Azure Regions and Availability Zones

In this section, we will look into Azure Regions, Zones and availability.

 Azure Provides 60+ regions around the globe.

 Regions are geographical location.
 Deploy your services to multiple regions which will give High
Availability, Low Latency, Geographical reach.
 Azure provides multiple Availability zones in a single Azure region.
 Each Availability Zone is one or more data centers and they have their
own network connectivity and power resources.
 Availability Zone in a region are connected with low latency link.
 Availability Zones help to achieve high availability with low latency in
same region.
 Not all Azure regions have Availability Zones.
 Some of the availability Zones available in Azure regions
 East US – 3, West Europe – 3, Southeast Asia – 3, West Central US – 0

Subscription, Resource Groups,

Management Groups and Tags
 Resource Group is the group of resources like Virtual Machine, Database
etc.
 One resource group is associated with one Azure subscription.
 Azure resource hierarchy – Management Groups –> Azure Subscription
–> Resource Group –> Resources
 One resource can be associated with only one resource group.
 A resource group can contain resources from multiple Azure regions.
 Resource group are offered by Azure at no cost, we only pay for
resources and not for resource groups.
 Permission applied to a resource group is automatically applied to
resources available in that resource group.
 To manage cost and billing for different department within your
organization, create different subscriptions.
  You cannot merge two subscription into one, however you can move a
resource from one subscription to other.
 In case a subscription is expired, you cannot create a resource, but data
can be accessed.
 Tags are used to identify application, resources, environment for
tracking and reporting purpose.
 It helps us to categorize the resources in Azure. Tags are not
automatically inherited from resource group to available resources
within it.

Virtual Machines, Availability Set and

Scale Set
 We deploy software or any application in the cloud on a Virtual
Machine.
 A Virtual Machine with premium SSD or Ultra disk will give 99.9 % SLA
 Virtual Machine with standard SSD disk will give 99.5 % SLA
 With standard HDD disk VM will give 95 % SLA
 2 virtual machines in same availability set gives you 99.95% availability
 Availability set is a logical grouping of Virtual Machines.
 Azure provides 2 types of Availability Set. Fault Domain and Updated
Domain
 Fault Domain – A group of virtual machines which share common
network connectivity and power supply.
 Updated Domain – This logical group get restarted at same time. All the
maintenance happens in this group at the same time.
 Distributing VMs across multiple fault domain will increase availability.
 Creating multiple instances in 2 or more Availability Zones in same
Azure region gives you 99.99% of availability.
 Virtual Machine Scale Set (VM Scale Set) allows you to create and
manage a group of Azure Virtual Machine.
 VM Scale Set allows auto and manual scaling.
 A single scale set can allow up to 1000 VM instances.
 Auto scaling in VM Scale Set can be configured based on CPU threshold,
memory utilization etc.
 VM Scale Set creates a private IP address by default.
 Public IP addresses are chargeable.
  There are 2 types of scaling – Vertical Scaling and Horizontal Scaling
 Vertical Scaling – Increase the available hardware capacity for eg
Increasing RAM size.
 Horizontal Scaling – Allows to increase the instance of number of Virtual
Machines.
 2 VMs of same size can cost differently because it vary with time and
regions.

IaaS, PaaS, SaaS and Containers

Detailed article available here – Azure Compute Services (IaaS, PaaS)

 IaaS (Infrastructure As A Service)– A cloud model which allows us to

manage infrastructure from Cloud service provider. In this cloud model,
we are responsible for managing Virtual Machine, Database, OS, Load
Balancer etc. With software we have to manage underlying hardware as
well.
 PaaS (Platform As A Service) – We are responsible only for our
application deployment and related configuration. No need to worry
about underlying hardware. Azure App Service, Azure Container, Azure
Cosmos DB are example of PaaS model. In PaaS model, we can
configure hardware needs and can configure for auto scaling need.
 SaaS (Software as a service) – We are responsible for using application
and not for deployment and maintenance. Google Docs, Office 365,
Dropbox are example of SaaS model.
 Azure Containers used to virtualize the software. We don’t need to
manage any Virtual Machines.
 We can deploy microservice based application to Azure with the help of
Azure Containers.
 Azure Containers create docker image for each microservice based on
requirement. For eg – you can create a docker image for Windows +
.NET and another image for Linux + PHP
 Azure offers Azure Service Fabric and Kubernetes for container
orchestration.
 Kubernetes is a popular open source for container orchestration tool.
 Azure Service Fabric is a container orchestration tool which runs on
Azure cloud only.
Public Cloud, Private Cloud and
Hybrid Cloud
 Public cloud allows you to host and deploy applications in cloud with no
data center available in on-premise. No Capital expenditure (CapEx)
required, Pay as you go, underlying hardware maintained by Azure,
hardware resource shared among multiple tenants.
 Private Cloud – It allows you to host and deploy everything within your
own data center. It needs Capital Expenditure, staff, maintenance.
Private Cloud provides high level of security and privacy.
 Hybrid Cloud – It is combination of Public and Private. For Example,
Application server is in on-premise data center and database is in Azure
cloud.

