Hands-On Cloud Administration in Azure E-Book

Hands-On Cloud Administration in Azure

Copyright © 2018 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Gebin GeorgeAcquisition Editor: Shrilekha InaniContent Development Editor: Dattatraya MoreTechnical Editor: Sayali ThanekarCopy Editor:Safis EditingProject Coordinator: Kinjal BariProofreader: Safis EditingIndexer: Tejal Daruwale SoniGraphics: Jisha ChirayilProduction Coordinator: Jyoti Chauhan

First published: October 2018

Production reference: 1221018

Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK.

ISBN 978-1-78913-496-4

www.packtpub.com

Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

Why subscribe?

Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals

Improve your learning with Skill Plans built especially for you

Get a free eBook or video every month

Mapt is fully searchable

Copy and paste, print, and bookmark content

Packt.com

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.packt.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks. 

Foreword

I've been alive for more than 40 years, and I can tell you that we are lucky to live in these technologically exciting times. In a plastic or magnesium alloy, school notebook-sized box, weighing less than a bottle of juice, we have more portable power than a secret government data center would have had a few decades ago. We can run multiple operating systems on one computer at once, connect to a zillion devices wirelessly in an instant, and send messages and stream videos in a blink of an eye. Optical cables and even the air around us gives us access to an unfathomable amount of worldwide information and resources.

Around our wrists today, we wear millions of times more computing power and data storage than would have been in a computer not so long ago. What was once a huge block of buildings, connected to power plants, operating with the help of hundreds of engineers, is today a tiny piece of silicon in your pocket, with a processing power a billion times greater.

Technology is saving people's lives, allowing surgeries to be performed at a distance, empowering people with knowledge that is now more accessible than ever at just few clicks away—in the air, at sea, in the middle of nowhere.

Years ago, we waited 5 to 10 minutes for a program of just 48 kilobytes to load from a tape we got in the mail. Not email, folks—yes, you have read it right—in the mailbox, the actual box that holds the papers and stuff your postman delivers. Once we got the internet, we waited minutes, often hours, just to connect to the internet because access points were rare. You reached them by dialing—turning a ring or pushing plastic buttons. And once you got in, you patiently waited again to download that huge 1 megabyte document or a picture through a telephone wire. Yes, we also had operating systems that were upgraded or replaced with a new version every 5, 10, or 15 years.

Yeah, right, we were not in a hurry and had every minute between two operating system version upgrades available to learn the nuts and bolts of how that particular operating system worked and behaved.

Now… well, today we attend university classes from our homes with a lecturer on a different continent; we watch condensed and fast-paced computer technology classes on a train on our way home from work. Operating systems and applications are upgraded every six months, with feature upgrades and fixes coming out every week. Microsoft Azure is evolving and getting new features, upgrades, services, and capabilities on a weekly basis.

Today, we live with an abundance of technology but march through a scarcity of time.

Mustafa and I met on one of the numerous conferences we attended and became friends through a mutual passion and love for technology, particularly Microsoft Azure. A database professional with more than 30 technical certifications, Mustafa is currently a cloud architect and system engineer responsible for architecting and managing thousands of Azure services and workloads for some of the largest Fortune 500 companies.

Through this book, Hands-On Cloud Administration in Azure, Mustafa effortlessly explains the most important pieces of the Azure puzzle, giving you grab-and-go concepts without losing so much valuable time. Beginning with cloud administration models, the book explains the pillars of Azure: virtual networks and the Infrastructure-as-a-Service model. In the second part of the book, you will make an efficient start on building advanced solutions in Azure. The book then closes with an exploration of the essential security solutions and administration tools, looking at the best tips and tricks for them.

Each Microsoft Azure service or feature could have a whole book written on it. The chapters in this book could be expanded to fill their own books as well; there is simply a lot to cover. What this book offers is a straightforward and practical approach that you can follow in the Azure portal as you are going through chapters—you'll see the results right away, without wasting your valuable time. Jumpstarting your experience in Microsoft Azure has never been easier or more efficient, thanks to Hands-On Cloud Administration in Azure.  

