Azure for AWS Developers

COPYRIGHT – 1 BILLION TECH | CONFIDENTIAL
AZUREFORAWSDEVELOPERS
TECH TALK
[10TH
JUNE 2021]

Source: https://www.smbnation.com
 AWS launched in 2006
 Azure launched in 2008

CLOUD IAAS MARKET - GARTNER
Source: Gartner 2020 August Report
 According to Gartner,
AWS, Azure and Google
are IaaS market leaders
for many years

GLOBAL INFRASTRUCTURE - AWS
Source:AWS Documentation
 25 Regions
 81 Availability Zones

GLOBAL INFRASTRUCTURE - AZURE
Source:Azure Documentation
 50+ Regions
 160+ Availability
Zones

AZURE REGIONS, AVAILABILITY ZONES AND
AVAILABILITY SETS

 Other than the generic azure regions that we have access, there are a few separate regions
that we do not have access to.
 Primarily they are being used by state governments such as USA and China
●
Azure for US Government
●
Azure China Government ( independently operated and transacted by Shanghai Blue
Cloud Technology Co., Ltd. ("21Vianet"))
AZURE SOVEREIGN REGIONS

FREE TIER - AZURE
 Azure
●
You get $200 credit to spend in the first 30 days after you sign up.
●
You are able to use any Azure services without any restriction under the cap of $200.
●
Some popular services which are free for 12 months
●
25+ other services, which are always free
●
Only one free Azure account can be created for a single Microsoft license

FREE TIER - AWS
 AWS
●
There are services which are free for 12 months, services which are always free and
services with free trials
●
[12 Months]
●
EC2 750 hours, S3 5 GB, RDS 750 hours, API Gateway 1 Million
●
[Always Free]
●
DynamoDB 25 GB, Lambda 1 Million, SNS 1 Million, CloudFront 50 GB
●
[Free Trial]
●
SageMaker 2 Months, GuardDuty 2 Months, Inspector 90 Days
 [Reference: https:/
/aws.amazon.com/free/]

ACCOUNTS
 Azure subscriptions are a grouping of resources with an assigned owner responsible for
billing and permissions management.
 Unlike AWS, where any resources created under the AWS account are tied to that
account, where subscriptions exist independently of their owner accounts, and can be
reassigned to new owners as needed.
 In Azure, subscriptions are assigned to three types of administrative accounts
●
Account Administrator – The subscription owner with subscription billing access
●
Service Administrator – Same as Account admin except the subscription billing access
●
Co-Administrator – Can have up to 200 co-admins per subscription.

ACCOUNTS

AZURE ROLES AND AZURE AD ROLES

AZURE SUBSCRIPTIONS, MANAGEMENT GROUPS AND
RESOURCE GROUPS
Source: Microsoft Documentation

AZURE SUBSCRIPTIONS
 You can create multiple subscriptions in your Azure Account
 You need to have a Microsoft Account in order to have a subscription.
 Resources created in Azure need to be created under a given subscription
 This will help you to create multiple billing accounts for multiple departments in your
organization.
 This is similar to AWS organizations in AWS

AZURE MANAGEMENT GROUPS
 It is an administrative model for organizations that have many Azure
subscriptions
 With this feature you can delegate permissions and deploy Azure Policy to lots
of subscriptions at once. All subscriptions within a management group
automatically inherit the conditions applied to the management group.
 For example, you can apply policies to a management group that limits the
regions available for virtual machine (VM) creation. This policy would be
applied to all management groups, subscriptions, and resources under that
management group by only allowing VMs to be created in that region

AZURE RESOURCE GROUPS
 Resource Group is a logical grouping / a container of resources in an Azure solution
 Each resource can be in only one Resource Group
 You can add or delete resources to any Resource Group at anytime
 You can move a resource from one Resource Group to another at any given time
 Resources in multiple regions can be in one Resource Group
 You can give user level access to Resource Groups.
 The IAM permissions defined at the resource group level would be inherited by resources
defined in that resource group.

NETWORK SECURITY GROUP (NSG)
 This is similar to “Security Groups” in AWS
 Network Security Group can be attached to,
●
A Virtual Network Interface of a Virtual Machine
●
An entire Subnet – valid for all Virtual Machines within the Subnet
 Consists of Inbound and Outbound security rules. By default inbound rules are not exposed
to the public Internet. Inbound rules are open only within the Virtual Private Network
(between subnets) or to Azure Load Balancers.

