azure-fundamentals-and-core-concepts

Azure Fundamentals Core concepts and basics

Azure is a cloud computing platform with an ever-expanding set of services to help you build solutions to meet your business goals. Azure services range from simple web services for hosting your business presence in the cloud to runningMove Move Move Move Move Move fully virtualized computers for you to run your custom software solutions. Azure provides a wealth of cloud-based services like remote storage, database hosting, and centralized account management. Azure also offers new capabilities like AI and Internet of Things (IoT).Move Move  capabilities. You’ll gain a solid foundation for completing the available learning paths for Azure fundamentals.

After completing this module, you’ll be able to:

  •  The basic concepts of cloud computing.
  • Determine whether Azure is the right solution for your business needs.
  • Differentiate between the different methods of creating an Azure subscription.

What is Azure fundamentals?

Azure fundamentals is a series of six section that familiarize you to Azure and its many services and features.

Whether you’re interested in Azure’s core compute, network, storage, and database services, learning about cloud security best practices, or exploring the cutting edge in IoT and machine learning, think of Azure fundamentals as your curated guide to Azure.

Cloud computing?

Cloud computing is the delivery of computing services over the internet, which is otherwise known as the cloud. These services include servers, storage, databases, networking, software, analytics, and intelligence. Cloud computing offers faster innovation, flexible resources, and economies of scale.

  • Lower your operating costs.
  • Run your infrastructure more efficiently.
  • Scale as your business needs change.

What can I do with Azure?

Azure provides more than 100 services that enable you to do everything from running your existing applications on virtual machines, to exploring new software paradigms, such as intelligent bots and mixed reality.

Many teams start exploring the cloud by moving their existing applications to virtual machines that run in Azure. Migrating your existing apps to virtual machines is a good start, but the cloud is much more than a different place to run your virtual machines.

What is the Azure portal?

The Azure portal is a web-based, unified console that provides an alternative to command-line tools. With the Azure portal, you can manage your Azure subscription by using a graphical user interface. You can:

  • Build, manage, and monitor everything from simple web apps to complex cloud deployments.
  • Create custom dashboards for an organized view of resources.
  • Configure accessibility options for an optimal experience.

The Azure portal is designed for resiliency and continuous availability. It maintains a presence in every Azure datacenter. This configuration makes the Azure portal resilient to individual datacenter failures and avoids network slowdowns by being close to users. The Azure portal updates continuously and requires no downtime for maintenance activities.

Azure Portal

Azure Marketplace

Azure Marketplace helps connect users with Microsoft partners, independent software vendors, and startups that are offering their solutions and services, which are optimized to run on Azure. Azure Marketplace customers can find, try, purchase, and provision applications and services from hundreds of leading service providers. All solutions and services are certified to run on Azure.

Azure Marketplace

Azure services

Here’s a big-picture view of the available services and features in Azure.

Diagram showing overall view of popular Azure services with sections for security and management, platform services, hybrid cloud, and infrastructure services.

Let’s take a closer look at the most commonly used categories:

  • Compute
  • Networking
  • Storage
  • Mobile
  • Databases
  • Web
  • Internet of Things (IoT)
  • Big data
  • AI
  • DevOps

 

Service name Service function
Azure Virtual Machines Windows or Linux virtual machines (VMs) hosted in Azure.
Azure Virtual Machine Scale Sets Scaling for Windows or Linux VMs hosted in Azure.
Azure Kubernetes Service Cluster management for VMs that run containerized services.
Azure Service Fabric Distributed systems platform that runs in Azure or on-premises.
Azure Batch Managed service for parallel and high-performance computing applications.
Azure Container Instances Containerized apps run on Azure without provisioning servers or VMs
Azure Functions An event-driven, serverless compute service.

Networking

Linking compute resources and providing access to applications is the key function of Azure networking. Networking functionality in Azure includes a range of options to connect the outside world to services and features in the global Azure datacenters.

Here are some examples of networking services in Azure.

  1. Azure Virtual Network: Connects VMs to incoming virtual private network (VPN) connections.
  2. Azure Load Balancer: Balances inbound and outbound connections to applications or service endpoints.
  3. Azure Application Gateway: Optimizes app server farm delivery while increasing application security.
  4. Azure VPN Gateway: Accesses Azure Virtual Networks through high-performance VPN gateways.
  5. Azure DNS_ Provides ultra-fast DNS responses and ultra-high domain availability.
  6. Azure Content Delivery Network: Delivers high-bandwidth content to customers globally.
  7. Azure DDoS Protection : Protects Azure-hosted applications from distributed denial of service (DDOS) attacks.
  8. Azure Traffic Manager: Distributes network traffic across Azure regions worldwide.
  9. Azure ExpressRoute: Connects to Azure over high-bandwidth dedicated secure connections.
  10. 10.  Azure Network Watcher: Monitors and diagnoses network issues by using scenario-based analysis.
  11. 11 . Azure Firewall: Implements high-security, high-availability firewall with unlimited scalability.
  12. 12. Azure Virtual WAN: Creates a unified wide area network (WAN) that connects local and remote sites.

