Azure Site Recovery: The Basics and a Quick Tutorial

What Is Azure Site Recovery?

Azure Site Recovery (ASR) is a service provided by Microsoft Azure to ensure business continuity by keeping applications and workloads running during outages. ASR replicates workloads running on physical and virtual machines (VMs) from a primary site to a secondary location. This enables rapid recovery in the event of a site outage at the primary location by switching over to the replicated site.

The service offers flexibility in replication and does not restrict users to the Azure cloud; it supports replication to another on-premises location, or from one Azure region to another. This allows organizations to implement disaster recovery strategies that align with their requirements for recovery time objectives (RTO) and recovery point objectives (RPO).

This is part of a series of articles about Azure disaster recovery.

In this article:

• What Is Azure Site Recovery?
• How Azure Site Recovery Works
• 12 Key Features of Azure Site Recovery
• Azure Site Recovery Pricing
• Azure Site Recovery vs Azure Backup: What Is the Difference?
• Tutorial: Setup Azure-to-Azure Disaster Recovery with ASR

How Azure Site Recovery Works 

Azure Site Recovery helps organizations ensure business continuity by replicating workloads from a primary site to a secondary location, enabling rapid failover and recovery in the event of a disaster. Here’s an in-depth look at how ASR operates:

1. Initial setup and configuration: To begin, organizations must set up a Recovery Services vault in Azure. This vault acts as a central repository for replication policies, storage, and the management of replicated data. Users need appropriate permissions, such as the Virtual Machine Contributor and Site Recovery Contributor roles, to configure and manage replication.
2. Replication process: ASR starts by installing a replication agent on the source machines, which can be either on-premises or Azure VMs. The initial replication involves copying the entire dataset of the source machines to the target site, which could be another Azure region or an on-premises location. This process is followed by continuous replication of changes, ensuring data is consistently updated.
3. Data transmission and storage: During replication, data is compressed and encrypted for secure transmission over the network. ASR uses Azure Storage for storing the replicated data, leveraging its resilience and durability features to ensure data integrity. For on-premises to Azure replication, a configuration server and process server handle data traffic, caching, and encryption.
4. Failover and failback mechanisms: ASR supports various failover types, including planned failovers for maintenance and unplanned failovers during actual disasters. A planned failover ensures no data loss by synchronizing all changes before the switchover. Unplanned failovers minimize data loss by using the latest available recovery points. After resolving the primary site issues, ASR facilitates failback, replicating data back to the primary location to restore normal operations.
5. Testing and monitoring: To ensure disaster recovery plans work as expected, ASR allows organizations to perform non-disruptive tests. These tests simulate failovers in an isolated environment, validating the recovery process without affecting live services. The Azure portal provides real-time monitoring and status updates, highlighting the health and any issues in the replication process.

Related content: Learn how to create an Azure disaster recovery plan

12 Key Features of Azure Site Recovery 

ASR equips organizations with a set of features that help ensure business continuity and disaster recovery across various environments. Here’s a breakdown of what ASR provides:

1. Azure VM replication: Enables disaster recovery of Azure VMs across primary and secondary regions or between Azure Public Multi-Access Edge Compute (MEC) zones.
2. VMware VM replication: Supports replication of VMware VMs to Azure through an enhanced replication appliance, improving security and resilience.
3. On-premises VM replication: Supports replication of on-premises VMs and physical servers to Azure, eliminating the need for a secondary datacenter while ensuring cost efficiency.
4. Workload replication: Allows for the replication of any workload running on supported Azure VMs, on-premises Hyper-V and VMware VMs, as well as Windows/Linux physical servers.
5. Data resilience: Orchestrates replication without intercepting application data. In case of failover, Azure creates VMs based on replicated data stored in resilient Azure storage. This applies to both MEC-to-Azure region scenarios and within MEC zones (currently in preview).
6. RTO and RPO targets: Aims to meet organizational limits for recovery time objectives and recovery point objectives, offering continuous replication for VMware and Azure VMs with low latency.
7. Consistency over failover: Supports application-consistent snapshots that capture all disk data, in-memory data, and ongoing transactions for reliable recovery.
8. Testing without disruption: Enables DR drills without impacting ongoing replication efforts, ensuring preparedness without downtime.
9. Flexible failovers: Supports planned failovers for anticipated outages with no data loss or unplanned failovers with minimal data loss depending on the scenario. Enables easy failback once the primary site is restored.
10. Customized recovery plans: Offers tailored recovery plans that sequence multi-tier applications’ failover/recovery processes running on multiple VMs. Includes options for adding scripts/manual actions integrated with Azure Automation runbooks.
11. BCDR integration and automation integration: Integrates with other BCDR technologies like SQL Server Always On for backend protection. Also offers a library of Azure Automation scripts tailored to specific applications.
12. Network integration and shared disk feature (preview): Ensures efficient network management through integration with Azure services like IP address reservation, load-balancers configuration, alongside support for shared disks enabling WSFC workloads continuity during disasters.

