Planning Azure Services by Location

When planning and designing a cloud solution, the location of the service and its data is of great consideration in terms of data sovereignty
.PlanningAzure Services by Location 1

In my experiences when discussing cloud design, I may bring up an Azure service for consideration that is beyond the standard VM, storage account, app service but something complements or supplements the solution like azure app insights, power bi premium/embedded, backups, CDN, logging or an azure ad tenant. Now, can we simply assume they will be available in the desired region? No necessarily. To check we can go to an online tool Products available by region

An example looks as follows:
PlanningAzure Services by Location 2

One thing to point out and be aware are services that are located in Non-regional.
Non-regional is defined as “where there is no dependency on a specific Azure region”

PlanningAzure Services by Location 3

Some examples are CDN, Azure AD, Azure MFA, Traffic manager, Power BI Embedded, Bot service, some Cognitive services, Azure Advisor, Activity Logs & Alerts, and Diagnostic Logs.

A deeper explanation of some of these services are at http://azuredatacentermap.azurewebsites.net/

Data storage for global services

Certain Azure services such as the ones listed below are designed to operate globally, and thus do not permit customers to specify a particular Region for customer data:

  • Content Delivery Network (CDN), which provides a global caching service and stores customer data at edge locations around the world.
  • Azure Active Directory, which may store Active Directory data globally. This does not apply to Active Directory deployments in the United States (where Active Directory data is stored solely in the United States) and in Europe (where Active Directory data is stored in Europe or the United States).
  • Azure Multi-Factor Authentication, which stores authentication data in the United States.
  • Services that provide global routing functions and do not themselves process or store customer data. This includes Traffic Manager, which provides load balancing between different regions, and Azure DNS, which provides domain name services that route to different regions.”

And so, using some Azure services that are not available in the desired region may not be a concern as it is by design or no sensitive data is at stored or data simply is transient in a secured manner.

About general guidance in terms of location, compliance needs, service availability, data residency and pricing on choosing Azure products/services by location read Which Azure region is right for me?

About how data is stored, accessed and its security approaches go to the Microsoft Trust Center for Microsoft Azure

About how personal data is collected and used, go to Microsoft Privacy Statement

Here is a quick summary of the resources mentioned:

Hope these resources are a starting point in understanding and planning an Azure cloud solution with location in mind.

One thought on “Planning Azure Services by Location

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s