Storage

Azure provides four main types of storage services.

  1. Azure Blob storage: Storage service for very large objects, such as video files or bitmaps.
  2. Azure File storage: File shares that can be accessed and managed like a file server.
  3. Azure Queue storage: A data store for queuing and reliably delivering messages between applications.
  4. Azure Table storage : Table storage is a service that stores non-relational structured data (also known as structured NoSQL data) in the cloud, providing a key/attribute store with a schema less design.

These services all share several common characteristics:

  • Durable and highly available with redundancy and replication.
  • Secure through automatic encryption and role-based access control.
  • Scalable with virtually unlimited storage.
  • Managed, handling maintenance and any critical problems for you.
  • Accessible from anywhere in the world over HTTP or HTTPS.

Mobile

With Azure, developers can create mobile back-end services for iOS, Android, and Windows apps quickly and easily. Features that used to take time and increase project risks, such as adding corporate sign-in and then connecting to on-premises resources such as SAP, Oracle, SQL Server, and SharePoint, are now simple to include.

Other features of this service include:

  • Offline data synchronization.
  • Connectivity to on-premises data.
  • Broadcasting push notifications.
  • Autoscaling to match business needs.

Databases

Azure provides multiple database services to store a wide variety of data types and volumes. And with global connectivity, this data is available to users instantly.

  1. Azure Cosmos DB
  2. Azure SQL Database
  3. Azure Database for MySQL
  4. Azure Database for PostgreSQL
  5. SQL Server on Azure Virtual Machines
  6. Azure Synapse Analytics
  7. Azure Database Migration Service
  8. Azure Cache for Redis
  9. Azure Database for MariaDB

Web

Having a great web experience is critical in today’s business world. Azure includes first-class support to build and host web apps and HTTP-based web services. The following Azure services are focused on web hosting.

  1. Azure App Service: Quickly create powerful cloud web-based apps.
  2. Azure Notification Hubs: Send push notifications to any platform from any back end.
  3. Azure API Management: Publish APIs to developers, partners, and employees securely and at scale.
  4. Azure Cognitive Search:  Deploy this fully managed search as a service.
  5. Web Apps feature of Azure App Service:  Create and deploy mission-critical web apps at scale.
  6. Azure SignalR Service:  Add real-time web functionalities easily.

IoT

People are able to access more information than ever before. Personal digital assistants led to smartphones, and now there are smart watches, smart thermostats, and even smart refrigerators. Personal computers used to be the norm. Now the internet allows any item that’s online-capable to access valuable information. This ability for devices to garner and then relay information for data analysis is referred to as IoT.

Many services can assist and drive end-to-end solutions for IoT on Azure.

 
  1. IoT Central: Fully managed global IoT software as a service (SaaS) solution that makes it easy to connect, monitor, and manage IoT assets at scale.
  2. Azure IoT Hub: Messaging hub that provides secure communications between and monitoring of millions of IoT devices.
  3. IoT Edge: Fully managed service that allows data analysis models to be pushed directly onto IoT devices, which allows them to react quickly to state changes without needing to consult cloud-based AI models.

Big data

Data comes in all formats and sizes. When we talk about big data, we’re referring to large volumes of data. Data from weather systems, communications systems, genomic research, imaging platforms, and many other scenarios generate hundreds of gigabytes of data. This amount of data makes it hard to analyze and make decisions. It’s often so large that traditional forms of processing and analysis are no longer appropriate.

Open-source cluster technologies have been developed to deal with these large data sets. Azure supports a broad range of technologies and services to provide big data and analytic solutions.

  1. Azure Synapse Analytics: Run analytics at a massive scale by using a cloud-based enterprise data warehouse that takes advantage of massively parallel processing to run complex queries quickly across petabytes of data.
  2. Azure HDInsight: Process massive amounts of data with managed clusters of Hadoop clusters in the cloud.
  3. Azure Databricks: Integrate this collaborative Apache Spark-based analytics service with other big data services in Azure.

