Public cloud providers have some of the most resilient physical infrastructure on earth -- but nobody is perfect....
Whether it's a backhoe that takes out fiber lines or a network bug that crashes a router, even major cloud platforms like Azure are subject to the occasional IT gremlin.
This means that, when uninterrupted uptime and application availability is non-negotiable, enterprises must hedge their bets and operate in more than one cloud-provider facility.
For Azure users, it's always been possible to manually replicate data and machine images to clone applications across multiple regions. This process, however, is cumbersome and time-consuming. Microsoft has addressed this issue through Azure Availability Zones.
These zones are physical locations within an Azure region, comprised of one or more fault-isolated data centers that have redundant and independent power, cooling and networking. If there is a problem at one facility, it won't affect the others. Each region with Availability Zone support has three or more zones to enable redundant replication of services, VMs and data.
So far, Azure Availability Zones, which became generally available in March, are live in five regions:
- Central U.S.
- France Central
- East U.S. 2 (still in preview)
- West Europe (still in preview)
- Southeast Asia (still in preview)
Availability Zone basics
Because the locations of Azure Availability Zones are physically distinct -- but are in relative proximity -- communication between them is fast and efficient. This is important, as users will typically run Azure services in parallel in two or more zones.
There are two flavors of Azure services that enterprises can deploy with Availability Zones:
Zonal services -- These include Linux and Windows VMs, Managed Disks, Public IP addresses and load balancers. Enterprises can assign these resources to a particular zone.
Zone-redundant services -- These include VM scale sets and SQL database services. In this model, data automatically replicates across zones.
Microsoft also now offers a Standard Load Balancer with support for Availability Zones. For a redundant architecture, users can pin VMs to zones during initial setup, and the load balancer distributes traffic across them. If these VMs need to access storage and SQL databases as part of a multi-tier application design, users can configure these services to automatically replicate across zones in a region.
How VM scale sets complement Availability Zones
The combination of Availability Zones, Standard Load Balancer and VM scale sets provides a convenient way to automatically create redundant Azure infrastructure that's immune to single points of failure. Scale sets are an ideal complement to zonal VMs, because they provide a way to control redundant instances spread across several zones. Admins can configure scale sets to automatically increase or decrease the VM pool in response to demand changes or on a set schedule.
It's also possible to configure scale sets to automatically balance VMs across different zones in a region -- known as zone balancing -- and spread VMs across as many fault domains as possible in a given zone. Enterprises can create zone-redundant scale sets with the command-line interface, PowerShell or Azure Resource Manager (ARM) templates.
Standard Load Balancer is a regional service abstraction, meaning there's no direct relationship between the resources it manages and the underlying infrastructure. As a result, it can direct traffic across multiple zones and supports both zonal and zone-redundant services. Because Standard Load Balancer is itself zone-redundant, it can survive an individual location failure -- the data path to the VMs, and, thus, the application itself, survives as long as one zone remains healthy. Once the other zones come back online, Standard Load Balancer automatically redistributes traffic.
Azure Availability Zones mirror AWS Availability Zones, which have been available for a decade. Like Azure's, AWS Availability Zones are distinct physical locations within the same region that are in geographic proximity and connected with high-bandwidth, private fiber links to maximize throughput and minimize latency. Unlike Azure, AWS Availability Zones are available in approximately 20 regions.
As with Azure zone-redundant services, some AWS offerings, such as Elastic Block Storage, Relational Database Service and Aurora, automatically replicate data across Availability Zones. Likewise, AWS Elastic Load Balancing supports multizone load balancing of EC2 instances across multiple zones.
Azure Availability Zones are critical to create resilient applications but are only one piece of a comprehensive design. Users should familiarize themselves with all of the cloud provider's resiliency features and follow its guidelines for application design. These include:
- Decompose monolithic applications into components that you can implement with discrete cloud services;
- Use availability sets, zones and paired regions to maximize uptime and performance;
- Have a resiliency strategy that accommodates service degradation with techniques like retry limiting, circuit breakers, load leveling and resource isolation; and
- Use infrastructure-as-code features, such as ARM templates, PowerShell scripts and Desired State Configuration, to automate the repeatable deployment of resources.