Serverless, Azure Functions and Logic

Apps
 Serverless doesn’t mean to “No Server”, it simply means no need to
focus on server and related entities., it also means zero visibility of
servers.
 In Serverless, no request = no cost.
 Azure function is an example of Serverless computing.
 Azure function allows you to pay for number of requests raised and
memory utilization. It supports all the major programming languages
such as C#, Python, Java, TypeScript etc.
 To create Azure Function in Azure, search for Function App in Azure
search bar.
 While creating Azure Function in Azure portal, just select the runtime
(.Net, Java etc.) and selection for things like availability set and
availability zones are not available because it is not managed by us.
 Azure Functions are auto scalable.
 Logic App is a serverless orchestration service in Azure. It is a no code
(or low code) solution and mostly works with GUI.
 Logic App can be useful to trigger events on a specific action such as
sending an email.
 Azure offers in-built templates to create Logic Apps.
Azure Storage
Article available here – Azure Storage

 Azure offers File Storage (Azure Files), Block Storage (Azure Disk) and
Object Storage (Blob Storage).
 File storage can be shared between multiple Virtual Machines.
 Azure offers following data redundancy – LRS, ZRS, GRS, GZRS
 LRS (Locally Redundant Storage) – Sync 3 copies in same data center,
less expensive and with least availability
 ZRS (Zone Redundant Storage) – Sync 3 copies in 3 Availability Zones in
primary region.
 GRS (Geo Redundant Storage) – It is LRS + Async copy to secondary
region.
 GZRS (Geo Zone Redundant Storage) – ZRS + Async copy of data to
secondary region. It is most expensive and provide high availability.
 Azure Disk with standard HDD is recommended for backup storage.
 Standard SSD is recommended for light weight applications.
 Azure Disk with premium/ Ultra SSD is recommended for production
uses.
 Blob storage allows to store huge unstructured data.

Azure Database
Microsoft Azure offers fully managed relational, NoSQL and in-memory
databases for various uses.

Details article, available here – Azure Database

Azure
Purpose
Database

Azure SQL
Managed Intelligent SQL in Azure & always up-to-date SQL instance. Gives 99.99 % availability
Database
Azure
Database for Build scalable, secure and fully managed enterprise-ready apps on open-source PostgreSQL
PostgreSQL

Azure My Deliver high availability to open-source mobile and web apps with a managed community MySQL
SQL database service

Azure Maria Deliver high availability to open-source mobile and web apps with a managed community Maria
DB database service

Azure Build applications with guaranteed low latency and high availability anywhere, at any scale or migrate
Cosmos DB Cassandra, MongoDB and other NoSQL tasks to the cloud

Azure Cache
Power fast, scalable applications with an open-source-compatible in-memory datastore
for Redis

Azure
Synapse Database for Analytics
Analytics

Microsoft Azure Cosmos DB provides low latency and can offer sub-5-MS
response time.

