(Yes Denmark datacenters are missing from the picture currently 🙂
Last week, Microsoft published a press release stating that they in 2021 will go live with two datacenters in Sweden (https://news.microsoft.com/europe/2020/11/24/microsoft-announces-investments-to-accelerate-swedens-digital-transformation-and-plans-to-open-its-sustainable-datacenter-region-in-2021/) and then today announced that they will be opening datacenters in Denmark as well.
This means that Microsoft will be providing cloud-based services such as Microsoft Azure, Microsoft 365 and Dynamics 365 from datacenters on Swedish and Danish soil.
Of course after working intensively with the Norwegian datacenters, there are a couple of things I wanted to share for those that are planning a bit ahead and want to deploy/build services on the new datacenters that are coming, since there might be some dependencies that are missing once you start deploying your services.
For customers that are planning to start using these datacenters as base for future services, there are some important aspects to consider. In terms of availability, Microsoft will have two regions in Sweden with one datacenter in Gävle Sandviken and the second in Staffanstorp. These two regions will be configured as geo-paired regions which means that Azure based services which are using geo-redundancy for data will be replicated between these regions to ensure availability. To ensure that data is not going outside of Swedish soil but still have availability of the data in case one of the regions where to go down. Also with three datacenters coming to Denmark as well, press release here –> https://news.microsoft.com/europe/features/microsoft-announces-plans-to-establish-a-new-datacenter-region-in-denmark-to-accelerate-the-countrys-green-digital-transformation/ still a bit unknown until we have some more public information.
Data Governance
Unlike the other regions that Microsoft have available worldwide, the Swedish and Danish datacenters will be in smaller scale and will therefore not have all services available at launch, where a small set of services will be available at launch and more and more services will be added later after rollout based upon a predefined timeline and some services based upon customer request.
Microsoft lists out the different services and availability here –> https://azure.microsoft.com/en-us/global-infrastructure/services/?products=all
The Datacenters will be providing Microsoft Azure Services and will in a later stage provide Microsoft 365 services such as Office 365 and Dynamics 365.
It should also be noted that there are some services that are marked as Global these services will therefore not directly be located within the Nordic datacenters (such as Azure Active Directory) and if your organization already has established an Office 365 or Azure AD tenant, this placement of data has already been set.
(Identity data is stored by Azure AD in a geographical location based on the address provided by your organization when subscribing for a Microsoft Online service such as Office 365 and Azure) –> https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-data-storage-eu you can also view other individual solutions here and locations –> https://msit.powerbi.com/view?r=eyJrIjoiODdjOWViZDctMWRhZS00ODUzLWI4MmQtNWM5NjBkZTBkNjFlIiwidCI6IjcyZjk4OGJmLTg2ZjEtNDFhZi05MWFiLTJkN2NkMDExZGI0NyIsImMiOjV9
But regardless of how you plan to use Azure you should have some a main governance strategy in place to ensure a set of baseline policies and processes are in place and that you have a configured landingsone if you plan to migrate virtual machines out to Microsoft Azure
The best way to start is by using Microsoft Cloud Adoption Framework https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ which is a good starting point, but you need to be aware of that the framework is built for many large organisations and not always suiteable for smaller businesses.
It is also important to understand that using built-in governance features within Azure you can also define policies which ensures that services can only be deployed within the Nordic datacenters and not in the other Azure regions worldwide.
Also if you want more information on data control and security compliance from within Azure you can read more about it here –> https://go.microsoft.com/fwlink/p/?linkid=2051120 this whitepaper goes in detail on the different security mechanisms that are in place both for physical aspect of the datacenter but also security mechanisms within Azure that customers can leverage.
Microsoft Sweden has also created a blueprint for Public Sector which is a collection of tools, templates, policies and reports to support Microsoft Azure cloud adoption for Public sector. You can see the blueprint here –> https://pulse.microsoft.com/uploads/prod/2020/12/Azure_MSMD-White-Paper-FINAL-2.pdf
Network Edge:
When Microsoft opens new datacenters, they also provide customers with the ability to move their Office 365 tenants from existing locations to the new datacenters. This is an opportunity we have used for many different customers already when Microsoft setup their datacenters in Norway. This is done through a request from within the Office 365 admin portal and the move from one location to another happens without downtime. This small change also reduces latency to Office 365 services which improves the overall experience if your users are closer to the new datacenter.
If your organization does not decide to move their Office 365 tenants to the Nordic datacenters they will still gain advantage of the new core network. Essentially all network traffic from an end-user will enter Microsoft core network at the closest location and use the internal network to route the destination. Which can be seen here –> https://connectivity.office.com/
Another important aspect is if you or your organization will be using services such as Front-door or Azure WVAN to provide Hybrid Connectivity or provide load balances services, these services will also be routed to the closest location from where the end-user is placed using TCP Anycast. So, if you already have services in place running on other Azure datacenters this means that with the use of these services you will also reduce the latency and improve the end-user experience for the users.
