Since our RA-GZRS enabled Azure storage can't write to the secondary region when primary is down, thought of having another standby Azure storage to do the writes continuously.
The question is once the main storage account comes back, how sync the updates back to the main from standby? Can we write runbook using AzCopy.exe? Any other better Azure service/solution to accomplish sync process using AzCopy.exe/other as a background service?
Assuming the outage isn't severe enough that Microsoft doesn't failover to the secondary region. You can initiate the failover yourself, and then you would be able to write to the secondary region. This is essentially a DNS change which makes the secondary endpoint become the primary endpoint. Once the primary region becomes available again, you can change the storage account to geo-redundant storage, and then if required, repeat the failover.
See Initiate storage account failover and Storage account failover for more details.
Related
To improve our application's availability, we have opted RA-GZRS for Azure storage. This enables us to read from the secondary when the primary is down, but we can't write to it.
But for our application to keep its essential service up & running, not only read also write to storage in the event of a region going down is MUST.
As there is no built-in solution for the above mentioned scenario, is there any custom solution which enables us to both read from and write to secondary region Azure storage as well in the event of a primary region going down?
Also thought of having alternative storage account with different primary region but later once availability of the primary is restored how to sync back recent delta changes written to the alternative storage account during the primary account failure?
Azure Storage provides you with the capability to do a manual failover from primary to secondary in case the primary region becomes unavailable. You could possibly use this approach to accomplish high availability.
You can read more about the manual failover here: https://learn.microsoft.com/en-us/azure/storage/common/storage-initiate-account-failover?tabs=azure-portal.
Using RA-GRS Azure Storage Account, is it possible to write to a blob path in both regions?
We have two regions running the same data flows active-active (configured via Traffic Manager), however one legacy application used for file transfer to our on premise estate will only be available in the primary region. In case of DR we will manually stand up the application in the secondary region. (This is due to a limitation in the application itself.)
So the storage needs to be written to in both regions, but only in the primary region we will read (and delete on success) the data. Does RA-GRS allow this? Some delay in the files being synced to primary region will not be a problem.
Azure Storage Account RA-GRS does not offer two-way synchronization, you would need to implement a solution yourself. azcopy offers some functionality for doing this.
There are two back up configuration options for Azure Recovery Service Vault - LRS vs GRS
This is a question regarding Azure Recovery Service Vault.
How does geo-redundant enabled recovery service vault being handled when its residing region failed ?
If the cross region restore is not being enabled for a recovery service, which by default it isn't, what will happen to my recovery service vault ?
I am trying to find out the difference between enabling cross region restore and not to.
There is not much info that i can find through the internet and official documents.
Configure cross region restore for recovery service vault
There is one more helpful link GRS vs LRS. However, as of time writing, seems like cross region restore has not been enabled, and right now, it is on enabled in west central us. However, we can enable GRS for all(most) regions.
The Recovery Services vault is an entity that stores the backups and recovery points created over time. Azure Backup automatically handles storage for the vault. The LRS and GRS mean to the Storage Replication type. Read the storage replication strategy.
Locally redundant storage (LRS) replicates your data three times
within a single data center.
GRS replicates your data to another data
center in a secondary region, but that data is available to be read
only if Microsoft initiates a failover from the primary to secondary
region.
Storage Replication type by default is set to Geo-redundant. The CRR feature is based on A vault created with GRS redundancy. So you can enable GRS for all(most) regions but CRR is currently available in the WCUS region. Read here.
As the GRS storage replication, If the primary region that geo-redundant enabled recovery service vault residing on failed, Microsoft initiates a failover from the primary to a secondary region. The secondary region serves as a redundant source for your data.
With CRR enabled service, The restore operation on the secondary region can be performed by Backup Admins and App admins. Which gives you full control to restore data to a secondary region. The secondary region is an Azure paired region.
Without CRR enabled service, you probably could not restore all the Azure VMs for the selected recovery point if the backup is done in the secondary region. You can create a new VM from a restore point, restores a VM disk, replace a disk on the existing VM. See the restore options.
