3.hyper-v

AuthorsCameronGardiner,SeniorProgramManager,MicrosoftAzureCATAnoobBacker,ProgramManager,MicrosoftAzureSiteRecoveryServicesDevelopmentIDCTechnicalReviewersJuergenThomas,PrincipalLeadProgramManager,MicrosoftAzureCATHermannDaeubler,SeniorProgramManager,MicrosoftAzureCATTroyShane,Microsoft-SAPTechnologyCenterContents1Overview31.
1IntroducingAzureSiteRecovery31.
2Howtousethisdocument41.
3Beforeyoustart42Topology62.
1Site-to-sitevirtualprivatenetwork(VPN)deviceorExpressRoute62.
2SystemCenterVirtualMachineManager62.
3ActiveDirectoryDirectoryServicesanddomainnamesystem(DNS)62.
4SQLServerandotherDBMS63AzureSiteRecoveryrequirements83.
1ActiveDirectory83.
2SystemCenter2012R283.
3Unsupportedconfigurations83.
4Agents93.
4.
1AzureSiteRecoveryProvider93.
4.
2AzureRecoveryServicesAgent94ProtectingSAPapplicationlayers124.
1SAPdatabaselayer124.
2SAPapplicationserverlayer124.
3SAPSPOFlayer(ASCS)134.
3.
1Emulatingtheon-premisesASCS134.
3.
2Testingfailover144.
4SAPstand-alonelayer165Implementationchecklists175.
1Importantblogsandarticles175.
1.
1Importantblogs175.
1.
2ImportantKBarticles175.
1.
3Recommendedsoftwareversionsandupdates175.
2Capacityplanningandreadinessassessment185.
3Implementationchecklist196TestingAzureSiteRecoverySolutionforSAP216.
1Networkisolatedfailoverscenario216.
2Networkintegratedfailoverscenario227Monitoring,troubleshooting,andexceptionalhandling237.
1Monitoring237.
2Troubleshooting237.
3Exceptionhandling248AzureSiteRecoveryforVMwareandLinux26Appendix:Recommendedresources27Glossary28OverviewToprovideexceptionalcustomerexperiences,ITorganizationsmuststayprepared.
Downtimecanrepresentalossofrevenue,employeeproductivity,andcashflow,inadditiontofinesandpenalties.
Downtimecanevengivecompetitorsanopportunitytogainmarketshare.
Increasingly,theexpectationsofcustomers,employees,andotherkeystakeholdersareputatriskiftherearenoDRplansinplacetosupportcriticalcomputingworkloads.
Yourorganization'ssuccesscandependonhavingDRplansthatareproperlytestedatregularintervals—onlythencanyouattestwithconfidencethatyourrecoveryplanswillworkreliably.
YetplanningandimplementingaDRsolutioncanbechallenging.
Inmanyorganizations,thebudgetforbusinesscontinuityanddisasterrecovery(BCDR)isasmallpercentageofoverallITspending.
Inaddition,datacapacityrequirementsaregrowing,whilethelandscapeofheterogeneousapplicationsisgainingincomplexity.
Thisdocumentprovidesastep-by-stepguidanceforimplementingaDRsolutionforSAPNetWeaversystems,basedonMicrosoftAzureandMicrosoftHyper-Vtechnologies.
TheguidanceoffersprinciplesbutdoesnotcoverthewholeprocedureincludingauxiliarysystemsofaSAPlandscape.
Also,notallofthecoveredaspectsarenecessaryforaDRexercise.
MicrosoftAzureCloudServicesdifferfromothercloudplatformsintheintegrationbetweenyouron-premisesprivatecloudandtheAzurepubliccloudplatform.
MicrosoftAzureSiteRecoveryisthekeytoprovidingDRtoAzurefunctionality.
Itcanhelpyouprotectvirtualmachines(VMs)bycoordinatingthereplicationandrecoveryofprivatecloudstoyourownsecondarysite,toahoster'ssite,ortoanAzureDRsite.
IntroducingAzureSiteRecoveryAzureSiteRecoveryprovidesdisasterrecoveryasaservice(DRaaS)inthefollowingways:On-premisestoon-premisesprotection:Youcanrecoveryourapplicationstoyourownsecondsiteortoahoster'ssite.
Figure1.
UsingAzureSiteRecoveryforon-premisestoon-premisesprotection.
MigrateorprotecttoAzure:YoucanuseAzureasyourdisasterrecoverysiteandavoidtheexpenseandcomplexityofbuildingandmanagingyourownsecondarylocation,oryoucanengageahostertoprovideaDRsite.
Figure2.
UsingAzureSiteRecoverytofacilitateadisasterrecoverysite.
HowtousethisdocumentThisdocumentdescribestheprotectionandrecoveryofanon-premisesSAPapplicationtoAzure.
ThisdocumentisintendedforexperiencedSAPBasisadministrators,Windowsadministrators,anddatabaseadministrators.
Itassumesthefollowing:AbasicfamiliaritywiththeMicrosoftAzureManagementPortal(accountrequired)athttps://manage.
windowsazure.
com/.
WorkingknowledgeofMicrosoftHyper-V.
Knowledgeofhowtosetupandconfiguredatabase-levelreplicationtechnologies,suchasSQLServerAlwaysOn.
Formoreinformation,seeOverviewofAlwaysOnAvailabilityGroups(SQLServer),athttp://msdn.
microsoft.
com/en-us/library/ff877884.
aspx.
DetailedknowledgeabouttheproxyserveranduserID(ifrequired)toauthenticateandallowexternalInternettraffic.
BasicSAPBasisknowledge.
BeforeyoustartThisdocumentisnotintendedtoreplacetheexistingdocumentationaboutinstallationandconfigurationofAzureSiteRecovery.
Beforeyoustart,werecommendthatyou:TestthedeploymentofAzureSiteRecoveryusinganon-SAPtestVM,beforeimplementingAzureSiteRecoveryforaSAPlandscape.
BecomefamiliarwiththesetupandoperationofAzureSiteRecoveryonanon-SAPtestVM,andpracticetasks,suchasplannedandunplannedfailovers.
