Staging DR drills

MashaMSFT · MashaMSFT · commit c6f11396eca3 · 2025-05-05T12:32:36.000-07:00
diff --git a/azure-sql/managed-instance/disaster-recovery-drills.md b/azure-sql/managed-instance/disaster-recovery-drills.md
@@ -4,7 +4,7 @@ description: Learn guidance and best practices for using Azure SQL Managed Insta
 author: Stralle
 ms.author: strrodic
 ms.reviewer: wiassaf, mathoma
-ms.date: 06/25/2024
+ms.date: 05/05/2025
 ms.service: azure-sql-managed-instance
 ms.subservice: high-availability
 ms.topic: conceptual
@@ -16,13 +16,14 @@ ms.topic: conceptual
 > * [Azure SQL Database](../database/disaster-recovery-drills.md?view=azuresql-db&preserve-view=true)
 > * [Azure SQL Managed Instance](disaster-recovery-drills.md?view=azuresql-mi&preserve-view=true)
 
-It's recommended to periodically test and validate that applications are ready for a recovery workflow. Verifying the application behavior and implications of data loss and/or the disruption that failover involves is good engineering practice. It is also a requirement by most industry standards as part of business continuity certification.
+You should periodically test and validate that applications are ready for a recovery workflow. Verifying the application behavior and implications of data loss and/or the disruption that failover involves is good engineering practice. It's also a requirement by most industry standards as part of business continuity certification.
 
 Performing a disaster recovery drill consists of:
 
 * Simulating data tier outage
 * Recovering
-* Validate application integrity post recovery
+* Validate application integrity post recovery 
+* Fail back to the original instance (optional)
 
 Depending on how you [designed your application for business continuity](business-continuity-high-availability-disaster-recover-hadr-overview.md), the workflow to execute the drill can vary. This article describes the best practices for conducting a disaster recovery drill in the context of Azure SQL Managed Instance.
 
@@ -41,11 +42,15 @@ To simulate the outage, you can rename the source database. This name change cau
 
 ### Validation
 
-Complete the drill by verifying the application integrity post recovery (including connection strings, logins, basic functionality testing, or other validations part of standard application signoffs procedures).
+Complete the drill by verifying the application integrity post recovery (including connection strings, logins, basic functionality testing, or other validations part of standard application sign off procedures).
+
+### Fail back 
+
+With geo-restore, fail back consists of repointing the application to the original instance. 
 
 ## Failover groups
 
-For an instance protected by failover groups, the drill exercise involves planned failover to the secondary instance. The planned failover ensures that the primary and the secondary instances in the failover group remain in sync when the roles are switched. Unlike the unplanned failover, this operation does not result in data loss, so the drill can be performed in a production environment.
+For an instance protected by failover groups, the drill exercise involves planned failover to the secondary instance. The planned failover ensures that the primary and the secondary instances in the failover group remain in sync when the roles are switched. Unlike the unplanned failover, this operation doesn't result in data loss, so the drill can be performed in a production environment.
 
 Configure your failover group with the [failover policy](failover-group-sql-mi.md#failover-policy) that suits your business need, and test failover regardless of how your failover policy is configured. For more information, review [test failover](failover-group-configure-sql-mi.md#test-failover). A customer-managed failover policy is recommended to give you control over the failover process.
 
@@ -67,6 +72,42 @@ To simulate the outage, you can disable the web application or virtual machine c
 
 Complete the drill by verifying the application integrity post recovery (including connectivity, basic functionality testing, or other validations required for the drill signoffs).
 
+### Fail back
+
+To fail back, perform a planned failover of the failover group back to the original primary instance. Since the application is already configured to point to the failover group endpoint, no further changes are needed. The failover group endpoint  automatically routes traffic to the new primary instance after the failover.
+
+Fail back is optional. If you don't need to fail back, you can keep the secondary instance as the new primary instance.
+
+## Managed Instance link
+
+It's possible to use a [Managed Instance link](managed-instance-link-disaster-recovery.md) for disaster recovery. Two-way failover is only supported with SQL Server 2022, and instances configured with the [SQL Server 2022 update policy](update-policy.md#sql-server-2022-update-policy). SQL Server 2019 and earlier versions support one-way failover only and fail back to SQL Server isn't supported. 
+
+This sections describes how to perform a disaster recovery drill with SQL Server 2022. When using a [Managed Instance link](managed-instance-link-disaster-recovery.md) for disaster recovery, the drill exercise involves planned failover to the secondary instance. The planned failover ensures that the primary and the secondary instances in the Managed Instance link remain in sync when the roles are switched. Unlike the unplanned failover, this operation doesn't result in data loss, so the drill can be performed in a production environment. 
+
+### Outage simulation
+
+To simulate the outage, disable client connections to the primary replica of the database replicated via link. This outage simulation results in the connectivity failures for the database clients (applications).
+
+### Recovery
+
+For recovery, do the following:
+
+1. Initiate a [planned link failover](managed-instance-link-failover-how-to.md) to the secondary instance.
+1. Repoint the impacted applications to the new primary instance.
+
+### Validation
+
+For validation, do the following: 
+
+1. Perform application connectivity and read/write tests on the new primary instance.
+1. Optionally, validate that the test data written during the drill is replicated to the secondary instance.
+
+### Fail back
+
+To fail back, perform a planned failover of the Managed Instance link back to the original primary instance. After failover, the application must be repointed to the original primary instance. 
+
+Fail back is optional. If you don't need to fail back, you can keep the secondary instance as the new primary instance.
+
 ## Related content
 
 To learn more, review: 