Hope this could help you.
THis is another answer from Cross Region Restore - check comments for reference purpose.
The storage redundancy configuration for the Recovery Services Vault (RSV), is specific to Azure Backup data, not Azure Site Recovery (ASR).
This means, in the event of an Azure region failure, if the RSV is configured with Geo-Redundant Storage (GRS), then (with the help of the Azure support team), the RSV can be made available in the paired Azure region, and the data would be accessible.
The cross-region restore (CRR) option, is something that’s specific to Azure Backup, not ASR. You can have an RSV configured with GRS storage, but not have CRR enabled. The CRR feature allows you to take a backup of a VM in Region1, and perform a VM restore in Region2. The storage redundancy is for geo-failover of the RSV itself in the event of a full Azure region failure.
Why do we need Azure backup for our VMs (disks) on azure, when azure storage account provides different replication options like LRS, ZRS, GRS, RA-GRS.
All the data is already replicate in different region (in case of GRS), what advantes I will get out of Azure Backup.
All the data is already replicate in different region (in case of
GRS), what advantes I will get out of Azure Backup.
Replication is not backup!
It is true that when you opt for GRS replication, 6 copies of your data is maintained (3 in primary and 3 in secondary) but when you delete the data from primary, data from secondary is automatically deleted.
UPDATE
You mean, if any data is deleted/corrupted due to some error/bug, can
be reproduced from backup and it is not possible in case of storage
replication.
You're absolutely correct!
But Microsoft sells "Azure backup and Site recovery" as a BCDR
strategy. In context of any disaster, why not just rely on Storage
replication. Any advantages of Azure backup/site recovery?
I have not used Azure backup so let me answer it from Storage Replication point of view. To put things simply, "In context of Azure, a disaster is not a disaster unless Microsoft thinks it is a disaster". Till the time that happens, you don't get access to secondary assuming you have opted for GRS replication (with RA-GRS, you obviously have an option to read the data from secondary at all times).
Furthermore if you choose LRS or Premium LRS replication and there's indeed a disaster in one data center, all of your data will be lost. With Azure Backup, you at least have a copy of your data lying somewhere safe and you could recreate your environment based on that backup.
I know this question is old but MS provide a solution for Disaster recovery by Storage account
We may have 2 solution for dealing with Disaster
https://learn.microsoft.com/en-us/azure/storage/common/storage-disaster-recovery-guidance?toc=/azure/storage/blobs/toc.json
it said :
If the primary endpoint becomes unavailable for any reason, the client is no longer able to write to the storage account. The following image shows the scenario where the primary has become unavailable, but no recovery has happened yet:
enter image description here
The customer initiates the account failover to the secondary endpoint. The failover process updates the DNS entry provided by Azure Storage so that the secondary endpoint becomes the new primary endpoint for your storage account, as shown in the following image:
enter image description here
I know Azure will geo-replication a copy of current storage account to another location,
my questions is: can I access another location in program, even just read only
I asked this, because this allow me to build another deploy in different geo-location for performance and disaster-proof like what Azure did. For current setup, if I use same source of storage in different geo-location, I have to pay extra bandwidth cost.
You can only access your storage account by its primary name. In the event of failover, that name will be mapped to the alternate datacenter. You cannot access the failover storage directly, nor can you choose when to trigger a failover. For a multi-site setup as you described, you'd need to duplicate your data (which would then add the cost of storage in datacenter #2). This does give you ultimate flexibility in your DR and performance planning, but at an added cost of storage and bandwidth (egress-only).
Last week the storage team announced read-only access to the failover storage: Windows Azure Storage Redundancy Options and Read Access Geo Redundant Storage.
This means you can now deploy your application in a different datacenter which can be used for "full" failover (meaning that the storage will also be available there). Even if it's only read-only, your application will still be online - but simply in "degraded" mode.
The steps on how you can implement this with traffic manager are described here: http://fabriccontroller.net/blog/posts/adding-failover-to-your-application-with-read-access-geo-redundant-storage-and-the-windows-azure-traffic-manager/