You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/event-hubs/event-hubs-geo-dr.md
+49-15Lines changed: 49 additions & 15 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
---
2
2
title: Geo-disaster recovery - Azure Event Hubs| Microsoft Docs
3
-
description: How to use geographical regions to failover and perform disaster recovery in Azure Event Hubs
3
+
description: How to use geographical regions to fail over and perform disaster recovery in Azure Event Hubs
4
4
services: event-hubs
5
5
documentationcenter: ''
6
6
author: ShubhaVijayasarathy
@@ -12,22 +12,20 @@ ms.workload: na
12
12
ms.tgt_pltfrm: na
13
13
ms.devlang: na
14
14
ms.topic: article
15
-
ms.custom: seodec18
16
-
ms.date: 12/06/2018
15
+
ms.date: 04/28/2020
17
16
ms.author: shvija
18
17
19
18
---
20
19
21
20
# Azure Event Hubs - Geo-disaster recovery
22
-
23
-
When entire Azure regions or datacenters (if no [availability zones](../availability-zones/az-overview.md) are used) experience downtime, it is critical for data processing to continue to operate in a different region or datacenter. As such, *Geo-disaster recovery* and *Geo-replication* are important features for any enterprise. Azure Event Hubs supports both geo-disaster recovery and geo-replication, at the namespace level.
21
+
When entire Azure regions or datacenters (if no [availability zones](../availability-zones/az-overview.md) are used) experience downtime, it's critical for data processing to continue to operate in a different region or datacenter. As such, *Geo-disaster recovery* and *Geo-replication* are important features for any enterprise. Azure Event Hubs supports both geo-disaster recovery and geo-replication, at the namespace level.
24
22
25
23
> [!NOTE]
26
24
> The Geo-disaster recovery feature is only available for the [standard and dedicated SKUs](https://azure.microsoft.com/pricing/details/event-hubs/).
27
25
28
26
## Outages and disasters
29
27
30
-
It's important to note the distinction between "outages" and "disasters." An *outage* is the temporary unavailability of Azure Event Hubs, and can affect some components of the service, such as a messaging store, or even the entire datacenter. However, after the problem is fixed, Event Hubs becomes available again. Typically, an outage does not cause the loss of messages or other data. An example of such an outage might be a power failure in the datacenter. Some outages are only short connection losses due to transient or network issues.
28
+
It's important to note the distinction between "outages" and "disasters." An **outage** is the temporary unavailability of Azure Event Hubs, and can affect some components of the service, such as a messaging store, or even the entire datacenter. However, after the problem is fixed, Event Hubs becomes available again. Typically, an outage doesn't cause the loss of messages or other data. An example of such an outage might be a power failure in the datacenter. Some outages are only short connection losses because of transient or network issues.
31
29
32
30
A *disaster* is defined as the permanent, or longer-term loss of an Event Hubs cluster, Azure region, or datacenter. The region or datacenter may or may not become available again, or may be down for hours or days. Examples of such disasters are fire, flooding, or earthquake. A disaster that becomes permanent might cause the loss of some messages, events, or other data. However, in most cases there should be no data loss and messages can be recovered once the data center is back up.
33
31
@@ -37,15 +35,15 @@ The Geo-disaster recovery feature of Azure Event Hubs is a disaster recovery sol
37
35
38
36
The disaster recovery feature implements metadata disaster recovery, and relies on primary and secondary disaster recovery namespaces.
39
37
40
-
The Geo-disaster recovery feature is available for the [standard and dedicated SKUs](https://azure.microsoft.com/pricing/details/event-hubs/) only. You do not need to make any connection string changes, as the connection is made via an alias.
38
+
The Geo-disaster recovery feature is available for the [standard and dedicated SKUs](https://azure.microsoft.com/pricing/details/event-hubs/) only. You don't need to make any connection string changes, as the connection is made via an alias.
41
39
42
40
The following terms are used in this article:
43
41
44
42
-*Alias*: The name for a disaster recovery configuration that you set up. The alias provides a single stable Fully Qualified Domain Name (FQDN) connection string. Applications use this alias connection string to connect to a namespace.
