Microsoft Azure: Unleashing the Potential of Cloud Computing

Microsoft Azure: Unleashing the Potential of Cloud Computing

Microsoft Azure is often hailed for its “limitless potential” and “unlimited possibilities”. But what does that mean in practical terms? How can Azure transform your business operations and why is it worth your attention? In this article, we’ll delve into these questions and illustrate the value of Azure through four key applications that can enhance your business operations and provide tangible benefits.

Understanding Azure

At its heart, Azure is a versatile public cloud computing platform. It offers a range of solutions, such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). These solutions can be used for a multitude of services like analytics, virtual computing, storage, and networking, to name a few. Azure can either replace or supplement your on-premise servers, depending on your business needs.

Let’s consider some of the standout features of Azure:

      1. Microsoft Azure – IaaS, PaaS, and SaaS: This trio of services allows you to choose the level of control you want over your IT infrastructure, platforms, and software.

      1. Flexible: Azure allows you to scale your compute resources up and down as required, ensuring that you only pay for what you use.

      1. Open: Azure supports almost any operating system (OS), language, tool, or framework, facilitating seamless integration with your existing systems.

      1. Reliable: Azure boasts a 99.95% availability Service Level Agreement (SLA) and offers round-the-clock technical support.

      1. Global: Azure’s data is housed in geo-synchronous data centers, ensuring fast and reliable access regardless of your location.

      1. Economical: With Azure, you only pay for the resources you use, making it a cost-effective solution for businesses of all sizes.

    Azure in Action: Four Key Applications

    Enhancing and Implementing Backup and Disaster Recovery

    Azure is an excellent tool for backup and disaster recovery, thanks to its flexibility, advanced site recovery capabilities, and built-in integration. Being a cloud-based solution, Azure can back up your data in almost any language, on any OS, and from any location. You also have the flexibility to set your backup schedule as per your business requirements – daily, weekly, monthly, or otherwise.

    While tape backup systems have their place, they have limited capabilities when used as a standalone backup and disaster recovery solution. Azure site recovery enhances your tape backup with offsite replication, minimal onsite maintenance, and up to ninety-nine years of data retention. It also reduces both capital investment and operational costs. Azure ensures data safety by storing three copies of your data in three different locations within the data center, and another three copies in a remote Azure data center.

    If you’re operating in a Windows virtual environment, Azure’s built-in integration for additional backup provides a quick and efficient solution. Azure site recovery integrates with System Center and HyperV architectures, creating a robust and seamless cohesion between Azure, System Center, and HyperV.

    Hosting and Developing Web and Mobile Apps

    Azure provides an excellent platform for hosting, developing, or managing web or mobile apps.

    Whether you’re looking for a platform to host, develop, or manage web or mobile apps, Azure has got you covered. Its features enable your apps to be self-sufficient and adaptive. This includes automatic patch management for your virtual machines, which allows you to devote less time to infrastructure management and more time to enhancing your apps. Azure also offers continuous deployment support to streamline ongoing code updates.

    Azure’s AutoScale feature, built into Azure Web Apps, adjusts your resources automatically based on customer web traffic. This ensures that you have the necessary resources during high-traffic periods and saves money during off-peak times.

    Moreover, Azure can seamlessly link your web app to an on-premise app. This connectivity allows both employees and partners to securely access resources inside your firewall, which would otherwise be challenging to access externally.

    Distributing and Supplementing Active Directory

    Azure can integrate with your Active Directory (AD), enhancing your identity and access capabilities. This integration extends your Domain Name System’s (DNS) global reach, centralizes management, and bolsters security.

    Azure allows you to globally distribute an AD environment that is direct connect enabled. No other cloud provider can extend the reach of your domain controller and consolidate AD management like Azure.

    For organizations with multiple locations or those using on-premise apps or cloud apps like Microsoft 365, integrating Active Directory with Azure becomes a central tool for managing and maintaining access to all these tools.

    Azure also supports multi-factor authentication, adding an extra layer of security to your data and applications without causing any inconvenience to your users. It also allows for easy implementation of single sign-on for Windows, Mac, Android, and iOS cloud apps.

    Innovating with IoT Industry Solutions

    The scalability, flexibility, and security of Microsoft Azure make it an excellent resource for companies moving toward Internet of Things (IoT) solutions. Azure allows you to connect your devices to the cloud using solutions that integrate with your existing infrastructure, enabling you to start collecting new data about your company.

    The Azure IoT Hub lets you monitor and manage billions of devices and gain insights that can help you make better business decisions, enhance customer experiences, reduce complexity, lower costs, and expedite development.

