Lab: Protecting Hyper-V VMs by using Azure Site Recovery

Student lab manual

Lab scenario

While Adatum Corporation has, over the years, implemented a number of high availability provisions for their on-premises workloads, its disaster recovery capabilities are still insufficient to address the Recovery Point Objectives (RPOs) and Recovery Time Objectives (RTOs) demanded by its business. Maintaining the existing secondary on-premises site requires an extensive effort and incurs significant costs. The failover and failback procedures are, for the most part, manual and are poorly documented.

To address these shortcomings, the Adatum Enterprise Architecture team decided to explore capabilities of Azure Site Recovery, with Azure taking on the role of the hoster of the secondary site. Azure Site Recovery automatically and continuously replicates workloads running on physical and virtual machines from the primary to the secondary site. Site Recovery uses storage-based replication mechanism, without intercepting application data. With Azure as the secondary site, data is stored in Azure Storage, with built-in resilience and low cost. The target Azure VMs are hydrated following a failover by using the replicated data. The Recovery Time Objectives (RTO) and Recovery Point objectives are minimized since Site Recovery provides continuous replication for VMware VMs and replication frequency as low as 30 seconds for Hyper-V VMs. In addition, Azure Site Recovery also handles orchestration of failover and failback processes, which, to large extent, can be automated. It is also possible to use Azure Site Recovery for migrations to Azure, although the recommended approach relies on Azure Migrate instead.

The Adatum Enterprise Architecture team wants to evaluate the use of Azure Site Recovery for protecting on-premises Hyper-V virtual machines to Azure VM.

Objectives

After completing this lab, you will be able to:

  • Configure Azure Site Recovery

  • Perform test failover

  • Perform planned failover

  • Perform unplanned failover

Lab Environment

Windows Server admin credentials

  • User Name: Student

  • Password: Pa55w.rd1234

Estimated Time: 120 minutes

Lab Files

  • \\AZ303\AllFiles\Labs\07\azuredeploy30307suba.json

Exercise 0: Prepare the lab environment

The main tasks for this exercise are as follows:

  1. Deploy an Azure VM by using an Azure Resource Manager QuickStart template

  2. Configure nested virtualization in the Azure VM

Task 1: Deploy an Azure VM by using an Azure Resource Manager QuickStart template

  1. From your lab computer, start a web browser, navigate to the Azure portal, and sign in by providing credentials of a user account with the Owner role in the subscription you will be using in this lab.

  2. In the Azure portal, open Cloud Shell pane by selecting on the toolbar icon directly to the right of the search textbox.

  3. If prompted to select either Bash or PowerShell, select PowerShell.

    Note: If this is the first time you are starting Cloud Shell and you are presented with the You have no storage mounted message, select the subscription you are using in this lab, and select Create storage.

  4. In the toolbar of the Cloud Shell pane, select the Upload/Download files icon, in the drop-down menu select Upload, and upload the file \\AZ303\AllFiles\Labs\07\azuredeploy30307suba.json into the Cloud Shell home directory.

  5. From the Cloud Shell pane, run the following to create a resource groups (replace the <Azure region> placeholder with the name of the Azure region that is available for deployment of Azure VMs in your subscription and which is closest to the location of your lab computer):

    $location = '<Azure region>'
    New-AzSubscriptionDeployment `
      -Location $location `
      -Name az30307subaDeployment `
      -TemplateFile $HOME/azuredeploy30307suba.json `
      -rgLocation $location `
      -rgName 'az30307a-labRG'
    

    Note: To identify Azure regions where you can provision Azure VMs, refer to https://azure.microsoft.com/en-us/regions/offers/

  6. In the Azure portal, close the Cloud Shell pane.

  7. From your lab computer, open another browser tab, navigate to the 301-nested-vms-in-virtual-network Azure QuickStart template and select Deploy to Azure. This will automatically redirect the browser to the Hyper-V Host Virtual Machine with nested VMs blade in the Azure portal.

