Module 2 - Core Azure Services
Core Azure Architectural Components
- A region is a geographical area containing at least one, but potentially multiple, data centers that are in close proximity and connected through low latency network.
- Azure has more global regions than any other cloud providers, 58 region in 140 countries.
- Some services or features are only available in certain regions such as some VM sizes or storage types
- Some services do not require to select a region such as AzureAD, Traffic Manager, DNS
- Region pair - Each region is paired with another region within the same geography (except Brazil South).
- Physical isolation - Azure prefers at least 300 miles of separation between region pairs.
- Platform-provided replication - Geo-redundant storage provide automatic replication to the paired region
- Region recovery order - Recovery of one region is prioritized out of every pairs. Application should be deployed in both paired regions.
- Sequential updates - rolled out to paired regions sequentially
- Data residency - Region pairs reside in the same geography to both meet data residency requirements
- A geography is discrete market typically containing two or more regions that preserves data residency and compliance boundaries.
- Americas, Europe, Asia Pacific, Middle East, and Africa
- A single VM with premium storage has an SLA of 99.9%
- Placing VM in an Availability Set protects against data center failure and increases SLA to 99.95%
- Adding VM to Availability Zone protects from entire datacenter failures and increase SLA to 99.99% which is the highest protection
- Ensure application remains online if a high-impact maintenance event is required, or a hardware failure occurs.
- Update domains - Logical section of data center.
- update is sequenced through update domains ensure entire data center isn't unavailable.
- Fault domains - Physical separation across different h/w in the data center including power, cooling, and network h/w.
- In case a hardware failure, only the rack that supported by that hardware would be affected by the outage.
- Availability Zones are Physically separate locations within an Azure region that use Availability Set
- Each Availability Zone is an isolation boundary containing one or more datacenter with independent equipments
- If one zone goes down, the other continues working
- Availability Zones connect each other with very fast, private fiber-optic network
- Allow customer to run highly-critical applications with high availability and low latency
- To ensure resiliency, there are minimum 3 separated zones in all enabled regions e.g. Central US, North Europe, and Southeast Asia
- A container that is a unit of management for Azure resources
- Metering and billing
- Monitoring and alerts
- Access control
- Deleting a resource group will delete all resources contained
- Each resource must exist in one and only one resource group
- A resource group can contain resources that reside in different regions
- Resources for the same application do not need to be in the same resource group but recommended to do so
Azure Resource Manager
- Azure Resource Manager (ARM) is a management layer to create, configure, manage, delete resources and resource groups.
- ARM provides consistent management layer for automation and scripting via PowerShell, CLI, Portal, REST API, or SDKs.
Core Azure Services and Products
- Azure Compute is an on-demand computing service for cloud-based applications.
- It provides computing resources such as disks, processors, memory, networking, and OS.
- or VMs are software emulations of physical computers.
- Azure Virtual Machines provides IaaS when you want control over OS and environment
- Virtual Machine Scale Sets is a set of identical VMs that configured the same.
- Support auto-scale
- Good for large-scale services for big compute, big data, and containerized workloads
- App Services is a fully-managed platform (PaaS) that let you quickly build, deploy, and scale web, mobile, API apps.
- Azure Functions let you run your codes without worrying about the underlying platform or infrastructure.
- Suitable for works performed in response to events, timer, or messages and can be completed within seconds or less.
- Containers are virtualization environment
- reference the OS of the host so no need to manage OS
- Containers are lightweight and designed to be easily created, scaled and stopped dynamically
- Azure Container Instances
- PaaS that is fastest and simplest to run containers without managing VMs
- Azure Kubernetes Service
- Complete orchestration service for containers
- For distributed architecture and large volumes of container
- Orchestration is the task of automating and managing a large number of containers and how that interact
Azure Network Services
- Azure Networking allows you to connect infrastructure either on-cloud and on-premise
- Components on cloud requires the same networking functionality as an on-premise deployment
- Different networking components allows organization to design and build infrastructure services that meet requirements
- Azure Virtual Network (VNet) enables Azure resources to securely communicate with each others, internet, and on-premise networks.
- Scoped to a single region
- VNets in different regions can inter-connected using virtual network peering.
- VNet provides network isolation, segmentation, communication with other resources, routing and filtering of network traffic.
