Link to home
Avatar of David Mundt
David MundtFlag for United States of America

asked on

Hyper-V to Azure ASR Replication and Bitlocker Drives

Hello, I've recently started using Azure ASR as a DR solution. We have one customer that requires us to host their data separate from our other data and to keep it encrypted. I've got their data on it's own VHD and it is encrypted with Bitlocker.

I set up out Hyper-V server to replicate to Azure and upon testing the failover I discovered that the encrypted drive is there but there is no data present. I've asked on the MSDN forums and the answer I got was that Bitlocker is not supported with ASR.

My dilemma is I've got to have this drive encrypted but I need to replicate it to and have it available for failover in ASR. Does anyone have any thoughts on this?

Thanks,
David
Avatar of btan
btan

The MS article stated not supported too and I believe it is not straightforward for HDD encryption since the DR will also means the bitlocker crypto keys (including recovery) has to DR over and this is definitely going to be thought through thoroughly . Also Bitlocker using tpm is most secure but can be challenging when VHD virtual instance has to be h/w binding - I think it is tough since we are talking of such security h/w are not supposed to be duplicated and tamperproof with secure firmware ...

https://azure.microsoft.com/en-us/documentation/articles/site-recovery-vmware-to-azure/
Azure virtual machines      

Virtual machines you want to protect should conform with Azure prerequisites.
Disk count—A maximum of 31 disks can be supported on a single protected server
Disk sizes—Individual disk capacity shouldn't be more than 1023 GB
Clustering—Clustered servers aren't supported
Boot—Unified Extensible Firmware Interface(UEFI)/Extensible Firmware Interface(EFI) boot isn't supported

Volumes—Bitlocker encrypted volumes aren't supported

Server names—Names should contain between 1 and 63 characters (letters, numbers and hyphens). The name must start with a letter or number and end with a letter or number. After a machine is protected you can modify the Azure name.
http://www.aidanfinn.com/?p=18255
Source machines must comply with Azure VM requirements:

Disc count: maximum of 32 disks per protected source machine
Individual disk capacity of no more than 1023 GB
Clustered servers not supported
UEFI/EFI boot not supported
BitLocker encrypted volumes not supported
What version of Hyper-V on-premises? Are the VMs gen 1 or gen 2?

When the VM is spooled up in Azure do you get the BitLocker Recovery Key black screen prompt?

Is the BitLocker AD management component enabled?
ASKER CERTIFIED SOLUTION
Avatar of btan
btan

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial