Office 365 Multi-Geo Solves Data Sovereignty but not Network Problems

IgniteHero 1

Microsoft announced multi-geo capabilities for Office 365 tenants at Ignite. More details have emerged over the last few days in conference sessions. In addition, we have had some time to digest the information and reflect on some issues that people need to understand about this new capability. Here’s a summary of the issues discussed at Ignite.

Multi-Geo Tenants

Microsoft has been running a pilot of multi-geo Office 365 tenants for a few months and are approaching the point when they will make this feature generally available in early 2018.

Multi-geo means that a tenant spans multiple Office 365 datacenter regions. When a tenant is first created, it exists within a home datacenter region. Generally, tenants and their core data (Exchange and SharePoint) stay in that datacenter region unless Microsoft offers the chance to relocate, which really only happens when they introduce a new datacenter region, what happened when the U.K. datacenter region commenced operations in October 2016.

Multi-geo is a way of making sure that user data resides in a specific Office 365 datacenter region even if the tenant’s home region is different. The usual reason why this happens is to satisfy a data sovereignty requirement, which is the reason why Novartis (a trial customer cited by Microsoft) embraced multi-geo.

For example, your tenant might be homed in the U.S., but you have some users based in the U.K. In this case, you could configure your tenant to be multi-geo and Microsoft will move the data belonging to accounts that you mark (in Azure AD) to the secondary region. Figure 1 shows the Office 365 datacenter regions participating in the program.

Office 365 Multi-Geo
Figure 1: Office 365 datacenter regions and services for multi-geo (image credit: Microsoft)

It is worth noting that multi-geo is due to support Office 365 Groups. In this case, the group mailbox and its associated SharePoint site stay in the region in which they are created, but users from any region can continue to access these resources.

Multiple Workloads

Microsoft licenses multi-geo on a workload basis. Exchange and OneDrive for Business are in preview and SharePoint Online is in development. Microsoft calculates the monthly cost for multi-geo access based on the set of workloads multiplied by the number of satellite regions. For example, Exchange, OneDrive for Business, and SharePoint are bundled together into a set of workloads. A cost applies if you use this set of workloads in one satellite region. If you add another satellite region, you pay the same cost again for that region. Extra workloads would cost extra when they are available.

The word from preview customers is that multi-geo is not cheap. However, this might be because Microsoft has not quite worked out the details of how much to charge for multi-geo tenants because they do not know the full cost of delivering the service. It is also true that the companies most likely to be interested in multi-geo tenants are large, complex, multinationals with more than 10,000 seats who negotiate individual contracts with Microsoft. It will be interesting to see how pricing evolves when multi-geo is generally available.

Why Exchange and SharePoint are First

Some of the changes made in Exchange over the last few releases laid the basis for multi-geo support. Among these are the global front-end service and single namespaces introduced in Exchange 2013, auto-discovery of mailbox location (Exchange 2010), and the unified view of tenant configuration held in the Exchange directory. For Exchange, multi-geo is a matter of moving mailboxes to the right place and then ensuring that it tracks where those mailboxes are using Azure AD and EXODS in regional Exchange Online resource forests (Figure 2).

Exchange Online multi-geo
Figure 2: Exchange Online forests support multi-geo (image credit: Microsoft)

For SharePoint Online, it is moving sites and their contents to a separate namespace for each region (Figure 3). Azure Active Directory tracks where the different sites are within a tenant.

SharePoint Online multi-geo
Figure 3: SharePoint Online multi-geo (image credit: Microsoft)

Although it is reasonably easy to imagine how user data is moved to secondary regions for these workloads because moving mailboxes and sites are well-known processes, the situation is not as clear-cut for other workloads. For example, the Teams chat service largely runs in memory with persistence provided by Azure data services running inside a datacenter. If three users join a conversation in a channel, where should the conversation exist? As expected, no one was willing or able to answer this question today, but it does illustrate the complexity of splitting up workloads for distribution across geographies.

Not a Silver Bullet for Poor Networks

Microsoft is quite explicit in their advice that multi-geo is not a solution for poor network performance. The fact remains that poor internet connectivity or excessive latency introduced by poor routing or inefficient proxies cannot be cured by moving mailboxes or sites around within Office 365. Once traffic arrives into the Microsoft datacenter network, it moves rapidly from point to point, so having mailboxes or sites in one datacenter region or another will not make a significant difference to the quality of connectivity experienced by users, especially at workstations running in an internal network. Tenants worried by poor network performance are better advised to look at how traffic is routed from workstations to Office 365, including the quality and capacity of the internet connection.

Configurations and Management

Configuration of multi-geo involves defining where your company data should reside with PowerShell using the the Set-MsolCompanyAllowedDataLocation cmdlet and then updating users and sites to move to the secondary regions. The Set-MsolUser cmdlet supports a PreferredDataLocation property, but it is not clear whether this is how to mark an account. I have not yet seen details for how to move a SharePoint site, largely because multi-geo for this workload is in development. Once identified, Microsoft moves user data behind the scenes using its own tools. The process is invisible to users.

Making a Decision

Multi-geo is available to old and new Office 365 tenants. If you are interested in this capability, you should talk to Microsoft to establish whether the solution is a good fit. Multi-geo will certainly solve data sovereignty issues for some companies, but it will never give a poor internal network sparkling performance.

Follow Tony on Twitter @12Knocksinna.

Want to know more about how to manage Office 365? Find what you need to know in “Office 365 for IT Pros”, the most comprehensive eBook covering all aspects of Office 365. Available in PDF and EPUB formats (suitable for iBooks) or for Amazon Kindle.