Backed up with Mustafa's extensive hands-on experience, this unique and practical book will give you nuggets of Azure knowledge in an efficient, practical, and timely way.

Sasha (Sasa) Kranjac, MVP, MCT, CEI

Contributors

About the author

Mustafa Toroman is a program architect and senior system engineer with Authority Partners. He has years of experience in designing and monitoring infrastructure solutions, and has lately been focused on designing new solutions in the cloud and migrating existing solutions to the cloud. He is very interested in DevOps processes and he's also an Infrastructure-as-Code enthusiast. Mustafa has over 30 Microsoft certificates and has been a Microsoft Certified Trainer (MCT) for the last 6 years. He often speaks at international conferences (such as MS Ignite, European Collaboration Summit, and IT/Dev Connections) about cloud technologies, and has been named an MVP for Microsoft Azure for the last three years in a row.

About the reviewer

Sasha (Sasa) Kranjac is a security and Azure specialist and instructor with more than two decades of experience in the field. He can be spotted speaking at numerous conferences or delivering Microsoft, EC-Council, and his own Azure and security courses internationally.

He is a Microsoft MVP, MCT, MCT Regional Lead, Certified EC-Council Instructor (CEI), and holds a few other certifications as well. He is a real security and Azure otaku!

Sasha owns a small training and consulting company, and his clients include some of the world's largest enterprises.

He is currently writing MCSA Windows Server 2016 – Certification Guide, for Packt Publishing, and has a few titles in the pipeline on top of that.

Packt is searching for authors like you

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

Table of Contents

Title Page

Copyright and Credits

Hands-On Cloud Administration in Azure

Packt Upsell

Why subscribe?

Packt.com

Foreword

Contributors

About the author

About the reviewer

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Get in touch

Reviews

Key Concepts of Cloud Computing

Cloud computing concepts

Types of cloud computing 

A brief history of Azure (from ASM to ARM)

