A few weeks back we announced new capabilities in Azure Site Recovery that unlock different scenarios for Service Providers which enable them to offer value-added service on top of ASR. Specifically, with ASR and Azure Pack, Service Providers can now offer Managed DR as a premium service to their customers on top of IaaS workloads.
In this blog we will look at how Service Providers can leverage ASR integration with Azure Pack to offer Managed DR service to their customers while needing minimum configuration changes and user training. This blog will also give you an overview of how simple it is to create DR plans/add-ons, onboarding tenants and accessing virtual machines post failover.
As you can see in the architectural diagram above, Azure Pack, System Center Virtual Machine Manager (SCVMM) and Windows Server forms the foundation for delivering Azure consistent services.
As a Service Provider, to start offering DR you need to prepare your infrastructure, which can be done with few simple pre-requisites:
- Login to Azure portal to create an Azure Site Recovery Vault
- Download Microsoft Azure Site Recovery Provider and install it on both SCVMM servers.
- Register the Microsoft Azure Site Recovery Provider with ASR
- Configure SCVMM cloud for protection in the ASR portal
- Download ASR runbooks for Azure Pack from Microsoft Script Center and import them into Service Management Automation
Once the initial setup is complete, you are ready to roll out DR plans and leverage ASR capabilities that include automated protection, asynchronous replication and orderly recovery of the virtual workloads.
The following sections will walk you through the steps of creating a DR plan/add-on, scheduling ASR runbooks, onboarding tenants, managing failover drills and accessing VMs post failover.
Create a DR Plan/add-on
To offer a DR plan, you need to create and publish a plan, link a DR add-on to it and finally create a corresponding private recovery plan on secondary Azure Pack admin portal. To explain these steps in detail, let us use a plan named “Gold Plan” that we will link to a DR add-on.
To create a DR add-on expand PLAN, click on CREATE ADD-ON and give it a name as “DRAddon”. Now your add-on is created but it still needs to be configured. To configure an add-on click on the ADD-ONS in your Azure Pack and select the newly created add-on. You will see that under add-on services, “Virtual Machine Clouds” is not activated.
Click on the “Virtual Machine Clouds” and select the name of “VMM MANAGEMENT SERVER” and “VIRTUAL MACHINE CLOUD” that you have configured to use with Azure Pack in your primary data center.
Complete rest of the details like usage limit of cores, memory etc. depending upon your offering and check mark “Enable protection for all virtual machines” under custom settings, which is the latest addition with Azure Pack UR4 release.
You have now successfully created a DR add-on and next thing is to link it to the plan. To Link an add-on click on “Link a plan” and select “Gold Plan”.
By this step our DR Plan is ready for customers but this plan needs to have a corresponding private plan on the secondary Azure Pack. This private plan is the one that ensures that tenant’s subscriptions have the exact same services and offerings on the DR site. ASR automatically adds your tenant’s subscriptions from primary plan to the private plan on the secondary data center which helps in providing a consistent and seamless experience to tenants across both the datacenters.
To create a private plan login to the secondary Azure Pack admin portal and create a plan named “Gold Plan–Recovery”. It is important to note that the name of private plan should start with primary plan name followed by the suffix that could be anything but it would be recommended to use “-Recovery” for ease of identification
Once the private plan is created, you need to configure it similarly as mentioned in the earlier steps by selecting name of the secondary datacenter SCVMM Server and Virtual Machine Cloud.
Master Runbook
ASR runbooks help you deploy protection automatically, taking away the pain of manually enabling protection for each tenant. There are five runbooks in total that you need to import into your primary Azure Pack admin portal but you only need to configure and schedule the master runbook named “Invoke-AzureSiteRecoveryProtectionJob.ps1”. Rest of the runbooks are internally invoked by the master runbook for querying tenant subscriptions, enabling protection and adding copy of subscriptions from primary Azure Pack admin portal to secondary Azure Pack admin portal.
