|
Caution: The Microsoft Azure interface is subject to change. |
The information provided in this document relating to steps required in Azure were current as of the date of publication. This information is provided as a service to our customers to assist them with Azure prerequisites.
However, when working with Azure, be aware that specific steps, URLs or even the Azure interface may change at any time, which is beyond our control.
If you are having difficulty performing any steps related to your Azure subscription, please seek the advice of a Microsoft Azure representative.
The Azure website uses language and country codes for its web addresses, which affect display of the content in the appropriate language. The typical URL construction uses the format: https://[Microsoft or Azure domain]/[country-code]/[destination]/
, in which the country code controls the language display and the remainder of the URL specifies the content.
For example, when viewing the documentation center for US English, the URL is https://docs.microsoft.com/en-us/azure/. If viewing the same page for Spanish (Spain), the correct URL is https://docs.microsoft.com/es-es/azure/.
The URLs for Azure used throughout this document include the country code for English in the United States. For other languages, URLs may differ based on the settings on your computer, and the languages and country codes Microsoft supports.
If you are browsing in a language other than US English, or if your machine settings are configured for a different language, the language and country code portion of the various URLs cited in this guide may differ accordingly.
Before you can perform virtual export to Azure, you need to meet all of the following prerequisites.
- You must have a protected machine with at least one recovery point in a Rapid Recovery Core that you want to export as a VM to Azure.
- Remote access must be enabled on the protected machine for the deployed VM to boot successfully.
- You must have administrative access to an account on Azure.
- You must have an Azure Active Directory (AD) web application. Each web application must have the following characteristics:
- A secret key. Immediately save the secret key to a secure location, as it cannot be recovered or viewed later.
- A valid URL. The URL that you assign to your web application must contain valid URL syntax. However, from a Rapid Recovery perspective, this URL is not required to be active.
- Appropriate permissions. An Azure administrator for your subscription must grant the web application the appropriate Identity and Access Management (IAM) permissions (specifically, the Owner role).
- Your Azure subscription must be associated with a resource group created using Azure Resource Manager. If using an older resource group created using Azure Service Manager, create a new resource group, since Microsoft no longer supports ASM objects.
- Within Azure, you must create (or have access to) a virtual network that is associated with your Azure subscription, location, and resource group. Since this controller is required when deploying a VM to Azure, it is a prerequisite for performing one-time virtual export, or for deploying a continual export (virtual standby) to an active VM in Azure.
- You must have access to specific information for your Azure subscription, as described in Required Azure subscription information later in this topic.
About Azure storage containers
Before performing virtual export to Azure, you must have an Azure storage account. For information about creating a storage account, see Creating an Azure storage account.
When you complete the one-time VM export, the necessary files are exported to the specified storage account in format <storageAccountName>/<exportContainer>/<export_folder>. The default name for the export container is "export" and the default name for the export folder is the name of the protected VM.
Since one-time virtual export automatically includes deployment of the exported VM, the export files are then copied into a deployment folder (of the same name) within a deployment container (named "deploy" by default). The VM is then deployed from this second location.
If you select Show advanced options in the Storage page of the export wizard, you can select different existing container names, or you can enter new names for the export container and folder name and the deployment container.
Required Azure subscription information
When adding an Azure cloud account to your Rapid Recovery Core, or when performing virtual export to Azure, you must be able to identify specific information related to your Azure account. You are required to have details about your account or subscription (including account name and ID), region or location, your Azure web application and its appropriate role (Owner) and properties (directory or tenant ID, secret key, and virtual network). You must identify your resource group, and you must know the name of your storage accounts and their containers and sub-folders. Some of this information is described using more than one term.
The following matrix can help guide you to the Azure information you may be asked to identify, and how to find it.
Cloud account name
|
Subscription name (or Subscription)
|
Using the Cloud account name drop-down menu in the Virtual Machine Export Wizard is optional.
The first time you perform virtual export to Azure, no information is available from this menu.
After you successfully enter all credentials for an Azure subscription into the Rapid Recovery Core Console, the information is cached. Subsequently, instead of entering all credential information, you can select the appropriate subscription from the Cloud account name drop-down menu. |
Region
|
Region
|
Each Azure portal is associated with a geographic region. Choose the region your portal is accessed from. Options include:
- Azure Global Cloud
- Azure China Cloud
- Azure German Cloud
- Azure US Government Cloud
|
Application ID
|
Application ID
|
Each Azure AD web application created is assigned an application ID.