- Azure Load Balancer can provide scalability and high availability
- Supports both inbound and outbound scenarios
- Low latency, high throughput, scales up to millions of TCP/UDP packets
- Common use cases: incoming internet traffic, port forwarding, outbound connectivity for VMs
- VPN Gateway is used to send encrypted traffic between Azure VNet and on-premise locations
- Azure Application Gateway is a web traffic load balancer for your web applications
- Route traffic based on source IP and port to destination IP and port
- Can protect web application with firewall, redirection, session affinity (keep user routed to the same server)
- Content Delivery Network is a distributed network of servers that can efficiently deliver web content to users.
- Local to user to minimize latency
- Cache content at strategically places across the world to provide better performance
- Common user cases:
- Multimedia content
- Product launch event in a region
- Event that you expect a high bandwidth in a region
|Structured Data||Semi-structured Data||Unstructured Data|
Azure Storage Services
- Azure Storage is used to store files, messages, tables, and other information.
- Disk Storage provides disks for VMs, applications, and other services
- Accessible via virtual hard disk
- Can be managed or unmanaged by Azure
- Typical scenario: storing data that is not required to be accessed from outside the VMs where it is attached
- Different sizes and performance levels such as spinning H/D, SSD
- Containers (BLOB Storage) is Microsoft's objectivity storage solution for the cloud
- optimized for storing massive amounts of unstructured data e.g. image, documents
- Distributed access
- Typical scenarios: Streaming video and audio, Backup and restore, DR, archiving
- Azure Files is high availability network file shares that can be accessed via standard Server Message Block (SMB) protocol.
- Multiple VMs can share the same files with both R/W access
- Can read using REST API or client libraries
- Can be accessed from anywhere in the world using URL endpoint with Shared Access Signature (SAS) token.
- Common scenarios:
- Migrate on-premise application that using file shares with minimum effort
- Multiple developer in a group with multiple VMs sharing the same files
- Diagnostic logs, metrics, crash dumps to be processed or analyzed later
- Azure Queues is used to store and retrieve messages
- Message is up to 64 KB in size
- Queue can contain millions of messages to be processed asynchronously
- Sample use cases: Create thumbnails for uploaded pictures without making user waiting
- Azure Tables stores large amount of structured data
- NoSQL data store behind the scene
- Common uses:
- Storing tables for web scale application
- Storing datasets that don't require complex joins, foreign keys or stored procedures, can be denormalized for faster access
- Quickly query using clustered index
- Scale as demand increases
Azure Database Services
- Fully managed PaaS database services.
- Enterprise-grade performance with built-in high availability
- Azure Cosmos DB is a globally distributed database service that can elastically and independently scale across regions.
- Support schema-less data that constantly changing by users around the world
- Azure SQL Database is a relational DBaaS based on Microsoft SQL Server DB engine for data-driven applications
- Azure Database Migration Service is a fully-managed service to enable seamless migrations from multiple DB sources to Azure
- Microsoft Data Migration Assistant is used to generate assessment reports that provide recommendations on remediation prior migration
- Other DB services can be further explored here
- Service on Azure that connect end users with Microsoft partners, independent software vendors (ISVs), and start-up that are offering their solution and services which are optimized to run on Azure.
- Allow customers to find, try, and purchase applications and services that certified to run on Azure
- Including open-source container platforms, VM images, databases, application build and deployment software, developer tools, threat detection, and blockchain.
- Microsoft partners also use as a launch point for all joint Go-To-Market activities
Internet of Things
- Internet of Things (IoT) is the ability for devices to garner and then relay information for data analysis
- IoT Central is a fully managed global IoT SaaS to connect, monitor, and manage IoT assets at scale
- Azure IoT Hub is a managed service acts as a central message hub for bi-directional communication between IoT application and the devices it manages.
Big Data and Analytics
- Open source cluster technologies have been developed over time to deal with large data sets
- Azure SQL Data Warehouse (now called Azure Synapse Analytics) is a cloud-based Enterprise Data Warehouse (EDW) that can run complex queries quickly across petabytes of data
- Can import big data into the warehouse using PolyBase Transact-SQL (T-SQL)
- Use MPP to run high-performance analytics
- Azure HDInsight is a fully-managed, open-source analytics service for enterprises
- Azure Data Lake Analytics is an on-demand analytics job service that simplifies big data.
