Azure Scale Sets and Zerto

Zerto uses native Azure services to accelerate the move, failover and failover testing from on-premises to Azure. One of the ways Zerto achieves such short RTOs to public cloud is the use of Azure Scale Sets.

If you are not familiar with Azure Scale Sets, they are sets of VMs that power on automatically and perform a task and then deallocate automatically. Zerto uses them when a move, failover or failover test is performed.

In the following demo, you will see me initiate a failover from vSphere to Azure. Here’s what happens:

  • The scale set starts up 41 Linux worker VMs to process the replication data
  • I selected Reverse Replication in my Zerto failover. Once the VMs are running in Azure, the Scale Set works the delta sync from Azure to vSphere.
  • The Scale Set will process the Reverse Protection data until the Azure and vSphere sites are in sync.
  • Once the replication work is complete, the Scale Set will decommission all but one Scale Set VM that acts as the scheduler for the Scale Set.

Azure Quick Tip: Log into Azure from Powershell

If you don’t have Azure Powershell installed, here is how to do it:

From Powershell, enter Login-AzureRMAccount and hit Enter.

A Microsoft Azure login screen will pop up.

Log in with your Azure credentials. Now you’re ready to start working with Azure from the Powershell.

 

Azure Managed Disk Incremental Snapshots and Zerto

At Ignite, Microsoft announced they added managed disk incremental snapshots. Zerto leverages the managed disks incremental snapshot feature for replication from Azure.

I’m part of the Global Alliances team at Zerto. We are responsible for the Microsoft relationship and get to collaborate with the Zerto Product teams and Azure Product teams to bring new features to the market.

The Zerto product teams have been working hard for several months with Microsoft to get the incremental snapshot feature developed.  The Azure storage team is great to work with as a partner. They actually listen to partner needs and develop APIs and functionality to meet those needs. At Ignite, I did a presentation of how Zerto uses the Incremental Snapshot feature in Raman Kumar’s THR3114 Migrate and protect your production applications running on Azure Disks.

This is an important feature to Zerto because Zerto doesn’t have agents in the virtual machines so Zerto needs Azure storage and their APIs to act more like a enterprise storage in order to track changes.

I also did a short demo in the session and I protected three servers with multiple disks from vSphere to Azure using Premium Managed disks then failed them over to Azure. I also set up reverse protection from Azure back to vSphere.

3 VMs protected to Azure with Premium Managed Disks then failed over to run in Azure

Below, we see the VMs and the multiple Premium SSD Managed disks as well as the Snapshots. The way that the incremental snapshots work is they are constantly updating and snapshotting only the incremental data to be more efficient. For example, in the image below of the Azure Portal during the protection from Azure to vSphere, the older snapshot’s data has been deleted due to a newer snapshot tracking that data. Eventually the oldest snapshot will be deleted as the Zerto protection continues.

Azure incremental snapshots being created and deleted automatically by Zerto for change tracking

To move back to vSphere from Azure, we use the Move command.

Moving VMs from Azure back to vSphere

I select my VPG that is replicating from Azure to vSphere.

Selecting the Virtual Protection Group to move from Azure to vSphere

I keep the Reverse Protection on so once the VMs are back in vSphere, they automatically replicate back to Azure.

Reverse Protection selected so the VMs will replicate back to Azure once running in vSphere

Click Move.

Move the VMs

Acknowledge the Commit Policy Warning.

The Commit Policy allows you to automatically commit or roll back the Move in a specified period of time

And watch the move progress.

The move progress

The VMs automatically deallocate from Azure.

VMs automatically deallocated from Azure once moved to vSphere

The VMs are moved and running in vSphere with protection automatically set up to Azure.

The VMs back in vSphere being protected to Azure

The new incremental snapshot feature helps Zerto complete the move in and move out of Azure scenarios.

Azure VMware Solutions by CloudSimple

CloudSimple

CloudSimple and Microsoft provides the ability to run a complete VMware environment inside of Azure. Source: https://docs.azure.cloudsimple.com/cloudsimple-vmware-solutions-overview/

Why would anyone want to run VMware in Azure?

Some of the use cases could be:

  • The need to evacuate a VMware-based datacenter in a short timeframe. Your organization has a public cloud strategy, but there isn’t time to design and deploy a full Azure native environment before you need to be out of the datacenter.
  • Your company is full of VMware experts that don’t have Azure knowledge yet.
  • Some of your applications aren’t good candidates for public cloud environments, but the majority of the applications are. You will need to maintain a small VMware footprint.

What are the sizes of the environments available?

Cost

CloudSimple currently has to instance sizes available. The smaller one is CS28 and it has 28 Cores, 256GB Ram and over 5TB of flash storage. Source: https://azure.microsoft.com/en-us/pricing/details/azure-vmware-cloudsimple/

What does it Cost?

It is important to note that a basic deployment is billed a minimum of a month due to the fact that you are getting physical servers inside an Azure datacenter, so when you deploy, it’s going to be about $18,000/month for the CS28 Instance Size. Here are more details on the CloudSimple pricing https://azure.microsoft.com/en-us/pricing/details/azure-vmware-cloudsimple/

How do I get started?

