docs: add global capacity management and supply constraint guidance to README and architecture docs

Author: srnichols

README.md

@@ -2,6 +2,11 @@
 
 > **Enterprise-ready, zero-trust, and cost-optimized Azure SaaS architecture for regulated industries and high-scale multi-tenancy.**
 
+
+> **Cloud Capacity Management & Supply Constraints**
+>
+> All major cloud providers occasionally face regional or zone capacity limits for compute and storage due to demand surges, supply chain issues, or quota exhaustion. The Stamps Pattern’s modular, zone-aware, and multi-region CELL design gives you more options to mitigate these challenges: if a region or AZ is at capacity, you can deploy new CELLs in available locations with minimal disruption, maintaining business continuity and agility even in constrained environments.
+
 This repository provides a production-grade, CAF/WAF-compliant Azure reference implementation for organizations seeking secure, scalable, and automated SaaS solutions. Designed for both IT leaders and developers, it enables rapid onboarding, compliance, and operational excellence.
 
 ![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)

docs/ARCHITECTURE_GUIDE.md

@@ -49,34 +49,51 @@
 
 ## 🏗️ Architecture Overview
 
-This solution implements a sophisticated **GEO → Region → CELL** hierarchy using Azure's stamps pattern for maximum scalability, isolation, and global distribution.
 
-### 🌍 **Visual: Global Architecture Hierarchy**
+This solution implements a sophisticated **GEO → Region → Availability Zone → CELL** hierarchy using Azure's stamps pattern for maximum scalability, isolation, and global distribution. Availability Zones (AZs) are a critical layer for high availability (HA) and disaster recovery (DR), allowing each CELL to be deployed in 0, 1, 2, or 3 zones depending on business and SLA requirements.
+
+> **Global Capacity Management & Cloud Supply Constraints**
+>
+> All major cloud providers occasionally face regional or zone capacity limits for compute and storage resources, due to demand surges, supply chain disruptions, or quota exhaustion. The Stamps Pattern architecture is designed to address this reality: its modular, zone-aware, and multi-region CELL approach enables organizations to deploy new workloads or scale existing ones in any available region or zone, minimizing business disruption. If a preferred region or AZ is at capacity, new CELLs can be provisioned elsewhere with minimal reconfiguration, ensuring business continuity and operational agility even in constrained environments.
+
+### 🌍 **Visual: Global Architecture Hierarchy with Availability Zones**
 
 ```mermaid
 graph TB
-    subgraph "� Global Layer"
+    subgraph "🌐 Global Layer"
         FD[Azure Front Door<br/>Global Load Balancing]
         TM[Traffic Manager<br/>DNS-based Routing]
         GF[Global Functions<br/>Tenant Management]
     end
     
-    subgraph "🌎 GEO: North America"
+    subgraph "� GEO: North America"
         subgraph "🏢 Region: East US"
-            AG1[App Gateway<br/>Regional Security]
-            C1[CELL-001<br/>Shared: 50 tenants]
-            C2[CELL-002<br/>Dedicated: 1 tenant]
+            subgraph "🗂️ AZ 1"
+                AG1[App Gateway<br/>Zone-Redundant]
+                C1[CELL-001<br/>Shared: 50 tenants]
+                C2[CELL-002<br/>Dedicated: 1 tenant]
+            end
+            subgraph "🗂️ AZ 2"
+                C3[CELL-003<br/>Shared: 30 tenants]
+            end
         end
         subgraph "🏢 Region: West US"
-            AG2[App Gateway<br/>Regional Security]
-            C3[CELL-003<br/>Shared: 75 tenants]
+            subgraph "🗂️ AZ 1"
+                AG2[App Gateway<br/>Zone-Redundant]
+                C4[CELL-004<br/>Shared: 75 tenants]
+            end
+            subgraph "🗂️ AZ 2"
+                C5[CELL-005<br/>Dedicated: 1 tenant]
+            end
         end
     end
     
     subgraph "🌍 GEO: Europe"
         subgraph "🏢 Region: West Europe"
-            AG3[App Gateway<br/>Regional Security]
-            C4[CELL-004<br/>Enterprise GDPR]
+            subgraph "🗂️ AZ 1"
+                AG3[App Gateway<br/>Zone-Redundant]
+                C6[CELL-006<br/>Enterprise GDPR]
+            end
         end
     end
     
@@ -86,8 +103,9 @@ graph TB
     
     AG1 --> C1
     AG1 --> C2
-    AG2 --> C3
-    AG3 --> C4
+    AG2 --> C4
+    AG2 --> C5
+    AG3 --> C6
 ```
 
 ### �🎯 **Key Design Principles (Explained)**
@@ -289,7 +307,12 @@ graph TD
 - **Response**: Traffic Manager routes to backup region
 - **Recovery**: Geo-disaster recovery procedures
 