APPLICATION SECURITY GROUP (ASG)
 Application Security Group (ASG) is
another logical grouping that helps you
to group application layers (web tier,
database tier, etc), which can help you
to configure your Network Security
Group (NSG) rules in a more organized
way.
 For example, you can have web tier
(multiple VM instances) as one
Application Security Group and
database tier (multiple VM instances)
as another Application Security Group

 There are multiple connectivity options available
●
Virtual Private Network Peering
●
Point to Site VPN Connection
●
Site to Site VPN Connection
●
Azure Express Route (Azure Dedicated Channel)
AZURE CONNECTIVITY OPTIONS

Point to Site VPN Connection
Site to Site VPN Connection
Virtual Private Network Peering Connection

AZURE TRAFFIC MANAGER
 This is similar to Route 53 in AWS
 Azure Traffic Manager is a DNS-based routing tool, compared to Azure Load
Balancer, which is a IP based routing tool. This service allows you to distribute
traffic to your public facing applications across the global Azure regions. Also
provides your public endpoints with high availability and quick responsiveness.
 The Routing can be done based on the Priority and the Weightage.
 Unlike, Route 53, Azure still does not offer DNS registration.

COMPUTE - SCALABILITY
 This is an IaaS part of Azure compute along
with Azure Virtual Machines
 A group of identical, load balanced Virtual
Machines are called Scaled Sets. They can
be activated/ deactivated as needed
 It ensures the High Availability for your
applications.
 Similar to Auto Scaling Groups (ASGs) in
AWS along with Launch Templates /
Configurations
 No additional cost involved Only pay for
additional scaled VM’s, Storage and
Network Cost
 Can span across multiple AZs

COMPUTE - AVAILABILITY
 For a single VM (without any availability option) you will get 99.9% availability only
 There are multiple ways to make sure the VM availability within Azure
●
Use “Availability Zones” to protect from Data Center Failures
●
Configure multiple Virtual Machines in an “Availability Set”
●
Configure each application tier into separate Availability Sets
●
Combine a Load Balancer with Availability Zones or Availability Sets
 With the “Availability Zone” approach you will get 99.99% availability
 With the “Availability Set” approach you will get 99.95% availability

AZURE CONTAINER INSTANCES
 Representation of running Docker containers on Azure
 Benefits:
●
Manage application dependencies well. All the dependencies for an application are
included in the container image. You can manage the application and its dependencies
with confidence.
●
Increase Portability – Applications running in containers can be deployed easily to multiple
different operating systems and hardware platforms
●
Less overhead – Virtual machines require a lot more maintenance overheads. Containers
do not have much overheads related to their maintenance.
●
Development and deployment much easier
●
Works well with Azure Portal, CLI and PowerShell

AZURE APP SERVICES
 This is the PaaS part of Azure compute.
 App Services is also a fully managed platform. That means your servers, network and
storage is handled by Azure. You just need to focus on the business logic
 App Services are coming in three different flavors
●
1. Azure Web Apps
●
2. Azure Web Apps for Containers
●
3. Azure API Apps

AZURE MANAGED DISKS
 Azure managed disks are block-level storage volumes that are managed by Azure
and used with Azure Virtual Machines.
 Managed disks are like a physical disk in an on-premises server but, virtualized.
 With managed disks, all you have to do is specify the disk size, the disk type, and
provision the disk. Once you provision the disk, Azure handles the rest.
 The available types of disks are ultra disks, premium solid-state drives (SSD),
standard SSDs, and standard hard disk drives (HDD).
 Managed disks are designed for 99.999% availability. Managed disks achieve this by
providing you with three replicas of your data, allowing for high durability. If one or
even two replicas experience issues, the remaining replicas help ensure persistence
of your data and high tolerance against failures.

AZURE STORAGE ACCOUNT
 An Azure storage account contains all of your Azure Storage data objects: blobs,
files, queues, tables, and disks.
 The storage account provides a unique namespace for your Azure Storage data that
is accessible from anywhere in the world over HTTP or HTTPS.
 Data in your Azure storage account is durable and highly available, secure, and
massively scalable.

AZURE BLOB STORAGE
 This is similar to S3 in AWS
 This is the object storage on Azure
 Can store massive amounts of unstructured data on the cloud (From 500TB to 5PB)
 You need to create a “container” to store objects in the Blob Storage (similar to
“buckets” in S3)
 There are three different types of blobs
●
Block Blobs – To store text and binary data
●
Append Blobs – To store logging data
●
Page Blobs – To store virtual hard disk files for Azure Virtual machines.

