Showing posts with label multi geo. Show all posts
Showing posts with label multi geo. Show all posts

Monday 19 October 2020

APIM High Availability and Performance across Regions

Overview:  APIM can be setup in multiple regions and incoming request will be routed to the closest APIM endpoint.  If there is only 1 APIM region, it is best to ensure the API/App Service/Function is hosted in the same region.  With multiple APIM's you can also host a API in the same region.  The routing is either done automatically using Azure Front Door or via policy on the APIM.

Front Door can be substituted with Azure WAF, or Cloudflare or Barracuda's SaaS solution.

More Info

Tuesday 30 June 2020

Multi-Geo for MS Teams

O365 offers multi-geo tenants to meet data residency rules for 13 countries and regions (as of 30 June 2020):
  1. Australia
  2. Asia Pacific 
  3. Canada
  4. European Union
  5. France
  6. India
  7. Japan
  8. Korea
  9. United Kingdom
  10. United States
  11. United Arab Emirates
  12. South Africa
  13. Switzerland.
Teams data resides in SharePoint Online, OneDrive for Business and Exchange Online.  With Multi-Geo enabled, a company can specify where data will reside.  There are 2 parts to multi-geo:
  • User specific data.  This data is stored in various satellite Geo for each user e.g. email, OneDrive
  • Company/Project/division specific data e.g. file shares, Document libraries
For more info on Multi-Geo on O365

Microsoft "Multi-Geo is currently available to Enterprise Agreement customers with a minimum of 250 Microsoft 365 Services subscriptions."

The UK South Azure Region has 3 data centres/zones, and it's geo-paired paired with UK West there is over 150 mile between the regions. 

MS Teams Background Info:
https://www.pbeck.co.uk/2019/12/microsoft-teams-governance.html
https://www.pbeck.co.uk/2020/05/microsoft-teams-overview.html

Note: Microsoft since 2022 I think have Microsoft Priva to help manage country privacy & compliance laws 

Wednesday 27 February 2019

SPO & O365 groups coming March 201

Multi-geo Phase 2 (SPO) : SPO & O365 groups coming March 2019 into GA by 30 March 2019 confirmed.  DLP per satellite geo.  Hub sites can span multi geos.  Search works across geo I.e. all user access across geos is returned.


Today notes:
  • SC can’t be moved between geo locations.  
  • Satellite only in 14 core data regions I.e can’t use China but could use Hong Komg or Singapore.
  • Aimed at 2500 user tenants or bigger, with min 5% users moved.

Monday 3 December 2018

SharePoint Online Geo-Replication SPO/O365

Geo-replication/Multi-tenancy

Mid 2018 I outlined the state of Multi-geo on O365, the easier parts of Geo-Replication are already well handled and the changes are discussed in the the link.  This post focuses on SSO options today and the likely road-map.

O365 is moving towards multi-tenancy that will allow multinational companies to store data in compliance with country rules.  For instance EU data may not be allowed to be stored outside the EU but you already have your O365 tenancy based in the US.

Historically, most larger companies have chosen either the US or EU to base their data storage in.  If you wanted data to be stored in another region you had to buy another tenant with Microsoft strongly discouraged.

Microsoft, are working towards supporting O365 in multi geo-locations.  Basically, their are 2 parts: 1) User specific data (email, OneDrive) where we know where a user is based and their data is encrypted and stored in that country. and 2) group/team/country specific data (SharePoint) where the data itself may have residency rules.

This post looks at SharePoint data that is required to be stored in a specific country.

Options today:
1. On-Prem. : Have a SharePoint farm in each geo location, this requires a fair amount of thought to deal with SSO, Search, MMS, Content Types and UPA.
2. O365: Have multiple tenants (non are connected) in each location and connect your authentication up to each tenant.  The problem with option 2 is that each O365 tenant requires a separate Azure Active Directory.  This means that you will need to hook each O365 tenant up to a single MMS, Search service and poly-fill in the SSO process.  Imaging if you have 8 regional tenants for regulatory purposes.  To achieve SSO, you will need to create a central AAD, then connected each regional AAD to the central AAD.  Azure directory sync is needed, inviting members and guests, other companies AAD becomes and issue.  The image below outlines a possible pattern to solve this complex problem.


Coming Q1 2019 : Multi Geo tenant, that shall be the answer.  A lot of the multi-tenant is still in  preview so I shall be interesting to see mutil-geo tenancy when it goes into General Availability (GA) next year (+-Feb/March 2019).