    The enhanced security of Azure is a significant asset for IoT solutions, which often have security gaps that hackers can exploit. Azure provides other benefits like remote monitoring, predictive maintenance, and analytics.

    Getting started with Azure IoT is easy with Azure IoT solution accelerators. These preconfigured templates are customizable to your needs and help you hit the ground running with your IoT initiatives.

     

    Your Azure Journey

    The above four applications are just the tip of the iceberg when it comes to what Azure can do for your business. Azure is a treasure trove of cloud-computing potential that you can leverage in almost any way imaginable.

    If you’re ready to explore these services, you can start with a trial and $200 in Azure credits. You can also get an idea of the cost by using the pricing calculator. If you have questions about other ways you could use Azure or need help implementing a service, consider reaching out to a sales engineer who can help you plan and implement the right tools to meet your needs.

    Cloud Storage Manager Blobs Tab
    What are Azure Resource Groups?

    What are Azure Resource Groups?

    Microsoft Azure, a leading cloud service provider, offers a vast array of resources to its users. In this ever-growing ecosystem, managing and organizing these resources is crucial. Enter Azure Resource Groups, a vital component of Azure’s management framework. This article will provide a comprehensive analysis of Azure Resource Groups, delving into key factors and addressing common questions. Additionally, we will touch on our free Azure Blob Storage Cost Estimator and Cloud Storage Manager software to help users save money on their Azure Storage.

    What is a Resource Group in Azure?

    A Resource Group is a logical container for resources deployed within an Azure subscription. It helps in organizing, managing, and monitoring resources collectively based on their lifecycle and their relationship to each other. Resource Groups bring order to the otherwise complex and dispersed cloud environment, allowing for more efficient management of resources and adherence to best practices.

    Azure Resource Group Example

    To better understand the concept of a Resource Group, let’s consider a simple example. Suppose you are developing a web application that includes several components such as a web server, a database server, and a storage account. In Azure, you would deploy these components as individual resources like a virtual machine for the web server, an Azure SQL Database for the database server, and an Azure Storage Account for storage.

    Instead of managing these resources separately, you can group them under a single Resource Group, named “MyWebAppResourceGroup,” for instance. This approach simplifies the management of your application’s resources, making it easier to monitor, manage access, and apply consistent policies.

    Difference Between Group and Resource Group in Azure

    The term “Group” in Azure often refers to an Azure Active Directory (AD) Group, which is a collection of users, devices, or other groups within an organization’s Azure AD. These groups help in organizing and managing access control, roles, and permissions across various Azure resources.

    On the other hand, a Resource Group, as explained earlier, is a logical container for resources deployed within an Azure subscription. It is primarily concerned with organizing and managing resources based on their lifecycle and relationship to one another.

    In summary, while Azure AD Groups are focused on organizing users, devices, and other groups for access control and permissions management, Azure Resource Groups are designed to manage and organize resources within an Azure subscription.

    Different Types of Resource Groups in Azure

    There are no specific “types” of Resource Groups in Azure, as they are all designed to perform the same function: organizing and managing resources. However, how you choose to structure your Resource Groups can vary depending on your organizational needs and resource management strategies.

    Some common strategies for structuring Resource Groups include:

    • By environment: Separate Resource Groups for production, staging, and development environments.
    • By application: Group resources related to specific applications or projects.
    • By department: Organize resources based on departments within the organization, such as HR, Finance, or IT.

    It is essential to plan your Resource Group structure carefully to optimize management, monitoring, and access control.

    The 3 Different Azure Resources

    Azure offers a plethora of resources to cater to various needs, ranging from computing power and storage to AI and machine learning. While there are many more than just three Azure resources, we will highlight three commonly used resources:

    Virtual Machines (VMs):

    Azure VMs are on-demand, scalable computing resources that

    can be provisioned and managed as needed. Users can choose from a wide range of VM sizes and operating systems to create a virtual environment tailored to their specific requirements.

    Azure App Service:

    This is a fully managed platform for building, deploying, and scaling web apps, whether they are web, mobile, or API-based. Azure App Service supports various programming languages and frameworks, such as .NET, Java, Node.js, Python, and PHP.

    Azure Storage:

    Azure Storage is a highly available, durable, and scalable cloud storage solution. It offers multiple storage services, including Blob storage, File storage, Queue storage, and Table storage, which cater to different data storage and access requirements.

    These resources represent just a fraction of the vast array of services available within Azure. They can be combined in numerous ways to create complex and powerful solutions tailored to your organization’s needs.