For information about creating an Azure AD web application and its associated secret key, see Creating an Azure Active Directory web application. |
Secret key
|
Keys
|
Each web application must have one or more secret keys that you can use to authenticate using Azure APIs.
|
Caution: When creating any secret key, immediately record the description and key value in a secure location for the long term. If you do not retain the secret key for your Azure AD web application when you create it, it cannot be recovered. |
For information about creating an Azure AD web application and its associated secret key, see Creating an Azure Active Directory web application. |
Tenant ID
|
Directory ID
|
This is the directory ID for the AD web application that connects the Core to your Azure subscription. |
Subscription ID |
Subscription ID |
This ID is associated with your Azure subscription and your unique subscription name. |
Storage account name |
Resource group |
The resource group is a container for resources that share a common life cycle. Using resource groups, you can deploy, manage, and monitor all the services for your solution as a group.
|
Export container
|
Storage container
|
An export container is a child object of the Azure storage container (resource group). When deploying a VM to Azure, this information is stored in a storage container within its parent resource group.
Optionally, before exporting, you can create an appropriate storage container from within Azure into which the exported data is stored.
You can also create the export storage container dynamically. In Rapid Recovery6.6, the default name provided is "export."
Storage requirements grow as your protected machine protects more data. In your Azure account, the container you specify must be associated with a storage location with sufficient space to accommodate the VM.
For more information, see the topic Creating a container in an Azure storage account. |
Export folder name |
None |
By default, this folder is named after the VM you want to export. |
Deployment container |
None |
This is the container name into which the VM is deployed. The default name provided is "deploy." |
Resource group |
|
Specify the resource group to be used. |
Virtual network |
|
Specify the virtual network to be associated with the selected resource group.
You must create this in Azure before deploying a VM to Azure. Thus, it is required before performing a one-time virtual export, or before deploying an existing continual export to a VM. |
For more information
Related topics:
For procedures related to exporting or deploying VMs on Azure, see the following topics:
Users are advised to research features of Azure before using them with Rapid Recovery. Proper research enables you to balance your needs, preferences, and costs.
Take the example of an Azure storage account, which contains data objects: Binary Large OBjects (or “blobs”,) files, queues, tables, and disks. When creating an Azure storage account, consider the following aspects:
- What type of objects are you storing?
- Is the retention length expected to be brief or long?
- Do you intend to access data frequently or rarely?
- How quickly do you need access to the information stored there (immediately, minutes, hours)?
When performing virtual export to Azure, you must select or create a storage account that supports the relevant type of blobs. For export, Rapid Recovery uses page blobs, which are a collection of 512-byte pages optimized for random read and write operations. Azure now supports a maximum page blob size of 8TB. Eventually, this Azure restriction is likely to be increased in the future. Accordingly, as of release 6.4, Rapid Recovery Core has doubled the supported maximum data disk size for virtual export and deploy to Azure from 4TB to 8TB.
Azure storage offers different access tiers, which affect cost, restrict data types, affect speed of access, and apply to the frequency of use. Select the Azure storage account kind that best reflects your needs.
For Azure storage, there are 3 account kinds, which is relevant when determining which blobs you want to store and how quickly or often you need to access them. These are shown in the following table:
Storage (general purpose v1), or GPV1 |
Legacy storage type. Supports page blobs, required for virtual export. Does not have an access tier. |
Can be used for virtual export or archiving to Azure. Microsoft documentation suggests using GPV2 instead when possible. |
Storage V2 (general purpose v2), or GPV2 |
Contemporary and default storage account type. Supports page blobs, required for virtual export. Lets you select an access tier when creating the storage account. Incorporates all of the functionality of GPV1 and BlobStorage accounts. |
Recommended by Microsoft. Hot access tier has higher storage costs, but the lowest access costs. Use GPV2 with hot access tier for continual export to Azure; consider GPV2 with cool access tier for one-time export. |
BlobStorage |
Legacy account kind. Supports only block and append blobs, not page blobs, and thus does not support virtual export. Lets you select an access tier when creating the storage account. |
Can be used for archiving but not for virtual export. Microsoft documentation suggests using GPV2 instead when possible. |