Microsoft Azure For Dummies E-Book

Microsoft® Azure® For Dummies®

Published by: John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030-5774, www.wiley.com

Copyright © 2020 by John Wiley & Sons, Inc., Hoboken, New Jersey

Published simultaneously in Canada

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the Publisher. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Trademarks: Wiley, For Dummies, the Dummies Man logo, Dummies.com, Making Everything Easier, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and may not be used without written permission. Microsoft and Azure are registered trademarks of Microsoft Corporation. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATION AND/OR A POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ.

For general information on our other products and services, please contact our Customer Care Department within the U.S. at 877-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002. For technical support, please visit https://hub.wiley.com/community/support/dummies.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.

Library of Congress Control Number: 2020931520

ISBN: 978-1-119-61214-8(pbk); 978-1-119-61218-6 (ebk); 978-1-119-61215-5 (ebk)

Microsoft® Azure® For Dummies®

To view this book's Cheat Sheet, simply go to www.dummies.com and search for “Microsoft Azure For Dummies Cheat Sheet” in the Search box.

Table of Contents

Cover

Introduction

About This Book

Foolish Assumptions

Icons Used in This Book

Beyond the Book

Where to Go from Here

Part 1: Getting Started with Microsoft Azure

Chapter 1: Introducing Microsoft Azure

What Is Cloud Computing?

Understanding Cloud Computing Models

Introducing Microsoft Azure Services

Starting Your First Azure Subscription

Chapter 2: Exploring Azure Resource Manager

Introducing Azure Resource Manager

Getting Familiar with Azure Regions

Introducing the Azure Management Tools

Part 2: Deploying Compute Resources to Microsoft Azure

Chapter 3: Managing Storage in Azure

Understanding Azure Storage Data Types

Working with a Storage Account

Introducing Azure Disk Storage

Chapter 4: Planning Your Virtual Network Topology

Understanding Virtual Network Components

Creating a Virtual Network

Configuring Virtual Networks

Connecting Virtual Networks

Chapter 5: Deploying and Configuring Azure Virtual Machines

Planning Your VM Deployment

Recognizing Azure VM Components

Architectural Considerations

Deploying Azure VMs from the Azure Marketplace

Configuring Your VMs

Starting, Stopping, and Resizing VMs

Chapter 6: Shipping Docker Containers in Azure

Understanding Docker

Implementing Azure Container Instances

Storing Images in Azure Container Registry

Introducing Azure Kubernetes Service

Using Containers with Azure App Service

Part 3: Deploying Platform Resources to Microsoft Azure

Chapter 7: Deploying and Configuring Azure App Service Apps

Introducing Azure App Service

Deploying Your First Web App

Configuring a Web App

Monitoring a Web App

Chapter 8: Running Serverless Apps in Azure

Defining Serverless

Working with Azure Functions

Building Workflows with Azure Logic Apps

Chapter 9: Managing Databases in Microsoft Azure

Revisiting the IaaS versus PaaS Question

Comparing Relational and Nonrelational Databases in Azure

Implementing SQL Database

Implementing Azure Cosmos DB

Part 4: Providing High Availability, Scalability, and Security for Your Azure Resources

Chapter 10: Backing Up and Restoring Your Azure Data

Protecting Your Storage Account’s Blob Data

Protecting Your Virtual Machines

Protecting Your App Services

Protecting Your Databases

Chapter 11: Managing Identity and Access with Azure Active Directory

Understanding Active Directory

Creating Users and Groups

Configuring Role-Based Access Control (RBAC)

Touring Azure Advisor

Chapter 12: Implementing Azure Governance

Implementing Taxonomic Tags

Implementing Azure Policy

Part 5: Migrating to Microsoft Azure and Monitoring Your Infrastructure

Chapter 13: Extending Your On-Premises Environment to Azure

Data Migration Options

Server Migration Options

Hybrid Cloud Options

Introducing Azure Arc

Chapter 14: Monitoring Your Azure Environment

Azure Monitor

Azure Log Analytics

Part 6: The Part of Tens

Chapter 15: Top Ten Azure News Resources

Azure Status

Azure Blog

Azure Updates

Azure.Source

Build5Nines Weekly

Azure Weekly (Endjin)

Azure Official YouTube Channel

Channel 9: Azure Friday

Azure Feedback

Tim’s Twitter Feed

Chapter 16: Top Ten Azure Educational Resources

Azure Documentation

Azure Architecture Center

Azure REST API Browser

Microsoft @ edX

Microsoft Learn

Azure Certification

MeasureUp

Meetup

CloudSkills

Pluralsight

Index

About the Author

Connect with Dummies

End User License Agreement

List of Tables

Chapter 3

TABLE 3-1 Replication Protection

Chapter 4

TABLE 4-1 Default Inbound Security Rules

TABLE 4-2 Default Outbound Security Rules

Chapter 5

TABLE 5-1 Windows Server VM Sizes in Azure

Chapter 9

TABLE 9-1 Relational and Nonrelational Databases

TABLE 9-2 SQL Database Products

Chapter 11

TABLE 11-1 Azure AD and AD DS Comparison

TABLE 11-2 Azure AD Edition Comparison

Chapter 12

TABLE 12-1 Common Azure Taxonomic Tagging Patterns

Chapter 13

TABLE 13-1 Azure VPN Gateway SKU Comparison

List of Illustrations

Chapter 1

FIGURE 1-1: In Azure, you can make a database geographically available with onl...

