Controlling Data Movement Using Azure Region Pairs
In this post, I will explain how Microsoft replicates data in very predictable ways, assuming that you want that data to be replicated.
What is “Inside Microsoft Teams”?
“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.
There are a lot of myths out there about Azure, such as Microsoft will replicate my virtual machines to a second region so that if there’s a problem in my region, all of my machines will stay online.
Sorry, that’s not true. If you want disaster recovery, you need to implement it yourself.
My personal favorite is this oldie: Why would I put my servers in the cloud where everyone can see them?
If you don’t understand the basic concepts of WAN, VPN, and firewall rules, then maybe IT isn’t for you!
The myth that inspired this post is: Microsoft moved my Azure data from Europe to the USA.
Actually, it didn’t. While running Azure training classes, I’ve noticed that newbies to Azure are quite sloppy about picking regions, often selecting the default, so I suspect that’s to blame.
How Microsoft Replicates Data
In Azure, data is replicated only if:
- You leave replication enabled by default: As with a site recovery vault where the resiliency is set to GRS instead of LRS by default. You can change this, but only before you start using the vault.
- You enable replication: You might switch a storage account from LRS to GRS to force replication of the contained data to another region, which by the way, is not a disaster recovery solution for virtual machines.
But where does Microsoft replicate your data to? Azure uses a system of paired regions, which is very clearly documented by Microsoft. Every region is exclusively paired with another region. For example, UK West is paired with UK South. This means that if I store something in one of those regions, and enable replication, I know that the replica will be in the other region, and not in US East where the NSA can poke around.
Microsoft is aware that there are situations where we do not like data to leave certain geographies. For example, customers in the European Union would not want their data replicated to the US and vice versa. Microsoft ensures, with one exception, that every region is in the same geography as its paired region. For example, North Europe and West Europe are paired and are both in the European Union where common data protection laws apply. There is one exception to this pairing; Brazil South must be replicated to South Central US because there is only one region in Brazil or South America.