  8. On the Hyper-V Host Virtual Machine with nested VMs blade in the Azure portal, specify the following settings (leave others with their default values):

    Setting Value
    Subscription the name of the Azure subscription you are using in this lab
    Resource group az30307a-labRG
    Host Public IP Address Name az30307a-hv-vm-pip
    Virtual Network Name az30307a-hv-vnet
    Host Network Interface1Name az30307a-hv-vm-nic1
    Host Network Interface2Name az30307a-hv-vm-nic2
    Host Virtual Machine Name az30307a-hv-vm
    Host Admin Username Student
    Host Admin Password Pa55w.rd1234
  9. On the Hyper-V Host Virtual Machine with nested VMs blade, select Review + create and then select Create.

    Note: Wait for the deployment to complete. The deployment might take about 10 minutes.

Task 2: Configure nested virtualization in the Azure VM

  1. In the Azure portal, search for and select Virtual machines and, on the Virtual machines blade, select az30307a-hv-vm.

  2. On the az30307a-hv-vm blade, select Networking.

  3. On the **az30307a-hv-vm Networking** blade, select az30307a-hv-vm-nic1 and then select Add inbound port rule.

    Note: Make sure that you modify the settings of az30307a-hv-vm-nic1, which has the public IP address assigned to it.

  4. On the Add inbound security rule blade, specify the following settings (leave others with their default values) and select Add:

    Setting Value
    Destination port range 3389
    Protocol Any
    Name AllowRDPInBound
  5. On the az30307a-hv-vm blade, select Overview.

  6. On the az30307a-hv-vm blade, select Connect, in the drop-down menu, select RDP, and then click Download RDP File.

  7. When prompted, sign in with the following credentials:
  • User Name: Student

  • Password: Pa55w.rd1234

  1. Within the Remote Desktop session to az30307a-hv-vm, in the Server Manager window, click Local Server, click the On link next to the IE Enhanced Security Configuration label, and, in the IE Enhanced Security Configuration dialog box, select both Off options.

  2. Within the Remote Desktop session to az30307a-hv-vm, start Internet Explorer, browse to Windows Server Evaluations, and download the Windows Server 2019 VHD file to the F:\VHDs folder (you will need to create it first).

  3. Within the Remote Desktop session to az30307a-hv-vm, start Hyper-V Manager.

  4. In the Hyper-V Manager console, select the az30307a-hv-vm node, select New and, in the cascading menu, select Virtual Machine. This will start the New Virtual Machine Wizard.

  5. On the Before You Begin page of the New Virtual Machine Wizard, select Next >.

  6. On the Specify Name and Location page of the New Virtual Machine Wizard, specify the following settings and select Next >:

    Setting Value
    Name az30307a-vm1
    Store the virtual machine in a different location selected
    Location F:\VMs

    Note: Make sure to create the F:\VMs folder.

  7. On the Specify Generation page of the New Virtual Machine Wizard, ensure that the Generation 1 option is selected and select Next >:

  8. On the Assign Memory page of the New Virtual Machine Wizard, set Startup memory to 2048 and select Next >.

  9. On the Configure Networking page of the New Virtual Machine Wizard, in the Connection drop-down list select NestedSwitch and select Next >.

  10. On the Connect Virtual Hard Disk page of the New Virtual Machine Wizard, select the option Use an existing virtual hard disk, set location to the VHD file you downloaded to the F:\VHDs folder, and select Next >.

  11. On the Summary page of the New Virtual Machine Wizard, select Finish.

  12. In the Hyper-V Manager console, select the newly created virtual machine and select Start.

  13. In the Hyper-V Manager console, verify that the virtual machine is running and select Connect.

  14. In the Virtual Machine Connection window to az30307a-vm1, on the Hi there page, select Next.

  15. In the Virtual Machine Connection window to az30307a-vm1, on the License terms page, select Accept.

  16. In the Virtual Machine Connection window to az30307a-vm1, on the Customize settings page, set the password of the built-in Administrator account to Pa55w.rd1234 and select Finish.

  17. In the Virtual Machine Connection window to az30307a-vm1, sign in by using the newly set password.

  18. In the Virtual Machine Connection window to az30307a-vm1, start Windows PowerShell and, in the Administrator: Windows PowerShell window run the following to set the computer name.