Cloud services models

Pros and cons of cloud service models

Other benefits of the cloud

Understanding the Azure subscription model

Azure subscription types

Deciding between IaaS or PaaS

Understanding the pricing of Azure resources

ARM revolution

Summary

Questions

Azure Networking - Foundation of Azure IaaS

Technical requirements

Azure networking basics

Creating your first virtual network in Azure

Azure virtual network options

Connected devices

Creating an Azure virtual machine

IP address types

Private IP addresses

Network security groups

Public IP address

Other Azure network services

ARM templates

Summary

Questions

Infrastructure as a Service - the First Layer of Cloud Computing

Technical requirements

Deploying Azure Virtual Machines

Creating a new Azure Virtual Machine

Basic Azure Virtual Machine information

Azure Virtual Machine sizes

Advanced VM options

Managing Azure Virtual Machines

VM settings

Azure Virtual Machine operation and monitoring

Azure Load Balancers

Creating an Azure Load Balancer

Configuring the Azure Load Balancer

Azure Load Balancer ARM template

Azure Virtual Machine Scale Set

Creating an Azure Virtual Machine Scale Set

Managing Azure Virtual Machine Scale Sets

Azure Virtual Machine Scale Set ARM template

Summary

Questions

Azure App Service - Hosting Web Applications without a Server

Technical requirements

Azure App Service Plan and Azure Web Apps

Creating an App Service Plan

Creating an Azure Web App

Managing Azure Web App

Azure Web App deployment settings

Azure Web App general settings

Custom domains, certificates, and scaling

Azure Web App Tools

Monitoring a Web App in Azure

Application Insights

Azure App Service Plan

Azure Web App high availability 

Creating a Traffic Manager

Traffic Manager configuration and settings

Running Azure Web Apps in a dedicated environment

Summary

Questions

The Azure Data Platform

Technical requirements

Azure Database options

SQL Server as IaaS

Creating an Azure Virtual Machine with a SQL image

Managing SQL Server in the Azure Virtual Machine

High availability for SQL Server in Azure Virtual machine

SQL Server as PaaS

Creating the Azure SQL Database

Managing the Azure SQL Database

Creating highly available Azure SQL Database

Azure SQL Database security

Monitoring and troubleshooting Azure SQL Database

Azure SQL Database backup

Other data services in Azure

Summary

Questions

Azure Storage, Backup, and Site Recovery - Moving your Data to Azure

Technical requirements

Azure Storage

Creating an Azure Storage account

Azure Storage settings

Migrating a database to the cloud

Backing up a database to storage

Migrating a database to Azure SQL

Database assessment

Azure Recovery Service

Creating a recovery service vault

Enabling Azure Backup

Backing up on-premises resources

Azure Site Recovery

Configuring ASR for on-premises resources

Using ASR as a migration tool

Failover and migrating the VM

Other options

Summary

Questions

Hybrid Cloud with Azure - Extending Local Workloads to the Cloud

Technical requirements

Hybrid clouds

Connecting the local network and Azure Virtual Network

Creating a S2S Connection

Configuring Azure settings for S2S

Configuring a local firewall for S2S

Configuring services in a hybrid environment 

Connecting virtual networks across Azure 

On-premises data gateway

Local installation

Cloud service

Azure Stack

Summary

Questions

Azure Active Directory - Identity in the Cloud

Technical requirements

The Azure Active Directory

Creating a new directory

Customizing your domain

Syncing AAD with on-premises AD

Installing Azure AD Connect

Managing AAD

Creating a new user

Managing user options and permissions 

Registering an application in AAD

Role-based access control

Summary

Questions

Azure Security and Administration

Technical requirements

Demystifying cloud security

Securing your identity

Enabling multi-factor authentication

Other identity security options

Securing the network

Azure Firewall

Preparing the environment

Creating an Azure Firewall

Azure Route Table

Configuring Azure Firewall

Other network security options

Encryption

Azure Key Vault

Creating an Azure Key Vault

Adding keys and secrets

Encrypting the storage account

Encrypting databases

Installing Azure PowerShell

Using your own key for Azure SQL Database encryption

Encrypting VM disks

Azure Security Center

Azure Security Center overview

Azure Security Center recommendations 

Enabling endpoint protection

Azure Security Center Alerts

Just-in-Time access

Summary

Questions

Best Practices

Technical requirements

Azure best practices

Naming convention

Public endpoints

Other things to consider

Infrastructure as code

Installing tools

ARM templates

Azure PowerShell

Azure CLI

Creating Azure resources with IaC

Creating an Azure Web App with ARM templates

Creating an Azure Web App with Azure PowerShell

Creating an Azure Web App with Azure CLI

Deploying multiple resources

Configuration as code

Apply DSC with Azure Automation

Summary

Questions

Assessments

Chapter 1: Key Concepts of Cloud Computing

Chapter 2: Azure Networking – Foundation of Azure IaaS

Chapter 3: Infrastructure as a Service – the First Layer of Cloud Computing

Chapter 4: Azure App Service – Hosting Web Applications without a Server

Chapter 5: The Azure Data Platform

Chapter 6: Azure Storage, Backup, and Site Recovery – Moving your Data to Azure

Chapter 7: Hybrid Cloud with Azure – Extending Local Workloads to the Cloud

Chapter 8: Azure Active Directory – Identity in the Cloud

Chapter 9: Azure Security and Administration

Chapter 10: Best Practices

Other Books You May Enjoy

Leave a review - let other readers know what you think

Preface

Welcome to Hands-On Cloud Administration in Azure. This book is designed to help you start with Azure and guide you on your cloud journey. We will start with cloud concepts that will help you to understand the difference between cloud and local infrastructure. Basic Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) services will be explained, to help you understand how to leverage cloud to your advantage. Next, we'll move to migration and then hybrid cloud, and explain how to move your services to the cloud and how to combine them with on-premises resources. Identity and security will be covered in order to explain how to secure and protect your cloud resources. Finally, we'll go over some best practices and Infrastructure-as-Code to help you administer and monitor your resources.

Everything will be covered with real-world examples and a step-by-step approach that will help you to understand cloud principles and apply them in your environment.

