Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Azure ExpressRoute extends your on-premises networks into the Azure cloud over a private connection through a connectivity provider. By using ExpressRoute, you can connect to Azure cloud services.
This article describes how you can use Azure ExpressRoute with Azure Site Recovery for disaster recovery and migration.
ExpressRoute circuits
An ExpressRoute circuit represents a logical connection between your on-premises infrastructure and Azure cloud services through a connectivity provider. You can order multiple ExpressRoute circuits. Each circuit can be in the same or different regions and can connect to your premises through different connectivity providers. For more information, see ExpressRoute circuits.
An ExpressRoute circuit has multiple routing domains associated with it. For more information about and a comparison of ExpressRoute routing domains, see ExpressRoute circuit peerings.
On-premises to Azure replication with ExpressRoute
Azure Site Recovery enables disaster recovery and migration to Azure for on-premises Hyper-V virtual machines, VMware virtual machines, and physical servers. For all on-premises to Azure scenarios, replication data is sent to and stored in an Azure Storage account. During replication, you don't pay any virtual machine charges. When you run a failover to Azure, Site Recovery automatically creates Azure IaaS virtual machines.
Site Recovery replicates data to an Azure Storage account or replica Managed Disk in the target Azure region over a public endpoint. To use ExpressRoute for Site Recovery replication traffic, you can utilize Azure peering. Note that replication is supported over private peering only when private ends points are enabled for the vault.
Ensure that the Networking Requirements for Configuration Server are also met. Configuration Server requires connectivity to specific URLs for orchestration of Site Recovery replication. You can't use ExpressRoute for this connectivity.
If you use a proxy at on-premises and want to use ExpressRoute for replication traffic, you need to configure the Proxy bypass list on the Configuration Server and Process Servers. Follow the steps in the following section:
- Download PsExec tool from here to access System user context.
- Open Internet Explorer in system user context by running the following command line psexec -s -i "%programfiles%\Internet Explorer\iexplore.exe"
- Add proxy settings in Internet Explorer
- In the bypass list, add the Azure storage URL
*.blob.core.chinacloudapi.cn
This configuration ensures that only replication traffic flows through ExpressRoute while the communication can go through proxy.
After virtual machines or servers fail over to an Azure virtual network, you can access them by using private peering.
The combined scenario is represented in the following diagram:
Azure to Azure replication with ExpressRoute
Azure Site Recovery enables disaster recovery of Azure virtual machines. Depending on whether your Azure virtual machines use Azure Managed Disks, replication data is sent to an Azure Storage account or replica Managed Disk on the target Azure region. Although the replication endpoints are public, replication traffic for Azure VM replication, by default, doesn't traverse the Internet, regardless of which Azure region the source virtual network exists in. You can override Azure's default system route for the 0.0.0.0/0 address prefix with a custom route and divert VM traffic to an on-premises network virtual appliance (NVA), but this configuration isn't recommended for Site Recovery replication. If you're using custom routes, you should create a virtual network service endpoint in your virtual network for "Storage" so that the replication traffic doesn't leave the Azure boundary.
For Azure VM disaster recovery, by default, ExpressRoute isn't required for replication. After virtual machines fail over to the target Azure region, you can access them by using private peering. Data transfer prices apply irrespective of the mode of data replication across Azure regions.
If you already use ExpressRoute to connect from your on-premises datacenter to the Azure VMs on the source region, you can plan for re-establishing ExpressRoute connectivity at the failover target region. You can use the same ExpressRoute circuit to connect to the target region through a new virtual network connection or utilize a separate ExpressRoute circuit and connection for disaster recovery. The different possible scenarios are described here.
You can replicate Azure virtual machines to any Azure region within the same geographic cluster as detailed here. If the chosen target Azure region isn't within the same geopolitical region as the source, you might need to enable ExpressRoute Premium. For more details, check ExpressRoute locations and ExpressRoute pricing.
Next steps
- Learn more about ExpressRoute circuits.
- Learn more about ExpressRoute routing domains.
- Learn more about ExpressRoute locations.
- Learn more about disaster recovery of Azure virtual machines with ExpressRoute.