AZURE Concepts

AZURE CORE SERVICES CONCEPT

Compute

Compute services are often one of the primary reasons why companies move to the Azure platform. Azure provides a range of options for hosting applications and services. Here are some examples of compute services in Azure.

Azure Virtual Machines

Windows or Linux virtual machines (VMs) hosted in Azure. 9623919834

Azure Virtual Machine Scale Sets

Scaling for Windows or Linux VMs hosted in Azure.

Azure Kubernetes Service

Cluster management for VMs that run containerized services.

Azure Service Fabric

Distributed systems platform that runs in Azure or on-premises.

Azure Batch

Managed service for parallel and high-performance computing applications.

Azure Container Instances

Containerized apps run on Azure without provisioning servers or VMs.

Azure Functions

An event-driven, serverless compute service.

Networking

Networking functionality in Azure includes a range of options to connect the outside world to services and features in the global Azure datacenters.

Here are some examples of networking services in Azure.

Azure Virtual Network

Connects VMs to incoming virtual private network (VPN) connections.

Azure Load Balancer

Balances inbound and outbound connections to applications or service endpoints.

Azure Application Gateway

Optimizes app server farm delivery while increasing application security.

Azure VPN Gateway

Accesses Azure Virtual Networks through high-performance VPN gateways.

Azure DNS

Provides ultra-fast DNS responses and ultra-high domain availability.

Azure Content Delivery Network

Delivers high-bandwidth content to customers globally.

Azure DDoS Protection

Protects Azure-hosted applications from distributed denial of service (DDOS) attacks.

Azure Traffic Manager

Distributes network traffic across Azure regions worldwide.

Azure ExpressRoute

Connects to Azure over high-bandwidth dedicated secure connections.

Azure Network Watcher

Monitors and diagnoses network issues by using scenario-based analysis.

Azure Firewall

Implements high-security, high-availability firewall with unlimited scalability.

Azure Virtual WAN

Creates a unified wide area network (WAN) that connects local and remote sites.

Storage

Azure provides four main types of storage services.

Azure Blob storage

Storage service for very large objects, such as video files or bitmaps.

Azure File storage

File shares that can be accessed and managed like a file server.

Azure Queue storage

A data store for queuing and reliably delivering messages between applications.

Azure Table storage

Table storage is a service that stores non-relational structured data (also known as structured NoSQL data) in the cloud, providing a key/attribute store with a schemaless design.

These services all share several common characteristics:

· Durable and highly available with redundancy and replication.

· Secure through automatic encryption and role-based access control.

· Scalable with virtually unlimited storage.

· Managed, handling maintenance and any critical problems for you.

· Accessible from anywhere in the world over HTTP or HTTPS.

Mobile

With Azure, developers can create mobile back-end services for iOS, Android, and Windows apps quickly and easily. Features that used to take time and increase project risks, such as adding corporate sign-in and then connecting to on-premises resources such as SAP, Oracle, SQL Server, and SharePoint, are now simple to include.

Other features of this service include:

· Offline data synchronization.

· Connectivity to on-premises data.

· Broadcasting push notifications.

· Autoscaling to match business needs.

Databases

Azure provides multiple database services to store a wide variety of data types and volumes. And with global connectivity, this data is available to users instantly.

Azure Cosmos DB

Globally distributed database that supports NoSQL options.

Azure SQL Database

Fully managed relational database with auto-scale, integral intelligence, and robust security.

Azure Database for MySQL

Fully managed and scalable MySQL relational database with high availability and security.

Azure Database for PostgreSQL

Fully managed and scalable PostgreSQL relational database with high availability and security.

SQL Server on Azure Virtual Machines

Service that hosts enterprise SQL Server apps in the cloud.

Azure Synapse Analytics

Fully managed data warehouse with integral security at every level of scale at no extra cost.

Azure Database Migration Service

Service that migrates databases to the cloud with no application code changes.

Azure Cache for Redis

Fully managed service caches frequently used and static data to reduce data and application latency.