FIGURE 1-2: A hybrid cloud in which the on-premises corporate network extends t...

FIGURE 1-3: Word Online, part of the Microsoft Office 365 product family, is an...

FIGURE 1-4: The Windows Azure portal, circa 2012.

FIGURE 1-5: The Azure Marketplace includes prebuilt Windows and Linux VM images...

FIGURE 1-6: Signing in to the Azure portal for the first time.

FIGURE 1-7: Viewing your Free Trial subscription in the Azure portal.

Chapter 2

FIGURE 2-1: The Azure Resource Explorer allows you to view the ARM REST API dir...

FIGURE 2-2: You can locate and download the JSON source code behind every Azure...

FIGURE 2-3: Azure management scopes.

FIGURE 2-4: Providing high availability for replica VMs by placing them in avai...

FIGURE 2-5: The Azure portal is your administrative base of operations.

FIGURE 2-6: Enable the Azure development workload in Visual Studio 2019.

FIGURE 2-7: Azure Resource Explorer gives you access to the ARM APIs.

Chapter 3

FIGURE 3-1: Creating a general purpose storage account.

FIGURE 3-2: Configuring advanced storage account options.

FIGURE 3-3: Watching a Microsoft Azure deployment.

FIGURE 3-4: Azure Storage Explorer.

FIGURE 3-5: Try right-clicking everything in Azure Storage Explorer to see what...

FIGURE 3-6: Changing the access tier of a blob in an Azure storage account.

FIGURE 3-7: Azure Cloud Shell and your personal cloud share.

FIGURE 3-8: Use Managed Disk storage for your VMs in Azure.

Chapter 4

FIGURE 4-1: The Azure virtual network infrastructure used in this chapter.

FIGURE 4-2: The completed virtual network configuration.

FIGURE 4-3: Azure generates nifty network diagrams for you.

FIGURE 4-4: NSG1 configuration.

FIGURE 4-5: In the Azure portal, most resources have a context menu from which ...

FIGURE 4-6: Service endpoints secure Azure resources to a particular virtual ne...

FIGURE 4-7: A hub-and-spoke virtual network topology.

Chapter 5

FIGURE 5-1: Azure Marketplace is a one-stop shop for several VM types.

FIGURE 5-2: Availability set on the left; availability zones on the right.

FIGURE 5-3: The Create a Virtual Machine blade.

FIGURE 5-4: Most admins use SSH (with or without Cloud Shell) to manage Linux V...

FIGURE 5-5: Installing the Azure SDKs in Visual Studio 2019.

FIGURE 5-6: Creating a resource group deployment project in Visual Studio 2019.

FIGURE 5-7: The ARM template in the code editor.

FIGURE 5-8: Validating our ARM template.

FIGURE 5-9: Remote Desktop Connection works the same way with Azure VMs as it d...

FIGURE 5-10: Azure VM TCP/IP settings in the Azure portal.

FIGURE 5-11: Use the toolbar to start, stop, or restart a VM in the Azure porta...

FIGURE 5-12: Azure Monitor is a central point for infrastructure and applicatio...

Chapter 6

FIGURE 6-1: The Docker container deployment process.

FIGURE 6-2: Docker Desktop is easily accessible from the Windows notification a...

FIGURE 6-3: Deploying a Docker container using the Azure Container Instance ser...

FIGURE 6-4: Running the IIS web server as a container with the ACI service.

FIGURE 6-5: Retrieving admin credentials from our Azure Container Registry.

FIGURE 6-6: Don’t be fearful when an Azure deployment fails. Read the error mes...

FIGURE 6-7: AKS high-level architecture.

FIGURE 6-8: The Kubernetes Web UI Dashboard.

FIGURE 6-9: A new Azure web app powered by a Docker container.

Chapter 7

FIGURE 7-1: App Service required and optional components.

FIGURE 7-2: An App Service plan provides raw compute power as well as potential...

FIGURE 7-3: Creating an Azure App Service web app.

FIGURE 7-4: Git version control integrates seamlessly with Azure App Service.

FIGURE 7-5: Ensuring that Visual Studio will use Git for source code version co...

FIGURE 7-6: Adding a local Git repository to an Azure App Service web applicati...

FIGURE 7-7: Working with an App Service web app in Visual Studio.