MSIgnite tour London updates 27-Feb-19:
Brent Alinger

Sovereign geos:
US Gov
China (21Vianet)
Germany

Coming new geos: South Africa, UAE, Norway o365 data regions coming soon.  See office.com/datamaps

UK: Cardiff, London, Durham are 3 data centres in the UK.
Note: some services such as AAD, planner, yammer, Sway are not uk based either Europe or US based.

US has 8 data centres

Can get default region moved, it’s difficult.

Phase 1:  oneDrive and exchange April 2018 delivered
Phase 2: o365groups and SharePoint private preview Oct 2018.  Good feedback so far.  Keen ferry, Cott dimension data.

Multi-geo is not for solving:
GDPR
PERFORMANCE enhancer - rather align with MS Global Network.  
pining data to a specific country

Cost:  $2 per month extra per user in satellite locations, go thru account manager to set it up.  Once approved shows in admin centre and provisioned, take less than 30 days but can be 2 days.

Need a domain name per geo location for OneDrive and SPO e.g. https://emeia-radimaging.sharepoint.com

Preferred Data Location (PDL) - used to specify in AAD to show where a user is stored.  Not for travelling user but long term office assignment.  Users of exchange online are seemlessly moved.  ODfB requires a PS cod to move the user data.  

Phase 2: SPO March into GA by 30 March 2019 confirmed.  DLP per satellite geo.  Hub sites can span multi geos.  

Aka.ms/multi-geo

Update: 2020-06-30.  Multi-geo is available in
Australia, 
Asia Pacific, 
Canada, 
European Union, 
France, 
India, 
Japan, 
Korea, 
United Kingdom, 
United States, 
United Arab Emirates, 
South Africa, and 
Switzerland.





Wednesday 6 June 2018

Geo-replication in SharePoint and SPO to the rescue

Geo-Replication on SharePoint (Not covering email or OneDrive)

Problem: Over the past 7 years, I have worked on a few clients that require some form of Geo-Replication of share SharePoint farms.  Geo-replication is normally needed for compliance.  This post assumes you need to geo-replicate and not why you need to geo-replicate

Tip: Geo-replication can be used for performance but the complexity that it brings I feel is an added bonus and should not be undertaken for performance gains, there are easier better pragmatic answers to performance such as Riverbed devices, caching and CDN's to name a few.

Initial Hypothesis:  Large organisations existing in multiple geographic regions and need to abide by country regulations and often other industry standards bring the need to geo-replication capability.  I recently completed several high profile projects for a big four consultancy that needed to ensure SharePoint data does not leave its jurisdiction depending on its metadata.  Building on-prem SharePoint farms were extremely complex and the 3 big services that needed to be centralized or copied are Search, MMS and the Content Type Hub.  There are more like AAD but for my situation, I needed to be able to have multiple SharePoint farms in specific regions that connected to centralised services.

Thoughts: MS has OneDrive and the email piece working in local geographies.
SharePoint is coming with multi-tenancy and users will get unified search results across geographic regions.
  1. Search each tenant holds their own index, not a central index for search - "good news for data location compliance".  Somehow MS are intermingling all the search results using federation - so they appear as an ordered result set from multiple different Geo indexes.  
  2. Profile Services (use to be UPS) gets core fields from central AAD and local fields are stored at a tenancy level (good news).  
  3. Taxonomy (MMS) is replicated downwards from the central MMS.
  4. Each tenant has it's own content type hub (I never liked this), the CTH uses a star topology to push the CTHub from the central tenant to the regional tenants so the copies including GUIDs are identical.
SPO to the Geo-Rescue (coming soon, in pre-beta/private preview as of 6 June 2018):
  • SPO is implementing multiple tenants across O365 like O365 previously did for OneDrive, you can specify where sites get created i.e. region/country.  Each region as it's data centres specified and the URL of the Sites clearly indicates where the site is hosted.
  • The search index is kept in-country and federated up to the central tenant for a seamless search experience across multiple region tenants.
  • Central taxonomy is automatically replicated to the regional tenant.  MMS us a star topology to distribute and keeps GUIDs in sync.
  • UPA holds only key data centrally and each region holds additional properties (good for GDPR and other DPA regulations).
  • AAD shall be controlled centrally and I believe AAD's have regional copies.  * Each O365 has it's own AAD today, this will be the big change to facilitate SSO.
RoadMap:
OneDrive is multi-geo now. Offered to large enterprises only, must have certain number of users.
Circa Q1 2019 SharePoint will offer multi-geo.

http://blog.sharepointsite.co.uk/2013/08/stretched-farms-geo-replication-and.html