When planning and designing a cloud solution, the location of the service and its data is of great consideration in terms of data sovereignty
In my experiences when discussing cloud design, I may bring up an Azure service for consideration that is beyond the standard VM, storage account, app service but something complements or supplements the solution like azure app insights, power bi premium/embedded, backups, CDN, logging or an azure ad tenant. Now, can we simply assume they will be available in the desired region? No necessarily. To check we can go to an online tool Products available by region
An example looks as follows:
One thing to point out and be aware are services that are located in Non-regional.
Non-regional is defined as “where there is no dependency on a specific Azure region”
Some examples are CDN, Azure AD, Azure MFA, Traffic manager, Power BI Embedded, Bot service, some Cognitive services, Azure Advisor, Activity Logs & Alerts, and Diagnostic Logs.
A deeper explanation of some of these services are at http://azuredatacentermap.azurewebsites.net/
“Data storage for global services
Certain Azure services such as the ones listed below are designed to operate globally, and thus do not permit customers to specify a particular Region for customer data:
- Content Delivery Network (CDN), which provides a global caching service and stores customer data at edge locations around the world.
- Azure Active Directory, which may store Active Directory data globally. This does not apply to Active Directory deployments in the United States (where Active Directory data is stored solely in the United States) and in Europe (where Active Directory data is stored in Europe or the United States).
- Azure Multi-Factor Authentication, which stores authentication data in the United States.
- Services that provide global routing functions and do not themselves process or store customer data. This includes Traffic Manager, which provides load balancing between different regions, and Azure DNS, which provides domain name services that route to different regions.”
And so, using some Azure services that are not available in the desired region may not be a concern as it is by design or no sensitive data is at stored or data simply is transient in a secured manner.
About general guidance in terms of location, compliance needs, service availability, data residency and pricing on choosing Azure products/services by location read Which Azure region is right for me?
About how data is stored, accessed and its security approaches go to the Microsoft Trust Center for Microsoft Azure
About how personal data is collected and used, go to Microsoft Privacy Statement
Here is a quick summary of the resources mentioned:
- Which Azure region is right for me?
- Products available by region
- Microsoft Trust Center > Microsoft Azure
- Microsoft Privacy Statement
Hope these resources are a starting point in understanding and planning an Azure cloud solution with location in mind.
One thought on “Planning Azure Services by Location”
Reblogged this on The Flying Maverick.