    Rename-Computer -NewName 'az30307a-vm1' -Restart
    

Exercise 1: Create and configure an Azure Site Recovery vault

The main tasks for this exercise are as follows:

  1. Create an Azure Site Recovery vault

  2. Configure the Azure Site Recovery vault

Task 1: Create an Azure Site Recovery vault

  1. Within the Remote Desktop session to az30307a-hv-vm, start Internet Explorer, navigate to the Azure portal, and sign in by providing credentials of a user account with the Owner role in the subscription you will be using in this lab.

  2. In the Azure portal, search for and select Recovery Services vaults and, on the Recovery Services vaults blade, select + Add.

  3. On the Basics tab of the Create Recovery Services vault blade, specify the following settings (leave others with their default values) and select Review + create:

    Setting Value
    Subscription the name of the Azure subscription you are using in this lab
    Resource group the name of a new resource group az30307b-labRG
    Vault name az30307b-rsvault
    Location the name of the Azure region different from the one into which you deployed the virtual machine earlier in this lab
  4. On the Review + create tab of the Create Recovery Services vault blade, select Create:

    Note: By default, the default configuration for Storage Replication type is set to Geo-redundant (GRS) and Soft Delete is enabled. You will change these settings in the lab to simplify deprovisioning, but you should use them in your production environments.

Task 2: Configure the Azure Site Recovery vault

  1. In the Azure portal, search for and select Recovery Services vaults and, on the Recovery Services vaults blade, select az30307b-rsvault.

  2. On the az30307b-rsvault blade, select Properties.

  3. On the **az30307b-rsvault Properties** blade, select the Update link under the Backup Configuration label.
  4. On the Backup Configuration blade, set Storage replication type to Locally-redundant, select Save and close the Backup Configuration blade.

    Note: Storage replication type cannot be changed once you start protecting items.

  5. On the **az30307b-rsvault Properties** blade, select the Update link under the Security Settings label.
  6. On the Security Settings blade, set Soft Delete to Disable, select Save and close the Security Settings blade.

Exercise 2: Implement Hyper-V protection by using Azure Site Recovery vault

The main tasks for this exercise are as follows:

  1. Implement the target Azure environment

  2. Implement protection of a Hyper-V virtual machine

  3. Perform a failover of the Hyper-V virtual machine

  4. Remove Azure resources deployed in the lab

Task 1: Implement the target Azure environment

  1. In the Azure portal, search for and select Virtual networks and, on the Virtual networks blade, select + Add.

  2. On the Basics tab of the Create virtual network blade, specify the following settings (leave others with their default values) and select Next: IP Addresses:

    Setting Value
    Subscription the name of the Azure subscription you are using in this lab
    Resource group the name of a new resource group az30307c-labRG
    Name az30307c-dr-vnet
    Region the name of the Azure region into which you deployed the Recovery Services vault in the previous exercise of this lab
  3. On the IP addresses tab of the Create virtual network blade, in the IPv4 address space text box, type 10.7.0.0/16 and select + Add subnet.

  4. On the Add subnet blade, specify the following settings (leave others with their default values) and select Add:

    Setting Value
    Subnet name subnet0
    Subnet address range 10.7.0.0/24
  5. Back on the IP addresses tab of the Create virtual network blade, select Review + create.

  6. On the Review + create tab of the Create virtual network blade, select Create.

  7. In the Azure portal, search for and select Virtual networks and, on the Virtual networks blade, select + Add.

  8. On the Basics tab of the Create virtual network blade, specify the following settings (leave others with their default values) and select Next: IP Addresses:

    Setting Value
    Subscription the name of the Azure subscription you are using in this lab
    Resource group az30307c-labRG
    Name az30307c-test-vnet
    Region the name of the Azure region into which you deployed the Recovery Services vault in the previous exercise of this lab
  9. On the IP addresses tab of the Create virtual network blade, in the IPv4 address space text box, type 10.7.0.0/16 and select + Add subnet.

  10. On the Add subnet blade, specify the following settings (leave others with their default values) and select Add:

    Setting Value
    Subnet name subnet0
    Subnet address range 10.7.0.0/24
  11. Back on the IP addresses tab of the Create virtual network blade, select Review + create.

