Differences Between Microsoft Azure Global and Microsoft Azure China

Posted on 28 February 2021 by Alberto Roura.
azure chinaazure globalmicrosoft azurecloud differenceschina cloud

Microsoft Azure operates two distinct cloud environments: the global Azure cloud available worldwide and Azure China, operated by 21Vianet. While both run on Azure technology, they differ significantly in operations, compliance, services, and user experience. Understanding these differences is crucial for organizations planning to deploy applications across both environments.

Overview of Azure Environments

Azure Global

  • Operated by: Microsoft Corporation
  • Regions: 60+ regions worldwide
  • Compliance: Global standards (SOC, ISO, GDPR, etc.)
  • Services: Full Azure service catalog
  • Integration: Seamless integration with Microsoft 365, Dynamics 365

Azure China

  • Operated by: 21Vianet (Microsoft’s partner in China)
  • Regions: 2 regions (China North, China East)
  • Compliance: Meets Chinese regulatory requirements
  • Services: Subset of Azure services, localized for China
  • Integration: Limited integration with global Microsoft services

Service Availability Differences

Core Services Available in Both

Compute

  • Virtual Machines (same SKUs)
  • Azure Kubernetes Service (AKS)
  • Azure Functions
  • Azure Container Instances

Storage

  • Blob Storage
  • File Storage
  • Queue Storage
  • Table Storage

Networking

  • Virtual Networks
  • Load Balancers
  • VPN Gateway
  • ExpressRoute (China-specific implementation)

Services Unique to Azure Global

  • Azure Front Door
  • Azure CDN (global)
  • Azure Cognitive Services (full suite)
  • Azure Machine Learning Studio
  • Azure Synapse Analytics
  • Azure Purview
  • GitHub integration

Services Unique to Azure China

  • Localized versions of some services
  • China-specific compliance features
  • Integration with local telecom providers
  • Support for Chinese payment methods

Services with Limitations in China

Azure Active Directory

  • Limited integration with global Azure AD
  • Separate tenant management
  • Restricted federation capabilities

Azure DevOps

  • Limited integration with GitHub
  • Localized service offerings
  • Different pricing models

Azure Monitor

  • Limited integration with global Log Analytics
  • Localized dashboard and reporting

Endpoint and API Differences

Endpoint Patterns

Azure Global Pattern:

https://servicename.region.cloudapp.azure.com

Azure China Pattern:

https://servicename.region.cloudapp.chinacloudapi.cn

Common Endpoints

Resource Manager:

  • Global: https://management.azure.com
  • China: https://management.chinacloudapi.cn

Storage:

  • Global: https://accountname.blob.core.windows.net
  • China: https://accountname.blob.core.chinacloudapi.cn

Key Vault:

  • Global: https://vaultname.vault.azure.net
  • China: https://vaultname.vault.azure.cn

Azure AD:

  • Global: https://login.microsoftonline.com
  • China: https://login.chinacloudapi.cn

API Version Compatibility

  • Same API versions generally supported
  • Some services may have different feature sets
  • Documentation available on separate China portal

Account and Subscription Management

Separate Accounts Required

  • Azure China: Requires separate Microsoft account registered in China
  • Azure Global: Standard Microsoft account
  • No account sharing: Cannot use same account for both environments

Billing and Payment

  • Azure Global: Credit card, bank transfer, Azure credits
  • Azure China: Local payment methods, RMB billing
  • Separate subscriptions: Cannot transfer subscriptions between environments

Support and SLAs

  • Azure Global: Full Microsoft support, standard SLAs
  • Azure China: Support through 21Vianet, localized SLAs
  • Language: Chinese language support primary in China

Compliance and Data Residency

Regulatory Compliance

Azure Global:

  • GDPR, HIPAA, ISO 27001
  • FedRAMP, DoD IL
  • Industry-specific certifications

Azure China:

  • Meets Chinese government requirements
  • Multi-Level Protection Scheme (MLPS)
  • Local data residency laws
  • Compliance with Chinese cybersecurity standards

Data Residency

  • Azure China: Data physically stored in China
  • Azure Global: Data location based on region selection
  • Data transfer: Restrictions on data movement between environments

Development and Management Tools

Azure CLI and PowerShell

# Azure Global
az cloud set --name AzureCloud
az login

# Azure China
az cloud set --name AzureChinaCloud
az login --environment AzureChinaCloud

Azure Portal Access

Azure Global:

  • https://portal.azure.com

Azure China:

  • https://portal.azure.cn

SDK and API Access

// Azure Global
var client = new ArmClient(new DefaultAzureCredential());

// Azure China
var client = new ArmClient(
    new DefaultAzureCredential(),
    new ArmClientOptions { Environment = ArmEnvironment.AzureChina }
);

Visual Studio Integration

  • Separate environment selection required
  • Different account authentication for China
  • Localized documentation and templates

Networking and Connectivity

ExpressRoute

Azure Global:

  • Global Microsoft backbone
  • Extensive partner ecosystem
  • Standard ExpressRoute circuits

Azure China:

  • Local telecom provider connectivity
  • Limited international connectivity options
  • Different pricing and SLAs

VPN Connections

Azure Global:

  • Standard VPN gateway SKUs
  • Global VPN capabilities

Azure China:

  • Localized VPN services
  • Integration with Chinese telecom providers
  • Different performance characteristics

Identity and Access Management

Azure Active Directory

Azure Global:

  • Full Azure AD Premium features
  • Integration with Microsoft 365
  • Advanced security features

Azure China:

  • Azure AD operated by 21Vianet
  • Limited integration with global services
  • Localized security and compliance features

Multi-Factor Authentication

  • Same MFA capabilities in both environments
  • Localized phone number support in China
  • Different authentication endpoints

