SkarpSkarp

Chapter 5 of 21

Azure Core Architecture: Regions, Availability Zones, and Resource Organization

Peek under Azure’s global hood to see how regions, Availability Zones, and resource groups fit together to deliver resilient, organized cloud environments.

27 min readen

The 7 Azure Core Architectural Components

The Canonical List

The Azure core architectural components (7 items) are:

  1. Azure regions
  2. region pairs
  3. Availability Zones
  4. Azure datacenters
  5. Azure resources
  6. resource groups
  7. subscriptions

Layers of Architecture

Think in layers:

  • Physical: Azure datacenters
  • Geographic/logical: Azure regions, region pairs
  • Resiliency: Availability Zones
  • Workload: Azure resources
  • Organization: resource groups, subscriptions

Exam Focus

For AZ-900 you must:

  • Recognize each term
  • Understand how they relate
  • Pick correct options in scenarios (for example, when to use regions vs. Availability Zones).

Azure Datacenters and Regions: Physical vs. Logical

Azure Datacenters

Azure datacenters are physical buildings with servers, storage, networking, power, cooling, and physical security. They are real facilities, but you rarely choose them directly.

Azure Regions

An Azure region is a set of datacenters in a specific geographic area, connected with low-latency networking and exposed as a single deployment location, like East US or West Europe.

Why Regions Matter

Regions affect:

  • Latency for users
  • Compliance and data residency
  • Which services are available. On AZ-900, you always deploy resources to a region, not to an individual datacenter.

Region Pairs: Built-in Disaster Recovery Strategy

What Is a Region Pair?

A region pair links two Azure regions in the same geography, such as East US ↔ West US or North Europe ↔ West Europe, to support resiliency and disaster recovery.

Key Properties

Region pairs are:

  • In the same broad geography
  • Physically separated (often 300+ miles)
  • Updated in sequence, not at the same time
  • Given priority for at least one region to recover in major outages

Using Region Pairs

You use region pairs for:

  • Disaster recovery (primary in one, failover in the other)
  • Geo-redundant services that replicate to the paired region. For regional disasters, think multiple regions, not just zones.

Availability Zones: High Availability Inside a Region

What Are Availability Zones?

Availability Zones are physically separate locations within a single region, each with independent power, cooling, and networking, connected by low-latency links.

How Zones Are Used

Regions with zones usually have 3 zones. You can:

  • Place VMs in different zones
  • Use zone-redundant services that spread across zones automatically.

Zones vs Regions

Zones handle local failures inside a region. Region pairs handle entire-region disasters. For high availability with low latency, think Availability Zones.

Visualizing Regions, Zones, and Region Pairs

Step 1: Datacenters

West Europe is made of multiple Azure datacenters in Western Europe. You never pick the building; Azure handles that.

Step 2: Region Choice

In the portal you pick Region = West Europe for a VM. That decides where it runs, which laws apply, and which services are available.

Step 3–4: Zones and Pairs

Inside West Europe you use Availability Zones (1, 2, 3) for high availability. For disasters, you rely on the region pair West Europe ↔ North Europe.

Azure Resources: The Building Blocks You Deploy

What Is an Azure Resource?

An Azure resource is any manageable item you create in Azure: VMs, storage accounts, databases, web apps, virtual networks, and more.

Key Properties

Each resource has:

  • A type (VM, storage, etc.)
  • A location (region) in most cases
  • Exactly one resource group
  • Exactly one subscription for billing

Common Confusion

Resources are the things you run. Resource groups are containers that organize those things. Do not mix them up on the exam.

Resource Groups: Organizing and Managing Resources

What Is a Resource Group?

A resource group is a logical container for related Azure resources. Every resource belongs to exactly one resource group, and each group is in one subscription.

Key Uses

Resource groups support:

  • Lifecycle management (deploy/delete as a unit)
  • Organization by app, environment, or department
  • Scopes for RBAC and Azure Policy.

Important Details

Resource groups are logical, not network boundaries. The group has a location, but its resources can live in different regions.

Subscriptions: Boundaries for Billing, Quotas, and Access

What Is a Subscription?

A subscription is a logical container for Azure resources linked to billing, quotas, and access control. Every resource and resource group lives in exactly one subscription.

Why Multiple Subscriptions?

Organizations use multiple subscriptions to separate:

  • Billing and cost centers
  • Environments (prod, test, dev)
  • Risk and regulatory scopes.

Hierarchy Recap

Hierarchy:

  • Subscriptions contain resource groups
  • Resource groups contain resources
  • Resources are deployed to regions (and may use zones).

Thought Exercise: Designing for Availability and Organization

Apply what you have learned in a realistic scenario.

