Cloud Recovery“Do it yourself” Kit

This tutorial shows you how to set up disaster recovery to Azure for on-premises VMware VM running Windows.

Items included:

1. The cloud is changing business

2. Configure VMware account permissions

6. Set up the configuration server

3. Specify what you want to replicate

5. Download the Site Recovery Unified Setup

4. Set up the source environment

7. Configure automatic discovery

8. Set up the target environment

9. Create a replication policy

10. Enable replication

“Do it yourself” Kit | Cloud Recovery

1. The cloud is changing business

70%

Hosting ApplicationsAdministered ServicesSecurity Services

Hosting Infrastructure

These figures illustrate how the public cloud is changing the IT world and how the service providers are in a single position to capitalize on these

This is a change from previous years. Service providers are taking advantage of this model and are increasingly looking to move away from ("commodity") basic products offerings to go to single value offer.

Of total revenues come from managed services, securityservices and "hosting" applications.

This is the compound annual growth rate (CAGR) of the cloud services market between 2015-2018

Of the small and medium enterpri-ses (SMEs) globally will be using until 2020.

Service providers are responding with cloud-oriented offerings. More and more small and medium-sized businesses are moving to the cloud and are looking for help on this path to the cloud:

11.4%

78%

Of SMEs are considering using at least 1 cloud application in the next 2-3 years.

88%

1. Create a role at the vCenter level. Give the role the name Azure_Site_Recovery.2. Assign the following permissions to the Azure_Site_Recovery role.

3. Create a user on the vCenter server or vSphere host. Assign the role to the user.

“Do it yourself” Kit | Cloud Recovery

2. Configure VMware account permissions

VM discovery

Full replication, failover, failback

Role/Permissions Details

Data Center object –> Propagate to Child Object, role=Read-only At least a read-only user.

User assigned at datacenter level, and has access to all the objects in the datacenter.

To restrict access, assign the No access role with the Propagate to child object, to the child objects (vSphere hosts, datastores, VMs and networks).

User assigned at datacenter level, and has access to all the objects in the datacenter.

To restrict access, assign the No access role with the Propagate to child object, to the child objects (vSphere hosts, datastores, VMs and networks).

Data Center object –> Propagate to Child Object, role=Azure_Site_Reco-very

Datastore -> Allocate space, browse datastore, low-level file operations, remove file, update virtual machine files

Network -> Network assign

Resource -> Assign VM to resource pool, migrate powered off VM, migra-te powered on VM

Tasks -> Create task, update task

Virtual machine -> Configuration

Virtual machine -> Interact -> answer question, device connection, confi-gure CD media, configure floppy media, power off, power on, VMware tools install

Virtual machine -> Inventory -> Create, register, unregister

Virtual machine -> Provisioning -> Allow virtual machine download, allow virtual machine files upload

Virtual machine -> Snapshots -> Remove snapshots

Task

The Mobility service must be installed on each VM you want to replicate. Site Recovery installs this service automatically when you enable replication for the VM. For automatic installation, you need to prepare an account that Site Recovery will use to access the VM.

You can use a domain or local account. For Linux VMs, the account should be root on the source Linux server. For Windows VMs, if you're not using a domain account, disable Remote User Access control on the local machine:

•In the registery, under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, add the DWORD entry LocalAccountTokenFilterPolicy and set the value to 1.

Setting up the source environment consists of downloading the Site Recovery Unified Setup, setting up the configuration server and registe-ring it in the vault, and discovering VMs.

The configuration server is a single on-premises VMware VM to host all of the Site Recovery components. This VM runs the configuration server, process server, and master target server.

• The configuration server coordinates communications between on-premises and Azure, and manages data replication.• The process server acts as a replication gateway. Receives replication data, optimizes it with caching, compression, and encryption, and sends it to Azure storage. The process server also installs the Mobility service on VMs you want to replicate, and performs automatic disco-very of VMs on on-premises VMware servers.• The master target server handles replication data during failback from Azure.

3. Specify what you want to replicate

4. Set up the source environment

“Do it yourself” Kit | Cloud Recovery

The configuration server VM should be a highly available VMware VM that meets the following requirements:

On the configuration server VM, make sure that the system clock is synchronized with a Time Server. Time must be synchronized to within 15 minutes. If the time difference is greater than 15 minutes, setup fails.