ThefollowingguidesareavailableforthetopicofSAPdeploymentsonAzure:SAPNetWeaveronMicrosoftAzureVirtualMachineServices–PlanningandImplementationGuide.
SAPNetWeaveronMicrosoftAzureVirtualMachineServices–DeploymentGuide.
DBMSDeploymentGuideforSAPonMicrosoftAzureVirtualMachineServices.
SAPNetWeaver:BuildingaMicrosoftAzure–basedDisasterRecoverySolution.
ClusteringSAPASCSInstanceusingWindowsServerFailoverClusteronAzurewithSIOSDataKeeper.
TheguidescanbedownloadedunderthesectionSAPathttp://go.
microsoft.
com/fwlink/p/LinkId=397566.
Beforeyouproceed,forallSAPNetWeaverapplicationserversandSAPNetWeaverCentralServices(SCS)VMs,verifythattheSAPapplicationsaresupportedinAzure.
Fordetails,seethefollowing:1928533–SAPApplicationsonAzure:SupportedProductsandAzureVMtypes,ontheSAPServiceMarketplace(logonrequired),athttp://service.
sap.
com/sap/support/notes/1928533.
2015553–SAPonMicrosoftAzure:SupportRequirements,ontheSAPServiceMarketplace(logonrequired),athttp://service.
sap.
com/sap/support/notes/2015553.
NOTEForVMscontainingSAPNetWeavercomponents,runninginAzure,makesurethatAzureEnhancedMonitoringforSAPisinstalledorgetsinstalled.
SeeRunningSAPApplicationsontheMicrosoftPlatform,ontheMicrosoftServersandToolsBlog,athttp://blogs.
msdn.
com/b/saponsqlserver/archive/2014/06/24/azure-extended-monitoring-for-sap.
aspx.

TopologyThefollowingsectionsdescribethekeycomponentsyoumustdeployforprotectionandrecovery.
Figure3showsthedatacentre-Azuretopology.
Site-to-sitevirtualprivatenetwork(VPN)deviceorExpressRouteTooperatehybrid/cross-premisesorcompleteSAPlandscapesbetweenon-premisesdatacentersandAzure,transparentnetworkconnectivityisrequiredtobeestablishedbetweenyoursite(s)andAzure.
Youcandothisthroughsite-to-siteconnectivityusingVPNdevices,WindowsServer2012R2,orAzureExpressRoute.
TheMicrosoftAzureplatformsupportsaverybroadrangeofVPNdevices.
Formoreinformation,seeAboutVPNDevicesforVirtualNetwork,athttp://msdn.
microsoft.
com/en-us/library/azure/jj156075.
aspx.
TheAzurePortalcanbeusedtogenerateaVPNconfigurationscript.
AWindows2012R2servercanalsofunctionasanAzureVPNdevice.
Formoreinformation,seeAzureVirtualMachineServices—PlanningandImplementationGuide,athttp://go.
microsoft.
com/fwlink/p/LinkId=397963.
ForAzureExpressRoute,youmustfindmultiprotocollabelswitching(MPLS)providersornetworkprovidersthatcoveryourregion.
Foralistofcurrentproviders,seeExpressRouteTechnicalOverview,athttp://msdn.
microsoft.
com/library/azure/dn606309.
aspx.
SystemCenterVirtualMachineManagerTheAzureSiteRecoveryreplicationchannel,basedonHyper-V,hasanoptiontouseSystemCenterVirtualMachineManager(SCVMM)toorchestratethesiterecoveryprocess.
SCVMM2012issupported;however,thesolutiondescribedinthisdocumenthasbeentestedonSCVMM2012R2withUpdateRollup3.
SCVMM2012R2Rollup6isnowreleasedActiveDirectoryDirectoryServicesanddomainnamesystem(DNS)Manybusinessapplications,includingSAP,haveadependencyonActiveDirectoryservices.
AzureSiteRecoveryhasbeentestedwithWindowsServer2008R2andWindowsServer2012R2domaincontrollersrunninginWindowsServer2003,WindowsServer2008,andnativeWindowsServer2012R2mode.
SQLServerandotherDBMSSQLServer2008R2(andlater),Oracle,andSAPASEaresupportedforSAPonAzure.
Forhighavailabilityanddisasterrecovery(HA/DR)scenarios,werecommenddatabasemethodslikeSQLServer2012(andlater)AlwaysOnorOracleDataGuard.
Figure3.
Asampleorganization'sdatacenterisontheleft;theAzureregionontheright.
AzureSiteRecoveryrequirementsBeforedeployingAzureSiteRecoveryservices,makesureyouhaveActiveDirectoryandSystemCenter2012R2.
ActiveDirectorySAPserversandservicesaredependentonActiveDirectoryforauthenticationandDNS.
ThevirtualmachinesinAzuremustbeabletocommunicatewithatleastonedomaincontroller.
Three-tierSAPdeploymentsshouldbedomain-basedinstallations;therefore,ActiveDirectoryDirectoryServicesandDNSservicesmustbeavailableinAzure.
SystemCenter2012R2SystemCenter2012R2isoptionalandcanbeusedtomanageandcoordinatefailoverandfailbackactivities.
AzureRecoveryServicesreplicatesVMsthataredefinedwithinaSystemCentercloud.
TheSCVMMservernormallyrunsonyoursite.
YoumustinstallUpdateRollup1,2,and3forSystemCenter2012R2withWindowsUpdate.
Rollup6isnowreleasedandavailable.
UnsupportedconfigurationsThefollowingtechnologiesarenotsupportedbyAzureSiteRecoveryServices,asofJuly2015:LinuxGeneration2Hyper-VVMs.
VMswithabootdiskorC:drivelargerthan1023GB.
Theadditionorremovalofdisks(virtualharddisks[VHDs])tothereplicatedVM.
DoingsoneedsmanualinterventiontoenablereplicationofthenewlyaddeddiskfortheVM.
Ifyouneedtoaddorremoveadisk,removeAzureSiteRecoveryprotection,changethediskstatusbyattachingordetachingit,andthenre-enableAzureSiteRecoveryprotection.
