As I´m big fan of ASR I definitely wanted to test ASR Enhanced version of VMware to Azure. I will show you the steps which you need to do to get it up and running.
This post include also vCenter configuration steps.
Just a short reminder of some possibilities what you can do with ASR:
Migration (for example migrate VMs to Azure)
Disaster Recovery (DR to Azure or another datacenter)
Dev/test (for example test production env on Azure with isolated network)
Few words regarding the Enhanced ASR and how the replication works.
Forward replication to Azure goes through the Internet or Express Route with public peering. Failback to on-prem goes via VPN/expressRoute.
In this first blog post I will configure basic settings to get this up and running and second post will contain needed steps for failback.
Starting point was the following
– Site-to-Site VPN already exist
– ESXi and vCenter VM has basic configurations and ASR01 (demo VM) and ASRMGMT01 (management server (workgroup)) was up and running on ESXi server.
Next we need to configure correct rights to vCenter.
The process server can automatically discover VMware VMs that are managed by a vCenter server. For automatic discovery Site Recovery needs an account and credentials that can access the vCenter server. If you are only migrating or failover to Azure you can refer needed rights from MS documentation.
First, create default user to your on-prem AD. In this example we created user vCenterASR@nwtraders.local.
Login to vCenter Server and Open a vSphere Web Client connection to the vCenter Server (https://localhost:9443/vsphere-client/)
Create Azure_Site_Recovery role with following settings:
Allocate space, Browse datastore, Low level file operations., Remove file,
Update virtualmachine files
Assign virtual machine to resource pool, Migrate powered off virtual machine,
Migrate powered on virtual machine
Create task, update task
Virtual machine, Interact:
Answer question , Device connection, Configure CD media, Configure floppy media, Power off, Power on, VMware tools install
Virtual machine, Inventory:
Create, Register, Unregister
– Virtual machine, Provisioning:
Allow virtual machine download, Allow virtual machine files upload
Virtual machine, Snapshots:
Next we need to Assign Azure_Site_Recovery Privileges to earlier created domain user (in our example vCenterASR@nwtraders.local).
As a recommendation you should use group instead of single user Account.
Now we have all needed rights on vCenter and we can move to Management server.
Please note that there are some prerequisites on the management server which must be configured before installation. You can refer to the before you start deployment section in the online documentation.
After prerequisites we can install needed software’s to Management server.
Download and install VMware vSphere PowerCLI 6.0. from vmware site.
And restart server
Next we need to add earlier created vCenter account to Management server.
Please note that your account details is NOT synchronized to azure.
Only friendly name.
Management server is now done. Next move to Azure Management portal.
Note that it could take more than 15 minutes for the account name to appear in the portal. To update immediately, click Refresh on the Configuration Servers tab.
Before we can create protection group we need to install the Mobility service on protected VMs. In our case I wanted to ASR automatically install client.
Create an account that can be used by the process server to access the machine. The account should have administrator privileges (local or domain). Note that these credentials are only used for push installation of the Mobility service.
In our example we are going to use domain account “email@example.com” which has local admin rights to protected VMs.
Allow following Rules from VMs which you want to protect.
File and Printer Sharing and Windows Management Instrumentation.
On management server Add the account you which you will use for install Mobility Service.(Open cspsconfigtool. It’s available as a shortcut on the desktop and located in the [INSTALL LOCATION]\home\svsystems\bin folder)
And last we need to add VMs which we want to protect to group
Select VM(s) which you want to protect
Select Process Server and Storage Account
Specify the account which we created to be used for Mobility service installation
And you are done. In next blog post I will show the steps for Failover to Azure and failback to on-prem. Post can be found from HERE.