Classic VM (ASM) to ARM Using Azure Site Recovery (ASR) V2 – Part 7: Post-Failover

In the last part for this series, we will tie up all the loose ends after a successful ASR Unplanned Failover.

In the previous parts for this series:

As you probably already noticed, after the failover has finished, our new ARM VM got created on its own Resource Group (named after the VM name) with only the NIC attached to it (with no Public IP and Network Security Group).


Another issue which we already mentioned in the previous post is the VM size which currently configured with the default ASR compute setting – A5 Standard.


I know, a bit funky but remember that ASR V2 is still in preview. I encourage you to leave a feedback in the Azure portal. Trust me when I say that those feedbacks are getting noticed.


Before starting to fix things, shutdown the VM.  Luckily for you I’ve created the following “ASR Post-Failover” PowerShell script. Before executing the script, you will need to install Azure PowerShell modules. I purposely included my own parameters and variables so it will be easy for you to get your head around the context.

[sourcecode language=”powershell”]

# Map environment variables
$SourceRG = “LKRG-App-ARM-01”

$DestRG = “LKRG-Apps-WE”

$VMName = “LKRG-App-ARM-01”

$NICName = “LKRG-App-ARM-01adf3dd48-4b79-4f5f-ab3f-f357070c24f1”

$NewVMSize = “Standard_D2_v2”

$NewVMPublicIP = “LKRG-App-ARM-01-PIP”


$SecurityRulePriority = 100

$SecurityRuleName = “allow-inbound-RDP”

$SecurityRuleDescription = “Allow inbound RDP connections”

$SecurityRulePort = 3389

# Map all the resources need to be moved to a new Resource Group

$SourceVM = Get-AzureRmResource -ResourceGroupName $SourceRG -ResourceName $VMName

$SourceNIC = Get-AzureRmResource -ResourceGroupName $SourceRG -ResourceName $NICName

# Move all resources to the destination Resource Group

Move-AzureRmResource -DestinationResourceGroupName $DestRG -ResourceId $SourceVM.ResourceId -Force -ErrorAction SilentlyContinue

Move-AzureRmResource -DestinationResourceGroupName $DestRG -ResourceId $SourceNIC.ResourceId -Force -ErrorAction SilentlyContinue

# Create a Public IP and associate it with the VM NIC

$PIP = New-AzureRmPublicIpAddress -Name $NewVMPublicIP -ResourceGroupName $DestRG -AllocationMethod Dynamic -Location westeurope

$NIC = Get-AzureRmNetworkInterface -ResourceGroupName $DestRG -Name $NICName

$NIC.IpConfigurations[0].PublicIpAddress = $PIP

Set-AzureRmNetworkInterface -NetworkInterface $NIC

# Create a Network Security Group (NSG) with RDP inbound rule and associate it with the VM NIC

$SecurityRules = New-AzureRmNetworkSecurityRuleConfig -Name $SecurityRuleName -Description $SecurityRuleDescription -Access Allow -Protocol “TCP” -Direction Inbound -Priority $SecurityRulePriority -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange $SecurityRulePort

$NSGRules = New-AzureRmNetworkSecurityGroup -Name $NewVMNSG -ResourceGroupName $DestRG -Location westeurope -SecurityRules $SecurityRules -Force

$NSG = Get-AzureRmNetworkSecurityGroup -ResourceGroupName $DestRG -Name $NewVMNSG

$NIC = Get-AzureRmNetworkInterface -ResourceGroupName $DestRG -Name $NICName

$NIC.NetworkSecurityGroup = $NSG

Set-AzureRmNetworkInterface -NetworkInterface $NIC | Out-Null

# Resize ARM VM

$VM = Get-AzureRmVM -ResourceGroupName $DestRG -Name $VMName

$VM.HardwareProfile.vmSize = $NewVMSize

Update-AzureRmVM -ResourceGroupName $DestRG -VM $VM | Out-Null

#Start the VM

Start-AzureRmVM -ResourceGroupName $DestRG -Name $VMName

Notice that while resources are being moved, both the source and the destination Resource Groups will change status.


That’s it! The script did its thing and you now have an updated target Resource Group with a connectable ARM VM located in a new region.


I really hope you enjoyed this 7-part series and find it useful  🙂


Be the first to comment

Leave a Reply