The following is an excerpt from Office 365 For IT Pros written by a group of experienced MVPs led by industry expert Tony Redmond. It is a comprehensive (+1,000 page) must have eBook for any Office 365 admin and the only guide constantly refreshed to remain current with Microsoft’s stream of updates. The eBook is available in EPUB, PDF, and Kindle versions.
Office 365 for IT Pros can be bought online for an annual subscription of $49.95. AvePoint is currently raffling off 5 annual subscriptions to new blog subscribers. Winners will be notified in March 2019.
This is the first post in our Unpacking Office 365 series. You can find the other posts in the series below:
- How To Navigate Constant Updates Like a Pro
- How to Expose Your End Users to New Features
- Which License Model is Right for You?
Office 365 tenants share a single large logical infrastructure composed of hundreds of thousands of servers spread across multiple Microsoft data centers. Figure 1-1 shows the Office 365 data center deployment in early 2018. By its very nature, this overview is incomplete as it does not show some of the infrastructure that is under development.
In addition, it does not convey the deep investment made to create “edge” network termination points set up by Microsoft to bring user traffic quickly into Office 365 from all around the world or the internal network that transports Office 365 tenant data between the data centers.
Microsoft organizes the Office 365 data centers into fourteen regions. The data center region selected to host the data for new tenants is based on the country (location) selected by the tenant. Since the launch of Office 365 in 2011, Microsoft has gradually built out the Office 365 data center infrastructure with the intention of keeping data as local as possible (“in-geo data residency”) to accommodate customer choice and satisfy local regulations.
Where Office 365 once concentrated service delivery from larger data center regions such as Western Europe (with data centers in Ireland, Finland, Austria, and the Netherlands), localized service is now available in individual countries like France, Germany, and the U.K. The same is true in Asia-Pacific, where Office 365 services come from data centers in Japan, South Korea, Singapore, Australia, and China.
Apart from the ability to serve large customer populations, natural and economic advantages such as ambient temperature (to reduce the need for cooling) or availability of cheap hydro power influence data center placement. Obviously, security is of prime concern and Microsoft pays great attention to the physical security of the buildings (you will not find large signs proclaiming Office 365 or Microsoft anywhere) as well as cybersecurity for the data contained within the buildings.
Because the Office 365 infrastructure is constantly growing and expanding, the live location for tenant data also changes. In addition, Microsoft moves data to rebalance load on the servers in multiple data centers (within the same region) and to make more effective use of available resources. Even though the underlying infrastructure is changing all the time, users can continue to work and access their information from anywhere around the world.
The Microsoft Cloud spans well over 100 data centers in 54 regions to deliver service in 140 countries, but every data center does not host Office 365. After a new data center comes online, a sophisticated migration process kicks in to move tenants from other datacenters to the new location.
The same is true when Microsoft creates a new Office 365 region. For instance, after the United Kingdom datacenters came online, some tenants asked to move their work to those datacenters to keep their data remained “in country;” the same happened in France or when Australian and New Zealand tenants moved to the Australian data centers.
This work happens behind the scenes (just like regular mailbox moves) so that the eventual switchover is fast and painless. Microsoft has a documented process to help tenants with specific data residency requirements to ask Microsoft to move their core data to a new region after it comes online.
In addition to the Office 365 applications, Microsoft has migrated over 400 million Outlook users of the consumer email service from the legacy Hotmail.com infrastructure service to run within Office 365. Outlook mailboxes now use Exchange Online (the sole difference is the feature set exposed to users).
These mailboxes run on the same server, storage, and network infrastructure as Exchange Online to take advantage of features like Native Data Protection and Exchange Online Protection, and the same client set is available for both services. Although the same engineering teams are also available for both services, the functionality in Outlook is much less comprehensive than that available to even the entry-level Exchange Online plan.
However, the two services share some features (like the method to connect the Outlook mobile clients) and Microsoft introduces some functionality into one service before they decide to do the same for the other. For example, “Sweep” rules first appeared in Outlook and are now available in OWA, while the calendar and calendar sharing features now available in Outlook originated in Exchange Online. Taken together, the infrastructure shared by Exchange Online and Outlook delivers email service to over 600 million mailboxes.
