Best Practice for Azure DR using ASR When DR Region Should Not Host Any Pre-Provisioned VMs

Question

Best Practice for Azure DR using ASR When DR Region Should Not Host Any Pre-Provisioned VMs

Paul 20

Hello Team,

I am designing a Disaster Recovery (DR) strategy for an Azure environment and would like Microsoft’s best-practice guidance.

Scenario:

Primary region hosts ~50 Azure IaaS VMs (Web, App, DB, AD, middleware).

SQL is running on Azure IaaS VMs (SQL Server Always On is being evaluated).

DR region must be cost-optimized.

Customer does not want any VMs pre-provisioned in the DR region.

Only network components (VNet, subnets, NSGs, UDRs, DNS zones, and Recovery Services Vault) can exist in DR.

Requirement is to perform one-click failover during a regional outage using Azure Site Recovery (ASR).

During failover, all 50 VMs must be automatically created in the DR region, brought online in the correct sequence, and application made accessible.

No manual creation of VMs at the time of failover is acceptable.

Questions:

Is ASR Recovery Plan the recommended approach for orchestrating end-to-end failover (VM creation, sequencing, post-failover automation, LB/DNS updates) in a scenario where no VMs exist in the DR region before failover?

Does Microsoft recommend pre-creating certain components in the DR region (such as Load Balancers, SQL replicas, or basic infrastructure VMs like DCs), or is it fully supported to have zero compute in the DR region and let ASR create all VMs automatically?

For SQL on Azure VMs:

Should we rely on ASR replication alone, or is SQL Always On Availability Groups recommended for better RPO/RTO?

  If SQL AG is used, how should automated AG failover be integrated into ASR Recovery Plans?
  
  **For automation:**
  
     Are Azure Automation Runbooks or Azure Functions the recommended way to perform tasks during failover (DNS updates, reconfiguring backend pools, application warm-up)?
     
        Is there any official Microsoft sample repository for ASR Recovery Plan automation scripts?
        
        **For large environments (~50 VMs):**
        
           Are there any documented limits or performance considerations when performing a bulk failover where ASR needs to create many VMs at once in the DR region?

Goal:
To implement a Microsoft-aligned DR solution where:

DR region stays cost-optimized (no running VMs)

ASR performs full automated failover (one click)

SQL DR is handled as per best practice

Orchestration and automation follow Microsoft recommendations

Any official guidance, reference architecture, documentation links, or best practice patterns would be greatly appreciated.

Thank you.

Bharath Y P 2,560 Reputation points Microsoft External Staff Moderator

2025-12-04T19:47:00.06+00:00
Hello Paul, Yes. Azure Site Recovery (ASR) Recovery Plans are the Microsoft-recommended approach for orchestrating end-to-end failover when no VMs exist in the DR region. They provide:

Boot sequencing for multi-tier apps.

Custom automation steps (DNS updates, LB reconfiguration, app warm-up).

Integration with Azure Automation Runbooks or Azure Functions for post-failover tasks. This enables one-click failover that is consistent and repeatable.

ASR can create all VMs automatically in the DR region during failover using replicated disks and VM metadata. Best practice is Pre-create network components (VNet, subnets, NSGs, UDRs, DNS zones) and the Recovery Services Vault in the DR region to minimize failover time.

For critical infra like Active Directory/DNS, Microsoft recommends having at least one domain controller pre-provisioned or replicated for faster authentication.

ASR replication alone works for VM-level recovery but only provides crash/app-consistent snapshots. RPO/RTO may not meet strict database SLAs. Microsoft recommendation: Combine SQL Server Always On Availability Groups (AG) with ASR for better RPO/RTO:

Use AG for synchronous/asynchronous DB replication.

Replicate SQL VMs with ASR for full app failover.

Integrate AG failover into Recovery Plans using Azure Automation Runbooks (e.g., ASR-SQL-FailoverAG)

ASR Recovery Plans for Orchestration: Recovery Plans allow sequencing of VM startup, grouping by tiers (Web, App, DB), and integration of automation for DNS/LB updates. Supports one-click failover with automated VM creation in DR region. You can embed Azure Automation Runbooks for post-failover tasks like DNS updates, backend pool reconfiguration, or app warm-up.