Azure Database for MariaDB

Fully managed and scalable MariaDB relational database with high availability and security

Web

Having a great web experience is critical in today's business world. Azure includes first-class support to build and host web apps and HTTP-based web services. The following Azure services are focused on web hosting.

Azure App Service

Quickly create powerful cloud web-based apps.

Azure Notification Hubs

Send push notifications to any platform from any back end.

Azure API Management

Publish APIs to developers, partners, and employees securely and at scale.

Azure Cognitive Search

Deploy this fully managed search as a service.

Web Apps feature of Azure App Service

Create and deploy mission-critical web apps at scale.

Azure SignalR Service

Add real-time web functionalities easily.

IoT

People are able to access more information than ever before. Personal digital assistants led to smartphones, and now there are smart watches, smart thermostats, and even smart refrigerators. Personal computers used to be the norm. Now the internet allows any item that's online-capable to access valuable information. This ability for devices to garner and then relay information for data analysis is referred to as IoT.

Many services can assist and drive end-to-end solutions for IoT on Azure.

IoT Central

Fully managed global IoT software as a service (SaaS) solution that makes it easy to connect, monitor, and manage IoT assets at scale.

Azure IoT Hub

Messaging hub that provides secure communications between and monitoring of millions of IoT devices.

IoT Edge

Fully managed service that allows data analysis models to be pushed directly onto IoT devices, which allows them to react quickly to state changes without needing to consult cloud-based AI models.

Big data

Azure Synapse Analytics

Run analytics at a massive scale by using a cloud-based enterprise data warehouse that takes advantage of massively parallel processing to run complex queries quickly across petabytes of data.

Azure HDInsight

Process massive amounts of data with managed clusters of Hadoop clusters in the cloud.

Azure Databricks

Integrate this collaborative Apache Spark-based analytics service with other big data services in Azure.

AI

Here are some of the most common AI and machine learning service types in Azure.

Service name

Description

Azure Machine Learning Service

Cloud-based environment you can use to develop, train, test, deploy, manage, and track machine learning models. It can auto-generate a model and auto-tune it for you. It will let you start training on your local machine, and then scale out to the cloud.

Azure ML Studio

Collaborative visual workspace where you can build, test, and deploy machine learning solutions by using prebuilt machine learning algorithms and data-handling modules.

A closely related set of products are the cognitive services. You can use these prebuilt APIs in your applications to solve complex problems.

Vision

Use image-processing algorithms to smartly identify, caption, index, and moderate your pictures and videos.

Speech

Convert spoken audio into text, use voice for verification, or add speaker recognition to your app.

Knowledge mapping

Map complex information and data to solve tasks such as intelligent recommendations and semantic search.

Bing Search

Add Bing Search APIs to your apps and harness the ability to comb billions of webpages, images, videos, and news with a single API call.

Natural Language processing

Allow your apps to process natural language with prebuilt scripts, evaluate sentiment, and learn how to recognize what users want.

DevOps

Azure DevOps

Use development collaboration tools such as high-performance pipelines, free private Git repositories, configurable Kanban boards, and extensive automated and cloud-based load testing. Formerly known as Visual Studio Team Services.

Azure DevTest Labs

Quickly create on-demand Windows and Linux environments to test or demo applications directly from deployment pipelines.

To use Azure services, you need to create an Azure account, and a subscription will be created for you. After you've created an Azure account, you're free to create additional subscriptions. After you've created an Azure subscription, you can start creating Azure resources within each subscription.

Cloud model comparison

Public cloud

· No capital expenditures to scale up.

· Applications can be quickly provisioned and deprovisioned.

· Organizations pay only for what they use.

Private cloud

· Hardware must be purchased for start-up and maintenance.

· Organizations have complete control over resources and security.

· Organizations are responsible for hardware maintenance and updates.

Hybrid cloud

· Provides the most flexibility.

· Organizations determine where to run their applications.

· Organizations control security, compliance, or legal requirements.

What are some cloud computing advantages?

There are several advantages that a cloud environment has over a physical environment that Tailwind Traders can use following its migration to Azure.

