Microsoft sine norske datasentre: Azure, GDPR og SLR'er (4/6)

Microsoft åpner to norske datasentre
Illustrasjon: blog.cybertraining365.com

Marius Sandbu fra EVRY oppsummerer alt du trenger å vite om Microsoft sine nye datasentre i Norge. (Del 4 av 6)

Skrevet av Marius Sandbu, Principal Tech Lead for Cloud i EVRY

If you plan to only provide services from Norway, you should implement some Data Governance mechanisms to ensure that data and other services are not placed within other regions. As within Azure, you can choose in which region a service should be established. The easiest way to implement control on this, is by using Azure Policies and specifying an allowed region policy: https://docs.microsoft.com/en-us/azure/governance/policy/samples/allowed-locations.

But regardless of how you plan to use Azure, you should have a main governance strategy  to ensure a set of baseline policies and processes are in place, and that you have a configured landing zone if you plan to migrate virtual machines out to Microsoft Azure. 
 

Cloud Adoption Framework overview


The best way to start is by using Microsoft Cloud Adoption Framework (https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/), but you need to be aware of that the framework is built for many large organizations and is not always suitable for smaller businesses. 

Also, if you want more information on data control and security compliance from within Azure, you can read more about it here: https://go.microsoft.com/fwlink/p/?linkid=2051120. This whitepaper shows the different security mechanisms that are in place for both the psysical aspect of the datacenter and the security mechanisms within Azure that customers can leverage. 

Now besides this, you also have the ability to set up for instance services or data as locally redudant/zone redudant or geo redudant. Just to gave an example on this: 

Setting up a storage account with LRS means that data will be replicated 3 times within the same datacenter zone (such as East-Zone) so if that datacenter goes down, your data will be unavailable. If you setup Zone redudant storage, it means that data is replicated within multiple zones within the same region. Data can be replicated within (East-Zone1 and East-Zone2) so if the entire region goes down, it means that data is unavailable. Setting up Geo redudant storage means that data will be replicated between region East and West, where there are three copies within each region. 

SLA and availability
As part of each datacenter that Microsoft is setting up, each region is configured with Availability Zones which are indepentant datacenters within the same region. 

Azure Regions

When setting up for instance a service or virtual machines workloads in Azure, you need to understand that the availability of that machine is only within the region where it is places. Virtual Machines in Azure does not have live migration or mobility options to other zones or other regions. That means that if a region or zone goes down, your services will be unavailable. So ensure that your service leverages either Avaiability Zones, where machines that provide a service are deployed into seperate zones. Now, to actually get SLA from Microsoft, you need to follow the guidelines below: 

  • For all Virtual Machines that have two or more instances deployed across two or more Availability Zones in the same Azure region, we guarantee you will have Virtual Machine Connectivity to at least one instance at least 99.99% of the time
  • For all Virtual Machines that have two or more instances deployed in the same Availability Set, we guarantee you will have Virtual Machine Connectivity to at least one instance at least 99.95% of the time
  • For any Single Instance Virtual Machine using premium storage for all Operating System Disks and Data Disks, we guarantee you will have Virtual Machine Connectivity at least 99.9% of the time. 

So, understand the SLA requirements for each services that you deploy. Now, many might be already using Availability Zones in other region. There is one thing to note: Norwegian datacenters do not provide Availability Zones as of now. This means that the highest SLA you can get on virtual infrastructure is 99.95% with using Availability Sets. 

Another important aspect is that Microsoft uses a term called geo-paired regions. This means that if you have services which support GR (Geo Redudant), Microsoft provides replication of services between to geo-paired regions. With the Norwegian datacenters, it means that data will be replicated between Eastern and Western Norway. If you already have services deployed in regions such as Western Europe, it is paired with Northern Europe. GRS-based solutions will therefore not be able to directly replicate data between for instance Western Europe and Western Norway. 

---

Les del 1 (Bakgrunn) her
Les del 2 (Tjenestene og monitorering) her
Les del 3 (Azure og nettverk) her
Les del 5 (Flytting av data) her
Les del 6 (Azure - kostnader, arkitektur og design) her
Les hele det originale innlegget på Marius sin blogg her

---

Marius Sandbu er Principal Tech Lead for Cloud i EVRY. Han har tidligere jobbet i Commaxx, som teknisk ansvarlig for Microsoft. Marius har forfattet flere bøker og er en ettertraktet speaker på en rekke leverandører.

Marius driver en egen blogg, og skriver ukentlige innlegg med tema teknologi og cloud. Vi har vært så heldige å få dele noen av innleggene hans, så i fremtiden vil det komme en rekke tekniske artikler fra Marius i nyhetsarkivet vårt.