Microsoft Azure Essentials - Fundamentals of Azure

1. Azure: Your Cloud Platform for Rapid Solutions

Azure enables the rapid development of solutions and provides the resources to accomplish tasks that may not be feasible in an on-premises environment.

Cloud computing overview. Azure is Microsoft's public cloud platform, offering a wide array of services like compute, storage, networking, and applications without needing to buy or maintain physical hardware. This shifts capital expenses to operational expenses, allowing access to resources that might otherwise be too costly. Azure supports public, private (Azure Stack), and hybrid cloud models, enabling flexibility in workload placement.

Comparison to on-premises. Unlike traditional datacenters focused on scaling up expensive hardware, Azure promotes scaling out by deploying more commodity compute nodes, which is often more cost-effective. With datacenters globally, Azure allows deploying services close to customers anywhere, benefiting startups with low initial costs and rapid scaling potential. It also simplifies trying new software versions or configurations without on-premises upgrades.

Service categories. Azure services fall broadly into categories like Compute (VMs, App Services, Service Fabric), Data (Storage, SQL Database, DocumentDB), Application (Azure AD, Service Bus, HDInsight), and Network (Virtual Networks, ExpressRoute, Traffic Manager). Understanding these services helps simplify application migration and improve robustness by leveraging cloud-native capabilities.

2. Azure Resource Manager: The Modern Control Plane

With Resource Manager, you deploy these assets into the same resource group and manage and monitor them together.

Resource Manager introduction. Azure Resource Manager (ARM) is the recommended modern deployment model, replacing the older Azure Service Management (ASM) or "classic" model. ARM treats related resources (like VMs, networks, databases for an application) as a single unit, deploying them into a resource group for unified management, monitoring, and deletion. This contrasts with ASM, where resources were managed more independently.

Advantages of ARM. ARM offers faster deployments by allowing parallel resource creation, unlike ASM's sequential approach. It provides fine-grained security via Role-Based Access Control (RBAC), allowing permissions to be set at the subscription, resource group, or individual resource level. ARM also supports tagging resources for better organization and cost management, enabling billing information retrieval based on tags.

Templates and automation. A key benefit of ARM is the use of declarative JSON templates to define deployments. These templates ensure consistent, repeatable deployments, whether for development, testing, or production environments. Templates can be parameterized for flexibility, identify dependencies between resources, and can be updated and redeployed to modify existing resources incrementally.

3. Mastering the Azure Portal and Management Tools

An online management portal provides the easiest way to manage the resources you deploy into Azure.

The Azure Portal. The primary interface for managing Azure resources is the Azure portal (portal.azure.com), a web-based tool providing a dashboard view and a hub for navigation. It allows creating, viewing, and managing resources through "blades" that slide open. While most services are in the main portal, some, like Azure Active Directory, may still use the classic portal (manage.windowsazure.com).

Creating and viewing resources. Resources can be created via the "New" button, browsing categories, or searching the Marketplace, which lists all deployable items including VM images and pre-built applications like WordPress. Resources can be viewed and managed either by their logical resource group or as a flat list of all resources in a subscription, with settings like RBAC, tags, and deployment history accessible.

Additional management tools. Beyond the portal, developers often use Visual Studio with the Azure SDK for integrated development and deployment, including tools like Cloud Explorer for managing ARM resources. IT professionals and developers needing automation or cross-platform support utilize Azure PowerShell cmdlets (for Windows scripting) and the Azure Command-Line Interface (CLI) for Windows, Linux, and Mac, offering powerful scripting capabilities and access to newer features.

4. Azure App Service: Streamlined Application Hosting

With web apps running in an app service using an App Service plan, the management is handled for you, and you can easily scale up and out just by changing the settings of the App Service plan.

App Service overview. Azure App Service is a Platform as a Service (PaaS) offering that simplifies hosting various application types: Web Apps, Mobile Apps, Logic Apps, API Apps, and Function Apps. It abstracts away the underlying infrastructure management, allowing developers to focus on code rather than VMs, IIS setup, or patching.

App Service plans. Applications run within an App Service plan, which defines the shared compute resources (VM size, instance count, pricing tier, location) for one or more apps. This allows running multiple applications cost-effectively on the same set of VMs. Scaling applications is done by modifying the App Service plan's settings, automatically adjusting the underlying VM resources.

Web App features. Web Apps, a core part of App Service, support multiple languages (.NET, Java, PHP, Node.js, Python) and offer features like continuous deployment from source control (GitHub, TFS), easy configuration, monitoring (performance metrics, logging), and automated scaling based on metrics like CPU usage. Pre-built applications like WordPress are available via the Marketplace, simplifying deployment.