    Difference Between Resource Group and Subscription

    An Azure Subscription is an agreement with Microsoft to use one or more Azure services, and it is the billing entity for your organization’s usage. It is linked to a specific Azure account and provides access to Azure resources based on the purchased subscription level.

    A Resource Group, as previously described, is a logical container for resources deployed within an Azure subscription. It offers a way to manage and organize resources based on their lifecycle and their relationship to each other.

    In short, the Subscription is the billing and access control entity in Azure, while the Resource Group is a management and organization entity for resources within that subscription.

    Advantages of Azure Resource Group

    Azure Resource Groups offer several benefits:

    Organization:

    Resource Groups help you keep your Azure environment organized by logically grouping related resources together. This organization makes it easier to manage and monitor resources, as well as understand their interdependencies.

    Simplified Management:

    Resource Groups enable you to manage, monitor, and apply consistent policies to resources collectively, rather than individually. This simplification saves time and effort when performing tasks such as updating configurations or applying role-based access control.

    Cost Tracking:

    By grouping resources together, you can track and analyze costs associated with a specific project, application, or department. This granular cost analysis helps in optimizing resource usage and identifying potential cost-saving opportunities.

    Access Control:

    Resource Groups allow you to apply role-based access control at the group level, ensuring that users only have the appropriate permissions to access and manage the resources within that group.

    Resource Consistency:

    With Resource Groups, you can enforce consistent resource configurations, such as locations and tags, across all resources within a group. This consistency helps maintain adherence to organizational policies and best practices.

    How Many Resources Can Be in a Resource Group?

    Azure does not impose a strict limit on the number of resources that can be placed in a single Resource Group. However, there are certain Azure limits and quotas (like the number of resources per subscription) that indirectly affect the size of a Resource Group.

    It is essential to plan your Resource Group structure carefully, considering factors such as manageability, monitoring, access control, and cost tracking. It is generally a good idea to avoid putting too many resources in a single Resource Group, as it might make management and monitoring more challenging.

    Azure Storage Cost Optimisation

    As you work with Azure Resource Groups and resources, it’s crucial to understand the associated costs and optimize your storage usage. Our free Azure Blob Storage Cost Estimator allows you to estimate your blob storage costs and explore various options to find the most cost-effective solution for your needs.

    You can use our Azure Storage Estimator below to give you an estimate of your Azure Costs.

    The Azure Storage costs provided are for illustration purposes and may not be accurate or up-to-date. Azure Storage pricing can change over time, and actual prices may vary depending on factors like region, redundancy options, and other configurations.

    To get the most accurate and up-to-date Azure Storage costs, you should refer to the official Azure Storage pricing page: https://azure.microsoft.com/en-us/pricing/details/storage/

    In addition to cost estimation, our Cloud Storage Manager software helps you gain insights into your Azure Blob and File storage consumption, providing detailed reports on storage usage and growth trends. By understanding these trends and proactively managing your storage, you can save money on your Azure storage expenses.

    Azure Storage Unlocked

    Please fill out the form below to get our free Ebook "Azure Storage Unlocked" emailed to you
    FREE DOWNLOAD

    Send download link to:

    I confirm that I have read and agree to the End User License Agreement.

    Azure Resource Groups Conclusion

    The below table is not a complete list of Azure Services that can be contained in an Azure Resource Group, it is only an example of the most common Azure Services.

    Category Azure Service(s)
    Compute
    Virtual Machines, Azure Functions, Azure Kubernetes Service, Azure Container Instances
    Storage
    Azure Blob Storage, Azure File Storage, Azure Queue Storage, Azure Table Storage
    Database
    Azure SQL Database, Azure Cosmos DB, Azure Database for MySQL, Azure Database for PostgreSQL
    Networking
    Virtual Network, ExpressRoute, Azure DNS, Azure Traffic Manager
    Web & Mobile
    Azure App Service, Azure API Management, Azure Notification Hubs
    Containers
    Azure Container Registry, Azure Container Instances
    Analytics
    Azure Synapse Analytics, Azure Stream Analytics, Azure Data Lake Storage
    AI & Machine Learning
    Azure Machine Learning, Azure Cognitive Services, Azure Bot Service
    Internet of Things (IoT)
    Azure IoT Hub, Azure IoT Edge, Azure IoT Central
    Integration
    Azure Logic Apps, Azure Service Bus, Azure Event

