 62fea7e6-2197-4be4-a2c0-71ceb7aa2d97>
Timestamp: 2016-12-12 14:50:08Z
Ensure that the time on your system clock is not more than 15 minutes off the local time. Rerun the installer to complete the registration.
09:35:27 :DRRegistrationException while trying to get all disaster recovery vault for the selected certificate: : Threw Exception.Type:Microsoft.DisasterRecovery.Registration.DRRegistrationException, Exception.Message: ACS50008: SAML token is invalid.
Trace ID: e5ad1af1-2d39-4970-8eef-096e325c9950
Correlation ID: abe9deb8-3e64-464d-8375-36db9816427a
Timestamp: 2016-05-19 01:35:39Z
Ensure that the time on your system clock is not more than 15 minutes off the local time. Rerun the installer to complete the registration.
06:28:45:Failed to create certificate
06:28:45:Setup cannot proceed. A certificate required to authenticate to Site Recovery cannot be created. Rerun Setup
Ensure you are running setup as a local administrator.

Next steps

Next step involves setting up your target environment in Azure.