You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/key-vault/general/disaster-recovery-guidance.md
+11-7Lines changed: 11 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,18 +9,19 @@ ms.subservice: general
9
9
ms.topic: tutorial
10
10
ms.date: 01/17/2023
11
11
ms.author: mbaldwin
12
+
ms.custom: references_regions
12
13
13
14
---
14
15
# Azure Key Vault availability and redundancy
15
16
16
17
Azure Key Vault features multiple layers of redundancy to make sure that your keys and secrets remain available to your application even if individual components of the service fail.
17
18
18
19
> [!NOTE]
19
-
> This guide applies to vaults. Managed HSM pools use a different high availability and disaster recovery model. See[Managed HSM Disaster Recovery Guide](../managed-hsm/disaster-recovery-guide.md) for more information.
20
+
> This guide applies to vaults. Managed HSM pools use a different high availability and disaster recovery model; for more information, see[Managed HSM Disaster Recovery Guide](../managed-hsm/disaster-recovery-guide.md) for more information.
20
21
21
-
The contents of your key vault are replicated within the region and to a secondary region at least 150 miles away, but within the same geography to maintain high durability of your keys and secrets. For details about specific region pairs, see [Azure paired regions](../../availability-zones/cross-region-replication-azure.md). The exception to the paired regions model is single region geo, for example Brazil South, Qatar Central. Such regions allow only the option to keep data resident within the same region. Both Brazil South and Qatar Central use zone redundant storage (ZRS) to replicate your data three times within the single location/region. For AKV Premium, only 2 of the 3 regions are used to replicate data from the HSM's.
22
+
The contents of your key vault are replicated within the region and to a secondary region at least 150 miles away, but within the same geography to maintain high durability of your keys and secrets. For details about specific region pairs, see [Azure paired regions](../../availability-zones/cross-region-replication-azure.md). The exception to the paired regions model is single region geo, for example Brazil South, Qatar Central. Such regions allow only the option to keep data resident within the same region. Both Brazil South and Qatar Central use zone redundant storage (ZRS) to replicate your data three times within the single location/region. For AKV Premium, only two of the three regions are used to replicate data from the HSMs.
22
23
23
-
If individual components within the key vault service fail, alternate components within the region step in to serve your request to make sure that there is no degradation of functionality. You don't need to take any action to start this process, it happens automatically and will be transparent to you.
24
+
If individual components within the key vault service fail, alternate components within the region step in to serve your request to make sure that there's no degradation of functionality. You don't need to take any action—the process happens automatically and will be transparent to you.
24
25
25
26
## Failover
26
27
@@ -43,9 +44,9 @@ Through this high availability design, Azure Key Vault requires no downtime for
43
44
44
45
There are a few caveats to be aware of:
45
46
46
-
* In the event of a region failover, it may take a few minutes for the service to fail over. Requests that are made during this time before failover may fail.
47
-
* If you are using private link to connect to your key vault, it may take up to 20 minutes for the connection to be re-established in the event of a failover.
48
-
* During failover, your key vault is in read-only mode. Requests that are supported in this mode are:
47
+
* In the event of a region failover, it may take a few minutes for the service to fail over. Requests made during this time before failover may fail.
48
+
* If you're using private link to connect to your key vault, it may take up to 20 minutes for the connection to be re-established in the event of a failover.
49
+
* During failover, your key vault is in read-only mode. Requests supported in this mode:
49
50
50
51
* List certificates
51
52
* Get certificates
@@ -61,9 +62,12 @@ There are a few caveats to be aware of:
61
62
* Sign
62
63
* Backup
63
64
64
-
During failover, you will not be able to make changes to key vault properties. You will not be able to change access policy or firewall configurations and settings.
65
+
During failover, you won't be able to make changes to key vault properties. You won't be able to change access policy or firewall configurations and settings.
65
66
66
67
After a failover is failed back, all request types (including read *and* write requests) are available.
0 commit comments