Create Tridion DR SITE IN AZURE

Overview

One of the responsibilities of managing a corporate website with international businesses and web presence means I need to make sure the site is always up and functional, ALL THE TIME! and when you have very limited resources, this becomes an opportunity to implement a new solution, something I enjoy doing :)

I already have an extensive monitoring solutions to receive email notifications when any resource in the environment is in a critical state, machine is down, high CPU usage, website availability, application errors.... but as long as you don't have someone checking emails 24 hours and actually being able to fix the problem then these notifications remain unreliable.

I wanted to implement a "cheap" disaster recovery site that is up to date with the live website -as much as possible- and reliable in a way that gives me enough time to respond if the site goes down, think 11pm or even worse at 4:00am my on-premises site goes down!

My website is an ASP.NET web application that uses SDL Tridion as its CMS, it's hosted on-premises and load balanced across multiple servers. A single HTML maintenance page was hosted on AWS and configured as a DR site on the load-balancer.

Building a Tridion Content Delivery environment in an Azure virtual machine shouldn't be a hard task, as long as you are familiar with working with virtual machines in Azure, if not this post will walk you through the process. Synchronizing the on-premises data (Database + file system) is an interesting part to keep the DR site up to date with the live site as reasonably possible, for me this is a daily sync as usually my site doesn't change much in 1 day.

Table of Contents

Architecture

Setup

Create a Virtual Machine in Azure

Install Tridion Content Delivery components

Deploy Website and Broker Service

Create Azure SQL Database

Create Blob Storage Account

Configuration

Tridion Configuration

Install Tridion License

Configure Tridion Broker database

Website Configuration

Azure Configuration

NetScaler configuration

Data Synchronization

Azure SQL Database Sync from on-premises

Synchronize Published Content

Version control

Architecture

We are using the new Azure portal Resource Manager throughout this post for creating any of our resources in Azure (VM, Storage account, SQL Database...)

To better understand the difference between Azure Resource Manager Deployment (ARM) and Azure Service Management (ASM/Classic) see Azure documentation here

The image below shows the architecture of the implementation in Azure using a mix of Azure PaaS and IaaS services

Tridion-Azure DR Architecture

We will be creating a VM in Azure to deploy Tridion Content Delivery (CD) server and our ASP.NET web application. Although Tridion 2011 doesn't mention support for Azure SQL Database, the CD database worked perfectly fine with Azure SQL Database for my published content and I didn't need to manually install MS SQL Server, this especially makes the solution very attractive as Microsoft has an Azure SQL Sync feature that although is still in preview it works perfectly great for keeping my Azure Database synchronized with my on- Premises database.

In order to move the on-premises data into Azure, I used AZ Copy and windows scheduler to copy and sync the published file content from the production environment to an Azure Blob storage, and I used Azure SQL Data Sync to create my database schema in Azure and sync the content from the production Tridion database.

Setup

Create a Virtual Machine in Azure

A D1 instance VM is good enough for my need, it provides enough memory for hosting Tridion and the ASP.NET Web App and has enough storage for my published content. I can always scale up if more resources are needed but the site is intended to run when there is a "disaster" which I am hoping it is a rare case!

Here are the general steps to create the VM, for a complete reference check Azure documentation:

  1. From the Azure Portal create a new Windows Server 2008 R2 SP1
  2. In the Basics screen, make sure to select “Resource Manager” in the select deployment model drop down box.
  3. Click create and fill up the “Name”, “User name”, “Password” and “Resource group”, make sure to create a new resource group that you will use for other resources related to the DR site
  4. In the Size screen, select the D1 standard tier
  5. In the Settings screen you can leave the defaults as below, we’ll configure Endpoint at a later time
  6. The summary screen should look something like this:

enter image description here

Install Tridion Content Delivery components

You should follow Tridion installation manual to deploy Tridion CD Server on the Azure VM or even better take an image of one of the production on-premises VMs and attach the VHD to the Azure VM but this requires some work across teams and could take a while, in my case the fastest solution was to copy the Tridion CD files from my production environment, you can use AZ Copy or even using Remote Desktop Connection and share the local disk drive to copy directly from the Azure VM, see how you can do this in this MS KB article.