AI

AI, in the context of cloud computing, is based around a broad range of services, the core of which is machine learning. Machine learning is a data science technique that allows computers to use existing data to forecast future behaviors, outcomes, and trends. Using machine learning, computers learn without being explicitly programmed.

Forecasts or predictions from machine learning can make apps and devices smarter. For example, when you shop online, machine learning helps recommend other products you might like based on what you’ve purchased. Or when your credit card is swiped, machine learning compares the transaction to a database of transactions and helps detect fraud. And when your robot vacuum cleaner vacuums a room, machine learning helps it decide whether the job is done.

Here are some of the most common AI and machine learning service types in Azure.

  1. Azure Machine Learning Service: Cloud-based environment you can use to develop, train, test, deploy, manage, and track machine learning models. It can auto-generate a model and auto-tune it for you. It will let you start training on your local machine, and then scale out to the cloud.
  2. Azure ML Studio:  Collaborative visual workspace where you can build, test, and deploy machine learning solutions by using prebuilt machine learning algorithms and data-handling modules.

A closely related set of products are the cognitive services. You can use these prebuilt APIs in your applications to solve complex problems.

 
  1. Vision: Use image-processing algorithms to smartly identify, caption, index, and moderate your pictures and videos.
  2. Speech :  Convert spoken audio into text, use voice for verification, or add speaker recognition to your app.
  3. Knowledge mapping Map complex information and data to solve tasks such as intelligent recommendations and semantic search.
  4. Bing Search:  Add Bing Search APIs to your apps and harness the ability to comb billions of webpages, images, videos, and news with a single API call.
  5. Natural Language processing:  Allow your apps to process natural language with prebuilt scripts, evaluate sentiment, and learn how to recognize what users want.

DevOps

DevOps brings together people, processes, and technology by automating software delivery to provide continuous value to your users. With Azure DevOps, you can create build and release pipelines that provide continuous integration, delivery, and deployment for your applications. You can integrate repositories and application tests, perform application monitoring, and work with build artifacts. You can also work with and backlog items for tracking, automate infrastructure deployment, and integrate a range of third-party tools and services such as Jenkins and Chef. All of these functions and many more are closely integrated with Azure to allow for consistent, repeatable deployments for your applications to provide streamlined build and release processes.

 

  1. Azure DevOps: Use development collaboration tools such as high-performance pipelines, free private Git repositories, configurable Kanban boards, and extensive automated and cloud-based load testing. Formerly known as Visual Studio Team Services.
  2. Azure DevTest Labs: Quickly create on-demand Windows and Linux environments to test or demo applications directly from deployment pipelines.

Get started with Azure accounts

To create and use Azure services, you need an Azure subscription. When you’re completing Learn modules, most of the time a temporary subscription is created for you, which runs in an environment called the Learn sandbox. When you’re working with your own applications and business needs, you need to create an Azure account, and a subscription will be created for you. After you’ve created an Azure account, you’re free to create additional subscriptions. For example, your company might use a single Azure account for your business and separate subscriptions for development, marketing, and sales departments. After you’ve created an Azure subscription, you can start creating Azure resources within each subscription.

If you’re new to Azure, you can sign up for a free account on the Azure website to start exploring at no cost to you. When you’re ready, you can choose to upgrade your free account. You can create a new subscription that enables you to start paying for Azure services you need to use that are beyond the limits of a free account.

Azure accounts

The Azure free account includes:

  • Free access to popular Azure products for 12 months.
  • A credit to spend for the first 30 days.
  • Access to more than 25 products that are always free.

The Azure free account is an excellent way for new users to get started and explore. To sign up, you need a phone number, a credit card, and a Microsoft or GitHub account. The credit card information is used for identity verification only. You won’t be charged for any services until you upgrade to a paid subscription.

Azure free student account?

The Azure free student account offer includes:

  • Free access to certain Azure services for 12 months.
  • A credit to use in the first 12 months.
  • Free access to certain software developer tools.

The Azure free student account is an offer for students that gives $100 credit and free developer tools. Also, you can sign up without a credit card.

The Learn sandbox?

Many of the Learn exercises use a technology called the sandbox, which creates a temporary subscription that’s added to your Azure account. This temporary subscription allows you to create Azure resources for the duration of a Learn module. Learn automatically cleans up the temporary resources for you after you’ve completed the module.

When you’re completing a Learn module, you’re welcome to use your personal subscription to complete the exercises in a module. The sandbox is the preferred method to use though, because it allows you to create and test Azure resources at no cost to you.

Azure fundamental concepts

different types of cloud models

There are three deployment models for cloud computing: public cloudprivate cloud, and hybrid cloud. Each deployment model has different aspects that you should consider as you migrate to the cloud.

Deployment model

Description

Public cloud

Services are offered over the public internet and available to anyone who wants to purchase them. Cloud resources, such as servers and storage, are owned and operated by a third-party cloud service provider, and delivered over the internet.

Private cloud

A private cloud consists of computing resources used exclusively by users from one business or organization. A private cloud can be physically located at your organization’s on-site (on-premises) datacenter, or it can be hosted by a third-party service provider.

Hybrid cloud

A hybrid cloud is a computing environment that combines a public cloud and a private cloud by allowing data and applications to be shared between them.

Cloud model comparison

Public cloud

  • No capital expenditures to scale up.
  • Applications can be quickly provisioned and deprovisioned.
  • Organizations pay only for what they use.

Private cloud

  • Hardware must be purchased for start-up and maintenance.
  • Organizations have complete control over resources and security.
  • Organizations are responsible for hardware maintenance and updates.

Hybrid cloud

  • Provides the most flexibility.
  • Organizations determine where to run their applications.
  • Organizations control security, compliance, or legal requirements.

cloud computing advantages?

There are several advantages that a cloud environment has over a physical environment that Tailwind Traders can use following its migration to Azure.

  • High availability: Depending on the service-level agreement (SLA) that you choose, your cloud-based apps can provide a continuous user experience with no apparent downtime, even when things go wrong.

  • Scalability: Apps in the cloud can scale vertically and horizontally:

    • Scale vertically to increase compute capacity by adding RAM or CPUs to a virtual machine.
    • Scaling horizontally increases compute capacity by adding instances of resources, such as adding VMs to the configuration.

  • Elasticity: You can configure cloud-based apps to take advantage of autoscaling, so your apps always have the resources they need.

  • Agility: Deploy and configure cloud-based resources quickly as your app requirements change.

  • Geo-distribution: You can deploy apps and data to regional datacenters around the globe, thereby ensuring that your customers always have the best performance in their region.

  • Disaster recovery: By taking advantage of cloud-based backup services, data replication, and geo-distribution, you can deploy your apps with the confidence that comes from knowing that your data is safe in the event of disaster.

Capital expenses vs. operating expenses

There are two different types of expenses that you should consider:

  • Capital Expenditure (CapEx) is the up-front spending of money on physical infrastructure, and then deducting that up-front expense over time. The up-front cost from CapEx has a value that reduces over time.
  • Operational Expenditure (OpEx) is spending money on services or products now, and being billed for them now. You can deduct this expense in the same year you spend it. There is no up-front cost, as you pay for a service or product as you use it.

In other words, when Tailwind Traders owns its infrastructure, it buys equipment that goes onto its balance sheets as assets. Because a capital investment was made, accountants categorize this transaction as a CapEx. Over time, to account for the assets’ limited useful lifespan, assets are depreciated or amortized.

Cloud services, on the other hand, are categorized as an OpEx, because of their consumption model. There’s no asset for Tailwind Traders to amortize, and its cloud service provider (Azure) manages the costs that are associated with the purchase and lifespan of the physical equipment. As a result, OpEx has a direct impact on net profit, taxable income, and the associated expenses on the balance sheet.

To summarize, CapEx requires significant up-front financial costs, as well as ongoing maintenance and support expenditures. By contrast, OpEx is a consumption-based model, so Tailwind Traders is only responsible for the cost of the computing resources that it uses.

Cloud computing is a consumption-based model

Cloud service providers operate on a consumption-based model, which means that end users only pay for the resources that they use. Whatever they use is what they pay for.

A consumption-based model has many benefits, including:

  • No upfront costs.
  • No need to purchase and manage costly infrastructure that users might not use to its fullest.
  • The ability to pay for additional resources when they are needed.
  • The ability to stop paying for resources that are no longer needed.

different cloud services

 

 

What are cloud service models?

If you’ve been around cloud computing for a while, you’ve probably seen the PaaSIaaS, and SaaS acronyms for the different cloud service models. These models define the different levels of shared responsibility that a cloud provider and cloud tenant are responsible for.

IaaS (Infrastructure-as-a-Service)

This cloud service model is the closest to managing physical servers; a cloud provider will keep the hardware up-to-date, but operating system maintenance and network configuration is up to you as the cloud tenant. For example, Azure virtual machines are fully operational virtual compute devices running in Microsoft datacenters. An advantage of this cloud service model is rapid deployment of new compute devices. Setting up a new virtual machine is considerably faster than procuring, installing, and configuring a physical server.

IaaS Advantages: 

No CapEx. Users have no up-front costs.

