Module 1/6

Session 3
Core Azure concepts
Bárbara Rodríguez-Carmona
24/09/2021

© Copyright Microsoft Corporation. All rights reserved.

Core Azure architectural components

© Copyright Microsoft Corporation. All rights reserved.

Core Azure architectural components – Objective Domain

Describe the benefits and usage of:

• Subscriptions
• Azure Resources
• Resource Groups
• Azure Management Groups
• Azure Resource Manager
• Regions and Region Pairs
• Availability Zones

© Copyright Microsoft Corporation. All rights reserved.

Core Azure architectural components overview

• Management groups: Help manage

access, policy, and compliance for multiple
subscriptions.
• Subscriptions: A subscription groups
together user accounts and the resources
that have been created by those user
accounts.
• Resource groups: Act as a logical
container into which Azure resources are
deployed and managed.
• Resources: Instances of services that you
create.

© Copyright Microsoft Corporation. All rights reserved.

Azure Subscriptions

An Azure subscription provides you with

authenticated and authorized access to
Azure accounts.
• Billing boundary: generate separate
billing reports and invoices for each
subscription.
• Access control boundary: manage and
control access to the resources that
users can provision with specific
subscriptions.

© Copyright Microsoft Corporation. All rights reserved.

Create additional Azure Subscriptions

You might want to create additional subscriptions for resource or billing

management purposes:
• Environments: Production, development and testing,…
• Organizational structures : By teams, expertise level.
• Billing: Based on different costs needs; production vs. development and testing.

© Copyright Microsoft Corporation. All rights reserved.

Azure Subscriptions: Billing & Invoicing

© Copyright Microsoft Corporation. All rights reserved.

Azure Resources

Azure resources are components like storage, virtual machines, and networks that are
available to build cloud solutions.

Virtual Machines Storage Accounts Virtual Networks

App Services SQL Databases Functions

© Copyright Microsoft Corporation. All rights reserved.

Resource groups

A resource group is a container to manage Resource groups

(web + DB, VM, Storage) in one group
and aggregate resources in a single unit.
• All resources must be in a resource group
• Resources can only be a member of a single
resource group.
OR
• Resources can exist in different regions.
• Resources can be moved to different resource
groups.
• Applications can utilize multiple resource groups.
Web and Virtual
• Logical grouping seeks to provide some order DB machine Storage
resource resource resource
with similar usage, type, or location group group group

© Copyright Microsoft Corporation. All rights reserved.

Management groups

• Manage access, policies, and

compliance for subscriptions.
• Apply your governance conditions
to the management groups.
• Subscriptions within a management
group automatically inherit the
conditions applied to the
management group.
• Organize your resources into a
hierarchy for unified policy and
access management.

© Copyright Microsoft Corporation. All rights reserved.

Management Groups key facts

• Management groups can include

multiple Azure subscriptions.
• Subscriptions inherit conditions applied
to the management group.
• 10,000 management groups can be
supported in a single directory.
• A management group tree can support
up to six levels of depth (This limit doesn't
include the Root level or the subscription level).

© Copyright Microsoft Corporation. All rights reserved.

Azure Resource Manager

The Azure Resource

Manager (ARM) provides a
management layer that
enables you to create,
update, and delete resources
in your Azure subscription.

© Copyright Microsoft Corporation. All rights reserved.

Azure Resource Manager: Benefits
• Manage your infrastructure through declarative templates
rather than scripts.
• Deploy, manage, and monitor all the resources for your
solution as a group
• Redeploy your solution throughout the development
lifecycle
• Define the dependencies between resources so they're
deployed in the correct order.
• Apply access control to all services. RBAC is natively
integrated into the management platform.
• Apply tags to resources to logically organize all the
resources in your subscription.
• Clarify your organization's billing by viewing costs for a
group of resources sharing the same tag.

© Copyright Microsoft Corporation. All rights reserved.

Regions

Azure offers more global

regions than any other
cloud provider with 60+
regions representing over
140 countries

• Regions are made up of one or more datacenters in close proximity.

• Provide flexibility and scale to reduce customer latency.
• Preserve data residency with a comprehensive compliance offering.

© Copyright Microsoft Corporation. All rights reserved.

Special Azure Regions

For compliance or legal purposes.

A few examples:
• US Government dedicated regions - US DoD Central, US
Gov Virginia, US Gov Iowa and more:
Physical and logical network-isolated instances of Azure for US
government agencies and partners. These datacenters are
operated by screened US persons and include additional
compliance certifications.
• China East, China North and more:
Available through a unique partnership between Microsoft and
21Vianet. Microsoft does not directly maintain the datacenters.

© Copyright Microsoft Corporation. All rights reserved.

Availability zones

• Physically separate datacenters within the

same region.
• Each datacenter is equipped with
independent power, cooling, and
networking. 
• Isolation boundary.
• Provide protection against downtime due to
datacenter failure.
• Connected through private fiber-optic
networks.

© Copyright Microsoft Corporation. All rights reserved.

Availability zones

Azure Region
• Created using one or more datacenters.
Availability Zone 1 Availability Zone 2
• Minimum of 3 zones within a single region.
• In case a large outage occurs in 2
datacenters due to a disaster: Region Pairs.
• Not every region has support for
Availability Zones.
• Availability zones in two categories:
• Zonal Services can be locked to one zone.
Availability Zone 3
• Zonal-redundant services are replicated
automatically across zones.

© Copyright Microsoft Corporation. All rights reserved.

Region Pairs
• Each Azure region is always paired with another region.
• At least 300 miles of separation between datacenters in a regional pair within the same geography
• Some services provide automatic replication to the paired region.
• In an outage, recovery of one region is prioritized out of every pair.
• Updates are rolled out to paired regions sequentially (not at the same time).

© Copyright Microsoft Corporation. All rights reserved.

Region Pairs
Region Region
North Central US​ South Central US​
East US​ West US​
West US 2​ West Central US​
US East 2​ Central US​
Canada Central​ Canada East​
North Europe​ West Europe​
UK West​ UK South​
Germany
Germany Central​
Northeast​
South East Asia​ East Asia​
East China​ North China​
Japan East​ Japan West​
Australia Southeast​ Australia East​
India South​ India Central​
Brazil South
South Central US ​
(Primary)​

Web Link: https://aka.ms/PairedRegions
© Copyright Microsoft Corporation. All rights reserved.
Assignments

Microsoft Learn Modules

(docs.microsoft.com/Learn)

Walkthroughs:
Part 1. 3 Describe core architectural components – Do not do the Exercise
“Create a website hosted in Azure” (Unit 6). Do the Knowledge check.

© Copyright Microsoft Corporation. All rights reserved.