Merge pull request #265100 from anaharris-ms/rel-traffic-manager

Reliability Documentation: Traffic Manager and Azure DNS

Author: v-dirichards

.openpublishing.redirection.json

@@ -10798,6 +10798,13 @@
             "source_path_from_root": "/articles/azure-health-insights/response-info.md",
             "redirect_url": "/azure/azure-health-insights/overview",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/networking/disaster-recovery-dns-traffic-manager.md",
+            "redirect_url": "/azure/reliability/reliability-traffic-manager",
+            "redirect_document_id": false
         }
+
+        
     ]
 }

articles/networking/TOC.yml

@@ -20,8 +20,12 @@
       href: /azure/architecture/reference-architectures/dmz/nva-ha
     - name: Combine load balancing methods
       href: ../traffic-manager/traffic-manager-load-balancing-azure.md?toc=%2fazure%2fnetworking%2ftoc.json
-    - name: Disaster recovery using Azure DNS and Traffic Manager
-      href: disaster-recovery-dns-traffic-manager.md
+    - name: Reliability
+      items:
+      - name: Reliability in Azure DNS
+        href: ../reliability/reliability-dns.md?toc=%2fazure%2fnetworking%2ftoc.json
+      - name: Reliability in Traffic Manager
+        href: ../reliability/reliability-traffic-manager.md?toc=%2fazure%2fnetworking%2ftoc.json
     - name: Choose a secure network topology
       href: secure-network-topology.md
     - name: Choose a secure application delivery service

articles/networking/disaster-recovery-dns-traffic-manager.md

@@ -152,8 +152,6 @@
       items:
       - name: Availability zones
         href: ../application-gateway/application-gateway-autoscaling-zone-redundant.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json
-      - name: Disaster recovery
-        href: ../networking/disaster-recovery-dns-traffic-manager.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json
     - name: Azure Backup
       href: reliability-backup.md
     - name: Azure Bastion
@@ -204,14 +202,8 @@
         href: ../ddos-protection/ddos-disaster-recovery-guidance.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json#business-continuity
     - name: Azure Disk Encryption 
       href: ../virtual-machines/disks-redundancy.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json
-    - name: Azure DNS - Azure DNS Private Zones
-      href: ../dns/private-dns-getstarted-portal.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json
-    - name: Azure DNS - Azure DNS Private Resolver
-      items:
-      - name: Availability zones
-        href: ../dns/dns-private-resolver-get-started-portal.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json
-      - name: Disaster recovery
-        href: ../dns/dns-faq-private.yml?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json#will-azure-private-dns-zones-work-across-azure-regions- 
+    - name: Azure DNS 
+      href: reliability-dns.md
     - name: Azure Event Grid
       items:
       - name: Availability zones
@@ -270,6 +262,8 @@
       href: ../stream-analytics/geo-redundancy.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json 
     - name: Azure Storage - Blob Storage
       href: ../storage/common/storage-disaster-recovery-guidance.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json
+    - name: Azure Traffic Manager
+      href: reliability-traffic-manager.md
     - name: Azure Virtual WAN
       items:
       - name: Availability zones

articles/reliability/TOC.yml

@@ -10,10 +10,11 @@
 ---
 
 
-Disaster recovery (DR) is about recovering from high-impact events, such as natural disasters or failed deployments that result in downtime and data loss. Regardless of the cause, the best remedy for a disaster is a well-defined and tested DR plan and an application design that actively supports DR.  
+Disaster recovery (DR) is about recovering from high-impact events, such as natural disasters or failed deployments that result in downtime and data loss. Regardless of the cause, the best remedy for a disaster is a well-defined and tested DR plan and an application design that actively supports DR.  Before you begin to think about creating your disaster recovery plan, see [Recommendations for designing a disaster recovery strategy](/azure/well-architected/reliability/disaster-recovery). 
+
 
 When it comes to DR, Microsoft uses the [shared responsibility model](../business-continuity-management-program.md#shared-responsibility-model). In a shared responsibility model, Microsoft ensures that the baseline infrastructure and platform services are available. At the same time, many Azure services don't automatically replicate data or fall back from a failed region to cross-replicate to another enabled region. For those services, you are responsible for setting up a disaster recovery plan that works for your workload.  Most services that run on Azure platform as a service (PaaS) offerings provide features and guidance to support DR and you can use [service-specific features to support fast recovery](../reliability-guidance-overview.md) to help develop your DR plan.
 