Cost and Pricing Differences

Pricing Models

Azure Global:

  • Pay-as-you-go pricing
  • Azure Hybrid Benefit
  • Reservations and savings plans
  • Consistent global pricing

Azure China:

  • RMB-based pricing
  • Different pricing structure
  • Localized promotions and discounts
  • Volume-based pricing available

Cost Management Tools

  • Azure Cost Management: Available in both but with localized insights
  • Pricing calculator: Separate calculators for each environment
  • Billing: Separate billing portals and currencies

Application Development Considerations

Service Dependencies

// Azure Global configuration
{
  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "yourdomain.onmicrosoft.com"
  },
  "Storage": {
    "Account": "yourstorageaccount",
    "Endpoint": "core.windows.net"
  }
}

// Azure China configuration
{
  "AzureAd": {
    "Instance": "https://login.chinacloudapi.cn/",
    "Domain": "yourdomain.partner.onmschina.cn"
  },
  "Storage": {
    "Account": "yourstorageaccount",
    "Endpoint": "core.chinacloudapi.cn"
  }
}

Environment Detection

public class AzureEnvironment
{
    public static bool IsChinaCloud()
    {
        // Detect based on domain or configuration
        return Environment.GetEnvironmentVariable("AZURE_ENVIRONMENT") == "China";
    }

    public static string GetEndpointSuffix()
    {
        return IsChinaCloud() ? "chinacloudapi.cn" : "azure.com";
    }
}

Migration and Multi-Environment Strategies

Application Architecture

# Multi-environment deployment configuration
environments:
  global:
    subscription: "global-subscription-id"
    location: "East US"
    endpoints:
      storage: "core.windows.net"
      keyvault: "vault.azure.net"

  china:
    subscription: "china-subscription-id"
    location: "China North"
    endpoints:
      storage: "core.chinacloudapi.cn"
      keyvault: "vault.azure.cn"

Data Synchronization

  • Separate databases required for each environment
  • Data export/import for moving data between environments
  • Third-party tools for cross-environment synchronization

CI/CD Pipelines

# Azure DevOps pipeline for multi-environment deployment
stages:
- stage: 'Build'
  jobs:
  - job: 'Build'
    steps:
    - script: 'dotnet build'

- stage: 'Deploy_Global'
  condition: eq(variables['environment'], 'global')
  jobs:
  - deployment: 'Deploy_Global'

- stage: 'Deploy_China'
  condition: eq(variables['environment'], 'china')
  jobs:
  - deployment: 'Deploy_China'

Best Practices for Multi-Environment Development

1. Environment Abstraction

interface AzureConfig {
  subscriptionId: string;
  location: string;
  endpoints: {
    storage: string;
    keyVault: string;
    activeDirectory: string;
  };
}

function getAzureConfig(environment: 'global' | 'china'): AzureConfig {
  const configs = {
    global: {
      subscriptionId: process.env.AZURE_GLOBAL_SUBSCRIPTION_ID!,
      location: 'East US',
      endpoints: {
        storage: 'core.windows.net',
        keyVault: 'vault.azure.net',
        activeDirectory: 'login.microsoftonline.com'
      }
    },
    china: {
      subscriptionId: process.env.AZURE_CHINA_SUBSCRIPTION_ID!,
      location: 'China North',
      endpoints: {
        storage: 'core.chinacloudapi.cn',
        keyVault: 'vault.azure.cn',
        activeDirectory: 'login.chinacloudapi.cn'
      }
    }
  };

  return configs[environment];
}

2. Configuration Management

  • Use environment variables or configuration files
  • Implement feature flags for environment-specific features
  • Test applications in both environments

3. Monitoring and Logging

  • Implement consistent logging across environments
  • Use Azure Monitor in both environments
  • Set up alerts for both global and China deployments

Common Challenges and Solutions

Account Management

Challenge: Managing separate accounts and subscriptions Solution: Implement centralized account management and automated provisioning

Service Parity

Challenge: Different service availability Solution: Design applications with service availability in mind, use alternative services where needed

Network Connectivity

Challenge: Limited connectivity between environments Solution: Implement hybrid networking solutions and data synchronization strategies

Future Considerations

Service Expansion

Microsoft continues to expand Azure China service offerings, though at a different pace than the global cloud.

Integration Improvements

Ongoing efforts to improve integration between Azure Global and Azure China environments.

Compliance Evolution

Both environments continue to evolve to meet changing regulatory requirements.

Conclusion

Azure Global and Azure China are distinct cloud environments designed to meet different operational and regulatory requirements. While they share the same underlying Azure technology, the differences in service availability, endpoints, compliance, and operations require careful planning for organizations operating in both environments.

Successful deployment across both Azure environments requires:

  • Understanding service availability differences
  • Implementing environment-specific configurations
  • Planning for data residency and compliance requirements
  • Designing applications with multi-environment deployment in mind

By recognizing and planning for these differences, organizations can effectively leverage both Azure Global and Azure China to meet their international business objectives while maintaining compliance and operational efficiency.

🚀 Ready to Transform Your Business?

Get expert guidance tailored to your China market ambitions. Our team of cloud and DevOps specialists has helped 100+ companies navigate the complexities of Chinese cloud infrastructure.

From AWS China foundations to ICP compliance, we handle the technical details so you can focus on growing your business.

📅 Schedule Your Free Strategy Session

We'll assess your current setup and show you exactly how to optimize for the China market.

Book Your Free Meeting
✓ No sales pitch • ✓ Actionable insights • ✓ Custom recommendations
100+
Companies Served
10+
Years Experience
99%
Client Satisfaction

Not ready for a call? Send us an email instead.