Who this book is for

This book targets IT pros, system engineers and administrators, DevOps practitioners, and anyone who wants to understand Azure and cloud concepts. You should have a basic understanding of cloud computing, and intermediate knowledge of networking and server administration.

What this book covers

Chapter 1, Key Concepts of Cloud Computing, introduces you to cloud computing and basic cloud concepts and models. The focus will be on the differences between IaaS and PaaS. We'll also explainAzure subscriptions and tenant.

Chapter 2, Azure Networking - Foundation of Azure IaaS, covers the basic Azure networking concepts that will help you get started with IaaS services and set the foundation for your environment.

Chapter 3, Infrastructure as a Service - the First Layer of Cloud Computing, explains how to set up and configure an Azure Virtual Machine (VM). We'll also cover how to monitor and administer VMs.

Chapter 4, Azure App Service - Hosting Web Applications without a Server, deals with the basics of PaaS services and how to host your application with Azure App Service. We'll cover how to set up PaaS and monitor your websites.

Chapter 5, The Azure Data Platform, covers databases in Azure, focusing both on IaaS and PaaS services. We'll explain the differences and when to use which approach. 

Chapter 6, Azure Storage, Backup, and Site Recovery - Moving Your Data to Azure, explains Azure Storage services and how to set up backup and DR in Azure. After we have our data in Azure, we'll explain how to use backup and DR to move to Azure from on-premises systems.

Chapter 7, Hybrid Cloud with Azure - Extending Local Workloads to the Cloud, looks at how hybrid clouds are in use for most organizations and how we increasingly need to use a combination of cloud-based and on-premises resources. We'll cover how to set up a hybrid cloud with Azure and how to securely connect cloud-based and on-premises services.

Chapter 8, Azure Active Directory - Identity in the Cloud, covers identity, which is a very important part of any IT system. We'll explain how to set up Azure Active Directory for authentication and authorization for cloud services. We'll also cover how to connect your local Active Directory and use the same identities for local and cloud-based resources. 

Chapter 9, Azure Security and Administration, goes into how, for many organizations, security is the most important thing to consider before moving to the cloud. In this chapter, we'll explain how secure Azure really is and how we can harden our security in the cloud to make it more secure than a local data center.

Chapter 10,  Best Practices, covers some best practices and real-life scenarios, from setting up your subscription and naming resources, to Infrastructure-as-Code and monitoring.

To get the most out of this book

A basic understanding of cloud computing is recommended. Intermediate knowledge of server and network administration is required to better understand key differences between locally-based and cloud-based infrastructures. The following tools will be used during this book:

Windows Server 2016

MS SQL Server 2016

Hyper-V

Active Directory

PowerShell

Microsoft Azure

Azure PowerShell

Azure CLI

Download the example code files

You can download the example code files for this book from your account at www.packt.com. If you purchased this book elsewhere, you can visit www.packt.com/support and register to have the files emailed directly to you.

You can download the code files by following these steps:

Log in or register at

www.packt.com

.

Select the

SUPPORT

tab.

Click on

Code Downloads & Errata

.

Enter the name of the book in the

Search

box and follow the onscreen instructions.

Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:

WinRAR/7-Zip for Windows

Zipeg/iZip/UnRarX for Mac

7-Zip/PeaZip for Linux

The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/Hands-On-Cloud-Administration-in-Azure. In case there's an update to the code, it will be updated on the existing GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://www.packtpub.com/sites/default/files/downloads/9781789134964_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "Basic-tier VMs are intended for dev/test environments, and even though they have a similar performance to standard tier VMs, there are a few limitations."

A block of code is set as follows:

{ "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "name": {

Any command-line input or output is written as follows:

Connect-AzureRmAccount

Bold: Indicates a new term, an important word, or words that you see on screen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "To create a new Azure VM, we need to select New resource and then select New Virtual Machine."

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packt.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packt.com.

Key Concepts of Cloud Computing

Cloud has been a buzzword for quite some time and is a big trend in IT. More and more companies are starting their cloud journeys but starting these journeys can be hard. Different skills and a different mindset are needed when compared to on-premises IT, and cloud administrators are in demand. In this book, we'll start our cloud journey together and help you to get a grasp on cloud administration and to understand Microsoft Azure services and architecture. Become an Azure expert and help your company have a safe and pleasant journey to Azure.

