Onboarding : Azure Migration and Recovery


  • Planning to move several datacenters to azure and workloads are VMware VMs and Relational databases.
  • Protect Azure Infrastructure with Site Recovery
  • Protect on-prem infrastructure from disaster by using Azure Site Recovery

Key Concepts

  • BCDR
  • Azure Region: Regions, where Microsoft hast at least one or many datacenters.
  • Azure Paired Regions: Each Azure Region is paired with another Azure Region within the same geography.

Azure Paired Regions

  • They make together a regional pair.
  • Across the region pairs azure serializes platform update (planned maintenance)
  • One paired region is updated at a time
  • For BCDR we can use paired region to use Azre’s isolation and availability poilicies
  • For active/active models use paired regions to optimize availability for application and minimize recovery time in the event of a disaster.

Benefits of paired regions

  • Physical isolation
    • at least 300 miles of separation
    • reduce the likelihood of natural disasters, civil unrest, power outage, physical network outage
  • Platform-provided replication
    • Some services such as Geo-Redundant Storage provide automatic replication to the paired region.
  • Region recovery order
    • The application that are deployed across paired regions are guaranteed to have one of the regions recovered with priority. but not paired across region deployed might be delayed.
  • Sequential updates for paired regions
  • Data residency
    • pairs are reside in the same geography


Azure migration Framewotk

Microsoft has a four stages framework for a successful migration.


The cloud solution architect must consider the framework and provide a buisiness plan for migration.

What happens in Assess step

Discover and evaluation
Involve key stackholders
Estimate cost saving
Identify tools

Discover and evaluation
  • Full assessment of the current environment and identify servers, applications, and services -> integrate the business team for feedback, guidance, and support.
  • Create full inventory and dependancy map of servers and services and each application must be fully investigated.
  • Available application’s migration options (manual step)
    • Rehost: recreating the existing infrastructure in azure, least impact and minimal changes, e.g. move vms from datacenter to azure.
    • Refactor: move services on a vm to platform-as-a-service (paas) services, reduce operational requirements, improve release agility, keeps costs low, small enhancement on efficiency, large impact on perormance.
    • Rearchitect: change to cloud native, or change to containers, or microservices to be able to move to cloud.
    • Rebuild: rebuild software if the costs of rearchitect is more than starting from scratch.
    • Replace: using third-parties or software-as-a-servive (saas) options.
Involve key stackholders

The superusers have to be involved.

Estimate cost saving

Use the Azure Total Cost of Ownership (TCO) calculator to estimate the real costs of supporting and consider the point, that migration’s business plan is to reduce costs.

Identify tools
Azure migrateassess, migrateperforms assessment and migrate VMware vms, Hyper-v vms, physical servers, databases, data, virtual desktops, web applications to azure.
Service mapassessmaps communication between applications components on win/linux for identifying dependancies
Azure tco calculatorassessestimates monthly running costs azure vs. on-prem
Azure database migration servicemigrateuses DATA MIGRATION ASSISTANT for migrate to azure.
Data migrate toolmigratemigrate database to azure cosmos db.
Azure cost managementoptimizehelps to monitor,control, and optimize ongoing azure costs.
Azure advisoroptimizehelps to optimize resuorces for better availability, performance, and cost.
Azure monitormonitorhelps to monitor entire performance, and application health, and setting notifications.
Azure sentinelmonitorprovides intelligent sercurity analytics for application.

What happens in Migrate step

Deploy cloud infrastructure target
Migrate workloads
Decomission on-prem infrastructure

What happens in Optimize step

Analyze running costs
Review opportunities to review

What happens in Monitor step

Integrate health and performance monitoring

Azure Site Recovery

Each organization with cloud infrastructure must have a Business Continuity and disaster recovery (BCDR) plan and the projects separately as well.

About Site Recovery

  • provides disaster recovery for azure infrastructure by orchestrating replication, failover, and failback of azure VMs.
  • Azure site recovery replicates workloads between a primary and secondary sites
  • It can migrate VMs from on-prem to azure.
  • it does a repplication for Business Continuity and Disaster Recovery (BCDR) .
  • replicates vms’ workloads to a secondary region (site recovery can be used for migration as well)
  • For Site Recovery we use Azure Recovery Service Vault. Service Vault uses the storage to keep data backups, Vm configurations, workloads.
Diagram showing a VM environment that is unavailable and failing over to a secondary environment
Source : https://docs.microsoft.com/en-us/learn/modules/protect-infrastructure-with-site-recovery/2-what-is-site-recovery

Site Recovery Features

it orchestrales the disaster recovery and repplications from on-prem to azure and vice versa. It test (disaster recovery drills) seamlesly without affecting production woerkloads.