FIGURE 7-8: Committing code changes using Git and Visual Studio.

FIGURE 7-9: App Service Editor allows you to edit your source code in the Azure...

FIGURE 7-10: Publishing a web app to Azure App Service.

FIGURE 7-11: Deployment slots allow you to move among development, staging, and...

FIGURE 7-12: Each deployment slot is a separate instance of your web app.

FIGURE 7-13: The Azure portal gives you visibility into the ramifications of a ...

FIGURE 7-14: Adding a custom domain to your App Service app is nice, but you wa...

FIGURE 7-15: This web app is ready to rock with both custom DNS and TLS/SSL in ...

FIGURE 7-16: Application Insights telemetry data in Visual Studio.

FIGURE 7-17: Application Insights telemetry data in the Azure portal.

Chapter 8

FIGURE 8-1: Logic Apps requires no API knowledge and uses a drag-and-drop workf...

FIGURE 8-2: Azure Function for taking action on uploaded image files.

FIGURE 8-3: Creating an Azure Function App.

FIGURE 8-4: Whoever designed the Function App’s user interface wasn’t paying at...

FIGURE 8-5: Creating a Function inside the Azure portal.

FIGURE 8-6: Our Azure Function in action.

FIGURE 8-7: Understanding the relationship between the Function App and its enc...

FIGURE 8-8: The workflow for an Azure Logic App.

FIGURE 8-9: Dynamic content in a Logic App.

FIGURE 8-10: An email indicating that the Logic App works.

Chapter 9

FIGURE 9-1: You can save time by deploying a preinstalled VM from the Azure Mar...

FIGURE 9-2: Deploying a new Azure SQL Database virtual server.

FIGURE 9-3: Creating an Azure SQL Database database.

FIGURE 9-4: The SQL Database service tier blade.

FIGURE 9-5: Configuring georeplication for Azure SQL Database.

FIGURE 9-6: Georeplicated Azure SQL database with automatic failover configured...

FIGURE 9-7: Querying an Azure SQL Database.

FIGURE 9-8: The Cosmos DB Quick Start blade.

FIGURE 9-9: Cosmos DB Data Explorer is available directly in the Azure portal.

FIGURE 9-10: Use Azure Data Explorer and SQL to query your Cosmos DB Core API i...

FIGURE 9-11: Editing a document in a Cosmos DB collection.

Chapter 10

FIGURE 10-1: Managing blob snapshots in the Azure portal.

FIGURE 10-2: Configuring soft delete for Azure storage account blobs.

FIGURE 10-3: You can back up multiple VMs simultaneously from your Recovery Ser...

FIGURE 10-4: A VM’s Backup blade is your one-stop shop for backup and recovery ...

FIGURE 10-5: Restoring an Azure App Service app.

FIGURE 10-6: Customizing Azure SQL Database automatic backup.

FIGURE 10-7: Create and track Azure support requests on the Help + Support blad...

Chapter 11

FIGURE 11-1: Relationship between Azure AD and Azure subscriptions.

FIGURE 11-2: Moving an Azure subscription to another Azure AD tenant.

FIGURE 11-3: Custom domain names in Azure Active Directory.

FIGURE 11-4: You purchase AD Premium licenses in the Microsoft 365 portal rathe...

FIGURE 11-5: The application access panel is a one-stop shop that lets Azure AD...

FIGURE 11-6: Azure management scopes use inheritance to simplify administration...

FIGURE 11-7: Before (top) and after (bottom) RBAC role assignment.

FIGURE 11-8: Viewing RBAC role assignments at a particular management scope.

FIGURE 11-9: Advisor provides detailed recommendations and sometimes fixes prob...

Chapter 12

FIGURE 12-1: It’s best practice to tag resources during their deployment.

FIGURE 12-2: Tag reporting in the Azure portal.

FIGURE 12-3: Use tags to perform Azure cost analysis.

FIGURE 12-4: Browsing built-in Azure Policy definitions.

FIGURE 12-5: List of Policy assignments.

FIGURE 12-6: Azure Policy blocked this deployment.

Chapter 13

FIGURE 13-1: The Data Box product family.

FIGURE 13-2: Adding tools to an Azure Migrate project.

FIGURE 13-3: Use DMA to assess your local SQL Server databases for Azure readin...

FIGURE 13-4: The DMA tool can perform database migration as well as assessment.

FIGURE 13-5: Deploy Azure VMs based on your own custom VHD images.

FIGURE 13-6: Adding tools to an Azure Migrate server migration project.

FIGURE 13-7: Azure server assessment reports include graphs and table data.

FIGURE 13-8: Representative Azure S2S VPN topology.

FIGURE 13-9: Your Azure VPN gateway needs to be on its own subnet in your virtu...

FIGURE 13-10: ExpressRoute representative topology.

FIGURE 13-11: Arc topology overview.

