How can you test RA-GRS redundancy?

I had a university in Los Angeles who wanted to walk through how to recover from a secondary RA-GRS storage location in the event of an outage. I put together a quick FAQ and steps to help clarify a few unclear areas:

What is the difference between RA-GRS and GRS?

The main difference between GRS and RA-GRS is RA-GRS has a read only replica in the secondary paired region while GRS has a read/write storage replica in the secondary paired region. Both options have 3 local regional copies and 3 secondary copies in the paired region for a total of 6 storage copies. More on both GRS here and RA-GRS here.

Which one should I leverage?

We recommend going with RA-GRS as your first choice since it provides read access to the secondary regional copy unlike GRS. You will have to weigh functionality vs. price as it does cost more.

The RA-GRS secondary read only replica can be used for many purposes such as application upgrades where you point to the secondary read-only data , pulling from read only source for extraction, querying read only data replica, and additional outage recovery scenarios not available in GRS.

What happens if a regional failover occurs with RA-GRS or GRS?

If a complete regional storage failure occurs, we will first try and resolve the problem and if not resolvable we will determine that a failover is necessary and initiate a failover to the secondary paired region. This will provide full read and write access to this secondary paired region for both GRS and also RA-GRS. The failover is automatic and DNS will be switched automatically to the secondary.

See more on GRS and RA-GRS failover considerations here.

A feature may be coming in the future to allow for customer initiated RA-GRS and GRS failover for DR testing, etc. See here.

What happens if a temporary regional outage exists with RA-GRS (not GRS)?

If a temporary outage occurs with RA-GRS you can either:

  1. Either wait for resolution of the of storage outage in that primary region and use read only data in the interim


  1. If read and write is needed, you can manually copy data from the read only secondary storage account to a new storage account to have read and write access

Do I need another key to access the read-only replica data?

No, the access keys for your storage account are the same for both the primary and secondary endpoints with RA-GRS.

How do I access my RA-GRS replicated data in the secondary paired region?

1) Determine the storage account key, region, and secondary storage account URI

Open Azure Portal

Visit the RA-GRS storage account you would like to view

Click ‘Overview'

From the Overview blade, copy the storage account’s secondary region, and secondary storage account URI for use later


Grab the storage account key from the ‘Access keys’ blade

2) Create a new storage account in same region as secondary read only replica along with a new container to copy data into. This can be pre-staged or scripted.

3)Use AzCopy to copy data over from the secondary read only storage account to the newly created read/write storage account – I used Bash Shell in Azure portal since it has AzCopy for Linux already in Azure CLI

I used –recursive switch to copy everything in the read only secondary container to the new read-write container:

azcopy \
--source \
--destination \
--source-key <key1> \
--dest-key <key2> \

-- recursive


4)If needed, change the application over to the newly created read-write storage account URL path/access key in new region. See more on using RA-GRS in HA applications here.