-When you plan to deploy your application for DR, it's helpful to understand Azure regions and geographies. For more information, see [Azure cross-region replication](../cross-region-replication-azure.md).
+
 
 

articles/reliability/includes/reliability-disaster-recovery-description-include.md

@@ -0,0 +1,103 @@
+---
+title: Reliability in Azure DNS
+description: Learn about reliability in Azure DNS.
+author: anaharris-ms
+ms.author: anaharris
+ms.topic: overview
+ms.custom: subject-reliability, references-regions
+ms.service: traffic-manager
+ms.date: 02/02/2024
+---
+
+
+# Reliability in Azure DNS
+
+This article contains detailed information on [cross-region disaster recovery and business continuity](#cross-region-disaster-recovery-and-business-continuity) support for Azure DNS. 
+
+
+
+
+## Cross-region disaster recovery and business continuity
+
+[!INCLUDE [introduction to disaster recovery](includes/reliability-disaster-recovery-description-include.md)]
+
+
+The Azure DNS failover solution for disaster recovery uses the standard DNS mechanism to fail over to the backup site. The manual option via Azure DNS works best when used in conjunction with the [cold standby or the pilot light approach](/azure/well-architected/reliability/highly-available-multi-region-design#active-passive).
+
+Since the DNS server is outside the failover or disaster zone, it's insulated against any downtime. You can architect a simple failover scenario as long as the operator has network connectivity during disaster and can make the flip. If the solution is scripted, then you must ensure that the server or service running the script is also insulated against the problem affecting the production environment. Also, a low TTL for the zone prevents resolver caching over long periods of time, allowing the customer to access the site within the RTO. For a cold standby and pilot light, since some prewarming and other administrative activity may be required, you should also give enough time before making the flip.
+
+>[!NOTE]
+>Azure private DNS zone supports DNS resolution between virtual networks across Azure regions, even without explicitly peering the virtual networks.  However, all virtual networks must be linked to the private DNS zone. 
+
+To learn how to create an Azure private DNS zone using the Azure portal, see [Quickstart: Create an Azure private DNS zone using the Azure portal](/azure/dns/private-dns-getstarted-portal). 
+
+To create an Azure DNS Private Resolver using Azure portal, see [Quickstart: Create an Azure DNS Private Resolver using the Azure portal](/azure/dns/dns-private-resolver-get-started-portal).
+
+
+
+## Disaster recovery in multi-region geography
+
+There are two technical aspects towards setting up your disaster recovery architecture:
+
+-  Using a deployment mechanism to replicate instances, data, and configurations between primary and standby environments. This type of disaster recovery can be done natively viaAzure Site Recovery, see [Azure Site Recovery Documentation](../site-recovery/index.yml) via Microsoft Azure partner appliances/services like Veritas or NetApp. 
+
+- Developing a solution to divert network/web traffic from the primary site to the standby site. This type of disaster recovery can be achieved via Azure DNS, [Azure Traffic Manager(DNS)](reliability-traffic-manager.md), or third-party global load balancers. 
+
+This article focuses specifically on Azure DNS disaster recovery planning.
+
+
+#### Set up disaster recovery and outage detection 
+
