Controlling Data Movement Using Azure Region Pairs
In this post, I will explain how Microsoft replicates data in very predictable ways, assuming that you want that data to be replicated.
Read the Best Personal and Business Tech without Ads
Staying updated on what is happening in the technology sector is important to your career and your personal life but ads can make reading news, distracting. With Thurrott Premium, you can enjoy the best coverage in tech without the annoying ads.
There are a lot of myths out there about Azure, such as Microsoft will replicate my virtual machines to a second region so that if there’s a problem in my region, all of my machines will stay online.
Sorry, that’s not true. If you want disaster recovery, you need to implement it yourself.
My personal favorite is this oldie: Why would I put my servers in the cloud where everyone can see them?
If you don’t understand the basic concepts of WAN, VPN, and firewall rules, then maybe IT isn’t for you!
The myth that inspired this post is: Microsoft moved my Azure data from Europe to the USA.
Actually, it didn’t. While running Azure training classes, I’ve noticed that newbies to Azure are quite sloppy about picking regions, often selecting the default, so I suspect that’s to blame.
How Microsoft Replicates Data
In Azure, data is replicated only if:
- You leave replication enabled by default: As with a site recovery vault where the resiliency is set to GRS instead of LRS by default. You can change this, but only before you start using the vault.
- You enable replication: You might switch a storage account from LRS to GRS to force replication of the contained data to another region, which by the way, is not a disaster recovery solution for virtual machines.
But where does Microsoft replicate your data to? Azure uses a system of paired regions, which is very clearly documented by Microsoft. Every region is exclusively paired with another region. For example, UK West is paired with UK South. This means that if I store something in one of those regions, and enable replication, I know that the replica will be in the other region, and not in US East where the NSA can poke around.
Microsoft is aware that there are situations where we do not like data to leave certain geographies. For example, customers in the European Union would not want their data replicated to the US and vice versa. Microsoft ensures, with one exception, that every region is in the same geography as its paired region. For example, North Europe and West Europe are paired and are both in the European Union where common data protection laws apply. There is one exception to this pairing; Brazil South must be replicated to South Central US because there is only one region in Brazil or South America.