Useful docs for understanding Azure’s global infrastructure can be found here
Azure Regions
A region is a set of datacenters deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network.
With more global regions than any other cloud provider, Azure gives customers the flexibility to deploy applications where they need to. Azure is generally available in 53 regions around the world, with plans announced for 7 additional regions.
Geographies
A geography is a discrete market, typically containing two or more regions, that preserves data residency and compliance boundaries.
Geographies allow customers with specific data-residency and compliance needs to keep their data and applications close. Geographies are fault-tolerant to withstand complete region failure through their connection to our dedicated high-capacity networking infrastructure.
Availability Zones
Availability Zones are physically separate locations within an Azure region. Each Availability Zone is made up of one or more datacenters equipped with independent power, cooling, and networking.
Availability Zones allow customers to run mission-critical applications with high availability and low-latency replication.
What is resiliency in Azure?
Comprehensive set of native business continuity solutions, providing high availability, disaster recovery, and backup to protect your mission critical applications and data.
High availability
Maintaining acceptable continuous performance despite temporary failures in services, hardware, datacenters, or fluctuations in load
Disaster recovery
Protection against loss of an entire region through asynchronous replication for failover of virtual machines and data using services such as Azure Site Recovery and geo-redundant storage [GRS]
Backup
Replication of virtual machines and data to one or more regions using Azure Backup.
Blast radius
The radius of protection for applications and data. For example, Availability Sets protect applications within a datacenter, and Availability Zones protect applications and data in an Azure region
Data residency boundary
Two regions that share the same regulatory requirements for data replication and storage for the country or region in which they operate.
ISO-22301 Certification
Azure is certified under the first international standard to demonstrate the ability to prevent, mitigate, respond to and recover from disruptive incidents.
More Links for furthur reading
Azure Architecture Center - Guidance for architecting solutions on Azure using established patterns and practices.
Azure resiliency solutions - Build with confidence with high availability, disaster recovery, and backup
Azure Availability Zones - High availability for your most demanding mission-critical applications and data
Azure regions - Azure has more global regions than any other cloud provider—offering the scale needed to bring applications closer to users around the world, preserving data residency, and offering comprehensive compliance and resiliency options for customers.
Skip to content
- Speedo’s blog
- professional blog
- personal story
Azure fundamentals – part 1/4
Azure Fundamentals
Part 1/4 – Concepts, Introduction to Azure, Architecture and SLAs, Accounts and Subscriptions
Concepts
Microsoft’s view on the benefits of Cloud Computing;
- Cost-effective
- Scalable
- Elastic
- Current
- Reliable
- Global
- Secure
Azure is NIST CSF, ISO/IEC 27018, SOC 1/2/3, HIPPA and GDPR compliant
Management responsibility across different types of cloud services
In azure, one server in each rack of servers runs a special piece of software called a Fabric Controller. Fabric Controllers are connected to the Orchestrator. Orchestrators are responsible for everything that happens in Azure, including user requests. Users make requests using Orchestrator’s web API.
Azure: the big picture
Azure services are divided into ten main categories
Compute services
- Virtual Machines: Windows or Linux VMs
- Virtual Machine Scale Sets: Scaling for windows or Linux VMs
- Kubernetes Service: Enables management of a cluster of VMs that run containerised services
- Service Fabric: Distributed systems platform. Runs in Azure or on-premises
- Batch: Managed service for parallel and high-performance computing applications
- Container Instances: Provides containers without requiring VM provision or higher services
- Functions: An event-driven serverless compute service
Networking
- Virtual Network: connects VMs to incoming VPN connections
- Load Balancer: Balances inbound and outbound connections to applications or service endpoints
- Application Gateway: optimises app server farm delivery while increasing application security
- VPN gateway: accesses azure virtual networks through high-performance VPN gatways
- DNS
- Content Delivery Network
- DDoS Protection
- Traffic Manager: distributes network traffic across Azure regions worldwide
- ExpressRoute: Connects to Azure over high-bandwidth dedicated secure connections
- Network Watcher: monitors and diagnoses network issues using scenario-based analysis
- Firewall
- Virtual WAN: Creates a unified WAN, connecting local and remote sites
Storage services
- Blob storage: storage service for very large objects, such as video files or bitmaps
- File Storage: file shares that you can access and manage like a file server
- Queue Storage: a data store for queuing and reliably delivering messages between applications
- Table Storage: A NoSQL store that hosts unstructured data independent of any schema
DevOps
- DevOps: provides development collaboration tools including high-performance pipelines, free private Git repositories, configurable Kanban boards, and extensive automated and cloud-based load testing
- DevTest Labs: create on-demand Windows and Linux environments you can use to test or demo your applications directly from your deployment pipelines
Mobile
enables developers to create mobile backend services for iOS, Android and Windows apps. Offers offline data synchronisation, connectivity to on-premises data, broadcasting push notifications and autoscaling to match business needs
Databases
- Cosmos DB: Globally distributed database that supports NoSQL options
- SQL Database: Fully managed relational database with auto-scale, integral intelligence, and robust security
- Database for MySQL
- Database for PostgreSQL
- Database for MariaDB
- SQL Server on VMs
- SQL Data warehouse
- Database migration service: Migrates your databases to the cloud with no application code changes
- Cache for Redis: Caches frequently used and static data to reduce data and application latency
Web
- App Service: Quickly create powerful cloud web-based apps
- Notification hubs: Send push notifications to any platform from any back end
- API Management: Publish APIs to developers, partners, and employees securely and at scale.
