Automated Disaster Recovery

Solution for Microsoft Exchange

server using Azure Site Recovery

Summary: This document provides technical guidance for implementing disaster recovery solution for
Microsoft Exchange Server using Azure Site Recovery.

Published: April 2015

Applies to: Microsoft Exchange server, Azure Site Recovery

0|Page
Copyright and Disclaimer
2015 Microsoft Corporation. All rights reserved.

This document is provided "as-is. Information and views expressed in this document, including URL and
other Internet Web site references, may change without notice. You bear the risk of using it.
This document does not provide you with any legal rights to any intellectual property in any Microsoft
product. You may copy and use this document for your internal, reference purposes. You may modify this
document for your internal, reference purposes.

1|Page
Automated Disaster Recovery Solution for Microsoft Exchange server
using Azure Site Recovery....................................................................................................3
Overview........................................................................................................................................................................ 3
Exchange server architecture................................................................................................................................. 4
Large scale deployment 4
Small scale deployment 4
Supported Azure Site Recovery Deployment Options................................................................................ 5
Prerequisites................................................................................................................................................................. 6

Enable DR of Exchange application using ASR............................................................6

Protect your Exchange application...................................................................................................................... 6
Setup AD and DNS replication 6
Enable protection for Exchange CAS and MBX VMs 7
Configure Networking 7

Create a recovery plan...........................................................................................................9

Perform a Test Failover.......................................................................................................11
Perform an Unplanned Failover.......................................................................................11
Perform a Planned Failover...............................................................................................12
Perform a Failback.................................................................................................................12
Best Practices..........................................................................................................................12
Capacity planning and readiness assessment.............................................................................................. 12
Implementation Checklist..................................................................................................................................... 13

Summary...................................................................................................................................14
Appendix (Scripts).................................................................................................................15

2|Page
Automated Disaster Recovery Solution for Microsoft
Exchange server using Azure Site Recovery
Overview
Microsoft Exchange is the preferred software that enterprises use to host their messaging and email
services. Exchange ensures communications are also available across PC, phone or browser, while
providing unparalleled reliability, manageability and data protection.

Microsoft Exchange natively supports enterprise class high availability and disaster recovery solutions.
Database Availability Groups (DAG) which can enable high availability for large scale deployments of
Exchange. A DAG can also be extended to a remote site to provide disaster recovery.

Azure Site Recovery1 is an Azure based service that provides disaster recovery capabilities by
orchestrating replication, failover and recovery of virtual machines. Azure Site Recovery supports a
number of replication technologies to consistently replicate, protect, and seamlessly failover virtual
machines and applications to Azure, a secondary private cloud or to a service provider clouds.

Exchange Database availability groups and Azure Site Recovery technologies are complimentary.
Exchange DAGs are recommended deployment option to enable best in class disaster recovery for. For
small deployments, such as a single server or non-clustered servers, customers can use Azure Site
Recovery to protect the servers. Additionally, customers can use ASR recovery plans to orchestrate DAG
based failover via scripted actions. Azure Site Recovery based disaster recovery solution has been
reviewed by and supported by Exchange.

This document explains in detail about how you can create a disaster recovery solution for your
Microsoft Exchange server with Azure Site Recovery, perform a planned/unplanned/test failovers using
one-click recovery plan, supported configurations and prerequisites.

Exchange server architecture

1 Azure Site Recovery documentation

3|Page
Large scale deployment
For a large scale Exchange deployment, you can use DAGs across two sites and achieve both HA and DR
capabilities. A four-member DAG extended across two datacenters provides both datacenters high
availability and site resilience for the mailbox services and data. This configuration is illustrated in the
following figure.

Small scale deployment

A typical small scale Exchange application deployment shown in the picture below has the following key
components.

Active Directory Domain controller to control user access to the exchange application. DNS role would
be hosted on the same VM as that of the domain controller. If you have only one domain controller in
your environment then you can use any of the replication technologies supported by ASR to replicate the
domain controller2.

2 Replicating domain controllers

4|Page
 Exchange application deployment topology

Exchange Two VMs with one of the servers hosting a CAS (Client Access Server) role and another one
hosting MBX (Mailbox Server) role.

Subnet Primary side subnet and the recovery side can be different. ASR can recover Exchange on the
recovery site even when the subnets on both sides are same, but you would have to ensure that the
complete subnet fails over together.

