The Azure Cloud Native Architecture Mapbook E-Book

The Azure Cloud Native Architecture Mapbook

Explore Microsoft Cloud's infrastructure, application, data, and security architecture

Stephane Eyskens

Ed Price

BIRMINGHAM—MUMBAI

The Azure Cloud Native Architecture Mapbook

Copyright © 2021 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author(s), nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Aaron Lazar

Publishing Product Manager: Denim Pinto

Senior Editor: Storm Mann

Content Development Editor: Nithya Sadanandan

Technical Editor: Gaurav Gala

Copy Editor: Safis Editing

Project Coordinator: Deeksha Thakkar

Proofreader: Safis Editing

Indexer: Rekha Nair

Production Designer: Nilesh Mohite

First published: February 2021

Production reference: 1160221

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-80056-232-5

www.packt.com

To my wife, Diana Lucic, who designed all the maps of this book.

– Stephane Eyskens

To my sons, Ben and Yoav, for showing me how talent and creativity evolve. To Tsippi and Shlomo Bobbe, for their love, support, and inspiration.

– Ed Price

Contributors

About the authors

Stephane Eyskens is an Azure solutions architect and a digital transformation advocate, helping organizations to get better results out of their cloud investments. As an MVP, he is an active contributor to the Microsoft Tech Community and has worked on multiple open source projects available on GitHub. Stephane is also a Pluralsight assessment author, as well as the author of multiple books and online recordings.

Ed Price is a senior program manager in engineering at Microsoft, with an MBA in technology management. He leads Microsoft's efforts to publish reference architectures on the Azure Architecture Center (http://aka.ms/Architectures). Previously, he drove data center deployment and customer feedback, and he ran Microsoft's customer feedback programs for Azure development, Service Fabric, IoT, Functions, and Visual Studio. He was also a technical writer at Microsoft for 6 years and helped lead TechNet Wiki. He is the co-author of five books, including Learn to Program with Small Basic and ASP.NET Core 5 for Beginners, available from Packt.

About the reviewers

Giorgos-Chrysovalantis Grammatikos is an Azure solutions architect with Tisski Ltd. He is an IT pro with over 10 years of experience in the industry, has achieved various Azure and other Microsoft certifications, and has been an Azure MVP since 2018. His specialization is in various Microsoft technologies including the Azure cloud, SQL Server, Power BI, and Hyper-V. He is an active member of the Microsoft community, blogging on his website cloudopszone.com and posting technical articles on the Microsoft wiki and dev blogs. He is a frequent public speaker at meetups and various Microsoft Azure events.

Sjoukje Zaal is a Microsoft chief technical officer at Capgemini, a Microsoft regional director, and a Microsoft Azure MVP with over 20 years of experience providing architecture, development, consultancy, and design expertise. She mainly focuses on cloud, security, productivity, and IoT.

She loves to share her knowledge and is active in the Microsoft community as a co-founder of the user groups Tech Daily Chronicle, Global XR Community, and the Mixed Reality User Group. She is also a board member of Azure Thursdays and Global Azure. Sjoukje is an international speaker, is involved in organizing many events, and has written several books and blogs. Sjoukje is also part of the MVP Diversity and Inclusion Advisory Board.

Table of Contents

Preface

Section 1: Solution and Infrastructure

Chapter 1: Getting Started as an Azure Architect

Technical requirements

Getting to know architectural duties

Enterprise architects

Domain architects

Solution architects

Data architects

Technical architects

Security architects

Infrastructure architects

Application architects

Azure architects

Architects versus engineers

Getting started with the essential cloud vocabulary

Cloud service models map

IaaS (Infrastructure as a Service)

PaaS (Platform as a Service)

FaaS (Function as a Service)

CaaS (Containers as a Service)

DBaaS (Database as a Service)

XaaS or *aaS (Anything as a Service)

Introducing Azure architecture maps

How to read a map

Understanding the key factors of a successful cloud journey

Defining the vision with the right stakeholders

Defining the strategy with the right stakeholders

Starting implementation with the right stakeholders

Practical scenario

Summary

Chapter 2: Solution Architecture

Technical requirements

The solution architecture map

Zooming in on the different workload types

Understanding systems of engagement

Understanding systems of record

Understanding systems of insight

Understanding systems of interaction (IPaaS)