    Azure Resource Groups FAQs

    No. Question Answer
    1
    What is a Resource Group in Azure?
    A Resource Group is a logical container for resources deployed within an Azure subscription. It helps in organizing, managing, and monitoring resources collectively based on their lifecycle and their relationship to each other.
    2
    What is an example of an Azure Resource Group?
    A simple example of a Resource Group is grouping resources related to a web application, such as a virtual machine for the web server, an Azure SQL Database for the database server, and an Azure Storage Account for storage. This grouping simplifies management, monitoring, and applying consistent policies.
    3
    What is the difference between a group and a resource group in Azure?
    A “group” in Azure usually refers to an Azure Active Directory (AD) Group, which is a collection of users, devices, or other groups within an organization’s Azure AD, used for access control and permissions management. A Resource Group, on the other hand, is a logical container for resources deployed within an Azure subscription, focused on organizing and managing resources.
    4
    Are there different types of Resource Groups in Azure?
    There are no specific “types” of Resource Groups in Azure, as they all perform the same function: organizing and managing resources. However, you can structure your Resource Groups based on different strategies, such as by environment, application, or department, to better suit

    Azure Resource Groups Conclusion

    Azure Resource Groups play a pivotal role in organizing, managing, and monitoring resources within an Azure subscription. By understanding their purpose, structure, and best practices, you can take advantage of their many benefits, such as simplified management, cost tracking, and access control.

    Additionally, utilizing tools like our Azure Blob Storage Cost Estimator and Cloud Storage Manager can help you make more informed decisions about your Azure storage usage, ultimately saving you money and ensuring you get the most out of your Azure environment.

    For further information, consider referring to the following external sources:

    1. Microsoft Azure – Resource groups and resources
    2. Azure Subscription and Service Limits, Quotas, and Constraints

    Remember, the key to effective Azure resource management lies in careful planning and leveraging the right tools to help you optimize costs and maintain an organized, efficient cloud environment

    Filtering Users and Groups using Azure AD Connect

    Filtering Users and Groups using Azure AD Connect

    Filtering Users and Groups using Azure AD Connect

    OOOOH the Cloud

    Microsoft’s Azure AD Connect allows you to sync your on-prem AD to your Azure AD / Office 365.  If you leave all the settings as default, then AD Connect will happily sync all your AD objects. This is fine for some, however many large organisations do not want to sync their entire environment. There are options to filter the objects by selecting specific OU’s, but sometimes this isn’t granular enough. Another option is to select a group and filter based on its memberships – but this is considered “pilot” mode and should not be used in a production environment. Personally, this is my preferred method, it’s easy to setup and you can add or remove users and groups to this “sync” group whenever you wish – but who am I to argue with Microsoft.

    So if you can’t filter based on OU, and you don’t want to go against Microsoft’s “best practice”, what other options do you have?

    Well, you need to look use the “Synchronization Rules Editor”.

    The rules editor allows you to create filter rules, to either filter in or filter out the AD objects you want to sync.

    In the below example I will show you how to filter out Users and Groups from syncing.

    The rules editor uses the AD Attributes of the object to determine whether or not to sync them. By attributes, I mean these…

    Azure AD Connect


    If you have Exchange in your environment then you will have the extensionAttribute 1 – 15 in your schema. I tend to use these attributes, but you may decide to use any that suits.

    OK, so what I want to achieve is to only sync the users or groups that have the extensionAttribute1 set to “Sync to Azure”. Any object without this value will not get synced.

    First, lets modify the attribute for 1 user and 1 group.

    Open AD Users and Computers and click View, and make sure the Advanced Features option is ticked. Without this option you won’t see the attributes tab.

    Azure AD Connect 2


    Find a test user and open the properties, then click on the Attribute Editor tab.

    Scroll through and find the extensionAttribute1 and click Edit. Set the value to Sync to Azure.


    Repeat the process for a Group.

    OK, now that we’ve set the attribute on both a user and group object, launch the Synchronization Rules Editor.

    Azure AD Connect 4


    We will now create two rules, one to filter users, and another to filter groups.

    Ensure the Direction is set to Inbound and click the Add new rule button.

    Give the rule a descriptive name and provide a description. I suggest something useful so when you come back in 3+ months it will make sense to you.

    1. Set the Connected System to your domain.
    2. Set the Connected System Object Type to User
    3. Set the Metaverse Object Type to Person
    4. Set the Link Type to Join
    5. Set the Precedence to 50 (or any value lower than the lowest value – if you haven’t created any other rules, then 50 will be fine).
    6. Click Next

    Azure AD Connect 5


    Click the Add Group button, and then the Add Clause button.

    Azure AD Connect 6


    Set the Attribute to the attribute you selected as the “filtering attribute”. In our example, it’s extensionAttribute1.

    Set the Operator to NotEqual

    And enter the value to look for, which in our example is “Sync to Azure”.

    Click Next.

