{"id":15170,"date":"2020-08-05T11:51:53","date_gmt":"2020-08-05T11:51:53","guid":{"rendered":"https:\/\/www.testpreptraining.com\/tutorial\/?page_id=15170"},"modified":"2022-04-04T10:19:36","modified_gmt":"2022-04-04T10:19:36","slug":"site-recovery-network-in-azure-vm","status":"publish","type":"page","link":"https:\/\/www.testpreptraining.ai\/tutorial\/site-recovery-network-in-azure-vm\/","title":{"rendered":"Site recovery network in Azure VM"},"content":{"rendered":"\n<p><a href=\"https:\/\/www.testpreptraining.ai\/tutorial\/exam-az-304-microsoft-azure-architect-design\/\" target=\"_blank\" rel=\"noreferrer noopener\">Go back to AZ-304 Tutorials<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>AZ-304 is retired.\u00a0<a href=\"https:\/\/www.testpreptraining.ai\/designing-microsoft-azure-infrastructure-solutions-az-305\" target=\"_blank\" rel=\"noreferrer noopener\">AZ-305<\/a>\u00a0replacement is available.<\/strong><\/h2>\n\n\n\n<p>In this tutorial we will learn and understand network guidance when replicating and recovering Azure VM from one region to another, using Azure Site Recovery.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Typical network infrastructure<\/strong><\/h4>\n\n\n\n<p><em>The diagram below represents a typical Azure environment, for applications running on Azure VMs:<\/em><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/network-vm.png\" alt=\"Azure VMs running for network recovery\" class=\"wp-image-15240\" width=\"433\" height=\"477\" srcset=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/network-vm.png 612w, https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/network-vm-364x400.png 364w\" sizes=\"auto, (max-width: 433px) 100vw, 433px\" \/><figcaption>Image Source: Microsoft<\/figcaption><\/figure><\/div>\n\n\n\n<p><em>However, if you are using Azure ExpressRoute or a VPN connection from your on-premises network to Azure, the environment is as follows:<\/em><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/network-vm-1.png\" alt=\"on-premise network to Azure\" class=\"wp-image-15241\" width=\"717\" height=\"366\" srcset=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/network-vm-1.png 892w, https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/network-vm-1-750x383.png 750w\" sizes=\"auto, (max-width: 717px) 100vw, 717px\" \/><figcaption>Image Source: Microsoft<\/figcaption><\/figure><\/div>\n\n\n\n<p>However, Typically, networks are protected using firewalls and network security groups (NSGs). Where the Firewalls use URL or IP-based whitelisting for controlling network connectivity. And, NSGs provide rules that use IP address ranges to control network connectivity.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full\"><a href=\"https:\/\/www.testpreptraining.ai\/microsoft-azure-architect-design-az-304-free-practice-test\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" width=\"961\" height=\"150\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/AZ-304-practice-tests-6.png\" alt=\"AZ-304 practice tests\" class=\"wp-image-18234\" srcset=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/AZ-304-practice-tests-6.png 961w, https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/AZ-304-practice-tests-6-750x117.png 750w\" sizes=\"auto, (max-width: 961px) 100vw, 961px\" \/><\/a><\/figure><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Outbound connectivity for URLs<\/strong><\/h4>\n\n\n\n<p>If you are using a URL-based firewall proxy for controlling outbound connectivity, allow these Site Recovery URLs:<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/network-vm-2.png\" alt=\"outbound connectivity\" class=\"wp-image-15243\" width=\"735\" height=\"309\" srcset=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/network-vm-2.png 923w, https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/network-vm-2-750x315.png 750w\" sizes=\"auto, (max-width: 735px) 100vw, 735px\" \/><figcaption>Image Source: Microsoft<\/figcaption><\/figure><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Outbound connectivity using Service Tags<\/strong><\/h4>\n\n\n\n<p>If you are using an NSG for controlling outbound connectivity, these service tags need to be allowed.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Firstly, for the storage accounts in the source region, create a Storage service tag-based NSG rule for the source region. And, allow these addresses to write data to the cache storage account, from the VM.<\/li><li>Secondly, create an Azure Active Directory (AAD) service tag-based NSG rule for allowing access to all IP addresses corresponding to AAD<\/li><li>Thirdly, create an EventsHub service tag-based NSG rule for the target region, allowing access to Site Recovery monitoring.<\/li><li>Then, create an AzureSiteRecovery service tag-based NSG rule for allowing access to Site Recovery service in any region.<\/li><li>Fifthly, create an AzureKeyVault service tag-based NSG rule. This is only necessary when enabling the replication of ADE-enabled virtual machines via portal.<\/li><li>Lastly, create the required NSG rules on a test NSG. And verify that there are no problems before you create the rules on a production NSG.