Skip to article
Databases High availability

Geo-replication

Geo-replication is a database disaster recovery pattern where data from a primary database is replicated to one or more secondary databases in other regions. Teams use it to keep a recoverable copy of important data, support read-locality scenarios, and prepare for manual or application-driven failover during a regional outage. In daily Azure work, it shows up when engineers configure Azure SQL active geo-replication, review failover plans, test secondary connectivity, compare it with failover groups, or investigate replication lag.

Source: Microsoft Learn - Active geo-replication - Azure SQL Database Reviewed 2026-05-14

Exam trap
Treating Geo-replication as a simple label instead of checking live scope, owner, dependencies, and current configuration.
Production check
Verify the intended scope, owner tags, enabled state, identity, diagnostics, and linked resources before changing Geo-replication.
Article details and learning context
Aliases
active geo-replication, database geo-replication, regional database replication
Difficulty
intermediate
CLI mappings
4
Last verified
2026-05-14
Learning paths Graph Database operations chain Geo-replication

Understand the concept

Why it matters

Geo-replication matters because it turns architecture intent into runtime behavior. When teams misunderstand it, they may change the wrong scope, grant access too broadly, overpay for protection, miss recovery requirements, or chase an application bug that is really platform configuration. For this term, that means the replication relationship determines which database can take over, what data might be behind, which clients can connect after failover, and whether recovery evidence matches the business RTO and RPO. It affects security, reliability, operations, cost, and performance because one choice can change how users, identities, traffic, data, deployments, or recovery plans behave under real pressure.

Official wording and source

Geo-replication is a database disaster recovery pattern where data from a primary database is replicated to one or more secondary databases in other regions. Microsoft Learn places it in Active geo-replication - Azure SQL Database; operators confirm scope, configuration, dependencies, and production impact.

Open Microsoft Learn

Technical context

Technically, Geo-replication is configured or observed through primary databases, secondary databases, replication links, failover operations, service tiers, firewall rules, private endpoints, identities, connection strings, and monitoring signals. Important settings include primary server, secondary server, database name, replication state, role, failover policy, private endpoint routing, authentication model, service tier, and diagnostic logs. Operators inspect it with az sql db replica list output, portal replication links, SQL metrics, failover history, error logs, Activity Log entries, and connection tests from application hosts. The useful evidence is current configuration plus logs or metrics that prove the setting behaves as intended.

Exam context

Compare with

Where it is used

Where you see it

  1. Database blade shows replication links, primary and secondary roles, partner region, replication state, and failover options used during disaster recovery review. during review. during review.
  2. Runbooks reference replica creation, failover testing, connection-string updates, firewall checks, identity validation, and evidence collection before declaring a regional database incident. during review. during review.
  3. Monitoring dashboards track replication lag, database availability, CPU, DTU or vCore pressure, connection failures, and secondary read workload during planned exercises. during review. during review.

Common situations

  • Plan, review, or operate Geo-replication in a production Azure workload with clear owner and rollback evidence.
  • Troubleshoot Geo-replication by comparing live configuration, logs, metrics, identity, networking, and downstream dependencies.
  • Standardize Geo-replication across environments so security, reliability, cost, and performance decisions are visible to operators.

Illustrative Azure scenarios

These examples show how the concept can affect design and operations. They are illustrative scenarios, not customer claims.

Scenario 01 Geo-replication in action for banking recovery database Scenario, objectives, solution, measured impact, and takeaway.
Scenario

Fourth Coffee Bank used Azure SQL Database for loan applications and needed a regional recovery option with measurable RTO targets.

Goals
  • Create a recoverable secondary database
  • Keep authentication consistent after failover
  • Test recovery within a two-hour target
  • Document evidence for operational risk review
Approach using Geo-replication

The database team configured geo-replication from the primary Azure SQL database to a secondary server in another region. They aligned firewall rules, Microsoft Entra authentication, diagnostic settings, and service tier before creating the replica. Application configuration was updated to support a controlled failover process, and support engineers rehearsed promoting the secondary database in a scheduled DR test. Replication state and connection tests were saved as change evidence. Architects kept the rollout evidence close to the change record: current configuration, expected behavior, approval owner, rollback trigger, and the monitoring signals needed during the first production window. Support engineers received a short operating note that explained what to check first, what not to change during triage, and when to escalate to the platform owner.