The topics we're going to cover include the following:

Cloud computing concepts

Cloud services models

Azure subscription model

Cloud computing concepts

As we are going to use Microsoft Azure, it's important that we understand the key concepts of cloud computing and especially the concept of the public cloud, as Azure is exactly that: a public cloud. 

In the past, we have seen many trends in the IT industry; some of them were short-term and some of them stayed for quite some time. Many consider cloud computing to be a trend that will not be here for a long time, but they don't really understand the concept of the cloud and where it all begins.

Cloud computing didn't just starting with public cloud offerings, but it began in the 1990s. Obviously, the cloud didn't have a form like it does today but started more as something that companies implemented internally, offering their employees the option to create virtual machines on demand. At this stage, the cloud included a virtualization platform that allowed employees to create development/test environments composed of virtual machines based on preprepared images when needed. Two components are part of the foundation of cloud computing: virtualization and on-demand resources. None of this would be possible without server virtualization, an option that allows us to create many virtual machines on a single physical server. Cloud takes virtualization to another level beyond just simple server virtualization, but we'll get to that a bit later.

The ability to get resources on demand, when we need them, is the foundation of what cloud computing is about. As mentioned before, it all started with virtualization platforms and companies creating platforms that would enable their employees to create virtual machines on demand. Today, we call this the private cloud.

Types of cloud computing 

There are different types of cloud computing and different opinions on how they should be categorized. Personally, I find four types most logical:

Private

: Everything hosted internally, in our own data center.

Hosted

: Something between a private and public cloud; the service provider creates a separate environment in their data center and offers us an isolated cloud for our use only.

Public

: The service provider offers a service available to everyone—publicly available. There is still tenant isolation but we'll talk about this later.

Hybrid

: A combination of private and public cloud. Some services are used in the public cloud but some stay in our local data center with direct connection between two or more environments. From my experience, this is the most common form of cloud computing. Again, we'll explain more about this later.

In the private cloud, all resources are located on-premises, in our local data center, and no internet access is needed to access resources. The internet and resources are accessed separately as shown in the following diagram. Building your own private cloud previously required large-scale investment, both materially and in terms of knowledge. First, you needed space and needed to consider other elements like cooling and power. Then, you needed to invest in hardware like firewalls, routers, network switches, servers, and storage.

You needed licenses for a virtualization layer, operating system licenses for virtual machines, and then licenses for different kinds of software. In the end, all material investment was in vain if you didn't have the right people to set everything up and maintain it in the years to come. Once everything was in place and you had your private cloud running, it required new investment every few years as you needed new versions of software (virtualization, operating systems, and other software) and hardware needed to be replaced as well:

The hosted cloud came as the first step in the transition from the private cloud to the public. As creating and maintaining your own private cloud demanded large-scale investment, some companies took advantage and started offering services where you could rent part of their data center and use it as your own private cloud. They specialized in this kind of offer; it was cheaper for them to buy hardware and software as vendors offered discounts on mass purchases. So, creating an environment in the hosted cloud was cheaper then creating an identical environment in the private cloud.

There is also the question of upfront investment; using the private cloud requires that all hardware and most software licenses be paid for upfront, so many companies have decided to use the hosted cloud as they don't have to make an upfront investment but monthly or yearly subscriptions instead. Also, it's easier for data centers to provide experts to maintain systems as a single expert can take care of multiple customer environments. For the private cloud, you need a network engineer, a storage specialist, a virtualization specialist, and so on, and this is for a single data center.

In the case of a hosted cloud, all personnel are still required but a single specialist can set up and maintain environments for multiple customers and the price of maintenance is lower than for a private cloud. Note that to access the hosted cloud, usually some sort of Virtual Private Network (VPN), either site-to-site or point-to-site, is required. We access resources located outside our own network and located in another hosted network as shown in the following diagram:

In the next step of cloud evolution, the public cloud emerged. Large service providers offered large amounts of resources for on-demand use. Similar to the hosted cloud, resources you used were still outside your local infrastructure and hosted by service providers who specialized in this kind of offer.