ReplicationofVMsthatarewithinaWindowsServerFailoverClusterConfigurationwithaccesstoClusterSharedDisks.
BootingfromdiskssecuredbyBitLocker.
VMnamesthatcontainspecialcharactersorareverylong.
AVMcanberenamedinAzurePortal,afterawarningisissued,duringtheinitialreplication.
SAPorotherexecutablesinstalledonD:drive.
WerecommendthatyouavoidusingtheD:drive,althoughitistechnicallypossible.
ThisdiskisreservedonAzureVMs.
Inaddition,ActiveDirectorydomaincontrollerscanbereplicatedusingAzureSiteRecovery;however,considerthefollowingrecommendations:PlacetheDSdata,log,andSYSVOLonatleastoneseparatedatadisk,withdiskcachingswitchedoff.
BuildtheVMsbasedonAzureGalleryimages,whichyoucandownload.
InstalltheAzureagentwhenthegalleryimageisfirstcreated.
ConfigurethediskpartSANpolicytoonlineall(diskpart.
exesanpolicy=onlineall).
IftheVMdoesnotcomeonline,validatethatallthedatadiskshavecomeonlineinthesamesequenceasonHyper-V.
NOTEPeriodicallychecktheblogsreferencedinthisdocument.
FuturereleasesofAzureSiteRecoveryServicesmaysupportthesefeatures.
WerecommendyouruntheAzureVirtualMachineReadinessAssessmentTool.
AgentsToreplicateVMmetadataandVHDstoAzure,twoagentsmustbeinstalledontheSystemCenterhostorHyper-Vhost:MicrosoftAzureSiteRecoveryProviderandMicrosoftAzureRecoveryServicesAgent.
YoudonotneedtoinstallanagentorothersoftwarewithintheVMswiththeHyper-VAzureSiteRecoveryreplicationchannel.
AzureSiteRecoveryProviderThisagentcoordinatesthestartupandshutdownoftheHyper-VVMandreplicatesmetadataabouttheVMsandSystemCenterclouds.
ThisagentmustbeinstalledontheSystemCenterhostifSystemCenterisdeployed.
ThelatestagentcanbefoundontheAzureSiteRecoveryQuickStartpageintheAzurePortal.
Thisagentdoesnotrequireanyconfiguration,anditnormallycommunicatestoAzurebyanSSLconnectionoverpublicInternetviaacorporateproxyserver.
Alternatively,communicationcanbeviaAzureVPNorExpressRoute.
Formoreinformation,seeStep2:InstalltheAzureSiteRecoveryProvider:On-premisestoAzure,onMSDN,athttp://msdn.
microsoft.
com/en-us/library/azure/dn788914.
aspx.
AzureRecoveryServicesAgentThisagentreplicatestheVMstorage.
YoumustinstallitonallHyper-Vhosts.
Formoreinformation,seeStep3:InstalltheAzureRecoveryServicesAgent:On-premisestoAzure,onMSDN,athttp://msdn.
microsoft.
com/en-us/library/azure/dn788913.
aspx.
Forthelatestagent,seetheAzureSiteRecoveryQuickStartpageintheAzurePortal.
ThisagentusuallycommunicatestoAzurebyanSSLconnectionoverpublicInternetviaacorporateproxyserver.
Alternatively,communicationcanbeviaAzureVPNorExpressRoute.
Thischannelofcommunicationisneededtocontrolflowsofreplicationandfailoveractivity.
Therefore,it'sbettertoroutethecommunicationthroughthecorporateproxyserverandnotthroughVPNorExpressRoute,wherethereplicationworkloadtrafficishandled.
Thatway,youhelpmakesurethatafullsiteoutagedoesnottakedownallthecorporateproxyservers.
YoumustconfiguretheMicrosoftAzureRecoveryServicesAgent,provideproxyserverdetails,andenterausernametoauthenticate.
YoucanconfigureMicrosoftAzureRecoveryServicesAgentusingtheMicrosoftManagementConsole(MMC)(gotoAdd/RemoveSnap-In,andthenselectMicrosoftAzureBackup).
Figure4.
ConfiguringAzureRecoveryServicesAgentusingMMC.
CmdLet:$spwd=ConvertTo-SecureString-StringNotag00pa55word-AsplainText–ForceSet-OBMachineSetting-ProxyServerhttp://proxycontoso.
com-ProxyPort80-ProxyUsernamecontoso\proxy-ProxyPassword$spwdAdditionalconfiguration-limitingbandwidthisalsopossible.
Figure5.
MMCagentproperties:configuringadditionallimits.
CmdLet:$mon=[System.
DayOfWeek]::Monday$tue=[System.
DayOfWeek]::Tuesday$wed=[System.
DayOfWeek]::Wednesday$thu=[System.
DayOfWeek]::Thursday$fri=[System.
DayOfWeek]::FridaySet-OBMachineSetting-WorkDay$mon,$tue,$wed,$thu,$fri-StartWorkHour"9:00:00"-EndWorkHour"18:00:00"-WorkHourBandwidth(512*1024)-NonWorkHourBandwidth(1023*1024*1024)NOTEIfyouuseExpressRouteorVPN,youmaynotneedtoconfigureaproxy.
ProtectingSAPapplicationlayersDatabaseandSAPapplicationserverlayersrequiredifferentmechanismstoprotectagainstDRevents.
FormoreinformationaboutdeployingSAPonWindowsHyper-Vprivatecloud,seeHowtoDeploySAPonMicrosoftPrivateCloudwithHyper-V3.
0,ontheRunningSAPApplicationsontheMicrosoftPlatformBlog,athttp://blogs.
msdn.
com/b/saponsqlserver/archive/2013/06/30/how-to-deploy-sap-on-microsoft-private-cloud-with-hyper-v-3-0.
aspx.

SAPdatabaselayerTheSAPDatabaseserviceshouldbeprotectedbynativedatabasemanagementsystems(DBMS)levelreplicationtechnologies.
SQLServer2012(andlater)includesSQLServerAlwaysOn.
