High Availability for Azure Private endpoints when using service like ACR and CosmosDB with replication

Divya Konasani 1 Reputation point
2022-04-21T19:35:15.667+00:00

Hi,

I am looking for guidance on how the private endpoint will behave when we enable geo replication on services like ACR and cosmosdb.

For Example:

We create a cosmodb account in centralus and enable replication in eastus2. And we create a private endpoint in Centralus. The cosmosdb will have the following FQDNS on the private endpoint

Azure Cosmos DB
Azure Cosmos DB
An Azure NoSQL database service for app development.
1,526 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Oury Ba-MSFT 17,786 Reputation points Microsoft Employee
    2022-04-21T23:08:58.583+00:00

    @Divya Konasani Thank you for posting your query on Microsoft Q&A and for using Azure services.

    My understanding is that you are looking to know according to the above scenario if you application will still traverse central us region even though the preferred location is east us. And what happened if the whole central region is down with private endpoint enable on central us. Please let me know if my understanding is not correct.
    The answer to your question is private endpoints are transparent to the application. If you select east us as your preferred locations, then the request will go to east us locations. If the region goes down, failover will happen as expected. Achieve high availability with Cosmos DB
    Coming to Azure container register I saw the tags was added below the question. I will check with the team if that is the similar behavior.

    Regards,
    Oury

    0 comments No comments

  2. Divya Konasani 1 Reputation point
    2022-04-22T00:14:10.963+00:00

    Hi @Oury Ba-MSFT

    Thanks for responding to this question.

    Your understanding is mostly correct.

    I understand that failover endpoint is transparent to the application and if we use the cosmos primary fqdn it takes care of the failover. But my disconnect is with the private endpoint. Let’s say our private endpoint is in central us that means it gets an ip in central us. Now if we set preferred locations even to east us, that fqdn still has an ip address from central region as the private endpoint is in central. So my understanding is the request will still travel to central. Is that not true?


  3. Oury Ba-MSFT 17,786 Reputation points Microsoft Employee
    2023-12-27T19:47:44.2033333+00:00

    Schroeder, Michael (CTR)

    When using Private Endpoint, a Private IP is assigned to each FQDNs belonging to the customer account, regardless of the location of the private endpoint. This includes are regional endpoints and global endpoints. This is briefly mentioned here:

    Configure Azure Private Link for Azure Cosmos DB | Microsoft Learn

     In the case of the question, the FQDNs would look like: 

    accountname.documents.azure.com

    accountname-eastus.documents.azure.com

    accountname-centralus.documents.azure.com

    If a failover occurs, changing the write region from Central US to East US, the Cosmos DB SDK will be able to switch to the new region because a Private IP already exists for the East US region. Also, the documentation has more information about how adding or removing a region works.

    Regards,

    Oury

    0 comments No comments