2.1.5 Describe Azure Physical Infrastructure
Description of Azure physical infrastructure.
Last updated
Description of Azure physical infrastructure.
Last updated
This is physical infrastructure held in datacenters. These are facilities with resources arranged in racks, with dedicated power, cooling and network infrastructure. Azure datacenters are held around the world, but the individual datacenters are not directly accessible.
These are grouped into Azure regions or Azure Availability Zones designed to help achieve resiliency and reliability. More can be seen on the Microsoft Datacenters site.
A region is an area on the planet which contains one or multiple datacenters networked together with a low-latency network. Azure assigns and controls the resources in each region to ensure proper workload balancing. When deploying a resource, you will often need to choose the region where you will deploy it.
Some Azure services or VM features are only available in certain regions. Some Azure services like Microsoft Entra, Azure Traffic Manager, and Azure DNS do not need a region to be selected.
These are physically separate datacenters in an Azure region. Each zone is one or more datacenters with independent power, cooling and networking. Each zone is set up to be an isolation boundary, if one goes down, the others will keep working. These are connected with high-speed private fibre optic networks.
A max of three availability zones are present in all enabled regions, however, not all regions support availability zones.
Availability zones can be used to build high-availability into architecture by co-locating your compute, storage, networking and data resources in one availability zone and replicating it to another. This may have a cost associated. Availability zones are primarily for VMs, managed disks, load balancers and SQL databases. Azure services that support these fall into three categories:
Zonal Services: The resource is pinned to a specific zone
Zone-Redundant Services: Platform replicates automatically across zones
Non-Regional Services: Services always available from Azure geographies and resilient to zone-wide/region-wide outages.
To provide further resiliency, Azure provides region pairs.
Most regions are paired with another region at least 300 miles away. This allows for replication of resources which reduces the likelihood of interruptions. If a region pair is affected by a natural disaster, the services would automatically fail over to the other region in its pair. For example, West US is paired with East US.
This has many advantages:
If an outage occurs, one region out of every pair gets priority to ensure at least one is restored.
Planned updates are rolled out to one region in a pair at a time to minimize downtime.
Data continues to reside in the same geography as its pair (except Brazil South) for tax and law enforcement purposes.
These are isolated from main Azure instances, sovereign regions are used for compliance or legal purposes. Sovereign regions are:
US DoD Central, US Gov Virginia, US Gov Iowa and more: These are physical and logical isolated instances of Azure for the US government and partners. These are run by screened US personnel and include additional compliance certs.
China East, China North and more: These are run by 21Vianet in partnership with Microsoft, Microsoft does not directly maintain the datacenters.
