How To: Install & Configure Azure Site Recovery: Part 2

Posted on by Craig

In the previous blog post, I covered an creating virtual networks and Azure vault followed by installing the Configuration Server.  Now we move onto the Master Target Server,

Back over to the Azure portal.  We now need to access Recovery Services > VMFocusVault > Deploy Master Target ServerAzure 15

Give your Master Target Server a name, select the OS, choose the size (I’m rolling with A4) and enter in your credentials. Next select your Configuration Server and give the Master Target Server an IP address.

Azure 16

Time for a cup of tea as it will take a while for the Master Target Server to be created.

Make sure you take note of the external IP address of our Master Target Server as we will need to RDP onto it in order to complete the configuration tasks.

The external IP can be found under Virtual Machines > Select VM > Dashboard Azure 17

Log onto your Master Target Server, the first thing you will see is a PowerShell script being executed, make sure to leave this running.

The Host Agent Config dialogue box will appear after a little while.  Enter in the IP Address of your Configuration Server, Port Number (443) if on the same subnet and the Passphrase.   Finally hit OK.

Azure 18

Rather than waiting for the connection to be established to the Configuration Server which can take sometime.  We can bypass this by clicking on Recovery Services > VMFocusVault > Servers > Refresh

Azure 19

If everything has gone correctly you should see the Master Target Server connected to your Configuration Server.

Azure 20

In the next blog post, we will move onto configuring the on-premises Process Server.

How To: Install & Configure Azure Site Recovery: Part 1

Posted on by Craig

In the previous blog post, I covered an introduction to Azure Site Recovery and the components that make up the solution.  In this post I will cover the initial configuration in the Azure Portal.

If you don’t have one already, I would suggest signing up for an Azure Free Trial, this includes £125 worth of credits.

Once you are logged into the Azure Portal, the first thing we want to do is create out virtual networks.  I’m going to create two:

  • VMFocus_DR_L2 – Layer 2 network extension from on-premises, to keep same IP Address
  • VMFocus_DR_L3 – Layer 3 network, to force VM’s to change IP Address

Select Networks > Create a Virtual Network

Azure 01

Provide a name and select the location for the network

Azure 02

Next enter in your DNS Servers and and VPN details.  I’m not federated against my local domain, nor do I have any domain controllers deployed so for now I will leave this part blank.

Finally complete your address space and subnets then wait for the network to be created.

Azure 03

Next we need to create a vault for recovery services.   The process is straight forward.  Select Recovery Services > Site Recovery Vault > Quick Create > Enter Name & Region

Azure 04

Now that the Site Recovery Vault is created.  We can move onto deploying our Configuration Server.

Select Quick Start and select your Recovery Type.  In this deployment, I will be using VMware to Azure.  Next select Deploy Configuration Server

Azure 05

Enter the required details ensuring that the required Azure Virtual Networks is selected.

Azure 06

As I will be replicating data over the public internet, we need to take note of the external IP address of our Configuration Server.  This can be found on the Virtual Machine status panel.

The next step is to download a registration key.  This is found on the Recovery Services > Select your Vault > Download Registration Key

Azure 07

Log into your Configuration Server and the automatic deployment process will prompt you to start the installation process.  Click Next and Accept the MySQL license terms.

Azure 08

Enter your MySQL credentials and click next.

Azure 09

Select your proxy settings and hit next.  Now we need to install our Configuration Server Key.  Browse to the saved location and select the key.

Azure 10

Click Finish to exit Setup.

This next part is really important, ensure that you capture the passphrase for the Configuration Server.

Azure 12

Onto credentials now.  We need to add an account that has the credentials to install the ‘Mobility Service’ onto virtual machines.   I have created an account called Service.Azure as per the dialog box below.

Azure 13

Always best to ensure that your account displays correctly.

Azure 14

In the next blog post we will move onto deploying the Master Target Server.

Azure Site Recovery: An Introduction

Posted on by Craig

When Microsoft released Azure Site Recovery, I have to say it caught my attention since it claimed to be a single solution which can orchestrate, and automate the protection, and recovery of on-premises physical servers and virtual machines based on Hyper-V or VMware with replication, failover and failback to Azure.

Azure Site Recovery v0.1

Components of Azure Site Recovery

  • On-Premises Process Server – This receives replication data from the Mobility Service (in-guest agent)  using disk based cache.  It is used to compress and encrypt data on-premises before sending it over internet/VPN/Express Route to the Master Target server in Azure
  • On-Premises Mobility Service – This can be pushed out automatically by the Process Server or performed manually.  Essentially it is an IO splitter that takes a write to disk, holds it in memory and sends it across to the Process Server
  • Azure Configuration Server – This is the brains, it co-ordinates communication between all components both on-premises and in Azure.  Each Configuration Server can support up to 100 source virtual machines.
  • Azure Master Target – Receives incoming replication traffic from the on-premises Process Server. Each protected VM is added as a VHD using ‘blob’ storage.
  • Replication – Azure Site Recovery uses streaming ‘a synch’ replication.  It’s worth noting that maximum throughput is 80Mbps when using Site to Site VPN or any form of normal internet connection.
  • Licensing – Is per protected VM

The diagram below shows the relationship between all the components.