-This solution implements a sophisticated **GEO → Region → CELL** hierarchy using Azure's stamps pattern for maximum scalability, isolation, and global distribution.
+
+**Why Availability Zones Matter:**
+- **High Availability (HA):** Deploying CELLs across multiple AZs protects against datacenter failures.
+- **Disaster Recovery (DR):** AZs enable rapid failover and business continuity.
+- **Flexible Cost/SLA:** You can choose the number of AZs per CELL to balance cost and durability for each tenant or workload.
+
 
 ### 🌍 **Hierarchical Structure with Availability Zones**
 

docs/CAF_WAF_COMPLIANCE_ANALYSIS.md

@@ -428,20 +428,22 @@ lifecycleRules: [
 - Step-by-step deployment guides for different tenancy models
 - Operational runbooks and troubleshooting guides
 
+
 ### ✅ **Ready** - Score: 92/100
 ✅ **Strong Foundation**
 - **Naming Conventions**: Fully compliant with CAF standards
-- **Resource Organization**: Clear hierarchy (GEO → Region → CELL)
-- **Tagging Strategy**: Comprehensive tag implementation
+- **Resource Organization**: Clear hierarchy (**GEO → Region → Availability Zone → CELL**)
+- **Tagging Strategy**: Comprehensive tag implementation, including zone count for all CELL-level resources
 - **Governance**: Parameterized templates for organization reusability
 
 **Evidence:**
 ```bicep
-// CAF-Compliant Naming Examples
+// CAF-Compliant Naming Examples (with zone awareness)
 'rg-stamps-eus-prod'                    // Resource Group
-'ca-shared-smb-z3-eus-prod'            // Container App
-'kv-us-eus-prod'                       // Key Vault
+'ca-shared-smb-z3-eus-prod'            // Container App (CELL, 3 zones)
+'kv-us-eus-prod'                       // Key Vault (zone-redundant by default)
 'law-stamps-eus-prod'                  // Log Analytics
+// New hierarchy: GEO → Region → Availability Zone → CELL
 ```
 
 ### 🚀 **Adopt** - Score: 90/100
@@ -557,15 +559,17 @@ resource diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-pr
 
 ### 🔧 **Reliability Pillar** - Score: 89/100
 
+
 #### ✅ **Reliability Features:**
-- **Availability Zones**: Configurable 0-3 zone deployment
+- **Availability Zones**: Configurable 0-3 zone deployment per CELL (GEO → Region → AZ → CELL)
 - **Cross-Region**: Multi-geography replication
 - **Health Checks**: Front Door health probes + Application Gateway probes
-- **SLA Targets**: Documented SLA tiers (99.95%, 99.99%)
+- **SLA Targets**: Documented SLA tiers (99.95%, 99.99%) based on zone count
 - **ENHANCED**: Automated backup strategies with long-term retention
 - **ENHANCED**: Cosmos DB continuous backup (7-day PITR)
 - **ENHANCED**: SQL Database geo-zone backup redundancy
 
+
 #### ✅ **Reliability Improvements COMPLETED:**
 ```bicep
 // IMPLEMENTED: SQL Database backup optimization
@@ -590,6 +594,10 @@ backupPolicy: {
 properties: {
   requestedBackupStorageRedundancy: 'GeoZone'
 }
+
+// Example: CELL-level resource with explicit zone count in name/tag
+'ca-shared-smb-z3-eus-prod' // Container App, 3 zones
+// Hierarchy: GEO → Region → Availability Zone → CELL
 ```
 
 ### 💰 **Cost Optimization** - Score: 87/100
@@ -926,6 +934,7 @@ resource dashboard 'Microsoft.Portal/dashboards@2020-09-01-preview' = {
 
 ---
 
+
 ## 🔗 Related Guides
 
 - [Architecture Guide](./ARCHITECTURE_GUIDE.md)
@@ -934,7 +943,7 @@ resource dashboard 'Microsoft.Portal/dashboards@2020-09-01-preview' = {
 - [Operations Guide](./OPERATIONS_GUIDE.md)
 - [Cost Optimization Guide](./COST_OPTIMIZATION_GUIDE.md)
 - [Developer Security Guide](./DEVELOPER_SECURITY_GUIDE.md)
-- [Naming Conventions](./NAMING_CONVENTIONS.md)
+- [Naming Conventions](./NAMING_CONVENTIONS.md) — see for full details on the **GEO → Region → Availability Zone → CELL** hierarchy and zone-aware naming/tagging
 - [Parameterization Guide](./PARAMETERIZATION_GUIDE.md)
 - [Glossary](./GLOSSARY.md)
 - [Known Issues](./KNOWN_ISSUES.md)
@@ -947,6 +956,14 @@ resource dashboard 'Microsoft.Portal/dashboards@2020-09-01-preview' = {
 