    Azure AD Connect 7


    Click Next on the Join Rules window, as it’s not used with this rule.

    Azure AD Connect 8


    In the Transformations section, click Add transformation

    1. Set the FlowType to Constant
    2. Set the Target Attribute to cloudFiltered
    3. In the Source field, enter true
    4. Leave all other settings and click Add

    Azure AD Connect 9


    The new rule should now appear at the top of the list.

    Azure AD Connect 10


    OK, so that’s the Users rule done. Let’s move onto the Groups rule.

    The groups rule is a little tricker, so instead of trying to create it from scratch, we’ll use the existing one.

    Select the In from AD – Group Join rule and click Edit.

    Azure AD Connect 11


    Click Yes to the message – which will disable the existing rule and create a copy for us to work with.

    Azure AD Connect 12


    Give the rule a name and description.

    Set the Precedence to 55.

    Click Next

    Azure AD Connect 13


    In the Scoping Filter section, select both of the existing clauses and click Remove Clause.

    Azure AD Connect 14


    Once all the Clauses have been removed, click Add Clause.

    Azure AD Connect 15


    Set the Attribute to the attribute you selected as the “filtering attribute”. In our example, it’s extensionAttribute1.

    Set the Operator to Equal (with the user rule we set it to NotEqual, but here we use the Equal operator).

    And enter the value “Sync to Azure”, or whatever value you are using.

    Click Next.

    In the Join rules, ensure the Source Attribute is set to objectGUID and the Target Attribute is sourceAnchorBinary.

    Click Next.

    Azure AD Connect 16


    Leave the settings as default in the Transformations window and click Save.

    Azure AD Connect 17


    If you receive an expression warning, click Yes to continue saving the rule.

    You should now have two rules in your rule set.

    Azure AD Connect 18


    OK, now that we’ve made our rules, we need to kick off a full sync.

    Open up a PowerShell console, and enter: Start-ADSyncSyncCycle -PolicyType Initial

    Once the sync finishes, log into the Azure or 365 portal and have a look under the Users and Groups sections.

    As you can see, only my two test users have been synced

    Azure AD Connect 19


    And in the groups, only my two test groups are synced too.

    Azure AD Connect 20


    While you are here, please take the time to check out our software products for Azure, VMWare, Hyper-V and SCCM.

    70-534 – Maintaining the Azure Cloud

    70-534 – Maintaining the Azure Cloud

    70-534 – Maintaining the Azure Cloud

    Azure Hand Cloud

    Azure Overview

    As explained in the previous post around the Azure Datacentres, Microsoft’s Azure offerings have to be reliable, have high performance and be incredibly resilient. Therefore maintaining the Azure Datacentres can be quite a complex procedure. Microsoft has to have a plan in place for the two possible scenarios of maintenance, planned and the unplanned. Planned maintenance happens on a schedule, while unplanned maintenance occurs in response to an unexpected event, normally due to a hardware failure.

    Azure Planned Maintenance

    Microsoft routinely schedule maintenance of their hosting hardware. Whether these are a firmware update or applying a security patch to the underlying hypervisor. While most of these will not effect the virtual machines you have running on this infrastructure, there are some circumstances which may cause your VMs to shutdown and restart. Obviously Microsoft providing a multi-tenanted environment, it would be near impossible to schedule the downtime of all their customers servers that would be effected by the maintenance, so hence this may occur to your VMs

    Azure Stop

    Azure Availability Sets

    So how do you avoid this and ensure your application keeps on going? Well Microsoft have an Service Level Agreement (SLA) in place only for multi instance VMs in the same logical group, which is called an availability set. When Microsoft performs maintenance, they ensure that not all the virtual machines within the same availability set will be restarted at the same time. So to give your applications the best chance, ensure that you have at least two virtual machines performing the same function (perhaps clustered for example) within the one availability set. Always remember that a single virtual machine will not have an SLA available and could be restarted at any time. During an Azure datacentre maintenance, the single instance VMs are brought down in parallel, then upgraded and restarted in no particular order. So if you have your applications on single instance Virtual Machines, they will naturally be unavailable during the maintenance window. Microsoft does send customers an email prior to any scheduled maintenance, detailing the date and time the outage is to be expected, but this is only for planned maintenance. Unplanned maintenance you will of course not be notified.

    Azure Availability Sets

     

    Azure Resilience

    As shown in the example picture above, we have two Front End servers for the application within their own availability set, with the corresponding database servers also in their own one. AppSrv1 will be on a different host, and perhaps even rack to AppSrv2. Should the host running AppSrv1 have an issue and have the need to restart all the virtual machines running on that host, then this will not effect AppSrv2. Same thing goes for the database servers. It is best practice to also separate your application databases and other roles and have them in their own availability sets.

