Guidance and Considerations for Azure NetApp Files Replication (Cross Zone & Cross Region) when using Terraform

Recently I have been looking to learn more about replication options when using Terraform with Azure NetApp Files. This is a service I use regularly with customers and environments that I work with – so a detailed understanding is key to successful engagement, deployments, and projects. Azure NetApp Files is a hugely popular service, particularly with Azure Virtual Desktop and Citrix Environments, and when combined with the power of IAC and Terraform for deployment, makes a great choice for Application, Profile, and Data storage.

You may be aware that recently the Cross Zone replication feature of Azure NetApp Files went Generally Available. My good friend and fellow Azure MVP Anthony Mashford has written up a great post about this feature – you can read that here: https://www.azuretechlab.com/2024-07-31-anf-czr-ga/.

In this post I will explore some of the replication options for Azure NetApp Files and how these can be configured and managed using Terraform, along with some considerations too. Note – this post aims to provide a quick overview of how Cross Region and Cross Zone can be configured, along with guidance, it is not exhaustive – please consult relevant documentation!


What replication options are there?

It is important here to consider that data replication is a subset of the data protection options within Azure NetApp Files, and protection is covered additionally using backups and snapshots. I will only be covering replication in this post, but you can read more about all options here: https://learn.microsoft.com/en-us/azure/azure-netapp-files/data-protection-disaster-recovery-options

From a replication perspective, we have two options:

  • Cross Region Replication – this replicates a source volume from a source Azure Region to a destination volume in another Azure Region.
  • Cross Zone Replication – this replicates a source volume from a source Azure Zone (in a Region that supports Availability Zones) to a destination volume in another Zone.

Need to explore Regions and options – check out the awesome Azure Global Infrastructure Experience here: https://datacenters.microsoft.com/globe/explore/


How do we configure replication?

Within Terraform, the replication is configured inside the azurerm_netapp_volume resource. For more details on that Resource specifically, see here: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/netapp_volume

Specifically, inside our azurerm_netapp_volume block, we can configure this replication – but need to specify the source when creating this type of volume in Terraform, using the data_protection_replication block. (So you’d use the data_protection_replication block in the destination volume).

Note – during testing for this I was able to successfully test Cross Region replication, but did encounter some errors when using Cross Zone. I concluded this is most likely as this is only just GA. I’ll be monitoring the Releases of the AzureRM Provider and will update this article if anything changes.


4 Key Considerations

In this section I wanted to outline a few key considerations when working with Azure NetApp Files replication, and also in some cases, specifically Terraform. There a few important aspects to be considered that I feel are worth a mention:

  • Lifecycle – Using the lifecycle attribute (prevent_destroy) is something that should be added to your configuration to ensure that if there are any changes that require destruction of the ANF Volume, this is prevented before any damage/data loss occurs.
# prevent the possibility of accidental data loss
lifecycle {
  prevent_destroy = true
}

You can read more about this here: https://developer.hashicorp.com/terraform/tutorials/state/resource-lifecycle#prevent-resource-deletion

  • The State File (as always!) – As always, with any deployment using Terraform, consideration must be given to where, and how the State file will be stored and protected. It is critical where Terraform is being used to provision data shares, volumes, and similar, that the State File is also protected. I’ve written quite a bit around Backup, DR, Continuity and similar with using Terraform. You can read more about this here: https://jakewalsh.co.uk/exploring-backups-dr-and-continuity-in-an-azure-terraform-world/.
  • Active Directory and SMB – Whenever SMB is used, Active Directory needs to also be considered. This consideration also needs to account for any replicated volumes – be it cross region or cross zone. When failover occurs, if the Active Directory Connection is unavailable, then access to the share will be impacted. In many cases, this can be mitigated by provisioning Active Directory Domain Controllers within Regions and Zones as required. Further guidance is available on the planning for Active Directory with Azure NetApp Files here: https://learn.microsoft.com/en-us/azure/azure-netapp-files/understand-guidelines-active-directory-domain-service-site
  • Testing Failover – Finally, it is worth noting that testing failover is not something that can be achieved in Terraform. Terraform can only create the infrastructure components – you will need to use another method (Portal, CLI, PowerShell etc.) to complete any required failover testing.

Further Reading

Until next time, thanks for reading!

Skip to content