Agility. Applications can be made accessible quickly, and deprovisioned whenever needed.

Management. The shared responsibility model applies; the user manages and maintains the services they have provisioned, and the cloud provider manages and maintains the cloud infrastructure.

Consumption-based model. Organizations pay only for what they use and operate under an Operational Expenditure (OpEx) model.

Skills. No deep technical skills are required to deploy, use, and gain the benefits of a public cloud. Organizations can use the skills and expertise of the cloud provider to ensure workloads are secure, safe, and highly available.

Cloud benefits. Organizations can use the skills and expertise of the cloud provider to ensure workloads are made secure and highly available.

Flexibility. IaaS is the most flexible cloud service because you have control to configure and manage the hardware running your application.

PaaS (Platform-as-a-Service)

This cloud service model is a managed hosting environment. The cloud provider manages the virtual machines and networking resources, and the cloud tenant deploys their applications into the managed hosting environment. For example, Azure App Services provides a managed hosting environment where developers can upload their web applications, without having to worry about the physical hardware and software requirements.

PaaS provides the same benefits and considerations as IaaS, but there are some additional benefits to be aware of.

PaaS Advantages:

No CapEx. Users have no up-front costs.

Agility. PaaS is more agile than IaaS, and users don’t need to configure servers for running applications.

Consumption-based model. Users pay only for what they use, and operate under an OpEx model.

Skills. No deep technical skills are required to deploy, use, and gain the benefits of PaaS.

Cloud benefits. Users can take advantage of the skills and expertise of the cloud provider to ensure that their workloads are made secure and highly available. In addition, users can gain access to more cutting-edge development tools. They can then apply these tools across an application’s lifecycle.

Productivity. Users can focus on application development only, because the cloud provider handles all platform management. Working with distributed teams as services is easier because the platform is accessed over the internet. You can make the platform available globally more easily.

Disadvantage

Platform limitations. There can be some limitations to a cloud platform that might affect how an application runs. When you’re evaluating which PaaS platform is best suited for a workload, be sure to consider any limitations in this area.

SaaS (Software-as-a-Service)

In this cloud service model, the cloud provider manages all aspects of the application environment, such as virtual machines, networking resources, data storage, and applications. The cloud tenant only needs to provide their data to the application managed by the cloud provider. For example, Microsoft Office 365 provides a fully working version of Microsoft Office that runs in the cloud. All you need to do is create your content, and Office 365 takes care of everything else.

SaaS is software that’s centrally hosted and managed for you and your users or customers. Usually one version of the application is used for all customers, and it’s licensed through a monthly or annual subscription.

SaaS provides the same benefits as IaaS, but again there are some additional benefits to be aware of too.

SaaS Advantages:

No CapEx. Users have no up-front costs.

Agility. Users can provide staff with access to the latest software quickly and easily.

Pay-as-you-go pricing model. Users pay for the software they use on a subscription model, typically monthly or yearly, regardless of how much they use the software.

Skills. No deep technical skills are required to deploy, use, and gain the benefits of SaaS.

Flexibility. Users can access the same application data from anywhere.

Disadvantage

Software limitations. There can be some limitations to a software application that might affect how users work. Because you’re using as-is software, you don’t have direct control of features. When you’re evaluating which SaaS platform is best suited for a workload, be sure to consider any business needs and software limitations.

The following illustration demonstrates the services that might run in each of the cloud service models.

Azure Cloud Services

Cloud service model comparison

IaaS:

  • The most flexible cloud service
  • You configure and manage the hardware for your application.

PaaS

  • Focus on application development.
  • Platform management is handled by the cloud provider.

SaaS:

  • Pay-as-you-go pricing model.
  • Users pay for the software they use on a subscription model.

The following chart illustrates the various levels of responsibility between a cloud provider and a cloud tenant.

Serverless computing:

Like PaaS, serverless computing enables developers to build applications faster by eliminating the need for them to manage infrastructure. With serverless applications, the cloud service provider automatically provisions, scales, and manages the infrastructure required to run the code. Serverless architectures are highly scalable and event-driven, only using resources when a specific function or trigger occurs.

It’s important to note that servers are still running the code. The “serverless” name comes from the fact that the tasks associated with infrastructure provisioning and management are invisible to the developer. This approach enables developers to increase their focus on the business logic, and deliver more value to the core of the business. Serverless computing helps teams increase their productivity and bring products to market faster, and it allows organizations to better optimize resources and stay focused on innovation.

Azure subscriptions, management groups, and resources

 

The organizing structure for resources in Azure, which has four levels: management groups, subscriptions, resource groups, and resources.