45
43
46
-
-*Primary/secondary namespace*: The namespaces that correspond to the alias. The primary namespace is "active" and receives messages (this can be an existing or new namespace). The secondary namespace is "passive" and does not receive messages. The metadata between both is in sync, so both can seamlessly accept messages without any application code or connection string changes. To ensure that only the active namespace receives messages, you must use the alias.
44
+
-*Primary/secondary namespace*: The namespaces that correspond to the alias. The primary namespace is "active" and receives messages (can be an existing or new namespace). The secondary namespace is "passive" and doesn't receive messages. The metadata between both is in sync, so both can seamlessly accept messages without any application code or connection string changes. To ensure that only the active namespace receives messages, you must use the alias.
47
45
48
-
-*Metadata*: Entities such as event hubs and consumer groups; and their properties of the service that are associated with the namespace. Note that only entities and their settings are replicated automatically. Messages and events are not replicated.
46
+
-*Metadata*: Entities such as event hubs and consumer groups; and their properties of the service that are associated with the namespace. Only entities and their settings are replicated automatically. Messages and events aren't replicated.
49
47
50
48
-*Failover*: The process of activating the secondary namespace.
51
49
@@ -70,7 +68,7 @@ The following section is an overview of the failover process, and explains how t
70
68
71
69
### Setup
72
70
73
-
You first create or use an existing primary namespace, and a new secondary namespace, then pair the two. This pairing gives you an alias that you can use to connect. Because you use an alias, you do not have to change connection strings. Only new namespaces can be added to your failover pairing. Finally, you should add some monitoring to detect if a failover is necessary. In most cases, the service is one part of a large ecosystem, thus automatic failovers are rarely possible, as very often failovers must be performed in sync with the remaining subsystem or infrastructure.
71
+
You first create or use an existing primary namespace, and a new secondary namespace, then pair the two. This pairing gives you an alias that you can use to connect. Because you use an alias, you don't have to change connection strings. Only new namespaces can be added to your failover pairing. Finally, you should add some monitoring to detect if a failover is necessary. In most cases, the service is one part of a large ecosystem, thus automatic failovers are rarely possible, as often failovers must be performed in sync with the remaining subsystem or infrastructure.
74
72
75
73
### Example
76
74
@@ -82,9 +80,9 @@ You can automate failover either with monitoring systems, or with custom-built m
82
80
83
81
If you initiate the failover, two steps are required:
84
82
85
-
1. If another outage occurs, you want to be able to failover again. Therefore, set up another passive namespace and update the pairing.
83
+
1. If another outage occurs, you want to be able to fail over again. Therefore, set up another passive namespace and update the pairing.
86
84
87
-
2. Pull messages from the former primary namespace once it is available again. After that, use that namespace for regular messaging outside of your geo-recovery setup, or delete the old primary namespace.
85
+
2. Pull messages from the former primary namespace once it's available again. After that, use that namespace for regular messaging outside of your geo-recovery setup, or delete the old primary namespace.
88
86
89
87
> [!NOTE]
90
88
> Only fail forward semantics are supported. In this scenario, you fail over and then re-pair with a new namespace. Failing back is not supported; for example, in a SQL cluster.
@@ -107,15 +105,15 @@ The [sample on GitHub](https://github.com/Azure/azure-event-hubs/tree/master/sam
107
105
108
106
Note the following considerations to keep in mind with this release:
109
107
110
-
1. By design, Event Hubs geo-disaster recovery does not replicate data, and therefore you cannot reuse the old offset value of your primary event hub on your secondary event hub. We recommend restarting your event receiver with one of the following:
108
+
1. By design, Event Hubs geo-disaster recovery does not replicate data, and therefore you cannot reuse the old offset value of your primary event hub on your secondary event hub. We recommend restarting your event receiver with one of the following methods:
111
109
112
110
-*EventPosition.FromStart()* - If you wish read all data on your secondary event hub.
113
111
-*EventPosition.FromEnd()* - If you wish to read all new data from the time of connection to your secondary event hub.
114
112
-*EventPosition.FromEnqueuedTime(dateTime)* - If you wish to read all data received in your secondary event hub starting from a given date and time.
115
113
116
114
2. In your failover planning, you should also consider the time factor. For example, if you lose connectivity for longer than 15 to 20 minutes, you might decide to initiate the failover.