Azure Site Recovery Components v0.1

What Are The Gotcha’s?

The gotcha’s I’m aware of at the moment are as follows:

  • Currently you are unable to perform test failovers.  The work round is to create ‘test VM’s’ failover to Azure and then destroy them.
  • You are unable to seed data into or out of Azure Site Recovery.  Thought needs to be how long it will take to protect virtual machines and failback to on-premises
  • Protected VM’s are limited to those supported in Azure
  • Protected VM’s can only migrate within their series type e.g. A1 to A4, but they cannot move into D series.

I’m sure Microsoft are working on these and will provide updates in the near future.

In my next blog post, I will start configuring Azure Site Recovery Manager with on-premises VMware virtual machines.

External Platform Services Controller, The New Standard?

Posted on by Craig

vCentre 5.5 EmbeddedIn vSphere 5.x versions, the most common deployment topology was a vCenter with all the components installed on the same virtual machine.  The design choices for using a single virtual machine with all services running on them included:

  • Simplicity of management
  • Backup and restore, with only a single virtual machine to protect
  • Reduction of overall license costs for guest operating system
  • Requires less compute resources to run
  • Reduced complexity of HA rules (External SSO start first then vCenter)
  • Single virtual machine to secure and harden

Depending on the size of the environment, you might see one or many vCenter’s with embedded services.  External services such as SRM, vROPs, Horizon View would then hook into the vCenter.

From an architectural standpoint, you knew that deploying a vCenter with embedded services you would cover most if not all future third party deployment scenarios e.g. add on SRM you are covered.

With vSphere 6, this has all changed and I would question if deploying a vCenter with an embedded Platform Services Controller is the right way to go.

Deprecated Topology

VMware KB2108548 shows that a single vCenter with an embedded Platform Services Controller is a supported topology.

Single vCenter

Excellent, you might say. But what if I want to add third party services such as SRM in the future?  Well the answer to that is you won’t be supported in the future using this topology.

Deprecated Topology

This means that you would need to change the architecture from what was originally deployed to the below to be in a supported configuration.

Supported Topology

Changing vCenter 6 into a supported architecture isn’t straight forward.  The main gotcha that I’m aware of is that you are unable to change a vCenter using an embedded Platform Services Controller to an external Platform Services Controller.  The only way that I’m aware of is to upgrade to vCenter 6.0 U1 and follow VMware KB2113917.

The impact of the following points also needs to be considered when changing from an embedded to external Platform Services Controller:

  • SSL Certificates
  • Third Party Plugins
  • Third Party Applications such as vROPs
  • Backup & Restore
  • Change Control
  • Security and Permissions

Final Thought

vCenter with an embedded Platform Services Controller are applicable to small environments in which you have a static topology with no requirement for enhanced linked mode or integration with external products.  Consider the upgrade path from an embedded Platform Services Controller to an external Platform Services Controller.

In any environment where their is a possibility that you will need to integrate vCenter with a third party piece of software such as SRM or vRA or if you require Enhanced Linked Mode then start your architecture with an external Platform Services Controller.

Upgrading vSphere 5.5 ‘Simple Install’ with SRM and Linked Mode to vSphere 6

Posted on by Craig

A fairly common deployment topology with vSphere 5.5 was to use the ‘Simple Install’ method which placed all the individual vCenter components onto a virtual or physical vCenter Server.

This would then hook into an external virtual or physical SRM server.  With Linked Mode used for ease of management.

An example vSphere 5.5 topology is shown below.vSphere 5.5 Simple Install

As well as the normal considerations with vSphere upgrades around:

  • Hardware compatibility and firmware versions
  • Component interoperability
  • Database compatibility
  • vCenter Plugins
  • VM Hardware & Tools
  • Backup interoperability
  • Storage interoperability

We now have to consider the Platform Services Controller.

Platform Services Controller

The Platform Services Controller is a group of infrastructure services containing vCenter Single Sign-On, License Service, Lookup Service and VMware Certificate Authority.

vCenter SSO Provides secure authentication services between components using secure token exchange.  Rather than relying on a third party such as Active Directory.

vSphere License Provides a common license inventory and management capabilities

VMware Certificate Authority Provides signed certificates for each component.

The issue arises with vCenter SSO component, as most people would have opted for vSphere 5.5 ‘Simple Install’.  This means you end up with an embedded Platform Services Controller, see ‘How vCenter Single Sign-On Affects Upgrades

The embedded Platform Services Controller topology has been deprecated by VMware, see ‘List of Recommended Topologies for VMware vSphere 6.0.x‘.  This is also confirmed in VMware Site Recovery Manager 6.1 documentation under ‘Site Recovery Manager in a Two-Site Topology with One vCenter Instance per Platform Services Controller

What Does This Mean?

Due to the architectural changes between vSphere 5.5 and 6.  You cannot perform an in-place upgrade from vSphere 5.5 to vSphere 6 if you originally selected ‘Simple Install’ as you will end up with an deprecated topology.

The only choice will be a new vCenter 6 using the topology shown below.

vSphere 6 PSC with SRM

This also means you will need to deploy an extra two virtual machines to support this configuration.