BLOB STORAGE – ACCESS TIERS
 Access Tiers can be changed at the Storage Account level and the Container
Object Level.
 There are multiple access tiers identified in the Blob Storage
●
Hot – Frequently accessed data
●
Cool – Infrequently accessed data
●
Archive – Rarely accessed data. Access is restricted when objects in this tier.

AZURE FILE STORAGE
 This enables you to set up highly available network file shares that can be accessed
by using the standard SMB protocol.
 That mean multiple Virtual Machines can share the same files with both read and
write access.
 You can also read the files using the REST interface or the storage client libraries.
 It clearly distinguishes Azure files from files on a corporate file share is that you can
access the files from anywhere in the world using a URL that points to the file and
includes a shared access signature token.

AZURE QUEUE STORAGE
 Similar to SQS in AWS
 Queue Service can decouple the application logic to process data.
 When an application writes data to a queue, other subscriber applications will listen
to the queue and can process them.

AZURE SQL DATABASE (PAAS) DEPLOYMENT OPTIONS
 This is Azure MSSQL server PaaS offerings
 This has three deployment options
●
Single Database (DbaaS) – Database Server Instance in managed by Azure. Gets the latest
stable version of SQL server as SQL database
●
Elastic Pool (DbaaS) – A collection of multiple SQL databases, where one single database is
working as a single tenant. Alll the databases are managed by a pool of resources. Good for
applications relying on multiple databases with unpredictable usage.
●
Managed Instance (PaaS) – Azure manages the SQL server instance (Not the DB instance).
Lift and Shift ready.

AZURE SQL SERVER ON AZURE VM (IAAS)
 Can migrate to Azure without any database changes.
 Lift and Shift ready.
 Has full control over SQL Server database engine, SQL Server licenses, VM Operating System
 Has to take care of High Availability, Disaster Recovery, Performance, Change Control and
Security

AZURE MONITOR SERVICE
 Azure Monitor Service is similar to CloudWatch in AWS
 Delivers a comprehensive solution for collecting, analyzing, and acting on telemetry from
your cloud and on-premises environments.
 With this approach, it maximizes the availability and performance of your applications and
services. It heps you understand how your applications are performing and proactively
identifies issues affecting them and resources they depend on.
 You can check “Metrics”, “Activity Log”, “Alerts”, etc
 “Alerts” could be handled based on “Metrics” and the “Activity Log”

AZURE LOG ANALYTICS WORKSPACE
 Similar to CloudTrail in AWS
 This is the Azure environment that can be
used to store log data
 You can use this environment to collect log
data from various data sources.
●
Azure resources
●
From on-premise computers, which are
connected via Azure System Center
Operations Manager (similar to AWS SSM)
●
From Azure Storage Log Data

AZURE DEVOPS TOOLS
 Azure Boards
 Azure Pipelines
 Azure Repos
 Azure Test Plans
 Azure Artifacts

JUST IN TIME VM ACCESS
 By default, when you allow access to your VMs in Azure through network security
groups security rules, the access provided is unlimited, there is no time-related
restriction implemented. So, all allowed IP addresses will be able to connect to your
Azure VM.
 The just-in-time (JIT) virtual machine (VM) access feature in Azure Security Center
provides you the possibility to allow inbound traffic to your Azure Virtual Machines,
for a specific and limited period of time. This reduces exposure to attacks while
providing easy access ONLY when you need to connect to a VM
 Reference:
https:/
/docs.microsoft.com/en-us/azure/security-center/security-center-just-in-t
ime?tabs=jit-config-asc%2Cjit-request-asc

BIG DATAANALYTICS - AWS
Source:AWS Documentation

BIG DATAANALYTICS - AZURE

REFERENCES
 AWS to Azure Resource Comparison:
https:/
/docs.microsoft.com/en-us/azure/architecture/aws-professional/services
 Azure for AWS Professionals:
https:/
/docs.microsoft.com/en-us/azure/architecture/aws-professional/

Let's work
together
EMAIL
contact@1billiontech.com
MOBILE
+94 117 112191
FACEBOOK
1billiontechnology

Azure for AWS Developers

More Related Content

Similar to Azure for AWS Developers

More from Crishantha Nanayakkara

Recently uploaded

Azure for AWS Developers