Set up the configuration server for disaster recovery of physical servers to Azure
This article describes how to set up your on-premises environment to start replicating physical servers running Windows or Linux into Azure.
Prerequisites
The article assumes that you already have:
- A Recovery Services vault in the Azure portal.
- A physical computer on which to install the configuration server.
- If you've disabled TLS 1.0 on the machine on which you're installing the configuration server, make sure that TLs 1.2 is enabled, and that the .NET Framework version 4.6 or later is installed on the machine (with strong cryptography enabled). Learn more.
Configuration server minimum requirements
The following table lists the minimum hardware, software, and network requirements for a configuration server.
Configuration and process server requirements
Hardware requirements
Component | Requirement |
---|---|
CPU cores | 8 |
RAM | 16 GB |
Number of disks | 3, including the OS disk, process server cache disk, and retention drive for failback |
Free disk space (process server cache) | 600 GB |
Free disk space (retention disk) | 600 GB |
Software requirements
Component | Requirement |
---|---|
Operating system | Windows Server 2012 R2 Windows Server 2016 Note: Windows Server 2019 is only supported for modernized architecture. As classic architecture is under deprecation, no new feature supports will be added to it. We suggest you use the modernized architecture. |
Operating system locale | English (en-*) |
Windows Server roles | Don't enable these roles: - Active Directory Domain Services - Internet Information Services - Hyper-V |
Group policies | Don't enable these group policies: - Prevent access to the command prompt. - Prevent access to registry editing tools. - Trust logic for file attachments. - Turn on Script Execution. Learn more |
IIS | - No pre-existing default website - No pre-existing website/application listening on port 443 - Enable anonymous authentication - Enable FastCGI setting |
FIPS (Federal Information Processing Standards) | Do not enable FIPS mode |
Network requirements
Component | Requirement |
---|---|
IP address type | Static |
Ports | 443 (Control channel orchestration) 9443 (Data transport) |
NIC type | VMXNET3 (if the configuration server is a VMware VM) |
Internet access (the server needs access to the following URLs, directly or via proxy): | |
*.backup.windowsazure.cn | Used for replicated data transfer and coordination |
*.blob.core.chinacloudapi.cn | Used to access storage account that stores replicated data. You can provide the specific URL of your cache storage account. |
*.hypervrecoverymanager.windowsazure.cn | Used for replication management operations and coordination |
https://login.chinacloudapi.cn | Used for replication management operations and coordination |
time.nist.gov | Used to check time synchronization between system and global time |
time.windows.com | Used to check time synchronization between system and global time |
|
OVF setup needs access to these additional URLs. They're used for access control and identity management by Microsoft Entra ID. |
https://dev.mysql.com/get/Downloads/MySQLInstaller/mysql-installer-community-5.7.20.0.msi | To complete MySQL download. In a few regions, the download might be redirected to the CDN URL. Ensure that the CDN URL is also approved, if necessary. |
Note
If you have private links connectivity to Site Recovery vault, you do not need any additional internet access for the Configuration Server. An exception to this is while setting up the CS machine using OVA template, you will need access to following URLs over and above private link access - https://www.live.com and https://www.microsoft.com. If you do not wish to allow access to these URLs, please set up the CS using Unified Installer.
Note
While setting up private endpoints to protect VMware and physical machines, you will need to install MySQL on the configuration server manually. Follow the steps here to perform the manual installation.
Required software
Component | Requirement |
---|---|
VMware vSphere PowerCLI | Not required for versions 9.14 and higher |
MYSQL | MySQL should be installed. You can install manually, or Site Recovery can install it. (Refer to configure settings for more information) |
Note
Upgrading MySQL on the configuration server is not supported.
Sizing and capacity requirements
The following table summarizes capacity requirements for the configuration server. If you're replicating multiple VMware VMs, review the capacity planning considerations and run the Azure Site Recovery Deployment Planner tool.
CPU | Memory | Cache disk | Data change rate | Replicated machines |
---|---|---|---|---|
8 vCPUs 2 sockets * 4 cores @ 2.5 GHz |
16 GB | 300 GB | 500 GB or less | < 100 machines |
12 vCPUs 2 socks * 6 cores @ 2.5 GHz |
18 GB | 600 GB | 500 GB-1 TB | 100 to 150 machines |
16 vCPUs 2 socks * 8 cores @ 2.5 GHz |
32 GB | 1 TB | 1-2 TB | 150 -200 machines |
Note
HTTPS-based proxy servers are not supported by the configuration server.
