Set up public IP addresses after failover
Public IP addresses serve two purposes in Azure. First, they allow inbound communication from Internet resources to Azure resources. Secondly, they enable Azure resources to communicate outbound to the Internet and public-facing Azure services that have an IP address assigned to the resource.
- Allow inbound communication from the Internet to the resource, such as Azure Virtual Machines (VM), Azure Application Gateways, Azure Load Balancers, Azure VPN Gateways, and others. You can still communicate with some resources, such as virtual machines, from the Internet, if a virtual machines doesn't have a public IP address assigned to it, as long as the virtual machines is part of a load balancer back-end pool, and the load balancer is assigned a public IP address.
- Outbound connectivity to the Internet using a predictable IP address. For example, a virtual machine can communicate outbound to the Internet without a public IP address assigned to it, but its address is network address translated by Azure to an unpredictable public address, by default. Assigning a public IP address to a resource enables you to know which IP address is used for the outbound connection. Though predictable, the address can change, depending on the assignment method chosen. For more information, see Create a public IP address. To learn more about outbound connections from Azure resources, see Understand outbound connections.
In Azure Resource Manager, a Public IP address is a resource that has its own properties. Some of the resources you can associate a public IP address resource with are:
- Virtual machine network interfaces
- Internet-facing load balancers
- VPN gateways
- Application gateways
This article describes how you can use Public IP addresses with Site Recovery.
Public IP address assignment using Recovery Plan
Public IP address of the production application cannot be retained on failover. Workloads brought up as part of failover process must be assigned an Azure Public IP resource available in the target region. This step can be done either manually or is automated with recovery plans. A recovery plan gathers machines into recovery groups. It helps you to define a systematic recovery process. You can use a recovery plan to impose order, and automate the actions needed at each step, using Azure Automation runbooks for failover to Azure, or scripts.
The setup is as follows:
- Create a recovery plan and group your workloads as necessary into the plan.
- Customize the plan by adding a step to attach a public IP address using Azure Automation runbooks scripts to the failed over virtual machines.
Public endpoint switching with DNS level Routing
Azure Traffic Manager enables DNS level routing between endpoints and can assist with driving down your RTOs for a DR scenario.
Read more about failover scenarios with Traffic Manager:
- On-premises to Azure failover with Traffic Manager
- Azure to Azure failover with Traffic Manager
The setup is as follows:
- Create a Traffic Manager profile.
- Utilizing the Priority routing method, create two endpoints – Primary for source and Failover for Azure. Primary is assigned Priority 1 and Failover is assigned Priority 2.
- The Primary endpoint can be Azure or External depending on whether your source environment is inside or outside Azure.
- The Failover endpoint is created as an Azure endpoint. Use a static public IP address as this will be external facing endpoint for Traffic Manager in the disaster event.
Next steps
- Learn about Traffic Manager with Azure Site Recovery
- Learn about Traffic Manager routing methods.
- Learn more about recovery plans to automate application failover.