  12. On the Review + create tab of the Create virtual network blade, select Create.

  13. In the Azure portal, search for and select Storage accounts and, on the Storage accounts blade, select + Add.

  14. On the Basics tab of the Create storage account blade, specify the following settings (leave others with their default values):

    Setting Value
    Subscription the name of the Azure subscription you are using in this lab
    Resource group az30307c-labRG
    Storage account name any globally unique name between 3 and 24 in length consisting of letters and digits
    Location the name of the Azure region in which you created the virtual network earlier in this task
    Performance Standard
    Account kind StorageV2 (general purpose v2)
    Replication Locally redundant storage (LRS)
  15. On the Basics tab of the Create storage account blade, select Review + create.

  16. On the Review + create tab of the Create storage account blade, select Create.

Task 2: Implement protection of a Hyper-V virtual machine

  1. Within the Remote Desktop session to az30307a-hv-vm, in the Azure portal, on the az30307b-rsvault blade, in the Getting started section, select Site Recovery

  2. On the az30307b-rsvault | Site Recovery blade, in the Hyper-V machines to Azure section, select 1. Prepare infrastructure.

  3. On the Deployment planning tab of the Prepare infrastructure blade, in the Deployment planning completed? drop-down list, select Yes, I have done it and select Next.

  4. On the Source settings tab of the Prepare infrastructure blade, next to the Are you Using System Center VMM to manage Hyper-V hosts label, select the No option.

  5. On the Source settings tab of the Prepare infrastructure blade, select the Add Hyper-V site link, on the Create Hyper-V Site blade, in the Name text box, type az30307b Hyper-V site and select OK:

  6. On the Source settings tab of the Prepare infrastructure blade, select the Add Hyper-V server link.

  7. On the Add Server blade, select the Download link in step 3 of the procedure for adding on-premises Hyper-V hosts in order to download the Microsoft Azure Site Recovery Provider.

  8. When prompted, in the browser window, select Run to launch AzureSiteRecoveryProvider.exe. This will start the Azure Site Recovery Provider Setup (Hyper-V server) wizard.

  9. On the Microsoft Update page, select Off and select Next.

  10. On the Provider installation page, select Install.

  11. Switch to the Azure portal and, on the Add Server blade, select the Download button in step 4 of the procedure for registering on-premises Hyper-V hosts in order to download the vault registration key. When prompted, select Save to save the vault credentials file in the Downloads folder.

  12. Switch to the Provider installation wizard window and select Register. This will start the Microsoft Azure Site Recovery Registration Wizard.

  13. On the Vault Settings page of the Microsoft Azure Site Recovery Registration Wizard, select Browse, in the Open window, navigate to the Downloads folder, select the vault credentials file, and select Open.

  14. Back on the Vault Settings page of the Microsoft Azure Site Recovery Registration Wizard, select Next.

  15. On the Proxy Settings page of the Microsoft Azure Site Recovery Registration Wizard, accept the default settings and select Next.

  16. On the Registration page of the Microsoft Azure Site Recovery Registration Wizard, select Finish.

  17. Switch back to the Internet Explorer window displaying the Azure portal and refresh the page. When prompted, select Leave the page.

  18. Back on the **az30307b-rsvault Site Recovery** blade, in the Hyper-V machines to Azure section, select 1. Prepare infrastructure.
  19. On the Deployment planning tab of the Prepare infrastructure blade, in the Deployment planning completed? drop-down list, select Yes, I have done it and select Next.

  20. On the Source settings tab of the Prepare infrastructure blade, next to the Are you Using System Center VMM to manage Hyper-V hosts label, select the No option.

  21. Verify that the Hyper-V site and Hyper-V servers settings are set correctly and select Next.

  22. On the Target settings tab of the Prepare infrastructure blade, accept the default settings and select Next.

  23. On the Replication policy tab of the Prepare infrastructure blade, select Create new policy and associate.

  24. On the Create and associate policy blade, specify the following settings (leave others with their default values) and select OK:

    Setting Value
    Name az30307b replication policy
    Copy frequency 30 seconds
  25. Back on the Replication policy tab of the Prepare infrastructure blade, wait until the site has been associated with the policy and select Next.

  26. On the Review tab of the Prepare infrastructure blade, select Prepare.

  27. On the az30307b-rsvault | Site Recovery blade, in the Hyper-V machines to Azure section, select 2. Enable replication.

  28. On the Source environment tab of the Enable replication blade, in the Source location drop-down list, select az30307b Hyper-V site and select Next.

