Anyone have experience or thoughts on Azure Site Recovery services?

A friend of mine is in the process of upgrading his server.
One of the proposals he has received included Azure Site Recovery (ASR) as a business continuity solution. I’m just wondering if anyone has any experience of using this service?
My initial response to him was a security concern. I’m not sure how it works but I’m thinking it’s a copy of the VMs that are going to be on his server. The VMs are then sync’ed/replicated but not kept in a live state. If there is a problem on site the solution provider will spin up the VMs and redirect local DNS etc to the ASR. That’s how I think it works?
If that’s the case then he should be worried about the security of the VMs and where they are stored. Surely it would be good practice to setup a virtual site to site VPN aswell. Of course you still don’t know who is looking after the security on the ASR and if they have implemented it correctly.

I’m just wondering if anyone has any thoughts or experience with this as a solution? I’m thinking it would be safer to use something like xcp-ng and xen orchestra to create a similar setup in an off-site location. Setup a locked down vpn between the 2 sites etc That way he would know who had access to that server and had full control. Am I being overly cautious (is there such a thing?
I’d appreciate your thoughts.


I have worked with Azure a lot and don’t see any issues unless you open it to the world. Since this is a service the provider would be responsible for the security, but they might provide read access to the resource group so it can be audited.