Multi-Region Active-Active Configurations for Azure Blob Storage
In today’s post, I’m excited to shed light on a creative solution I devised to meet a unique client requirement. Azure Blob storage, in its native form, doesn’t inherently support multi-region active-active architectures. However, as every cloud architect knows, challenges often pave the way for innovative solutions.
My client was on the hunt for a method to achieve a multi-region active-active configuration with Azure blob storage. Rising to the occasion, I devised two potential designs, presenting both to the client. After a thorough discussion, the client chose the design that fit their needs seamlessly. I believe sharing these designs might prove beneficial for others faced with a similar challenge.
At the heart of this solution, the client’s application is exposed to its users through Azure Traffic Manager. Traffic manager efficiently routes traffic to Virtual Machines (VMs) located in two separate regions. These VMs, operating behind a load balancer, interact with the Azure blob storage, writing data from both regions. For bolstered security against unforeseen calamities, it’s imperative that the Azure storage account is set to be Geo-redundant. This ensures that in case of disasters, it can be failed over to the secondary region, ensuring accessibility with little to no interruption.
Accessing Storage via Service Endpoint
In this model, Blob storage can be reached from both regions using the Service Endpoint. To counteract potential data exfiltration, Service Endpoint Policies are put into place.
Accessing Storage via Service Endpoint
Accessing Storage via Private Endpoint
The alternate model has Blob storage accessed via a private endpoint from both regions. Given that this model integrates the Azure service into the VNET, Private endpoint options is always a top pick for most of our customers.
Both these designs boast robustness at every layer. With two VMs set up in each region, the system ensures that even if one VM faces issues, the service remains undisturbed. Should both VMs in a single region falter, the other region swiftly steps in to guarantee continued service. Thanks to the Geo-redundant nature of the storage, even in the face of major disruptions, the storage account can switch from the primary to the secondary region. This transition refreshes the DNS entry for the storage account, transforming the secondary endpoint into the primary.
I hope this deep dive into my design solutions offers insights for fellow cloud architects and enthusiasts alike. As the world of cloud computing continually evolves, so does our quest for pioneering solutions.
Published on:
Learn moreRelated posts
Failures Happen in Cloud, but how Azure Cosmos DB keeps your Applications Online
The only thing that’s constant in distributed systems is failures. No cloud platform is immune to failures — from regional outages and transie...
The `azd` extension to configure GitHub Copilot coding agent integration with Azure
This post shares how to set up the GitHub Copilot coding agent integration with Azure resources and services by using the Azure Developer CLI ...
Announcing Azure MCP Server 1.0.0 Stable Release – A New Era for Agentic Workflows
Today marks a major milestone for agentic development on Azure: the stable release of the Azure MCP Server 1.0! The post Announcing Azure MCP ...
From Backup to Discovery: Veeam’s Search Engine Powered by Azure Cosmos DB
This article was co-authored by Zack Rossman, Staff Software Engineer, Veeam; Ashlie Martinez, Staff Software Engineer, Veeam; and James Nguye...
Azure SDK Release (October 2025)
Azure SDK releases every month. In this post, you'll find this month's highlights and release notes. The post Azure SDK Release (October 2025)...
Microsoft Copilot (Microsoft 365): [Copilot Extensibility] No-Code Publishing for Azure AI Foundry Agents to Microsoft 365 Copilot Agent Store
Developers can now publish Azure AI Foundry Agents directly to the Microsoft 365 Copilot Agent Store with a simplified, no-code experience. Pr...
Azure Marketplace and AppSource: A Unified AI Apps and Agents Marketplace
The Microsoft AI Apps and Agents Marketplace is set to transform how businesses discover, purchase, and deploy AI-powered solutions. This new ...
Episode 413 – Simplifying Azure Files with a new file share-centric management model
Welcome to Episode 413 of the Microsoft Cloud IT Pro Podcast. Microsoft has introduced a new file share-centric management model for Azure Fil...
Bringing Context to Copilot: Azure Cosmos DB Best Practices, Right in Your VS Code Workspace
Developers love GitHub Copilot for its instant, intelligent code suggestions. But what if those suggestions could also reflect your specific d...