Choose your protection goals
In the Azure portal, go to the Recovery Services vaults blade and select your vault.
In the Resource menu of the vault, click Getting Started > Site Recovery > Step 1: Prepare Infrastructure > Protection goal.
In Protection goal, select To Azure and Not virtualized/Other, and then click OK.
Set up the source environment
In Prepare source, if you don't have a configuration server, click +Configuration server to add one.
In the Add Server blade, check that Configuration Server appears in Server type.
Download the Site Recovery Unified Setup installation file.
Download the vault registration key. You need the registration key when you run Unified Setup. The key is valid for five days after you generate it.
On the machine you're using as the configuration server, run Azure Site Recovery Unified Setup to install the configuration server, the process server, and the master target server.
Run Azure Site Recovery Unified Setup
Tip
Configuration server registration fails if the time on your computer's system clock is more than five minutes off of local time. Synchronize your system clock with a time server before starting the installation.
Run the Unified Setup installation file.
In Before You Begin, select Install the configuration server and process server.
In Third Party Software License, click I Accept to download and install MySQL.
In Registration, select the registration key you downloaded from the vault.
In Internet Settings, specify how the Provider running on the configuration server connects to Azure Site Recovery over the Internet. Make sure you've allowed the required URLs.
- If you want to connect with the proxy that's currently set up on the machine, select Connect to Azure Site Recovery using a proxy server.
- If you want the Provider to connect directly, select Connect directly to Azure Site Recovery without a proxy server.
- If the existing proxy requires authentication, or if you want to use a custom proxy for the Provider connection, select Connect with custom proxy settings, and specify the address, port, and credentials.
In Prerequisites Check, Setup runs a check to make sure that installation can run. If a warning appears about the Global time sync check, verify that the time on the system clock (Date and Time settings) is the same as the time zone.
In MySQL Configuration, create credentials for logging on to the MySQL server instance that is installed.
In Environment Details, select No if you're replicating Azure Stack VMs or physical servers.
In Install Location, select where you want to install the binaries and store the cache. The drive you select must have at least 5 GB of disk space available, but we recommend a cache drive with at least 600 GB of free space.
In Network Selection, first select the NIC that the in-built process server uses for discovery and push installation of mobility service on source machines, and then select the NIC that Configuration Server uses for connectivity with Azure. Port 9443 is the default port used for sending and receiving replication traffic, but you can modify this port number to suit your environment's requirements. In addition to the port 9443, we also open port 443, which is used by a web server to orchestrate replication operations. Do not use port 443 for sending or receiving replication traffic.
In Summary, review the information and click Install. When installation finishes, a passphrase is generated. You will need this when you enable replication, so copy it and keep it in a secure location.
After registration finishes, the server is displayed on the Settings > Servers blade in the vault.
Note
The configuration server can be installed via a command line. Learn more.
Common issues
Installation failures
Sample error message | Recommended action |
---|---|
ERROR Failed to load Accounts. Error: System.IO.IOException: Unable to read data from the transport connection when installing and registering the CS server. | Ensure that TLS 1.0 is enabled on the computer. |
Registration failures
Registration failures can be debugged by reviewing the logs in the %ProgramData%\ASRLogs folder.
Sample error message | Recommended action |
---|---|
09:20:06:InnerException.Type: SrsRestApiClientLib.AcsException,InnerException. Message: ACS50008: SAML token is invalid. Trace ID: 1921ea5b-4723-4be7-8087-a75d3f9e1072 Correlation ID: 62fea7e6-2197-4be4-a2c0-71ceb7aa2d97> Timestamp: 2016-12-12 14:50:08Z |
Ensure that the time on your system clock is not more than 15 minutes off the local time. Rerun the installer to complete the registration. |
09:35:27 :DRRegistrationException while trying to get all disaster recovery vault for the selected certificate: : Threw Exception.Type:Microsoft.DisasterRecovery.Registration.DRRegistrationException, Exception.Message: ACS50008: SAML token is invalid. Trace ID: e5ad1af1-2d39-4970-8eef-096e325c9950 Correlation ID: abe9deb8-3e64-464d-8375-36db9816427a Timestamp: 2016-05-19 01:35:39Z |
Ensure that the time on your system clock is not more than 15 minutes off the local time. Rerun the installer to complete the registration. |
06:28:45:Failed to create certificate 06:28:45:Setup cannot proceed. A certificate required to authenticate to Site Recovery cannot be created. Rerun Setup |
Ensure that you're running setup as a local administrator. |
Next steps
Next step involves setting up your target environment in Azure.