Potential outcomes
  • DR testing completed in 74 minutes
  • Authentication failures during failover dropped to zero
  • Risk review accepted CLI and metric evidence
  • Loan intake recovered without restoring from backup
What to learn

Geo-replication gives database teams a practical recovery path when failover mechanics, identity, and connectivity are tested together.

Scenario 02 Geo-replication in action for manufacturing read-locality Scenario, objectives, solution, measured impact, and takeaway.
Scenario

Proseware Manufacturing had European analysts reading production quality data from a US database, causing slow reports and support complaints.

Goals
  • Reduce report latency for regional analysts
  • Keep primary writes in one controlled region
  • Protect data with a secondary database
  • Avoid creating separate reporting exports
Approach using Geo-replication

Engineers created an Azure SQL geo-replica in West Europe and routed approved read-only analytics connections to the secondary database. Write operations stayed on the primary database, and the team monitored replication lag before promoting the design. Firewall rules and private endpoints were configured for the analytics network only. The runbook explained that the replica could support read locality, but failover still required approval and application validation. The implementation avoided broad changes by separating read-only discovery, lower-environment validation, production approval, and post-change monitoring into separate runbook steps. Security, reliability, cost, and performance reviewers used the same evidence package, so no team had to infer risk from an isolated deployment result. The rollback plan named the previous setting, expected recovery time, responsible owner, and the logs that would prove the service had returned to normal behavior.

Potential outcomes
  • Median report latency fell by 38 percent
  • Primary write workload remained stable
  • Analyst access stayed read-only through database roles
  • Replication lag alerts prevented stale report assumptions
What to learn

Geo-replication can improve regional read experience, but teams must separate read-locality benefits from disaster recovery promises.

Scenario 03 Geo-replication in action for saas tenant failover Scenario, objectives, solution, measured impact, and takeaway.
Scenario

AdventureWorks SaaS hosted tenant configuration in Azure SQL and wanted a cleaner response to regional outages.

Goals
  • Reduce manual database recovery work
  • Preserve tenant configuration data
  • Create a tested failover checklist
  • Limit who can promote replicas
Approach using Geo-replication

The platform team created geo-replicas for the tenant configuration database and restricted failover permissions to a small operations group. They stored replica status, service tier, private endpoint, firewall, and role evidence in the release record. A feature flag controlled application connection redirection after the secondary database was promoted. During game days, the team practiced failover and failback communication without changing unrelated workload settings. Operations staff added dashboard links, saved CLI output, dependency notes, and ownership tags so the next incident review would start with facts instead of assumptions. The design was promoted gradually, with success criteria tied to customer-visible behavior, platform metrics, and service-health checks from the same time window. After release, the team retired stale exceptions and updated training notes so future projects used the same pattern without copying old risky configuration.

Potential outcomes
  • Manual recovery steps decreased by 50 percent
  • Failover authority was limited to approved operators
  • Game-day recovery met the customer support target
  • Tenant configuration remained available after promotion
What to learn

Geo-replication works best when the database link is paired with application routing and privileged-operation controls.

Azure CLI

CLI checks make Geo-replication review repeatable because they capture scoped evidence for the current target before anyone changes production. Use read-only commands first to confirm subscription, resource group, identity, region, and dependency state. Mutating commands should run only after approval, rollback, cost impact, and customer impact are understood.

Useful for

  • Show current replication links and roles before approving a planned failover or disaster recovery exercise.
  • Create or remove replicas only after validating service tier, networking, authentication, and application reconnect requirements.
  • Collect replication state, metrics, and failover evidence during incidents so operators do not guess which database is authoritative.

Before you run a command

  • Confirm tenant, subscription, resource group, application, account, database, or factory scope before trusting command output.
  • Run list and show commands first, then save evidence before create, update, failover, deploy, delete, or permission changes.
  • Check whether the command affects customer traffic, credentials, data access, regional recovery, billing, compliance evidence, or production routing.

What the output tells you

  • Names, resource IDs, locations, SKUs, enabled states, and parent relationships show whether you are inspecting the intended target.
  • Settings, identities, regions, roles, endpoints, parameters, or deployment properties explain how the workload behaves today.
  • Timestamps, metrics, health state, run logs, and deployment history help separate Azure configuration issues from application failures.

