The Standard SKU supports availability zones with zone-redundant and zonal frontends for inbound and outbound traffic and health probes, including TCP, HTTP, and HTTPS, while the Basic SKU only supports TCP and HTTP. Another benefit of using the Standard SKU is the ability to use HA ports.
Azure services that are compatible with availability zones fall into three categories:
- Zonal services: A resource can be pinned to a specific zone. For example, virtual machines can be pinned to a particular zone, allowing for increased resilience by having one or more instances of resources spread across zones.
- Zone-redundant services: These are resources that are replicated or distributed across zones automatically. Azure replicates the data across three zones so that a zone failure does not impact its availability.
- Non-regional services: This refers to Azure services that are always available from Azure geographies and resilient to zone and region-wide outages.
core services available in Azure
- Azure DDoS Protection
- Azure Firewall
- Azure WAF
az network firewall application-rule create \
--resource-group $rgName \
--collection-name Application_Rule_Collection \
--firewall-name $firewallName \
--name Allow_Contoso \
--protocols Https=443 \
--action Allow \
--target-fqdns www.contoso.com \
--priority 1000