Azure Site Recovery, Between an on-premises with Enhanced VMWare to Azure

As I´m big fan of ASR I definitely wanted to test ASR Enhanced version of VMware to Azure. I will show you the steps which you need to do to get it up and running.
This post include also vCenter configuration steps.
Just a short reminder of some possibilities what you can do with ASR:
Migration (for example migrate VMs to Azure)
Disaster Recovery (DR to Azure or another datacenter)
Dev/test (for example test production env on Azure with isolated network)

Few words regarding the Enhanced ASR and how the replication works.
Forward replication to Azure goes through the Internet or Express Route with public peering. Failback to on-prem goes via VPN/expressRoute.

In this first blog post I will configure basic settings to get this up and running and second post will contain needed steps for failback.

Starting point was the following
– Site-to-Site VPN already exist
– ESXi and vCenter VM has basic configurations and ASR01 (demo VM) and ASRMGMT01 (management server (workgroup)) was up and running on ESXi server.
ASREnh01

First, create Vault from Management Portal:
ASREnh02

Next we need to configure correct rights to vCenter.
The process server can automatically discover VMware VMs that are managed by a vCenter server. For automatic discovery Site Recovery needs an account and credentials that can access the vCenter server. If you are only migrating or failover to Azure you can refer needed rights from MS documentation.

First, create default user to your on-prem AD. In this example we created user vCenterASR@nwtraders.local.

Login to vCenter Server and Open a vSphere Web Client connection to the vCenter Server (https://localhost:9443/vsphere-client/)
ASREnh07

Navigate Home > Administration > Roles > Create Role Action
ASREnh08

Create Azure_Site_Recovery role with following settings:
Datastore:
Allocate space, Browse datastore, Low level file operations., Remove file,
Update virtualmachine files
Network:
Network assign
Resource:
Assign virtual machine to resource pool, Migrate powered off virtual machine,
Migrate powered on virtual machine
Tasks:
Create task, update task
Virtual machine:
Configuration
Virtual machine, Interact:
Answer question , Device connection, Configure CD media, Configure floppy media, Power off, Power on, VMware tools install
Virtual machine, Inventory:
Create, Register, Unregister
– Virtual machine, Provisioning:
Allow virtual machine download, Allow virtual machine files upload
Virtual machine, Snapshots:
Remove Snapshots
ASREnh09

Next we need to Assign Azure_Site_Recovery Privileges to earlier created domain user (in our example vCenterASR@nwtraders.local).

As a recommendation you should use group instead of single user Account.

At the vCenter entity level, click the Manage tab and select Permissions
-> Click Add Permission
ASREnh10

Select Azure_Site_recovery from the Assigned Role drop-down menu and select “Propagate to children”. Then click add…
ASREnh11

Search earlier created user and select it, click Add -> Ok -> Ok
ASREnh12
ASREnh13ASREnh14

Now we have all needed rights on vCenter and we can move to Management server.

Please note that there are some prerequisites on the management server which must be configured before installation. You can refer to the before you start deployment section in the online documentation.

After prerequisites we can install needed software’s to Management server.
Download and install VMware vSphere PowerCLI 6.0. from vmware site.
ASREnh03
ASREnh04
ASREnh05
ASREnh06
And restart server

Download on-prem components and vault registration key from Azure
ASREnh15

Start on-prem component installation on Management Server

ASREnh16
Install Configuration and Process Server
ASREnh17

Accept
ASREnh18

Select connection
ASREnh19
ASREnh20

ASREnh21
Yes (as we want to protect VMware VMs)
ASREnh22
ASREnh23

ASREnh24
Browse earlier downloaded key
ASREnh25
ASREnh26

After installation is done, reboot your server, but first save the passphrase
ASREnh27
ASREnh53

Next we need to add earlier created vCenter account to Management server.
Please note that your account details is NOT synchronized to azure.
Only friendly name.

Start cspsconfigtool on Management server
([INSTALL LOCATION]\home\svsystems\bin folder)
ASREnh29
Add earlier created domain account and click ok
ASREnh30
ASREnh31
ASREnh32

Management server is now done. Next move to Azure Management portal.
Note that it could take more than 15 minutes for the account name to appear in the portal. To update immediately, click Refresh on the Configuration Servers tab.
ASREnh33

Next we need to add vCenter server
ASREnh34

After discovery is complete the vCenter server will be listed in the Configuration Servers tab.
ASREnh35

Before we can create protection group we need to install the Mobility service on protected VMs. In our case I wanted to ASR automatically install client.

Create an account that can be used by the process server to access the machine. The account should have administrator privileges (local or domain). Note that these credentials are only used for push installation of the Mobility service.
In our example we are going to use domain account “mobilityinst@nwtraders.local” which has local admin rights to protected VMs.

Allow following Rules from VMs which you want to protect.
File and Printer Sharing and Windows Management Instrumentation.

On management server Add the account you which you will use for install Mobility Service. (Open cspsconfigtool. It’s available as a shortcut on the desktop and located in the [INSTALL LOCATION]\home\svsystems\bin folder)
ASREnh36
ASREnh37
ASREnh38

and now we can create Protection Group:
ASREnh39
ASREnh40
ASREnh41
ASREnh42

And last we need to add VMs which we want to protect to group
ASREnh43
Select VM(s) which you want to protect
ASREnh44
Select Process Server and Storage Account
ASREnh45
Specify the account which we created to be used for Mobility service installation
ASREnh46

Now you need to wait until VM(s) are protected
ASREnh47

After VM(s) are protected you can configure networks which are used after failover to Azure. Configuration is done inside of Protection group:
ASREnh54

At last we need to create recovery plan

ASREnh48ASREnh50
Select VM(s)
ASREnh51
ASREnh52

And you are done. In next blog post I will show the steps for Failover to Azure and failback to on-prem. Post can be found from HERE.

One thought on “Azure Site Recovery, Between an on-premises with Enhanced VMWare to Azure

Leave a Reply

Your email address will not be published. Required fields are marked *