Skip to main content

Core System

Overview of subscriptions, management groups and resources

Screenshot of the hierarchy for objects in Azure.

  • Resources: Resources are instances of services that you create, such as virtual machines, storage or SQL databases.
  • Resource Groups: Resources are combined into resource groups, which act as logical containers within which Azure resources such as web applications, databases and storage accounts are deployed and managed.
  • Subscriptions: Subscriptions combine user accounts and the resources created by those user accounts. For each subscription, there are limits or quotas on the amount of resources you can create and use. Organisations can use subscriptions to manage costs, or resources created by users, teams or projects.
  • Management groups: These groups help you manage access, policies and compliance for multiple subscriptions. All subscriptions in a management group automatically inherit the conditions applied to the management group.

Regions, Availability Regions and Region Pairs

Resources are created in "regions", which are the different geographical locations around the world that contain Azure data centres.

Azure is made up of data centres around the world. When using services or creating resources such as SQL databases or virtual machines (VMs), physical devices in one or more of these locations are used. These specific data centres are not directly available to users. Azure will organise them into regions.

Regions

Global map of available Azure regions as of June 2020.

A region is a geographical area of the planet containing at least one (but most likely multiple) data centres that are adjacent to each other and connected to each other via a low-latency network. Azure intelligently allocates and controls the resources within each region to ensure proper workload balancing.

Some services or VM features, such as specific VM sizes or storage types, are only available in specific regions. There are also global Azure services that do not require users to select a specific zone, such as Azure Active Directory, Azure Traffic Manager and Azure DNS.

The importance of regions

Azure has more global regions than any other cloud provider. With these zones, you can effectively and flexibly reduce the distance between your applications and your users, no matter where they are located. Global regions offer better scalability and redundancy. They also retain data residency for services.

Special Regions

  • Mid US DoD, US Gov Virginia, US Gov Iowa and other regions: These regions are segregated instances of Azure physical and logical networks for US government agencies and partners. These data centres are operated by selected U.S. citizens and include other compliance certifications.
  • Regions such as Eastern China, Northern China: These regions are available to users following a sole partnership between Microsoft and 21Vianet, which eliminates the need for Microsoft to directly maintain the relevant data centre.

Availability Areas

To ensure that services and data are redundant so that information can be protected in the event of a failure. When hosting an infrastructure, setting up your own redundancy requires creating duplicate hardware environments. Azure can help achieve high availability of applications through Availability Zones.

What is an Availability Zone?

Availability zones are physically separate data centres within an Azure region. Each Availability Zone consists of one or more data centres that are configured with separate power, cooling and networking. Availability zones are set up as isolated boundaries. If one zone fails, the other zones continue to function normally. The availability zones are connected via a high-speed dedicated fibre optic network.

Diagram showing three datacenters connected in a single Azure region representing an availability zone.

Supported regions

Not every region supports availability zones. For a list of updates, see Areas in Azure that support availability zones

Using availability zones in applications

Availability zones can be used to run mission-critical applications with high availability built into the application architecture by co-locating compute, storage, network and data resources in one zone and replicating them to other zones. Keep in mind that there may be costs associated with replicating services and transferring data between regions.

Availability zones are mainly used for VMs, managed disks, load balancers and SQL databases. Azure services that support availability zones fall into two categories.

  • Regional services: fixes resources (such as VMs, managed disks and IP addresses) to a specific region.
  • Regional redundancy services: the platform is automatically replicated across regions (e.g. regional redundant storage and SQL databases).
  • Non-geo-regional services: services are always provisioned from the Azure geographic location, allowing flexibility for local area and geographic area wide service outages.

Region pairs

Availability regions are created using one or more data centres. There are a minimum of three regions within a single region. A major disaster may trigger a disruption severe enough to affect even two data sinks. This is why Azure also creates zone pairs.

What is a region pair?

Each Azure region is always paired with another region within the same geography that is at least 300 miles away (e.g. USA, Europe or Asia). This method is used to replicate resources (e.g. VM storage) across geographies and helps reduce the likelihood of service disruptions due to events such as natural disasters, social unrest, power outages or physical network disruptions that affect both regions. For example, if one region in a pair is hit by a natural disaster, the service will automatically failover to the other region in its pair.

Diagram showing relationship between geography, region pair, region, and datacenter.

Because zone pairs are directly connected and far enough apart to be isolated from regional disasters, they can be used to provide reliable service and data redundancy. Some services use zone pairs to provide automatic off-site redundant storage.

Other benefits of zone pairs.

  • In the event of a large-scale Azure service outage, one region in each region pair is prioritised, ensuring that at least one region is restored as soon as possible for the applications hosted in that region pair.
  • Planned Azure updates are performed on a region-by-region basis to minimise downtime and reduce the risk of application outages.
  • For tax and law enforcement jurisdictional reasons, data remains in the same geographic area in paired pairs (except for southern Brazil).