Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article describes the deprecation details and the remediation action that you need to take if you're using the Azure Site Recovery data encryption feature while configuring disaster recovery of Hyper-V virtual machines (VMs) to Azure.
Deprecation information
The Site Recovery data encryption feature was available for customers who wanted to protect replicated data for Hyper-V VMs against security threats. Microsoft deprecated this feature on April 30, 2022. It replaced by the encryption at rest feature, which uses service-side encryption (SSE).
By using SSE, data is encrypted before persisting to storage and decrypted on retrieval. Upon failover to Azure, your VMs run from the encrypted storage accounts to help improve recovery time objective (RTO).
If you're an existing customer who's using this feature, you should receive communications with the deprecation details and remediation steps.
What are the implications?
As of April 30, 2022, any VMs that use the retired encryption feature can't perform failover.
Required action
To continue successful failover operations and replications, follow these steps for each VM:
- Disable replication.
- Create a new replication policy.
- Enable replication and select a storage account with SSE enabled.
After you complete the initial replication to storage accounts with SSE enabled, your VMs use encryption at rest with Azure Site Recovery.
Next steps
Plan for performing the remediation steps, and execute them as soon as possible. If you have any questions about this deprecation, contact Azure Support. To read more about the scenario of Hyper-V replication to Azure, see this article.