InadditiontoSQLServerAlwaysOn,youcanusedatabasemirroringandlogshippingtosynchronizeon-premisesdatabasestoAzure.
Ingeneral,thereplicationtechnologyforAzureisasynchronous—transactionsarecommittedon-premisesbeforetheyareconfirmedontheDRsystemonAzure.
OtherDBMSshavetechnologieslikeAlwaysOnorlogshipping.
SomeofthesetechnologiesdonotprovidefunctionalityliketheSQLServerAlwaysOnlistener.
High-availabilityfeaturesoperatingwithoutavirtualname,whichisusedtoconnecttheSAPapplicationlayer,mightforcearevisiontotheSAPprofile,changingittotheVMnameafterfailovertoAzure.
ThefollowingSAPprofileparametersmustbechanged:dbs//serverandJavaConfigTool.
TheSQLServerAlwaysOnlistenerpreservesthelistenerhostname.
NoreconfigurationisrequiredforconnectingthereplicatedSAPapplicationserverinstances.
FormoreinformationaboutconfiguringSQLServerAlwaysOninahybrid,on-premisestoAzureconfiguration,seeConnectingtoAvailabilityGroupListenerinHybridIT,athttp://blogs.
msdn.
com/b/sqlalwayson/archive/2013/02/14/connecting-to-availability-group-listener-in-hybrid-it.
aspx.

FormoreinformationaboutAlwaysOnforSAPsystems,seeRunningSAPApplicationsontheMicrosoftPlatform,athttp://blogs.
msdn.
com/saponsqlserver/.
WerecommendthatyouplanabackupmechanismfortheDBMSlayerincasetheDRsystemisactivated.
Fordetails,seeDBMSDeploymentGuideforSAPonMicrosoftAzureVirtualMachineServices,athttp://msdn.
microsoft.
com/library/dn745892.
aspx.
SAPapplicationserverlayerSAPapplicationserversrunningonHyper-VcanbereplicatedtoAzureusingtheAzureRecoveryServicesframeworkandagents.
TheapplicationserverdoesnotcontainanybusinessdataanddoesnotneedtobereplicatedtoAzureveryoften.
TheonlycontentthatchangesperiodicallyistheSAPkernelafterakernelupgrade.
Replicationevery15minutesisrecommended.
Forastep-by-steptutorial,seeGettingStartedwithAzureSiteRecovery:On-PremisesVMMSitetoAzureprotectionwithHyper-VReplication,athttp://azure.
microsoft.
com/en-us/documentation/articles/hyper-v-recovery-manager-azure/.
NOTEDonotuseSAPapplicationserversasfileservers.
Instead,storeinterfacefiles,downloads,andotherfilesystembusinessdataseparatelyonafileserver.
Forsecurityreasons,donotpermituserPCstohaveaccesstoSAPapplicationservers.
SAPABAPprogramsshouldreferenceLogicalFileNamesdefinedintransactionFILE,which,inturn,referenceUNCpaths,suchas\\fileserver\share.
Figure6.
Replicationevery15minutesisrecommended.
SAPSPOFlayer(ASCS)Thesinglepointoffailure(SPOF)fortheSAPcomponentiscalledtheASCS/SCSorCentralServices.
ThiscomponentismadeupofavirtualIP,virtualhostname,enqueueserver,messageserver,andhighlyavailableshareddisk.
AzureSiteRecoveryServicesdoesnotsupportreplicationofVMswithshareddisks.
TheAzureplatformdoesnotnativelysupportshareddisks.
TohelpprotecttheSAPcomponentsofASCS/SCS/CentralServices,youshould:HaveanActiveDirectoryserverrunninginAzure.
ThisActiveDirectoryserverwouldbetheprimaryActiveDirectoryserverincaseofafailovertotheDRsite.
TheActiveDirectorydomaincontrollerinAzuremustberegularlysynchronizedwiththeon-premisesActiveDirectorydomaincontrollers.
WhilenotrunninginAzure(thenormalcase),haveaVMinAzurewhichisupandrunningforeveryrunningSAPASCS/SCS/CentralServices.
IfaDReventoccurs,theseVMswilltakeovertheroleoftheASCS/SCS/CentralServices.
Youwouldneedtomakesurethatthecontentofthesapmntshare(s)oftheVMsrunningon-premisesiscopiedonaregularbasisintotheVM(s)inAzure.
IncaseofafailovertotheDRsite,assumethattheActiveDirectoryserverthathasbeeninAzureorisrebuiltinAzureistakingovertheWindowsDomainservices.
NOTEInthisprocedure,youmakeachangetotheDNSentriesfortheVirtualWindowsClusternamesbychangingtheirIPaddressestotheIPaddressesoftheVMsinAzurethatshouldrunASCS/SCS/CentralServices.
YoualsoassignthevirtualnameoftheclustertotheVMsinAzuredesignatedtorunASCS/SCS/CentralServices.
Emulatingtheon-premisesASCSYoucanassignavirtualhostnametoaWindowsServer.
Inthefollowingprocedure,youusethiscapability,togetherwithActiveDirectoryandDNSchanges,toemulatetheon-premisesASCS:EnsurethatanActiveDirectorydomaincontrollerisinAzurewithDSandDNSroles.
WerecommendthatyouuseWindowsServer2012R2forActiveDirectorydomaincontroller,evenifthedomainfunctionallevelislower.
ProvisionanewVMinAzurewithphysicalhostname=p.
hostname(canbeanyhostname,suchasazure-ascs).
TheVMshouldbeinthesameVNETasthedomaincontroller.
ThisVMisdesignatedtorunASCS/SCS/CentralServicesafterafailovertotheAzureDRsiteisexecuted.
JointheVMinAzuretothesamedomainthatyourotherSAPVMsarerunninginon-premises.
AssignastaticAzureIPaddresswiththefollowingcommandtotheVMthatisdesignatedtoruntheASCS/SCS/CentralServicesinAzure:Get-AzureVM-servicename""-name""|Set-AzureStaticVNetip-ipaddressxx.
xx.
xx.
xx|Update-AzureVMFordetails,seeConfigureaStaticInternalIPAddress(DIP)foraVM,athttp://msdn.
microsoft.
com/library/azure/dn630228.
aspx.