    Where possible, always create multiple instances of your virtual machines and have them within the same availability set. If you do this you will then qualify for the Microsoft SLA. 

    Azure Update Domains

    Azure Update Domains (sometimes these maybe called Upgrade Domains) are utilised for planned updates to the Azure Cloud service. The default number of Update domains is five with a maximum of twenty available to each availability set. Your virtual machines are spread across update domains to avoid outages to your applications and as Microsoft rolls out updates to their infrastructure, they will only ever update one update domain at any time. This will avoid unnecessary outages to your system

     

    Azure Update Domains

     

    Azure Unplanned Maintenance

    So what happens when there is unplanned maintenance I hear you ask? As I am sure you are quite aware, problems with hardware can be a regular occurrence at times. Failures with the network, server issues and even total rack failures can and do happen. Azure detects these failures automatically and will migrate your virtual machines to another host that is healthy.

    Azure Fault Domains

    Azure fault domains are a boundary between the infrastructure within the same datacentre to help prevent issues caused by unplanned outages. Multiple virtual machines that are deployed in the same availability set are also allocated to different fault domains.  Fault Domains can be on separate racks, separate power supplies, different switches and sometimes even cooling systems. Fault Domains within Azure are assigned in a pattern, FD0, FD1, FD0, FD1 and so forth. All this helps alleviate any unplanned localised hardware failures that will interrupt services to your virtual machines. It is very unlikely that there will be issues with two or more fault domains, in fact it is more likely that there is a whole datacentre outage, which in this case you would need cross region replication.

    Azure Fault Domains

    Azure Fault Domain Example

    Now we have shown two fault domains with the availability sets detailed in the earlier diagram. You can see that AppSrv1 and DBSrv1 are in the same fault domain, and therefore more than likely on the same hardware or within the same rack. Should the rack or hardware have a failure, then AppSrv2 and DBSrv2 will not be effected by this outage and will continue delivering your applications.

    VM                 Fault Domain

    AppSrv1         0

    AppSrv2         1

    DBSrv1           0

    DBSrv2           1

    When you boot your servers within your availability set they will be allocated to a fault domain in an order, e.g. FD0, FD1, FD0, FD1, FD0, FD1 etc. The pattern of fault domain allocation never changes and will always follow this pattern.

    So how does this work?

    It is worth noting, that each availability set automatically creates two Fault Domains and is assigned to five Update Domains. For example, you build an availability set with six virtual machines. The first five are allocated to the five Fault Domains, and the sixth virtual machine is then added in to the first Fault Domain, with the first VM. In the worst case, VMs number one and six could be restarted at the same time if a maintenance event was to occur. As Update Domains are only ever restarted one at a time and that the restart order of the Update Domains isnt always sequential, these can be restarted in any order.

     Cross Region Redundancy

    Now, what happens in the unlikely event that a complete Azure Datacentre has an issue. Cross region redundancy is available within Azure which is basically a backup copy of your data in a secondary Azure datacentre (replication of your VMs to a second region). You can set up Cross Region Redundancy for your applications that require this level of service (thinking Tier 1 applications for the most part). You select the primary region to deliver your services from, choose a secondary region and Azure will take care of the replication. In the event of something catastrophic of the primary region, the system will automatically failover to the secondary region. The beauty of this service is that this happens automatically, there is no manual intervention required. Azure automatically takes care of the replication and the failover.

    Service Throttling

    As Microsoft’s Azure is a multi-tenant environment, with many many customers, how can Microsoft fairly monitor consumption? Service throttling will ensure consistent delivery of services to every customer they have according to the customers subscription limits. If throttling does ever occur, the experience that will be delivered will be degraded services. Azure bases this throttling on a few different criteria. From the amount of data stored, the number of transactions and system throughputs. You do always have the option to increase your limits should you ever reach them. As always, you should plan your architecture within Azure with performance in mind, but if the need arises you can scale up and scale out as needed.

