Merge pull request #273989 from anaharris-ms/rel-bastion

Reliability documentation: Azure Bastion

Author: Jill Grant

articles/bastion/TOC.yml

@@ -19,6 +19,10 @@
     href: tutorial-create-host-portal.md
 - name: Concepts
   items:
+  - name: Reliability
+    items:
+    - name: Availability zones and disaster recovery 
+      href: ../reliability/reliability-bastion.md?toc=/azure/bastion/TOC.json
   - name: Support for working remotely
     href: ../networking/working-remotely-support.md?toc=%2fazure%2fbastion%2ftoc.json
   - name: Leverage Bastion for remote working

articles/bastion/bastion-faq.md

@@ -108,17 +108,11 @@ No, Bastion connectivity to Azure Virtual Desktop isn't supported.
 
 Review any error messages and [raise a support request in the Azure portal](../azure-portal/supportability/how-to-create-azure-support-request.md) as needed. Deployment failures can result from [Azure subscription limits, quotas, and constraints](../azure-resource-manager/management/azure-subscription-service-limits.md). Specifically, customers might encounter a limit on the number of public IP addresses allowed per subscription that causes the Azure Bastion deployment to fail.
 
-### <a name="dr"></a>How do I incorporate Azure Bastion in my Disaster Recovery plan?
-
-Azure Bastion is deployed within virtual networks or peered virtual networks, and is associated to an Azure region. You're responsible for deploying Azure Bastion to a Disaster Recovery (DR) site virtual network. If there's an Azure region failure, perform a failover operation for your VMs to the DR region. Then, use the Azure Bastion host that's deployed in the DR region to connect to the VMs that are now deployed there.
-
 ### <a name="move-virtual-network"></a>Does Bastion support moving a VNet to another resource group?
 
 No. If you move your virtual network to another resource group (even if it's in the same subscription), you'll need to first delete Bastion from virtual network, and then proceed to move the virtual network to the new resource group. Once the virtual network is in the new resource group, you can deploy Bastion to the virtual network.
 
-### <a name="zone-redundant"></a>Does Bastion support zone redundancies?
 
-Currently, by default, new Bastion deployments don't support zone redundancies. Previously deployed bastions might or might not be zone-redundant. The exceptions are Bastion deployments in Korea Central and Southeast Asia, which do support zone redundancies.
 
 ### <a name="azure-ad-guests"></a>Does Bastion support Microsoft Entra guest accounts?
 

articles/reliability/TOC.yml

@@ -183,7 +183,7 @@
     - name: Azure Backup
       href: reliability-backup.md
     - name: Azure Bastion
-      href: ../bastion/bastion-faq.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json#dr
+      href: reliability-bastion.md
     - name: Azure Batch
       href: reliability-batch.md
     - name: Azure Cache for Redis

articles/reliability/media/reliability-bastion/create-bastion-zonal.png

@@ -76,7 +76,7 @@ Using the Application Gateway Ingress Controller add-on with your AKS cluster is
 
 #### Azure Bastion 
 
-*Regional*: Azure Bastion is deployed within VNets or peered VNets and is associated to an Azure region. For more information, se [Bastion FAQ](../bastion/bastion-faq.md#dr).
+*Regional*: Azure Bastion is deployed within VNets or peered VNets and is associated with an Azure region. For more information, se [Reliability in Azure Bastion](reliability-bastion.md).
 
 #### Azure Container Registry (ACR) 
 
@@ -160,4 +160,4 @@ For your application tier, please review the business continuity and disaster re
 
 Learn more about:
 > [!div class="nextstepaction"]
-> [Azure Services that support Availability Zones](availability-zones-service-support.md#azure-services-with-availability-zone-support))
+> [Azure Services that support Availability Zones](availability-zones-service-support.md#azure-services-with-availability-zone-support)

