Microsoft Azure Architect Technologies Step by step Protecting Hyper-V VMs by using Azure Site Recovery (part 4 of 6)

Student lab manual

Lab scenario

While Adatum Corporation has, over the years, implemented a number of high availability provisions for their on-premises workloads, its disaster recovery capabilities are still insufficient to address the Recovery Point Objectives (RPOs) and Recovery Time Objectives (RTOs) demanded by its business. Maintaining the existing secondary on-premises site requires an extensive effort and incurs significant costs. The failover and failback procedures are, for the most part, manual and are poorly documented.

To address these shortcomings, the Adatum Enterprise Architecture team decided to explore capabilities of Azure Site Recovery, with Azure taking on the role of the hoster of the secondary site. Azure Site Recovery automatically and continuously replicates workloads running on physical and virtual machines from the primary to the secondary site. Site Recovery uses storage-based replication mechanism, without intercepting application data. With Azure as the secondary site, data is stored in Azure Storage, with built-in resilience and low cost. The target Azure VMs are hydrated following a failover by using the replicated data. The Recovery Time Objectives (RTO) and Recovery Point objectives are minimized since Site Recovery provides continuous replication for VMware VMs and replication frequency as low as 30 seconds for Hyper-V VMs. In addition, Azure Site Recovery also handles orchestration of failover and failback processes, which, to large extent, can be automated. It is also possible to use Azure Site Recovery for migrations to Azure, although the recommended approach relies on Azure Migrate instead.

The Adatum Enterprise Architecture team wants to evaluate the use of Azure Site Recovery for protecting on-premises Hyper-V virtual machines to Azure VM.

Objectives

After completing this lab, you will be able to:

  • Configure Azure Site Recovery
  • Perform test failover
  • Perform planned failover
  • Perform unplanned failover

Lab Environment

Windows Server admin credentials

  • User Name: Student
  • Password: Pa55w.rd1234

Estimated Time: 120 minutes

Exercise 0: Prepare the lab environment

The main tasks for this exercise are as follows:

  1. Deploy an Azure VM by using an Azure Resource Manager QuickStart template
  2. Configure nested virtualization in the Azure VM

Task 1: Deploy an Azure VM by using an Azure Resource Manager QuickStart template

  1. From your lab computer, start a web browser, navigate to the Azure portal, and sign in by providing credentials of a user account with the Owner role in the subscription you will be using in this lab.
  2. In the Azure portal, open Cloud Shell pane by selecting on the toolbar icon directly to the right of the search textbox.
  3. If prompted to select either Bash or PowerShell, select PowerShell.

Note: If this is the first time you are starting Cloud Shell and you are presented with the You have no storage mounted message, select the subscription you are using in this lab, and select Create storage.

  1. In the toolbar of the Cloud Shell pane, select the Upload/Download files icon, in the drop-down menu select Upload, and upload the file \\AZ303\AllFiles\Labs\12\azuredeploy30312suba.json into the Cloud Shell home directory.
  1. From the Cloud Shell pane, run the following to create a resource groups (replace the <Azure region> placeholder with the name of the Azure region that is available for deployment of Azure VMs in your subscription and which is closest to the location of your lab computer):
$location = ‘<Azure region>’
New-AzSubscriptionDeployment `
  -Location $location `
  -Name az30312subaDeployment `
  -TemplateFile $HOME/azuredeploy30312suba.json `
  -rgLocation $location `
  -rgName ‘az30312a-labRG’

Note: To identify Azure regions where you can provision Azure VMs, refer to https://azure.microsoft.com/en-us/regions/offers/

  1. In the Azure portal, close the Cloud Shell pane.
  2. From your lab computer, open another browser tab, navigate to the 301-nested-vms-in-virtual-network Azure QuickStart template and select Deploy to Azure (you find the button Deploy to Azure in the README.md file after the list of the resources created by the template) . This will automatically redirect the browser to the Hyper-V Host Virtual Machine with nested VMs blade in the Azure portal.
https://github.com/az140mp/azure-quickstart-templates/tree/master/demos/nested-vms-in-virtual-network
  1. On the Hyper-V Host Virtual Machine with nested VMs blade in the Azure portal, specify the following settings (leave others with their default values):
  2. On the Hyper-V Host Virtual Machine with nested VMs blade, select Review + create and then select Create.
SettingValue
Subscriptionthe name of the Azure subscription you are using in this lab
Resource groupaz30312a-labRG
Virtual Network Nameaz30312a-hv-vnet
Host Network Interface1Nameaz30312a-hv-vm-nic1
Host Network Interface2Nameaz30312a-hv-vm-nic2
Host Virtual Machine Nameaz30312a-hv-vm
Host Admin UsernameStudent
Host Admin PasswordPa55w.rd1234

Note: Wait for the deployment to complete. The deployment might take about 10 minutes.