AddthesekeystotheASCS/SCS/CentralServicesVMtargetinAzure:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters->DisableStrictNameCheckingoftypeDWORDsetto1.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0->BackConnectionHostNamesoftypeMULTISTRINGsettotheshortvirtualhostnameandFQDNoftheon-premisesASCScluster(example:vsapascsandvsapascs.
domain.
com).
InstallAzureEnhancedMonitoringforSAPasdescribedinSAPNetWeaveronMicrosoftAzureVirtualMachineServices-DeploymentGuide,athttp://msdn.
microsoft.
com/library/dn745892.
aspx.
RestarttheAzureVM.
LogontotheAzureVM,andopenWindowsExplorer.
Type\\p.
hostname(physicalhostname).
ThesharednetworkresourcesontheAzureVMareshown.
Youmaywanttocreateatestsharedfolder.
CreateaWindowsscheduledtasktoROBOCOPYtheon-premisesASCS\sapmnttoadirectoryonthedesignatedAzureVMonceperday.
TestingfailoverTocontinuetheinstallation,youmustperformatestfailoverasfollows:DisconnecttheVPNconnectivityfromAzuretoon-premiseresources.
ThisstepisolatestheActiveDirectoryandDNSservicesinAzurefromtheon-premiseresources.
ConfirmthatthereisnonetworkconnectivitybetweenAzureandtheon-premisesservers.
WARNINGPerformingthefollowingActiveDirectorychangeswillofflinetheon-premisesASCSclusteriftheVPNisconnected.
EnsurethatVPNnetworkconnectivityisdisabledandblocked.
Ensurethatthedomaincontrollerisneversynchronizedbacktotheserveron-premises.
Bydefault,testfailoverVMsareneversynchronizedbacktotheon-premisesserver.
OpenActiveDirectoryUsersandComputers,andfindtheASCSclustervirtualhostname.
Right-clicktheobject,andclickdisable.
OpenDNSManager,andfindtheASCS/SCS/CentralServicesname.
Double-clicktheclustervirtualhostname,andchangetheIPaddresstothespecifiedstaticIPaddress(seestep4insection4.
3.
1,"Emulatingtheon-premisesASCS.
").
InWindowsExplorer,entertheassignedvirtualhostname(seestep5binsection4.
3.
1,"Emulatingtheon-premisesASCS.
")\\v.
hostname(shortname)and\\v.
hostname.
domain.
com(fullyqualifieddomainname).
Confirmthatyouseethesameresourcesasinstep7ofsection4.
3.
1.
Confirmtheconfigurationwithnetview\\v.
hostnameandnetview\\v.
hostname.
domain.
com.
/etc/hostsfileshouldnotberequired.
InthedesignatedVM,runsapinst.
exeSAPINST_USE_HOSTNAME=>SystemCopy>TargetSystem>Distributed,andinstallastand-aloneASCSsystem.
IMPORTANTStartsapinstwiththeparameterandthevirtualhostnameinsteadofwiththephysicalnameassignedtotheVMinstep4.
3.
1.
2.
Aftertheinstallationiscomplete,manuallycopythedatathathasbeenreplicatedorcopied(seestep4.
3.
1.
8)to\sapmntintheAzureVM.
DoatestfailoverorplannedfailoveroftheSAPapplicationserverVMs.
NOTEIncaseoftestfailover,AzureSiteRecoverycreatesanothercopyoftheVMsinAzureinsteadofbringingtheoriginalcopiesonline.
Thatway,theasynchronousreplicationcontinuesundisturbed.
Attheendofthetestfailover,theadditionalcopiesthatwerecreatedaredestroyed.
Formoreinformationaboutthetestfailoverfunctionality,seesection6,TestingAzureSiteRecoverySolutionforSAPlaterthisdocument.
Recoverthedatabaseside.
StarttheSAPapplicationservers.
CheckSAPBasisfunctionality,suchasRemoteFunctionCall(RFC)andtransports.
Tofailback,completethetestfailoverstep.
ThisstepdestroystheVMscopiedbythetestfailoverforthetest.
ItleavestheHyper-VreplicasrunninginAzureuntouched.
WARNINGBeforeestablishingtheVPNorExpressRouteconnectivity,makesurethattheVMrunningActiveDirectoryandDNSisdestroyed.
FailuretodestroytheActiveDirectoryandDNSserversinAzurebeforereestablishingtheVPNtaketheproductionclusterresourcesoffline.
AfterthetestfailoveriscompletedandtheVMrunningActiveDirectoryandDNSservicesisdestroyed(topreventreplicationofDNSandCNOchanges),reconnectAzureVPN/ExpressRouteandcheckconnectivity.
ChangetheWindowscopyjob(seestep4.
3.
1.
8)totargetthesapmntshareinthedesignatedVMinAzureasdestinationdirectoryofthecopyjob.
Afterthesesteps,theconfigurationisfunctionalforDRsitefailovers.
Inarealfailover,youneedtomakesurethatyoucanrebuildtheActiveDirectoryandDNSVMinAzure.
MakesurethattheActiveDirectoryandDNSservicesaretheonlyitemsrunning.
Then,thechangesdescribedinsteps12,13,and14needtobeexecuted.
Steps16and17aren'tneededanymore,becausetheVMhaspreinstalledASCS/ASCS/Centralinstancesalready.
Insteadofperformingatestfailover,asmentionedinstep18,performarealfailover.
SAPstand-alonelayerBesidesSAPNetWeaver,SAPstand-alonecomponentscanbecategorizedintothefollowingtypes.
Table1.
Supportforvarioustypesofstand-aloneSAPcomponents.
Stand-alonecomponentDescriptionExampleFile-systembasedThesecomponentscanbeprotectedbyAzureRecoveryServicesbysimplyreplicatingtheVMasynchronously.
Ingeneral,werecommendminimizingthenumberofdisksontheVMand,ideally,implementingtheoperatingsystemandapplicationonC:drive,ifpossible.
.