FIGURE 13-12: Choosing a server onboarding method for Arc.

FIGURE 13-13: Onboarding a Windows Server system to Arc.

FIGURE 13-14: Viewing onboarded local VMs in the Azure portal.

FIGURE 13-15: Viewing an Arc-managed system’s policy settings.

FIGURE 13-16: Verifying policy compliance and remediation status.

FIGURE 13-17: Applying taxonomic tags to an Arc resource.

Chapter 14

FIGURE 14-1: Azure Activity Log records administrative events initiated by you ...

FIGURE 14-2: Viewing the JSON source for an Azure Activity Log event.

FIGURE 14-3: Azure Monitor Diagnostics settings allow you to enable diagnostics...

FIGURE 14-4: Configuring Azure resource diagnostics.

FIGURE 14-5: Verifying the presence of the VM diagnostics extension for an Azur...

FIGURE 14-6: Customizing the diagnostic logging in a Windows Server VM running ...

FIGURE 14-7: Metrics Explorer in Azure Monitor gives you at-a-glance diagnostic...

FIGURE 14-8: Configuring signal logic for an Azure Monitor alert rule.

FIGURE 14-9: Completing the alert rule definition.

FIGURE 14-10: Different ways Azure informs you that an alert rule was triggered...

FIGURE 14-11: Connecting VMs to an Azure Log Analytics workspace.

FIGURE 14-12: Azure Log Analytics Log Search interface.

Chapter 15

FIGURE 15-1: Sometimes, your Azure feedback results in new-product development.

Chapter 16

FIGURE 16-1: Work from the bare metal by using the Azure REST API Browser.

FIGURE 16-2: Find an Azure user group near you.

Guide

Cover

Table of Contents

Begin Reading

Pages

i

ii

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

331

332

333

334

335

336

337

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

Introduction

Microsoft Azure is a public cloud service in which you rent compute services from Microsoft that run in Microsoft’s data centers. You pay only for the resources you use over the course of your billing period.

I wrote this book to give you a gentle yet thorough introduction to Microsoft Azure, showing you how it works and why you may want to use it to save your company money, time, effort, and sanity.

About This Book

You may wonder why you don’t find a large number of Azure–related books in your local bookstores or at online retailers. The answer is quite simple: Azure changes often, so print publishers have a great deal of difficulty keeping up.

I’ve worked with Azure for several years and have regular contact with Azure team members at Microsoft, who find it to be just as time- and effort-intensive to stay current with the technologies as users do.

Thus, I wrote this book with the intention of helping you with the following:

Becoming comfortable with Microsoft Azure:

I give you this comfort by sticking to what Microsoft calls the “80 percent scenarios,” or Azure deployments used by 80 percent of its customer base.

Gaining skill with programmatic deployment:

Along the way, I show you how to use Azure PowerShell, Azure Command-Line Interface (CLI), and Azure Resource Manager (ARM) templates to get your Azure work done. These Azure access methods change less frequently than the Azure portal graphical user interface (GUI).

Becoming comfortable with tools and staying current:

You can expect the Azure portal to change such that what you see on your screen may not match what’s in this book. That’s to be expected! In the last section of the book, “The Part of Tens,” I give you the skills to stay current on your own and not to feel blindsided when Azure looks different today from how it looked yesterday.

I include many web addresses, also called URLs, throughout this book. If Microsoft changes a page address, and the link I provide no longer works, don’t fret! Simply run a Google search for the article title, and you’ll find the updated page address nearly instantly.

Throughout this book, you’ll find dozens of step-by-step procedures. I want you to keep the following points in mind as you work through them:

You need an Azure subscription to follow the steps. If you haven’t already done so, you can create a free Azure account (

https://azure.microsoft.com/free

) that gives you 30 days to spend $200 USD on any Azure service. This quota should get you through this book’s material so long as you delete your deployments when you finish using them.

I often provide sample values that work in my environment but may not work in yours. You should customize these procedures to suit your requirements.

If you require additional software to complete an exercise, I tell you at before the exercise. Software requirements are limited to free Microsoft software to minimize the financial impact that working through this book has on you.

I assume that you have an Internet connection; otherwise, you’d be unable to access Azure (unless you’re using Azure Stack, but that’s a subject for another book).

Finally, most of the Azure administration and development tools are available for Windows, macOS, and Linux. (I used a Windows 10 workstation.)

Foolish Assumptions

I wrote this book with several types of readers in mind. See whether you can place yourself roughly or exactly in any of the following descriptions:

You’re an experienced IT professional who needs to know Azure for future initiatives at work.

You’re an IT newcomer who wants to know Azure to futureproof your career.

You’re proficient in other public cloud platforms, such as Amazon Web Services or Google Cloud Platform, and you want to see how Azure compares.

You’re being forced to use Azure for your job.

