Bring your Azure Services closer

/ Azure, Azure Architecture, Azure Compute, Azure Network, Azure Regions, Azure Update, Best Practices / By
Azure Extended Zones – L.A.

# Overview

Azure now offers a new capability to deploy compute resources (VMs/AVD) πŸ’», containers πŸ«™, storage services as well as a dedicated subset of Azure services in Azure Extended Zones (Link), providing a diverse range of Azure locations for organizational workloads. Currently, Azure Extended Zone is now operational in Los Angeles, California πŸ–οΈ, but will hopefully be extended to other regions across the globe. An Azure Extended Zone works according to the following principal in the diagram.

Overview of Azure Extended Zones baseline architecture

# Use Cases πŸ§‘β€πŸ­

Azure Extended Zones are compact extensions of Azure strategically positioned in metropolitan areas πŸ™οΈ, industry hubs 🏭, or specific jurisdictions. Part of the Microsoft global network, the Extended Zones provide secure, reliable, high-bandwidth connectivity between workloads🌐 running super close to users πŸ§‘β€πŸ’». These zones are designed to support the following Use Cases:

Low Latency Apps⚑

Running resources, such as media editing software, remotely with low latency.
βœ…

Data Residency 🏑

Ensuring application data remains within a specific Azure geography (e.g. usa) for privacy, regulatory, and compliance reasons. ➑️ Azure geographies are distinct markets that typically contain one or more regions. Let customers with specific data residency and compliance needs keep their data and applications close.
βœ…

# Supported Azure ServicesπŸ›ž

The following screenshot lists all Azure Services that are supported by Azure Extended Zones.

All supported Azure Services for Extended Zones

# Pricing πŸ’°

Pricing and billing for resources in the Los Angeles Azure Extended Zone align with the West US Region. Resources in the Los Angeles Extended Zone are billed at the same rates as those in the West US Region.

# Registration & Activation βœ”οΈ

To deploy services within an Azure Extended Zone, access must first be requested, using the resource provider Microsoft.EdgeZones” as first step. Explicitly register your Azure Subscription with Owner permissions, as this capability is not enabled by default. It is important that the Azure account must be billable, and you can use the Azure CLI, as the following screenshot illustrates.

Register Azure Subscription for “Microsoft.EdgeZones

After the provider has been registered on the Azure Subscription successfully, we can get a list of available extended zone names as well as execute the activation for the needed regional name, as the following screenshot illustrates. In this case only Los Angeles is available. Please keep in mind that the Azure CLI extension for edge zones must be installed as well, but it will be automatically installed the first time running an az edge-zones command.

Activation/Registration of region name ‘Los Angeles’ on Azure

⚠️ Attention/Important:
1. The Azure Extended Zone cannot be used until its “registrationState” becomes Registered.
2. The activation of an Azure Sponsorship Subscription for example is not working, and the process will get stuck with the state “PendingRegister“.

# Deploy Azure VNet (Extended)

As next step an Azure Virtual Network (VNet) must be deploy in the activated Azure Extended Zone of Los Angeles. Make sure the “(US) West US” is selected as parent region for the Azure Extended Zone, like the following screenshot shows.

Create Azure VNet in an Extended Zone

After the right parent zone is selected, there is the opportunity to select the region of the Azure Extended Zone, in this case “Los Angeles“, as the following screenshot illustrates.

Select the location of the Azure Extended Zone

Once the Azure Virtual Network (VNet) is created in the Extended Zone. Azure will handle the provisioning process, which may take a few minutes. After the deployment is complete, the network will be ready for use. At this point, you can move forward with deploying a virtual machine or another supported Azure Service within the newly established network. This setup ensures that the virtual machine is integrated into the Azure Extended Zone in Los Angeles, benefiting from enhanced redundancy and availability.

# Deploy Azure Services

Creating an Azure VM involves navigating through a few key steps within the Azure portal. In the “Virtual Machine” section select the appropriate option and initiate the creation process. Fill out essential details in the Basics tab, like the following example shows. Make sure to create the VM in “(US) Los Angeles” with the parent region “West US” to make sure the resource is part of the Azure Extended Zone.

Create Azure VM in the Extended Zone

Networking configuration of the Network Interface Card (NIC) of the Azure VM in the Extended Zone plays a critical role. Select the Azure VNet of the Azure Extended Zone with the name “vnet-extzone-test-la-001“, created in the previous chapter of this article.

Create the NIC of the Azure VM in the Azure Extended Zone VNet

Please keep in mind that there is no Default outbound access for Azure VMs in Azure Extended Zones (e.g., to the internet), as my previous blog post already explained. The admin connection to this Azure VM should be covered by your normal administration process over the Azure Landing Zone (Hub, etc.) as usual.

The Azure VNet can be peered to the Hub VNet of the Azure Landing Zone as every other Spoke VNet in Azure, as Azure Virtual Network Peering is supported. It allows seamless connection between Azure VNets, enabling, high-bandwidth communication using private IPs. It simplifies network architecture by eliminating the need for complex VPN connections, reduces costs through lower data transfer charges, and enhances security by avoiding public internet exposure.

# Limitations β›”

The following limitations and restrictions must be considered if Azure Extended Zones want to be used in productive scenarios:

Zone Location

At the moment Extended Zones are currently only available in Los Angeles (LA) region. Customer data in an Azure Extended Zone is stored and processed in the Extended Zone location (e.g. losangeles), which can be outside the associated Azure Geography and parent region (e.g., westus). If the Extended Zone’s parent region is in the same country/region, customer data will remain within that geography (e.g., usa).
😳

Access must be requested

To deploy services within an Azure Extended Zone, access must first be requested, using the . Explicitly register your Azure Subscription with Owner permissions, as this capability is not enabled by default. It is important that the Azure account must be billable.

β›” If a non-billable Azure Subscription is used, the “registrationState” will get stuck with the status PendingRegister“.
πŸ”

Azure Services

Only a subset of Azure services is available in an Azure Extended Zone due to its size, hardware, and use cases.

πŸ“Note: Full access to all Azure services is available in the parent Azure region (e.g. westus).
πŸ₯ˆ

Azure VMs

Only Virtual Machines for “general purpose” can be used on Azure Extended Zones with the series A, B, D, E, and F series as well as GPU NVadsA10 v5 series.
πŸ’»

Traffic Control

Network Security Groups (NSGs) πŸ”’ and user-defined routes (UDRs) ➑️ can be used in Los Angeles, created in the parent region West US within the Azure Extended Zone. The same principal works for an Azure Firewall 🧱 as well.
🧱
Scroll to Top