Azure Networking
 Azure Virtual network is your own isolated network in Azure cloud, it is
like LAN on your on-premise.
 Each virtual network is associated with1 region.
 Subnet is used to isolate public resources from private resources within
Azure Virtual Network.
 All subnet (Private or Public) in a single virtual network (VNet) can
communicate with each other.
  Each VM in a Virtual Network is assigned a private IP address. However
we can assign a public IP address as well.
 Network peering is possible to connect resources in different Azure
Virtual Networks (In different Azure region as well).
 Network Security Group (NSG) is an internal Firewall inside Azure Virtual
Network. It allow/ block traffic based on IP address and Port. NSG can
restrict traffic between resources, it can allow Database access only to a
Web Servers from outside world.
 NSG is attached with subnet and network interface.
 Azure Application Gateway can do URL-based routing. It is a web traffic
load balancer which enables us to manage traffic to our web application
hosted in Azure cloud.
 Traditional Load balancer operates at transport layer (OSI Layer 4 – TCP,
UDP) to route traffic.
 Azure Firewall is a managed, centralized network firewall-as-a-service, it
is in outside of Azure Virtual Network.
 Allowed in-traffic will automatically pass out-traffic in Azure Firewall.
 One Azure Firewall can control traffic to multiple Azure Virtual Networks
across multiple Azure subscription.
 Web Application Firewall is tied with one web application to protect
from OWAS (cross side scripting, SQL injection etc)
 Azure Express Route is a private and dedicated connection between
Azure cloud and on-premise data center. It gives high bandwidth with
high security.
Article available here – Networking in Azure

Azure Security
 Azure Security Center is a threat management and protection feature for
Azure cloud. It provides the security score to improve security by adding
more security features.
 Basic protection and security is free in Azure cloud.
 Azure Defender is an additional security that you can enable. It is a
costly feature by Azure. It provides threat protection for PaaS services.
 Azure Sentinel is an intelligent security analytics service for entire
enterprise. It is a security information and event management (SIEM).
 Azure Sentinel detect threats and respond very fast with the help of AI.
 To store access secrets such as API Keys, Password, Certificates we can
use Azure Key Vault.
  Official definition by Microsoft – Azure Key Vault is a safeguard
cryptographic keys and others secrets used by cloud apps and services.
 Azure AD Identity Management helps us to manage identity and access
available in Azure cloud.
 To synchronize on-premise Active Directory with Azure AD we can use
Azure AD Connect.
 Azure AD MFA (Multi factor Authentication) – Azure AD MFA uses any 2
of given authentication options – With user id and password, From a
trusted device, Fingerprint or face recognition.
 To enable Azure AD MFA, you need to use Azure AD Identity protection.
 If a user is logging in from an unknow device or location, then mandate
the MFA to provide security, this is called conditional access.
 Conditional Access is one of the premium feature in Azure AD that
comes with P1 and P2 licenses.
 We can change default directory in Azure, but this will not change
billing ownership.
 One subscription can be connected to one Azure AD directory. You can
associate multiple subscription to one Azure AD directory.
 RABC stands for Role based access control.
 When an Azure subscription expires, the associated Azure AD tenant is
not deleted, later you can associate this to a different subscription.

Azure Management Tools

 Azure Advisor is a tool for recommendation to improve reliability,
security and performance to achieve great service at reduced cost. It
recommends to optimize VM by applying auto scaling which can reduce
the cost.
 Azure Monitor is another tool which collect and analyze logs and
metrics. It is used to track events at resource level. Azure Monitor can
monitor resources across multiple subscription that helps to identify
issues and send alerts. It can monitor on-premise environment as well.
 Application Insight – Azure monitor service to monitor/ diagnose
application related issues,
 VM Insight – Monitor health of VM and scale set,
 Container Insight -To monitor container available in your subscription.
 Log Analytics – Azure monitor service to send SMS, Email based on log
and metrics.
  Azure Service Health is a personalized dashboard for receiving
notifications, guidance, and technical support when Azure service issues,
updates, or planned maintenance affect your Azure resources.
 Visit status.azure.com go know the Azure health region wise.
 Azure Service Health also tells about an Azure service which will be
decommissioned.

Azure Service Level Agreement (SLA)

 SLA stands for Service Level Agreement. It is an formal agreement
between service provider and customer.
 Azure gives a service credit in case it doesn’t meet the agreed SLA. If <
99.95 % then 10 % amount is credited, If < 99 % then 25 % amount is
credited. You need to submit the Sla credit request to get service credit.
 Monthly uptime % = (Maximum Available Minutes – Down
time)/(Maximum Available Minutes) * 100
 Azure Service Lifecycle follows 3 phases – Private Preview – It is an
evaluation purpose release for a specific customer. You need to apply
for using Private Preview. This release do not follow any SLA. Public
Preview – It is available to all the Azure customers and it also has no
defined SLA. Public Preview is not recommended for production or any
critical business application. General Availability – This release is
available to all customers and follow SLA as well.

