This document demonstrates how to leverage Azure Site Recovery service (ASR) for migrating a VMware virtual machine (VM) to Azure cloud. The solution presented in this document is designed to provide a simple understanding of conducting a data migration to Azure from an on-premises VMware environment with Pure Storage.
Note that the failback process documentation is in progress.
The solution leverages two workflows. First, ASR for the replication and converting of the whole VM to Azure including the VM’s boot volume. Second, Pure Storage array-based replication for replicating the data volumes. Data volume replication requires the VMs volume to be in a vVol or RDM datastore and it can be performed from an on-premises FlashArray to Pure Cloud Block Store (CBS) on Azure, the replicated data volume can be presented to the newly created Azure VM via in-guest iSCSi.
This document can fit into many use case scenarios, including disaster recovery (DR), lift-and-shift migration, and Dev/Test.
Pure Cloud Block Store on Azure along with Azure Site Recovery provides a simple and cost-effective replication approach for Pure Customers with an on-premises FlashArray and VMware environment. This approach offers a unique hybrid-cloud environment for the data to be mobile and live anywhere.
The simplicity and the cost-effectiveness of this solution comes from combining both CBS array-based replication which reduces the total bandwidth preserving dedupe and compression on the wire, and ASR advanced near-constant block data replication and failover and failback functionality
For this solution, both Azure ASR and Pure CBS will be configured to continuously replicate the on-premises VMs to Azure. This offers the ability to failover to a newly provisioned Azure VM instance on-demand and failback accordingly. Azure ASR first replicates the boot disk/volume to reside on Azure storage account. Once the initial sync is complete, ASR handles the instantiation of the instance (Azure VM) and attaches the boot volume to it. Within the same process, ASR works on excluding the data volumes prior to the replication being initiated. Those data volumes are replicated using the built-in Pure replication between FlashArray and CBS, and can be mounted using in-guest iSCSi to the created instance.
Deployment of Cloud Block Store on Azure.
Cloud Block Store can be deployed from the Azure portal via Azure Marketplace. See Cloud Block Store Deployment and Configuration Guide or it can be deployed using Terraform. See Using Terraform to deploy Cloud Block Store.
Async replication connection established from on-premises FlashArray to Cloud Block Store.
VM volumes contained on a vVol datastore or on raw device mapping (RDM) disks and backed by on-premises FlashArray. If VMFS datastores are in use, please convert them to vVols, Check the example in Appendix A.
Verify Azure account permissions
Verify Azure account has the below permissions:
- Create a VM in the selected resource group.
- Create a VM in the selected virtual network.
- Write to an Azure storage account.
- Write to an Azure managed disk.
To assign those permissions, contact the Azure administrator of your Azure subscription and add two role assignments: (1)Virtual machine Contributor built-in role, and (2) Site Recovery Contributor built-in role. For more details on how to assign roles in Azure, refer to Assign Azure roles using the Azure portal.
Create an Azure Storage account
- Search for Storage Account and select +Create.
- Under Basics tab, select the resource group and the region. No additional settings are required, leave the rest to default and click Review + create.
Create an Azure Recovery Service vault
Search for Recovery Service Vault and select +Create.
Create an Azure VNet and Subnet
(If a VNet and subnet are already existed and have enough IP addresses for the replicated VM, move to the next Section )
- Search for Virtual Network and click +Create. In Basics tab select the Subscription, Resource group, and insert Name for the VNet. For Region, select the same region in which the Recovery Service vault was created.
- In IP Address, enter the address range in CIDR block notation, then click + Add subnet and enter name and subnet address range.
- In Security tab, leave the settings as default. In Tags, enter tags (optional) and Review + create.
Note: NAT Gateway and Service Endpoint are not used in this setup. If a customer wants to leverage NAT Gateway to provide internet connectivity, see Create and validate NAT Gateway.
Deploy and configure ASR configuration server
In Azure portal, navigate to the created recovery service vault and configure Site Recovery by selecting +Enable Site Recovery from Overview tab.
Under VMware machine to Azure, select Prepare Infrastructure.
In Deployment Planning select Yes, if planning has been done. Microsoft provides a PowerShell tool to assess and estimate the replication requirements. See Azure Site Recovery Deployment Planner for VMware to Azure for further information.
- In Source settings, click on Add configuration Server, then click on Download from the left side panel. This downloads the latest release of Configuration Server in an OVA template format.
- The latest version of the configuration server template can be directly downloaded from the Microsoft Download Center.
- The license provided with the template is an evaluation standard license and it is valid for 180 days.
- Log in to vCenter and select the cluster or host where the downloaded OVA template is planned to be deployed. Please refer to Deploy Configuration Server and check the hardware requirements needed.