 ---
 
+
+---
+
+### **Why Availability Zones Matter in the Stamps Pattern**
+- **High Availability (HA):** Deploying CELLs across multiple AZs protects against datacenter failures and supports strict SLA targets.
+- **Disaster Recovery (DR):** AZs enable rapid failover and business continuity for each CELL.
+- **Flexible Cost/SLA:** You can choose the number of AZs per CELL to balance cost and durability for each tenant or workload, supporting both enterprise and cost-sensitive scenarios.
+
 *Assessment completed on: August 2, 2025*  
 *Assessor: AI Architecture Review Agent*  
 *Version: 1.0*

docs/COST_OPTIMIZATION_GUIDE.md

@@ -57,6 +57,44 @@ Cost optimization in the Azure Stamps Pattern requires understanding the **total
 
 ---
 
+
+## 🏗️ Zone Flexibility: Cost, Durability, and SLA Options
+
+The Azure Stamps Pattern is built on a four-tier hierarchy: **GEO → Region → Availability Zone → CELL**. This enables highly flexible deployment options for each CELL, allowing you to optimize for cost, durability, and business requirements at a granular level.
+
+- **No Zones (z0):** No zone redundancy. Lowest cost, suitable for dev/test or non-critical workloads. Standard durability and SLA.
+- **1 Zone (z1):** Single zone deployment, standard SLA, moderate cost.
+- **2 Zones (z2):** High availability with failover across two AZs, 99.95% SLA, increased cost (+20%).
+- **3 Zones (z3):** Maximum durability and resilience with three AZs, 99.99% SLA, highest cost (+40%).
+
+**Key Points:**
+- You can mix and match zone configurations per CELL to right-size cost, durability, and SLA for every tenant or workload.
+- Zone-aware naming and tagging (e.g., `ca-shared-smb-z3-eus-prod`) help track and manage these options and support compliance/auditing.
+- Higher zone count increases cost but provides stronger SLAs, disaster recovery, and business continuity.
+
+
+**Why Availability Zones Matter:**
+- **High Availability (HA):** Deploying CELLs across multiple AZs protects against datacenter failures and supports strict SLA targets.
+- **Disaster Recovery (DR):** AZs enable rapid failover and business continuity for each CELL.
+- **Flexible Cost/SLA:** Choose the number of AZs per CELL to balance cost and durability for each tenant or workload, supporting both enterprise and cost-sensitive scenarios.
+
+> **Global Capacity Management & Cloud Supply Constraints**
+>
+> Cloud providers sometimes face regional or zone capacity limits for compute and storage due to demand spikes, supply chain issues, or quota exhaustion. The Stamps Pattern’s modular, zone-aware, and multi-region CELL design gives you more options to mitigate these challenges: if a region or AZ is at capacity, you can deploy new CELLs in available locations with minimal disruption, maintaining business continuity and agility even in constrained environments.
+
+**Example Table:**
+
+| Zone Config | Use Case | SLA Target | Cost Impact |
+|-------------|--------------------------|------------|-------------|
+| z0 (No Zones) | Dev/Test, non-critical  | Standard   | Lowest      |
+| z1 (1 Zone)  | Standard prod workloads | Standard   | Baseline    |
+| z2 (2 Zones) | HA, regulated workloads | 99.95%     | +20%        |
+| z3 (3 Zones) | Mission-critical, DR    | 99.99%     | +40%        |
+
+**Tip:** For cost-sensitive tenants, start with z0/z1. For enterprise or regulated tenants, use z2/z3 for higher durability and compliance.
+
+This flexibility is a core advantage of the Stamps Pattern—enabling you to right-size cost and resilience for every business scenario.
+
 ## 📊 Deployment Cost Analysis
 
 Understanding the cost implications of different deployment scenarios is crucial for making informed architectural decisions. The following analysis compares various deployment patterns across different scales and tenancy models.

docs/GLOSSARY.md

@@ -54,22 +54,36 @@ An Azure architectural pattern that deploys identical "stamps" of infrastructure
 - **Benefits**: Predictable performance, easier troubleshooting, horizontal scaling
 - **Example**: Netflix uses a similar pattern to serve different regions with identical infrastructure
 
-### **GEO → Region → CELL Hierarchy**
-The three-tier architecture structure of the Stamps Pattern:
+
+### **GEO → Region → Availability Zone → CELL Hierarchy**
+The four-tier architecture structure of the Stamps Pattern:
 - **GEO**: Geographic area (e.g., North America, Europe) - highest level routing
 - **Region**: Azure region within a GEO (e.g., East US, West Europe) - regional services
-- **CELL**: Individual application instance within a region - tenant hosting
+- **Availability Zone (AZ)**: Physically separate datacenters within a region, providing high availability and fault tolerance. Each CELL can be deployed in 0, 1, 2, or 3 zones depending on business and SLA requirements.
+- **CELL**: Individual application instance within a zone - tenant hosting and logical isolation
 
