Home > Storage > PowerFlex > White Papers > Dell APEX Block Storage for Azure: Protecting SQL Server Data with Dell APEX Protection Storage > Logical architecture
The following figure shows the architecture of a two-layer system deployed across multiple AZs within a single Azure Resource Group. This setup includes Dell APEX Block Storage, SQL Server, and APEX Protection Storage for Microsoft Azure (DDVE) components.
In this example, APEX Block Storage for Azure storage is deployed with one Virtual Network across three availability zones within the same Azure resource group for resiliency. To ensure connectivity and routing across distinct availability zones, a dedicated private subnet is established for each zone. The public subnet contains resources that are accessible over the Internet and the private subnet contains the compute and storage resources.
A Network Address Translation (NAT) gateway is configured in the public routing table to enable access to the Azure VM instances in the public subnet over the Internet. Security groups are created for Azure VM instances to provide an additional layer of security and control over inbound and outbound traffic at the subnet level.
The architecture described in this section shows the deployment of a SQL Server 2022 on a two-layer Dell APEX Block Storage configuration - SQL Server 2022 VM in AZ-2, DDVE VM in AZ-3 and the DDVE is connected using Hot Blob Storage with a service endpoint.
To ensure data recovery capabilities, it is advisable to deploy SQL Server and DDVE in separate AZs. Co-locating them in the same AZ may hinder the restoration of data from DDVE to a new SQL Server in the event of an AZ failure. The APEX Block Storage deployment across three AZs offers increased resiliency and availability.
In each AZ, two SDSs are installed on a Standard_F48s_v2 Azure VM instance with the SUSE Linux AMI. The Azure VM instances that are deployed by APEX Block Storage in Azure are backed by Azure disk drives. The Azure disks are locally attached at the Instance level. There are six APEX Block Storage SDS instances configured into a single protection domain. A single storage pool is created, using all the storage devices available within the protection domain.
APEX Block Storage maintains the user data in a mesh mirrored layout such that each piece of data has two copies (primary and secondary) stored on two different storage optimized Azure VM instances (SDS). The copies are evenly distributed across the SDS instances, which enables the system to maintain data availability and high-performance if there is a failure of a storage device or Azure Disk storage optimized instance.
The APEX Block Storage volumes, generated from the APEX Block Storage pool, are linked to SQL Server Azure VM compute instances that operate APEX Block Storage SDC services. These mapped APEX Block Storage volumes, in turn, are employed in the creation of databases within the SQL Server instance.
An Azure VM instance of DDVE has been strategically deployed in AZ3, complemented by Blob storage established through a service endpoint. This DDVE instance serves the purpose of safeguarding the SQL Server database, which is hosted on APEX Block volumes. The Microsoft Application Agent for Application Direct facilitates the secure transfer of data from the SQL Server database to the DDVE instance.