Reading Time: 11 minutes

Azure Fundamentals

Part 2/4 – Azure Portal, Compute, Storage and Networking options

Material source:

Microsoft documentation

Manage services with the Azure portal

The portal does not provide any way to automate repetitive tasks. For example, to set up multiple VMs, you would need to create them one at a time by completing the wizard for each VM. This makes the portal approach time-consuming and error-prone for complex tasks. Azure dashboards are stored as JSON files and can be imported/exported.

Azure Portal

Azure Portal

Azure PowerShell is a module that you add to Windows PowerShell or PowerShell Core that enables you to connect to your Azure subscription and manage resources. Azure PowerShell requires Windows PowerShell to function.

Azure Cloud Shell is a browser-based scripting environment in your portal. It provides the flexibility of choosing the shell experience that best suits the way you work. Linux users can opt for a Bash experience, while Windows users can opt for PowerShell. An Azure storage account is required to use the cloud shell.

Azure Advisor is a free service built into Azure that provides recommendations on high availability, security, performance, and cost. Advisor analyses your deployed services and looks for ways to improve your environment across those four areas. You can view recommendations in the portal or download them in PDF or CSV format.

With Azure Advisor, you can:

  • Get proactive, actionable, and personalised best practices recommendations.
  • Improve the performance, security, and high availability of your resources as you identify opportunities to reduce your overall Azure costs.
  • Get recommendations with proposed actions inline.

Microsoft offer previews of Azure features for evaluation purposes. With Azure Preview Features, you can test beta and other pre-release features, products, services, software, and regions.

There are two types of previews available:

  • Private Preview. This means that an Azure feature is available to *specific* Azure customers for evaluation purposes. This is typically by invite only and issued directly by the product team responsible for the feature or service.
  • Public Preview. This means that an Azure feature is available to all Azure customers for evaluation purposes. These previews can be turned on through the preview features page as detailed below.

Azure compute options

There are four common techniques for performing compute in Azure:

  • Virtual machines
  • Containers
  • Azure App Service: platform-as-a-service (PaaS) offering in Azure that is designed to host enterprise-grade web-oriented applications
  • Serverless computing

Azure VM availability and scalability features include;

  • Availability sets: An availability set is a logical grouping of two or more VMs that ensure your application remains available during planned or unplanned maintenance. When the VM is part of an availability set, the Azure fabric will ensure updates are sequenced so not all of the associated VMs are rebooted at the same time. This grouping is referred to as an update domain. Update domains are a logical part of each datacenter and are implemented with software and logic. A fault domain is essentially a rack of servers. It provides the physical separation of your workload across different hardware in the datacenter. There is no cost for an availability set; you only pay for the VMs within the set.
  • VM scale sets: let you create and manage a group of identical, load balanced VMs. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule.
  • Azure Batch: enables large-scale job scheduling and compute management with the ability to scale to tens, hundreds, or thousands of VMs.

Azure supports Docker containers, and there are several ways to manage containers in Azure;

  • Azure Container Instances (ACI): the fastest and simplest way to run a container in Azure.  It is a PaaS offering that allows you to upload your containers and execute them directly
  • Azure Kubernetes Services (AKS): a complete orchestration service for containers with distributed architectures with multiple containers

What is Kubernetes: Most popular option to manage container based workloads. It combines container management automation with an extensible API to create a cloud native application management platform.

Kubernetes manages the placement of PODs (consisting of one or more containers) on a Kubernetes cluster node (physical host). It takes care of restarting or replacing a crashed instance or POD or cluster node. Other features of Kubernetes include;

  • Kubernetes scaling (manually or automatically)
  • Kubernetes staggering update deployment (minimise downtime and also provide roll-back to previous version function)
  • Kubernetes storage management through Kubernetes persistent volumes (present storage options to containers. Can also use Azure storage solutions such as Azure Storage and Azure CosmosDB)
  • Kubernetes networking management through plugins to expose PODs to the internet, provide network isolation, load balancing and policy driven network security
  • Kubernetes APIs used to create custom actions

Azure App Service: A PaaS that allows you to build and host web apps, background jobs, mobile backends and RESTful APIs in the programming language of your choice. It offers built-in load balancing and traffic manager to provide high availability. It supports automated deployments from GitHub, Azure DevOps or any Git repo. You can choose the right App Service Plan to suit your needs. The types of web apps supported include;

  • Web Apps: Full support for hosting web apps using ASP.NET, ASP.NET Core, Java, Ruby, Node.js, PHP, or Python
  • API Apps: To build REST based web APIs. Offers full Swagger support and you can publish your API in Azure Marketplace
  • WebJobs: Allows you to run a program or script in the same context as web app, API app or mobile app. Often used to run background tasks as part of your application logic
  • Mobile Apps: used to build backend for iOS and Android apps

With serverless computing, Azure takes care of managing the server infrastructure and allocation/deallocation of resources based on demand. You focus solely on the logic you need to execute and the trigger that is used to run your code. You configure your serverless apps to respond to events.