The following image shows the top-down hierarchy of organization for these levels.

Having seen the top-down hierarchy of organization, let’s describe each of those levels from the bottom up:

  • Resources: Resources are instances of services that you create, like virtual machines, storage, or SQL databases.
  • Resource groups: Resources are combined into resource groups, which act as a logical container into which Azure resources like web apps, databases, and storage accounts are deployed and managed.
  • Subscriptions: A subscription groups together user accounts and the resources that have been created by those user accounts. For each subscription, there are limits or quotas on the amount of resources that you can create and use. Organizations can use subscriptions to manage costs and the resources that are created by users, teams, or projects.
  • Management groups: These groups help you manage access, policy, and compliance for multiple subscriptions. All subscriptions in a management group automatically inherit the conditions applied to the management group.

Azure regions, availability zones, and region pairs

In the previous unit, you learned about Azure resources and resource groups. Resources are created in regions, which are different geographical locations around the globe that contain Azure datacenters.

Azure is made up of datacenters located around the globe. When you use a service or create a resource such as a SQL database or virtual machine (VM), you’re using physical equipment in one or more of these locations. These specific datacenters aren’t exposed to users directly. Instead, Azure organizes them into regions. As you’ll see later in this unit, some of these regions offer availability zones, which are different Azure datacenters within that region.

Azure regions

region is a geographical area on the planet that contains at least one but potentially multiple datacenters that are nearby and networked together with a low-latency network. Azure intelligently assigns and controls the resources within each region to ensure workloads are appropriately balanced.

When you deploy a resource in Azure, you’ll often need to choose the region where you want your resource deployed.

 Important

Some services or VM features are only available in certain regions, such as specific VM sizes or storage types. There are also some global Azure services that don’t require you to select a particular region, such as Azure Active Directory, Azure Traffic Manager, and Azure DNS.

A few examples of regions are West US, Canada Central, West Europe, Australia East, and Japan West. Here’s a view of all the available regions as of June 2020.


Why are regions important?

Azure has more global regions than any other cloud provider. These regions give you the flexibility to bring applications closer to your users no matter where they are. Global regions provide better scalability and redundancy. They also preserve data residency for your services.

Special Azure regions

Azure has specialized regions that you might want to use when you build out your applications for compliance or legal purposes. A few examples include:

  • US DoD Central, US Gov Virginia, US Gov Iowa and more: These regions are physical and logical network-isolated instances of Azure for U.S. government agencies and partners. These datacenters are operated by screened U.S. personnel and include additional compliance certifications.
  • China East, China North, and more: These regions are available through a unique partnership between Microsoft and 21Vianet, whereby Microsoft doesn’t directly maintain the datacenters.

Regions are what you use to identify the location for your resources. There are two other terms you should also be aware of: geographies and availability zones.

Azure availability zones

You want to ensure your services and data are redundant so you can protect your information in case of failure. When you host your infrastructure, setting up your own redundancy requires that you create duplicate hardware environments. Azure can help make your app highly available through availability zones.

What is an availability zone?

Availability zones are physically separate datacenters within an Azure region. Each availability zone is made up of one or more datacenters equipped with independent power, cooling, and networking. An availability zone is set up to be an isolation boundary. If one zone goes down, the other continues working. Availability zones are connected through high-speed, private fiber-optic networks.

Supported regions

Not every region has support for availability zones. For an updated list, see Regions that support availability zones in Azure.

Use availability zones in your apps

You can use availability zones to run mission-critical applications and build high-availability into your application architecture by co-locating your compute, storage, networking, and data resources within a zone and replicating in other zones. Keep in mind that there could be a cost to duplicating your services and transferring data between zones.

Availability zones are primarily for VMs, managed disks, load balancers, and SQL databases. The following categories of Azure services support availability zones:

  • Zonal services: You pin the resource to a specific zone (for example, VMs, managed disks, IP addresses).
  • Zone-redundant services: The platform replicates automatically across zones (for example, zone-redundant storage, SQL Database).
  • Non-regional services: Services are always available from Azure geographies and are resilient to zone-wide outages as well as region-wide outages.

Check the documentation to determine which elements of your architecture you can associate with an availability zone.

Azure region pairs

Availability zones are created by using one or more datacenters. There’s a minimum of three zones within a single region. It’s possible that a large disaster could cause an outage big enough to affect even two datacenters. That’s why Azure also creates region pairs.

What is a region pair?

