Reliability in Azure DDoS Network Protection
This article describes reliability support in Azure DDoS Network Protection, and both regional resiliency with availability zones and cross-region recovery and business continuity. For a more detailed overview of reliability in Azure, see Azure reliability.
Availability zone support
Azure availability zones are at least three physically separate groups of datacenters within each Azure region. Datacenters within each zone are equipped with independent power, cooling, and networking infrastructure. In the case of a local zone failure, availability zones are designed so that if the one zone is affected, regional services, capacity, and high availability are supported by the remaining two zones.
Failures can range from software and hardware failures to events such as earthquakes, floods, and fires. Tolerance to failures is achieved with redundancy and logical isolation of Azure services. For more detailed information on availability zones in Azure, see Regions and availability zones.
Azure availability zones-enabled services are designed to provide the right level of reliability and flexibility. They can be configured in two ways. They can be either zone redundant, with automatic replication across zones, or zonal, with instances pinned to a specific zone. You can also combine these approaches. For more information on zonal vs. zone-redundant architecture, see Recommendations for using availability zones and regions.
Azure DDoS Protection is zone-redundant by default and is managed by the service itself. You don't need to configure or setup zone redundancy yourself.
Cross-region disaster recovery and business continuity
Disaster recovery (DR) is about recovering from high-impact events, such as natural disasters or failed deployments that result in downtime and data loss. Regardless of the cause, the best remedy for a disaster is a well-defined and tested DR plan and an application design that actively supports DR. Before you begin to think about creating your disaster recovery plan, see Recommendations for designing a disaster recovery strategy.
When it comes to DR, Microsoft uses the shared responsibility model. In a shared responsibility model, Microsoft ensures that the baseline infrastructure and platform services are available. At the same time, many Azure services don't automatically replicate data or fall back from a failed region to cross-replicate to another enabled region. For those services, you are responsible for setting up a disaster recovery plan that works for your workload. Most services that run on Azure platform as a service (PaaS) offerings provide features and guidance to support DR and you can use service-specific features to support fast recovery to help develop your DR plan.
Disaster recovery in multi-region geography
You can choose one of two approaches to managing business continuity for DDoS Protection over your VNets. The first approach is reactive and the second approach is proactive.
- Reactive business continuity plan. Virtual networks are fairly lightweight resources. In the case of a regional outage, you can invoke Azure APIs to create a VNet with the same address space, but in a different region. To recreate the same environment that was present in the affected region, you'll need to make API calls to redeploy primary region VNet resources. If on-premises connectivity is available, such as in a hybrid deployment, you must deploy a new VPN Gateway, and connect to your on-premises network.
Note
A reactive approach to maintaining business continuity always runs the risk that you may not have access to the primary region's resources, due the extent of the disaster. In that case, you'll need to recreate all of the primary region's resources.
- Proactive business continuity plan. You can create two VNets using the same private IP address space and resources in two different regions ahead of time. If you are hosting internet-facing services in the VNet, you could set up Traffic Manager to geo-route traffic to the region that is active. However, you cannot connect two VNets with the same address space to your on-premises network, as it would cause routing issues. At the time of a disaster and loss of a VNet in one region, you can connect the other VNet in the available region, with the matching address space to your on-premises network.
To create a virtual network, see Create a virtual network.
Disaster recovery in single-region geography
For single region geographies in a disaster scenario, the virtual network and the resources in the affected region remains inaccessible during the time of the service disruption.