You’re tasked with convincing your boss and other decision-makers how valuable Azure could be to your business, and you want to make sure that you understand the basics.

You’re already using Azure but want to fill in your knowledge or skills gaps.

Regardless of your present attitude and orientation toward Azure, I hope that by studying this book and applying its methods you can more knowledge about Azure and thereby excel in your profession.

Icons Used in This Book

If you’ve read a For Dummies book before, then you’re probably familiar with the icons. If not, or if you want a formal description of each, then read on!

The Tip icon marks tips (duh!) and shortcuts that you can use to make working with Azure easier.

Remember icons mark especially important information. To siphon off the most important information in each chapter, skim the paragraphs that have these icons.

The Technical Stuff icon marks information of a highly technical nature that you can skip.

The Warning icon tells you to watch out! It marks important information that may save you headaches.

Beyond the Book

Beyond what’s included between the covers of this book, I’ve created a Cheat Sheet that includes tips, tricks, and shortcuts for the Azure services you use over the course of the book. You can find the Cheat Sheet and other information related to this book (such as errata) by visiting https://www.dummies.com and typing Azure For Dummies in the Search box.

Where to Go from Here

Although I’d read this book in order starting with Chapter 1, you may not prefer to use that method. You can dip into any chapter with no formal dependency on those that come before it, so flip to the chapter that you want to begin with, and let’s get to work!

Part 1

Getting Started with Microsoft Azure

IN THIS PART …

Figuring out exactly what “cloud computing” means and how Microsoft Azure fits into the cloud computing picture

Differentiating the different cloud computing deployment and service delivery models

Understanding the basics of Azure Resource Manager

Gaining familiarity with the various Microsoft Azure administrative tools

Chapter 1

Introducing Microsoft Azure

IN THIS CHAPTER

Introducing the cloud

Differentiating among the cloud computing models

Introducing the major Microsoft Azure services

Starting your Azure subscription

Welcome to cloud computing, and welcome to Microsoft Azure! I’m not sure what occurred in your professional or personal life to lead you to read this book, but I’m glad you’re here with me. In this chapter, I cover ground-level terminology, beginning with precisely what buzzwords the cloud and cloud computing mean.

By the end of this chapter, you’ll have your very own Azure subscription running at the free tier. Are you excited? I hope so!

What Is Cloud Computing?

My 9-year-old daughter Zoey knows what the cloud is. “It’s where my iPad apps are stored,” she says. “If I delete an app from my iPad, I can download it again from the cloud.” I can’t argue with that.

My 75-year-old mother told me that as far as she’s aware, the cloud is “a part of the Internet where you can save your stuff.” True enough.

Most people use cloud services whether they’re aware of doing so or not. Think of your smartphone. Where do you think your photos, media, files, and settings are being backed up? What is behind your ability to retrieve your content wherever you are in the world, provided that you have an Internet connection?

Do you use a web-hosting company to host your personal website? Where is the physical server that houses your website?

These scenarios are examples of cloud computing, in which you simply rent resources on another organization’s infrastructure.

The resources you rent consist of the following hardware and software components:

Compute:

Compute

is raw computing power — the central processing unit (CPU) and random-access memory (RAM) that form the platform for applications and data.

Storage:

Persistent storage

means you have a place on Microsoft’s servers to store your files and other data. When you save a file to a cloud-hosted storage account, the file should remain in place forever, or at least until you move or delete it.

Network:

Azure provides a software-defined network infrastructure on which you can host your virtual machines and other Azure services. Because the cloud almost always involves an Internet connection,

online

and

cloud

are essentially synonymous. I say “almost always” because a business can create a private cloud that shares most attributes of a public cloud but is local to its private network environment. Microsoft also sells a private, portable version of Azure called Azure Stack.

Analytics:

You’ll never get to touch the cloud provider’s compute, storage, or network resources. The closest you’ll get is viewing its telemetry data in your web browser or from a management app. Thus, Azure and other public cloud providers give you tools to see precisely how much of their services you consume each minute. Cloud analytics also gives you valuable troubleshooting and performance-tuning advice for your cloud infrastructure.

Businesses are interested in using the cloud because it allows them to offload a lot of what’s scary, annoying, and/or expensive about maintaining an on-premises data center, such as the following:

Power:

It’s potentially very expensive to provide electricity to all the equipment necessary to host your applications and services. And what happens if your on-campus data center experiences a utilities outage? When you move your data into the cloud, your provider takes on the risk of these issues.

Capital expenditure:

When you run an on-premises data center, you either rent your physical servers or purchase them outright. As such, you’re responsible for all hardware upgrades and repairs. All that hardware can be expensive too.

Security and configuration overhead:

If you can’t afford local systems administrators, or if your existing resources are stretched thin, it can be too easy to leave a vulnerability in place on an on-premises server that can be compromised by bad actors. By contrast, when you use a public cloud service like Azure, you rely upon Microsoft’s human and machine learning–based threat intelligence to help keep your applications, services, and data safe.