CTMOptimizerAdobeDocumentServerKWDBMS-basedTheseSAPstand-alonecomponentsuseadatabaseand,therefore,mustbeprotectedusingdatabasetoolsandAzureRecoveryServices.
Formoreinformation,seetheappropriateSAPguidance,suchastheLiveCacheHighAvailabilityGuide.
LiveCacheBusinessObjectsContentServerImplementationchecklistsImportantblogsandarticlesBeforeyoustarttoimplementAzureSiteRecoveryServicesforSAP,werecommendthatyoureviewthefollowingblogs,KnowledgeBase(KB)articles,andsoftwareupdates.
ImportantblogsRefertothefollowing:PlanforAzureSiteRecoveryDeployment,ontheMSDNwebsite,athttp://msdn.
microsoft.
com/en-us/library/azure/dn469074.
aspx.
Networking101forDisasterRecoverytoMicrosoftAzureusingSiteRecoveryontheAzureBlog,athttp://blogs.
technet.
com/b/virtualization/archive/2014/09/09/networking-101-for-disaster-recovery-to-microsoft-azure-using-site-recovery.
aspx.

Referhttp://azure.
microsoft.
com/blog/tag/azure-site-recovery/forrecentblogsaboutAzureSiteRecovery.
MonitorandtroubleshootprotectionforVMware,VMM,Hyper-VandPhysicalsitesontheAzuredocumentation,athttps://azure.
microsoft.
com/documentation/articles/site-recovery-monitoring-and-troubleshooting/MonitoringAzureSiteRecoveryontheTechnetwebsite,athttp://blogs.
technet.
com/b/scvmm/archive/2014/10/30/monitoring-azure-site-recovery.
aspx.
https://azure.
microsoft.
com/documentation/articles/site-recovery-best-practices/ImportantKBarticlesDuringthesetupofAzureRecoveryServices,anerrormessageaboutHyper-VBrokerappears.
Toresolvethisissue,seeMicrosoftKnowledgeBasearticleKB2961977,"Hyper-VReplicaClusterBrokerisnotinstalled"errorwhenyoureplicateprivatecloudstoMicrosoftAzure,athttp://support.
microsoft.
com/kb/2961977.
BrokerisnotrequiredforAzureRecoveryServices.
ReferHowtomanageon-premisestoAzureprotectionnetworkbandwidthusagetounderstandmoreaboutdifferentnetworkbandwidthsettingsathttps://support.
microsoft.
com/kb/3056159RecommendedsoftwareversionsandupdatesTheAzureRecoveryServicessolutiondescribedinthisdocumenthasbeentestedandvalidatedwiththesoftwareshowninthefollowingtable.
Intheory,WindowsServer2008R2shouldalsowork;however,allNetWeaver7.
xxsystemsnowsupportWindowsServer2012R2.
Ifyouarerunninganearlierversion,werecommendupgradingtoaneweroperatingsystemanddatabaseversion.
Table2.
Softwareusedtotestanddeploythesolutioninthiswhitepaper.
VersionServicepackUpdatesHyper-VhostWindowsServer2012R2NoneAllRollupsGuestOSWindowsServer2012R2NoneAllRollupsSystemCenterSystemCenterVirtualMachineManager2012R2NoneRollup1,2,and3DatabaseSQLServer2012ServicePack2CU1SAPkernel721_EXT7.
41300Duetomemoryleaksinthe7.
4xkernel,youmustusethelatestpatch.
Donotusethekernelontheinstallationmedia.
DBSLpatch316Duetomemoryleaksinthe7.
4xkernel,youmustusethelatestpatch.
Donotusethekernelontheinstallationmedia.
Formoreinformation,seeListofRollupUpdatesforWindows8.
1andWindowsServer2012R2,ontheTechNetwebsite,athttp://social.
technet.
microsoft.
com/wiki/contents/articles/23823.
list-of-rollup-updates-for-windows-8-1-and-windows-server-2012-r2.
aspx.

CapacityplanningandreadinessassessmentYoucanruntheAzureVirtualMachineReadinessAssessmenttoolonVMstoensurethattheyarecompatiblewithAzureVMsandAzureSiteRecoveryServices.
TheReadinessAssessmentToolchecksVMconfigurationsandwarnswhenconfigurationsareincompatiblewithAzure.
Forexample,itissuesawarningifaC:driveislargerthan1TB.
Capacityplanningismadeupofatleasttwoimportantcomponents:Mappingon-premisesHyper-VVMstoAzureVMsizes(suchasA6,A7,A8,andA9).
DeterminingtherequiredInternetbandwidth.
Formoreinformationaboutmappingtheon-premisesVMstothecertifiedandsupportedVMSKUinAzure,seetheexistingSAPonAzuredocumentation,inadditiontoSAPNote1928533–SAPApplicationsonAzure:SupportedProductsandAzureVMtypesathttp://service.
sap.
com/sap/support/notes/1928533.
SAPapplicationserversdonotcontainanybusinessdata;therefore,theexpecteddatachangerateisquitesmall.
TheamountoftrafficgeneratedbyaSAPVMisnotlarge.
Ifyouobservealargeamountofreplicationtraffic,youshouldinvestigatetodeterminerootcause.
PossiblecausesincludeusingSAPapplicationserversasfileserversandwritingtextorCSVfilestoaSAPapplicationserver(asecurityriskandpooroperationalpracticethatwestronglydiscourage)ortracingandlogging,suchasauditlogs,joblogs,orST05traces.
YoushouldmonitorDBMSreplicationtrafficcarefully.
TheamountoflogshippingorAlwaysOntrafficcanbeestimatedbasedonthesizeofthetransactionlogbackups.
AlwaysOnusescompressionbydefault.
Iflogshippingisused,configureBackupCompression,inallcases.
ImplementationchecklistTheAzurePortalprovidesstep-by-stepproceduresforimplementingAzureSiteRecoveryonthemainpageoftheSiteRecoveryVaultdashboard.
Table3.
Implementationchecklist.
Step1Configurethevault.
DownloadRegistrationKeyStep2PrepareVMMservers.
DownloadMicrosoftAzureSiteRecoveryProvider,andinstallitonVMMservers.
