Reliability in Azure Bastion
This article describes reliability support in Azure Bastion and covers both intra-regional resiliency with availability zones and information on cross-region recovery and business continuity.
For a more detailed overview of reliability in Azure, see Azure reliability.
Availability zone support
Azure availability zones are at least three physically separate groups of datacenters within each Azure region. Datacenters within each zone are equipped with independent power, cooling, and networking infrastructure. In the case of a local zone failure, availability zones are designed so that if the one zone is affected, regional services, capacity, and high availability are supported by the remaining two zones.
Failures can range from software and hardware failures to events such as earthquakes, floods, and fires. Tolerance to failures is achieved with redundancy and logical isolation of Azure services. For more detailed information on availability zones in Azure, see Regions and availability zones.
Azure availability zones-enabled services are designed to provide the right level of reliability and flexibility. They can be configured in two ways. They can be either zone redundant, with automatic replication across zones, or zonal, with instances pinned to a specific zone. You can also combine these approaches. For more information on zonal vs. zone-redundant architecture, see Recommendations for using availability zones and regions.
Bastion support for availability zones with a zone-redundant configuration is currently in preview.
Previously deployed Bastion resources may be zone-redundant and are limited to the following regions:
- Korea Central
- Southeast Asia
Prerequisites
For a zone-redundant deployment, your Bastion resource must be in one of the following regions:
- East US
- Australia East
- East US 2
- Central US
- Qatar Central
- South Africa North
- West Europe
- West US 2
- North Europe
- Sweden Central
- UK South
- Canada Central
SLA improvements
There's no change to pricing for availability zone support.
Create a resource with availability zones enabled
To choose a region for a zone-redundant configuration:
Go to the Azure portal.
-
- For Region, select one of the regions listed in the Prerequisites section.
- For Availability zone, select the zones.
Note
You can't change the availability zone setting after your Bastion resource is deployed.
Zone down experience
When a zone goes down, the VM and Bastion should still be accessible. See Reliability in Virtual Machines: Zone down experience for more information on the VM zone down experience.
Migrate to availability zone support
Migration from non-availability zone support to availability zone support isn't possible. Instead, you need to create a Bastion resource in the new region and delete the old one.
Cross-region disaster recovery and business continuity
Disaster recovery (DR) is about recovering from high-impact events, such as natural disasters or failed deployments that result in downtime and data loss. Regardless of the cause, the best remedy for a disaster is a well-defined and tested DR plan and an application design that actively supports DR. Before you begin to think about creating your disaster recovery plan, see Recommendations for designing a disaster recovery strategy.
When it comes to DR, Microsoft uses the shared responsibility model. In a shared responsibility model, Microsoft ensures that the baseline infrastructure and platform services are available. At the same time, many Azure services don't automatically replicate data or fall back from a failed region to cross-replicate to another enabled region. For those services, you are responsible for setting up a disaster recovery plan that works for your workload. Most services that run on Azure platform as a service (PaaS) offerings provide features and guidance to support DR and you can use service-specific features to support fast recovery to help develop your DR plan.
Azure Bastion is deployed within virtual networks or peered virtual networks, and is associated with an Azure region. You're responsible for deploying Azure Bastion to a Disaster Recovery (DR) site virtual network.
If there's an Azure region failure:
Perform a failover operation for your VMs to the DR region. For more information on diaster recovery failover for VMs, see Reliability in Azure Virtual Machines.
Use the Azure Bastion host that's deployed in the DR region to connect to the VMs that are now deployed there.
Related content
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for