Merge pull request #265319 from anaharris-ms/rel-ddos

Reliability: DDoS Protection

Author: Jill Grant

.openpublishing.redirection.json

@@ -10956,6 +10956,14 @@
             "redirect_document_id": false
         },
         {
+
+            "source_path_from_root": "/articles/ddos-protection/ddos-disaster-recovery-guidance.md",
+            "redirect_url": "../reliability/reliability-ddos.md",
+            "redirect_document_id": false
+        },
+        {
+
+
             "source_path_from_root": "/articles/azure-functions/functions-monitor-log-analytics.md",
             "redirect_url": "/azure/azure-functions/monitor-functions",
             "redirect_document_id": false

articles/ddos-protection/TOC.yml

@@ -81,8 +81,8 @@
     href: ddos-protection-reference-architectures.md
   - name: Monitoring Azure DDoS Protection 
     href: monitor-ddos-protection-reference.md
-  - name: Business continuity
-    href: ddos-disaster-recovery-guidance.md
+  - name: Reliability
+    href: ../reliability/reliability-ddos.md?toc=/azure/ddos-protection/TOC.json
   - name: Fundamental best practices
     href: fundamental-best-practices.md
   - name: Components of a DDoS response strategy

articles/ddos-protection/ddos-disaster-recovery-guidance.md

@@ -225,11 +225,7 @@
     - name: Azure Data Explorer
       href: /azure/data-explorer/business-continuity-overview?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json
     - name: Azure DDoS Protection
-      items:
-      - name: Availability zones
-        href: ../ddos-protection/ddos-faq.yml?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json
-      - name: Disaster recovery
-        href: ../ddos-protection/ddos-disaster-recovery-guidance.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json#business-continuity
+      href: reliability-ddos.md
     - name: Azure Disk Encryption 
       href: ../virtual-machines/disks-redundancy.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json
     - name: Azure DNS 

articles/reliability/TOC.yml

@@ -0,0 +1,63 @@
+---
+title: Reliability in Azure DDoS Network Protection
+description: Learn about reliability in Azure DDoS Network Protection
+author: AbdullahBell
+ms.author: abell
+ms.topic: reliability-article
+ms.workload: infrastructure-services
+ms.custom: subject-reliability, references_regions
+ms.service: ddos-protection
+ms.date: 03/14/2024 
+---
+
+# Reliability in Azure DDoS Network Protection
+
+
+This article describes reliability support in [Azure DDoS Network Protection](../ddos-protection/ddos-protection-overview.md), and both regional resiliency with availability zones and [cross-region recovery and business continuity](#cross-region-disaster-recovery-and-business-continuity). For a more detailed overview of reliability in Azure, see [Azure reliability](/azure/architecture/framework/resiliency/overview).
+
+
+## Availability zone support
+
+[!INCLUDE [Availability zone description](includes/reliability-availability-zone-description-include.md)]
+
+Azure DDoS Protection is [zone-redundant](./availability-zones-overview.md#zonal-and-zone-redundant-services) by default and is managed by the service itself. You don't need to configure or setup zone redundancy yourself.
+
+### Prerequisites
+
+
+
+### Zone down experience
+
+
+
+### Cross-region disaster recovery and business continuity
+
+[!INCLUDE [introduction to disaster recovery](includes/reliability-disaster-recovery-description-include.md)]
+
+
+
+#### Disaster recovery in multi-region geography
+
+
+You can choose one of two approaches to managing business continuity for DDoS Protection over your VNets. The first approach is reactive and the second approach is proactive. 
+
+
+- **Reactive business continuity plan**. Virtual networks are fairly lightweight resources. In the case of a regional outage, you can invoke Azure APIs to create a VNet with the same address space, but in a different region. To recreate the same environment that was present in the affected region, you'll need to make API calls to redeploy primary region VNet resources. If on-premises connectivity is available, such as in a hybrid deployment, you must deploy a new VPN Gateway, and connect to your on-premises network.
+
+>[!NOTE]
+>A reactive approach to maintaining business continuity always runs the risk that you may not have access to the primary region's resources, due the extent of the disaster. In that case, you'll need to recreate all of the primary region's resources.
+
+
+- **Proactive business continuity plan**. You can create two VNets using the same private IP address space and resources in two different regions ahead of time. If you are hosting internet-facing services in the VNet, you could set up Traffic Manager to geo-route traffic to the region that is active. However, you cannot connect two VNets with the same address space to your on-premises network, as it would cause routing issues. At the time of a disaster and loss of a VNet in one region, you can connect the other VNet in the available region, with the matching address space to your on-premises network.
+
+
+To create a virtual network, see [Create a virtual network](/azure/virtual-network/manage-virtual-network#create-a-virtual-network).
+
+
+### Disaster recovery in single-region geography
+
+For single region geographies in a disaster scenario, the virtual network and the resources in the affected region remains inaccessible during the time of the service disruption.
+
+## Next steps
+
+- [Reliability in Azure](/azure/availability-zones/overview)

articles/reliability/reliability-ddos.md

@@ -68,7 +68,7 @@ For a more detailed overview of reliability principles in Azure, see [Reliabilit
 |Azure Database for MySQL|| [Azure Database for MySQL- Business continuity](/azure/mysql/single-server/concepts-business-continuity?#recover-from-an-azure-regional-data-center-outage) |
 |Azure Database for MySQL - Flexible Server|[Azure Database for MySQL Flexible Server High availability](../mysql/flexible-server/concepts-high-availability.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json)| [Azure Database for MySQL Flexible Server - Restore to latest restore point](/azure/mysql/flexible-server/how-to-restore-server-portal?#geo-restore-to-latest-restore-point) |
 |Azure Database for PostgreSQL - Flexible Server|[Azure Database for PostgreSQL - Flexible Server](./reliability-postgresql-flexible-server.md)|[Azure Database for PostgreSQL - Flexible Server](reliability-postgre-flexible.md#cross-region-disaster-recovery-and-business-continuity) |
-|Azure DDoS Protection|[How do I configure the service to be zone-resilient?](../ddos-protection/ddos-faq.yml?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json)| [Disaster recovery guidance](../ddos-protection/ddos-disaster-recovery-guidance.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json#business-continuity) |
+|Azure DDoS Protection|[Reliability in DDoS Protection](reliability-ddos.md)|[Reliability in DDoS Protection](reliability-ddos.md) |
 |Azure Disk Encryption|[Redundancy options for managed disks](../virtual-machines/disks-redundancy.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json)||
 |Azure DNS|[Reliability in Azure DNS](reliability-dns.md)|[Reliability in Azure DNS](reliability-dns.md)|
 |Microsoft Entra Domain Services|| [Create replica set](../active-directory-domain-services/tutorial-create-replica-set.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json) |