Azure VM Protection
– Site Recovery protects Azure VMs by created Vms’ mirror and creates associated resource group, storage, Vnet, and availability sets with site recovery suffix.

Snapshots and recovery points
– we can defines policies to specify the retention history of recovery points and frequency of snapshots.
– Creates recovery points from snapshots

Snapshot types
Crash-consistent : for recovery data on-disk every 5 minutes by default
App-consistant: all data as crash-consistent and in-memory data and in-process transactions (Site Recovery can restore a VM and any running apps without any data loss). Capturing snapshot any 60 minutes by default.

Recovery points are kept for 24 hours by default and can be extended to 72 hours.

Replication to secondary region
– After enabling the replication the extension is installed on VM and VM is registered to Site Recovery.
– Continnous replication of the VM begins with any write to the disk and is immediately transferred to the local storage. Site recovery replicate cache into storage in destination

Disaster recovery (DR) drills
– DR drill enables you to validate the replication strategy without loosing data, downtime or compromising production environment.

Flexible failover and failback

Business continuity and disaster recovery (BCDR)
This is important because loss of service causes
– lost rerevenue
– Company can face financial penalties for breaking agreements

As part of BCDR we have to identify the following objectives for the application. These objectives help to realize the maximum tolerable hours that your business can be withouot specified services, and what the data recovery should be.
– Recovery Time Objectives (RTOs)
– Recovery Point Objectives (RPOs)

Recovery Time Objective: is the maximum amount of time that business can survive after a disaster before normal service is restored. If RTO is 12 hours, means that operation can continue without business’s core functioning and if downtime is 24 hours the would be seriously harmed.

Recovery Point Objective. is the maximum amount of data loss that’s acceptable during the disaster.

Azure Site Recovery prerequities

  • Add a Recovery Services Vault
  • Organize target resources -> target region must be different region than source region
  • Configure outbound network connectivity
  • Set up replication on existing VMs

Protect Infrastructure with Site recovery

The site recovery install ‘Mobility Service on source VMs’ automatically. If it fails we can install it manually on the VMs in source.

For example: run the following code block in azure bash to get ready to test site recovery

curl https://raw.githubusercontent.com/MicrosoftDocs/mslearn-protect-infrastructure-with-azure-site-recovery/master/deploy.json > deploy.json

az group create --name west-coast-rg --location westus2
az group create --name east-coast-rg --location eastus2

az deployment group create \
    --name asrDeployment \
    --template-file deploy.json \
    --parameters storageAccounts_asrcache_name=asrcache$RANDOM \
    --resource-group west-coast-rg

Source : https://docs.microsoft.com/en-us/learn/modules/protect-infrastructure-with-site-recovery/3-site-recovery-setup

After creating the source and Recovery Vault, we can go to vault and use ‘+ Replicate’ button. Based on the ‘Source Location’ only the resource groups in the same region can be selected.

And then we select the VMs in next step and ok.

And then use the ‘Customize’ button for Resource group, and…

And change it as follows

Screenshot sowing selecting the east coast resource group

And at the end enable replication.

Protect on-prem infrastructure from disaster by using Azure Site Recovery

To be able to use Azure Site Recovery to protect on-prem following components must be created or set up on-prem.

Diagram showing the Azure Site Recovery architecture
  • Networking: A valid Azure virtual network is required for the replicated virtual machines to use.
  • Recovery Services vault: A vault in your Azure subscription stores the migrated VMs when a failover is run. The vault also contains the replication policy and the source and target locations for replication and failover.
  • Credentials: The credentials you use for Azure must have the Virtual Machine Contributor and Site Recovery Contributor roles to allow permission to modify both the VM and the storage that Site Recovery is connected to.
  • Configuration server: An on-premises VMware server fulfills several roles during the failover and replication process. It’s obtained from the Azure portal as an open virtual machine appliance (OVA) for easy deployment. The configuration server includes a:
    • Process server: This server acts as a gateway for the replication traffic. It caches, compresses, and encrypts the traffic before sending it over the WAN to Azure. The process server also installs the mobility service onto all the physical and virtual machines targeted for failover and replication.
    • Master target server: This machine handles the replication process during a failback from Azure.
Azure Site Recovery architecture

Test and monitor a failover

Test the configuration by doing a disaster recovery drill on an isolated VM. It’s a best practice to use an isolated network for the test so that live services aren’t disrupted


Add a testimonial from someone who loves your service. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin id arcu aliquet, elementum nisi quis, condimentum nibh. Donec hendrerit dui ut nisi tempor scelerisque.

Jane Doe

%d bloggers like this: