Support matrix for deploying the replication appliance with Azure Site Recovery - modernized

This article describes support and requirements when you deploy the replication appliance for VMware disaster recovery to Azure with Azure Site Recovery with modernized architecture.

Note

The information in this article applies to Azure Site Recovery with modernized architecture. For information about configuration server requirements in classic releases, see Deprecation of classic experience to protect VMware and physical machines using Site Recovery.

Create a new and exclusive Recovery Services vault for setting up the Site Recovery replication appliance. Don't use an existing vault.

You deploy an on-premises replication appliance when you use Site Recovery for disaster recovery of VMware virtual machines (VMs) or physical servers to Azure:

The replication appliance coordinates communications between on-premises VMware and Azure. It also manages data replication.
To learn more about the Site Recovery replication appliance components and processes, see VMware to Azure disaster recovery architecture - modernized.

Prerequisites

Hardware requirements

Component	Requirement
CPU cores	8
RAM	16 GB
Number of disks	2, including the OS disk (80 GB) and a data disk (620 GB)

Software requirements

Component	Requirement
Operating system	Windows Server 2022. - Windows Server 2019 appliances continue to receive software updates. - Upgrading OS on existing Windows Server 2019 appliances to Windows Server 2022 isn't supported.
Operating system locale	English (en-*).
Windows Server roles	Don't enable these roles: - Active Directory Domain Services. - Internet Information Services (IIS). - Hyper-V.
Group policies	Don't enable these group policies: - Prevent access to the command prompt. - Prevent access to registry editing tools. - Trust logic for file attachments. - Turn on Script Execution. Learn more
IIS	- No preexisting default website. - No preexisting website/application listening on port 443. - Enable anonymous authentication. - Enable FastCGI setting.
Federal Information Processing Standards (FIPS)	Don't enable FIPS mode.

Network requirements

Component	Requirement
Fully qualified domain name (FQDN)	Static.
Ports	443 (Control channel orchestration). 9443 (Data transport).
Network interface card type	VMXNET3 (if the appliance is a VMware VM).
Network address translation	Supported.

Note

To support communication between source machines and the replication appliance using multiple subnets, select the FQDN as the mode of connectivity during the appliance setup. This step allows source machines to use FQDN, along with a list of IP addresses, to communicate with the replication appliance.

Allow URLs

Ensure that the following URLs are allowed and reachable from the Site Recovery replication appliance for continuous connectivity:

URL	Details
`portal.azure.cn`	Go to the Azure portal.
`login.chinacloudapi.cn` `graph.chinacloudapi.cn` `.msftauth.net` `.msauth.net` `.microsoft.com` `.live.com` `*.office.com`	Sign in to your Azure subscription.
`*.partner.microsoftonline.cn`	Create Microsoft Entra apps for the appliance to communicate with Site Recovery.
`management.chinacloudapi.cn`	Create Microsoft Entra apps for the appliance to communicate with Site Recovery.
`*.services.visualstudio.com`	Upload app logs used for internal monitoring.
`*.vault.azure.cn`	Manage secrets in Azure Key Vault. Ensure that the machines that need to be replicated have access to this URL.
`aka.ms`	Allow access to also known as links. Used for Site Recovery appliance updates.
`download.microsoft.com/download`	Allow downloads from Microsoft download.
`*.servicebus.chinacloudapi.cn`	Enable communication between the appliance and Site Recovery.
`.discoverysrv.azure.cn` `.hypervrecoverymanager.azure.cn` `*.backup.azure.cn`	Connect to Site Recovery microservice URLs.
`*.blob.core.chinacloudapi.cn`	Upload data to Azure Storage, which is used to create target disks.
`*.backup.azure.cn`	Use the protection service URL. Site Recovery uses this microservice to process and create replicated disks in Azure.
`*.prod.migration.azure.cn`	Discover your on-premises estate.

Folder exclusions from antivirus programs

If antivirus software is active on the appliance

Exclude the following folders from antivirus software for smooth replication and to avoid connectivity issues:

C:\ProgramData\Azure
C:\ProgramData\ASRLogs
C:\Windows\Temp\MicrosoftAzure
C:\Program Files\Azure Appliance Auto Update
C:\Program Files\Azure Appliance Configuration Manager
C:\Program Files\Azure Push Install Agent
C:\Program Files\Azure RCM Proxy Agent
C:\Program Files\Azure Recovery Services Agent
C:\Program Files\Azure Server Discovery Service
C:\Program Files\Azure Site Recovery Process Server
C:\Program Files\Azure Site Recovery Provider
C:\Program Files\Azure to on-premises Reprotect agent
C:\Program Files\Azure VMware Discovery Service
C:\Program Files\Microsoft on-premises to Azure Replication agent
E:\

If antivirus software is active on the source machine

If the source machine has active antivirus software, the installation folder should be excluded. Exclude the C:\Program Files (x86)\Azure Site Recovery\ folder for smooth replication.

Sizing and capacity

An appliance that uses an in-built process server to protect the workload can handle up to 200 VMs based on the following configurations.

CPU	Memory	Cache disk size	Data change rate	Protected machines
16 vCPUs (2 sockets * 8 cores @ 2.5 GHz)	32 GB	1 TB	>1 TB to 2 TB	Use to replicate 151 to 200 machines.

You can perform discovery of all the machines in a vCenter server by using any of the replication appliances in the vault.
You can switch a protected machine, between different appliances in the same vault, if the selected appliance is healthy.

For information about how to use multiple appliances and failover a replication appliance, see Switch Azure Site Recovery replication appliance.

Learn how to set up disaster recovery of VMware VMs to Azure.
Learn how to deploy a Site Recovery replication appliance.

Last updated on 2025-11-14