Availability and Recovery

Question 1

VIrtual Machine High Availability

Answer 1

Availability Sets (For Azure Infrastructure faults)

A logical grouping of virtual machines (VMs) within an Azure data center. It helps ensure that during maintenance or hardware failures, not all VMs in the set are affected simultaneously.

1. Availability Sets: Logical container that redundant VMs can be created within (not moved to). (VMs that serve the same purpose and not the same infrastructure)
2. Fault Domain: A group of physical devices that represent a single point of failure. (We don’t want our machines to all be hosted on the same single point of failure)
-Maximum of 3
3. Update Domain: Requires an OS disk, but can also support additional data disks.
-Ensures that if Microsoft are running any platform updates, that is not going to result on our entire solution going offline as well
-Maximum of 20

• Settings cannot be changed or VMs added
• When FD is set to 1, UD will be 1 also
• Managed Disks should be used (cannot mix)
• Regional VMSS (Implicit Availability Set): FD: 5 - UD: 5

Zone Deployments (For Availability Zone failure)

Proximity Placement Groups

Used to influence the placement of Azure resources such as virtual machines and storage to be close to each other within an Azure data center. (Require low latency connectivity)

1. Placement Group: Indicates that datacenter colocation requirements within a region
2. Virtual Machines: You can add/remove a mix of VMs, VM Scale Sets, and Availability Sets
3. Intent: Specify the VM hardware type (and AZ) you intend to use

Question 2

Azure SQL High Availability

Answer 2

Remote Storage Model
* Applies to Basic, Standard, and General Purpose service tiers.
* Compute and data layers are separated, with one primary for read/write.
* May be some disruption during system failover for heavy workloads.
* General Purpose supports Zone-Redundancy (storage/compute).

Local Storage Model
* Applies to Premium and Business Critical service tiers.
* Compute and data are duplicated with one primary for read/write.
* Up to three consistent secondary replicas (can use one replica for read scale-out).
* Premium and Business Critical support Zone-Redundant secondary replicas.

Hyperscale Model
* Applies to the Hyperscale tier only (not available with DTU).
* Distributed, highly-available system of four layers (compute, storage, log, data).
* Supports high availability / geo / named replicas for read-only access.
* Zone-redundant high availability can be enabled (applied across all layers).

Question 3

Azure SQL Failover

Answer 3

Azure SQL Failover ensures high availability and disaster recovery (HADR) by automatically shifting workloads to a secondary database replica in case of failures. It minimizes downtime, maintains data integrity, and provides business continuity for mission-critical applications.

Key Features
* Automatic Failover – Azure SQL automatically switches to a secondary replica during outages.
* Geo-Replication – Supports active geo-replication to keep databases synchronized across multiple regions.
* Zone Redundancy – Ensures availability within a single region by replicating across availability zones.
* Failover Groups – Enables automatic failover for multiple databases with minimal disruption.
* Manual Failover Support – Administrators can trigger a failover manually for testing or planned maintenance.

Active Geo-Replication
Active Geo-Replication in Azure SQL Database provides asynchronous replication to a read-only secondary database in another region. This allows manual failover for disaster recovery scenarios while ensuring business continuity in case of regional failures. (Database level)

• Azure SQL Database: Supports asynchronous replication to a secondary Azure SQL database.
• Database Replication: The database is replicated to a read-only copy on another Azure SQL server in a different region.
• Failover Mechanism
  -Manual Failover: Administrators can trigger failover when needed.
  -Forced Failover (Data Loss Possible): Used in emergency scenarios when immediate recovery is needed.
  -Planned Failover (With Sync): Ensures a fully synchronized transition to minimize data loss.

Auto-Failover Groups
Azure Auto-Failover Groups provide automatic failover capabilities for Azure SQL Databases and Managed Instances across different regions. It enables seamless disaster recovery by automatically redirecting applications to a secondary replica in case of failure. (Server level)

• Azure SQL Server: Failover is configured at the server level (applies to both Azure SQL Database and Managed Instance).
• Database(s): Supports failover for one or more databases in the same server. Asynchronous replication ensures up-to-date read-only replicas.
• Failover Listener: Applications connect to a Failover Group Listener, which automatically directs requests to the primary database. Supports both read/write and read-only connections.
• Failover Policy: Applications connect through a listener endpoint rather than a specific SQL instance. Failover is automatically managed, minimizing downtime.

Question 4

Active Geo-Replication VS Auto-Failover Groups

Answer 4

Geo-Replication
* Offers manual failover (not automatic).
* Can have multiple replicas for disaster recovery and read-scale.
* Connection string updates are required after failover.
* Supports same-region replicas, useful for read-scale performance.

Failover Groups
* Provides automatic failover for disaster recovery.
* Ensures seamless failover without connection string updates.
* Can failover multiple databases at the same time.
* Only one secondary replica (no multiple replicas allowed).
* Only supports cross-region failover (no same-region replicas).

When to Use Each?

Use Geo-Replication if:
* You need multiple read-only replicas across different regions.
* You require same-region replication for high availability.
* You can manage failover manually and update connection strings.