Task 2: Deploy Azure Bastion

Note: Azure Bastion allows for connection to the Azure VMs without public endpoints which you deployed in the previous task of this exercise, while providing protection against brute force exploits that target operating system level credentials.

  1. In the browser window displaying the Azure portal, open another tab and, in the browser tab, navigate to the Azure portal.
  2. In the Azure portal, open Cloud Shell pane by selecting on the toolbar icon directly to the right of the search textbox.
  3. From the PowerShell session in the Cloud Shell pane, run the following to add a subnet named AzureBastionSubnet to the virtual network named az30312a-hv-vnet you created earlier in this exercise:
$resourceGroupName = ‘az30312a-labRG’
$vnet = Get-AzVirtualNetwork -ResourceGroupName
$resourceGroupName -Name ‘az30312a-hv-vnet’
$subnetConfig = Add-AzVirtualNetworkSubnetConfig `
  -Name ‘AzureBastionSubnet’ `
  -AddressPrefix 10.0.7.0/24 `
  -VirtualNetwork $vnet $vnet | Set-AzVirtualNetwork
  1. Close the Cloud Shell pane.
  2. In the Azure portal, search for and select Bastions and, from the Bastions blade, select + Create.
  3. On the Basic tab of the Create a Bastion blade, specify the following settings and select Review + create:
  4. On the Review + create tab of the Create a Bastion blade, select Create:

Note: Wait for the deployment to complete before you proceed to the next task. The deployment might take about 5 minutes.

Task 3: Configure nested virtualization in the Azure VM

  1. In the Azure portal, search for and select Virtual machines and, on the Virtual machines blade, select az30312a-hv-vm.
SettingValue
Subscriptionthe name of the Azure subscription you are using in this lab
Resource groupaz30312a-labRG
Nameaz30312a-bastion
Regionthe same Azure region to which you deployed the resources in the previous tasks of this exercise
TierBasic
Virtual networkaz30312a-hv-vnet
SubnetAzureBastionSubnet (10.0.7.0/24)
Public IP addressCreate new
Public IP nameaz30312a-hv-vnet-ip
  1. On the az30312a-hv-vm blade, select Connect, in the drop-down menu, select Bastion, on the Bastion tab of the az30312a-hv-vm | Connect blade, select Use Bastion.
  2. When prompted, provde the following credentials and select Connect:
SettingValue
User NameStudent
PasswordPa55w.rd1234
  1. Within the Remote Desktop session to az30312a-hv-vm, in the Server Manager window, click Local Server, click the On link next to the IE Enhanced Security Configuration label, and, in the IE Enhanced Security Configuration dialog box, select both Off options.
  2. Within the Remote Desktop session to az30312a-hv-vm, start Internet Explorer, navigate to the download page of Microsoft Edge, download Microsoft Edge installer and perform the installation.
  3. Within the Remote Desktop session to az30312a-hv-vm, use Microsoft Edge to browse to Windows Server Evaluations, and download the Windows Server 2019 VHD file to the F:\VHDs folder (you will need to create it first).
  4. Within the Remote Desktop session to az30312a-hv-vm, start Hyper-V Manager.
  5. In the Hyper-V Manager console, select the az30312a-hv-vm node, select New and, in the cascading menu, select Virtual Machine. This will start the New Virtual Machine Wizard.
  6. On the Before You Begin page of the New Virtual Machine Wizard, select Next >.
  1. On the Specify Name and Location page of the New Virtual Machine Wizard, specify the following settings and select Next >:
SettingValue
Nameaz30312a-vm1
Store the virtual machine in a different locationselected
LocationF:\VMs
  1. Note: Make sure to create the F:\VMs folder.
  2. On the Specify Generation page of the New Virtual Machine Wizard, ensure that the Generation 1 option is selected and select Next >:
  3. On the Assign Memory page of the New Virtual Machine Wizard, set Startup memory to 2048 and select Next >.
  1. On the Configure Networking page of the New Virtual Machine Wizard, in the Connection drop-down list select NestedSwitch and select Next >.
  2. On the Connect Virtual Hard Disk page of the New Virtual Machine Wizard, select the option Use an existing virtual hard disk, set location to the VHD file you downloaded to the F:\VHDs folder, and select Next >.
  3. On the Summary page of the New Virtual Machine Wizard, select Finish.
  4. In the Hyper-V Manager console, select the newly created virtual machine and select Start.
  1. In the Hyper-V Manager console, verify that the virtual machine is running and select Connect.
  2. In the Virtual Machine Connection window to az30312a-vm1, on the Hi there page, select Next.
  3. In the Virtual Machine Connection window to az30312a-vm1, on the License terms page, select Accept.
  4. In the Virtual Machine Connection window to az30312a-vm1, on the Customize settings page, set the password of the built-in Administrator account to Pa55w.rd1234 and select Finish.
  5. In the Virtual Machine Connection window to az30312a-vm1, sign in by using the newly set password.
  6. In the Virtual Machine Connection window to az30312a-vm1, start Windows PowerShell and, in the Administrator: Windows PowerShell window run the following to set the computer name.
Rename-Computer -NewName ‘az30312a-vm1’ -Restart