Follow these steps to configure Tridion on the Azure VM:

  1. Copy the Tridion Bin, Lib and Config folders from the Tridion Content Delivery Installation media or from another content delivery environment to a “Tridion” folder (e.g. C:\Program Files (x86)\Tridion)
  2. In the System Advanced Settings, set the environment variable “TRIDION_HOME” to the folder copied in previous step, example:
    • Variable name: TRIDION_HOME
    • Variable Value: c:\Program Files (x86)\Tridion5. Install Java Virtual Machine runtime “jre-6u45-windows-i586”

Deploy Website/Web Services

Install IIS on the VM and deploy the website and any web services that you use to the Azure VM

You can use any web deployment method (e.g. TFS Build, Web deploy or manual copy). In my case, I had an on-premises TFS server and build definitions with custom MS build script to build and deploy to all my environments so I just added a new build definition to deploy my code to IIS in the Azure VM. you might need to work with your security team to open the MS Deploy ports if you are planning to deploy from on- premises network.

Create Azure SQL Database

We will be using Azure SQL Database as the Tridion broker DB. I used S0 Standard tier which is a cheap option that offers plenty of storage and minimum amount of DTUs which should work for a DR site.

  1. From the Azure portal, create a SQL database
  2. Create a new DB Server
  3. Select the S0 Standard tier as the pricing tier, this should be enough for our requirements
  4. Make sure you select the same resource group used when creating the VM

For a step by step direction check Azure documentation

Create Storage Account

The storage account will be used as buffer to move the published content from on-premises VM to the Azure VM

  1. Create a new storage account to use for the published content from Tridion (images, PDFs, XML, ASPX...)
  2. Make sure to use the same resource group you created when creating the VM

For information about creating Storage account, check this link: About Azure storage accounts

Configuration

Tridion Configuration

Install Tridion License

  1. Request a new license from SDL support portal for the new VM.
  2. Copy the license to the Tridion installation directory under the “config” folder, make sure it has the name “cd_licenses.xml”
  3. Make sure any reference in other config files to a license file is commented out (cddeployerconf.xml, cdlinkconf.xml, cdsotrageconf.xml and cdwaiconf.xml), Tridion will use the “config” folder by default

Configure Tridion Broker database

  1. Open cd_storage config and update DB storage connection information with Azure SQL DB database created earlier
  2. You can get all information from the Azure portal and the connection string (e.g. Server=tcp:tridionxxxxx.database.windows.net,1433;Database=Trid- xxxxxxxxUser ID={userName} @tridxxxx;Password={yourpasswordhere};Encrypt=True;TrustServer Certificate=False;Connection Timeout=30;

Azure Configuration

In order to make the site accessible from the internet we need to define an inbound endpoint rule to allow requests from the internet to our newly created website.

  1. In the Azure Portal, go to the VM settings blade and click on network interfaces then select the default one already created
  2. From the Network interface blade, click on the “Network security group”, then “Settings”
  3. Click on “Inbound security rules” and add a new rule that allow requests to destination port 80 from any ( * ) source.

Azure NSG

For more information check this Azure Network Security Group Documentation

NetScaler configuration

This setting is a quick way to configure NetScaler to redirect all traffic to our Azure website if all load-balanced servers are down.

  1. Login to NetScaler portal and navigate to “Traffic Management” “Virtual Servers”
  2. Locate and click the group that has your load balanced virtual servers then select “Edit”
  3. In the “Protection” panel, click “edit” and update the “Redirect URL” with the DNS name that maps to the virtual server public IP (e.g. http://mytridiondrsite.eastus.cloudapp.azure.com/)

Citrix Netscaler DR

To find the DNS name of the server, from the Azure portal in the virtual machine blade, select the VM then click on the “public IP Address/DNS name label” to open the public IP address blade then copy the DNS name value:

Azure PIP

Data Synchronization

In order to copy the published content data from production environment to the DR site we need to synchronize the Broker database and the published content folder for the website.

Azure SQL Database Sync from on-premises

We will use the SQL database Sync feature in Azure to synchronize the production broker database with our Azure SQL Database we created earlier.

