I currently have an app running on Azure VMs and the outbound traffic using UDR is funneled through Azure Firewall.
I understand the VMs can be replicated to a secondary region using Azure but not sure how to handle the networking components. With Azure Firewall being a PaaS service, do I have to create an Azure Firewall instance in the secondary region at the time of failover? Same concern with UDRs.
We can handle/protect the networking components using below following steps
I have created the vm with recovery vaults
After creating enabled the recovery vaults and I am able to see my recovery site is healthy
Open the replica item in the over view clicked on test failure before beginning the failure I shutdown the machine and the operation will be started and processed successfully
To finish the failure click on Commit to complete the failure
To reprotect the VM on the keyvault overview click on Re-Protect button
Verify the replication direction and review the target settings for the regions by click on ok to start the reprotect process
Use this Microsoft Document for more information
For setting up for URD Refer this document
Related
I have created a storage account for use in storing the results of an Azure Vulnerability Assessment on an Azure SQL Database.
If the firewall on the storage account is disabled, allowing access from all networks, Azure Vulnerability Scans work as expected.
If the firewall is enabled, the Azure Vulnerability Scan on the SQL Database reports an error, saying the storage account is not valid or does not exist.
Checking the box for "Allow Azure services on the trusted services list to access this storage account." in Networking properties for the storage account does not work to resolve this issue, though it is the recommended step in the documentation here: https://learn.microsoft.com/en-us/azure/azure-sql/database/sql-database-vulnerability-assessment-storage
Allow Azure Services
What other steps could resolve this issue, rather than just disabling the firewall?
You have to add the subnet and vnet that is being used by the SQL Managed Instance as mentioned in the document you are following . You can refer the below screenshot:
After enabling the service endpoint status as shown in the above image , Click Add . After adding the vnet it should look like below:
After this is done , Click on save and you should be able to resolve the issue.
Reference:
Store Vulnerability Assessment scan results in a storage account accessible behind firewalls and VNets - Azure SQL Database | Microsoft Docs
We currently have set up a web application in our Azure enviroment which is connected to our VNET and reachable through private link.
Now we are trying to set up backups to an Azure storage account.
this storage account is also connected to the VNET and only allows connections from this. We have set an Exception on "Allow trusted microsoft services to access this storage account"
However, when we try to run the backup of the web app, we get the following error:
"Storage access failed. The remote server returned an error: (403) Forbidden.. Please delete and recreate backup schedule to mitigate."
We have had this same issue when restoring SQL databases through azure storage and temporary made it accessible for all which made it work, however this is not feasible for the future, is there any way to make this work?
I ran into the same issue.
Unfortunately a backup in combination with a firewall is not possible according to Microsoft documentation.
"Using a firewall enabled storage account as the destination for your backups is not supported. If a backup is configured, you will get failed backups."
Kind regards
I am trying to launch a cluster using Azure DataBricks using portal but I am getting an issue saying "Subnet provided does not have security group associated to it."
But I want to connect it using the service Principal.
Please help!!
While deploying Azure Databricks in your Virtual Network, make sure to associate Network Security group (NSG) rules that allows communication with the Azure Databricks control plane.
The virtual network must include two subnets dedicated to Azure Databricks:
A private subnet with a configured network security group that allows
cluster-internal communication
A public subnet with a configured network security group that allows
communication with the Azure Databricks control plane.
The following table displays the current network security group rules used by Azure Databricks. In order to ensure that your Azure Databricks service runs smoothly, Azure Databricks can change these rules at any time. This topic and table will be updated whenever such a modification occurs.
Reference: Deploy Azure Databricks in your Virtual Network (VNET Injection)
Hope this helps.
I am trying to migrate a VM in Southeast Asia to Western Europe
After defining the source in the Enable Replication Section, I am not able to select the virtual machine.
Source Details
Select Virtual Machine section shows the VM grayed out.
My account has Owner, Site Recovery Contributor, Site Recovery Operator, Site Recovery Reader and Virtual Machine Contributor roles.
Currently, native replication of Azure VMs using managed disks are not supported.
You can use "Physical to Azure" option in this document to migrate VMs with managed disks.
More details bout Migrate Azure IaaS virtual machines between Azure regions with Azure Site Recovery , you can refer to this document.
Within Azure Site Recovery, are you running an unplanned failover? Per Microsoft's documentation your VM has to meet these requirements to be used. Once you've confirmed that, confirm that you meed the pre-requisites for failover (there is a link at the bottom of the MS requirements document.)
If all those are met, then go to Replicated Items, select your VM, choose the More menu, then Failover, in the Failover dialog box there is a From box, your VM should be an option in that box. Then follow the steps for a failover per Microsoft.
There are other sources for using Azure failover that may be informative.
I tried backing up Azure App Service according to the following URL.
However, if you press the backup button on the App Service menu, the next screen will be displayed and you will not be able to proceed.
Backup Not Configured, Configure you backup by setting up a storage account, schedule and select databases to be backed up for safe keeping and disaster recovery.
I tried the App Service Plan with Standard and Premium.
I also created Azure Storage Account.
I have created a new App Service in several regions.
However, both of them got the same result.
Does anyone know the procedure?
Best regards.
The Backup and Restore feature in Azure App Service lets you easily create app backups manually or on a schedule. Also, remember, the Backup and Restore feature requires the App Service plan to be in the Standard tier or higher. However, before backup any Azure App Service you need to configure it properly. As your error message said you should configure,
Storage Account,
Schedule and
Select the Databases to backups
To configure your backups please follows below steps.
Configure Manual Backup
In the Azure portal, navigate to your app's blade, select Settings, then Backups. The Backups blade is displayed.
In the Backups blade, click Configure.
In the Backups Configuration blade, click Storage Settings: Storage not configured to configure a storage account.
Choose storage account Choose your backup destination by selecting a Storage Account and Container. The storage account must belong to the same subscription as the app you want to backup. If you wish, you can create a storage account or a new container in the respective blades. When you're done, click Select.
In the Backups Configuration blade that is still left open, click Database Settings, then select the databases you want to include in the backups. (SQL database, MySQL, or PostgreSQL) (In my case I don’t have any database to select)
In the Backups Configuration blade, click Save. At this point you can click Backup button in the command bar of the Backups blade, this will create a Manual Backup of your app.
Configure Schedule Backup
On the Backups Configuration blade, set Schedule backup to On. Then configure the backup schedule as desired.
In the Backups Configuration blade, click Save. That’s it your backups should works now as you scheduled.
The "Configure" option appeared for me after I tried logging into the Azure portal in private/incognito mode. I'd also recommend clearing out your cache for good measure. Hope that helps.