+The Azure DNS manual failover solution for disaster recovery uses the standard DNS mechanism to fail over to the backup site. The manual option via Azure DNS works best when used in conjunction with the cold standby or the pilot light approach.
+
+![Diagram of manual failover using Azure DNS.](../networking/media/disaster-recovery-dns-traffic-manager/manual-failover-using-dns.png)
+
+*Figure - Manual failover using Azure DNS*
+
+The assumptions made for the solution are:
+- Both primary and secondary endpoints have static IPs that don’t change often. Say for the primary site the IP is 100.168.124.44 and the IP for the secondary site is 100.168.124.43.
+- An Azure DNS zone exists for both the primary and secondary site. Say for the primary site the endpoint is prod.contoso.com and for the backup site is dr.contoso.com. A DNS record for the main application known as www\.contoso.com also exists.   
+- The TTL is at or below the RTO SLA set in the organization. For example, if an enterprise sets the RTO of the application disaster response to be 60 mins, then the TTL should be less than 60 mins, preferably the lower the better. 
+  You can set up Azure DNS for manual failover as follows:
+    - Create a DNS zone
+    - Create DNS zone records
+    - Update CNAME record
+
+1. Create a DNS zone (for example, www\.contoso.com) as shown below:
+
+    ![Screenshot of creating a DNS zone in Azure.](../networking/media/disaster-recovery-dns-traffic-manager/create-dns-zone.png)
+
+    *Figure - Create a DNS zone in Azure*
+
+1.  Within this zone, create three records (for example - www\.contoso.com, prod.contoso.com and dr.consoto.com) as show below.
+
+    ![Screenshot of creating DNS zone records.](../networking/media/disaster-recovery-dns-traffic-manager/create-dns-zone-records.png)
+
+    *Figure - Create DNS zone records in Azure*
+
+    In this scenario, site, www\.contoso.com has a TTL of 30 mins, which is well below the stated RTO, and is pointing to the production site prod.contoso.com. This configuration is during normal business operations. The TTL of prod.contoso.com and dr.contoso.com has been set to 300 seconds or 5 mins. 
+    You can use an Azure monitoring service such as Azure Monitor or Azure App Insights, or, any partner monitoring solutions such as Dynatrace. You can even use home grown solutions that can monitor or detect application or virtual infrastructure level failures.
+
+1. Once failure is detected, change the record value to point to dr.contoso.com as shown below:
+       
+    ![Screenshot of updating CNAME record.](../networking/media/disaster-recovery-dns-traffic-manager/update-cname-record.png)
+    
+    *Figure - Update the CNAME record in Azure*
+    
+    Within 30 minutes, during which most resolvers will refresh the cached zone file, any query to www\.contoso.com will be redirected to dr.contoso.com.
+    You can also run the following Azure CLI command to change the CNAME value:
+     ```azurecli
+       az network dns record-set cname set-record \
+       --resource-group 123 \
+       --zone-name contoso.com \
+       --record-set-name www \
+       --cname dr.contoso.com
+    ```
+    This step can be executed manually or via automation. It can be done manually via the console or by the Azure CLI. The Azure SDK and API can be used to automate the CNAME update so that no manual intervention is required. Automation can be built via Azure functions or within a third-party monitoring application or even from on-premises.
+
+
+## Next steps
+
+- [Reliability in Azure](/azure/reliability/availability-zones-overview)
+- Learn more about [Azure Traffic Manager](../traffic-manager/traffic-manager-overview.md).
+- Learn more about [Azure DNS](../dns/dns-overview.md).

