Примечание
Для доступа к этой странице требуется авторизация. Вы можете попробовать войти или изменить каталоги.
Для доступа к этой странице требуется авторизация. Вы можете попробовать изменить каталоги.
This article describes reliability support in Azure DDoS Network Protection, and both regional resiliency with availability zones and cross-region recovery and business continuity. For a more detailed overview of reliability in Azure, see Azure reliability.
Availability zone support
Availability zones are physically separate groups of datacenters within each Azure region. When one zone fails, services can fail over to one of the remaining zones.
For more information on availability zones in Azure, see What are availability zones?
Azure DDoS Protection is zone-redundant by default and is managed by the service itself. You don't need to configure or setup zone redundancy yourself.
Cross-region disaster recovery and business continuity
Аварийное восстановление (DR) относится к процедурам, которые организации используют для восстановления после событий значительного воздействия, таких как стихийные бедствия или ошибочные развертывания, которые приводят к простою и потере данных. Regardless of the cause, the best remedy for a disaster is a well-defined and tested DR plan and an application design that actively supports DR. Прежде чем приступить к созданию плана аварийного восстановления, ознакомьтесь с рекомендациями по разработке стратегии аварийного восстановления.
For DR, Microsoft uses the shared responsibility model. В этой модели корпорация Майкрософт гарантирует, что доступны базовые инфраструктуры и службы платформы. Однако многие службы Azure не делают автоматической репликации данных и не обеспечивают возврат из вышедшего из строя региона для перекрестной репликации в другой доступный регион. For those services, you're responsible for setting up a disaster recovery plan that works for your workload. Большинство служб, работающих на платформе Azure как услуга (PaaS), предоставляют функции и рекомендации для поддержки аварийного восстановления. You can use service-specific features to support fast recovery to help develop your DR plan.
Disaster recovery in multi-region geography
You can choose one of two approaches to managing business continuity for DDoS Protection over your VNets. The first approach is reactive and the second approach is proactive.
- Reactive business continuity plan. Virtual networks are fairly lightweight resources. In the case of a regional outage, you can invoke Azure APIs to create a VNet with the same address space, but in a different region. To recreate the same environment that was present in the affected region, you'll need to make API calls to redeploy primary region VNet resources. If on-premises connectivity is available, such as in a hybrid deployment, you must deploy a new VPN Gateway, and connect to your on-premises network.
Note
A reactive approach to maintaining business continuity always runs the risk that you may not have access to the primary region's resources, due the extent of the disaster. In that case, you'll need to recreate all of the primary region's resources.
- Proactive business continuity plan. You can create two VNets using the same private IP address space and resources in two different regions ahead of time. If you are hosting internet-facing services in the VNet, you could set up Traffic Manager to geo-route traffic to the region that is active. However, you cannot connect two VNets with the same address space to your on-premises network, as it would cause routing issues. At the time of a disaster and loss of a VNet in one region, you can connect the other VNet in the available region, with the matching address space to your on-premises network.
To create a virtual network, see Create a virtual network.
Disaster recovery in single-region geography
For single region geographies in a disaster scenario, the virtual network and the resources in the affected region remains inaccessible during the time of the service disruption.