<\/li><\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>NSG rules &#8211; East US<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\"><li>Firstly, create an outbound HTTPS (443) security rule for &#8220;Storage.EastUS&#8221; on the NSG.<\/li><li>Secondly, create an outbound HTTPS (443) security rule for &#8220;AzureActiveDirectory&#8221; on the NSG.<\/li><li>Then, create an outbound HTTPS (443) security rule for &#8220;EventHub.CentralUS&#8221; on the NSG that corresponds to the target location for allowing access to Site Recovery monitoring.<\/li><li>Lastly, create an outbound HTTPS (443) security rule for &#8220;AzureSiteRecovery&#8221; on the NSG for allowing access to Site Recovery Service in any region.<\/li><\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>NSG rules &#8211; Central US<\/strong><\/h4>\n\n\n\n<p>These rules are necessary for enabling replication from the target region to the source region post-failover:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Firstly, create an outbound HTTPS (443) security rule for &#8220;Storage.CentralUS&#8221; on the NSG.<\/li><li>Secondly, create an outbound HTTPS (443) security rule for &#8220;AzureActiveDirectory&#8221; on the NSG.<\/li><li>Then, create an outbound HTTPS (443) security rule for &#8220;EventHub.EastUS&#8221; on the NSG that corresponds to the source location. This will provide access to Site Recovery monitoring.<\/li><li>Lastly, create an outbound HTTPS (443) security rule for &#8220;AzureSiteRecovery&#8221; on the NSG for allowing access to Site Recovery Service in any region.<\/li><\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Network virtual appliance configuration<\/strong><\/h4>\n\n\n\n<p>If you are using network virtual appliances (NVAs) for controlling outbound network traffic from VMs. Then, the appliance might get throttled if all the replication traffic passes through the NVA. So, we recommend creating a network service endpoint in your virtual network for &#8220;Storage&#8221; for replication traffic not to go to the NVA.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Creating network service endpoint for Storage<\/strong><\/h5>\n\n\n\n<p>You can create a network service endpoint in your virtual network for &#8220;Storage&#8221;&nbsp; for the replication traffic to not leave Azure boundary.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Firstly, select your Azure virtual network and click on &#8216;Service endpoints&#8217;<\/li><li>Then, click &#8216;Add&#8217; and &#8216;Add service endpoints&#8217; tab opens<\/li><li>Lastly, select &#8216;Microsoft.Storage&#8217; under &#8216;Service&#8217; and the required subnets under &#8216;Subnets&#8217; field and click &#8216;Add&#8217;<\/li><\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Forced tunneling<\/strong><\/h4>\n\n\n\n<p>You can override Azure&#8217;s default system route for the 0.0.0.0\/0 address prefix using a custom route. Moreover, you can distract VM traffic to an on-premises network virtual appliance (NVA). However, if you&#8217;re using custom routes, then you should create a virtual network service endpoint in your virtual network for &#8220;Storage&#8221; for the replication traffic to not leave the Azure boundary.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full\"><a href=\"https:\/\/www.testpreptraining.ai\/microsoft-azure-architect-design-az-304-practice-exam\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" width=\"961\" height=\"150\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/Az-304-online-course-12.png\" alt=\"AZ-304 online course\" class=\"wp-image-15171\" srcset=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/Az-304-online-course-12.png 961w, https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/Az-304-online-course-12-750x117.png 750w\" sizes=\"auto, (max-width: 961px) 100vw, 961px\" \/><\/a><\/figure><\/div>\n\n\n\n<p class=\"has-text-align-right\"><strong>Reference: <\/strong><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/site-recovery\/azure-to-azure-about-networking\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Documentation<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.testpreptraining.ai\/tutorial\/exam-az-304-microsoft-azure-architect-design\/\" target=\"_blank\" rel=\"noreferrer noopener\"><a href=\"https:\/\/www.testpreptraining.ai\/tutorial\/exam-az-304-microsoft-azure-architect-design\/\" target=\"_blank\" rel=\"noreferrer noopener\">Go back to AZ-304 Tutorials<\/a><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Go back to AZ-304 Tutorials AZ-304 is retired.\u00a0AZ-305\u00a0replacement is available. In this tutorial we will learn and understand network guidance when replicating and recovering Azure VM from one region to another, using Azure Site Recovery. Typical network infrastructure The diagram below represents a typical Azure environment, for applications running on Azure VMs: However, if you&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[],"tags":[],"class_list":["post-15170","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Site recovery network in Azure VM | Microsoft Azure AZ-304<\/title>\n<meta name=\"description\" content=\"Increase your knowledge level by Site recovery network in Azure VM using Microsoft Azure AZ-304 online course and practice exam Now!