Set up the configuration server for disaster recovery of physical servers to Azure

This article describes how to set up your on-premises environment to start replicating physical servers running Windows or Linux into Azure.

Prerequisites

The article assumes that you already have:

  • A Recovery Services vault in the Azure portal.
  • A physical computer on which to install the configuration server.
  • If you've disabled TLS 1.0 on the machine on which you're installing the configuration server, make sure that TLs 1.2 is enabled, and that the .NET Framework version 4.6 or later is installed on the machine (with strong cryptography enabled). Learn more.

Configuration server minimum requirements

The following table lists the minimum hardware, software, and network requirements for a configuration server.

Configuration and process server requirements

Hardware requirements

Component Requirement
CPU cores 8
RAM 16 GB
Number of disks 3, including the OS disk, process server cache disk, and retention drive for failback
Free disk space (process server cache) 600 GB
Free disk space (retention disk) 600 GB

Software requirements

Component Requirement
Operating system Windows Server 2012 R2
Windows Server 2016
Operating system locale English (en-*)
Windows Server roles Don't enable these roles:
- Active Directory Domain Services
- Internet Information Services
- Hyper-V
Group policies Don't enable these group policies:
- Prevent access to the command prompt.
- Prevent access to registry editing tools.
- Trust logic for file attachments.
- Turn on Script Execution.
Learn more
IIS - No pre-existing default website
- No pre-existing website/application listening on port 443
- Enable anonymous authentication
- Enable FastCGI setting
FIPS (Federal Information Processing Standards) Do not enable FIPS mode

Network requirements

Component Requirement
IP address type Static
Ports 443 (Control channel orchestration)
9443 (Data transport)
NIC type VMXNET3 (if the configuration server is a VMware VM)
Internet access (the server needs access to the following URLs, directly or via proxy):
*.backup.windowsazure.cn Used for replicated data transfer and coordination
*.blob.core.chinacloudapi.cn Used to access storage account that stores replicated data. You can provide the specific URL of your cache storage account.
*.hypervrecoverymanager.windowsazure.cn Used for replication management operations and coordination
https://login.chinacloudapi.cn Used for replication management operations and coordination
time.nist.gov Used to check time synchronization between system and global time
time.windows.com Used to check time synchronization between system and global time
  • https://management.chinacloudapi.cn
  • https://secure.aadcdn.microsoftonline-p.com
  • https://login.live.com
  • https://microsoftgraph.chinacloudapi.cn
  • https://login.chinacloudapi.cn
  • *.services.visualstudio.com (Optional)
  • https://www.live.com
  • https://www.microsoft.com
OVF setup needs access to these additional URLs. They're used for access control and identity management by Azure Active Directory.
https://dev.mysql.com/get/Downloads/MySQLInstaller/mysql-installer-community-5.7.20.0.msi To complete MySQL download.
In a few regions, the download might be redirected to the CDN URL. Ensure that the CDN URL is also approved, if necessary.

Note

If you have private links connectivity to Site Recovery vault, you do not need any additional internet access for the Configuration Server. An exception to this is while setting up the CS machine using OVA template, you will need access to following URLs over and above private link access - https://management.chinacloudapi.cn, https://www.live.com and https://www.microsoft.com. If you do not wish to allow access to these URLs, please set up the CS using Unified Installer.

Note

While setting up private endpoints to protect VMware and physical machines, you will need to install MySQL on the configuration server manually. Follow the steps here to perform the manual installation.

Required software

Component Requirement
VMware vSphere PowerCLI Not required for versions 9.14 and higher
MYSQL MySQL should be installed. You can install manually, or Site Recovery can install it. (Refer to configure settings for more information)

Note

Upgrading MySQL on the configuration server is not supported.

Sizing and capacity requirements

The following table summarizes capacity requirements for the configuration server. If you're replicating multiple VMware VMs, review the capacity planning considerations and run the Azure Site Recovery Deployment Planner tool.

CPU Memory Cache disk Data change rate Replicated machines
8 vCPUs

2 sockets * 4 cores @ 2.5 GHz
16 GB 300 GB 500 GB or less < 100 machines
12 vCPUs

2 socks * 6 cores @ 2.5 GHz
18 GB 600 GB 500 GB-1 TB 100 to 150 machines
16 vCPUs

2 socks * 8 cores @ 2.5 GHz
32 GB 1 TB 1-2 TB 150 -200 machines

Note

HTTPS-based proxy servers are not supported by the configuration server.

Choose your protection goals

  1. In the Azure portal, go to the Recovery Services vaults blade and select your vault.

  2. In the Resource menu of the vault, click Getting Started > Site Recovery > Step 1: Prepare Infrastructure > Protection goal.

    Screenshot that shows where to select the protection goal.

  3. In Protection goal, select To Azure and Not virtualized/Other, and then click OK.

    Choose goals

Set up the source environment

  1. In Prepare source, if you don't have a configuration server, click +Configuration server to add one.

    Screenshot that shows how to select the configuration server.