Do you see the trend here? Cloud computing is popular because it’s convenient for the end user and cheaper for the enterprise business. Before I go any further, however, I want to codify what I mean by cloud computing.

NIST definition

The National Institute of Standards and Technology (NIST, pronounced nihst), a research laboratory in the United States, developed the standard definition of cloud computing. According to NIST, the five essential characteristics of cloud computing are

On-demand self-service:

A cloud customer can provision services at any time and is charged only for the resources that he or she consumes.

Broad network access:

Cloud services are ordinarily offered globally, and the customer is encouraged to place services as geographically near its consumers as possible.

Resource pooling:

Cloud services are

multitenant,

which means that different customers’ environments are isolated. You should never, ever see another Azure customer’s data, and vice versa.

Rapid elasticity:

A cloud services customer can accommodate variable traffic patterns by configuring their services to scale accordingly. For instance, you can configure Azure to automatically duplicate your web servers to accommodate traffic spikes and then remove servers automatically when they are no longer needed.

Measured service:

The cloud offers services on demand, which are metered; once again, customers pay only provisioned resources.

If you want to read the source material, check NIST Special Publication 800-145, The NIST Definition of Cloud Computing, which you can download from https://csrc.nist.gov/publications/detail/sp/800-145/final.

Cloud computing benefits

As I mention earlier in this chapter, cloud computing is attractive to both businesses and consumers because of its convenience, high availability, and potential cost savings. Specifically, Microsoft Azure or any other public cloud service uses a consumption-based spending model that’s classified as an operational expenditure (OpEx).

Purchasing or leasing on-premises infrastructure is an up-front capital expenditure (CapEx). By contrast, the relatively predictable, recurring cost model of OpEx is appealing to cost-conscious organizations (and what organization isn’t cost-conscious nowadays?).

The cloud’s rapid scalability and elasticity are capabilities that only the largest companies in the world can afford to manage on their own. Microsoft Azure enables smaller companies and individuals to replicate a SQL database between geographical regions with a couple of mouse clicks. (See Figure 1-1.) Making high availability this accessible to customers is an enormous benefit of cloud computing.

Economies of scale

The term economies of scale means that a business that purchases its internal resources at a larger volume can pass along savings to its customers.

At this writing, Microsoft has its Azure product portfolio spread across 54 regions worldwide. Within each region are two or more physical data centers. Within each data center are untold numbers of server racks, blade servers, storage arrays, routers, switches, and so forth — an immense physical capacity. I think we can reasonably assume that Microsoft gets a discount from the original equipment manufacturers (OEMs) because it purchases in such huge volume. Microsoft’s purchase discounts means that the company in turn extends the savings to its Azure customers. It’s as simple as that.

Understanding Cloud Computing Models

The working definition of cloud computing is a subscription arrangement under which a person or business rents a cloud service provider’s infrastructure and pays only for the services consumed. That definition is fine.

In this section, however, I want to sharpen your general understanding of cloud computing by explaining the deployment and service delivery models.

Deployment models

In Azure nomenclature, deployment refers to your provisioning resources in the Azure public cloud. You may be saying, “What’s this? Why is Microsoft Azure called a public cloud? I thought you said that different Azure customers can never see each other’s resources by default.” Hang on; hang on. Let me explain.

Public cloud

Microsoft Azure is a public cloud because its global data center fabric is accessible by the general public. Microsoft takes Azure’s multitenant nature very seriously; therefore, it adds layer after layer of physical and logical security to ensure that each customer’s data is private. In fact, in many cases, even Microsoft doesn’t have access to customers’ data encryption keys!

Other major cloud service providers — including AWS, GCP, Oracle, and IBM (see the nearby sidebar “Other cloud providers”) — are also considered to be public cloud platforms.

Microsoft has three additional, separate Azure clouds for exclusive governmental use. Thus, the Microsoft literature contains references to Azure Cloud, which refers to its public cloud, and to Azure Government Cloud, which refers to its sovereign, special-access clouds. No member of the general public can access an Azure Government Cloud without being associated with a government body that employs it.

Private cloud

As I mention earlier, very, very few businesses have enough financial, capital, and human resources to host their own cloud environments. Typically only the largest enterprise organizations can afford having their own private cloud infrastructure with redundant data centers, storage, networking, and compute, but they may have security prohibitions against storing data in Microsoft’s (or any other cloud provider’s) physical data centers.

Microsoft sells a portable version of the Azure cloud: Azure Stack, which consists of a server rack that a company leases or purchases from a Microsoft-affiliated hardware or service provider.

The idea is that you can bring the hallmarks of cloud computing — on-demand self-service, resource pooling, elasticity, and so forth — to your local environment without involving either the Internet or an external cloud provider unless you want to.