117
115
118
-
3. The fact that no data is replicated means that currently active sessions are not replicated. Additionally, duplicate detection and scheduled messages may not work. New sessions, scheduled messages, and new duplicates will work.
116
+
3. The fact that no data is replicated means that currently active sessions aren't replicated. Additionally, duplicate detection and scheduled messages may not work. New sessions, scheduled messages, and new duplicates will work.
119
117
120
118
4. Failing over a complex distributed infrastructure should be [rehearsed](/azure/architecture/reliability/disaster-recovery#disaster-recovery-plan) at least once.
121
119
@@ -128,10 +126,46 @@ The Event Hubs Standard SKU supports [Availability Zones](../availability-zones/
128
126
> [!NOTE]
129
127
> The Availability Zones support for Azure Event Hubs Standard is only available in [Azure regions](../availability-zones/az-region.md) where availability zones are present.
130
128
131
-
You can enable Availability Zones on new namespaces only, using the Azure portal. Event Hubs does not support migration of existing namespaces. You cannot disable zone redundancy after enabling it on your namespace.
129
+
You can enable Availability Zones on new namespaces only, using the Azure portal. Event Hubs doesn't support migration of existing namespaces. You can't disable zone redundancy after enabling it on your namespace.
132
130
133
131
![3][]
134
132
133
+
## Private endpoints
134
+
This section provides additional considerations when using Geo-disaster recovery with namespaces that use private endpoints. To learn about using private endpoints with Event Hubs in general, see [Configure private endpoints](private-link-service.md).
135
+
136
+
### New pairings
137
+
If you try to create a pairing between a primary namespace with a private endpoint and a secondary namespace without a private endpoint, the pairing will fail. The pairing will succeed only if both primary and secondary namespaces have private endpoints. We recommend that you use same configurations on the primary and secondary namespaces and on virtual networks in which private endpoints are created.
138
+
139
+
> [!NOTE]
140
+
> When you try to pair the primary namespace with private endpoint and a secondary namespace, the validation process only checks whether a private endpoint exists on the secondary namespace. It doesn't check whether the endpoint works or will work after failover. It's your responsibility to ensure that the secondary namespace with private endpoint will work as expected after failover.
141
+
>
142
+
> To test that the private endpoint configurations are same on primary and secondary namespaces, send a read request (for example: [Get Event Hub](/rest/api/eventhub/get-event-hub)) to the secondary namespace from outside the virtual network, and verify that you receive an error message from the service.
143
+
144
+
### Existing pairings
145
+
If pairing between primary and secondary namespace already exists, private endpoint creation on the primary namespace will fail. To resolve, create a private endpoint on the secondary namespace first and then create one for the primary namespace.
146
+
147
+
> [!NOTE]
148
+
> While we allow read-only access to the secondary namespace, updates to the private endpoint configurations are permitted.
149
+
150
+
### Recommended configuration
151
+
When creating a disaster recovery configuration for your application and Event Hubs namespaces, you must create private endpoints for both primary and secondary Event Hubs namespaces against virtual networks hosting both primary and secondary instances of your application.
152
+
153
+
Let's say you have two virtual networks: VNET-1, VNET-2 and these primary and secondary namespaces: EventHubs-Namespace1-Primary, EventHubs-Namespace2-Secondary. You need to do the following steps:
154
+
155
+
- On EventHubs-Namespace1-Primary, create two private endpoints that use subnets from VNET-1 and VNET-2
156
+
- On EventHubs-Namespace2-Secondary, create two private endpoints that use the same subnets from VNET-1 and VNET-2
157
+
158
+
159
+
160
+
Advantage of this approach is that failover can happen at the application layer independent of Event Hubs namespace. Consider the following scenarios:
161
+
162
+
**Application-only failover:** Here, the application won't exist in VNET-1 but will move to VNET-2. As both private endpoints are configured on both VNET-1 and VNET-2 for both primary and secondary namespaces, the application will just work.
163
+
164
+
**Event Hubs namespace-only failover**: Here again, since both private endpoints are configured on both virtual networks for both primary and secondary namespaces, the application will just work.
165
+
166
+
> [!NOTE]
167
+
> For guidance on geo-disaster recovery of a virtual network, see [Virtual Network - Business Continuity](../virtual-network/virtual-network-disaster-recovery-guidance.md).
