Skip to main content

Multi-Region Resiliency & BCDR for Monitoring Infrastructure

Document Type: Decision Guide & BCDR Reference
Version: 1.0
Last Updated: April 2026
Audience: Platform Architects, Cloud Operations, Leadership

๐Ÿ“š Quick NavigationREADMEArchitectureOperations RunbookAdvanced TopicsPlatform ScenariosBCDR

1. Context & Decision Scopeโ€‹

The customer has been asked to evaluate a Single Log Analytics Workspace (LAW) collecting logs from all regions at the platform level versus a Per-Region LAW model. This document provides a structured comparison with BCDR implications for the following regional topology:

RegionPair TypePaired WithLAW Replication Supported
West EuropeFixed pairNorth Europeโœ… Yes (same Europe group)
Germany West CentralFixed pairGermany Northโœ… Yes (same Europe group)
Germany West CentralNon-pairedSweden Centralโœ… Yes (same Europe group)

Key Fact: Azure LAW Workspace Replication supports any target within the same region group โ€” not limited to fixed pairs. The full Europe group includes: France Central, Germany West Central, North Europe, South UK, West Europe, West UK, and others.

2. Single LAW vs Per-Region LAW โ€” Architecture Comparisonโ€‹

2.1 Architecture Overviewโ€‹

2.2 Head-to-Head Comparisonโ€‹

CriteriaSingle Central LAWPer-Region LAWWinner
Operational simplicityOne workspace, one pane of glassMultiple workspaces to manageSingle
Cross-region queryNative (all data in one place)Requires workspace() cross-queriesSingle
Data sovereignty / residencyโš ๏ธ All data flows to one regionโœ… Data stays in region of originPer-Region
Blast radius๐Ÿ”ด Single point of failure โ€” total loss of visibility๐ŸŸข Failure isolated to one regionPer-Region
Ingestion latencyHigher for remote regions (network hop)Lower (local ingestion)Per-Region
Egress costsCross-region egress charges applyMinimal (local ingestion)Per-Region
Replication costPay once for one workspacePay per workspace replicatedSingle
RBAC granularityResource-context RBAC requiredNatural workspace-level isolationPer-Region
Regulatory complianceMay violate German data residency requirementsโœ… Compliant by defaultPer-Region
Sentinel integrationOne Sentinel instanceMultiple Sentinel instances or cross-workspaceSingle
Alert rule managementCentralizedPer-region alert rules neededSingle
Scalability (ingestion)Risk of hitting single LAW limitsDistributed loadPer-Region

2.3 Recommendation Summaryโ€‹

Use CaseRecommended Model
No data residency requirements, small footprint (<50 GB/day total)Single LAW
German data residency (BDSG/GDPR strict), multi-region productionPer-Region LAW
Compliance-driven (financial, healthcare)Per-Region LAW
Enterprise with 400+ landing zones across EUPer-Region LAW with cross-workspace queries

3. BCDR: Failover Scenarios by Regionโ€‹

3.1 Azure LAW Resilience Layersโ€‹

LayerProtection ScopeCostActivationRTO
Availability ZonesDatacenter failure within regionFreeAutomatic~0 min
Workspace ReplicationFull regional outagePaid (per replicated GB)Manual switchover15โ€“30 min
Continuous Data ExportData backup (no service failover)Export + Storage costsManual restore1โ€“4 hours

โš ๏ธ Critical: Azure does NOT provide automatic geo-failover for LAW. Workspace Replication requires a manual az monitor log-analytics workspace failover command.