There are limitations in uploading large OVA files (The Configuration server template OVA size is 21 GB). Based on VMware KB, VMware recommends extracting the OVA file. Then you can provide the deployment wizard with the OVF and VMDKs as separate files.
- Access the VM interface by using the web console or VMware remote console.
- Navigate through the installation wizard and configuring the server name and network. The wizard then runs a connectivity check and asks for Azure Account. Once authenticated it requires a reboot and takes 15 - 20 minutes to Boot up again.
- After a successful reboot, the configuration server is ready to be configured, access the server with one of the following:
- Directly, by using the VM console, sign in and launch the Azure Site Recovery Configuration manager from the desktop shortcut.
- Remotely, by HTTPS using any browser and sign in with the same administrator credentials
- A number of steps to complete configuring the Configuration server. First, set up network connectivity, an Internet connection is required as the configuration server will be responsible for sending the VM data to Azure.
- Next, the wizard requires signing in to Azure, in order to select the recovery service vault.
Note: Network settings and Recovery Service vault selection can not be changed once this wizard is completed and the configuration server is registered.
- Accept the license agreement and install MySQL server.
- Validate the configuration server setup has met all the prerequisites.
- Add vCenter or ESXi server, this helps in discovering VM, or choose the option where VM can be manually selected using their IP address.
- For this step manage virtual machine credentials, select the checkbox. The installation of the mobility service agent will be done manually for each VM to be replicated. The manual installation of the mobility service before starting replication of virtual machine is a must in order to exclude the data disks/volumes, and select only the boot volume to be replicated via Azure site recovery.
- The configuration server is configured and ready for replicating VM instances.
Prepare the Source VM
For each VM planned to be replicated, perform the below:
- Open Remote Access ports and enable services, ex, RDP, SSH.
- Install VMware Tools.
- For Windows VM, configure the SAN policy as Online All. Use the diskpart.exe utility and execute this command
san policy=onlineall. This will prevent the auto-assignment and preserve the source disk letters after the replication/ failover to Azure VM.
- For Linux Machine, make sure the kernel version is supported, refer to the Azure Site Recovery support matrix.
- Disable VM UEFI Secure Boot from the Virtual machine settings.
- Install Mobility service agent
- Locate installer files on the Configuration server, refer to Microsoft Docs here.
- Move installer to the VM selected to be replicated, extract and execute the installer.
- After installed, the agent has to be connected to the Configuration Server (CS), three Fields needed here: CS IP address (This is the one configured in the previous section ), Passphrase (Refer to Generate configuration server passphrase), and Port (443).
- If Antivirus Software is Active, exclude the ASR agent Folder, check here for detailed steps.
Finish Prepare Infrastructure
1. Click on the created Azure Recovery Vault and click Prepare Infrastructure. If the previous steps are done successfully, the Source settings should be filled in automatically.
2. In Target Settings, select the Azure subscription and the deployment model for the post-failover environment.
3. Create and associate a replication policy. The policy can be modified as required after creation.
1. Go back to the create vault and select Enable replication from Site Recovery tab.
2. Select the source configuration.
3. In Target environment, select the subscription and resource group and network (VNet and subnet) in which the replicated data will failover to.
4. Select the Virtual machine(s) from the discovered list. If VM(s) can not be selected (grayed out), the reason would appear when you hover on the exclamation mark. The most common reasons are: 1. VMware tools are not installed, 2. Vm is not powered up, 3. No IP address associated to the VM.
If VM(s) are not available in the list, see the troubleshooting steps in Troubleshoot source machines that aren't available for replication.
5. In Replication settings, there are four sections to be filled:
a. User account credentials. This can be added from the configuration server and it is sued to push the installation of the mobility service agent. However, in our scenario, the mobility service has been manually installed in order to particularly include the Boot volume and exclude the rest.
b. Managed disk type. Three options to choose from Standard HDD, Standard SSD, and Premium SSD.
c. Cache storage account. Select the storage account created in Preparing Azure section.
d. Target name. This is the VM name after failover.
6. Assign the replication policy created before and review and Enable replication. To check the replication job navigate to Replication Items.
1. Once the initial replica is completed. The replication Item is cleared to be tested or failed over. it is recommended to test the replication before cutting it over and complete the migration.
2. The Azure VM size can be changed from Compute and Network tab, and then click Edit.
3. In case of failover action to be performed. a list of recent recovery points (crush consistent and application-consistent) to choose from. Also, there is an option to shutdown the source machine.
Note: the frequency of the recovery points can be always configured/changed by associating a new replication policy or modifying an existed one.