There are two key differences. The first difference is that in a hosted data center the amount of resources available I usually predetermined and to get more resources you need to wait for new resources to be configured, if this becomes available at all. In the public cloud, providers have a large amount of resources available for on-demand requests and you can get them whenever you need them. You can create any kind and any amount of resources when needed. All you need is to create a subscription and access to the internet to start deploying. This also means you have highly scalable environments and you are not limited by the initial size of the resources created. For example, if you create a virtual machine with four CPUs and 16 GB of RAM and find out over time that the virtual machine can't handle the workload you have, you don't need to create a new virtual machine; you can use a scale-up option to change size. Scaling up is explained later in more detail. This works other way around: If you find out that the size of the virtual machine initially created is too large for your workload, you don't need to keep that size and pay for something you don't need. Simply scaling down will do the trick. In this case, we access resources over the internet as shown in the following diagram:

The other difference between a hosted cloud and a private cloud is pricing. In a hosted cloud, you would get an agreed amount of resources and pay a monthly or yearly subscription no matter in what capacity these resources are used, whether 10% or 100%. In the public cloud, pricing is based on usage and the model of payment is such that you pay for only things that are used. So, in the public cloud, if you create a virtual machine, you will be paying for that virtual machine for the time you actually use it. If you stop or delete this virtual machine, you will not be paying for it. The payment model is different for different cloud providers and can vary by per-day, per-hour, or per-minute usage. As we'll talk about Microsoft Azure, it's important to mention that Azure is using a per-minute billing system. So, for example, if you create a virtual machine in Microsoft Azure and delete it after 12 days, 11 hours and 13 minutes, the amount you pay will be calculated for that exact amount of time. In a per-hour billing system, you would pay for 12 days and 12 hours. In a per-day billing system, you would pay for 13 days.

Another difference is multitenancy. Even the public cloud is available to everyone; creating your own subscription creates your own tenant. By using special fabric, this tenant separates your resources from other tenants, and resources created in that tenant are available only to people with access to that specific tenant.

To sum up, the key concepts of the public cloud are:

Access over the internet

Multitenancy

Resource pooling

On-demand consumption

Highly scalable

The term cloud or public cloud wasn't forged with modern IT but the term started in the 1960s with the concept of resources being time shared. The concept did evolve in the 1990s with the private cloud. However, the cloud did evolve and shift further to a modern form in the 2000s.

It all started with Amazon Web Services, a subsidiary of Amazon, when they released their Elastic Cloud Compute (EC2) in 2006. Google followed with Google App Engine in 2008. Microsoft announced their version of the cloud in October 2008 and it was publicly available in February 2010. Other service providers followed and many companies such as IBM or Oracle have their own public cloud offering. Looking at market shares and the pace at which they evolve, we can put only two cloud providers at the top of this list: Amazon Web Services and Microsoft.

A brief history of Azure (from ASM to ARM)

We already said that Microsoft announced their version of the public cloud in 2008 and public release was in 2010. At this time, the official name for Microsoft's public cloud platform was Windows Azure. The name was changed in April 2014 to Microsoft Azure. The reason for the change was never publicly announced but there were many guesses. One of the theories was that Microsoft needed to change its name due to embracing open source software. As Microsoft added a Linux virtual machine to their offering, the name convention became too confusing. A virtual machine running Linux on a Microsoft public cloud would initially be Windows Azure Linux virtual machine, and having Windows and Linux in same name was confusing indeed. Changing it to Microsoft Azure Linux virtual machine made more sense. Now, this is only one of the theories that you can find and not an official reason for the name change.

Not only the name changed over the years. The first version of Azure, Windows Azure, had completely different specifications and a different type of portal. The first Azure portal was accessed at the address https://manage.windowsazure.net and was based on Silverlight. This portal was later referred to as a classic portal and the model of management for resources created in the classic portal was referred to as Azure Standard Management (ASM). The classic portal layout is shown in the following screenshot:

At this time, Microsoft realized there were issues with their cloud model and started working on completely new fabric. In 2014, a new Azure portal was announced. Along with a new portal, we got a new model of management called Azure Resource Manager (ARM). ARM brought new features like role-based access control (RBAC) and resource groups.

