Azure services

How to replicate Azure VM to a secondary Azure Region?

When it comes to Disaster recovery solutions, most of the time we select a different physical site as a backup/replication target. This is because if the primary site is down, we still have a copy of data safe on different site. We also can do the same with Azure VM. By using Azure Site Recovery Service, we can simply replicate existing Azure VM to a secondary Azure Region.

Let’s go ahead and see how we can do this.

For the configuration process, I will be using PowerShell as well as GUI. Therefore, please make sure you have an Azure PowerShell module installed. More info about it can find under https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-3.8.0

Create an Azure VM to use as Source

I like to begin the configuration process by creating a Test VM. To do that,
1. Launch PowerShell console and connect to Azure using Connect-AzAccount
2. Then create a new resource group using,

New-AzResourceGroup -Name REBELRG1 -Location “East US”

Azure resource group for Source Azure VM

In the above, REBELRG1 is the resource group name and its created-in East US Azure region.

3. The next step is to create a new virtual network under REBELRG1 resource group.

$vmsubnet = New-AzVirtualNetworkSubnetConfig -Name vmsubnet -AddressPrefix “10.0.2.0/24”
New-AzVirtualNetwork -Name REBELVN1 -ResourceGroupName REBELRG1 -Location “East US” -AddressPrefix “10.0.0.0/16” -Subnet $vmsubnet

Azure virtual network for source

In the above, REBELVN1 is the new virtual network name. It has 10.0.0.0/16 address space. It also has a new subnet 10.0.2.0/24 (vmsubnet) for virtual machines.

4. As the next step of the configuration, I am going to create a new virtual machine under REBELRG1 resource group. This will be used for testing purposes.

$mylogin = Get-Credential
New-AzVm -ResourceGroupName REBELRG1 -Name “REBELTVM01” -Location “East US” -VirtualNetworkName “REBELVN1” -SubnetName “vmsubnet” -addressprefix 10.0.2.0/24 -PublicIpAddressName “REBELVM01IP1” -OpenPorts 3389 -Image win2019datacenter -Size Standard_D2s_v3 -Credential $mylogin

Create Azure VM

In the above, I am creating a virtual machine called REBELTVM01 in East US Azure region. It is running windows server 2019 data center edition. I have specified it using -Image parameter. It also using Standard_D2s_v3 vm size. For networking, it uses REBELVN1 virtual network and subnet 10.0.2.0/24.

5. Then I log in to the VM and created a folder and a file to use later for testing.

New-Item -Path ‘C:\REBELTest’ -ItemType Directory
New-Item -Path ‘C:\REBELTest\Test1.txt’ -ItemType File

Create test files for Azure replication testing

Create Azure Resource Group and Azure Virtual Network for Target

In this demo, I am going to replicate Azure VM to “Canada Central” Azure region. Before I start replication, I like to create a new resource group and virtual network for it.

1. Create a new resource group using,

New-AzResourceGroup -Name RECOVERRG1 -Location “Canada Central”

Azure resource group for target

In the above, RECOVERRG1 is the resource group name, and its created in “Canada Central” Azure region.

2. The next step is to create a new virtual network under RECOVERRG1 resource group.

$vmsubnet2 = New-AzVirtualNetworkSubnetConfig -Name vmsubnet2 -AddressPrefix “10.1.3.0/24”
New-AzVirtualNetwork -Name REBELVN2 -ResourceGroupName RECOVERRG1 -Location “Canada Central” -AddressPrefix “10.1.0.0/16” -Subnet $vmsubnet2

create azure virtual network for target

In the above, REBELVN2 is the new virtual network name. It has 10.1.0.0/16 address space. It also has a new subnet 10.1.3.0/24 (vmsubnet2) for virtual machines.

Enable Azure VM Replication

Now we have the test VM and resource group ready. Let’s go ahead and enable the replication.
To do that,

1. Log in to Azure portal (https://portal.azure.com/) as a global administrator

2. Then go to the properties page of REBELTVM01 Virtual Machine.

3. Then click on Disaster recovery

Azure Disaster Recovery

4. This will open Azure Site Recovery configuration page. In the Target region option select Canada Central

Azure VM replication target region

5. Then click on the Advanced settings tab.

Azure VM Disaster Recovery advanced options

6. Under VM resource group option select RECOVERRG1. This is the resource group we created for target resources. For the Virtual network option select REBELVN2, the virtual network we created in the previous section. Then at the end click on Review + Start replication

Azure VM replication target resource group and virtual network settings

7. Review the configuration settings on the page and click on Start replication to complete the configuration.

Start Azure VM replication

Testing

Once replication is enabled, we can verify replication health by going into the virtual machine properties page | Disaster Recovery

Azure VM Replication health

We can test the failover process by doing a test failover. To do that, click on the Test Failover option

Azure VM Test Failover

Then select recovery point, virtual network, and then click on OK.

Azure VM Test Failover Options

After few minutes I can see Azure spin up test VM.

Azure Replicated VM

Azure replicated VM properties

 

With failover, VM will not have a public IP address. We need to assign public IP manually or using a runbook after the failover (unless you have a jump box in the target network).

To assign public ip to VM, search for a network interface in the portal search box.

Azure network interface

From the list, click on the interface belong to failover vm.

Azure replicated VM network interface

Then go to IP configuration and click on the already existing IP address.

Azure VM ip address settings

In the properties page associate new public ip to it.

Assign Azure Public IP Address

Once the allocation is completed, log in to VM using new public IP.
Then verify if the VM has the test folder and file we created on the source.

Replicated folders and files

As we can see, Azure VM replication to a secondary region is working as expected.

This marks the end of this blog post. I hope now you have a better understanding of how we can replicate Azure VM to a secondary region using Azure Site Recovery Service. If you have any further questions about this feel free to contact me on rebeladm@live.com also follow me on twitter @rebeladm to get updates about new blog posts.

Related posts
Azure services

Microsoft Entra Permissions Management – Part 01 – Azure Subscription Onboarding

Today’s rapidly changing digital landscape creates new identity and access challenges. Microsoft…
Read more
Azure servicesMicrosoft Entra IDMicrosoft Technologies

Step-by-Step Guide : Automate JML(Joiners/Movers/Leavers) process with Microsoft Entra lifecycle workflows

JML (Joiners/Movers/Leavers) process of an organization has a major impact on its security and…
Read more
Azure servicesCyber SecurityMicrosoft Defender

Microsoft Defender for Identity Part 04 – Network Requirements

This is the Part 04 of the Microsoft Defender for Identity blog series and so far in this series, we…
Read more
Newsletter
Become a Trendsetter

Sign up and get the best of RebelAdmin, tailored for you.

Leave a Reply

Your email address will not be published. Required fields are marked *