-**Visual Representation**:
+**Visual Representation:**
 ```
 🌍 North America GEO
 ├── 🏢 East US Region
-│   ├── 🏠 CELL-001 (Shared: 50 tenants)
-│   └── 🏠 CELL-002 (Dedicated: 1 enterprise tenant)
+│   ├── 🗂️ AZ 1
+│   │   ├── 🏠 CELL-001 (Shared: 50 tenants)
+│   │   └── 🏠 CELL-002 (Dedicated: 1 enterprise tenant)
+│   └── 🗂️ AZ 2
+│       └── 🏠 CELL-003 (Shared: 30 tenants)
 └── 🏢 West US Region
-    └── 🏠 CELL-003 (Shared: 75 tenants)
+    ├── 🗂️ AZ 1
+    │   └── 🏠 CELL-004 (Shared: 75 tenants)
+    └── 🗂️ AZ 2
+        └── 🏠 CELL-005 (Dedicated: 1 enterprise tenant)
 ```
 
+**Why Availability Zones Matter:**
+- **High Availability (HA):** Deploying CELLs across multiple AZs protects against datacenter failures.
+- **Disaster Recovery (DR):** AZs enable rapid failover and business continuity.
+- **Flexible Cost/SLA:** You can choose the number of AZs per CELL to balance cost and durability for each tenant or workload.
+
+
 ### **CELL (Compute Environment for Logical Isolation)**
 An isolated application instance that hosts one or more tenants.
 - **Shared CELL**: Multi-tenant, cost-optimized (10-100 tenants per CELL)

docs/NAMING_CONVENTIONS.md

@@ -51,7 +51,7 @@
 
 This guide defines the standardized naming conventions for the Azure Stamps Pattern implementation to ensure consistency, clarity, and Azure best practices compliance.
 
-> **📝 Recent Updates**: This guide was enhanced to address naming consistency issues, particularly ensuring resource groups include Azure region abbreviations and storage accounts stay within the 24-character limit. All deployment scripts and templates have been updated to follow these standards.
+> **📝 Recent Updates**: This guide now reflects the four-tier hierarchy: **GEO → Region → Availability Zone → CELL**. All CELL-level resources should include zone information in their names and tags to support high availability (HA), disaster recovery (DR), and cost/SLA flexibility.
 
 ## 🌍 **Resource Group Naming**
 
@@ -115,10 +115,10 @@ This guide defines the standardized naming conventions for the Azure Stamps Patt
 ```
 
 **Zone Count Convention**:
-- `z0`: Single zone (development/testing)
+- `z0`: No zone (development/testing, lowest cost)
 - `z1`: Single zone deployment (standard)
-- `z2`: Two-zone deployment (99.95% SLA)
-- `z3`: Three-zone deployment (99.99% SLA)
+- `z2`: Two-zone deployment (99.95% SLA, HA)
+- `z3`: Three-zone deployment (99.99% SLA, maximum resilience)
 
 ### **Data Resources**
 ```bicep
@@ -192,8 +192,11 @@ This guide defines the standardized naming conventions for the Azure Stamps Patt
 // Example: acruseusprod
 ```
 
+
 ## 🔄 **Zone-Aware Naming Considerations**
 
+### **Hierarchy:** GEO → Region → Availability Zone → CELL
+
 ### **When to Include Zone Information**
 - ✅ **CELL Resources**: All CELL-level resources should include zone count (ca-, sqldb-, cosmos-)
 - ✅ **Application Services**: Container Apps, Function Apps that are CELL-specific
@@ -204,11 +207,16 @@ This guide defines the standardized naming conventions for the Azure Stamps Patt
 ### **Zone Count Mapping**
 | Zone Config | Naming | Use Case | SLA | Cost Impact |
 |-------------|--------|----------|-----|-------------|
-| **0 Zones** | `z0` | Development, testing | Standard | Baseline |
+| **0 Zones** | `z0` | No zone (dev/test, lowest cost) | Standard | Baseline |
 | **1 Zone** | `z1` | Single zone deployment | Standard | Baseline |
 | **2 Zones** | `z2` | Basic HA with failover | 99.95% | +20% |
 | **3 Zones** | `z3` | Maximum resilience | 99.99% | +40% |
 
+### **Why Availability Zones Matter**
+- **High Availability (HA):** Deploying CELLs across multiple AZs protects against datacenter failures.
+- **Disaster Recovery (DR):** AZs enable rapid failover and business continuity.
+- **Flexible Cost/SLA:** You can choose the number of AZs per CELL to balance cost and durability for each tenant or workload.
+
 ### **Examples by Tenancy Model**
 ```bicep
 // Shared Tenancy Examples