Woodgrove is using Site Recovery to replicate on-premises machines to Azure.They connect from on-premises to Azure over site-to-site VPN.The fictitious company Woodgrove Bank hosts their business apps on-premises They host their mobile apps in Azure.You need an Azure VNet to match the on-premises network, and after failover network routes must be modified to reflect that the subnet has moved to Azure, and new IP address locations. Subnets must be managed as part of the disaster recovery process.In the Compute & Network properties of the replicated item, set network and IP addressing for the target Azure VM to mirror the on-premises setting.Retaining IP addresses requires the following steps: Subnet failover ensures that a specific subnet isn't available simultaneously on-premises and in Azure.Azure doesn't support stretched VLANs, so if you want to retain IP addresses you need to take the IP space over to Azure by failing over the entire subnet, in addition to the on-premises machine. You need a connection from on-premises to Azure after failover, so that apps are available on Azure VMs.If the target Azure VM uses the same IP address/subnet as your on-premises site, you can't connect between them using a site-to-site VPN connection or ExpressRoute, because of the address overlap.Retaining the same IP address avoids potential network issues after failover, but does introduce some complexity. Site Recovery lets you retain the same IP addresses when failing over to Azure. Use different IP address: You can use a different IP address for the Azure VM.Retain same IP address: You can use the same IP address on the Azure VM as the one allocated to the on-premises machine.To set the internal IP address of an Azure VM after failover, you have a couple of options: Learn more about setting up a public address. Set a public IP addressĪs an alternative to assigning a public IP address manually to an Azure VM, you can assign the address during failover using a script or Azure automation runbook in a Site Recovery recovery plan, or you can set up DNS-level routing using Azure Traffic Manager. The Azure Bastion service offers private RDP and SSH access to Azure VMs. Check that network security group (NSG) rules on the VM allow incoming connections to the RDP or SSH port.You can't use the same public IP address for the Azure VM that you used for your on-premises machine.
To connect to the VM over the internet, assign a public IP address to the VM.Check that firewall rules allow an SSH connection.Īfter failover, do the following on the Azure VMs that are created.Check that the Secure Shell service is set to start automatically on system boot.On on-premises Linux machines, do the following: If there are, updates might start installing on the Azure VM after failover, and you won't be able to sign into the VM until updates finish.
#Bastion switch physical windows
Make sure that there are no Windows updates pending on the on-premises VM when you trigger a failover. If you want to access an Azure VM over a site-to-site VPN after failover, in Windows Firewall on the on-premises machine, allow RDP for the Domain and Private profiles.
To access an Azure VM over the internet after failover, in Windows Firewall on the on-premises machine, allow TCP and UDP in the Public profile, and set RDP as an allowed app for all profiles. Follow these instructions.Įnable remote desktop (RDP) to allow remote connections to the on-premises machine. These include removing any static persistent routes or WinHTTP proxy, and setting the disk SAN policy to OnlineAll. On on-premises Windows machines, do the following:Ĭonfigure Windows settings. To ensure connectivity to Azure VMs, prepare your on-premises machines before failover.
0 kommentar(er)