Supported Azure Site Recovery Deployment Options

Customers can deploy Exchange server as Virtual Machines running on Hyper-V or VMware or as Physical
Servers. Azure Site Recovery can protect both physical and virtual deployments to either a secondary Site
or to Azure.

Hyper-V VMware Physical

Site to Site Site to Azure Site to Site Site to Azure Site to Site Site to Azure

Yes Coming Soon Yes Yes Yes Yes

Prerequisites
Implementing disaster recovery for Exchange application using Azure Site Recovery requires the
following pre-requisites completed.
5|Page
 An on-premises Exchange standalone deployment (without using DAG)
Azure Site Recovery Services vault has been created in Microsoft Azure subscription 3

Enable DR of Exchange application using ASR

Protect your Exchange application
Each component of the Exchange deployment needs to be protected to enable the complete application
replication and recovery. This section covers:
Protection of Active Directory
Protection of CAS and MBX VMs
Networking configuration

Setup AD and DNS replication

Active Directory is required on the DR site for Exchange application to function. There are two
recommended choices based on the complexity of the customers on-premises environment.

Option 1

If the customer has a small number of applications and a single domain controller for his entire on-
premises site and will be failing over the entire site together, then we recommend using ASR-
Replication to replicate the DC machine to secondary site (applicable for both Site to Site and Site to
Azure)

Option 2

If the customer has a large number of applications and is running an Active Directory forest and will
failover few applications at a time, then we recommend setting up an additional domain controller
on the DR site (secondary site or in Azure).

Please refer to companion guide4 on making a domain controller available on DR site. For remainder of
this document we will assume a DC is available on DR site.

Enable protection for Exchange CAS and MBX VMs

Enable protection of CAS and MBX VMs in ASR. Perform relevant Azure Site Recovery configuration
based on whether the VMs are deployed on Hyper-V or on VMware.

3 Create Azure Site Recovery vault in Microsoft Azure subscription

4 Setting up AD for a DR environment
6|Page
 Recommended Crash consistent frequency to configure is 15minutes.

Configure Networking
Configure VM Network Settings
For the CAS and MBX VMs configure network settings in ASR so that the VM networks get attached to
the right DR network after failover.
You can select the VM in the VMM Cloud to configure the network settings as shown in the snapshot
below.

Configure DNS and Traffic Routing

If Exchange is available on public internet, then you can setup Azure Traffic Manager to ensure that the
traffic is routed to recovery site after failover. For internet facing sites, create an instance of Traffic
Manager in the Azure subscription and configure it and your DNS in the following manner.

Where Source Target

7|Page
 Public DNS Public DNS for Exchange sites Traffic Manager
Ex: exchange.contoso.com exchange.trafficmanager.net

Public DNS exchangetonprem.contoso.com <Public IP on the on-premises exchange

server>

Load balancing method: Failover

Failover Priority list:

1. <URL configured for Primary farm>

2. <URL configured for Recovery farm>
Example:

1. exchangepri.contoso.com
2. exchangerec.contoso.com

For internal sites, skip Traffic Manager (the above step). Setup an alternate URL other than the name of
the VM hosting the CAS and create an alias in DNS for the same using a CNAME record. If the DNS is
setup for dynamic DNS updates, then the VMs would register themselves with DNS using the new IP
automatically after failover. Else, the DNS entry would have to be updated either manually or using a
script post failover5.

The following picture illustrate the network topology of the Exchange application once the complete
protection is enable using Azure Site Recovery.

5 Script to perform DNS update post failover

8|Page
 Network topology for Exchange application with DR

Create a recovery plan

You can create a recovery plan in ASR to automate the failover process. Add app tier and web tier in the
Recovery Plan. Order them in different groups so that the front-end shutdown before app tier.

Select the ASR vault in your subscription and click on Recovery Plans tab.
Click on Create and specify a name
Select the Source and Target. The target can be a secondary site with VMM cloud configured.
Select the app tier and web tier VMs to enable protection and click the .

You can customize the recovery plan for Exchange application by adding various steps as detailed below.
The above snapshot shows the complete recovery plan after adding all the steps.

Steps:
1. Failover Group 1: Failover the CAS VM

Failover the CAS VM as part of the recovery plan.

2. Failover Group 2: Failover the MBX VMs.

Failover the MBX VM as part of the recovery plan.