articles/reliability/migrate-workload-aks-mysql.md

@@ -55,7 +55,7 @@ For a more detailed overview of reliability principles in Azure, see [Reliabilit
 |Azure App Service|[Azure App Service](./reliability-app-service.md)| [Azure App Service](reliability-app-service.md#cross-region-disaster-recovery-and-business-continuity)|
 |Azure Application Gateway (V2)|[Autoscaling and High Availability)](../application-gateway/application-gateway-autoscaling-zone-redundant.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json)||         
 |Azure Backup|[Reliability in Azure Backup](reliability-backup.md)| [Reliability in Azure Backup](reliability-backup.md) |
-|Azure Bastion||[How do I incorporate Azure Bastion in my Disaster Recovery plan?](../bastion/bastion-faq.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json#dr) |
+|Azure Bastion|[Reliability in Azure Bastion](reliability-bastion.md) |[Reliability in Azure Bastion](reliability-bastion.md) |
 |Azure Batch|[Reliability in Azure Batch](reliability-batch.md)| [Reliability in Azure Batch](reliability-batch.md#cross-region-disaster-recovery-and-business-continuity) |
 |Azure Cache for Redis|[Enable zone redundancy for Azure Cache for Redis](../azure-cache-for-redis/cache-how-to-zone-redundancy.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json)|[Configure passive geo-replication for Premium Azure Cache for Redis instances](../azure-cache-for-redis/cache-how-to-geo-replication.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json) |
 |Azure Communications Gateway|[Reliability in Azure Communications Gateway](../communications-gateway/reliability-communications-gateway.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json)|[Reliability in Azure Communications Gateway](../communications-gateway/reliability-communications-gateway.md?toc=/azure/reliability/toc.json&bc=/azure/reliability/breadcrumb/toc.json)|

articles/reliability/overview-reliability-guidance.md

@@ -0,0 +1,91 @@
+---
+title: Reliability in Azure Bastion
+description: Find out about reliability in Azure Bastion  
+author: anaharris-ms 
+ms.author: anaharris
+ms.topic: reliability-article
+ms.custom: subject-reliability
+ms.service: bastion
+ms.date: 06/24/2024
+---
+
+
+# Reliability in Azure Bastion
+
+This article describes reliability support in Azure Bastion and covers both intra-regional resiliency with [availability zones](#availability-zone-support) and information on [cross-region recovery and business continuity](#cross-region-disaster-recovery-and-business-continuity). 
+
+For a more detailed overview of reliability in Azure, see [Azure reliability](/azure/architecture/framework/resiliency/overview).
+
+## Availability zone support
+
+[!INCLUDE [Availability zone description](includes/reliability-availability-zone-description-include.md)]
+
+
+Bastion support for availability zones with a [zone-redundant](./availability-zones-overview.md#zonal-and-zone-redundant-services) configuration is currently in preview. 
+
+Previously deployed Bastion resources may be zone-redundant and are limited to the following regions:
+- Korea Central 
+- Southeast Asia
+
+### Prerequisites
+
+For a zone-redundant deployment, your Bastion resource must be in one of the following regions:
+
+- East US
+- Australia East
+- East US 2
+- Central US
+- Qatar Central
+- South Africa North
+- West Europe
+- West US 2
+- North Europe
+- Sweden Central
+- UK South
+- Canada Central
+
+### SLA improvements
+
+There's no change to pricing for availability zone support.
+
+### Create a resource with availability zones enabled
+
+To choose a region for a zone-redundant configuration:
+
+1. Go to the [Azure portal](https://portal.azure.com).
+1. [Create your Bastion resource](/azure/bastion/tutorial-create-host-portal).
+
+    - For **Region**, select one of the regions listed in the [Prerequisites section](#prerequisites).
+    - For **Availability zone**, select the zones.
+
+    :::image type="content" source="./media/reliability-bastion/create-bastion-zonal.png" alt-text="Screenshot showing the Availability zone setting while creating a Bastion resource.":::
+
+>[!NOTE]
+>You can't change the availability zone setting after your Bastion resource is deployed. 
+
+
+### Zone down experience
+
+When a zone goes down, the VM and Bastion should still be accessible. See [Reliability in Virtual Machines: Zone down experience](./reliability-virtual-machines.md#zone-down-experience) for more information on the VM zone down experience.
+
+### Migrate to availability zone support
+
+Migration from non-availability zone support to availability zone support isn't possible. Instead, you need to [create a Bastion resource](/azure/bastion/tutorial-create-host-portal) in the new region and delete the old one.
+
+### Cross-region disaster recovery and business continuity
+
+[!INCLUDE [introduction to disaster recovery](includes/reliability-disaster-recovery-description-include.md)]
+
+Azure Bastion is deployed within virtual networks or peered virtual networks, and is associated with an Azure region. You're responsible for deploying Azure Bastion to a Disaster Recovery (DR) site virtual network. 
+
+
+If there's an Azure region failure:
+
+1. Perform a failover operation for your VMs to the DR region. For more information on diaster recovery failover for VMs, see [Reliability in Azure Virtual Machines](./reliability-virtual-machines.md).
+
+2. Use the Azure Bastion host that's deployed in the DR region to connect to the VMs that are now deployed there.
+
+## Related content
+
+> [!div class="nextstepaction"]
+> [Reliability in Azure](/azure/availability-zones/overview)