4. To verify the failover, navigate to Virtual Machine and select the VM name, scroll down and select Boot diagnostics tab, click refresh to get a live screenshot from the OS.
5. If the failover is successful and VM is healthy. Commit can be initiated to persist the failover and stop the protection/replication. Alternatively, a Complete Migration can be done. However, the VM can not be failed back to the VMware environment at that point.
Configuring Cloud Block Store
Connect and configure replication from on-premises FlashArray
Access Cloud Block Store and get the connection key as shown in the below.
Access on-premises FlashArray and establish the connection with Cloud Block Store by clicking on the plus icon, and fill the following
Management Address: this is the Cloud Block Store floating IP address used to access the GUI.
Type: Async Replication
Connection Key: The key obtained in the previous step.
Replication Address: This is auto discovered unless NAT is used. (In order to get the replication address use the CBS GUI and go to Settings > Network).
Create a protection group for replication to Cloud Block Store.
- Click on the created protection group and enable and edit replication schedule.
For more detail information on protection group replication interval and retention schedule. See FlashArray Asynchronous Replication Configuration and Best Practices Guide.
- Click on the shown ellipsis to add target to the protection group. The target for this should be Cloud Block Store connected in the previous steps.
Import the protection group created using the Pure Storage plugin in vCenter.
- From VM and Templates, Right click on the VM(s) to be replicated to CBS and click on Edit VM Storage Polices.
In this step, enable Configure per disk and assign the replication policy to the data disks/volumes (No need to select the OS disk since it has been already replicated using Azure Site Recovery in the previous sections).
Once protection group snapshots are replicated to CBS, copy the replicated snapshot out to a volume.
Create a host on CBS and configure it with the IQN collected from new Azure VM instance once the cutover is complete.
Attach the VM volumes to the newly created host.
See Creating Hosts in the deployment and configuration guide for detailed examples on how to create and attach a volume to a host.
Connect and configure Azure VM with Cloud Block Store
1. Access the replicated Virtual machine via RDP/SSH or configure Azure Bastion.
2. Install iSCSI and Multipath required packages on the host and perform iSCSi login and MPIO configuration.
3. Perform iSCSI rescan to find newly presented volumes.
4. Mount volumes and bring up the application.
For detailed steps on how to configure and connect Azure VM to CBS volumes, please refer to this section (Mounting a volume) in the deployment and configuration guide.
Convert Data from a VMFS Datastore to a VVol Datastore
Before data can be migrated from a VMFS Datastore to a vVol Datastore, it is recommended that the FlashArray plugin be installed in vCenter, in order to simplify vVol administration.
The following document goes through the steps to install the FlashArray plugin in vCenter, and to register the FlashArray VASA provider with vCenter:
When the steps in the document at the above link are followed to install the FlashArray plugin in vCenter, and to register the VASA provider with vCenter, a Protocol Endpoint called pure-protocol-endpoint is automatically created on the FlashArray.
To verify the existence of the protocol endpoint, select the ESXi host in vCenter, and go to Protocol Endpoints under Configure. The Protocol Endpoint should be visible, as shown below:
If the Protocol Endpoint doesn't exist, contact Pure Storage Support for troubleshooting help.
After the steps above have been completed, a vVol Datastore should be created.
Creating a VVol Datastore
The next step is to create a vVol Datastore. This can be done using the following steps. Right-click on the host or the host cluster, and select New Datastore under Storage:
Select the VVol option for the datastore type:
Specify a name for the new vVol Datastore; select the vVol container for the FlashArray; and click Next: In this example, we are creating a vVol Datastore called Vvol-TMEFA07-DS:
Select the host or host cluster that will have access to the vVol Datastore:
Review the summary, and click Finish to create the datastore:
View the list of datastores for the ESXi host to verify that the newly created vVol Datastore called Vvol-TMEFA07-DS has been created:
Migrating the VM to the VVol Datastore
After the vVol Datastore has been created, the next step is to migrate the storage for the SQLSrv-2019 VM to the vVol Datastore called Vvol-TMEFA07-DS. Right click on the VM SQLSrv-2019 and select the Migrate option:
Select the Change Storage option. The option to change both compute and storage can also be used, if desired:
Select the vVol Datastore called Vvol-TMEFA07-DS as the storage destination, and click Next:
Review the summary and click Finish to migrate the storage for the SQLSrv-2019 VM to the Vvol-TMEFA07-DS Datastore:
When the migration is complete, verify that the datastore for the VM SQLSrv-2019 is now the vVol Datastore Vvol-TMEFA07-DS as shown below:
After the datastore for the VM SQLSrv-2019 has been migrated from VMFS to the vVol Datastore, the VM can be replicated to a CBS instance in AWS.