Your administrators and developers use the same Azure Resource Manager (ARM) application programming interface (API) to deploy resources locally to Azure Stack as they use to deploy to the Azure public cloud. This API makes it a snap to bring cloud-based services on premises, and vice versa. You'll learn about ARM in Chapter 2.

Hybrid cloud

When you combine the best of on-premises and cloud environments, you have a hybrid cloud.

In my professional experience, the hybrid cloud deployment model makes the most sense for most businesses. Why? A hybrid cloud allows the business to salvage (read: continue to use) the on-premises infrastructure that it’s already paid for while leveraging the hyper scale of the Azure public cloud.

Take a look at Figure 1-2. In this topology, the on-premises network is extended to a virtual network running in Azure. You can do all sorts of nifty service management here, including

Joining the Azure virtual machines (VMs) to your local Active Directory domain.

Managing your on-premises servers by using Azure management tools.

Providing nearly instant failover disaster recovery (DR) by using Azure as a DR site. Failover refers to having a replicated backup of your production servers available somewhere else so that you can shift from your failed primary environment to your backup environment within minutes. Failover is critical for businesses that cannot afford the downtime involved in restoring backups from a backup archive.

By the end of this book, you’ll understand how to deploy the environment you see in Figure 1-2, but here’s an overview of what’s going on:

On the left side is a local business network that connects to the Internet via a virtual private network (VPN) gateway.

On the right (Azure) side is a three-VM deployment in a virtual network. A site-to-site VPN connects the local environment to the virtual network. Finally, an Azure load balancer spreads incoming traffic equally among the three identically configured web servers in the web tier subnet. As a result, the company’s internal staff can access the Azure-based web application over a secure VPN tunnel and get a low-latency, reliable, always-on connection to boot.

In this book, I refer to a local, physical network environment as an on-premises environment. In the wild, you’ll see stray references to “on premise”— sadly, even in Microsoft’s Azure documentation. Don’t make this mistake. A premise is an idea; premises refers to a location.

In my experience, only small businesses are agile enough to do all their work in the Azure cloud. That said, you may find that after your organization gets its sea legs with Azure and begins to appreciate its availability, performance, scalability, and security possibilities, you’ll be working to migrate more on-premises infrastructure into Azure, and you’ll be targeting more of your line-of-business (LOB) applications to the cloud first.

Service delivery models

Organizations deploy applications in three primary ways: Software as a Service, Infrastructure as a Service, and Platform as a Service.

Software as a Service (SaaS)

An SaaS application is a finished, customer-facing application that runs in the cloud. Microsoft Office 365 is a perfect example. As shown in Figure 1-3, you can use Word Online to create, edit, and share documents with only a web browser; an Internet connection; and an Office 365 subscription, which you pay for each month on a subscription basis.

With SaaS applications, you have zero visibility into the back-end mechanics of the application. In the case of Word Online, you neither know nor care how often the back-end servers are backed up, where the Office 365 data centers are geographically located, and so forth. All you care about is whether you can get to your cloud-hosted documents and whether Word Online behaves as you expect.

Platform as a Service (PaaS)

Much of my work as an Azure solution architect centers on explaining the benefits of PaaS over IaaS in certain scenarios.

Consider a business that runs a three-tier on-premises web application with VMs. The organization wants to move this application workload to Azure to take advantage of the benefits of cloud computing. Because the organization has always done business by using VMs, it assumes that the workload must by definition run in VMs in Azure.

Not so fast. Suppose that the workload consisted of a Microsoft-stack application. Maybe the business should consider using PaaS products such as Azure App Service and Azure SQL Database to leverage autoscale and pushbutton georeplication.

I discuss both Azure App Service and Azure SQL Database later in Part 3. For now, understand georeplication means placing synchronized copies of your service in other geographic regions for fault tolerance and placing those services closer to your users.

Or maybe the workload is an open-source project that uses PHP and MySQL. No problem. Azure App Service can handle that scenario. Microsoft also has a native hosted database platform for MySQL called (appropriately enough) Azure Database for MySQL.

With PaaS, Microsoft takes much more responsibility for the hosting environment. You’re not 100 percent responsible for your VMs because PaaS products abstract all that plumbing and administrative overhead away from you.

The idea is that PaaS products free you to focus on your applications and, ultimately, on the people who use those applications. If PaaS has a trade-off, it’s that relinquishing full-stack control is an adjustment for many old-salt systems and network administrators.

To sum up the major distinction between IaaS and PaaS, IaaS gives you full control of the environment, but you sacrifice scalability and agility. PaaS gives you full scalability and agility, but you sacrifice some control.

To be sure, the cloud computing literature contains references to other cloud deployment models, such as community cloud. You’ll also see references to additional delivery models, such as Storage as a Service (STaaS) and Identity as a Service (IDaaS). This chapter focuses on the most commonly used cloud deployment and delivery models.