5. Azure Virtual Machines: Flexible Infrastructure Control

With an Azure Virtual Machines VM, you are responsible for nearly all aspects of the VM.

IaaS offering. Azure Virtual Machines (VMs) provide Infrastructure as a Service (IaaS), giving users near-total control over the operating system, software installation, and configuration. This is ideal for workloads that don't fit the PaaS model, such as database servers, Active Directory, or migrating existing on-premises applications ("lift and shift").

VM components and disks. VMs require an OS disk and can have multiple data disks for persistent storage, all backed by durable page blobs in Azure Storage. Disks can use Standard (HDD) or Premium (SSD) storage, with Premium recommended for performance-sensitive workloads. VMs also have a temporary disk on the host, not persisted to storage, suitable only for temporary data.

Networking and availability. VMs in the Resource Manager model must reside in an Azure Virtual Network (VNet) and are explicitly configured with network interfaces, IP addresses (public or private), and Network Security Groups (NSGs) for firewall rules. For high availability, VMs should be deployed in an Availability Set, ensuring they are spread across different physical hardware (fault domains) and updated at different times (update domains), providing a 99.95% SLA for multiple instances.

6. Azure Storage: Durable and Scalable Data Services

Microsoft Azure Storage is a Microsoft-managed service that provides durable, scalable, and redundant storage.

Storage account types. Azure Storage offers durable, scalable, and redundant cloud storage, managed by Microsoft. Data is stored within storage accounts, which can be General-purpose (supporting Blobs, Files, Tables, Queues) or Blob storage accounts (optimized for block/append blobs with hot/cool access tiers). General-purpose accounts can use Standard (HDD) or Premium (SSD) storage.

Storage services. Azure Storage provides four core services:

• Blob Storage: Stores unstructured object data (files, images, VHDs) as block blobs (for streaming), page blobs (for random access like VHDs), or append blobs (for logging). Accessible via URL, REST, or SDKs.
• File Storage: Provides managed network file shares accessible via the standard SMB protocol, enabling multiple VMs to share files. Also accessible via REST/SDKs.
• Table Storage: A NoSQL key/value store for large volumes of semi-structured, nonrelational data, accessible via REST/SDKs/Odata.
• Queue Storage: A messaging service for storing and retrieving messages (up to 64KB) to process asynchronously, often used for decoupling application components.

Redundancy and security. Azure Storage offers data redundancy options: Locally Redundant Storage (LRS) with three copies in one facility, Geo-Redundant Storage (GRS) with copies in a paired region for disaster recovery, Read-Access GRS (RA-GRS) allowing reads from the secondary, and Zone-Redundant Storage (ZRS) across facilities. Security features include storage account keys, RBAC for management access, Shared Access Signatures (SAS) for fine-grained data access, HTTPS/SMB 3.0 for data in transit, and Storage Service Encryption (SSE) or Azure Disk Encryption for data at rest.

7. Azure Virtual Networks: Building Secure Connectivity

Virtual networks (VNets) are used in Azure to provide private connectivity for Azure Virtual Machines (Azure VMs) and some Azure services.

VNet fundamentals. Azure Virtual Networks (VNets) enable private, secure communication between Azure resources like VMs and services. Resources within the same VNet can communicate directly using private IP addresses. VNets are defined by address spaces (CIDR blocks) and can be segmented into subnets, allowing for logical organization of resources.

Network Security Groups. Network Security Groups (NSGs) act as a firewall, controlling inbound and outbound network traffic to VMs or subnets based on rules (source/destination IP, port, protocol). NSGs provide a crucial layer of security, especially for VMs with public IP addresses, allowing only necessary traffic (like RDP or SSH by default) while blocking others.

Cross-premises connectivity. Azure offers options to connect your on-premises network to Azure VNets:

• Site-to-site VPN: Connects an entire on-premises network to a VNet using a VPN device or RRAS, creating a secure tunnel over the public internet.
• Point-to-site VPN: Connects individual client machines securely to a VNet over SSTP, often used for remote access without a corporate VPN device. Uses certificate authentication.
• ExpressRoute: Provides a private, dedicated connection between your on-premises network and Azure, bypassing the public internet for higher bandwidth, lower latency, and increased reliability, suitable for mission-critical workloads.

8. Azure Databases: Diverse Data Storage Options

A persistent data store is at the heart of many applications.

Azure SQL Database. Azure SQL Database is a Platform as a Service (PaaS) relational database offering, ideal for OLTP workloads. It provides features like elastic scale, predictable performance (measured in DTUs), and business continuity (Point-in-Time Restore, Geo-Restore, Active Geo-Replication) with minimal administration. It's available in Basic, Standard, and Premium tiers and is compatible with SQL Server tools like SSMS.

