Deploy virtual machines on Azure in multiple datacenters

  • Article

 

Applies to: Office 365

Summary: Describes an Office 365 deployment scenario in which virtual machines are deployed to more than one Azure datacenter.

We're listening to your feedback and consolidating all our Office 365 deployment content. On July 1st, 2015, all information in this guide will be moved to https://support.office.com/, and these pages will be removed from TechNet. As you review the content still on TechNet, you'll notice many have links pointing to the new content already on https://support.office.com/.

To explore content available on https://support.office.com/, start with the Office 365 for business - Admin Help page.

You have the option to deploy Azure Virtual Machines in multiple Microsoft Azure datacenters across multiple geographic regions. The Azure Traffic Manager can distribute authentication traffic across those datacenters. This enables users to use the Active Directory Federation Services (AD FS) service closest to their location, avoiding network latency issues and logon delays.

Deploying virtual machines to multiple datacenters

We recommend a single datacenter deployment for most customers because duplicating services to a second datacenter increases complexity and costs, but only marginally improves authentication performance and availability.

Azure provides 99.9 percent availability for its individual components. When deploying redundant role instances in different fault and upgrade domains, Internet-facing roles are expected to be available at least 99.95 percent of the time. For more information, see the Service Level Agreements.

The following figure shows the high-level architecture for the scenario in which you deploy to multiple datacenters.

Figure 1. Directory components deployed in multiple Azure datacenters

Directory components in multiple datacenters

Deploying to multiple datacenters with Azure is a simple process; however, there are some drawbacks to that implementation:

  • You need to deploy domain controller replicas in every datacenter.

  • A separate virtual private network (VPN) connection is required from every datacenter to your on-premises network.

  • All virtual networks (and the associated replication traffic) are isolated from one another. This isolation generates larger amounts of outbound traffic than a single virtual network to a single Azure datacenter.

  • Complexity and costs increase.

For more information about using Traffic Manager, see Traffic Manager Overview.