Infrastructure as a Service (IaaS)

I find that most businesses that migrate their applications and services to Azure use the IaaS model, if only because they’ve delivered their services via VMs in the past — the old “If it ain’t broke, don’t fix it” approach.

In large part, IaaS is where the customer hosts one or more VMs in a cloud. The customers remain responsible for the full life cycle of the VM, including

Configuration

Data protection

Performance tuning

Security

By hosting your VMs in Azure rather than in your on-premises environment, you save money because you don’t have to provision the physical and logical resources locally. You also don’t have to pay for the layers of geographic, physical, and logical redundancy included in Azure out of the box.

Thus, whereas SaaS is a service that’s been fully abstracted in the cloud, and the customer simply uses the application, IaaS offers a split between Microsoft’s responsibility (providing the hosting platform) and the customer’s responsibility (maintaining the VMs over their life cycle).

Cloud computing in general, and Microsoft Azure in particular, use what’s called the shared responsibility model. In this model, Microsoft’s responsibility is providing the tools you need to make your cloud deployments successful — Microsoft’s data centers, the server, storage and networking hardware, and so on. Your responsibility is to use those tools to secure, optimize, and protect your deployments. Microsoft isn’t going to configure, back up, and secure your VMs automatically; those tasks are your responsibility.

Introducing Microsoft Azure Services

The Microsoft Azure service catalog has hundreds of services. Listing all of them in this book would be a waste of ink and paper, because by the time you read this chapter, the service list will have expanded even more.

Microsoft maintains a services directory at https://azure.microsoft.com/en-us/services, but in this chapter, I give you a high-level tour of what Microsoft calls 80 percent services — the Azure products that 80 percent of the customer base uses.

Azure history

In October 2008, Microsoft announced Windows Azure at its Professional Developers Conference. Many people feel that this product was a direct answer to Amazon, which had already begun unveiling AWS to the general public.

The first Azure-hosted service was SQL Azure Relational Database, announced in March 2009. Then came support for PaaS websites and IaaS virtual machines in June 2012. Figure 1-4 shows what the Windows Azure portal looked like during that time.

Satya Nadella became Microsoft’s chief operating officer in February 2014. Satya had a vision of Microsoft expanding its formerly proprietary borders, so Windows Azure became Microsoft Azure, and the Azure platform began to embrace open-source technologies and companies that Microsoft formerly considered to be hostile competitors.

I can’t overstate how important that simple name change was and is. Today, Microsoft Azure provides first-class support for Linux-based VMs and non-Microsoft web applications and services, which is a huge deal.

Finally, Microsoft introduced the RM deployment model at Microsoft Build 2014. The API behind Windows Azure was called Azure Service Management (ASM), and it suffered from several design and architectural pain points. ASM made it super-difficult to organize deployment resources, for example, and it was impossible to scope administrative access granularly.

The ARM API is modeled closely on the AWS API (you know the old saw “Imitation is the sincerest form of flattery”), with core architectural concepts such as resource groups and role-based access controls that were direct analogs of features in the AWS cloud.

To support old customers with old deployments, ARM still offers limited support for ASM deployments in the Azure portal (see Chapter 2). These resources are tagged with the suffix Classic. This book is committed to the ARM API, however, so I won’t be addressing ASM IaaS products.

Azure Virtual Machines is Microsoft’s Azure mainline IaaS product. Specifically, the Azure Marketplace in the Azure portal lists thousands of preconfigured VM images from Microsoft, endorsed Linux distributions, and third-party solution providers. You can see the gallery of VM images in Figure 1-5.

You can migrate your on-premises physical and virtual machines to Azure, of course, as well as create custom VM images. I’ll get to those topics in time; I promise.

PaaS products

The Azure product portfolio is filled with powerful, cost-saving PaaS offerings. Following are some of the more high-profile Azure PaaS products:

App Service:

Web Apps, Mobile Apps, API Apps, Logic Apps, and Function Apps

Databases:

Cosmos DB, Azure SQL Database, Azure Database for MySQL, and Azure Cache for Redis

Containers:

Azure Container Instances, Azure Container Registry, and Azure Kubernetes Service

DevOps:

Azure DevOps and Azure DevTest Labs

Internet of Things (IoT):

Azure IoT Hub, Azure IoT Edge, Azure Sphere, and Azure Digital Twins

Machine learning:

Azure Machine Learning Service, Azure Bot Service, Cognitive Services, and Azure Search

Identity:

Azure Active Directory, Azure AD Business-to-Business, and Azure AD Business-to-Consumer

Monitoring:

Application Insights, Azure Monitor, and Azure Log Analytics

Migration:

Azure Site Recovery, Azure Cost Management, Azure Database Migration Service, and Azure Migrate

Starting Your First Azure Subscription

You can have a free, low-obligation trial of the Microsoft Azure platform with the Azure free account. Low-obligation