Resource Group Location vs. Tenant Region

0
votes

I have been tasked with building a PoC in Azure to "simulate" a future global deployment where data transfer time is important factor. The actual deployment will be using fully on-prem resources. So, as odd as it sounds, I am looking for the worse performance possible between the two options.

Architecture A (single tenant):

  1. Create a single Azure tenant in the US region
  2. Create a Resource Group with a US-based location
  3. Create another Resource Group with an EU-based location

Architecture B (dual tenant):

  1. Create an Azure tenant in the US region with a US-based RG
  2. Create an entirely separate Azure tenant in an EU region with a EU-based RG

Would the dual-tenant structure above make any measurable difference one way or the other from the single-tenant (assuming all vNetwork, VMs, etc are identical)? I am thinking the single-tenant setup would be faster since (presumably) the traffic never leaves the Azure Service Fabric. But that's just speculation.

1
azurenetworkingcloudmulti-tenantglobalization
You can take a look at this link. Not sure AAD data and Azure Service data in the same data center of the same region. But I think you are right.Charles Xu

1 Answers

0
votes

Here is what I got back from a colleague. She is (obviously) far more versed in Azure IaaS than I am. Answer #3 below indicates that the closest analog to the client MPLS connection is via VPN/ER. Not really worth the cost but still good to know.

  1. Can a single subscription be used to provision US and European region located resources? Yes
  2. Can resources in US and European located regions be managed from a US based portal? Yes
  3. When allowing resources in US and European located regions communicate with one another what are our options? A couple primary ways...
    • Intra-regional (tenant to tenant:region to region) Communications can be provisioned to travel across the Microsoft Azure backbone. It never hits the open Internet.
    • VPN or Express Route: Travels either the open internet or a private in TLS like route from one region to another. However express route, the mpls like option, does require advanced routing (BGP) and dedicated circuits at I other point from different connectivity providers. Also, expensive.