Azure Compliance, Privacy and

Governance
 Microsoft Azure policies assure that resources follow compliant with
defined standards and SLA. Azure Policy allows you to manage
compliance of resources across multiple Azure subscription.
 You can create a group of policy; it is called Initiative.
 Azure provides some predefined initiatives – UK Official, HIPAA, PCIDSS
etc.
 In Compliance dashboard you can view overall compliance of a specific
resource or policy.
  If you want to prevent a specific size of VM, then you can apply policy
which will prevent this action.
 Azure Blueprints is the combination of one or more Policy, Role, ARM
Template, Resource Group.
 Resource Lock feature is used to prevent from accidental deletion or
modification of resources.
 There are 2 types of resource lock.
 Read Only Lock – Users can read but they can’t modify or delete the
resource.
 Delete Lock – Users can read, modify but they can’t delete it.
 You can apply multiple lock on a resource.
 Resource Lock can be applied to subscription, resource group or
resources.
 Resources inherits Azure lock from subscription and resource group.
 Azure compliance make sure that you follow industry and security
standards.
 Service Trust Portal allows you to check standard and regulation.
 GDPR (General Data Protection Regulation) is introduced to provide
security to personal data for the people in Europe.
 RBI and IRDAI (India) – The Reserve Bank of India (RBI), the Insurance
Regulatory and Development Authority of India (IRDAI), and the
Ministry of Electronics and Information Technology (MeitY) comprise
three of the key financial industry regulators overseeing banks,
insurance organizations, and market infrastructure institutions.
 Azure Government can be used by US government employees, entities
and contractor.
 Azure China is not operated by Microsoft, 21ViaNet company operates
Azure in China and they follow China Telecommunication Regulation.

Azure Cost Management

 Capital Expenditure (CapEx) – The money spend to buy infrastructure
and cost to maintain the infrastructure. Example – Paying of a software
on lease, Physical data center.
 Operation Expenditure (OpEx) – Money spent to consume a service or
product. Example – Azure Functions, Azure VM Provisioning
 Azure Function is the best example for Consumption based price model.
  Fixed Price Model – You are charged for number of instances doesn’t
matter whether the resource is being used or not. Example – Azure App
Service, Azure VM
 TCO or Total Cost of Ownership is used to estimate the cost savings you
calculate after migrating your workloads to Azure.
 Pricing Calculator is to estimate the cost of Azure services that you are
planning to use.
 In-bound data from on-premise to Azure is free.
 Out-bound traffic from Azure to on-premise is not free.
 Data traffic between Azure service in the same region or Availability
zone is free.

Azure IoT, Big Data, AI and Machine

Learning
 Azure IoT Hub is used to manage message hub for IoT enabled devices.
Allows you to present reports programmatically.
 Azure IoT Central – It is IoT hub with dashboard. It represents reports
with UI instead of programming.
 Azure Sphere – It provides comprehensive solutions for IoT devices with
high security. It is useful in voting machine, ATM, Point of Sale Device
where high security needed.
 Big Data Solution – For end-to-end analytic solution of Big data to run
complex queries we can use Azure Synapse Analytics; it is earlier known
as Azure SQL Data Warehouse.
 Azure HDInsight-Hadoop based open source analytic service.
Compatible with Apache Hadoop, Spark, Hive.
 Azure Databricks – It is an Apache Spark based analytics service.
 Talk with human through an AI system, uses Azure Bot service.
 Azure Cognitive service is a pre-built Machine Learning that is used for
Language service, Vision service, Text to speech service.
Azure DevOps
 Microsoft Azure DevOps helps in Continuous integration, Continuous
Deployment and Continuous Integration.
 It is a private source control to manage source code with versions.
 Azure DevTest Lab – Allows you to Quickly create environments using
reusable templates and artifacts. It allows you to create Windows and
Linux environment quickly, with Azure DevTest Lab you can set
automated shutdown to minimize the cost.
 ARM (Azure Resource Manager) Template is a to implement
Infrastructure as a code in Azure. ARM template is a JSON based file
which defines the infrastructure and related configuration. For example
– You can create a VM and SQL Database of your required configuration
from Azure portal, if you have been asked to create the same
environment you have to repeat the same steps instead of doing that
you can create ARM Template and create environment with same JSON
file quickly.