question

pallab avatar image
0 Votes"
pallab asked ·

Azure Blob Storage with GZRS Replication, DR Testing

I would like to know the below things please.

1) I did a failover of my Azure Storage Account with GZRS replication from Canada Central to Canada East and i saw that the replication got changed to LRS automatically as i believe, that is how it should be. So i believe i have to reconfigure the replication once again. But while reconfiguring, i didn't see any option to convert it back to GZRS, it was only GRS. So is this how it should be that once you failover from Primary to Secondary with GZRS, you cannot get back to GZRS?

2) My storage account is configured with private endpoint and private link. I have an internal Storage API that will be be called by a front end application to talk to the Private Endpoint Storage Account and the blobs inside it. So my question is, if i do a failover of my storage account during disaster from Primary Canada Central to Secondary Canada East, is there anything that needs to be done on the Private Endpoint side so that the storage account traffic is redirected to Canada East, or this will be done automatically by the service on the backend?

Appreciate a quick reply please.

azure-storage-accountsazure-blob-storageazure-private-link
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Sumarigo-MSFT avatar image
0 Votes"
Sumarigo-MSFT answered ·

@pallab Welcome to Microsoft Q&A, Thank you for posting your query!

Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused.

  • This is expected behavior. LRS -> GZRS with LRS as primary is not supported.

To get back to the original state (GZRS), you have to
(1) Convert LRS in to GRS,
(2) Failback to (as LRS),
(3) Then request Azure to migrate this LRS to ZRS , which can then be converted to GZRS .

Change how a storage account is replicated

After the failover, your storage account type is automatically converted to locally redundant storage (LRS) in the new primary region. You can re-enable geo-redundant storage (GRS) or read-access geo-redundant storage (RA-GRS) for the account. Note that converting from LRS to GRS or RA-GRS incurs an additional cost.

After you re-enable GRS for your storage account, Microsoft begins replicating the data in your account to the new secondary region. Replication time is dependent on the amount of data being replicated.

  • For read access to the secondary region with a storage account configured for geo-redundant storage, you need separate private endpoints for both the primary and secondary instances of the service. You don't need to create a private endpoint for the secondary instance for failover. The private endpoint will automatically connect to the new primary instance after failover.

Hope this helps!

Kindly let us know if the above helps or you need further assistance on this issue.


Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.


· 3 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

For read access to the secondary region with a storage account configured for geo-redundant storage, you need separate private endpoints for both the primary and secondary instances of the service. You don't need to create a private endpoint for the secondary instance for failover. The private endpoint will automatically connect to the new primary instance after failover. --> Thanks Sumarigo for the answer.

What about any changes that we need to do in our Private DNS Zone during a Disaster and when the Storage Account has been failed over by Microsoft to the Secondary Region?
Is there anything that we need to worry about for our Private DNS Zone or the ingress traffic to the Storage Endpoint will automatically be routed to the new secondary private endpoint?
Can you please let me know.
Thanks

0 Votes 0 ·

Also whatever you have mentioned about "This is expected behavior. LRS -> GZRS with LRS as primary is not supported." is this true for Microsoft Initiated failover also, in case of an actual disaster, or this is applicable only in case of a user initiated failover?

0 Votes 0 ·

For (2) that should happen automatically. Are you seeing any errors on that?
for (1), are you referring to it being LRS in the secondary region? Yes, there has to be a manual migration to turn it into ZRS

0 Votes 0 ·