Very few products are named as accurately as CloudSimple. I went from zero to having a fully operational VMware datacenter in Azure in about 30 minutes. CloudSimple makes getting VMware inside of Azure really simple to do.

Portal1

To get your VMware datacenter installed, just search in the Azure Marketplace for CloudSimple. https://azuremarketplace.microsoft.com/en-us/marketplace/ 

Portal2

Once you have the CloudSimple Portal installed in Azure, then follow their intuitive steps. 

Note on the VPN

In order to connect to the Azure VPN in CloudSimple, you have to change the clamping to 1078.

How do I set up the VMware environment?

vmware setup

As a typical tech guy, I didn’t read any instructions and was able to get it installed just following their “Common Task” steps in the portal. You install the CloudSimple service, install the nodes and give it a few minutes and you have a VMware environment up and running in Azure. 

Operations

After the VMware environment running, it’s just like any other VMware datacenter. You use vCenter to manage it and provision VMs just like you normally do.

Adding Zerto

Of course the first thing we did was get a VM up and running in Azure and install Zerto. We created a VPN gateway in Azure and then connected our on-premises datacenter to it. The rest is normal Zerto on VMware operations. It really is that straightforward.

Using Azure Quickstart to Deploy the Zerto Cloud Appliance with VPN

Overview

While deploying the Zerto Cloud Appliance (ZCA) in Azure is straightforward, it does require that a Resource Group, networking, VPN and network security groups (NSGs) exist in Azure already.

In another blog post, I show you how to deploy the Zerto Cloud Appliance from the Azure Marketplace using an Azure Quickstart template. For you to be able to connect to the on-premises Zerto site, you will need a VPN in place.

In order to eliminate the separate VPN pre-requisite build step, we’ve now added a new Azure Quickstart template. This Quickstart template deploys the Resource Group, Network, NSGs, plus the VPN and the ZCA. How cool is that?

Deployment Prerequisites

    1. An Azure Subscription.
    2. An account in Azure that has owner permissions to the subscription and the ability to add web apps in Azure.
    3. An operational IPSec VPN endpoint on-premises
    4. The pre-shared key for the VPN
    5. The IP Address of the Local VPN Gateway
    6. The IP subnet of the Local VPN in CIDR format
    7. The IP Addressing for the private Azure network where the failed over VMs will run. A default of 10.3.0.0/16 is available, but this can be changed to your specific network scheme.

     

  1. For complete prerequisite requirements, see the Zerto Virtual Replication for Azure Guidelines.

Installation Steps

  1. Go to: https://azure.microsoft.com/en-us/resources/templates/?term=zerto

2. Click on the “Zerto Cloud Appliance with Site-to-Site VPN Connection” template in the gallery, and it takes you to the details page of the Quickstart template.

3. Click “Deploy to Azure” 

4. This page provides a complete list of parameter definitions for the deployment in Azure.

5. Fill in Custom Deployment parameters page. Each setting has an information bubble that has a detailed explanation of what to enter in the field Many of the settings have default parameters filled in already.

6. Agree to the terms and conditions and click purchase.

7. The installation process takes about 30 minutes to deploy.

8. The deployment process is shown in the Azure portal.

 

  1. Once the deployment completes, the message “Deployment succeeded” has a link to the resource group.
  2. In the resource group, review all the Azure resources automatically created by the Quickstart template. If the VPN is online at the on-premises location, you should now have site-to-site connectivity. Try pinging from ZCA to ZVM, make sure your Windows firewall are properly configured for ICMP.

  1. The next step is to RDP to the Zerto Cloud Appliance by clicking on the Virtual Machine object in the Resource Group and complete the ZCA installation. For detailed steps on how to configure the ZCA, see this blog post with video steps: http://virtualizationinformation.com/zerto-quick-tip-installing-zerto-virtual-replication-appliance-5-5-update-1-in-azure/

Links

 

 

 

 

Using Azure Quickstart to Deploy the Zerto Cloud Appliance

Overview

While deploying the Zerto Cloud Appliance (ZCA) in Azure is straightforward, it does require that a Resource Group, networking, and network security groups (NSGs) exist in Azure already.

We wanted to eliminate the separate pre-requisite build steps and have the Resource Group, Network, NSGs, and storage all deploy along with the ZCA. Fortunately, Microsoft made that possible with Azure Resource Manager (ARM) templates. ARM templates house all the settings necessary to fully deploy a simple or complex solution in Azure.

Deployment

Prerequisites

  1. An Azure Subscription.
  2. An account in Azure that has owner permissions to the subscription and the ability to add web apps in Azure.
  3. An operational site-to-site connection between on-premises and Azure. For proofs of concept and testing, a software VPN like SoftEther can be used. For production deployments you can use a hardware VPN or ExpressRoute.
  4. For complete prerequisite requirements, see the Zerto Virtual Replication Azure Guidelines https://zerto.io/2BMLkPY

Installation Steps

  1. Go to https://azure.microsoft.com/en-us/resources/templates/?term=zerto
  2. Select the “Create a Zerto Cloud Appliance”.