168
+
135
169
## Next steps
136
170
137
171
* The [sample on GitHub](https://github.com/Azure/azure-event-hubs/tree/master/samples/DotNet/Microsoft.Azure.EventHubs/GeoDRClient) walks through a simple workflow that creates a geo-pairing and initiates a failover for a disaster recovery scenario.
Copy file name to clipboardExpand all lines: articles/event-hubs/private-link-service.md
+14-29Lines changed: 14 additions & 29 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,7 +10,7 @@ ms.topic: article
10
10
11
11
---
12
12
13
-
# Integrate Azure Event Hubs with Azure Private Link (Preview)
13
+
# Integrate Azure Event Hubs with Azure Private Link
14
14
Azure Private Link Service enables you to access Azure Services (for example, Azure Event Hubs, Azure Storage, and Azure Cosmos DB) and Azure hosted customer/partner services over a **private endpoint** in your virtual network.
15
15
16
16
A private endpoint is a network interface that connects you privately and securely to a service powered by Azure Private Link. The private endpoint uses a private IP address from your VNet, effectively bringing the service into your VNet. All traffic to the service can be routed through the private endpoint, so no gateways, NAT devices, ExpressRoute or VPN connections, or public IP addresses are needed. Traffic between your virtual network and the service traverses over the Microsoft backbone network, eliminating exposure from the public Internet. You can connect to an instance of an Azure resource, giving you the highest level of granularity in access control.
@@ -19,8 +19,6 @@ For more information, see [What is Azure Private Link?](../private-link/private-
19
19
20
20
> [!IMPORTANT]
21
21
> This feature is supported only with the **dedicated** tier. For more information about the dedicated tier, see [Overview of Event Hubs Dedicated](event-hubs-dedicated-overview.md).
22
-
>
23
-
> This feature is currently in **preview**.
24
22
25
23
>[!WARNING]
26
24
> Enabling private endpoints can prevent other Azure services from interacting with Event Hubs.
@@ -60,7 +58,7 @@ If you already have an Event Hubs namespace, you can create a private link conne
60
58
2. In the search bar, type in **event hubs**.
61
59
3. Select the **namespace** from the list to which you want to add a private endpoint.
62
60
4. Select the **Networking** tab under **Settings**.
63
-
5. Select the **Private endpoint connections (preview)** tab at the top of the page. If you aren't using a dedicated tier of Event Hubs, you see a message: **Private endpoint connections on Event Hubs are only supported by namespaces created under a dedicated cluster**.
61
+
5. Select the **Private endpoint connections** tab at the top of the page. If you aren't using a dedicated tier of Event Hubs, you see a message: **Private endpoint connections on Event Hubs are only supported by namespaces created under a dedicated cluster**.
64
62
6. Select the **+ Private Endpoint** button at the top of the page.
@@ -240,46 +238,33 @@ You should validate that the resources within the same subnet of the private end
240
238
241
239
First, create a virtual machine by following the steps in [Create a Windows virtual machine in the Azure portal](../virtual-machines/windows/quick-create-portal.md)
242
240
243
-
In the **Networking** tab:
244
-
245
-
1. Specify **Virtual network** and **subnet**. You can create a new virtual network or select an existing one. If selecting an existing one, make sure the region matches.
246
-
1. Specify a **public IP** resource.
247
-
1. In the **NIC network security group**, select **None**.
248
-
1. In the **Load balancing**, select **No**.
241
+
In the **Networking** tab:
249
242
250
-
Open the command line and run the following command:
1. Specify **Virtual network** and **Subnet**. You must select the Virtual Network on which you deployed the private endpoint.
244
+
2. Specify a **public IP** resource.
245
+
3. For **NIC network security group**, select **None**.
246
+
4. For **Load balancing**, select **No**.
255
247
256
-
If you run the ns lookup command to resolve the IP address of an Event Hubs namespace over a public endpoint, you will see a result that looks like this:
248
+
Connect to the VM, open the command line, and run the following command:
If you run the ns lookup command to resolve the IP address of an Event Hubs namespace over a private endpoint, you will see a result that looks like this:
254
+
You should see a result that looks like the following.
0 commit comments