· High availability: Depending on the service-level agreement (SLA) that you choose, your cloud-based apps can provide a continuous user experience with no apparent downtime, even when things go wrong.

· Scalability: Apps in the cloud can scale vertically and horizontally:

o Scale vertically to increase compute capacity by adding RAM or CPUs to a virtual machine.

o Scaling horizontally increases compute capacity by adding instances of resources, such as adding VMs to the configuration.

· Elasticity: You can configure cloud-based apps to take advantage of autoscaling, so your apps always have the resources they need.

· Agility: Deploy and configure cloud-based resources quickly as your app requirements change.

· Geo-distribution: You can deploy apps and data to regional datacenters around the globe, thereby ensuring that your customers always have the best performance in their region.

· Disaster recovery: By taking advantage of cloud-based backup services, data replication, and geo-distribution, you can deploy your apps with the confidence that comes from knowing that your data is safe in the event of disaster.

Capital expenses vs. operating expenses

There are two different types of expenses that you should consider:

· Capital Expenditure (CapEx) is the up-front spending of money on physical infrastructure, and then deducting that up-front expense over time. The up-front cost from CapEx has a value that reduces over time.

· Operational Expenditure (OpEx) is spending money on services or products now, and being billed for them now. You can deduct this expense in the same year you spend it. There is no up-front cost, as you pay for a service or product as you use it.

To summarize, CapEx requires significant up-front financial costs, as well as ongoing maintenance and support expenditures. By contrast, OpEx is a consumption-based model, so Tailwind Traders is only responsible for the cost of the computing resources that it uses. Cloud computing is a consumption-based model

Cloud service providers operate on a consumption-based model, which means that end users only pay for the resources that they use. Whatever they use is what they pay for.

A consumption-based model has many benefits, including:

· No upfront costs.

· No need to purchase and manage costly infrastructure that users might not use to its fullest.

· The ability to pay for additional resources when they are needed.

· The ability to stop paying for resources that are no longer needed.

cloud service models

IaaS

IaaS is the most flexible category of cloud services. It aims to give you complete control over the hardware that runs your application. Instead of buying hardware, with IaaS, you rent it.

Advantages

No CapEx. Users have no up-front costs.

Agility. Applications can be made accessible quickly, and deprovisioned whenever needed.

Management. The shared responsibility model applies; the user manages and maintains the services they have provisioned, and the cloud provider manages and maintains the cloud infrastructure.

Consumption-based model. Organizations pay only for what they use and operate under an Operational Expenditure (OpEx) model.

Skills. No deep technical skills are required to deploy, use, and gain the benefits of a public cloud. Organizations can use the skills and expertise of the cloud provider to ensure workloads are secure, safe, and highly available.

Cloud benefits. Organizations can use the skills and expertise of the cloud provider to ensure workloads are made secure and highly available.

Flexibility. IaaS is the most flexible cloud service because you have control to configure and manage the hardware running your application.

PaaS

PaaS provides the same benefits and considerations as IaaS, but there are some additional benefits to be aware of.

Advantages

No CapEx. Users have no up-front costs.

Agility. PaaS is more agile than IaaS, and users don't need to configure servers for running applications.

Consumption-based model. Users pay only for what they use, and operate under an OpEx model.

Skills. No deep technical skills are required to deploy, use, and gain the benefits of PaaS.

Cloud benefits. Users can take advantage of the skills and expertise of the cloud provider to ensure that their workloads are made secure and highly available. In addition, users can gain access to more cutting-edge development tools. They can then apply these tools across an application's lifecycle.

Productivity. Users can focus on application development only, because the cloud provider handles all platform management. Working with distributed teams as services is easier because the platform is accessed over the internet. You can make the platform available globally more easily.

Disadvantage

Platform limitations. There can be some limitations to a cloud platform that might affect how an application runs. When you're evaluating which PaaS platform is best suited for a workload, be sure to consider any limitations in this area.

SaaS

SaaS is software that's centrally hosted and managed for you and your users or customers. Usually one version of the application is used for all customers, and it's licensed through a monthly or annual subscription.

