다음을 통해 공유

Azure: Upgrade from Azure ACS to Azure AD for ASR

  • 아티클

Azure Media Services announced the support for Azure Active Directory (AAD) and depreciation of Azure Access Control Service (ACS authentication) Because Azure Active Directory provides powerful role-based access control features and support for more fine-grained access to resources in your account compared to the ACS token authentication model ("account keys"), we strongly recommend that you update your code and migrate from ACS to AAD-based authentication.

 

Note

As of June 30th, Azure Site Recovery no longer supports ACS based authentication. If you still haven't upgraded to AAD, any calls to the service may start to fail. The servers may move to a disconnected state, and replicated items’ status may move to critical. You may also not be able to perform any management activities.

 

How to Identify:

  1. Go to server where the Azure Site Recovery Provider is registered:
       
    Between two on-premises VMM Sites    SCVMM 
    Between an on-premises VMM Site and Azure  SCVMM
    Between an on-premises Hyper-V Site and Azure  Hyper-V hosts
    Between an on-premises VMware/Physical Site to Azure     Configuration Server, Scale out process Server 
  2. Navigate to the registry entry as shown in the below image. Under Registration, IsAADType should have the value as ‘True’. If not, your configuration is still on ACS.

https://imageshack.com/a/img923/2731/HDF7w7.png

Steps to upgrade to ACS:

Follow the below steps to upgrade from ACS to AAD based authentication while communicating with the Azure Site Recovery service.

Between two on-premises VMM Sites
  1. Download latest  Microsoft Azure Site Recovery Provider   .
  2. Install the provider on your on-premises VMM Server that is managing the Recovery Site first.
  3. After the Recovery Site is updated, install the provider on the VMM Server that is managing your Primary site.
  4. Re-register the servers by running the Microsoft Azure Site Recovery provider using the latest downloaded vault registration key. 

Note If your VMM is a Highly Available VMM (Clustered VMM), make sure that you install the upgrade on all nodes of the cluster where the VMM service is installed.

Between an on-premises VMM Site and Azure
  1. Download latest agent -  Microsoft Azure Site Recovery Provider   .
  2. Install the agent on your on-premises VMM Server.
  3. Install the latest agent -  MARS agent    on all Hyper-V hosts
  4. Re-register the servers by running the Microsoft Azure Site Recovery provider using the latest downloaded vault registration key. 
  5. Post re-registration, click on Update authentication service for all applicable servers. 

Note If your VMM is a Highly Available VMM (Clustered VMM), make sure that you install the upgrade on all nodes of the cluster where the VMM service is installed
Between an on-premises Hyper-V Site and Azure
  1. Download latest provider-  Microsoft Azure Site Recovery Provider   .
  2. Install the provider on each node of the Hyper-V Servers that you have registered in Azure Site Recovery
  3. Re-register the servers by running the Microsoft Azure Site Recovery provider using the latest downloaded vault registration key. 
  4. Post re-registration, click on Update authentication service for all applicable servers. 

Between an on-premises VMware/Physical Site to Azure
  1. Download the latest Microsoft Azure unified setup.
  2. Install this update first on your on-premises management server, this is the server that contains your Configuration Server and Process server roles installed on it.
  3. If you have scale out process server, update them next.
  4. Re-register the servers by running the Microsoft Azure Site Recovery provider using the latest downloaded vault registration key. 
  5. Post re-registration, click on Update authentication service for all applicable servers.