Exercise 1: Create and configure an Azure Site Recovery vault

The main tasks for this exercise are as follows:

  1. Create an Azure Site Recovery vault
  2. Configure the Azure Site Recovery vault

Task 1: Create an Azure Site Recovery vault

  1. Within the Remote Desktop session to az30312a-hv-vm, start Microsoft Edge, navigate to the Azure portal, and sign in by providing credentials of a user account with the Owner role in the subscription you will be using in this lab.
  2. In the Azure portal, search for and select Recovery Services vaults and, on the Recovery Services vaults blade, select + New.
  3. On the Basics tab of the Create Recovery Services vault blade, specify the following settings (leave others with their default values) and select Review + create:
SettingValue
Subscriptionthe name of the Azure subscription you are using in this lab
Resource groupthe name of a new resource group az30312b-labRG
Vault nameaz30312b-rsvault
Locationthe name of the Azure region different from the one into which you deployed the virtual machine earlier in this lab
  1. On the Review + create tab of the Create Recovery Services vault blade, select Create:

Note: By default, the default configuration for Storage Replication type is set to Geo-redundant (GRS) and Soft Delete is enabled. You will change these settings in the lab to simplify deprovisioning, but you should use them in your production environments.

Task 2: Configure the Azure Site Recovery vault

  1. In the Azure portal, search for and select Recovery Services vaults and, on the Recovery Services vaults blade, select az30312b-rsvault.
  2. On the az30312b-rsvault blade, select Properties.
  3. On the az30312b-rsvault | Properties blade, select the Update link under the Backup Configuration label.
  4. On the Backup Configuration blade, set Storage replication type to Locally-redundant, select Save and close the Backup Configuration blade.

Note: Storage replication type cannot be changed once you start protecting items.

  1. On the az30312b-rsvault | Properties blade, select the Update link under the Security Settings label.
  2. On the Security Settings blade, set Soft Delete to Disable, select Save and close the Security Settings blade.

Exercise 2: Implement Hyper-V protection by using Azure Site Recovery vault

The main tasks for this exercise are as follows:

  1. Implement the target Azure environment
  2. Implement protection of a Hyper-V virtual machine
  3. Perform a failover of the Hyper-V virtual machine
  4. Remove Azure resources deployed in the lab

Task 1: Implement the target Azure environment

  1. In the Azure portal, search for and select Virtual networks and, on the Virtual networks blade, select + New.
  2. On the Basics tab of the Create virtual network blade, specify the following settings (leave others with their default values) and select Next: IP Addresses:
SettingValue
Subscriptionthe name of the Azure subscription you are using in this lab
Resource groupthe name of a new resource group az30312c-labRG
Nameaz30312c-dr-vnet
Regionthe name of the Azure region into which you deployed the Recovery Services vault in the previous exercise of this lab
  1. On the IP addresses tab of the Create virtual network blade, in the IPv4 address space text box, type 10.7.0.0/16 and select + Add subnet.
  2. On the Add subnet blade, specify the following settings (leave others with their default values) and select Add:
SettingValue
Subnet namesubnet0
Subnet address range10.7.0.0/24
  1. Back on the IP addresses tab of the Create virtual network blade, select Review + create.
  2. On the Review + create tab of the Create virtual network blade, select Create.
  3. In the Azure portal, search for and select Virtual networks and, on the Virtual networks blade, select + New.
  4. On the Basics tab of the Create virtual network blade, specify the following settings (leave others with their default values) and select Next: IP Addresses:
SettingValue
Subscriptionthe name of the Azure subscription you are using in this lab
Resource groupaz30312c-labRG
Nameaz30312c-test-vnet
Regionthe name of the Azure region into which you deployed the Recovery Services vault in the previous exercise of this lab
  1. On the IP addresses tab of the Create virtual network blade, in the IPv4 address space text box, type 10.7.0.0/16 and select + Add subnet.
  2. On the Add subnet blade, specify the following settings (leave others with their default values) and select Add:
SettingValue
Subnet namesubnet0
Subnet address range10.7.0.0/24
  1. Back on the IP addresses tab of the Create virtual network blade, select Review + create.
  2. On the Review + create tab of the Create virtual network blade, select Create.
  3. In the Azure portal, search for and select Storage accounts and, on the Storage accounts blade, select + New.
  4. On the Basics tab of the Create storage account blade, specify the following settings (leave others with their default values):
  5. On the Basics tab of the Create storage account blade, select Review + create.
SettingValue
Subscriptionthe name of the Azure subscription you are using in this lab
Resource groupaz30312c-labRG
Storage account nameany globally unique name between 3 and 24 in length consisting of letters and digits
Locationthe name of the Azure region in which you created the virtual network earlier in this task
PerformanceStandard: Recommended for most scenarios (general-purpose v2)
RedundancyLocally redundant storage (LRS)
  1. On the Review + create tab of the Create storage account blade, select Create.

