Multi-tier web application built for HA/DR

This example scenario applies to any industry that needs to deploy resilient multitier applications built for high availability and disaster recovery. The application consists of three layers in this scenario.

Web tier

The top layer includes the user interface. This layer parses user interactions and passes the actions to the next layer for processing.

Business tier

This layer processes user interactions and makes logical decisions about the next steps. It connects the web tier and the data tier.

Data tier

Stores the application data. Either a database, object storage, or file storage is typically used.

Common application scenarios include any mission-critical application running on Windows or Linux. This can be an off-the-shelf application like SAP and SharePoint or a custom line-of-business application.

Use Case of this Example

Other relevant use cases include

• Deploying highly resilient applications such as SAP and SharePoint

• Designing a business continuity and disaster recovery plan for line-of-business applications

• Configure disaster recovery and perform related drills for compliance purposes

Application Architecture with HA/DR

In Azure regions that support availability zones, you can deploy your virtual machines (VMs) in a source region across availability zones and replicate them to the target region used for disaster recovery. In Azure regions that don't support availability zones, you can deploy your VMs within an availability set and replicate them to the target region.

To route traffic between regions, you need a global load balancer. There are two main Azure offerings:

• Azure Front Door

• Azure Traffic Manager

This architecture uses Traffic Manager because it's lightweight. The failover timing is sufficient for illustrative purposes.

Solution Components

• Availability sets ensure that the VMs you deploy on Azure are distributed across multiple isolated hardware nodes in a cluster. If a hardware or software failure occurs within Azure, only a subset of your VMs are affected, and your entire solution remains available and operational.

• Availability zones protect your applications and data from datacenter failures. Availability zones are separate physical locations within an Azure region. Each zone consists of one or more datacenters equipped with independent power, cooling, and networking.

• Azure Site Recovery allows you to replicate VMs to another Azure region for business continuity and disaster recovery needs. You can conduct periodic disaster recovery drills to ensure you meet the compliance needs. The VM will be replicated with the specified settings to the selected region so that you can recover your applications in the event of outages in the source region.

• Azure Traffic Manager is a DNS-based traffic load balancer that distributes traffic optimally to services across global Azure regions while providing high availability and responsiveness.

• Azure Load Balancer distributes inbound traffic according to defined rules and health probes. A load balancer provides low latency and high throughput, scaling up to millions of flows for all TCP and UDP applications. A public load balancer is used in this scenario to distribute incoming client traffic to the web tier. An internal load balancer is used in this scenario to distribute traffic from the business tier to the back-end SQL Server cluster.

Alternatives of the above components

• Windows can be replaced by other operating systems because nothing in the infrastructure is dependent on the operating system.

• SQL Server for Linux can replace the back-end data store, or Azure SQL and Managed instance can be used.

• The database can be replaced by any standard database application available.

• Azure Front Door can replace Azure Traffic Managed with WAF for Layer 7 Security.

Scalability

• Add or remove VMs in each tier based on your scaling requirements.

• Use the Azure VM scale set if the application for burstable scaling supports it.

• Use Azure SQL or Managed Instance for high scalability and zero manageability of underlying VMs.

Security

• Azure Defender for Cloud can be used to protect the workloads.

• Use Azure Firewall if cost is not an issue; otherwise, use NSG to protect the workload.

• Use Azure Front Door for WAF with frontend application.

• Use Managed Disk Encryption and Host Encryption for end-to-end encryption.

Pricing

Configuring disaster recovery for Azure VMs using Azure Site Recovery will incur the following charges on an ongoing basis.

• Azure Site Recovery licensing cost per VM.

• Replicating data changes from the source VM disks to another Azure region requires network egress. Azure Site Recovery uses built-in compression to reduce the data transfer requirements by approximately 50%.

• Storage costs on the recovery site are typically the same as the source region storage plus any additional storage needed to maintain the recovery points as snapshots for recovery.

• Any other components like Azure Firewall, Azure SQL and Managed Instances.

Microsoft has provided a sample cost calculator for configuring disaster recovery for a three-tier application using six virtual machines. All of the services are pre-configured in the cost calculator.