           FAQs

    Question Answer
    What is Azure planned maintenance?
    Azure planned maintenance is when Microsoft schedules maintenance of their hosting hardware, which could include firmware updates or applying security patches to the underlying hypervisor. Some virtual machines may need to be shutdown and restarted during this process.
    What is Azure Availability Sets?
    Azure Availability Sets is a feature that allows customers to group virtual machines together in the same logical group to ensure that they are not all restarted at the same time during maintenance. Having multiple instances of virtual machines in the same availability set qualifies customers for the Microsoft SLA.
    What is Azure resilience?
    Azure resilience refers to the ability of a system to withstand and recover from hardware failures or other unexpected events. To ensure resilience, it is best practice to separate application databases and other roles, and to have them in their own availability sets.
    What are Azure Update Domains?
    Azure Update Domains are used for planned updates to the Azure Cloud service. Virtual machines are spread across update domains to avoid outages to applications, and Microsoft will only ever update one update domain at any time.
    What is Azure unplanned maintenance?
    Azure unplanned maintenance occurs in response to unexpected events such as hardware failures. Azure automatically detects these failures and migrates virtual machines to another healthy host.
    What are Azure Fault Domains?
    Azure Fault Domains are a boundary between infrastructure within the same datacenter to prevent issues caused by unplanned outages. Multiple virtual machines deployed in the same availability set are allocated to different fault domains, which can be on separate racks, power supplies, switches, or cooling systems.
    How do I ensure my applications are resilient in Azure?
    To ensure application resilience in Azure, it is recommended to group virtual machines in the same availability set, separate application databases and other roles, and have them in their own availability sets.
    How does Azure handle unplanned outages?
    Azure automatically detects unplanned outages and migrates virtual machines to another healthy host.
    How does Azure prevent outages during planned maintenance?
    Azure uses Azure Availability Sets and Azure Update Domains to prevent outages during planned maintenance.

    Well thats it for todays post. Ill continue with the Architecting Azure Solutions 70-534 study in a further post. Make sure you book mark this site for further updates.

    70-534 – Azure Datacentres

    70-534 – Azure Datacentres

    70-534 – Azure Datacentres

    The second post of many more to come to help you understand and pass the Architecting Microsoft Azure Solutions exam and gain that sort after certification.

    Well first things first, lets cover off the Microsoft Azure Datacentres. The datacentres may be known as Azure GFS datacentres (Global Foundation Services) or they were newly renamed to Microsoft Cloud Infrastructure and Operations (MCIO).

    MS Azure DCs

    Microsoft’s Azure datacentres are in all 17 different regions throughout the world all networked together with access available to these datacentres from 140 different countries. They are operate in 10 different languages and 24 different currencies. Not only can you run your servers and applications in these datacentres, they also are used by Microsoft to deliver their own services, like Office 365 services, Bing search, Xbox live as well as the Azure platform. These datacentres are huge (some as big as three large cruise ships placed end to end) with over one million servers serving over one billion customers. They have to be to provide infrastructure to themselves as well as all their clients around the world with real time replication, low latency and very very high reliability.

    The regions they are available in are;

    Azure Region             Location

    Central US                   Iowa

    East US                        Virginia

    East US 2                     Virginia

    US Gov Iowa                Iowa

    US Gov Virginia           Virgina

    North Central US         Illinois

    South Central US         Texas

    West US                       California

    North Europe               Ireland

    West Europe                Netherlands

    East Asia                      Hong Kong

    Southeast Asia             Singapore

    Japan East                   Tokyo, Saitama

    Japan West                  Osaka

    Brazil South                 Sao Paulo State

    Australia East              New South Wales

    Australia South East    Victoria

    Central India                Pune

    South India                   Chennai

    West India                    Mumbai

    Choosing a Microsoft Azure Datacentre

    Whenever choosing a datacentre to build your environment in, its always best practice to choose the one that is closest to your users, this will help with any latency, performance and reliability issues. Not all of the Microsoft Azure datacentres share the same set of services. (Microsoft regularly roll out new services. To see which services are available and where, visit the Microsoft website https://azure.microsoft.com/en-us/regions/services/). Australia has an additional constraint that only customers residing within Australia and New Zealand can uses the services within that region. Additionally, China which you may have noticed isnt specified above, delivers Azure services independently from the others as it is offered by one of their largest Internet Service Providers, 21Vianet. Data within the China Azure infrastructure remains within China and doesnt replicate or share data to the other regions.

    Azure Datacentre Resiliency

    Having datacentres that big and making them highly available creates a huge problem. Just think about having to manage over one million servers, patching them, updating firmware, replacing failed hardware. The number of servers alone is enough to make the average administrator faint. The advantage that Azure has over the average datacentre is, the amount of physical hardware servers. When one server starts to fail, its virtual machines can be migrated to another healthy server. Faults are detected and migration is handled automatically. The ability to quickly recover, or in most instances, migrate these virtual machines live, means high resilience is built in. This is known as Mean Time to Recover (MTTR), which allows Microsoft to provide the availability of services to their customers, quickly and without user intervention.

