Support matrix for deploy Azure Site Recovery replication appliance - Modernized
This article describes support and requirements when deploying the replication appliance for VMware disaster recovery to Azure with Azure Site Recovery - Modernized
Note
The information in this article applies to Azure Site Recovery - Modernized. For information about configuration server requirements in Classic releases, see this article.
Note
Ensure you create a new and exclusive Recovery Services vault for setting up the ASR replication appliance. Don't use an existing vault.
You deploy an on-premises replication appliance when you use Azure Site Recovery for disaster recovery of VMware VMs or physical servers to Azure.
- The replication appliance coordinates communications between on-premises VMware and Azure. It also manages data replication.
- Learn more about the Azure Site Recovery replication appliance components and processes.
Pre-requisites
Hardware requirements
| Component | Requirement |
|---|---|
| CPU cores | 8 |
| RAM | 32 GB |
| Number of disks | 2, including the OS disk - 80 GB and a data disk - 620 GB |
Software requirements
| Component | Requirement |
|---|---|
| Operating system | Windows Server 2019 |
| Operating system locale | English (en-*) |
| Windows Server roles | Don't enable these roles: - Active Directory Domain Services - Internet Information Services - Hyper-V |
| Group policies | Don't enable these group policies: - Prevent access to the command prompt. - Prevent access to registry editing tools. - Trust logic for file attachments. - Turn on Script Execution. Learn more |
| IIS | - No pre-existing default website - No pre-existing website/application listening on port 443 - Enable anonymous authentication - Enable FastCGI setting |
| FIPS (Federal Information Processing Standards) | Don't enable FIPS mode |
Network requirements
| Component | Requirement |
|---|---|
| Fully qualified domain name (FQDN) | Static |
| Ports | 443 (Control channel orchestration) 9443 (Data transport) |
| NIC type | VMXNET3 (if the appliance is a VMware VM) |
| NAT | Supported |
Note
To support communication between source machines and replication appliance using multiple subnets, you should select FQDN as the mode of connectivity during the appliance setup. This will allow source machines to use FQDN, along with a list of IP addresses, to communicate with replication appliance.
Allow URLs
Ensure the following URLs are allowed and reachable from the Azure Site Recovery replication appliance for continuous connectivity:
| URL | Details |
|---|---|
portal.azure.com |
Navigate to the Azure portal. |
login.windows.net graph.windows.net *.msftauth.net*.msauth.net*.microsoft.com*.live.com *.office.com |
To sign-in to your Azure subscription. |
*.microsoftonline.com |
Create Azure Active Directory (AD) apps for the appliance to communicate with Azure Site Recovery. |
management.azure.com |
Create Microsoft Entra apps for the appliance to communicate with the Azure Site Recovery service. |
*.services.visualstudio.com |
Upload app logs used for internal monitoring. |
*.vault.azure.net |
Manage secrets in the Azure Key Vault. Note: Ensure that the machines that need to be replicated have access to this URL. |
aka.ms |
Allow access to "also known as" links. Used for Azure Site Recovery appliance updates. |
download.microsoft.com/download |
Allow downloads from Microsoft download. |
*.servicebus.windows.net |
Communication between the appliance and the Azure Site Recovery service. |
*.discoverysrv.windowsazure.com *.hypervrecoverymanager.windowsazure.com *.backup.windowsazure.com |
Connect to Azure Site Recovery micro-service URLs. |
*.blob.core.windows.net |
Upload data to Azure storage, which is used to create target disks. |
*.backup.windowsazure.com |
Protection service URL – a microservice used by Azure Site Recovery for processing & creating replicated disks in Azure. |
*.prod.migration.windowsazure.com |
To discover your on-premises estate. |
Allow URLs for government clouds
Ensure the following URLs are allowed and reachable from the Azure Site Recovery replication appliance for continuous connectivity, when enabling replication to a government cloud:
| URL for Fairfax | URL for Mooncake | Details |
|---|---|---|
login.microsoftonline.us/* graph.microsoftazure.us |
login.chinacloudapi.cn/* graph.chinacloudapi.cn |
To sign-in to your Azure subscription. |
portal.azure.us |
portal.azure.cn |
Navigate to the Azure portal. |
*.microsoftonline.us/* management.usgovcloudapi.net |
*.microsoftonline.cn/* management.chinacloudapi.cn/* |
Create Microsoft Entra apps for the appliance to communicate with the Azure Site Recovery service. |
*.hypervrecoverymanager.windowsazure.us *.migration.windowsazure.us *.backup.windowsazure.us |
*.hypervrecoverymanager.windowsazure.cn *.migration.windowsazure.cn *.backup.windowsazure.cn |
Connect to Azure Site Recovery micro-service URLs. |
*.vault.usgovcloudapi.net |
*.vault.azure.cn |
Manage secrets in the Azure Key Vault. Note: Ensure that the machines, which need to be replicated have access to this URL. |
Folder exclusions from Antivirus program
If Antivirus Software is active on appliance
Exclude following folders from Antivirus software for smooth replication and to avoid connectivity issues.
C:\ProgramData\Microsoft Azure
C:\ProgramData\ASRLogs
C:\Windows\Temp\MicrosoftAzure
C:\Program Files\Microsoft Azure Appliance Auto Update
C:\Program Files\Microsoft Azure Appliance Configuration Manager
C:\Program Files\Microsoft Azure Push Install Agent
C:\Program Files\Microsoft Azure RCM Proxy Agent
C:\Program Files\Microsoft Azure Recovery Services Agent
C:\Program Files\Microsoft Azure Server Discovery Service
C:\Program Files\Microsoft Azure Site Recovery Process Server
C:\Program Files\Microsoft Azure Site Recovery Provider
C:\Program Files\Microsoft Azure to on-premises Reprotect agent
C:\Program Files\Microsoft Azure VMware Discovery Service
C:\Program Files\Microsoft on-premises to Azure Replication agent
E:\
If Antivirus software is active on source machine
If source machine has an Antivirus software active, installation folder should be excluded. So, exclude folder C:\Program Files (x86)\Microsoft Azure Site Recovery\ for smooth replication.
Sizing and capacity
An appliance that uses an in-built process server to protect the workload can handle up to 200 virtual machines, based on the following configurations:
| CPU | Memory | Cache disk size | Data change rate | Protected machines |
|---|---|---|---|---|
| 16 vCPUs (2 sockets * 8 cores @ 2.5 GHz) | 32 GB | 1 TB | >1 TB to 2 TB | Use to replicate 151 to 200 machines. |
You can perform discovery of all the machines in a vCenter server, using any of the replication appliances in the vault.
You can switch a protected machine, between different appliances in the same vault, given the selected appliance is healthy.
For detailed information about how to use multiple appliances and failover a replication appliance, see this article