Step3Prepareresources.
AddanAzureStorageaccount.
DownloadtheMicrosoftAzureRecoveryServicesAgent,andinstallitonHyper-Vhostservers.
Configureagentproxy,asneeded.
Step4Configurecloudprotection.
SetupprotectionforVMMclouds.
Step5Mapresources.
Mapon-premisenetworkstoAzureVNET.
Step6Protectvirtualmachines,enablevirtualmachines.
DefineVMsystembootdiskinSystemCenter.
AddVMtoSystemCentercloud.
EnableprotectionforVMs.
Step7Configurerecoveryplans.
PerformtestfailoveronindividualVMs.
EnsurethatallVMshaveaccesstorequiredresources,suchasActiveDirectory.
EnsurethatnetworkredirectionsforSAPASCSareworking.
Step8PerformDRsimulationwithtechnicalvalidationonly.
PerformtechnicalvalidationofSAPsystem—checkSM51,SM21,systemconnectivity,interfaceconnectivity,andmore.
Step9PerformDRsimulationwithend-userfunctionalvalidation.
TestingAzureSiteRecoverySolutionforSAPNetworkisolatedfailoverscenarioAzureSiteRecoveryServicesincludestestfailover,whichdiffersfromplanned/unplannedfailoverproceduresinthefollowingways:Atestfailoverdoesnotstoptheon-premisesVMs;itsimplyactivatesthecopyoftheVMinAzure.
TestfailovercandirecttheVMstoadifferentVNET,whichdoesnotneedtohaveaVPNconnectionbacktotheon-premisesnetwork.
Becauseofthis,theVMscanoperateinanisolatednetworkbubble,disconnectedfromVPNsandtheon-premisesnetwork.
ThetestfailoverAzureSiteRecoveryjobpausesaftertheVMsstartup.
Afterpausing,theVMsareautomaticallydestroyedandarenotreplicatedbacktotheon-premisesenvironment.
AtestfailoverdoesnotinterruptorcompromisetheDRsolution.
AtestfailovercopiestheunderlyingstorageandcreatesanewtemporarycopyattachedtoatemporaryVM.
Toenablecommunicationbetweenatemporary,testVNETandotherVNETs—whereActiveDirectoryorSQLServerAlwaysOnVMsarerunning—VNET-to-VNETconnectivityisused.
WerecommendusingtestfailoverformostDRtestscenarios,especiallywhenchangestotheActiveDirectoryclusternameobject(CNO),serverprincipalname(SPN),orotherpropertiesarerequired.
UsingthetestfailovermechanismguaranteesthatActiveDirectorychangesdonotreplicatebacktotheon-premisesActiveDirectoryandimpacttheproductionsystems.
Figure7.
AzureSiteRecoveryServicesincludestestfailover.
NetworkintegratedfailoverscenarioPlannedfailover(PFO)isexecutedinananticipatedevent—apoweroutage,networkoutage,orservermaintenance.
PFOensuresthatthereisnodatalossintherecoveryprocessbymakingsurethatprimarysideVMsareshutdownandthatthelastdeltareplicationhasbeensenttoAzurebeforeinitiatingthefailover.
Unplannedfailover(UFO)isexecutedintheeventofadisasterorunexpectedoutage—aneventyoucannotplan.
UFOincurssomedatalossasconfiguredduringtheprotection.
UFOensuresthatVMsarebroughtonlineinAzureimmediately.
ExecutingUFOpausestheon-premisesVMs.
NOTEInSAPscenarios,wedonotrecommendtheuseofUFO.
Figure8.
AzurePortalFailovercontrol.
Monitoring,troubleshooting,andexceptionalhandlingMonitoringAsofSeptember2014,theAzurePortalindicatestheVMsynchronizationstatusonlywhenclickingeachprotectedcloud.
InconsistentreplicationstatusisindicatedintheAzurePortalandintheEventViewer.
Furtheralertingoptionsarebeingevaluated.
OpenWindowsTaskManager>Performance>ResourceMonitor,andthenfilterbyimagecbengine.
exe,vmmservice.
exe,andvmmagent.
exe.
ResourceMonitorcanbeusedtomeasurethenetworkthroughput.
Asaminimum,3–5megabytespersecond(MBPS)shouldbeachieved.
Figure9.
ResourceMonitorcanbeusedtomeasurethenetworkthroughput.
TroubleshootingTheAzureRecoveryServicesagentlogsinformationintotheWindowsEventViewer.
WerecommendperiodicallycheckingtheEventViewer.
Figure10.
EventViewerinAzureRecoveryServicesagent.
FurtherinformationisloggedintracefilesinthefollowingdirectoryontheHyper-Vhosts:C:\ProgramFiles\MicrosoftAzureRecoveryServicesAgent\TempFigure11.
Tracefilescontainslogsofimportantevents.
Thefollowingcmdletscanbeusedtoretrievethesamereplicationstatus:Get-VMReplication-ComputerName""-VMName""Measure-VMReplication-ComputerName""-VMName""TocollectVMMlogs,seeHowtoenabledebuglogginginVirtualMachineManagerathttp://support.
microsoft.
com/kb/2913445.
https://azure.
microsoft.
com/en-us/documentation/articles/site-recovery-monitoring-and-troubleshooting/ExceptionhandlingIfyouseethefollowingerrormessage,restarttheAzureSiteRecoveryagentontheSystemCenterVirtualMachineManagerhostandthenverifythatthecertificateisvalid.
Figure12.
ErrormessageinAzureSiteRecoveryagent.
Whenyouexecuteacommand,suchasnetview\\servernameornetview\\virtualhostname,youmayreceiveanerror("Error5AccessDenied"or"Error53Pathnotfound").
Ifthishappens,andifthefollowingKerberoserroralsooccurswhenyouchooseEventViewer>System,theActiveDirectoryCNOobjectfortheASCSisstillenabled.
Formoreinformation,seethe"3.
3Agents"sectionofthisdocument.
TheKerberosclientreceivedaKRB_AP_ERR_MODIFIEDerrorfromtheserver$.
Thetargetnameusedwascifs/.