Mapped commands

Geo-replication operational checks

direct
az sql db replica list --name <database> --server <server> --resource-group <resource-group>
az sql db replicadiscoverDatabases
az sql db replica create --name <database> --server <primary-server> --resource-group <resource-group> --partner-server <secondary-server> --partner-resource-group <secondary-resource-group>
az sql db replicaprovisionDatabases
az sql db replica set-primary --name <database> --server <secondary-server> --resource-group <secondary-resource-group>
az sql db replicaoperateDatabases
az sql db replica delete-link --name <database> --server <server> --resource-group <resource-group> --partner-server <partner-server>
az sql db replicaremoveDatabases

Architecture context

Technically, Geo-replication is configured or observed through primary databases, secondary databases, replication links, failover operations, service tiers, firewall rules, private endpoints, identities, connection strings, and monitoring signals. Important settings include primary server, secondary server, database name, replication state, role, failover policy, private endpoint routing, authentication model, service tier, and diagnostic logs. Operators inspect it with az sql db replica list output, portal replication links, SQL metrics, failover history, error logs, Activity Log entries, and connection tests from application hosts. The useful evidence is current configuration plus logs or metrics that prove the setting behaves as intended.

Security
Security for Geo-replication starts with server-level identities, SQL roles, Microsoft Entra authentication, firewall rules, private endpoints, transparent data encryption, key management, diagnostic access, and least-privilege failover operators. Review who can create, update, delete, execute, read logs, approve dependencies, and manage credentials or identities. Prefer Microsoft Entra ID, managed identity, private networking, least privilege, customer-managed keys, and audited automation where the service supports them. Keep secrets out of code and avoid broad public exposure unless there is a documented exception. Capture role assignments, diagnostic settings, policy decisions, Activity Log entries, and owner approvals so access and data handling are intentional and reviewable.
Cost
Cost for Geo-replication is driven by secondary database compute, storage, backup retention, cross-region networking, higher service tiers, monitoring volume, test windows, and unused replicas left after migrations. The expensive mistake is not only Azure consumption; it can also be duplicate experiments, emergency support, overprovisioned capacity, unnecessary data transfer, or cleanup after weak design evidence. Review whether the workload truly needs the selected tier, retention, diagnostics, network path, scale rule, replication model, storage redundancy, or automation pattern. Use tags, budgets, alerts, and cleanup reviews so teams can explain why the design exists and remove stale resources safely. Review owner, scope, evidence, dependencies, and rollback before production change.
Reliability
Reliability for Geo-replication depends on replication health, secondary region readiness, failover procedure, connection-string updates, DNS or app configuration, service-tier compatibility, recovery objectives, and regular DR exercises. A resource can be present and still fail the business workflow if routing, identity, quota, storage, code, failover order, scale, or downstream health is wrong. Test failure modes, retries, deployment behavior, disabled states, rollback steps, and maintenance windows before relying on the design. During incidents, compare platform metrics, logs, deployment history, and application traces from the same time window before changing production. The goal is a recoverable configuration support teams can verify quickly. Review owner, scope, evidence, dependencies, and rollback before production change.
Performance
Performance for Geo-replication depends on replication lag, secondary read workload, primary write rate, service tier, region distance, client routing, query patterns, connection pooling, and failover reconnection behavior. Measure platform metrics and application-side completion times because a fast control-plane response does not prove users received the right result. Test with realistic regions, data sizes, concurrency, authentication paths, route choices, cache state, and downstream limits. When performance regresses, compare configuration changes, resource limits, client logs, diagnostic data, and workload timing before adding capacity or blaming one service. Tune with evidence from the exact environment and traffic pattern. Review owner, scope, evidence, dependencies, and rollback before production change.
Operations
Operations for Geo-replication require replica inventories, failover drills, replication-state monitoring, owner approvals, connection test scripts, firewall reviews, role assignments, and runbooks for planned and unplanned failover. Before a change, capture read-only CLI output, portal evidence when useful, owner tags, expected behavior, and rollback steps. During incidents, avoid changing several settings at once; compare metrics, logs, deployment operations, identity evidence, network state, and downstream health first. Keep runbooks clear enough for support teams to verify current behavior quickly. Good operations make the term observable, reviewable, and recoverable during releases, audits, and incidents. Review owner, scope, evidence, dependencies, and rollback before production change.

Common mistakes

  • Treating Geo-replication as a simple label instead of checking live scope, owner, dependencies, and current configuration.
  • Running a mutating command for Geo-replication in the wrong subscription, resource group, tenant, region, or application context.
  • Assuming successful deployment proves Geo-replication works without checking logs, metrics, user behavior, recovery evidence, and rollback steps.