I had a customer ask whether it was possible to perform scripted customizations against a recovery VM after an Azure Site Recovery (ASR) fail-over. The catch was that they didn’t necessarily know whether Remote PowerShell ports (5985/5986) would be open on recovery VM nor could they guarantee they’d have valid credentials for accessing the VM with administrative privileges. In this case, the Azure Custom Script Extension fits the requirements perfectly.
The Custom Script Extension downloads and executes scripts on Azure virtual machines. This extension is useful for post deployment configuration, software installation, or any other configuration / management task. Scripts can be downloaded from Azure storage or GitHub, or provided to the Azure portal at extension run time. This means you can create a script to perform the customizations, store that script in Azure Blob Storage and then use an Azure Automation Runbook as part of the ASR Recovery Plan to install the extension in the VM post-failover.
High-level steps and resources:
- Create the script which will perform the VM changes and upload to Azure Blob Storage.
- Setup an Azure Automation account – https://docs.microsoft.com/en-us/azure/automation/automation-offering-get-started. The Automation account can be in any Azure region. The Automation account must be in the same subscription as the Azure Site Recovery vault.
- Create a runbook in Azure Automation which should do the following:
- Receive the Recovery Plan context from ASR as a parameter.
- Authenticate to the Azure subscription using a RunAsConnection or RunAsCertificate
- Using the VM information supplied by ASR in the Recovery Plan Context, use the Set-AzureRmVMCustomExtension cmdlet to install the Custom Script Extension on the VM using the script from Step #1.
- You can use runbook variables to pass in details about the storage account to use, the name of the script, etc. Here is a sample runbook to use as a starting point: CSEASRRunbook.
- Add the runbook to the ASR Recovery Plan as a post-failover step as documented here: https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-runbook-automation.
In researching this, I also found a post on the Azure blog which provides a runbook that takes the script as an input and builds the script file, uploads it to Azure and configures the Custom Script Extension. It’s a bit more involved than this simple example as it saves you the effort of building the script and uploading to Azure Blob Storage ahead of time. You can check it out at https://azure.microsoft.com/en-in/blog/azure-automation-run-tasks-on-azure-virtual-machines-without-opening-ports/.