Task 2: Implement protection of a Hyper-V virtual machine

  1. Within the Remote Desktop session to az30312a-hv-vm, in the Azure portal, on the az30312b-rsvault blade, in the Site Recoverysection, select Getting started.
  2. On the az30312b-rsvault | Site Recovery blade, in the Hyper-V machines to Azure section, select 1. Prepare infrastructure.
  3. On the Deployment planning tab of the Prepare infrastructure blade, in the Deployment planning completed? drop-down list, select Yes, I have done it and select Next.
  4. On the Source settings tab of the Prepare infrastructure blade, next to the Are you Using System Center VMM to manage Hyper-V hosts label, select the No option.
  5. On the Source settings tab of the Prepare infrastructure blade, select the Add Hyper-V site link, on the Create Hyper-V Site blade, in the Name text box, type az30312b Hyper-V site and select OK:
  6. On the Source settings tab of the Prepare infrastructure blade, select the Add Hyper-V server link.
  7. On the Add Server blade, select the Download link in step 3 of the procedure for adding on-premises Hyper-V hosts in order to download the Microsoft Azure Site Recovery Provider.
  8. When the download completes, select Open file then select Run to launch AzureSiteRecoveryProvider.exe. This will start the Azure Site Recovery Provider Setup (Hyper-V server) wizard.
  9. On the Microsoft Update page, select Off and select Next.
  10. On the Provider installation page, select Install.
  11. Switch to the Azure portal and, on the Add Server blade, select the Download button in step 4 of the procedure for registering on-premises Hyper-V hosts in order to download the vault registration key. If prompted, select Save to save the vault credentials file in the Downloads folder.
  12. Switch to the Provider installation wizard window and select Register. This will start the Microsoft Azure Site Recovery Registration Wizard.
  13. On the Vault Settings page of the Microsoft Azure Site Recovery Registration Wizard, select Browse, in the Open window, navigate to the Downloads folder, select the vault credentials file, and select Open.
  14. Back on the Vault Settings page of the Microsoft Azure Site Recovery Registration Wizard, select Next.
  15. On the Proxy Settings page of the Microsoft Azure Site Recovery Registration Wizard, accept the default settings and select Next.
  16. On the Registration page of the Microsoft Azure Site Recovery Registration Wizard, select Finish.
  17. Switch back to the browser window displaying the Azure portal and refresh the page. When prompted, select Leave the page or Reload depending on the version of the browser.
  18. Back on the az30312b-rsvault | Site Recovery blade, in the Hyper-V machines to Azure section, select 1. Prepare infrastructure.
  19. On the Deployment planning tab of the Prepare infrastructure blade, in the Deployment planning completed? drop-down list, select Yes, I have done it and select Next.
  20. On the Source settings tab of the Prepare infrastructure blade, next to the Are you Using System Center VMM to manage Hyper-V hosts label, select the No option.
  21. Verify that the Hyper-V site and Hyper-V servers settings are set correctly and select Next.
  22. On the Target settings tab of the Prepare infrastructure blade, accept the default settings and select Next.
  23. On the Replication policy tab of the Prepare infrastructure blade, select Create new policy and associate.
  24. On the Create and associate policy blade, specify the following settings (leave others with their default values) and select OK:
SettingValue
Nameaz30312b replication policy
Copy frequency30 seconds
  1. Back on the Replication policy tab of the Prepare infrastructure blade, wait until the site has been associated with the policy and select Next.
  2. On the Review tab of the Prepare infrastructure blade, select Prepare.
  3. On the az30312b-rsvault | Site Recovery blade, in the Hyper-V machines to Azure section, select 2. Enable replication.
  4. On the Source environment tab of the Enable replication blade, in the Source location drop-down list, select az30312b Hyper-V site and select Next.
  5. On the Target environment tab of the Enable replication blade, specify the following settings (leave others with their default values) and select Next:
SettingValue
Subscriptionthe name of the Azure subscription you are using in this lab
Post-failover resource groupaz30312c-labRG
Post-failover deployment modelResource Manager
Storage accountthe name of the storage account you created in the first task of this exercise
NetworkConfigure now for selected machines
Virtual networkaz30312c-dr-vnet
Subnetsubnet0 (10.7.0.0/24)
  1. On the Virtual machine selection tab of the Enable replication blade, select the az30312a-vm1 checkbox and select Next.
  2. On the Replication settings tab of the Enable replication blade, in the Defaults row and OS type column, select Windows from the drop-down list and select Next.
  3. On the Replication policy tab of the Enable replication blade, accept the default settings and select Next.
  4. On the Review tab of the Enable replication blade, select Enable replication.

