Azure failover and outages
Hello Experts,
Can someone please explain how failover works in Azure Environment?
My customer is looking to implement Azure Site Recovery services and they currently run a virtual Fortinet firewall in Azure and want to be able to failover if Azure experiences an outage.
With Azure Site Recovery you create a virtual network in the target region with the same configuration as the source region and configure mapping between the VNets.
You then configure the VMs in the source region to replicate to the target region.
You can then fail over the VMs in the source region to the replica VMs in the target region. The failed over VMs will retain their IP configurations.
This is an expensive option though. You're paying for replicas of the resources in the source region which effectively doubles your costs.
The chance of an Azure region going down is slim. You're talking about a natural disaster here. Each Azure region is split into three availability zones. Each zone has independent power, networking etc. so you effectively have three separate Azure environments in each region. An availability zone could go down but all three going down is unlikely. It depends on your appetite for risk. A cheaper option would be to spread your VMs between between the availability zones within a single region. For example, if you have two web servers for redundancy, place the web servers in separate availability zones.
You then configure the VMs in the source region to replicate to the target region.
You can then fail over the VMs in the source region to the replica VMs in the target region. The failed over VMs will retain their IP configurations.
This is an expensive option though. You're paying for replicas of the resources in the source region which effectively doubles your costs.
The chance of an Azure region going down is slim. You're talking about a natural disaster here. Each Azure region is split into three availability zones. Each zone has independent power, networking etc. so you effectively have three separate Azure environments in each region. An availability zone could go down but all three going down is unlikely. It depends on your appetite for risk. A cheaper option would be to spread your VMs between between the availability zones within a single region. For example, if you have two web servers for redundancy, place the web servers in separate availability zones.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I recently did this with a fortigate HA pair in the primary location. The client was surprised that he had to pay for a separate fortigate in the DR location as well - but you do, based on the way their licensing works. (The ASR piece itself is pretty cookie-cutter. The MSFT documentation is pretty decent. But it sure isn't cheap.)
all of the above statement is CORRECT.
Just bring it into summary;
If you want a fully automated ASR include network, then you will need to have a Fortigate HA on primary and secondary. (VERY expensive)
If you want a semi-automated.
then you can used ASR but manually stood up the Fortigate (you still ASR, but you need to run some powershell script to make it running)
ASR in nutshell, you duplicate all your storage cost on the failover side; the lowest it replicated every 5 (or 15minutes) a crash-consistent copy and 1 hour for application-consistent copy.
Just bring it into summary;
If you want a fully automated ASR include network, then you will need to have a Fortigate HA on primary and secondary. (VERY expensive)
If you want a semi-automated.
then you can used ASR but manually stood up the Fortigate (you still ASR, but you need to run some powershell script to make it running)
ASR in nutshell, you duplicate all your storage cost on the failover side; the lowest it replicated every 5 (or 15minutes) a crash-consistent copy and 1 hour for application-consistent copy.
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy#summary-of-redundancy-options