3. Click on the Deploy to Azure button. It will launch the Azure portal and begin the installation. This page provides the link and a complete list of parameter definitions for the deployment in Azure.

https://azure.microsoft.com/en-us/resources/templates/201-zerto-zca/

  1. The Zerto Cloud Appliance Marketplace VM, along with the networking and NSG’s, will begin to deploy. It takes about 15 minutes to complete the ZCA deployment.
  2. The deployment process is shown in the Azure portal.

  1. The next step is to RDP to the Zerto Cloud Appliance by clicking on the Virtual Machine object in the Resource Group and complete the ZCA installation. For detailed steps on how to configure the ZCA, see this blog post with video steps: http://virtualizationinformation.com/zerto-quick-tip-installing-zerto-virtual-replication-appliance-5-5-update-1-in-azure/

Links

 

 

 

 

Preparing Azure for a Zerto Cloud Appliance Installation – Part 4: Storage Accounts

Storage Accounts

Creating a new Storage Account like we will do in this step isn’t required to do a ZCA installation because the ZCA installer will create it automatically. However, as part of the installation, you can also select existing storage accounts so this post shows you if you have storage accounts already existing, you can use them.

From the main menu, select Storage accounts and create a new storage Account.

In the create storage account, give it a name that makes it easy to locate. I’m using msignitesa, the Resource Manager deployment model, General purpose, Premium (you can use standard), LRS and Disabled for secure transfer required. Be sure to use the Resource Group you created.

Go to the Resource Group you created and you will see the network, network security group and the storage account in the Resource Group.

This is the final post in this series. You now have everything you need to start the ZCA installation.

Preparing Azure for a Zerto Cloud Appliance Installation – Part 3: Network Security Groups

In the previous post in this series, we created Resource Groups and Networks and Subnets. In this post we continue to create what we need in the Azure environment for our Zerto Cloud Appliance installation.

Network Security Groups

Using similar steps as the creation of Resource Group and Networks,   from the main menu, go to Network Security Groups (NSGs) so we can create the Network Security Groups for the subnets.  Click +Add and give the Network Security Group a name. I used ms-ignite-demo-subnet-nsg and use the ms-ignite-rg Resource Group.

Once it’s created, open the Network Security Group so you can add some firewall rules. I’m going to show you how to create the rules using RDP and these rules could actually be assigned at different levels like individual NICs, but for the purpose of showing how to put inbound and outbound firewall rules, we’ll apply them to the subnets. For more on the design and usage of NSGs, read this post.

Additionally, since you most likely have a commercial firewall on-premises, there are commercial offerings in the Azure marketplace that allows your network and security teams to use the platform that they are accustomed to using. For example, if you use Cisco ASA, there is an Azure marketplace appliance available to use.

In the Resource Group, go down to Inbound Rules.

We want to use the drop-down selector for the Service. Choose RDP to allow Remote Desktop connections.

Once you click OK, it shows the firewall rules in the main table.

In this menu, select Subnets to associate the firewall rules to the subnets. Click the +Associate and select the virtual network you created and associate the subnets.

Once you have associated all the subnets you need, then you can close the blade.

Navigate over to the Resource Group you created. You will see the network and subnets in the Resource Group.

At this point, you actually have what you need to install Zerto Virtual Replication. During the Zerto Cloud Appliance installation, it will create a storage account. However, in version 5.5U1 Zerto added the ability to use an existing storage account. In the next post, we’ll create a storage account.

Preparing Azure for a Zerto Cloud Appliance Installation – Part 2: Networks and Subnets

This is the second post in the “Preparing Azure for a Zerto Cloud Appliance” series.  In the first post in this series, we created a Resource Group.  In this post, we’ll add a network and some subnets.

Networks and Subnets

Back at the main menu on the left, go to Virtual networks. You will be creating a Virtual network much like the way you created the Resource Group.

Click +Add to add a new network. Give your network a name. I used ms-ignite-net and add the Address space. I changed the IP address to 10.2.0.0/16 from /24 because I want to create some subnets.

Be sure to select Use existing Resource group and add in the Resource Group you created. I’m using ms-ignite-rg. Use an Azure Region that is closest to your data center that will be connecting to Azure to improve performance.

In the Subnet, I changed it to 10.2.1.0/24 and named it Demo1 Subnet.

Click Create to create the network. When it is complete, click on Subnets to open up the Subnets configuration menu.  I’m going to add 4 Subnets.

To add the Subnets, you click the +Subnet button. I wanted to use a series of /24 subnets in this network.

You don’t have to associate Network Security Groups or Route Tables in this step; however, you have NSGs or routes created already, you can can do it now. You also can add them later.

Now we have the network and subnets we need. In the next post in this series, we create some Network Security Groups and associate them to the subnets.