SaaS provides the same benefits as IaaS, but again there are some additional benefits to be aware of too.

Advantages

No CapEx. Users have no up-front costs.

Agility. Users can provide staff with access to the latest software quickly and easily.

Pay-as-you-go pricing model. Users pay for the software they use on a subscription model, typically monthly or yearly, regardless of how much they use the software.

Skills. No deep technical skills are required to deploy, use, and gain the benefits of SaaS.

Flexibility. Users can access the same application data from anywhere.

Disadvantage

Software limitations. There can be some limitations to a software application that might affect how users work. Because you're using as-is software, you don't have direct control of features. When you're evaluating which SaaS platform is best suited for a workload, be sure to consider any business needs and software limitations.

Cloud service model comparison

IaaS

The most flexible cloud service.

You configure and manage the hardware for your application.

PaaS

Focus on application development.

Platform management is handled by the cloud provider.

SaaS

Pay-as-you-go pricing model.

Users pay for the software they use on a subscription model.

The following chart illustrates the various levels of responsibility between a cloud provider and a cloud tenant.

What is serverless computing?

Like PaaS, serverless computing enables developers to build applications faster by eliminating the need for them to manage infrastructure. With serverless applications, the cloud service provider automatically provisions, scales, and manages the infrastructure required to run the code. Serverless architectures are highly scalable and event-driven, only using resources when a specific function or trigger occurs.

Azure subscriptions, management groups, and resources

Having seen the top-down hierarchy of organization, let's describe each of those levels from the bottom up:

· Resources: Resources are instances of services that you create, like virtual machines, storage, or SQL databases.

· Resource groups: Resources are combined into resource groups, which act as a logical container into which Azure resources like web apps, databases, and storage accounts are deployed and managed.

· Subscriptions: A subscription groups together user accounts and the resources that have been created by those user accounts. For each subscription, there are limits or quotas on the amount of resources that you can create and use. Organizations can use subscriptions to manage costs and the resources that are created by users, teams, or projects.

· Management groups: These groups help you manage access, policy, and compliance for multiple subscriptions. All subscriptions in a management group automatically inherit the conditions applied to the management group.

Azure regions

A region is a geographical area with one 0r more datacenters that are nearby, physically isolated from each other and networked together with a low-latency network.

For examples :Regions are West US, Canada Central, West Europe, Australia East, and Japan West.

Azure has more global regions than any other cloud provider. These regions give you the flexibility to bring applications closer to your users no matter where they are. Global regions provide better scalability and redundancy. They also preserve data residency for your services.

Special Azure regions

· US DoD Central, US Gov Virginia, US Gov Iowa and more: These regions are physical and logical network-isolated instances of Azure for U.S. government agencies and partners. These datacenters are operated by screened U.S. personnel and include additional compliance certifications.

· China East, China North, and more: These regions are available through a unique partnership between Microsoft and 21Vianet, whereby Microsoft doesn't directly maintain the datacenters.

Availability Zone

· physically separate datacenters within an Azure region.

· one or more datacenters equipped with independent power, cooling, and networking.

· connected through high-speed, private fiber-optic networks

· An availability zone is set up to be an isolation boundary.

· If one zone goes down, the other continues working..

You can use availability zones to run mission-critical applications and build high-availability into your application architecture by co-locating your compute, storage, networking, and data resources within a zone and replicating in other zones.

Region Pair

· Each Azure region is always paired with another region within the same geography (such as US, Europe, or Asia) at least 300 miles away.

· allows for the replication of resources (such as VM storage) across a geography that helps reduce the likelihood of interruptions because of events such as natural disasters, civil unrest, power outages, or physical network outages that affect both regions at once.

· If a region in a pair was affected by a natural disaster, for instance, services would automatically failover to the other region in its region pair.

Examples of region pairs in Azure are West US paired with East US and SouthEast Asia paired with East Asia.

advantages of region pairs:

· If an extensive Azure outage occurs, one region out of every pair is prioritized to make sure at least one is restored as quickly as possible for applications hosted in that region pair.