3. Manual step 3 (optional): Update the DNS records to point to the application at the new site

This step is not required

9|Page
 For internet facing sites, no DNS update should be required post failover. Configure
Traffic Manager as describes in the previous section and the recovered application will
work seamlessly without any manual intervention.
For internal sites, if the DNS is setup for dynamic DNS updates, then the VMs would
register themselves with DNS using the new IP automatically after failover.

This step is required

For internal sites, if the DNS is not setup for dynamic DNS updates, the DNS entry would
have to be updated either manually or using a script post failover

Refer to Script for updating DNS post failover.

Perform a Test Failover

Refer to AD DR Solution6 companion guide for considerations specific to AD during Test Failover. The
steps required to do a DNS failover should be done before performing Exchange Test Failover.

1. Go to Azure manage portal and select your Site Recovery vault.

2. Click on the recovery plan created for Exchange.
3. Click on Test Failover.
4. Select the virtual network to start the test failover process.

5. Once the secondary environment is up, you can perform your validations.
6. Once the validations are complete, you can select Validations complete and the test failover
environment will be cleaned.

6 Protect AD
10 | P a g e
Perform an Unplanned Failover
Unplanned failover (UFO) is executed in the event of a disaster or unexpected outagean event you
cannot plan. UFO incurs some data loss as configured during the protection. UFO ensures that VMs are
brought online in Azure immediately. Executing UFO pauses the on-premises VMs.

1. Go to Azure manage portal and select your Site Recovery vault.

2. Click on the recovery plan created for Exchange.
3. Click on Failover and select Unplanned Failover.

4. Select the target network and click to start the failover process.

Perform a Planned Failover

1. Go to Azure manage portal and select your Site Recovery vault.
2. Click on the recovery plan created for Exchange.
3. Click on Failover and select Planned Failover.
4. Select the target network and click to start the failover process.

Perform a Failback
1. Go to Azure manage portal and select your Site Recovery vault.
2. Click on the recovery plan created for Exchange.
3. Click on Failover and select planned/unplanned failover.
4. Click on Change Direction.
5. Select the appropriate options - data synchronization and VM creation options
6. Click to start the Failback process.

Best Practices
Capacity planning and readiness assessment
Hyper-V site

11 | P a g e
User Capacity planner tool7 to design the server, storage and network infrastructure for your Hyper-V
Replica environment.

Azure
You can run the Azure Virtual Machine Readiness Assessment tool 8 on VMs to ensure that they are
compatible with Azure VMs and Azure Site Recovery Services. The Readiness Assessment Tool checks VM
configurations and warns when configurations are incompatible with Azure. For example, it issues a
warning if a C: drive is larger than 127 GB.

Capacity planning is made up of at least two important components:

Mapping on-premises Hyper-V VMs to Azure VM sizes (such as A6, A7, A8, and A9).
Determining the required Internet bandwidth.
Implementation Checklist
Step 1
Create Azure Site Recovery vault in Microsoft Azure subscription.
Check the prerequisites to protect your Exchange application.
Step 2
Hyper-V only step - Download Microsoft Azure Site Recovery Provider, and install it on VMM server /
Hyper-V host.
VMware only step - Configure Protection server, Configuration server and Master Target servers
appropriately.
Step 3
Prepare resources.
Add an Azure Storage account.
Hyper-V only step - Download the Microsoft Azure Recovery Services Agent, and install it on Hyper-V
host servers.
VMware only step Make sure the mobility service is installed on all the VMs
Step 4
Enable protection for VMs in VMM clouds / Hyper-V sites / VMware sites
Step 5
Map resources. Map on premise networks to Azure VNET.

Step 7
Create the recovery plan
Perform test failover using the recovery plan
Ensure that all VMs have access to required resources, such as Active Directory
Ensure that network redirections for Exchange application are working

Step 8
Perform DR drill using planned and unplanned failovers
Ensure that all VMs have access to required resources, such as Active Directory
Ensure that network redirections for Exchange application are working

7 Hyper-V Replica Capacity Planner tool

8 Azure Virtual Machine Readiness Assessment tool
12 | P a g e
Summary
Using Azure Site Recovery, you can create a complete automated disaster recovery plan for your
Exchange application. You can initiate the failover within seconds from anywhere in the event of a
disruption and get the application up and running in a few minutes from anywhere

13 | P a g e
Appendix (Scripts)

Script to update DNS

14 | P a g e