Hi! My name is Gaurav Daga - I am a program manager on the Windows Azure Hyper-V Recovery Manager (HRM) product team, and my role is focused on hosting service providers (HSPs). With the general availability of the HRM service, we are starting to get a number of queries from HSPs on whether they can use HRM to provide a premium Disaster Recovery (DR) service to their tenants. And the answer is absolutely yes! This blog post describes the business and technical aspects of how HSPs can leverage HRM today to offer DR as a managed service for tenant workloads, and provides answers to many frequently asked HSP questions.
First, why should a HSP care about offering DR? DR as a service is a premium business with huge new revenue potential – Infrastructure as a Service (IaaS) Virtual Machine (VM) rentals carry as much as 30 to 70% premium when sold with DR capabilities versus without. It is also a great way for a HSP to acquire new customers because businesses these days are willing to pay serious money for a reliable DR plan. Providing DR as a service lets HSPs get a foot in the door of the customer and later have conversations to host more critical workloads and monetize them.
Next, why should a HSP use HRM to offer DR? There are many Do It Yourself (DIY) solutions available to automate DR that require a HSP to spend lot of time and effort building a solution and even then likely end up with something that results in customer dissatisfaction because DR has many complex challenges. HRM provides a packaged service offering that solves all these tough DR problems saving significant cost for the HSP who does not have to build a DIY solution and instead can focus on adding value and meeting customer SLAs, which in turn would translate to higher customer satisfaction and greater revenues. There is a great overview of HRM on Brad Anderson’s In the Cloud blog, and below is a summary of the salient points that cover the HRM value proposition.
· Automating DR infrastructure setup
- Hyper-V Replica (HVR) setup on all primary and recovery servers, certificate setup, etc.
- Policy based protection using clouds
- Intelligent placement algorithm to select target suitable for DR
· Automating DR failovers
- A Recovery Plan allows sequencing, parallelism, scripts, and manual actions, enabling single click failover of applications across replication channels (HVR and SQL AlwaysOn today, but extensible in the future)
· Automating DR networking at scale
- Policy based networking to avoid going to each VM for injecting IP addresses thereby providing simplified and reliable DR networking
· Reliable DR for compliance needs
- Support for easy DR drills without impacting production
- All DR jobs stored for audit and reports of past DR drills and failovers provided with details of RTO, success, failures, etc. to help with compliance needs
· Single highly available DR management console across multiple sites
- Supports different topologies like one-one, one-many, many-one and many-many
- External monitoring to report primary site failures
There are two use cases that a HSP will run into when looking to sell DR as a service – one is where the tenant’s workload is running on the HSP’s primary site and the HSP owns the recovery site too. And the other is where the tenant’s workload is running on their own enterprise network and they want to use the HSP’s data center only as the recovery site. HRM today plays in the first use case where DR is happening between the HSP’s primary and secondary data centers, and does not support the primary site being enterprise managed and the recovery site being the HSP’s. Within this support realm, it is important to understand the two main models of delivering DR as a service:
· Managed DR
- HSP responsible for setting up the DR plan for tenants
- HSP provides DR drills as part of the DR plan
- Tenant requests DR drills or planned failovers and HSP performs these on behalf of the tenant
- Post failover, HSP informs tenants and tenants validate the failed over application’s functionality
- Only the HSP admin interacts with HRM, not the tenants
· Self-service DR
- Tenants manage DR on their own, i.e. set up their own DR plan, perform DR drills and planned failovers, etc. themselves
In most cases, given the complexity associated with DR, we are seeing managed DR as a service solutions being offered by HSPs. And the first query we get - are HSPs even legally allowed to use HRM to offer DR? From a rights to use perspective, managed DR as a service with HRM is allowed per the Online Services Use Rights (look for the section titled “Windows Azure Services”) of the Service Provider License Agreement (SPLA). However, the HSP’s Windows Azure bill for HRM use will be separate from the rest of their SPLA bill and the available options to buy Windows Azure services are the following:
- Enterprise Agreement, including our new Server Cloud Enrollment for HSPs that leverage Windows Azure as a data center provider without a desktop commitment
- Windows Azure Agreement with pay as you go pricing or six months/one year commitments
Now that you know that from a licensing perspective you can use HRM to offer DR to your tenants, let’s take a look at the frequently asked questions around providing managed DR as a service with HRM:
1. Do I need to share my tenants’ identities with Windows Azure?
- No – given this is managed DR, it is only the HSP who registers and creates an identity with Windows Azure.
2. Do my tenants need to go to Windows Azure management portal?
- No – only the HSP accesses the Windows Azure management portal and the tenants never ever have to.
3. Does my tenants’ application data go to Windows Azure?
- Application data never goes to Windows Azure – it is always sent encrypted over the HSP’s network between the two sites. Only some metadata is sent to Windows Azure.
- Tenant specific – only VM name and ID, and virtual network name is sent
- Full list of metadata sent including HSP’s fabric information is published here
- All metadata is sent over HTTPS
4. Do my Hyper-V hosts and applications need internet connectivity for the DR service to work?
- No Windows Azure connectivity is needed for Hyper-V hosts and applications, only intranet connectivity to Hyper-V hosts on the recovery site to allow Hyper-V replication is needed. Internet connectivity is needed (one-way, outbound) only from the System Center Virtual Machine Manager (SCVMM) server(s) to Windows Azure.
5. Do I need to install one more System Center agent on each of my Hyper-V hosts and on each of the tenant guest VMs?
- No, the HRM provider needs to be installed only on the SCVMM server(s).
6. Can I use a single SCVMM server to manage both my primary and recovery sites?
- Yes, HRM supports both topologies – multiple SCVMM servers - one on each site, and a single SCVMM server managing multiple sites. Great drilldown blog post on this topic by my teammate Neerja Rewal here.
7. How does an unplanned failover work when a disaster impacts both my primary site and my ISP?
- During failover, HRM has no dependency on any network connectivity to the primary site.
8. A tenant’s n tier application is using SQL AlwaysOn – can I use HRM to orchestrate single click application failover?
- Yes, HRM works in conjunction with SQL AlwaysOn using simple scripts plugged into the Recovery Plan.
9. How do I manage the health of replication of all protected tenant VMs?
- There is a System Center Operations Manager pack that provides ongoing replication health monitoring.
10. Is there Windows Azure Pack (WAP) integration?
- Not today, but even without WAP integration, HSPs can provide first class DR capabilities like planned and unplanned failovers, and have tenants access their failed over VMs on the recovery site using Remote Desktop. Or if the tenant’s app is being accessed through a URL, the HSP can have the tenant point the URL to the recovery site post failover.
If you are enrolled in the Microsoft Partner Network and a member of our hosting community, I hope this blog post helps debunk many myths and encourages you to try Windows Azure Hyper-V Recovery Manager to offer a premium disaster recovery service to your customers. And if you want to get started today, here are the planning and deployment guides. Please sign-up to Windows Azure for free and get $200 to spend right away as part of the trial - it time to unlock a new revenue stream with Windows Azure Hyper-V Recovery Manager!
Image may be NSFW.Clik here to view.