Task 3: Review Azure VM replication settings

  1. In the Azure portal, back on the az30312b-rsvault | Site Recovery blade, in the vertical menu, select Replicated items.
  2. On the az30312b-rsvault | Replicated items blade, ensure that there is an entry representing the az30312a-vm1 virtual machine and verify that its Replication Health is listed as Healthy and that its Status is listed as either Enabling protectionWaiting for first recovery point, or displaying a current percentage of synchronization progress.

Note: You might need to wait a few minutes until the az30312a-vm1 entry appears on the az30312b-rsvault | Replicated items blade.

  1. On the az30312b-rsvault | Replicated items blade, select the az30312a-vm1 entry.
  2. On the az30312a-vm1 replicated items blade, review the Health and statusFailover readinessLatest recovery points, and Infrastructure view sections. Note the Planned FailoverFailover and Test Failover toolbar icons.

Note: Wait until the status changes to Protected. This might take additional 15 minutes. You will need to refresh the browser page for the status to be updated.

  1. On the az30312a-vm1 replicated items blade, select Latest recovery points and review Latest crash-consistent and Latest app-consistent recovery points.

Task 4: Perform a failover of the Hyper-V virtual machine

  1. Within the Remote Desktop session to az30312a-hv-vm, in the browser window displaying the Azure portal, on the az30312a-vm1 replicated items blade, select Test failover.
  2. On the Test failover blade, specify the following settings (leave others with their default values) and select OK:
SettingValue
Choose a recovery pointthe default option
Azure virtual networkaz30312c-test-vnet
  1. In the Azure portal, navigate back to the az30312b-rsvault blade and select Site Recovery jobs. Wait until the status of the Test failover job is listed as Successful.
  2. In the Azure portal, search for and select Virtual machines and, on the Virtual machines blade, note the entry representing the newly provisioned virtual machine az30312a-vm1-test.
  3. In the Azure portal, navigate back to the on the az30312a-vm1 replicated items blade and select Cleanup test failover.
  4. On the Test failover cleanup blade, select the checkbox Testing is complete. Delete test failover virtual machine(s) and select OK.
  5. Once the test failover cleanup job completes, refresh the browser page displaying the az30312a-vm1 replicated items blade and note that you have the option to perform planned and unplanned failover.
  6. On the az30312a-vm1 replicated items blade, select Planned failover.
  7. On the Planned failover blade, note that the failover direction settings are already set and not modifiable.
  8. Close the Planned failover blade and, on the az30312a-vm1 replicated items blade, select Failover.
  9. On the Failover blade, note the available options geared towards minimizing potential data loss.
  10. Close the Failover blade. Failover operation may take 10 to 15 minutes to complete. DO NOT delete the resource group and other resources before completion or else Failover operation will abort. You can check the status of Failover on Site Recovery Jobs blade.

Task 5: Remove Azure resources deployed in the lab

  1. Within the Remote Desktop session to az30312a-hv-vm, in the browser window displaying the Azure portal, start a PowerShell session within the Cloud Shell pane.
  2. From the Cloud Shell pane, run the following to list the resource group you created in this exercise:
Get-AzResourceGroup -Name ‘az30312*’

Note: Verify that the output contains only the resource group you created in this lab. This group will be deleted in this task.

  1. From the Cloud Shell pane, run the following to delete the resource group you created in this lab
Get-AzResourceGroup -Name ‘az30312*’ | Remove-AzResourceGroup -Force -AsJob  
  1. Close the Cloud Shell pane.