Each Azure region is always paired with another region within the same geography (such as US, Europe, or Asia) at least 300 miles away. This approach allows for the replication of resources (such as VM storage) across a geography that helps reduce the likelihood of interruptions because of events such as natural disasters, civil unrest, power outages, or physical network outages that affect both regions at once. If a region in a pair was affected by a natural disaster, for instance, services would automatically failover to the other region in its region pair.

Examples of region pairs in Azure are West US paired with East US and SouthEast Asia paired with East Asia.

Because the pair of regions is directly connected and far enough apart to be isolated from regional disasters, you can use them to provide reliable services and data redundancy. Some services offer automatic geo-redundant storage by using region pairs.

Additional advantages of region pairs:

  • If an extensive Azure outage occurs, one region out of every pair is prioritized to make sure at least one is restored as quickly as possible for applications hosted in that region pair.
  • Planned Azure updates are rolled out to paired regions one region at a time to minimize downtime and risk of application outage.
  • Data continues to reside within the same geography as its pair (except for Brazil South) for tax- and law-enforcement jurisdiction purposes.

Having a broadly distributed set of datacenters allows Azure to provide a high guarantee of availability.

Azure resources and Azure Resource Manager

 
  • Resource: A manageable item that’s available through Azure. Virtual machines (VMs), storage accounts, web apps, databases, and virtual networks are examples of resources.
  • Resource group: A container that holds related resources for an Azure solution. The resource group includes resources that you want to manage as a group. You decide which resources belong in a resource group based on what makes the most sense for your organization.

Azure resource groups

Resource groups are a fundamental element of the Azure platform. A resource group is a logical container for resources deployed on Azure. These resources are anything you create in an Azure subscription like VMs, Azure Application Gateway instances, and Azure Cosmos DB instances. All resources must be in a resource group, and a resource can only be a member of a single resource group. Many resources can be moved between resource groups with some services having specific limitations or requirements to move. Resource groups can’t be nested. Before any resource can be provisioned, you need a resource group for it to be placed in.

Logical grouping

Resource groups exist to help manage and organize your Azure resources. By placing resources of similar usage, type, or location in a resource group, you can provide order and organization to resources you create in Azure. Logical grouping is the aspect that you’re most interested in here, because there’s a lot of disorder among our resources.

Life cycle

If you delete a resource group, all resources contained within it are also deleted. Organizing resources by life cycle can be useful in nonproduction environments, where you might try an experiment and then dispose of it. Resource groups make it easy to remove a set of resources all at once.

Authorization

Resource groups are also a scope for applying role-based access control (RBAC) permissions. By applying RBAC permissions to a resource group, you can ease administration and limit access to allow only what’s needed.

Azure Resource Manager

Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features like access control, locks, and tags to secure and organize your resources after deployment.

When a user sends a request from any of the Azure tools, APIs, or SDKs, Resource Manager receives the request. It authenticates and authorizes the request. Resource Manager sends the request to the Azure service, which takes the requested action. Because all requests are handled through the same API, you see consistent results and capabilities in all the different tools.

The following image shows the role Resource Manager plays in handling Azure requests.

All capabilities that are available in the Azure portal are also available through PowerShell, the Azure CLI, REST APIs, and client SDKs. Functionality initially released through APIs will be represented in the portal within 180 days of initial release.

The benefits of using Resource Manager

With Resource Manager, you can:

  • Manage your infrastructure through declarative templates rather than scripts. A Resource Manager template is a JSON file that defines what you want to deploy to Azure.
  • Deploy, manage, and monitor all the resources for your solution as a group, rather than handling these resources individually.
  • Redeploy your solution throughout the development life cycle and have confidence your resources are deployed in a consistent state.
  • Define the dependencies between resources so they’re deployed in the correct order.
  • Apply access control to all services because RBAC is natively integrated into the management platform.
  • Apply tags to resources to logically organize all the resources in your subscription.
  • Clarify your organization’s billing by viewing costs for a group of resources that share the same tag.

Azure subscriptions and management groups

 

 To get start with Azure, one of your first steps will be to create at least one Azure subscription. You’ll use it to create your cloud-based resources in Azure.

 Note

An Azure resource is a manageable item that’s available through Azure. Virtual machines (VMs), storage accounts, web apps, databases, and virtual networks are all examples of resources.

Azure subscriptions

Using Azure requires an Azure subscription. A subscription provides you with authenticated and authorized access to Azure products and services. It also allows you to provision resources. An Azure subscription is a logical unit of Azure services that links to an Azure account, which is an identity in Azure Active Directory (Azure AD) or in a directory that Azure AD trusts.