Use Failover Groups if:
* You need automatic failover for disaster recovery.
* You want a seamless connection string (no manual updates).
* You need to failover multiple databases simultaneously.

Question 5

Azure Backup

Answer 5

Offers a reliable and scalable data protection solutions for backing up and restoring data across on-premises and cloud environments. Azure Backup helps organizations protect their critical data, applications, and workloads by providing automated backups, offsite storage, and disaster recovery capabilities.

• App Consistent Backups: Engage the O.S to write data before backups (files, apps, etc)
• Short to Long-Term Retention: Store daily, weekly, yearly backups. Retain backups for up to 10 years
• Comprehensive Compatibility: Support Windows, Linux, SQL, SAP, PostgreSQL, Hyper-V, VMware & more

Implementation

1. Vault: Stores the backup data and defines various storage/backup settings
   -Same region as the resource you want to backup
2. Backup Policy: (Per-type) define what to backup, when, and the retention period.
3. Backup Item: Using various agents, Azure Backup supports a variety of data sources

Implementation Overview

• Supports protection for PostgreSQL, Blobs, Disks (Backup Vault, SQL VM, SAP VM, VM, Server, Files Share (Recovery Services Vault).
• What we want to backup, will determine the type of Vault we will use (Backup Vault & Recovery Services Vault)
• Backup Policies are per workload type
• If you want to backup every workload, you would’ve to create a policy for each of the different resources
• You can use one backup policy for the type of resource (e.g. 4 VMs)
• If you want to backup anything using the Backup Vault, then you’re going to need a managed identity that has access to the resource
• If you want to backup servers using a Recovery Services Vault, then you’ll have to use an Agent
• For VMs you don’t have to use deploy an agent, you can use the built.in VM agent that is available by default
• If you want to deploy this on some other servers you could either use the Microsoft Azure Revocery Services Agent, which gives you control over the files and folders that you want to backup. Or if you want to have something more advanced that provided bare metal restore capabilities for perhaps on-premises Hyper-V, then you’d need to install the Microsoft Azure Backup Server
• If you want to backup File Shares, you will have to register that SA with you given Recovery Services Vault, that you want to perform that backup to

You can use the “Backup Center” to manage it easily, to look up all of your vaults, ports, alerts, and jobs, in a single place.

Question 6

Azure Site Recovery

Answer 6

ASR is a cloud-based disaster recovery service that helps organizations protect and recover their workloads and applications in the event of planned or unplanned outages, disasters, or datacenter failures.

• ASR enables seamless replication, failover, and failback of virtual machines (VMs), physical servers, and applications between on-premises datacenters and Azure or between Azure regions.
  -Provides us with really low recovery time objectives, using a recovery plan (thanks to continous replication)
• RPO: Maximum amount of data expressed time that can be lost during a disaster recovery situation before that loss will exceed what the organization can tolerate. Lower RPO = More Frequent Backups = Higher Cost
• RTO: Is the maximum tolarable length of time that a system can be down after a failure or a disaster occurs. Recovery Time begins at the moment of failure and ends when the system is operational and handed back to the business in a fully tested state.

Key Features

• FailoverPlans (Assists RTO)
• Continuous Replication (Assists RPO)
• Reduced DR Costs: Instead of having an entire site, with ASR you are just repliacting to a storage account
• App-Consistent Recovery Points: If you got applications, the replication can be configured to provide app consistent recovery points, so you can have multiple recovery points that you can roll back to, in the event of a disaster or issues.
• Network Managemnt: You can fail over to manage networks that are deployed, ready to go
• Comprehensive Support: You can have support for many different workloads, even if they are on-premises or in another cloud provider

Implementation

1. Recovery Services Vault: Only stores metadata relating to protected items, plans, etc.
   -What are the instances we are protecting? How frequently are we replicating those instances?…
   -Management that contains all of the job information, configuration, and so on.
2. Infrastructure: You’ll need various items to support ASR - VNets, Applicances, Storage Accounts, etc
   -The actual information gets stored here
   -When we replicate those machines, they get replicated accross to a SA.
   -If you have physical servers, or if we have VMware servers, we can go and deploy a “Microsoft Azure Site Recovery Appliance”. This contains all of the software needed to actually configure this sort of replication
   -If you are using Hyper-V, you can install the “Azure Site Recovery Provider”, and you can install that on your Hyper-V host
   -After that, you’ll have to register your site (on-premises or cloud) and configure a Replication Policy
3. Replication Policy: The frequency, consistency, and recovery points for Replicated Items
   -We should be associated to our site, already
   -To start the replication, you are going to do so on a per-server basis
   -You can perform a failover on a per-server basis
4. Recovery Plan: Pre/post manual/automatic tasks for failing over multiple instances
   -You can go here and say “if failure occurs, we want to migrate them all at once” using the information replicated on the SA.
   -You can make a complex plan to decide which/when servers should fail over, if so, in any sort of grouping arrangement, or do we have any pre/post tasks to perform
   -You can perform automated tasks using Azure Automation

Question 7

Azure Storage High Availability