Data Availability:
As part of each Datacenter that Microsoft is setting up, each region is configured with Availability Zones which are independent datacenters within the same region. When setting up for instance a service or virtual machine workload in Azure you need to understand that the availability of that machine is only within the region where it is placed. that means that if a region or zone goes down, your services will be unavailable. So, ensure that your service leverages either Availability Zones where machines that provides a service are deployed into separate zones or that services are configured using a disaster recovery feature or that there are mechanisms in place which allows you to easily redeploy the service in the other region.
Moving existing workloads to the new datacenters?
If you as a customer have already established workloads in Azure in another region, can you migrate those services back to the Nordic datacenters? There are some options available once the datacenters are ready. Microsoft recently launched a new service called Azure Resource Mover which allows you to migrate IaaS based workloads to another region. If you are using other services such as PaaS services or Cloud Native, you would need to redeploy to the new region. Or you can configure a hybrid approach where you have a set of services which you would like to run from the Nordic datacenters close to your users there but still have the main services in another region.
Also, if you are planning to migrate workloads out of your own datacenter or infrastructure to Azure there are different paths that you can take to do the migration. However, an important aspect is understanding what is supported in terms of Operating Systems, Networking protocols or other underlying hardware features.
Not all services that you have on-prem can run optimal in the cloud, such as if you have services that require hypervisor integration, physical devices, spesific layer 2 network protocols such as GARP/RARP/VRPP are not available in Azure.
Plan – Capacity is not endless
If you have a big project that is dependent on using Microsoft Azure, one of the things that you should consider the capacity that you need, because regardless of this is a cloud platform there is large set of other customers that want access to resources as well and therefore Microsoft needs to plan for this accordingly. For instance, there is a soft limit for the number of virtual cores you get access to initially, which can be adjusted to a higher number but when Microsoft set’s up new region there will be an approval process to control access and quota to the new datacenters.
As example here with the Norwegian datacenters
Secondly as with the latest setup of the new datacenters Microsoft wants a more controlled approach and therefore a lot of the access to Azure in both Sweden and Denmark will require approval from Microsoft before customers or partners is given access to the new datacenters. Time will tell if this is going to be the case.
Service Monitoring:
When you get up and running in Microsoft Azure and depending on the services you establish you also need to monitor the service, I’m not going into detail on that but the biggest thing that you should monitor is the underlying platform itself when it comes to planned and unplanned downtime. This is something that can be monitored using Azure Service Health https://azure.microsoft.com/en-us/features/service-health/ where you can get notified about download or service issues on the regions.
You can also view the status of services and availability here –> https://status.azure.com/nb-no/status
SLA and Availability
As part of each Datacenters that Microsoft is setting up, each region will also supporting Availability Zones which are independent datacenters within the same region. (Not supported at launch)
When setting up for instance a service or virtual machine workloads in Azure you need to understand that the availability of that machine is only within the region where it is placed. Virtual Machines in Azure does not have live migration or mobility options to other zones or other regions. That means that if a region or zone goes down, your services will be unavilable. So ensure that your service leverages either Availability Zones where machines that provides a serivce are deployed into seperate zones. Now to actually get SLA from Microsoft you need to follow the guidelines underneath
- For all Virtual Machines that have two or more instances deployed across two or more Availability Zones in the same Azure region, we guarantee you will have Virtual Machine Connectivity to at least one instance at least 99.99% of the time.
- For all Virtual Machines that have two or more instances deployed in the same Availability Set, we guarantee you will have Virtual Machine Connectivity to at least one instance at least 99.95% of the time.
- For any Single Instance Virtual Machine using premium storage for all Operating System Disks and Data Disks, we guarantee you will have Virtual Machine Connectivity of at least 99.9%.
Spend time building a foundation
If you are planning to build services on the new datacenters in Sweden or Denmark, spend the time to create a foundation which contains a landing zone, security and governance mechanisms or in summary a set of the cloud essentials.
When it comes to design of services in Azure, Microsoft has a good starting point which is based upon a design model they call Virtual DataCenter which you can read more about here –> https://docs.microsoft.com/en-us/azure/architecture/vdc/ in addition using the Cloud Adoption Framework that Microsoft has –> https://docs.microsoft.com/en-us/azure/architecture/cloud-adoption/ which also goes into the different principals into adopting cloud. What I also recommend is that you use another subscription and region for testing new services in Azure. Microsoft is constantly developing new services and functionality which they are releasing into Microsoft Azure as Private / Public preview, now for the most part the new services are published in the main regions such as North / West Europe (as part of EMEA atleast) and other regions, services will be added in a later stage. So having a seperate subscription and another region is a good way to start to learn the new services in the early stages, before they are rolled out to the Nordic datacenters.
How do I follow changes and what’s new?
The best way to monitor and see changes that are coming to Azure and the upcoming regions, I recommend following the official blog https://azure.microsoft.com/nb-no/blog/ (Using RSS) and also leveraging Azure Service Health to monitor the changes (also mentioned under Service Monitoring)
You can also view the status of services and availability here –> https://status.azure.com/nb-no/status