Microsoft has several data centers in different geographies. Sometimes these geographies are separated by different states (as in the US) and sometimes they are divided by the continental divisions (as in the Europe where each country is considered to be a separate geographical region)
Each region is connected to another region far away (atleast 300 miles), making them a region pair. These region pairs share the same data. So if Microsoft needs to update one of the regions, they can do so, without worrying about the data loss. This also prevents against natural disasters.
And then there are 3 Sovereign Regions :
- Azure Government Region : All the data is stored in the US and accessible only in the US. Governments, municipalities and all can use this as long as they can prove their affiliation with the Government of the United States. They have separate network components and data centers.
- Azure Germany : This azure region was created to be compliant with the EU regulations, including GDPR. It's available for customers who are doing business in the EU. It is operated by t-systems international. They operate as a data trustee, they have full control over the all the data and infrastructure. Microsoft only controls the infrastructure that has no access to the customer data.
- Azure China : Operated by Shanghai blue cloud technology, fully compliant with CCP
Sometimes regions are enabled with a feature called availability zones.
- There can be one or more availability zones within each region, and each availability zones have 3 or more data centers.
- They are unique physical zones within a region and they were created to protect the data from data center failures.
- Since they are all present in the same region, they are not perfect against natural disasters.
- You need to make sure your Azure services are deployed in multiple availability zones and you do this depending on whether the service is a zonal service (Azure Virtual Machine. in which case you'll have to choose to deploy it to multiple availability zones) or a zone redundant service ( such as Azure Storage, then the data would be automatically copied to multiple availability zones for security)
- Physical building in a Azure region
- Each Region has atleast 2 data centers
- Contain physical hardware (like network switches, server racks etc)
- Are climate controlled
- Have dedicated network infrastructure
- Have power generators
- And all the data that flows in and out flows over Microsoft owned or leased cables
- All this isolations and exclusivity is for fault tolerance, reliability and predictability.
- An Azure Resource is any entity that you create within Azure. (could be web App, VM, database, storage..)
- Each Azure Resource is created WITHIN a Resource Group.
- Resource Groups are a logical container for resources, and help with resource management.Also good for controlling cost.Also allows you to delete a?huge number of Azure resources after you're done using them. (just delete the entire resource group)Also improved billing experience using tags (so you know exactly what you were charged for)Also makes in easier to redeploy in another region or at a later time
Each Azure resource is created in a resource group, and each resource group is created in an Azure Subscription. Management groups are there to handle multiple subscriptions. So if your organization has an ML dept, and a security dept, and so on, and you have different subscription of different Resource Groups, then Management Groups help with that. The only thing you can store in a Management Group is a (one or more) resource groups