DOMAIN.
local.
Thisindicatesthatthetargetserverfailedtodecrypttheticketprovidedbytheclient.
Thiscanoccurwhenthetargetserverprincipalname(SPN)isregisteredonanaccountotherthantheaccountthetargetserviceisusing.
PleaseensurethatthetargetSPNisregisteredon,andonlyregisteredon,theaccountusedbytheserver.
ThiserrorcanalsohappenwhenthetargetserviceisusingadifferentpasswordforthetargetserviceaccountthanwhattheKerberosKeyDistributionCenter(KDC)hasforthetargetserviceaccount.
PleaseensurethattheserviceontheserverandtheKDCarebothupdatedtousethecurrentpassword.
Iftheservernameisnotfullyqualified,andthetargetdomain(DOMAIN.
LOCAL)isdifferentfromtheclientdomain(DOMAIN.
LOCAL),checkifthereareidenticallynamedserveraccountsinthesetwodomains,orusethefullyqualifiednametoidentifytheserver.
AzureSiteRecoveryforVMwareandLinuxItistechnicallypossibletoreplicateVMware,Linux,andphysicaldeploymentstoAzureusingtheInMagetoolset.
However,thisdocumentonlydescribeshowtoreplicatetheHyper-VprivatecloudtoAzureusingtheHyper-VReplicareplicationchannel.
InMageprovidesanadditionalreplicationchannel.
AfuturepaperwilldescribethesetupandconfigurationofInMageforSAPsystems.
http://azure.
microsoft.
com/blog/2015/07/09/announcing-the-ga-of-disaster-recovery-for-vmware-virtual-machines-and-physical-machines-to-azure-using-asr/FormoreinformationaboutInMage,seeAcquisitionofInMageSystems,ontheIntheCloudblogathttp://blogs.
technet.
com/b/in_the_cloud/archive/2014/07/24/acquisition-of-inmage-systems.
aspx.

Appendix:RecommendedresourcesGettingStartedwithAzureSiteRecovery:On-PremisestoOn-PremisesVMMSiteProtectionwithHyper-VReplication,ontheMSDNwebsite,athttp://azure.
microsoft.
com/en-us/documentation/articles/hyper-v-recovery-manager-configure-vault/.

MicrosoftAzureSiteRecovery:LeveragingAzureasYourDisasterRecoverySiteontheChannel9websiteathttps://channel9.
msdn.
com/Events/TechEd/Europe/2014/CDP-B314.
Episode149:AzureSiteRecoverywithPraveenVijayaraghavan,ontheChannel9website,athttp://channel9.
msdn.
com/Shows/Cloud+Cover/Episode-149-Azure-Site-Recovery-with-Praveen-Vijayaraghavan.

ActiveDirectoryVirtualizationSafeguardsandDomainControllerCloningwithWindowsServer2012,ontheChannel9website,athttp://channel9.
msdn.
com/Events/TechEd/Europe/2012/SIA317.
MicrosoftAzureSiteRecovery:YourDRSiteinMicrosoftAzure,ontheSystemCenterTeamBlog,athttp://blogs.
technet.
com/b/systemcenter/archive/2014/07/01/microsoft-azure-site-recovery-your-dr-site-in-microsoft-azure.
aspx.

UpdateRollup3forSystemCenter2012R2isnowavailable,ontheSystemCenterTeamBlog,athttp://blogs.
technet.
com/b/systemcenter/archive/2014/07/29/update-rollup-3-for-system-center-2012-r2-is-now-available.
aspx.

https://channel9.
msdn.
com/Shows/Edge/Disaster-Recovery-using-Azure-Site-Recovery-for-SMB-Hyper-V-Replicationhttps://channel9.
msdn.
com/events/TechEd/Europe/2014/CDP-B319https://channel9.
msdn.
com/events/TechEd/Europe/2014/CDP-B314https://channel9.
msdn.
com/events/Ignite/2015/BRK3503GlossaryAzureSiteRecoverycomponents(A–Z)ActiveDirectorySAPonAzuresolutionsmusthaveanActiveDirectorydomaincontrollerinAzuretocontinuetoworkintheexpectedway.
AzureSiteRecoveryagentsAzureSiteRecoveryrequirestwoagents.
OneagentisinstalledontheHyper-Vhost(s)andanotherisinstalledontheSystemCenterVirtualMachineManagerserver.
Formoreinformation,seethe"3.
3Agents"sectioninthisdocument.
AzureSiteRecoveryPortal—siterecoveryvaultAzureSiteRecoveryisaservicewithinAzurePortalandrequiresasiterecoveryvault.
Azuresupportsbackupvaultsandsiterecoveryvaults.
AsiterecoveryvaultholdsthemetadataforasiteprotectedbyAzureSiteRecoveryandlinkstoastorageaccountthatholdstheVMVirtualHardDisks(VHDs).
AzurestorageaccountAzureSiteRecoveryServicesreplicatestheVHD(x)ofVMsandstoresthemonAzureBlobPageStore.
Ataconfigurableintervalof30seconds,5minutes,or15minutes,adeltareplicationissynchronizedfromHyper-VtoAzure.
Allthefileobjectsarekeptonastorageaccount.
Formoreinformation,seeHowToCreateaStorageAccount,athttp://azure.
microsoft.
com/en-us/documentation/articles/storage-create-storage-account/.
databaseserversInthescenariodescribedinthisdocument,databaseserversarenotprotectedwithAzureSiteRecovery.
WerecommendusingnativedatabasetoolsforyourspecificSAPscenario.
Hyper-VclusterAzureSiteRecoveryreplicatesHyper-VVMstoAzure.
AzureSiteRecoveryusestheHyper-VreplicationmechanismtosynchronizetheVMswithAzure.
FormoreinformationaboutdeployingSAPonHyper-V,seeHowtoDeploySAPonMicrosoftPrivateCloudwithHyper-V3.
0,athttp://blogs.
msdn.
com/b/saponsqlserver/archive/2013/06/30/how-to-deploy-sap-on-microsoft-private-cloud-with-hyper-v-3-0.
aspx.