Check Azure documentation for a complete reference of Azure SQL Data Sync feature: https://azure.microsoft.com/en-us/documentation/articles/sql-database-get-started-sql-data-sync/#step-1-connect-to-the-azure-sql-database

  1. In the classic portal navigate to the “SQL Databases” and select “Sync” from the top menu
  2. Click on “ADD SYNC” from the bottom toolbar then click on “New Sync Agent”

Azure SQL Data Sync

  1. Click on “install one here” to download the SQL Azure Database Sync Agent
  2. Install the tool on an on-premises VM that can connect to the Tridion Broker SQL database
  3. After installation, register the Tridion Broker database in the tool and make sure it is reachable

Azure Data Sync Agent

  1. Back to the Azure portal, enter the name of the agent (e.g. tridbrokerdbsyncagent) then OK.
  2. Click on “Manage Key” to generate a key that will be submitted to the agent tool
  3. Copy the generated key, back to the Data Sync Agent tool, click on “Submit Agent Key”, paste the key and click OK.
  4. Click on “Ping Sync Service” to ensure the connection is valid Now our on-premises database is reachable from Azure and is ready to synchronize with our Azure SQL Database. To do that we need to create a Sync group
  5. From the Azure portal, click on “ADD SYNC” then “New Sync Group”
  6. Call it trid-broker-syncgroup, select the same region for our DB server and VM “e.g. East US” then next
  7. In the Hub Database drop down, select the database we created in Azure and enter the user name and password to connect to that database
  8. Since we are Synchronizing one database there shouldn’t be any conflicts but you can select “Client Wins” for the Conflict Resolution field.
  9. From the next screen, select the agent database “TridionBrokerxxxx” as the reference database and “Sync to the Hub” from the Sync direction.
  10. Once the sync group is created, click on it then navigate to the SYNC RULES screen
  11. Click on “define sync rules” and select the on-premises “TridionBrokerxxxx”
  12. This will get all the tables in the database, from the bottom toolbar click “SELECT” then “Select all the columns in all the tables”

Azure Data Sync Select All Columns

  1. Save your changes then click “Sync” to test your setup
  2. Once successful, navigate to the “CONFIGURE” tab and turn on “Automatic Sync” and set the frequency to 1 day

enter image description here

Synchronize Published Content

We will use “AZ Copy” to copy the published content folder to the Azure Blob storage account we created earlier, then we will copy again from the Azure Blob storage into the Azure VM disk.

We can reduce the effort of double copying by using Azure File Storage and map a network drive on the Azure machine to the published content folder. However, issues related to access permissions from the web application to the mounted drive prevented this solution.

*The access permission issue is caused by the implementation of the website not because of a limitation in Azure. You can still use this feature in your web application by persisting connections to the Azure File Storage account.

For more information about installing and using “AZ Copy” check this link: https://azure.microsoft.com/en-us/documentation/articles/storage-use-azcopy/

  1. Download AZ Copy and install it on the production server where the content is published
  2. In Windows Task scheduler create a new task, set the name to “Published Content Azure Sync” and the user account to “NT Authority\NETWORK SERVICE”
  3. In the Triggers tab, click “New” and choose a setting to copy on a schedule (e.g. daily at 09:00 pm)
  4. In the actions tab, select start a program and enter the following fields:
    • Program/Script: azcopy
    • Add arguments: /source:"e:\wwwroot\published content \Website" /dest:https:// {storeAccountName}.blob.core.windows.net/publishedcontent / DestKey:{storageKey} /S /XO /Y
    • Start in: E:\Program Files (x86)\Microsoft SDKs\Azure\AzCopy
  5. You can setup other advanced options but this should be enough to copy our content to the azure storage account
  6. Run this task manually to ensure that files/folders are copied successfully to the Azure Blob storage.

Now, we need to run the same steps on the Azure VM to copy from the Blob storage to local disk

  1. Download and install “AZ Copy” to the Azure VM
  2. Follow the same steps of “copying from on-premises to Azure Blob” to create a scheduled job that copy from Azure Blob to local disk using these parameters:
    • Program/Script: azcopy
    • Add arguments: /source:https:// {storageAccountName}.blob.core.windows.net/ publishedcontent /dest:"c:\wwwroot\published content\Website" / SourceKey:{storageAccountKey} /S /XO /Y
    • Start in: E:\Program Files (x86)\Microsoft SDKs\Azure\AzCopy