Enabling Hyper-V to Azure DR Replication
In this article, I’ll show you step-by-step instructions for enabling Azure Site Recovery (ASR) replication of Hyper-V virtual machines to Azure so you can have DR-as-a-Service (DRaaS) or a disaster recovery (DR) site in the cloud.
Azure Site Recovery Pre-Requisites
Before proceeding, check the Azure Site Recovery prerequisites that include the following:
- Planning: Determine which services will have a DR presence in Azure and which of those will be replicated using ASR.
- Administrative rights: Install an agent on each Hyper-V host, where you’ve enabled local administrative rights on the management OS of each host.
- GRS storage account: Deploy a geo-redundant storage account in the Azure region that you are using as your DR site in the cloud.
- Virtual network: Create a virtual network that will be used to network your virtual machines during a real failover. You might need to create a gateway if some services require site-to-site private networking via VPN or ExpressRoute. It’s also a good idea to create a private virtual network that’s used to connect virtual machines during a test failover in an isolated sandbox. See my article on Microsoft Azure Disaster Recovery Replication Methods for more on this topic.
Site Recovery Vault
The first item to create in Azure is a Site Recovery Vault. In the old Azure management portal, click New > Data Services > Recovery Services > Site Recovery Vault, enter the name of the vault and select the region of your choice.
Browse into the Site Recovery Vault after it is created and navigate to Servers > Hyper-V Sites. Click Create Hyper-V Site. This creates a logical unit that all of your hosts will reside in.
Passwords Haven’t Disappeared Yet
123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?
Navigate to the Quick Start guide of your vault, which is indicated by a little cloud with a lightning bolt to the left of Dashboard, making sure the drop-down box is set to Between An On-Premises Hyper-V Site And Azure, and click Download A Registration Key. You will be prompted to download a file after a few seconds. Save this file somewhere secure because the file contains a set of credentials that allows a server to create an initial connection to your ASR vault and Hyper-V Site. Note that you can reuse this file on multiple hosts for up to five days.
Download the Provider
In the Quick Start guide, click Download The Provider. The provider is the agent that you will be installing on each host that you will replicate agents from.
Install the Provider
Log into each host that runs virtual machines that you want to replicate to Azure and run the setup program for the ASR provider. In the case of a Hyper-V cluster, you will install the provider on every host. Click Continue to start the host registration process.
Register the Host
After setting up the provider you will register each host. The first screen allows you to configure how the host communicates with the Internet. The options are:
- Connect with any proxy settings that are already configured
- Do not use a proxy
- Enter custom proxy settings
The Vault Settings screen is where you will provide the registration key file to connect the host to the Hyper-V Site in ASR. Click Browse and navigate and select the registration key file that you previously downloaded. The wizard will verify that the connection details are valid and present them for you to review, as shown below.
Note that if you are registering and unregistering the host frequently, then you might get an error saying “The DRA Server Is Already Registered.” This is because a registry key has not been cleaned up during the previous uninstall. Uninstall Microsoft Azure Recovery Services Agent and Microsoft Azure Site Recovery Provider from the host, delete the entire Azure Site Recovery key from HKLM\SOFTWARE\Microsoft, and then reinstall the provider again.
The wizard will finish. A part of this process will create and import a certificate that will be used by the host to securely authenticate with ASR and encrypt Hyper-V Replica traffic.
You can verify the registration by returning to the Azure management portal, browsing into your ASR vault, and then navigating to Servers > Hyper-V Sites. You should see a registration for your server, in your new Hyper-V Site with a status of Connected.
A protection group does a few things:
- Replication policy: Details such as replication interval, retention, and more must be configured.
- Link to Hyper-V site: The policy is associated with a Hyper-V site. This is an N:1 association, where a site might have several policies and some machines might have different policies to others.
- Link to storage account: Any virtual machines that are affected by this policy will be stored in a selected Azure storage account.
Browse to Protected Items > Protection Groups and click Create Protection Group. In the first screen of the wizard, enter a name for the protection group, select the Hyper-V Site that you created, and then confirm the Azure subscription and storage account that you want to use.
The second screen in the wizard is where you configure the replication policy. These settings include:
- Copy Frequency: Choose from every 30 seconds, 5 minutes or 15 minutes. Select a time frame that doesn’t put too much pressure to replicate the upper amount of expected change over a latent connection.
- Retain Recovery Points: HVR allows you to retain 24-hourly versions of your virtual machine. You can choose one of these checkpoints during failover to travel back in time to avoid any corruption that might have occurred.
- Frequency of Application Snapshots: You might elect to create periodic VSS snapshots to keep VSS-compatible applications in a consistent state. Note that this does place a small amount of pressure on the production guest workloads.
- Initial Replication Start Time: You can delay the initial copy of a virtual machine over the Internet by up to 24 hours. The list box offers options for every half hour in a 24-hour period; this is where you can avoid trashing an SME’s lone Internet connection during work hours with initial replication traffic.
When you finish this wizard, you will be at the point where you can start to configure per-virtual machine replication to Azure. You can find instructions for this in a post that’s coming soon.