Tips from the Expert

Adam Bertram

Adam Bertram is a 20-year veteran of IT. He’s an automation engineer, blogger, consultant, freelance writer, Pluralsight course author and content marketing advisor to multiple technology companies. Adam focuses on DevOps, system management, and automation technologies as well as various cloud platforms. He is a Microsoft Cloud and Datacenter Management MVP who absorbs knowledge from the IT field and explains it in an easy-to-understand fashion. Catch up on Adam’s articles at adamtheautomator.com, connect on LinkedIn or follow him on X at @adbertram.

Linkedin

• Leverage storage tiers to optimize replication costs: Utilize Azure’s storage tiers (Hot, Cool, and Archive) strategically within ASR. For example, use Cool Storage for less frequently accessed VMs to optimize storage costs while maintaining disaster recovery capabilities.
• Prioritize workloads with Recovery Plans: Create detailed Recovery Plans that sequence the failover of critical VMs and services first. This prioritization ensures that the most important applications are available as quickly as possible during a disaster.
• Test failover in an isolated environment regularly: Regularly conduct non-disruptive failover tests in an isolated environment. These drills help validate your disaster recovery plans without affecting live services and ensure that your recovery processes work as intended.
• Utilize tag-based automation for replication: Automate the replication of VMs based on tags, such as “Production” or “Critical.” This allows you to automatically apply ASR replication settings to any new VMs that match specific tags, ensuring they are protected without manual intervention.
• Integrate with multi-cloud strategies for enhanced resilience: Extend your disaster recovery strategy by integrating ASR with cross-cloud capabilities using tools like N2WS. This provides additional resilience by enabling recovery across different cloud environments, protecting against cloud-specific failures.

Azure Site Recovery Pricing 

Azure Site Recovery service charges are based on the number of instances protected:

• In the first 31 days, all instances receive free protection. 
• After the initial free period:
  • ASR to customer-owned sites costs $16 per month for each instance protected. 
  • For ASR to Azure, the rate is $25 per month per instance protected. 
• Replication: The same pricing structure applies to replication between Azure regions.

To illustrate, if an organization protects 10 instances for half a month and then reduces this number to 5 instances for the remaining half, the average daily protected instances count would be 7.5 for that month. If the organization protects these instances using ASR to Azure after the free period, the cost would be approximately $187.50 monthly (7.5 instances at $25 each).

Azure Site Recovery vs Azure Backup: What Is the Difference? 

Azure Site Recovery is intended for maintaining business continuity, enabling organizations to replicate and failover virtual machines and workloads to a secondary location, ensuring minimal downtime in case of site outages. It focuses on ensuring operational availability through continuous replication and automated failover processes.

Azure Backup provides a secure, cloud-based solution for protecting data against loss and corruption. It supports a range of backup scenarios including files, folders, VMs, and applications with configurable retention policies for long-term data preservation. 

While ASR ensures that operations can swiftly resume after an incident, Azure Backup protects data integrity by allowing recovery from specific points in time. 

Tutorial: Setup Azure-to-Azure Disaster Recovery with ASR 

This tutorial shows how to perform Azure-to-Azure disaster recovery. It is adapted from the official Azure Site Recovery documentation.

Prerequisites

Before starting the setup for disaster recovery using Azure Site Recovery (ASR), ensure the following prerequisites are met:

1. Supported regions: Verify that the regions involved in the disaster recovery plan are supported by ASR.
2. Azure VMs: Ensure you have one or more Azure VMs, and check that both Windows and Linux VMs are supported for replication.
3. Compute, storage, and networking requirements: Review and confirm the VM compute, storage, and networking specifications.
4. VM encryption: This tutorial assumes VMs are not encrypted. For encrypted VMs, refer to specific guidelines provided in Azure documentation.