SQL Server in Azure VMs. For scenarios requiring full control or specific SQL Server features not in SQL Database (like Windows authentication, SQL Server Agent, CLR), running SQL Server on Azure Virtual Machines (IaaS) is an option. Users are responsible for installation, configuration, and management, including HADR solutions like AlwaysOn. Billing includes VM cost, SQL Server license (or bring your own), and storage.

Database alternatives. Azure also supports other database platforms. MySQL is available as a service via the ClearDb offering in the Marketplace. Additionally, users can deploy and manage virtually any database software (Oracle, MongoDB, etc.) on Azure VMs. For non-relational needs, Azure offers DocumentDB (a fully managed JSON document database with SQL querying) and Azure Table Storage (a cost-effective, scalable key/value store).

9. Azure Active Directory: Centralized Identity Management

Azure AD provides a cloud-friendly, secure, scalable, modern identity solution that can serve cloud-hosted and on-premises solutions alike.

Azure AD fundamentals. Azure Active Directory (Azure AD) is Microsoft's cloud-based identity and access management service. It's a multitenant directory used by Microsoft cloud services (Azure, Office 365) and can synchronize with on-premises Windows Server Active Directory using Azure AD Connect. Azure AD is not a full replacement for Windows Server AD but complements it, providing features like Single Sign-On (SSO) for SaaS applications.

Users and groups. Azure AD manages users (from your organization, Microsoft accounts, other Azure ADs, or partner companies via B2B) and groups. Users can be added manually, synchronized, or programmatically. Groups simplify access management by allowing permissions to be assigned to a group rather than individual users, particularly useful for controlling access to applications in the Azure AD application gallery.

Security features. Azure AD offers various security capabilities across its Free, Basic, and Premium tiers. A key feature is Azure Multi-Factor Authentication (MFA), adding a second verification step (phone call, text, app notification) beyond a password, significantly enhancing security for administrative accounts and users accessing applications. Azure AD also supports features like Conditional Access, Identity Protection, and Application Proxy.

10. Exploring Additional Azure Services

One of the joys of working with the Azure platform is the breadth of services it offers.

Beyond the core. While this book covers fundamental Azure services, the platform offers a vast and growing portfolio. Many services cater to specific needs or represent newer architectural patterns. Staying aware of these can help optimize solutions or enable new capabilities.

Examples of other services:

• Azure Service Fabric: A platform for building and managing highly scalable, reliable microservices, used internally by Microsoft for services like SQL Database and Event Hubs. Can be deployed anywhere (Azure, on-premises, other clouds).
• Cloud Services: An older PaaS compute offering (classic model) for web and worker roles, now largely superseded by App Service and Service Fabric for new workloads.
• Azure Container Service (ACS): Simplifies deploying and managing Docker container clusters using orchestrators like DC/OS or Docker Swarm, providing the underlying VM infrastructure.
• DocumentDB: A fully managed NoSQL document database service supporting JSON and MongoDB protocol compatibility.
• Azure Redis Cache: A managed, in-memory data structure store based on the popular open-source Redis, used for caching and improving application performance.

Specialized services. Other services include Azure HDInsight (managed Hadoop service for big data), Azure Search (managed search-as-a-service), Azure Service Bus (enterprise messaging), Azure Event Hubs (high-throughput data streaming), Azure Notification Hubs (push notifications), Azure Media Services (media encoding/streaming), Azure Backup (cloud backup), Azure Site Recovery (disaster recovery), and Azure Key Vault (securely storing keys/secrets).

11. Azure in Action: Common Business Scenarios

Development and test scenarios are one of the most common uses of Azure.

Dev/Test environments. Azure is widely used for development and testing due to its ability to quickly provision and de-provision environments, converting capital costs to operational costs. VMs, App Services, and databases can be spun up on demand, used, and then shut down or deleted, keeping costs low. MSDN and BizSpark subscriptions offer credits and discounts specifically for Dev/Test.

Hybrid solutions. Azure facilitates hybrid cloud scenarios, integrating on-premises infrastructure with Azure services. This is often achieved using Azure Virtual Networks and cross-premises connectivity options like Site-to-Site VPN or ExpressRoute. Hybrid setups allow organizations to leverage cloud scalability while keeping sensitive data or legacy systems on-premises.

Modernization and migration. Azure supports modernizing existing applications or migrating them to the cloud. The "lift and shift" approach uses Azure VMs to replicate on-premises infrastructure. Alternatively, applications can be refactored to leverage PaaS services like App Service or SQL Database, reducing management overhead and enabling cloud-native features like autoscaling. Azure also supports mobile backends (Mobile Apps) and advanced scenarios like Machine Learning.

Last updated: May 13, 2025