Add Azure Automation runbooks to Site Recovery recovery plans - Azure Site Recovery | Microsoft Learn

Azure to Azure disaster recovery architecture in Azure Site Recovery - Azure Site Recovery | Microsoft Learn

Pre-Provisioning in DR Region: Zero compute is supported: ASR can create all VMs automatically during failover. Best practice is Pre-create essential shared services (e.g., domain controllers, load balancers, SQL replicas) to reduce failover complexity and boot-time delays. Networking components (VNets, NSGs, UDRs, DNS zones, Recovery Services Vault) should indeed exist in DR ahead of time.

Azure to Azure disaster recovery architecture in Azure Site Recovery - Azure Site Recovery | Microsoft Learn

Architecture strategies for disaster recovery - Microsoft Azure Well-Architected Framework | Microsoft Learn

Automation Options: Azure Automation Runbooks: Officially recommended for Recovery Plan integration. Azure Functions: Can be used, but Runbooks are natively supported and easier to integrate.

Add Azure Automation runbooks to Site Recovery recovery plans - Azure Site Recovery | Microsoft Learn

Large Environment Failover (~50 VMs): ASR supports bulk failover, but performance depends on VM sizes, replication policy, and parallelization limits. Consider staggering VM groups in Recovery Plans (e.g., DB first, then middleware, then web). Test failover regularly to validate timing and sequence.

About failover and failback in Azure Site Recovery - Modernized - Azure Site Recovery | Microsoft Learn

Hope this helps! thanks.
Bharath Y P 2,560 Reputation points Microsoft External Staff Moderator

2025-12-05T19:05:31.89+00:00

Hello Paul, I just wanted to kindly follow up to check if you had a chance to review my earlier response. I hope the information shared was helpful. Please feel free to reach out if you have any additional questions or need further clarification. If the answer addressed your query, it would be great if you could accept it and up-vote. This not only helps us but also makes it easier for other community members who might face the same issue.

1 answer

Your answer

Bharath Y P 2,560 Reputation points Microsoft External Staff Moderator

2025-12-05T19:05:31.89+00:00

Hello Paul, I just wanted to kindly follow up to check if you had a chance to review my earlier response. I hope the information shared was helpful. Please feel free to reach out if you have any additional questions or need further clarification. If the answer addressed your query, it would be great if you could accept it and up-vote. This not only helps us but also makes it easier for other community members who might face the same issue.

Answer 1

For your disaster recovery (DR) strategy using Azure Site Recovery (ASR) in a scenario where no virtual machines (VMs) are pre-provisioned in the DR region, here are some best practices and recommendations:

ASR Recovery Plan: Yes, using an ASR Recovery Plan is the recommended approach for orchestrating the end-to-end failover process. This includes the automatic creation of VMs in the DR region, sequencing their startup, and executing post-failover tasks such as load balancer and DNS updates. The Recovery Plan allows you to define the order in which VMs are brought online, ensuring that dependencies are respected.
Pre-Creation of Components: Microsoft supports having zero compute resources in the DR region. ASR can create all VMs automatically during a failover. However, consider pre-creating essential network components (like VNets, subnets, and NSGs) and potentially critical infrastructure components (like domain controllers) to ensure a smoother recovery process. Load balancers and SQL replicas can also be pre-configured if needed, but it is not mandatory.
SQL on Azure VMs: While ASR replication can be relied upon for DR, implementing SQL Server Always On Availability Groups (AG) is recommended for improved recovery point objectives (RPO) and recovery time objectives (RTO). If you choose to use SQL AG, you can integrate automated failover into your ASR Recovery Plans by scripting the failover process within the Recovery Plan's automation tasks.
Automation: Azure Automation Runbooks or Azure Functions are indeed recommended for performing tasks during failover, such as DNS updates and application warm-up. These tools can help automate the necessary configurations to ensure a seamless transition.
Official Samples: While the context does not specify a repository for ASR Recovery Plan automation scripts, you can typically find official Microsoft documentation and sample scripts through the Azure documentation portal.
Performance Considerations: For large environments with around 50 VMs, ASR is designed to handle bulk failover scenarios. However, it is advisable to review any documented limits or performance considerations specific to your deployment and test the failover process to ensure that it meets your expectations under load.

By following these guidelines, you can implement a cost-optimized DR solution that aligns with Microsoft’s best practices, ensuring that your ASR setup is effective and efficient.

References:

Share via

Best Practice for Azure DR using ASR When DR Region Should Not Host Any Pre-Provisioned VMs

1 answer

Your answer