- Search: Fully managed search as a service
- Web Apps feature of Azure App Service: Create and deploy mission-critical web apps at scale
- SignalR Service: Add real-time web functionalities easily
Internet of Things
- IoT Central: Fully-managed global IoT software as a service [SaaS] solution that makes it easy to connect, monitor, and manage your IoT assets at scale
- IoT Hub: Messaging hub that provides secure communications and monitoring between millions of IoT devices
- IoT Edge: Push your data analysis onto your IoT devices instead of in the cloud allowing them to react more quickly to state changes
Big Data
- SQL Data Warehouse: leverages MPP
- HDInsight: Process massive amounts of data with managed clusters of Hadoop clusters in the cloud
- Data Lake Analytics: On-demand scalable analytics service that allows you to write queries to transform your data and extract valuable insights
Artificial Intelligence
- Machine Learning Service: develop, train, test, deploy, manage, and track machine learning models. It can auto-generate a model and auto-tune it for you. It will let you start training on your local machine, and then scale out to the cloud
- Machine Learning Studio: Collaborative, drag-and-drop visual workspace where you can build, test, and deploy machine learning solutions using pre-built machine learning algorithms and data-handling modules
- Cognitive Services: pre-built APIs you can leverage in your applications to solve complex problems
Azure Cloud Shell: a browser-based command-line experience for managing and developing Azure resources. Think of Cloud Shell as an interactive console that you run in the cloud. Cloud Shell provides two experiences to choose from: Bash and PowerShell. Both include access to the Azure CLI, the command-line interface for Azure
Azure Resource Group: Virtual machines and other cloud resources are grouped into logical containers called resource groups. Groups are typically used to organize sets of resources that are deployed together as part of an application or service. You refer to a resource group by its name.
Normally, the first thing we’d do is to create a resource group to hold all the things that we need to create. This allows us to administer all the VMs, disks, network interfaces, and other elements that make up our solution as a unit.
By default, Azure assigns a public IP address to your VM. You can configure a VM to be accessible from the Internet or only from the internal network
Tools that are commonly used for day-to-day management and interaction include:
- Azure portal for interacting with Azure via a Graphical User Interface [GUI]
- Azure PowerShell and Azure Command-Line Interface [CLI] for command line and automation-based interactions with Azure
- Azure Cloud Shell for a web-based command-line interface
Both Azure CLI and PowerShell can be leveraged to build automated scripts that work against the Azure Resource Manager and these scripts are considered as Infrastructure as Code [IaC]
ARM Templates, Terraform, Ansible, Jenkins and Cloud-init are also some of the tools available to deploy and manage your work environment in Azure
Custom Script Extension: An easy way to download and run scripts on your Azure VMs. You can store your scripts in Azure storage or in a public location such as GitHub.
Azure Advisor and Azure Cost Management are two services that help you optimize cloud spend. You can use these services to identify where you’re using more than you need, and then scale back to the capacity you’re actually using.
Azure architecture and service guarantees
A region is a geographical area on the planet containing at least one, but potentially multiple datacenters that are nearby and networked together with a low-latency network. Azure intelligently assigns and controls the resources within each region to ensure workloads are appropriately balanced. There are some global Azure services that do not require you to select a particular region, such as Microsoft Azure Active Directory, Microsoft Azure Traffic Manager, and Azure DNS.