· Planned Azure updates are rolled out to paired regions one region at a time to minimize downtime and risk of application outage.

· Data continues to reside within the same geography as its pair (except for Brazil South) for tax- and law-enforcement jurisdiction purposes.

Having a broadly distributed set of datacenters allows Azure to provide a high guarantee of availability.

Azure Resource Manager

· deployment and management service for Azure.

· provides a management layer that enables you to create, update, and delete resources in your Azure account.

· Allow you to control access, locks, and tags to secure and organize your resources after deployment.

The following image shows the role Resource Manager plays in handling Azure requests.

All capabilities that are available in the Azure portal are also available through PowerShell, the Azure CLI, REST APIs, and client SDKs. Functionality initially released through APIs will be represented in the portal within 180 days of initial release.

The benefits of using Resource Manager

· Manage your infrastructure through declarative templates rather than scripts. A Resource Manager template is a JSON file that defines what you want to deploy to Azure.

· Deploy, manage, and monitor all the resources for your solution as a group, rather than handling these resources individually.

· Redeploy your solution throughout the development life cycle and have confidence your resources are deployed in a consistent state.

· Define the dependencies between resources so they're deployed in the correct order.

· Apply access control to all services because RBAC is natively integrated into the management platform.

· Apply tags to resources to logically organize all the resources in your subscription.

· Clarify your organization's billing by viewing costs for a group of resources that share the same tag.

Azure subscriptions

· To use Azure services, requires an Azure Account & Azure subscription.

· A subscription provides you with authenticated and authorized access to Azure products and services.

· An Azure subscription is a logical unit of Azure services that links to an Azure account, which is an identity in Azure Active Directory (Azure AD) or in a directory that Azure AD trusts.

· allows you to provision resources.

An account can have one or more subscriptions that have different billing models and you can apply different access-management policies. You can use Azure subscriptions to define boundaries around Azure products, services, and resources.

There are two types of subscription boundaries that you can use:

· Billing boundary: This subscription type determines how an Azure account is billed for using Azure. You can create multiple subscriptions for different types of billing requirements. Azure generates separate billing reports and invoices for each subscription so that you can organize and manage costs.

· Access control boundary: Azure applies access-management policies at the subscription level, and you can create separate subscriptions to reflect different organizational structures. An example is that within a business, you have different departments to which you apply distinct Azure subscription policies. This billing model allows you to manage and control access to the resources that users provision with specific subscriptions.

Create additional Azure subscriptions

You might want to create additional subscriptions for resource or billing management purposes in terms of

· Environments: When managing your resources, you can choose to create subscriptions to set up separate environments for development and testing, security, or to isolate data for compliance reasons. This design is particularly useful because resource access control occurs at the subscription level.

· Organizational structures: You can create subscriptions to reflect different organizational structures

· Billing: You might want to also create additional subscriptions for billing purposes. Because costs are first aggregated at the subscription level.

Note : Subscription limits: Subscriptions are bound to some hard limitations. For example, the maximum number of Azure ExpressRoute circuits per subscription is 10. Those limits should be considered as you create subscriptions on your account. If there's a need to go over those limits in particular scenarios, you might need additional subscriptions.

Azure management groups

· organize subscriptions into containers called management groups

· apply your governance conditions to the management groups.

· All subscriptions within a management group automatically inherit the conditions applied to the management group.

· Management groups give you enterprise-grade management at a large scale no matter what type of subscriptions you might have.

· All subscriptions within a single management group must trust the same Azure AD tenant.

For example, you can apply policies to a management group that limits the regions available for VM creation. This policy would be applied to all management groups, subscriptions, and resources under that management group by only allowing VMs to be created in that region.

Note:

· 10,000 management groups can be supported in a single directory.

· A management group tree can support up to six levels of depth. This limit doesn't include the root level or the subscription level.

· Each management group and subscription can support only one parent.

· Each management group can have many children.

· All subscriptions and management groups are within a single hierarchy in each directory.