    Azure Security

    Microsoft takes security of seriously. Imagine all the data belonging to all these customers and Microsoft have a rogue employee start stealing data. Well Microsoft has locked down Azure only so that the administrators only have enough access and time to do the task they require. This is known as Just in Time Administrator Access. By default, Microsoft administrators do not have access to customer data and can only gain access when granted by the client and only during a predetermined window. All their administrator access and actions are logged, monitored and audited. Physical access to the Microsoft Azure Datacentres and hardware is also monitored with continuous surveillance.

    As you can imagine, Microsoft Azure datacentres would be a target for all sort of nefarious type of hackers and threats. Threat management is also provided as part of the service. Data is scrubbed and monitored for any potential threats prior to it coming in to your precious servers. Intrusion detection, Denial of Service attack prevention, regular penetration testing, data analytics and machine learning tools help to keep your servers and data safe. Azure scans all software during all physical server builds. They also have real time protection and on demand scanning of their cloud services and virtual machines.

    Deployment of patching is automated to the Azure infrastructure. Patching deployment is based on the severity of the patch. Azure will also patch customers virtual machines unless the customer has requested to manually patch their systems themselves (ie using SCCM or WSUS or the like).

    Having so many customers share infrastructure between them in the multitenant environment, could be a huge security risk. Azure logically isolates each customer from each other so that no customer should be able to access any other customers data. For customers own security and compliance, Microsoft Azure provides a set of tools to help the client achieve this. Azure offers technology like data encryption in transit and at rest (Azure storage is encrypted). Azure also obtains some of the highest security certifications, such as ISO27001 and ISO27002,
    HIPPA, FISMA, FedRAMP etc (The Microsoft Azure Trust Centre details the certifications held further. Please visit https://www.microsoft.com/en-us/trustcenter/Compliance for more information).

     Azure Datacentre Designs

    With so many datacentres that are this large and with so many customers utilising their services and expecting reliability and performance, every Azure datacentre is designed with infrastructure availability as the main concern. Every critical component of Azure is built with redundancy in mind. Multiple Uninterruptible Power Supplies (UPS), huge arrays of batteries and large generators with fuel reserves to compensate in case of a tremendous disaster.

    As you can imagine, running each of these datacentres is a huge expense for Microsoft. So each datacentre is also designed with to lower their total cost of ownership. Each of the Azure datacentres operate with a lower Power Usage Effectiveness (PUE) rating as low as 1.125, in comparison an average datacentre PUE rating is an 1.8. A low PUE means that the datacentre consumes less power and Microsoft achieve this by looking at the datacentre as a whole, not just focusing on each single component.

    Azure Datacentre FAQs

    Question Answer
    What are Microsoft Azure Datacentres?
    Microsoft Azure Datacentres are facilities that house and maintain servers and other infrastructure for running applications and services on the Azure platform. They are located in 17 different regions throughout the world and are used by Microsoft to deliver their own services as well as provide infrastructure to clients around the world.
    What are the regions in which Microsoft Azure Datacentres are available?
    Microsoft Azure Datacentres are available in 17 different regions around the world, including Central US, East US, West US, North Europe, West Europe, East Asia, Southeast Asia, Japan East, Japan West, Brazil South, Australia East, Australia South East, Central India, South India, and West India.
    How do I choose a Microsoft Azure Datacentre?
    When choosing a Microsoft Azure Datacentre to build your environment in, it’s best practice to choose the one that is closest to your users to improve latency, performance, and reliability. Not all of the datacentres share the same set of services, so it’s important to check which services are available and where on the Microsoft website. Additionally, customers residing within Australia and New Zealand can only use the services within the Australia region.
    What is Azure Datacentre Resiliency?
    Azure Datacentre Resiliency refers to the high resilience built into Microsoft’s Azure datacentres, which allows virtual machines to be quickly recovered or migrated live to another healthy server in the event of a failure. Faults are detected and migration is handled automatically, resulting in a Mean Time to Recover (MTTR) that allows Microsoft to provide the availability of services to their customers quickly and without user intervention.
    How does Microsoft ensure the security of its Azure Datacentres?
    Microsoft takes the security of its Azure Datacentres seriously, and has implemented measures such as Just in Time Administrator Access, physical access monitoring, and continuous surveillance to prevent unauthorized access. Threat management is also provided as part of the service, which includes intrusion detection, Denial of Service attack prevention, regular penetration testing, data analytics, and machine learning tools to help keep customers’ servers and data safe. Azure logically isolates each customer from each other to reduce the risk of security breaches in the multi-tenant environment.

    Well thats enough for the moment. I will continue on to the next blog post for the 70-534 exam another day.