You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/reliability/reliability-key-vault.md
+10-10Lines changed: 10 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -22,11 +22,11 @@ Key Vault is a cloud service that provides a secure store for secrets, such as k
22
22
23
23
For production deployments of Key Vault, we recommend that you do the following steps:
24
24
25
-
- Use Standard or Premium tier key vaults
25
+
- Use Standard or Premium tier key vaults.
26
26
27
-
- Enable soft delete and purge protection to prevent accidental or malicious deletion
27
+
- Enable soft delete and purge protection to prevent accidental or malicious deletion.
28
28
29
-
- For critical workloads, consider implementing multi-region strategies as described in this guide
29
+
- For critical workloads, consider implementing multi-region strategies that are described in this guide.
30
30
31
31
## Reliability architecture overview
32
32
@@ -39,13 +39,13 @@ To ensure high durability and availability of your keys, secrets, and certificat
39
39
40
40
By default, Key Vault achieves redundancy by replicating your key vault and its contents within the region.
41
41
42
-
If the region has a [paired region](./regions-list.md) and that paired region is in the same geography as the primary region, the contents are also replicated to the paired region. This approach ensures high durability of your keys and secrets, protecting against hardware failures, network outages, or localized disasters.
42
+
If the region has a [paired region](./regions-list.md) and that paired region is in the same geography as the primary region, the contents are also replicated to the paired region. This approach ensures high durability of your keys and secrets, which protects against hardware failures, network outages, or localized disasters.
To handle any transient failures that might occur, your client applications should implement retry logic when interacting with Key Vault. Consider the following best practices:
48
+
To handle any transient failures that might occur, your client applications should implement retry logic when they interact with Key Vault. Consider the following best practices:
49
49
50
50
- Use the [Azure SDKs](https://azure.microsoft.com/downloads/), which typically include built-in retry mechanisms.
51
51
@@ -87,11 +87,11 @@ All Key Vault SKUs, Standard and Premium, support the same level of availability
87
87
88
88
### Cost
89
89
90
-
There are no extra costs associated with Key Vault's zone redundancy. The pricing is based on the SKU, either Standard or Premium, and the number of operations performed.
90
+
There are no extra costs associated with zone redundancy in Key Vault. The pricing is based on the SKU, either Standard or Premium, and the number of operations performed.
91
91
92
92
### Normal operations
93
93
94
-
The following section describes what to expect when key vaults are in a region with availability zones and all availability zones are operational:
94
+
This section describes what to expect when key vaults are in a region that has availability zones and all availability zones are operational:
95
95
96
96
-**Traffic routing between zones:** Key Vault automatically manages traffic routing between availability zones. During normal operations, requests are distributed across zones transparently.
97
97
@@ -159,19 +159,19 @@ The following section describes what to expect when a key vault is located in a
159
159
160
160
#### Region-down experience
161
161
162
-
The following section describes what to expect when a key vault is located in a region that supports Microsoft-managed replication and failover, and there's an outage in the primary region:
162
+
The following section describes what to expect when a key vault is located in a region that supports Microsoft-managed replication and failover and there's an outage in the primary region:
163
163
164
164
-**Detection and response:** Microsoft can decide to perform a failover if the primary region is lost. This process can take several hours after the loss of the primary region, or longer in some scenarios. Failover of key vaults might not occur at the same time as other Azure services.
165
165
166
166
-**Notification:** You can monitor the status of your key vault through Azure Resource Health and Azure Service Health notifications.
167
167
168
-
-**Active requests:** During a region failover, active requests might fail and client applications to retry them after failover completes.
168
+
-**Active requests:** During a region failover, active requests might fail, and client applications need to retry them after the failover completes.
169
169
170
170
-**Expected data loss:** There might be some data loss if changes aren't replicated to the secondary region before the primary region fails.
171
171
172
172
-**Expected downtime:** During a major outage of the primary region, your key vault might be unavailable for several hours or until Microsoft initiates failover to the secondary region.
173
173
174
-
-**Traffic rerouting:** After a region failover is completed, requests are automatically routed to the paired region without requiring any customer intervention.
174
+
-**Traffic rerouting:** After a region failover completes, requests are automatically routed to the paired region without requiring any customer intervention.
175
175
176
176
For more information about the failover process and behavior, see [Failover across regions](/azure/key-vault/general/disaster-recovery-guidance#failover-across-regions) in the Key Vault availability and redundancy guide.
0 commit comments