Scenario:

You are helping a small online retailer move their web application to Azure. Requirements:

  • Customers are mainly in Western Europe.
  • The app must stay up even if one datacenter in the chosen region fails.
  • In a rare regional disaster, they are willing to have a short outage, but they want their data protected.
  • They want to separate production and test costs and access.

Your tasks (think through these before checking the hints):

  1. Region choice
  • Which Azure region would you choose as the primary, given the user base?
  1. High availability inside the region
  • Which Azure component would you use to survive the loss of a single datacenter inside that region?
  1. Protection against regional disaster
  • Which Azure concept would you rely on to keep a copy of the data in another region?
  1. Organizing resources
  • How would you use subscriptions and resource groups to separate production and test, and to group related resources?

Hints (unfold mentally after you decide):

  • For (1) pick a Western Europe region close to users.
  • For (2) think about Availability Zones.
  • For (3) think about region pairs and geo-redundant services.
  • For (4) consider one subscription per environment or one subscription with separate resource groups, depending on how strong you want the separation.

Quiz 1: Regions, Zones, and Region Pairs

Check your understanding of Azure’s geographic and resiliency architecture.

You are designing an application that must remain available if one datacenter in a region loses power, but you are not required to survive a full region outage. Which Azure feature should you use first?

  1. Deploy the application to the paired region
  2. Use Availability Zones within the chosen region
  3. Create multiple subscriptions in different geographies
  4. Place resources in different resource groups in the same region
Show Answer

Answer: B) Use Availability Zones within the chosen region

**Use Availability Zones within the chosen region** is correct because zones are separate locations within a region designed to handle failures of individual datacenters or facilities. Deploying to the paired region is mainly for regional disasters, not single-datacenter failures. Multiple subscriptions do not provide infrastructure redundancy by themselves. Different resource groups in the same region do not protect against datacenter outages.

Quiz 2: Resources, Resource Groups, and Subscriptions

Test how well you understand Azure’s organizational hierarchy.

Which statement best describes the relationship between Azure resources, resource groups, and subscriptions?

  1. A resource group can contain resources from multiple subscriptions
  2. A subscription can contain multiple resource groups, and each resource belongs to exactly one resource group within a subscription
  3. A resource can belong to multiple resource groups for high availability
  4. Subscriptions are created inside resource groups to separate billing for each application
Show Answer

Answer: B) A subscription can contain multiple resource groups, and each resource belongs to exactly one resource group within a subscription

The correct statement is that **a subscription can contain multiple resource groups, and each resource belongs to exactly one resource group within a subscription**. Resource groups cannot span subscriptions, resources cannot belong to multiple resource groups, and subscriptions sit above resource groups in the hierarchy, not inside them.

Flashcards: Core Azure Architecture Terms

Use these flashcards to reinforce the seven core architectural components and their roles.

Azure datacenters
Physical facilities that house Azure’s servers, storage, networking, power, cooling, and physical security. They are grouped into Azure regions; you do not select individual datacenters directly.
Azure regions
Sets of Azure datacenters in a specific geographic area, connected by low-latency networking and exposed as a single deployment location (for example, East US, West Europe). Most resources are created in a specific region.
region pairs
Pairs of Azure regions in the same geography that are linked to support disaster recovery. They are physically separated, receive staggered updates, and are prioritized so at least one region in the pair recovers first in a major outage.
Availability Zones
Physically separate locations within a single Azure region, each with independent power, cooling, and networking. They provide high availability against datacenter-level failures inside a region.
Azure resources
Manageable items you create and use in Azure, such as virtual machines, storage accounts, databases, and web apps. Each resource has a type, a location (usually a region), a resource group, and a subscription.
resource groups
Logical containers that hold related Azure resources for management and organization. Every resource belongs to exactly one resource group, and each resource group belongs to one subscription.
subscriptions
Top-level containers for Azure usage that define billing, quotas, and an access control boundary. Subscriptions contain resource groups, which in turn contain resources.

Key Terms

region pairs
Linked pairs of Azure regions in the same geography, designed to support disaster recovery through physical separation, staggered updates, and prioritized recovery.
Azure regions
Sets of Azure datacenters in a specific geographic area, presented as a single deployment location such as East US or West Europe.
subscriptions
Top-level Azure containers associated with billing, quotas, and governance boundaries; they contain resource groups and resources.
Azure resources
Individual items you create and manage in Azure, such as virtual machines, storage accounts, web apps, and databases.
resource groups
Logical containers in a subscription that hold related Azure resources for organization, lifecycle management, and as scopes for access control and policy.
Azure datacenters
Physical facilities that host Azure’s computing, storage, networking, power, cooling, and physical security. They are combined into Azure regions.
Availability Zones
Physically separate locations within a single Azure region, each with independent infrastructure, used to increase high availability against local failures.

Finished reading?

Test your understanding with a custom practice exam on this chapter.

Test yourself