Number of CPU cores

RAM

Number of disks

Disk free space (process server cache)

Disk free space (retention disk)

Operating system version

Operating system locale

VMware vSphere PowerCLI version

Windows Server roles

NIC type

IP address type

Ports

8

12 GB

3 - OS disk, process server cache disk, retention drive (for failback)

600 GB

600 GB

Windows Server 2012 R2

English (en-us)

PowerCLI 6.0

Don't enable these roles: Active Directory Domain Services, Internet Infor-

mation Services, Hyper-V

VMXNET3

Static

443 (Control channel orchestration)

9443 (Data transport)

DetailsRequirement

“Do it yourself” Kit | Cloud Recovery

5. Download the Site Recovery Unified Setup

Make sure that the configuration server can access these URLs:

• *.accesscontrol.windows.net. Used for access control and identity management. (ACS based authentication will be deprecated by December 2017)

• https://login.microsoftonline.com Used for access control and identity management using AAD \*.backup.windowsazure.com. Used for replication data transfer and coordination.

• \*.blob.core.windows.net. Used for access to the storage account that stores replicated data.

• \*.hypervrecoverymanager.windowsazure.com. Used for replication management operations and coordination.

• time.nist.gov and time.windows.com. Used to check time synchronization between system and global time.

URLs for Azure Government cloud:

• - .ugv.hypervrecoverymanager.windowsazure.us

• - .ugv.backup.windowsazure.us

• - .ugi.hypervrecoverymanager.windowsazure.us

• - .ugi.backup.windowsazure.us

• - https://login-us.microsoftonline.com

• - https://login.microsoftonline.us

• - https://login.microsoftonline.com

1. Open the Azure portal and click on All resources.

2. Click on the Recovery Service vault named ContosoVMVault.

3. Click Site Recovery > Prepare Infrastructure > Protection goal.

4. Select On-premises for where your machines are located, To Azure for where you want to replicate your machines, and Yes, with

VMware vSphere Hypervisor. Then, click OK.

5. In the Prepare source pane, click +Configuration server.

6. In Add Server, check that Configuration Server appears in Server type.

“Do it yourself” Kit | Cloud Recovery

7. Download the Site Recovery Unified Setup installation file.

8. Download the vault registration key. You need this when you run Unified Setup. The key is valid for five days after you generate it.

“Do it yourself” Kit | Cloud Recovery

6. Set up the configuration server

1. Run the Unified Setup installation file.

2. In Before You Begin, select Install the configuration server and

process server then click Next.

3. In Third Party Software License, click I Accept to download

and install MySQL, then click Next.

4. In Registration, select the registration key you downloaded

from the vault.

5. In Internet Settings, specify how the Provider running on the

configuration server connects to Azure Site Recovery over the

Internet.

• If you want to connect with the proxy that's currently set up on

the machine, select Connect to Azure Site Recovery using a

proxy server.

• If you want the Provider to connect directly, select Connect

directly to Azure Site Recovery without a proxy server.

• If the existing proxy requires authentication, or if you want to

use a custom proxy for the Provider connection, select Connect

with custom proxy settings, and specify the address, port, and

credentials.

“Do it yourself” Kit | Cloud Recovery

6. In Prerequisites Check, Setup runs a check to make sure that installation can run. If a warning appears about the Global time sync check, verify that the time on the system clock (Date and Time settings) is the same as the time zone.

7. In MySQL Configuration, create credentials for logging on to the MySQL server instance that is installed.

8. In Environment Details, select Yes to protect VMware VMs. Setup checks that PowerCLI 6.0 is installed.

9. In Install Location, select where you want to install the binaries and store the cache. The drive you select must have at least 5 GB of disk space available, but we recommend a cache drive with at least 600 GB of free space.

“Do it yourself” Kit | Cloud Recovery

10. In Network Selection, specify the listener (network adapter and SSL port) on which the configuration server sends and receives replication data. Port 9443 is the default port used for sending and receiving replication traffic, but you can modify this port number to suit your environ-ment's requirements. We also open port 443, which is used to orchestrate replication operations. Do not use port 443 for sending or receiving replication traffic.

11. In Summary, review the information and click Install. Setup installs the configuration server and registers with it the Azure Site Recovery service.

When installation finishes, a passphrase is generated. You will need this when you enable replication, so copy it and keep it in a secure location. The server is displayed on the Settings > Servers pane in the vault.