Although Office 365 is invariability hosted alongside Azure, Microsoft does not host other commercial work in the Office 365 data centers. The Office 365 data centers listed in Table 1-1 are those that offer core services (Exchange, SharePoint) in the current set of data center regions. Other services in the Office 365 suite, like Skype for Business and Project Online, might also run in these datacenters, but the picture is less clear for applications like Planner, Teams, Sway, and Yammer.
In some cases, other datacenters within the region deliver specific services, as in North America where the Sway and Planner services run from datacenters in California and Virginia. In others, some services or backup for services come from other regions. However, the situation changes over time and if you are concerned about data sovereignty, you should check with Microsoft to understand exactly where your data are for all applicable applications. Azure Active Directory is another service that can come from another region. For instance, the U.K. region uses Azure Active Directory running in EMEA datacenters.
|Office 365 Region||Data Center Locations||Home region for tenants in|
|Europe (EMEA)||Dublin (Ireland), Amsterdam (The Netherlands), Vienna (Austria) and Helsinki (Finland).||Europe, Middle East, and Africa (except the UK, France, and Germany)|
|United Kingdom||London, Cardiff, and Durham||United Kingdom|
|Germany (in partnership with T Systems International)||Frankfurt am Main and Magdeburg||Germany|
|France||Paris and Marseille||France|
|North America||Quincy (Washington), Chicago (Illinois), Des Moines (Iowa), Cheyenne (Wyoming), Blue Ridge (Virginia), San Antonio (Texas), San Jose (California)||North America (except Canada)|
|Latin America||Campinas, Sao Paolo, Rio de Janeiro, Fortaleza (all in Brazil), Santiago (Chile)||Latin America|
|Asia Pacific||Hong Kong, Singapore, South Korea, and Malaysia||Asia Pacific except China, Japan, South Korea, Australia, New Zealand, Fiji, and India|
|Australia||New South Wales and Victoria||Australia, New Zealand, and Fiji|
|India||Mumbai, Pune, and Chennai||India|
|Japan||Saitama, Tokyo, and Osaka||Japan|
|South Korea||Seoul and Busan||South Korea|
|China (operated by 21Vianet)||Shanghai, Beijing, and Hong Kong||China|
|Canada||Quebec City and Toronto||Canada|
|U.S. Government||Des Moines (Iowa) and Boydton (Virginia)||U.S. Government and state agencies|
Table 1-1: Office 365 data center regions
Microsoft plans to introduce Office 365 data centers in South Africa (Johannesburg and Cape Town), Switzerland, the United Arab Emirates (Dubai and Abu Dhabi), and Norway, with services beginning over the 2018-19 period. They have also announced plans to replace the dedicated German sovereign data center region with a new data center region based in Berlin and Frankfurt to offer Office 365 services in 2020.
Creation of a new data center region normally means that Microsoft can offer customers the basic Office 365 workloads (Exchange Online and SharePoint Online) from the data centers. It can take some time before the full suite of capabilities is available, including applications (like Teams or Microsoft Planner) and utilities (like the Office 365 Import Service). You can find more information about the current Office 365 data centers online.
Workloads Running Within Data Center Regions
Microsoft distributes work across the multiple data centers within a region to protect data against failure. For instance, the active-active design for Exchange Online Database Availability Groups (DAGs) means that mailbox database copies exist in at least two data centers within a region. In addition, as Microsoft adds data centers to a region, the opportunity exists to spread database copies to those data centers.
For example, new DAGs built for use by Exchange Online in the Western Europe region might include databases spread across the Amsterdam, Dublin, Helsinki, and Vienna data centers. Spreading data across so many data centers reduces the risk that any individual outage will affect a sizeable number of users. It is something that the average on-premises administrator could never contemplate because of the investment needed to build out the underlying data centers and network.
One way to understand which data center region supports tenant data is to access the Organization Profile through the Office 365 Admin Center. Go to the Data Location section and you will see the region for some, but not all, of the workloads used by the tenant (Figure 1-2).
Although Azure Active Directory holds most of the information for tenant accounts and configurations in the same data center region as a tenant’s Office 365 data, an exception exists in that Microsoft stores five user-related attributes (including the User Principal Name and password hash) for tenant accounts in the U.S. This is to make sure that authentication can happen as quickly as possible no matter where in the world a user is located. For more information on this topic, see Microsoft’s support article on the situation for European customers.
Want to learn more? Check out Tony’s website where he covers the most important aspects of Office 365 for IT pros.
Want more great Office 365 content? Be sure to subscribe to our blog!