An account can have one subscription or multiple subscriptions that have different billing models and to which you apply different access-management policies. You can use Azure subscriptions to define boundaries around Azure products, services, and resources. There are two types of subscription boundaries that you can use:

  • Billing boundary: This subscription type determines how an Azure account is billed for using Azure. You can create multiple subscriptions for different types of billing requirements. Azure generates separate billing reports and invoices for each subscription so that you can organize and manage costs.
  • Access control boundary: Azure applies access-management policies at the subscription level, and you can create separate subscriptions to reflect different organizational structures. An example is that within a business, you have different departments to which you apply distinct Azure subscription policies. This billing model allows you to manage and control access to the resources that users provision with specific subscriptions.

Create additional Azure subscriptions

You might want to create additional subscriptions for resource or billing management purposes. For example, you might choose to create additional subscriptions to separate:

  • Environments: When managing your resources, you can choose to create subscriptions to set up separate environments for development and testing, security, or to isolate data for compliance reasons. This design is particularly useful because resource access control occurs at the subscription level.
  • Organizational structures: You can create subscriptions to reflect different organizational structures. For example, you could limit a team to lower-cost resources, while allowing the IT department a full range. This design allows you to manage and control access to the resources that users provision within each subscription.
  • Billing: You might want to also create additional subscriptions for billing purposes. Because costs are first aggregated at the subscription level, you might want to create subscriptions to manage and track costs based on your needs. For instance, you might want to create one subscription for your production workloads and another subscription for your development and testing workloads.

You might also need additional subscriptions because of:

  • Subscription limits: Subscriptions are bound to some hard limitations. For example, the maximum number of Azure ExpressRoute circuits per subscription is 10. Those limits should be considered as you create subscriptions on your account. If there’s a need to go over those limits in particular scenarios, you might need additional subscriptions.

Customize billing to meet your needs

If you have multiple subscriptions, you can organize them into invoice sections. Each invoice section is a line item on the invoice that shows the charges incurred that month. For example, you might need a single invoice for your organization but want to organize charges by department, team, or project.

Depending on your needs, you can set up multiple invoices within the same billing account. To do this, create additional billing profiles. Each billing profile has its own monthly invoice and payment method.

The following diagram shows an overview of how billing is structured. If you’ve previously signed up for Azure or if your organization has an Enterprise Agreement, your billing might be set up differently.

Azure management groups

If your organization has many subscriptions, you might need a way to efficiently manage access, policies, and compliance for those subscriptions. Azure management groups provide a level of scope above subscriptions. You organize subscriptions into containers called management groups and apply your governance conditions to the management groups. All subscriptions within a management group automatically inherit the conditions applied to the management group. Management groups give you enterprise-grade management at a large scale no matter what type of subscriptions you might have. All subscriptions within a single management group must trust the same Azure AD tenant.

For example, you can apply policies to a management group that limits the regions available for VM creation. This policy would be applied to all management groups, subscriptions, and resources under that management group by only allowing VMs to be created in that region.

Hierarchy of management groups and subscriptions

You can build a flexible structure of management groups and subscriptions to organize your resources into a hierarchy for unified policy and access management. The following diagram shows an example of creating a hierarchy for governance by using management groups.

Diagram showing an example of a management group hierarchy tree.

You can create a hierarchy that applies a policy. For example, you could limit VM locations to the US West Region in a group called Production. This policy will inherit onto all the Enterprise Agreement subscriptions that are descendants of that management group and will apply to all VMs under those subscriptions. This security policy can’t be altered by the resource or subscription owner, which allows for improved governance.

Another scenario where you would use management groups is to provide user access to multiple subscriptions. By moving multiple subscriptions under that management group, you can create one role-based access control (RBAC) assignment on the management group, which will inherit that access to all the subscriptions. One assignment on the management group can enable users to have access to everything they need instead of scripting RBAC over different subscriptions.

Important facts about management groups

  • 10,000 management groups can be supported in a single directory.
  • A management group tree can support up to six levels of depth. This limit doesn’t include the root level or the subscription level.
  • Each management group and subscription can support only one parent.
  • Each management group can have many children.
  • All subscriptions and management groups are within a single hierarchy in each directory.

Conclusion

In this post we have described Azure Fundamentals and core concepts with following points:

  • Understand the benefits of cloud computing in Azure and how it can save you time and money
  • Cloud concepts such as high availability, scalability, elasticity, agility, and disaster recovery
  • Core Azure architecture components such as subscriptions, management groups, resources and resource groups
  • Geographic distribution concepts such as Azure regions, region pairs, and availability’

In my next post I will describe Explore Azure App Service

This post is part of “Azure step by step 

Back to home page

 

Leave a Reply

Your email address will not be published. Required fields are marked *