For scheduling and configuring the master runbook browse “AUTOMATION” in primary Azure Pack admin portal, select the master runbook and click on schedule. Provide a user friendly name to the schedule and specify frequency and time for the runbook. To complete the schedule you have to provide name of the assets as runbook parameters.
The complete details of asset creation can be found at Microsoft Script Center but to give you an idea, here is an example of creating one asset.
To create an asset for “PrimarySiteAdminConnection” parameter, browse to “AUTOMATION”, click “ASSETS” on the top and select “ADD SETTINGS” at the bottom middle
1.) Choose ADD CONNECTION
2.) Select name of connection type as “MgmntSvcAdmin” and nameit Primary Azure Pack Login
3.) Provide Computer Name, Password, Username of the primary Azure Pack
Similarly you can create rest of the assets and provide name of these assets in the master runbook.
Onboarding Tenants
Tenant onboarding is seamless as Tenants can see the new DR Plan/Add-on in their portal. As a tenant, one will subscribe to a DR Plan by going to his tenant portal account and signing up for the new plan. Once it is done, he has to add DR add-on to his subscription. Tenant account portal will look like below.
Tenant can create virtual machines in his portal and they will be shown in the portal.
There are no more additional steps for a tenant to perform !!
Automatic Protection
Once the tenant has subscribed to the plan, ASR runbook will do the following two tasks:
- Automatically detect subscriptions with DR-enabled plan on primary Azure Pack admin portal and add the copy of that subscription to the secondary Azure Pack private plan
- Enable protection for the tenant virtual machines and replicate all the virtual machines to the recovery Azure pack
Note: User accounts would not be added automatically by the runbooks to the Secondary Azure Pack and we assume that Service Provider would do that out-of-band using technologies like Active Directory Federation Services (ADFS).
In the screenshot below you can see that tenant subscription under “Gold Plan” from Azure Pack primary admin portal is added to the “Gold Plan-Recovery” on Azure Pack secondary admin portal.
Primary Azure Pack
Secondary Azure Pack
ASR runbooks have enabled protection for tenant’s virtual machines, which means runbooks have automatically triggered the job in Azure Site Recovery portal, as shown below, which otherwise would have been a manual step.
In Primary Azure Pack admin portal you can also see the runbook jobs view to get the details of the jobs done by runbooks.
Perform Failover in ASR portal
Through Azure Site Recovery portal, Service Providers can manage both DR drills and failovers for customer applications. Service Providers can leverage the functionality of Recovery Plan, Test Failover and other failover operations in ASR portal and offer optimum RPO\RTO to their customers.
In this blog, we have used a ASR Recovery Plan to show how tenant virtual machines can be failed over. To do a planned failover, login to the Azure Site Recovery Portal and create a Recovery Plan. As you can see in the screenshot below, here in this Recovery Plan, tenant VMs are divided into two groups which means that the database server VM would boot up first on the recovery site followed by rest of the three VMs. This is to ensure that the backend virtual machines come up before the VMs that depends on it
Accessing VMs post Failover
With ASR and Azure Pack, tenants get a consistent experience on the secondary datacenter. As a Service Provider, you have to share the link of the Azure Pack tenant portal of secondary site with your customers. They can login to it and can seamlessly access their virtual machines in the exact same way as they were on the primary Azure Pack portal. Below screenshot shows the view when tenant login to the Azure Pack tenant portal on the secondary site. It shows all the 4 virtual machines are in running state after failover.
In this post, you learnt how Service Providers can rollout DR plans/add-ons to their customers and enable automatic protection using ASR runbooks. We also covered how easy it is for tenants to subscribe a DR plan and access their VMs post failover. ASR integration with Azure Pack not only allows Service Providers to provide DRaaS with minimal changes to their existing Azure Pack setup, it also provides them a unique opportunity to increase their revenues by offering complete solution of IaaS with DR.
If you are excited to try out, check out the getting startedguide ofAzure Site Recovery integration with WAP
If you have further questions, please visit the Azure Site Recovery forum on MSDN for additional information and to engage with other customers.