Azure has two implementations of serverless compute:

  • Azure Functions which can execute code in almost any modern language. Azure Functions can be either stateless (the default) where they behave as if they’re restarted every time they respond to an event), or stateful (called “Durable Functions”) where a context is passed through the function to track prior activity
  • Azure Logic Apps which are designed in a web-based designer and can execute workflows triggered by Azure services without writing any code. You create Logic App workflows using a visual designer on the Azure Portal or in Visual Studio. The workflows are persisted as a JSON file with a known workflow schema

You can mix and match services when you build an orchestration, calling functions from logic apps and calling logic apps from functions.

Note: Azure recommends loosely coupled architecture. An N-tier architecture divides an application into two or more logical tiers. Architecturally, a higher tier can access services from a lower tier, but a lower tier should never access a higher tier. Tiers help separate concerns and are ideally designed to be reusable. Using a tiered architecture also simplifies maintenance. Tiers can be updated or replaced independently, and new tiers can be inserted if needed.

Azure Networking Options

An Azure virtual network is a logically isolated network on Azure. A virtual network is scoped to a single region; however, multiple virtual networks from different regions can be connected together using virtual network peering. Virtual networks can be segmented into one or more subnets.

Azure VPN Gateway provides a secure connection between an Azure Virtual Network and an on-premises location over the internet.

Network Security Group: allows or denies inbound network traffic to your Azure resources

Azure Load Balancer: Supports inbound and outbound scenarios, provides low latency and high throughput, and scales up to millions of flows for all TCP and UDP based applications. You can use Load Balancer with incoming internet traffic, internal traffic across Azure services, port forwarding for specific traffic, or outbound connectivity for VMs in your virtual network.

Azure Application Gateway: layer 7 (application) load balancer designed for web applications which applies URL-based routing rules to support several advanced scenarios. Some benefits of AAG over simple LB include:

  • Cookie affinity: to keep a user’s session on the same backend server
  • SSL termination: offload SSL encryption/decryption. Also supports full end-to-end encryption
  • WAF: includes detailed monitoring and logging to detect malicious attacks
  • URL rule-based routes: route traffic based on URL patterns (src/dst IP address/port). Useful for setting up CDN
  • Rewrite HTTP headers: to enable security scenarios or scrub sensitive information such as server names

Azure Traffic Manager: Uses DNS to direct client traffic to a resource that’s closest to them. It can also include your on-premise deployment. If the Traffic Manager detects an unresponsive endpoint, it redirects traffic to the next closest endpoint that is responsive.

Azure data storage options

There are three primary types of data that Azure Storage is designed to hold;

  • Structured: Also referred to as relational data
  • Semi-structured: also referred to as non-relational or NoSQL data
  • Unstructured: such as JSON files, jpg, pdf, etc.

Azure SQL Database: based on Microsoft SQL Server. You can migrate your onprem SQL database with minimal downtime using Azure Database Migration Service. The services uses the Microsoft Data Migration Assistant to generate assessment reports that provide recommendations to help guide you through required changes prior to performing a migration.

Azure Cosmos DB: a globally distributed database service that supports schema-less data. It lets you build highly responsive and Always On applications to support constantly changing data. You can use this feature to store data that is updated and maintained by users around the world.

Azure Blob storage: highly scalable unstructured data storage. It has the ability to store up to 8 TB of data for virtual machines. Azure offers three storage tiers;

  1. Hot storage tier: optimized for storing data that is accessed frequently.
  2. Cool storage tier: optimized for data that is infrequently accessed and stored for at least 30 days.
  3. Archive storage tier: for data that is rarely accessed and stored for at least 180 days with flexible latency requirements.

Azure Data lake storage: allows you to store structured and unstructured data and to perform analytics on your data usage. It is object based storage with performance of Big Data filesystem

Azure Files:  fully managed file shares in the cloud that are accessible via SMB protocol. They can be mounted concurrently by cloud or on-premises deployments of Windows, Linux, and macOS. Any number of Azure virtual machines or roles can mount and access the file storage share simultaneously.

Azure Queue: a service for storing large numbers of messages that can be accessed from anywhere.  Queue storage provides asynchronous message queueing for communication between application components, whether they are running in the cloud, on the desktop, on-premises, or on mobile devices

Disk Storage: provides disks for virtual machines, applications, and other services. Disk storage allows data to be persistently stored and accessed from an attached virtual hard disk. Azure Disks have consistently delivered enterprise-grade durability, with an industry-leading ZERO% annualized failure rate.

Azure provides two encryption types for storage services;

  1. Azure Storage Service Encryption (SSE): Encryption at rest and transparent to the user
  2. Client-side encryption: data is already encrypted by the client

Azure Replication: A replication type is set up when you create a storage account. Azure provides regional and geographic replications.