“Do it yourself” Kit | Cloud Recovery

To discover VMs, the configuration server needs to connect to on-premises VMware servers. For the purposes of this tutorial, add the vCenter server, or vSphere hosts, using an account that has administrator privileges on the server.

1. On your configuration server, launch CSPSConfigtool.exe. It is available as a shortcut on the desktop and located in the install location\home\svsys-tems\bin folder.

2. Click Manage Accounts > Add Account.

3. In Account Details, add the account that will be used for automatic disco-very.

To add a server:

1. Open the Azure portal and click on All resources.2. Click on the Recovery Service vault named ContosoVMVault.3. Click Site Recovery > Prepare Infrastructure > Source4. Select +vCenter to connect to a vCenter server or vSphere ESXi host.5. In Add vCenter, specify a friendly name for the server. Then, specify the IP address or FQDN.6. Leave the port set to 443, unless your VMware servers listen for requests on a different port.7. Select the account to use for connecting to the server. Click OK.

Site Recovery connects to VMware servers using the specified settings, and discovers VMs

7. Configure automatic discovery

Note: It can take 15 minutes or more for the account name to appear in the portal. To update immediately, click Configuration Servers > server name > Refresh Server.

“Do it yourself” Kit | Cloud Recovery

Select and verify target resources.

1. Click Prepare infrastructure > Target, and select the Azure subscription you want to use.

2. Specify whether your target deployment model is Resource Manager-based, or classic.

3. Site Recovery checks that you have one or more compatible Azure storage accounts and networks.

8. Set up the target environment

“Do it yourself” Kit | Cloud Recovery

1. Open the Azure portal and click on All resources.

2. Click on the Recovery Service vault named ContosoVMVault.

3. To create a replication policy, click Site Recovery infrastructure > Replication Policies > +Re-plication Policy.

4. In Create replication policy, specify a policy name VMwareRepPolicy.

5. In RPO threshold, use the default of 60 minutes. This value defines how often recovery points are created. An alert is generated if continuous replication exceeds this limit.

6. In Recovery point retention, use the default of 24 hours for how long the retention window is for each recovery point. For this tutorial we select 72 hours. Replicated VMs can be recovered to any point in a window.

7. In App-consistent snapshot frequency, use the default of 60 minutes for the frequency that application-consistent snapshots are created. Click OK to create the policy.

The policy is automatically associated with the configuration server. By default, a matching policy is automatically created for failback. For example, if the replication policy is rep-policy then the failback policy will be rep-policy-failback. This policy isn't used until you initiate a failback from Azure.

9. Create a replication policy

“Do it yourself” Kit | Cloud Recovery

Site Recovery installs the Mobility service when replication is enabled for a VM. It can take 15 minutes or longer for changes to take effect and appear in the portal.

Enable replication as follows:

1. Click Replicate application > Source.

2. In Source, select the configuration server.

3. In Machine type, select Virtual Machines.

4. In vCenter/vSphere Hypervisor, select the vCenter server that manages the vSphere host, or select the host.

5. Select the process server (configuration server). IThen click OK.

6. In Target, select the subscription and the resource group in which you want to create the failed over VMs. Choose the deployment model that you want to use in Azure (classic or resource management), for the failed over VMs.

7. Select the Azure storage account you want to use for replicating data.

8. Select the Azure network and subnet to which Azure VMs will con-nect, when they're created after failover.

9. Select Configure now for selected machines, to apply the network setting to all machines you select for protection. Select Configure later to select the Azure network per machine.

10. In Virtual Machines > Select virtual machines, click and select each machine you want to replicate. You can only select machines for which replication can be enabled. Then click OK.

11. In Properties > Configure properties, select the account that will be used by the process server to automatically install the Mobility service on the machine.

12. In Replication settings > Configure replication settings, verify that the correct replication policy is selected.

13. Click Enable Replication.

You can track progress of the Enable Protection job in Settings > Jobs > Site Recovery Jobs. After the Finalize Protection job runs the machine is ready for failover.

To monitor VMs you add, you can check the last discovered time for VMs in Configuration Servers

Last Contact At. To add VMs without waiting for the scheduled disco-very, highlight the configuration server (don’t click it), and click Refresh.

10. Enable replication

“Do it yourself” Kit | Cloud Recovery