Automate Azure Site Recovery Test Failovers with PowerShell

Have you ever worked with a customer in a different time zone? Or your customer wanted to do a test failover or run a DR scenario but you’re in bed dreaming of how you can automate this without getting up?

Well fear not… I have created this juicy little Azure Site Recovery Script to automatically test failover a specific Virtual Machine into your desired Vnet.
A few essential Pre Reqs:

  • Azure Subscription (obvs)
  • PowerShell knowledge (essential)
  • A VM or laptop with Internet access
  • Azure Automation Account (with RunAs access)
  • Azure Recovery Services Vault – connected to a Site Identifier, with Policy
  • Create a Credential Asset with “your” azure portal creds
  • Azure PS Modules installed for testing locally (Install-Module AzureRM)
  • AzureAutomationAuthoringToolkit for testing locally (https://www.powershellgallery.com/packages/AzureAutomationAuthoringToolkit/0.2.4.0)
  • A triple shot cappuccino with extra chocolate sprinkles

So, below I’ll de-construct the script and just talk about how you can implement this to run automatically on a schedule (using windows task scheduler) or using Azure Automation Runbooks – you can also use Hybrid Runbook Worker too – with automation the end is limitless

So let’s go….
First we need to authenticate to our Azure Subscription (so we don’t have to keep logging in via the cmd prompt box – otherwise what’s the point in automating stuff right?)

The below script is if you’re using Azure Hybrid RunBook worker or running the script on a VM locally

 
$myCredential = Get-AutomationPSCredential -Name 'CraigCreds'

$userName = $myCredential.UserName

$securePassword = $myCredential.Password

$password = $myCredential.GetNetworkCredential().Password

Login-AzureRmAccount -Credential $mycredential -SubscriptionID "9999-99999-99999-999999-9999" 
 
Next we need to retrieve the RSV, the resource group it sits in
 
Get-AzureRmRecoveryServicesVault -Name "ASR01" -ResourceGroupName "RGR01"

$Vault = Get-AzureRmRecoveryServicesVault -Name "ASR01" -ResourceGroupName "RG01"

Next we need to obtain the RSV Vault Settings file – now you can either pipe this to a local desktop – or save it in the current session

 

$VaultFile = Get-AzureRmRecoveryServicesVaultSettingsFile -SiteRecovery -Vault $Vault

Import-AzureRmRecoveryServicesAsrVaultSettingsFile -Path $VaultFile.FilePath
 

We now need to get the details of our RSV Fabric (in this case we have a VMWare estate) and list the accounts currently integrated inside the RSV VM – account handles

 
$ASRFabrics = Get-AzureRmRecoveryServicesAsrFabric
$ASRFabrics.count

# Show the details of the Configuration Server
$ASRFabrics[0]

$ProcessServers = $ASRFabrics[0].FabricSpecificDetails.ProcessServers
for($i=0; $i -lt $ProcessServers.count; $i++) {
 "{0,-5} {1}" -f $i, $ProcessServers[$i].FriendlyName
}

$AccountHandles = $ASRFabrics[0].FabricSpecificDetails.RunAsAccounts

$AccountHandles
 

Now we need to get the protection container and assign it to the asr fabric along with our ASR policy (which should be a pre req)

 
$ProtectionContainer = Get-ASRProtectionContainer -Fabric $ASRFabrics[0]

# Show the details
$ProtectionContainer

Get-AzureRmRecoveryServicesAsrProtectionContainerMapping -ProtectionContainer $ProtectionContainer 

$ReplicationPolicy = Get-AzureRmRecoveryServicesAsrPolicy -Name "test-Policy" 

Here is a critical part of the script – you’ll need to get the resource group which your RSV is currently deployed into, select the Vnet and it’s resource group

 
$ResourceGroup = Get-AzureRmResourceGroup -Name "RG01"

$RecoveryVnet = Get-AzureRmVirtualNetwork -Name "vnet" -ResourceGroupName "vnet-01-rg" 

Assign the protection container to your RSV policy

 
$PolicyMap  = Get-AzureRmRecoveryServicesAsrProtectionContainerMapping -ProtectionContainer $ProtectionContainer | where PolicyFriendlyName -eq "test-policy"

Select the VM you want to test failover, and set the item VM Size and if you want to use Managed Disks (because they’re a hell of a lot better than using Storage Accounts

 
$ReplicatedVM = Get-AzureRmRecoveryServicesAsrReplicationProtectedItem -FriendlyName "VM001" -ProtectionContainer $ProtectionContainer

Set-AzureRmRecoveryServicesAsrReplicationProtectedItem -InputObject $ReplicatedVM -Size "Standard_D1_v2" -UseManagedDisk True
 

Make sure you paste your vnet resource ID into the variable below and then you can start the failover – you can find this by navigating into the Azure Portal, and just copying the top address bar…everything from /subscriptions/

 
#Start the test failover operation

$VnetID = "/subscriptions/99999-99999-999-999-999/resourceGroups/rg01/providers/Microsoft.Network/virtualNetworks/vnet"

Start-AzureRmRecoveryServicesAsrTestFailoverJob -ReplicationProtectedItem $ReplicatedVm1 -AzureVMNetworkId $VnetID -Direction PrimaryToRecovery -Verbose 

 

If you wanted to actually run a planned or unplanned failover you can change the command too

 
Start-AzureRmRecoveryServicesAsrPlannedFailoverJob 

Or

 
Start-AzureRmRecoveryServicesAsrUnPlannedFailoverJob 

And that ladies and gentlemen is it!! Simple eh 
Saving this beauty as a .ps1 and into task scheduler you can set this to run at any time you like, and not having to worry about waking up in the middle of the night to run a Test Failover Scenario

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s