Ensure the Right Azure Settings

Check the permissions and settings in the target region where the VMs will be replicated:

1. Ensure your Azure account has the necessary permissions to create a Recovery Services vault and VMs in the target region.
2. If you are the account admin, no additional actions are needed. Otherwise, coordinate with the admin to obtain the required permissions.
3. Specific roles needed include Application Owner and Application Developer for enabling replication, and Site Recovery Contributor for managing operations.
4. Confirm that your subscription has sufficient resources in the target region to create VMs that match the sizes of the source region VMs. 

Prepare VMs 

To ensure the VMs are properly prepared for the replication process:

1. VMs should have outbound network connectivity to communicate with Azure services and write data to the cache storage account.
2. Set the network configuration to allow access to necessary URLs if using a URL-based firewall proxy.
3. Create service-tag based NSG rules to allow HTTPS outbound traffic on port 443 for essential service tags like Storage, Microsoft Entra ID, EventsHub, AzureSiteRecovery, and GuestAndHybridManagement.
4. Ensure the VM can communicate with the Azure Instance Metadata Service (IMDS) for security purposes, bypassing IP 169.254.169.254 if using proxies.
5. Provide the necessary root certificates:
   • For Windows VMs: Install the latest Windows updates to ensure all trusted root certificates are present.
   • For Linux VMs: Follow your Linux distributor’s guidance to update trusted root certificates and the certificate revocation list (CRL).

Create an Azure Recovery Services Vault

To set up a vault in ASR:

1. Access the Azure portal and search for Recovery Services vaults.
2. Click on Add to start the process of creating a vault.
3. Select the subscription, resource group, and provide a name for the vault.
4. Choose the region for the vault, ensuring it is different from the source region.
5. Review and create the vault, then pin it to the dashboard for easy access.
6. Once the vault is created, navigate to the vault settings and enable Site Recovery.

Enable VM Replication 

To configure the replication settings for the VMs:

1. In the Site Recovery page, go to Azure virtual machines and choose Enable replication.
2. Specify the source region, subscription, and resource group containing the VMs to be replicated.
3. Keep the default Resource Manager setting for the VM deployment model.
4. Choose the VMs you wish to replicate, up to a maximum of 10 VMs.
5. Review the replication settings. Default settings are typically sufficient for most scenarios.
6. Optionally, choose the High Churn setting for VMs with high data change rates, which uses Premium Block Blob storage.
7. To manage settings, define the replication policy, including recovery point retention and snapshot frequency.
8. Create a replication group if needed for multi-VM consistency.
9. Review the settings and enable replication. The selected VMs will appear in the Replicated items page of the vault.

Disaster Recovery for Azure VMs with N2WS

N2WS provides robust disaster recovery solutions for Azure virtual machines (VMs) and disks, ensuring minimal downtime and data protection. It offers a comprehensive, centralized console for managing backup and recovery operations across both Azure and AWS environments. 

N2WS provides the following key capabilities for Azure users:

• Quick setup and central monitoring: Deployment of N2WS is straightforward, allowing users to set up from the Azure Marketplace within minutes. This ease of deployment is complemented by a centralized monitoring system for overseeing backup operations across different cloud environments.
• Customizable backup policies and rapid recovery: N2WS allows for the automation of backups with customizable policies and retention schedules. This flexibility enables users to set backup intervals as frequently as every 60 seconds, ensuring that data is consistently protected. In case of a disaster, N2WS facilitates near-instant, one-click recovery, significantly reducing recovery time objectives (RTO).
• Real-time alerts and comprehensive reporting: N2WS includes real-time alert features that notify users about the status of their Azure backups. Additionally, the platform offers detailed, digestible reports that can be shared with executives and other stakeholders.
• File-level recovery and cross-cloud restore: N2WS supports file-level recovery, allowing users to browse through multiple backup generations and restore individual files or folders as needed. The platform also offers cross-cloud restore capabilities, enabling data to be copied from AWS into Azure. This feature ensures a comprehensive disaster recovery plan that can protect data across different cloud environments.
• Multi-cloud flexibility and efficiency: Version 4.0 of N2WS brings enhanced multi-cloud flexibility, allowing users to manage Azure and AWS resources seamlessly. This centralization reduces the complexity associated with using multiple tools for different clouds, streamlining backup management and improving overall efficiency.
• Recovery Scenarios: With N2WS, you can run disaster recovery drills and send reports to team leaders automatically. You can also orchestrate a complete failover, restoring any number of resources in the order you’ve specified, in just a few clicks.

Learn more about N2WS for Azure backup and disaster recovery