- Can handle jobs of any scale and you pay only when it is running
- Visit Analytics page for full list of available services
- Core is Machine Learning = a data science technique that allows computers to use existing data to forecast future behaviors, out comes, and trends.
- Azure Machine Learning Service provides cloud-based environment that can develop, train, test, deploy, manage, and track ML models.
- Supports open-source technologies with thousands of Python packages including TensorFlow, scikit-learn
- Jupytor notebooks and Visual Studio Code Tools for AI can be used to interact with
- The service can auto-generate a model and auto-tune it.
- Azure Machine Learning Studio is a collaborative , drag-and-drop visual workspace without needing to write code.
- Pre-built and pre-configured ML algorithms and modules
- However, it does not provide as much control as ML Service
- See this page for full list of available AI and ML services
- Serverless Computing is an execution environment on the cloud that runs your code without infrastructure configuration and maintenance
- Serverless applications usually response to events e.g. REST endpoint, periodic timer, or message received
- Runs only when it's triggered by an event
- Billed only for the exact resources you use
- Azure Functions runs your code in response to events
- Can be completed quickly, within seconds or less
- Scale automatically and charged only when the function is triggered
- Stateless. They behave as if they're restarted every time they response to an event. Use Storage to persist states.
- Azure Logic Apps helps to automate and orchestrate tasks, business processes, and work flows to integrate systems
- Supports both enterprise application integration (EAI) and business-to-business (B2B)
- Designed in web-based designer without writing any code
- over 200 connectors including SAP, Salesforce, Oracle DB, and file shares
- Azure Event Grid allows you to build applications with event-based architectures
- intelligent event routing service using pub/sub model
- Built-in support for events coming from Azure services such as BLOB storage
- Also support non-Azure-based events in near-real time using custom topics
- DevOps (Development and Operations) brings together people, processes, and technology automating software delivery to provide continuous value to users
- Azure DevOps Services provides development collaboration tools such as Git repositories, Kanban boards
- Formerly known as Visual Studio Team Services (VSTS)
- Azure Lab Services quickly create environments in Azure for developers and testers
- Support both Windows and Linux with reusable templates and artifacts
- Easily integrate with deployment pipeline to provision on-demand environment
- Scale up your load testing
- Pre-provisioned environments for training and demos
- Formerly known as DevOps Test
Azure App Service
- Azure App Service can quickly and easily build web or mobile app with programming language of your choice without managing infrastructure.
- Multiple languages and frameworks - i.e. ASP.NET, AST.NET Core, Java, Ruby, Node.js, PHP, Python.
- You can even run PowerShell or other scripts or executables as background services
- DevOps optimization - CI/CD pipeline with PowerShell or CLI
- Global scale with high availability
- 50 connectors to enterprise systems e.g. SAP, Salesforce, Internet service (e.g. Facebook).
- Security and compliance - ISO, SOC, and PCI compliant
- Application template e.g. WordPress, Joomla. Drupal
- Visual Studio integration - for creating, deploying, and debugging
- APIs and mobile features - turn-key CORS support, authentication, offline data sync, push notifications
- Serverless code - run code snippet or script on-demand
Azure Management Tools
Azure Management Tools
- Azure Portal
- Wizards and tooltips available
- Dashboard visualizes high-level details
- Does not provide ways to automate repetitive tasks
- Azure PowerShell
- A module runs within Windows PowerShell or PowerShell Core (that can run on Linux or Mac)
- Use command
Connect-AzureRMAccountto sign in your Azure account
- Azure CLI
- Cross-platform command line interface
- Sign in Azure account using command
- Azure Cloud Shell
- Browser-based scripting environment
- Two options available: Bash or PowerShell
- A storage account is required to use Cloud Shell
- Azure Mobile App
- Check status and important metrics
- Notifications and alerts
- Start, stop, restart VMs or web app
- Manage permissions using RBAC
- Azure Cloud Shell is used ti run saved script or perform ad doc admin tasks
- Azure REST API
- Sets of HTTP operations on Azure resources
- Azure Advisor is a free service that provide recommendations (with proposed actions) on:
- high availability
- It analyzes your deployed services and looks for ways to improve