Azure divides the world into geographies that are defined by geopolitical boundaries or country borders. An Azure geography is a discrete market typically containing two or more regions that preserve data residency and compliance boundaries. Geographies are fault-tolerant to withstand complete region failure through their connection to dedicated high-capacity networking infrastructure.
Geographies are broken up into the following areas:
- Americas
- Europe
- Asia Pacific
- Middle East and Africa
- Brazil
Availability Zones are physically separate datacenters within an Azure region. Each Availability Zone is made up of one or more datacenters equipped with independent power, cooling, and networking. AZs are connected through high-speed, private fiber-optic networks.
Azure services that support Availability Zones fall into two categories:
- Zonal services – you pin the resource to a specific zone [for example, virtual machines, managed disks, IP addresses]
- Zone-redundant services – platform replicates automatically across zones [for example, zone-redundant storage, SQL Database].
Availability zones are created using two datacenters within a single region. However, it’s possible that a large enough disaster could cause an outage big enough to affect even two datacenters. That’s why Azure also creates region pairs.
Region Pairs: Each Azure region is always paired with another region within the same geography at least 300 miles away. This approach allows for the replication of resources [such as virtual machine storage] across a geography that helps reduce the likelihood of interruptions.
Additional advantages of region pairs include:
- If there’s an extensive Azure outage, one region out of every pair is prioritized to help reduce the time it takes to restore them for applications.
- Planned Azure updates are rolled out to paired regions one region at a time to minimize downtime and risk of application outage.
- Data continues to reside within the same geography as its pair [except for Brazil South] for tax and law enforcement jurisdiction purposes.
There are three key characteristics of SLAs for Azure products and services:
- Performance Targets
- Uptime and Connectivity Guarantees
- Service credits
Service Credits: SLAs also describe how Microsoft will respond if an Azure product or service fails to perform to its governing SLA’s specification. For example, customers may have a discount applied to their Azure bill, as compensation for an under-performing Azure product or service.
When combining SLAs across different service offerings, the resultant SLA is a called a Composite SLA. The resulting composite SLA can provide higher or lower uptime values, depending on your application architecture.
By creating your own SLAs, you can set performance targets to suit your specific Azure application. This approach is known as an Application SLA.
Azure accounts and subscriptions
An Azure account is what you use to sign in to the Azure website and administer or deploy services. Every Azure account is associated with one or more subscriptions and is a globally unique entity. Authentication for your account is performed using Azure Active Directory [Azure AD].
An Azure subscription is a logical container used to provision resources in Microsoft Azure. It holds the details of all your resources like virtual machines, databases, etc. You can create multiple subscriptions under a single Azure account. This is particularly useful for businesses because access control and billing occur at the subscription level, not the account level.
Subscriptions are also bound to some hard limitations. For example, the maximum number of Express Route circuits per subscription is 10. Those limits should be considered as you create subscriptions on your account.
Azure offers free and paid subscription options. The most commonly used subscriptions are:
- Free: An Azure free subscription includes a $200 credit to spend on any service for the first 30 days, free access to the most popular Azure products for 12 months, and access to more than 25 products that are always free.
- Pay-As-You-Go
- Enterprise Agreement: provides flexibility to buy cloud services and software licenses under one agreement, with discounts for new licenses and Software Assurance.
- Student: includes $100 in Azure credits to be used within the first 12 months plus select free services without requiring a credit card at sign-up.
Azure AD is partitioned into separate tenants. A tenant is a dedicated, isolated instance of the Azure Active Directory service, owned and managed by an organisation. When you sign up for a Microsoft cloud service subscription such as Microsoft Azure, Microsoft Intune, or Office 365, a dedicated instance of Azure AD is automatically created for your organisation. The email address you use to sign in to Azure can be associated with more than one tenant.
Azure AD tenants and subscriptions have a many-to-one trust relationship: A tenant can be associated with multiple Azure subscriptions, but every subscription is associated with only one tenant. This structure allows organisations to manage multiple subscriptions and set security rules across all the resources contained within them.
Notice that each Azure AD tenant has an account owner. This is the original Azure account that is responsible for billing. You can add additional users to the tenant, and even invite guests from other Azure AD tenants to access resources in subscriptions
Microsoft offers four paid Azure support plans for customers who require technical and operational support:
- Developer
- Standard
- Professional Direct
- Premier [you get your own TAM]