articles/reliability/reliability-dns.md

@@ -53,7 +53,7 @@ For a more detailed overview of reliability principles in Azure, see [Reliabilit
 |Azure API Management|[Ensure API Management availability and reliability](../api-management/high-availability.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json)| [How to implement disaster recovery using service backup and restore](../api-management/api-management-howto-disaster-recovery-backup-restore.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json) |
 |Azure App Configuration|[How does App Configuration ensure high data availability?](../azure-app-configuration/faq.yml?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json#how-does-app-configuration-ensure-high-data-availability)| [Resiliency and disaster recovery](../azure-app-configuration/concept-disaster-recovery.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json&tabs=core2x)|
 |Azure App Service|[Azure App Service](./reliability-app-service.md)| [Azure App Service](reliability-app-service.md#cross-region-disaster-recovery-and-business-continuity)|
-|Azure Application Gateway (V2)|[Autoscaling and High Availability)](../application-gateway/application-gateway-autoscaling-zone-redundant.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json)|[Disaster recovery using Azure DNS and Traffic Manager](../networking/disaster-recovery-dns-traffic-manager.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json)|         
+|Azure Application Gateway (V2)|[Autoscaling and High Availability)](../application-gateway/application-gateway-autoscaling-zone-redundant.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json)||         
 |Azure Backup|[Reliability in Azure Backup](reliability-backup.md)| [Reliability in Azure Backup](reliability-backup.md) |
 |Azure Bastion||[How do I incorporate Azure Bastion in my Disaster Recovery plan?](../bastion/bastion-faq.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json#dr) |
 |Azure Batch|[Reliability in Azure Batch](reliability-batch.md)| [Reliability in Azure Batch](reliability-batch.md#cross-region-disaster-recovery-and-business-continuity) |
@@ -70,8 +70,7 @@ For a more detailed overview of reliability principles in Azure, see [Reliabilit
 |Azure Database for PostgreSQL - Flexible Server|[Azure Database for PostgreSQL - Flexible Server](./reliability-postgresql-flexible-server.md)|[Azure Database for PostgreSQL - Flexible Server](reliability-postgre-flexible.md#cross-region-disaster-recovery-and-business-continuity) |
 |Azure DDoS Protection|[How do I configure the service to be zone-resilient?](../ddos-protection/ddos-faq.yml?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json)| [Disaster recovery guidance](../ddos-protection/ddos-disaster-recovery-guidance.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json#business-continuity) |
 |Azure Disk Encryption|[Redundancy options for managed disks](../virtual-machines/disks-redundancy.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json)||
-|Azure DNS - Azure DNS Private Zones|[Create an Azure private DNS zone using the Azure portal](../dns/private-dns-getstarted-portal.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json)|
-|Azure DNS - Azure DNS Private Resolver|[Create an Azure DNS Private Resolver](../dns/dns-private-resolver-get-started-portal.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json)| [Will Azure Private DNS zones work across Azure regions?](../dns/dns-faq-private.yml#will-azure-private-dns-zones-work-across-azure-regions-)  |
+|Azure DNS|[Reliability in Azure DNS](reliability-dns.md)|[Reliability in Azure DNS](reliability-dns.md)|
 |Microsoft Entra Domain Services|| [Create replica set](../active-directory-domain-services/tutorial-create-replica-set.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json) |
 |Azure Event Grid|[In-region recovery using availability zones and geo-disaster recovery across regions](../event-grid/availability-zones-disaster-recovery.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json)| [In-region recovery using availability zones and geo-disaster recovery across regions](../event-grid/availability-zones-disaster-recovery.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json) |
 |Azure Firewall|[Deploy an Azure Firewall with Availability Zones using Azure PowerShell](../firewall/deploy-availability-zone-powershell.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json)||
@@ -94,6 +93,7 @@ For a more detailed overview of reliability principles in Azure, see [Reliabilit
 |Azure SQL Server Registry|| [What are Extended Security Updates for SQL Server?](/sql/sql-server/end-of-support/sql-server-extended-security-updates?preserve-view=true&view=sql-server-ver15#configure-regional-redundancy) |
 |Azure Storage - Blob Storage|[Choose the right redundancy option](../storage/common/storage-disaster-recovery-guidance.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json#choose-the-right-redundancy-option)|[Azure storage disaster recovery planning and failover](../storage/common/storage-disaster-recovery-guidance.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json)|
 |Azure Stream Analytics|| [Achieve geo-redundancy for Azure Stream Analytics jobs](../stream-analytics/geo-redundancy.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json) |
+|Azure Traffic Manager|[Reliability in Azure Traffic Manager](reliability-traffic-manager.md)|[Reliability in Azure Traffic Manager](reliability-traffic-manager.md)|
 |Azure Virtual WAN|[How are Availability Zones and resiliency handled in Virtual WAN?](../virtual-wan/virtual-wan-faq.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json#how-are-availability-zones-and-resiliency-handled-in-virtual-wan)| [Designing for disaster recovery with ExpressRoute private peering](../expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json) |
 |Azure Web Application Firewall|[Deploy an Azure Firewall with Availability Zones using Azure PowerShell](../firewall/deploy-availability-zone-powershell.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json)|[How do I achieve a disaster recovery scenario across datacenters by using Application Gateway?](../application-gateway/application-gateway-faq.yml?#how-do-i-achieve-a-disaster-recovery-scenario-across-datacenters-by-using-application-gateway) |