3.2 Failover Matrix โ€” Three Regional Scenariosโ€‹

Scenario A: West Europe โ†’ North Europe (Fixed Pair)โ€‹

AttributeValue
PrimaryWest Europe
SecondaryNorth Europe
Pair typeFixed Azure region pair
Replicationโœ… Supported natively
RTO15โ€“30 min (DNS propagation + manual trigger)
RPO~0 (continuous replication from enablement)
Switchoveraz monitor log-analytics workspace failover --location northeurope
Switchbackaz monitor log-analytics workspace failback
Data residencyBoth in EU geography โœ…

Scenario B: Germany West Central โ†’ Germany North (Fixed Pair)โ€‹

AttributeValue
PrimaryGermany West Central
SecondaryGermany North
Pair typeFixed Azure region pair
Replicationโœ… Supported natively
RTO15โ€“30 min
RPO~0 (continuous replication)
Switchoveraz monitor log-analytics workspace failover --location germanynorth
Switchbackaz monitor log-analytics workspace failback
Data residencyBoth in German geography โœ… โ€” satisfies BDSG

Scenario C: Germany West Central โ†’ Sweden Central (Non-Paired)โ€‹

AttributeValue
PrimaryGermany West Central
SecondarySweden Central
Pair typeNon-paired (but same Europe region group)
Replicationโœ… Supported โ€” LAW replication works within region groups, not limited to pairs
RTO15โ€“30 min
RPO~0 (continuous replication)
Switchoveraz monitor log-analytics workspace failover --location swedencentral
Switchbackaz monitor log-analytics workspace failback
Data residencyโš ๏ธ Data leaves German geography โ†’ review legal/compliance requirements

3.3 Failover Flow โ€” Step by Stepโ€‹

3.4 Key Operational Facts for Failoverโ€‹

ItemDetail
TriggerManual only โ€” no auto-failover
DNS propagationMinutes, but some clients with sticky connections take longer
Pre-requisiteReplication must be enabled โ‰ฅ7 days before switchover (data build-up)
Logs before enablementNOT replicated โ€” only new logs post-enablement are copied
Alert rulesNOT auto-replicated โ€” must be manually exported/imported to secondary region
Private LinksNOT supported during failover
VM Insights / Container InsightsNOT supported during failover
Sentinel WatchlistsUp to 12 days to fully replicate
Workspace management opsBlocked during switchover (retention, pricing tier, schema changes)

4. SLA, RTO, RPO Matrixโ€‹

4.1 Azure Monitor & LAW SLA Referenceโ€‹

ComponentMicrosoft SLANotes
Azure Monitor Logs ingestion99.9%Per-region SLA
Azure Monitor Metrics99.9%Platform metrics
Log Analytics query availability99.9%Does not cover regional outage
Workspace ReplicationNo additional SLAFeature enhances resilience but is not a separate SLA commitment
Availability Zones99.99% (with AZ)Free, automatic in supported regions

4.2 RTO/RPO by DR Strategyโ€‹

StrategyRPORTOAnnual Cost ImpactBest For
AZ only (no replication)00 (auto)FreeDatacenter-level failure
Workspace Replication (fixed pair)~015โ€“30 min~1ร— ingestion cost for replicationRegional outage, compliance
Workspace Replication (non-paired)~015โ€“30 min~1ร— ingestion costRegional outage, flexibility
Dual DCR ingestion0~0 (both active)2ร— full ingestion costMaximum resilience, budget available
Continuous Export to GRS Storage5โ€“15 min1โ€“4 hoursExport + Storage costsCost-optimized backup

4.3 Business Impact Mappingโ€‹

Outage DurationImpact Without DRImpact With Workspace Replication
< 15 minMinor โ€” buffered by AMA agent retryNot triggered (within AZ tolerance)
15 min โ€“ 1 hourAlert blindness, no new dataSwitchover triggered, visibility restored in ~15 min
1 โ€“ 4 hoursโš ๏ธ SLA breach risk, no incident correlationFull operations on secondary
4+ hours๐Ÿ”ด Critical gap in audit trail, compliance exposureFull operations on secondary

5. Cost Analysisโ€‹

5.1 Cost Model โ€” Single LAW vs Per-Region LAWโ€‹

Assumption: 100 GB/day total ingestion (60 GB West Europe, 40 GB Germany West Central), Pay-As-You-Go pricing, 90-day retention.