  2. In the Add Server blade, check that Configuration Server appears in Server type.

  3. Download the Site Recovery Unified Setup installation file.

  4. Download the vault registration key. You need the registration key when you run Unified Setup. The key is valid for five days after you generate it.

    Set up source

  5. On the machine you're using as the configuration server, run Azure Site Recovery Unified Setup to install the configuration server, the process server, and the master target server.

Run Azure Site Recovery Unified Setup

Tip

Configuration server registration fails if the time on your computer's system clock is more than five minutes off of local time. Synchronize your system clock with a time server before starting the installation.

  1. Run the Unified Setup installation file.

  2. In Before You Begin, select Install the configuration server and process server.

    Screenshot of the Before You Begin screen in Unified Setup.

  3. In Third Party Software License, click I Accept to download and install MySQL.

    Screenshot of the Third Party Software License screen in Unified Setup.

  4. In Registration, select the registration key you downloaded from the vault.

    Screenshot of the Registration screen in Unified Setup.

  5. In Internet Settings, specify how the Provider running on the configuration server connects to Azure Site Recovery over the Internet. Make sure you've allowed the required URLs.

    • If you want to connect with the proxy that's currently set up on the machine, select Connect to Azure Site Recovery using a proxy server.
    • If you want the Provider to connect directly, select Connect directly to Azure Site Recovery without a proxy server.
    • If the existing proxy requires authentication, or if you want to use a custom proxy for the Provider connection, select Connect with custom proxy settings, and specify the address, port, and credentials. Screenshot of the Internet Settings screen in Unified Setup.
  6. In Prerequisites Check, Setup runs a check to make sure that installation can run. If a warning appears about the Global time sync check, verify that the time on the system clock (Date and Time settings) is the same as the time zone.

    Screenshot of the Prerequisites Check screen in Unified Setup.

  7. In MySQL Configuration, create credentials for logging on to the MySQL server instance that is installed.

    Screenshot of the MySQL Configuration screen in Unified Setup.

  8. In Environment Details, select No if you're replicating Azure Stack VMs or physical servers.

  9. In Install Location, select where you want to install the binaries and store the cache. The drive you select must have at least 5 GB of disk space available, but we recommend a cache drive with at least 600 GB of free space.

    Screenshot of the Install Location screen in Unified Setup.

  10. In Network Selection, first select the NIC that the in-built process server uses for discovery and push installation of mobility service on source machines, and then select the NIC that Configuration Server uses for connectivity with Azure. Port 9443 is the default port used for sending and receiving replication traffic, but you can modify this port number to suit your environment's requirements. In addition to the port 9443, we also open port 443, which is used by a web server to orchestrate replication operations. Do not use port 443 for sending or receiving replication traffic.

    Screenshot of the Network Selection screen in Unified Setup.

  11. In Summary, review the information and click Install. When installation finishes, a passphrase is generated. You will need this when you enable replication, so copy it and keep it in a secure location.

    Screenshot of the Summary screen in Unified Setup.

After registration finishes, the server is displayed on the Settings > Servers blade in the vault.

Note

The configuration server can be installed via a command line. Learn more.

Common issues

Installation failures

Sample error message Recommended action
ERROR Failed to load Accounts. Error: System.IO.IOException: Unable to read data from the transport connection when installing and registering the CS server. Ensure that TLS 1.0 is enabled on the computer.

Registration failures

Registration failures can be debugged by reviewing the logs in the %ProgramData%\ASRLogs folder.

Sample error message Recommended action
09:20:06:InnerException.Type: SrsRestApiClientLib.AcsException,InnerException.
Message: ACS50008: SAML token is invalid.
Trace ID: 1921ea5b-4723-4be7-8087-a75d3f9e1072
Correlation ID: 62fea7e6-2197-4be4-a2c0-71ceb7aa2d97>
Timestamp: 2016-12-12 14:50:08Z
Ensure that the time on your system clock is not more than 15 minutes off the local time. Rerun the installer to complete the registration.
09:35:27 :DRRegistrationException while trying to get all disaster recovery vault for the selected certificate: : Threw Exception.Type:Microsoft.DisasterRecovery.Registration.DRRegistrationException, Exception.Message: ACS50008: SAML token is invalid.
Trace ID: e5ad1af1-2d39-4970-8eef-096e325c9950
Correlation ID: abe9deb8-3e64-464d-8375-36db9816427a
Timestamp: 2016-05-19 01:35:39Z
Ensure that the time on your system clock is not more than 15 minutes off the local time. Rerun the installer to complete the registration.
06:28:45:Failed to create certificate
06:28:45:Setup cannot proceed. A certificate required to authenticate to Site Recovery cannot be created. Rerun Setup
Ensure you are running setup as a local administrator.

Next steps

Next step involves setting up your target environment in Azure.