How Many Instances of Azure Key Vault Should You Implement?
Question
You have an Azure subscription that contains web apps in three Azure regions.
You need to implement Azure Key Vault to meet the following requirements:
-> In the event of a regional outage, all keys must be readable.
-> All the web apps in the subscription must be able to access Key Vault.
-> The number of Key Vault resources to be deployed and managed must be minimized.
How many instances of Key Vault should you implement?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.A
The contents of your key vault are replicated within the region and to a secondary region at least 150 miles away but within the same geography. This maintains high durability of your keys and secrets. See the Azure paired regions document for details on specific region pairs.
Example: Secrets that must be shared by your application in both Europe West and Europe North. Minimize these as much as you can. Put these in a key vault in either of the two regions. Use the same URI from both regions. Microsoft will fail over the Key Vault service internally.
https://docs.microsoft.com/en-us/azure/key-vault/general/disaster-recovery-guidanceTo meet the given requirements, we need to implement Azure Key Vault in a way that ensures high availability and enables all the web apps to access the Key Vault.
The first requirement states that in the event of a regional outage, all keys must be readable. To meet this requirement, we need to ensure that the Key Vault instances are deployed in different regions. If we deploy only one instance of Key Vault, then in the event of a regional outage, the keys stored in that Key Vault will not be accessible, which would result in an outage for the web apps that depend on those keys. Therefore, we need to deploy multiple instances of Key Vault in different regions.
The second requirement states that all the web apps in the subscription must be able to access Key Vault. To meet this requirement, we need to ensure that the Key Vault instances are accessible to all the web apps. If we deploy different Key Vault instances for different web apps, it would result in a high number of Key Vault resources to be deployed and managed, which is not optimal. Therefore, we need to deploy only one instance of Key Vault that can be accessed by all the web apps in the subscription.
The third requirement states that the number of Key Vault resources to be deployed and managed must be minimized. To meet this requirement, we need to deploy the minimum number of Key Vault instances that can meet the first two requirements.
Based on the above requirements, we need to deploy two instances of Key Vault in two different regions. This ensures high availability, and all the web apps in the subscription can access the Key Vault without deploying multiple instances of Key Vault. Therefore, the correct answer is B. 2.