These features changed how we managed resources in the cloud. In ASM, the only way to allow someone to administrate Azure resources was to add this person as a co-administrator to the Azure subscription. This person would have total access and control over the subscription in question. With RABC, we got the option to give different permission levels to users such as reader or contributor, without giving them full access to the subscription.

Resource groups went even further. Resource groups in Azure represent logical containers where you can place resources depending on the convention of your choosing. For example, you can place all resources that are used by a single application in a single resource group. This would allow you to give user access to a single resource group with the option to manage or access only that specific resource group. When that user logs in to the tenant, he will be able to see only the resource group that was assigned to him even if you have other resource groups under the same subscription or tenant. You could go further with RABC and assign only users to a specific resource but that is too granular and hard to manage. Assignment based on resource groups is considered best practice and the best way to manage Azure resources.

The new Azure portal was considered a preview version until December 2015. At that time, it became an official portal and could be accessed at the address https://portal.azure.com. This portal became available in April 2014, when it was announced, but it was a preview version. The new portal layout is shown in the following screenshot:

The classic portal was announced to be retired and this eventually happened in January 2018. Along with RBAC and resource groups, ARM brought us another amazing feature—ARM templates. ARM templates are JSON files that hold information about Azure resources and can be used to deploy new resources or edit existing resources.

With the ARM model and ARM templates, Microsoft stepped up and really changed cloud business. In the cloud and in DevOps, the Infrastructure as code (IaC) concept is very important and that was exactly what ARM templates were. You are able to create an ARM template and reuse it multiple times to create similar environments. By doing so, you automated your infrastructure deployment steps and removed possible mistakes in the deployment and configuration process.

Cloud services models

Speaking of IaC, we have lot of terms something as something in cloud world. The main types of services in Microsoft Azure (and cloud in general) are:

Infrastructure as a Service

(

IaaS

)

Platform as a Service

(

PaaS

)

Software as a Service

(

SaaS

)

Each type represents a different kind of service level and our control over that resource. To explain each one and how they relate, it's best to compare them to services in our local data center. A service layer for all models is shown in the following diagram and we'll use this to explain the relationship between cloud models:

In a private data center, we are responsible to set up and maintain everything. We need to set up a networking stack, prepare and configure storage, buy and prepare hardware, install software, and configure the virtualization host. Then we need to configure images and servers, and deploy and manage databases. Security is also our concern in all aspects—physical security, network security, host and OS security, and finally application security for all application software running on our servers.

With IaaS, it gets easier. We don't have to prepare anything anymore; all we need to do is sign up for a subscription and create a virtual machine when needed and start using it. The part where we must buy, prepare, configure, and maintain is no longer our concern and the cloud service provider takes care of that, in our case Microsoft with Azure. Preparing images and deployments is also no longer our responsibility. Security is getting easier and physical, network, and host security are handled by Microsoft. We still have a responsibility in the security corner in order to keep our operating system up to date, patched, and secure. Application security is also our responsibility and we need to keep applying the best security practices in order to stay safe and secure. Many people forget that when migrating to the cloud we need to step up security. As the cloud service provider takes care of a big part of security, many get comfortable and relaxed and they neglect the part of security they need to take care of. When moving to the cloud, we need to remember that our resources and applications are publicly exposed and will experience significantly more "attacks" compared to when using on-premises infrastructure. Attacking resources on-premises usually means getting behind a firewall, then breaching the server and getting some data out. Now, many services are accessible over the internet and you need to take care of security better than ever before. The best examples of IaaS, when talking about Microsoft Azure, are Azure virtual machines. Both Windows Server and Linux virtual machines are available in Microsoft Azure. An interesting fact is that, according to information Microsoft released in October 2017, more than 40% of virtual machines in Azure are running Linux.

PaaS is getting even easier to use