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.testpreptraining.ai\/tutorial\/site-recovery-network-in-azure-vm\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Site recovery network in Azure VM | Microsoft Azure AZ-304\" \/>\n<meta property=\"og:description\" content=\"Increase your knowledge level by Site recovery network in Azure VM using Microsoft Azure AZ-304 online course and practice exam Now!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/site-recovery-network-in-azure-vm\/\" \/>\n<meta property=\"og:site_name\" content=\"Testprep Training Tutorials\" \/>\n<meta property=\"article:modified_time\" content=\"2022-04-04T10:19:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/network-vm.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/site-recovery-network-in-azure-vm\/\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/site-recovery-network-in-azure-vm\/\",\"name\":\"Site recovery network in Azure VM | Microsoft Azure AZ-304\",\"isPartOf\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\"},\"datePublished\":\"2020-08-05T11:51:53+00:00\",\"dateModified\":\"2022-04-04T10:19:36+00:00\",\"description\":\"Increase your knowledge level by Site recovery network in Azure VM using Microsoft Azure AZ-304 online course and practice exam Now!\",\"breadcrumb\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/site-recovery-network-in-azure-vm\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.testpreptraining.ai\/tutorial\/site-recovery-network-in-azure-vm\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/site-recovery-network-in-azure-vm\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Site recovery network in Azure VM\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"name\":\"Testprep Training Tutorials\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\",\"name\":\"Testprep Training\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"contentUrl\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"width\":583,\"height\":153,\"caption\":\"Testprep Training\"},\"image\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Site recovery network in Azure VM | Microsoft Azure AZ-304","description":"Increase your knowledge level by Site recovery network in Azure VM using Microsoft Azure AZ-304 online course and practice exam Now!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.testpreptraining.ai\/tutorial\/site-recovery-network-in-azure-vm\/","og_locale":"en_US","og_type":"article","og_title":"Site recovery network in Azure VM | Microsoft Azure AZ-304","og_description":"Increase your knowledge level by Site recovery network in Azure VM using Microsoft Azure AZ-304 online course and practice exam Now!","og_url":"https:\/\/www.testpreptraining.ai\/tutorial\/site-recovery-network-in-azure-vm\/","og_site_name":"Testprep Training Tutorials","article_modified_time":"2022-04-04T10:19:36+00:00","og_image":[{"url":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/network-vm.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/site-recovery-network-in-azure-vm\/","url":"https:\/\/www.testpreptraining.ai\/tutorial\/site-recovery-network-in-azure-vm\/","name":"Site recovery network in Azure VM | Microsoft Azure AZ-304","isPartOf":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website"},"datePublished":"2020-08-05T11:51:53+00:00","dateModified":"2022-04-04T10:19:36+00:00","description":"Increase your knowledge level by Site recovery network in Azure VM using Microsoft Azure AZ-304 online course and practice exam Now!","breadcrumb":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/site-recovery-network-in-azure-vm\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.testpreptraining.ai\/tutorial\/site-recovery-network-in-azure-vm\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/site-recovery-network-in-azure-vm\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.testpreptraining.ai\/tutorial\/"},{"@type":"ListItem","position":2,"name":"Site recovery network in Azure VM"}]},{"@type":"WebSite","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","name":"Testprep Training Tutorials","description":"","publisher":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization","name":"Testprep Training","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","contentUrl":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","width":583,"height":153,"caption":"Testprep Training"},"image":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/15170","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/comments?post=15170"}],"version-history":[{"count":4,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/15170\/revisions"}],"predecessor-version":[{"id":54069,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/15170\/revisions\/54069"}],"wp:attachment":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/media?parent=15170"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/categories?post=15170"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/tags?post=15170"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}