  29. On the Target environment tab of the Enable replication blade, specify the following settings (leave others with their default values) and select Next:

    Setting Value
    Subscription the name of the Azure subscription you are using in this lab
    Post-failover resource group az30307c-labRG
    Post-failover deployment model Resource Manager
    Storage account the name of the storage account you created in the first task of this exercise
    Azure network Configure now for selected machines
    Post-failover Azure network az30307c-dr-vnet
    Subnet subnet0 (10.7.0.0/24)
  30. On the Virtual machine selection tab of the Enable replication blade, select the az30307a-vm1 checkbox and select Next.

  31. On the Replication settings tab of the Enable replication blade, in the Defaults row and OS type column, select Windows from the drop-down list and select Next.

  32. On the Replication policy tab of the Enable replication blade, accept the default settings and select Next.

  33. On the Review tab of the Enable replication blade, select Enable replication.

Task 3: Review Azure VM replication settings

  1. In the Azure portal, back on the az30307b-rsvault | Site Recovery blade, in the vertical menu, select Replicated items.

  2. On the az30307b-rsvault | Replicated items blade, ensure that there is an entry representing the az30307a-vm1 virtual machine and verify that its Replication Health is listed as Healthy and that its Status is listed as either Enabling protection or displaying a current percentage of synchronization progress.

    Note: You might need to wait a few minutes until the az30307a-vm1 entry appears on the az30307b-rsvault | Replicated items blade.

  3. On the az30307b-rsvault | Replicated items blade, select the az30307a-vm1 entry.

  4. On the az30307a-vm1 replicated items blade, review the Health and status, Failover readiness, Latest recovery points, and Infrastructure view sections. Note the Planned Failover, Failover and Test Failover toolbar icons.

    Note: Wait until the status changes to Protected. This might take additional 15 minutes. You will need to refresh the browser page for the status to be updated.

  5. On the az30307a-vm1 replicated items blade, select Latest recovery points and review Latest crash-consistent and Latest app-consistent recovery points.

Task 4: Perform a failover of the Hyper-V virtual machine

  1. Within the Remote Desktop session to az30307a-vm0, in the browser window displaying the Azure portal, on the az30307a-vm1 replicated items blade, select Test failover.

  2. On the Test failover blade, specify the following settings (leave others with their default values) and select OK:

    Setting Value
    Choose a recovery point the default option
    Azure virtual network az30307c-test-vnet
  3. In the Azure portal, navigate back to the az30307b-rsvault blade and select Site Recovery jobs. Wait until the status of the Test failover job is listed as Successful.

  4. In the Azure portal, search for and select Virtual machines and, on the Virtual machines blade, note the entry representing the newly provisioned virtual machine az30307a-vm1-test.

  5. In the Azure portal, navigate back to the on the az30307a-vm1 replicated items blade and select *Cleanup test failover.

  6. On the Test failover cleanup blade, select the checkbox Testing is complete. Delete test failover virtual machine(s) and select OK.

  7. Once the test failover cleanup job completes, refresh the browser page displaying the az30307a-vm1 replicated items blade and note that you have the option to perform planned and unplanned failover.

  8. On the az30307a-vm1 replicated items blade, select Planned failover.

  9. On the Planned failover blade, note that the failover direction settings are already set and not modifiable.

  10. Close the Planned failover blade and, on the az30307a-vm1 replicated items blade, select Failover.

  11. On the Failover blade, note the available options geared towards minimizing potential data loss.

  12. Close the Failover blade.

Task 4: Remove Azure resources deployed in the lab

  1. Within the Remote Desktop session to az30307a-vm0, in the browser window displaying the Azure portal, start a PowerShell session within the Cloud Shell pane.

  2. From the Cloud Shell pane, run the following to list the resource group you created in this exercise:

    Get-AzResourceGroup -Name 'az30307*'
    

    Note: Verify that the output contains only the resource group you created in this lab. This group will be deleted in this task.

  3. From the Cloud Shell pane, run the following to delete the resource group you created in this lab

    Get-AzResourceGroup -Name 'az30307*' | Remove-AzResourceGroup -Force -AsJob
    
  4. Close the Cloud Shell pane.