Cost ComponentSingle LAWPer-Region LAW (2 workspaces)
Ingestion (100 GB/day ร— ~โ‚ฌ2.76/GB)~โ‚ฌ276/day~โ‚ฌ276/day (same total volume)
Cross-region egress~โ‚ฌ0.02/GB ร— 40 GB = โ‚ฌ0.80/dayโ‚ฌ0/day
Workspace Replication1 workspace ร— 100 GB = ~โ‚ฌ276/day2 workspaces ร— (60+40) GB = ~โ‚ฌ276/day
Retention (90d included)IncludedIncluded
Total (without replication)~โ‚ฌ277/day~โ‚ฌ276/day
Total (with replication)~โ‚ฌ553/day~โ‚ฌ552/day

Note: Costs are illustrative. Commitment Tiers (100 GB/day, 200 GB/day, etc.) reduce per-GB cost significantly. Check the Azure Monitor pricing page for current rates.

5.2 Cost Optimization Tacticsโ€‹

TacticSavings PotentialEffort
Commitment Tier (100/200/300 GB/day)20โ€“35% off ingestionLow
DCR transformations โ€” filter noisy logs before ingestion15โ€“40%Medium
Basic Logs plan for verbose/debug tables~67% on applicable tablesLow
Replicate only critical tables via selective DCR-to-DCE association30โ€“60% on replication costMedium
Archive tier for data >90 days~90% vs interactive retentionLow

6. Decision Framework โ€” Quick Referenceโ€‹

Which model should you choose?โ€‹

START
  โ”‚
  โ”œโ”€ Is German data residency required (BDSG/EU strict)?
  โ”‚    โ”œโ”€ YES โ†’ Per-Region LAW โœ…
  โ”‚    โ””โ”€ NO โ”€โ”€โ”
  โ”‚            โ”‚
  โ”‚   โ”œโ”€ Total ingestion > 200 GB/day across regions?
  โ”‚   โ”‚    โ”œโ”€ YES โ†’ Per-Region LAW โœ… (distributed load)
  โ”‚   โ”‚    โ””โ”€ NO โ”€โ”€โ”
  โ”‚   โ”‚            โ”‚
  โ”‚   โ”‚   โ”œโ”€ Need blast radius isolation?
  โ”‚   โ”‚   โ”‚    โ”œโ”€ YES โ†’ Per-Region LAW โœ…
  โ”‚   โ”‚   โ”‚    โ””โ”€ NO โ†’ Single LAW โœ… (simplicity)

Final Architecture Recommendation for This Customerโ€‹

Given the customer's use of West Europe + Germany West Central with data residency considerations:

DecisionRecommendation
LAW ModelPer-Region LAW โ€” one per primary region
ReplicationEnable Workspace Replication on each LAW
West Europe LAWReplicate to North Europe (fixed pair)
Germany West Central LAWReplicate to Germany North (fixed pair, stays in German geography)
Cross-workspace visibilityUse workspace() function in KQL and Azure Workbooks
AlertingDeploy AMBA per region + manually replicate critical alert rules to secondary
SentinelSingle Sentinel instance with cross-workspace connectors if needed

7. Microsoft Official Referencesโ€‹

TopicURL
LAW Workspace Replicationhttps://learn.microsoft.com/azure/azure-monitor/logs/workspace-replication
Azure Region Pairshttps://learn.microsoft.com/azure/reliability/cross-region-replication-azure
LAW Best Practiceshttps://learn.microsoft.com/azure/azure-monitor/logs/best-practices-logs
Azure Monitor Reliabilityhttps://learn.microsoft.com/azure/azure-monitor/best-practices-reliability
Workspace Designhttps://learn.microsoft.com/azure/azure-monitor/logs/workspace-design
Azure Monitor Pricinghttps://azure.microsoft.com/pricing/details/monitor/
LAW SLAhttps://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services

Related UMS Documents: This guide extends 03-Advanced Topics ยง Disaster Recovery with customer-specific multi-region scenarios.

๐Ÿ“–Learn