I took over an Azure Site Recovery (ASR) Project with about 13 VMware machines which are replicated in Azure. Currently, the Azure environment includes:
1x Hub vNet with the VPN Gateway.
1x Spoke vNet (Prod) with already running instances, including one Domain Controller. Peering exist with the Hub vNet.
1x Spoke vNet (DRMain) which has the same CIDR range has the on-premises and it will include the VM after the failover. There is no peering with the Hub vNet because the VPN S2S is active.
The idea from the previous colleague was certainly to proceed as below in case of a failover:
Cut the VPN S2S connection.
Create a peering between the DRMain vNet et the Hub vNet.
Run the recovery plan to restart the machine in the DRMain vNet.
Update the DNS for the vNet DRMain to point to the Domain Controller already running in the Prod.
In that situation there won't be an overlap with the on-premises network because the VPN will be disconnected.
In regards to the failback from Azure to on-premises, we'll need to activate the VPN for the resynchro. However, when reading through the document https://docs.microsoft.com/en-us/azure/site-recovery/vmware-azure-prepare-failback#reprotectionfailback-components, I can read the following:
> For retained IP addresses the configuration server needs two NICs - one for source machine connectivity, and one for Azure failback connectivity. This avoids overlap of subnet address ranges for the source and failed over VMs
This might be a stupid question but if the on-prem network has the same IP range than the vNet, how can I have both NICs in different subnet ?
Can anyone shed some light on this ?
Thanks in advance