Looking at cross-cutting concerns and non-functional requirements

Looking at cross-cutting concerns and the cloud journey

Zooming in on containerization

Solution architecture use case

Looking at a business scenario

Using keywords

Using the solution architecture map against the requirements

Building the target reference architecture

Code view of our workflow-based reference architecture

Looking at the code in action

Understanding the gaps in our reference architecture

Summary

Chapter 3: Infrastructure Design

Technical requirements

The Azure infrastructure architecture map

Zooming in on networking

The most common architecture

Data center connectivity options

Zoning

Routing and firewalling

Zooming in on monitoring

Zooming in on high availability and disaster recovery

Zooming in on backup and restore

Zooming in on HPC

AKS infrastructure

Exploring networking options with AKS

Exploring deployment options with AKS

Monitoring AKS

Exploring AKS storage options

Scaling AKS

Exploring miscellaneous aspects

AKS and service meshes for microservices versus Azure native services

AKS reference architecture for microservices – cluster boundaries

AKS reference architecture for microservices – cluster internals

Summary

Chapter 4: Infrastructure Deployment

Technical requirements

Introducing Continuous Integration and Continuous Deployment (CI/CD)

Introducing the CI/CD process

Introducing the IaC CI/CD process

The Azure deployment map

Getting started with the Azure CLI, PowerShell, and Azure Cloud Shell

Playing with the Azure CLI from within Azure Cloud Shell

Using PowerShell from within Azure Cloud Shell

Combining PowerShell and the Azure CLI from within Azure Cloud Shell

Understanding the one that rules them all

Diving into ARM templates

Getting started with ARM

Understanding the ARM template deployment methods

Understanding the ARM template deployment scopes

Understanding the ARM template deployment modes

Understanding the anatomy of an ARM template

Building a concrete example using linked templates

Getting started with Azure Bicep

Getting started with Terraform

Zooming in on a reference architecture with Azure DevOps

Using a simple approach to an IaC factory

Using an advanced approach to an IaC factory

Summary

Section 2: Application Development, Data, and Security

Chapter 5: Application Architecture

Technical requirements

Understanding cloud and cloud-native development

Exploring the Azure Application Architecture Map

Zooming in on data

Zooming in on cloud design patterns

Dealing with cloud-native patterns

Understanding the COMMODITIES top-level group

Exploring EDAs

Inspecting the Azure Service Bus configuration

Adding the other components to the mix

Developing microservices

Using Dapr for microservices

Understanding Dapr components

Getting started with Dapr SDKs

Looking at our scenario

Developing our solution

Testing our solution

Combining Dapr and the API gateway of Azure APIM

Summary

Chapter 6: Data Architecture

Technical requirements

Looking at the data architecture map

Analyzing traditional data practices

Introducing the OLAP and OLTP practices

Introducing the ETL practice

Introducing the RDBMS practice

Delving into modern data services and practices

Introducing the ELT practice

Exploring NoSQL services

Learning about object stores

Diving into big data services

Ingesting big data

Exploring big data analytics

Azure-integrated open source big data solutions

Introducing AI solutions

Understanding machine learning and deep learning

Integrating AI solutions

Dealing with other data concerns

Introducing Azure Cognitive Search

Sharing data with partners and customers (B2B)

Migrating data

Governing data

Getting our hands dirty with a near real-time data streaming use case

Setting up the Power BI workspace

Setting up the Azure Event Hubs instance

Setting up Stream Analytics (SA)

Testing the code

Summary

Chapter 7: Security Architecture

Technical requirements

Introducing cloud-native security

Reviewing the security architecture map

Exploring the recurrent services security features

Exploring the recurrent data services security features

Zooming in on encryption

Managing your security posture

Zooming in on identity

Delving into the most recurrent Azure security topics

Exploring Azure managed identities in depth

Demystifying SAS

Understanding APL and its impact on network flows

Understanding Azure resource firewalls

Adding the security bits to our Contoso use case

Summary

Section 3: Summary

Chapter 8: Summary and Industry Scenarios

Revisiting our architectures

Sample architecture

Solution architecture

Infrastructure architecture

Azure deployment

Application architecture

Data architecture

Security architecture

Visiting the verticals

Automotive and transportation scenarios

Predictive insights with vehicle telematics

Predictive aircraft engine monitoring

IoT analytics for autonomous driving

Banking and financial services scenarios

Banking system cloud transformation

Decentralized trust using blockchain

Additional financial services architectures

Gaming scenarios

Low-latency multiplayer gaming

Gaming using MySQL or Cosmos DB

Healthcare scenarios

Building a telehealth system on Azure

Medical data storage architectures

AI healthcare solutions

Predicting length of stay using SQL Server R Services

Producing and consuming IoT healthcare data

Confidential computing on a healthcare platform

Manufacturing scenarios

Supply chain track and trace

Industrial IoT analytics

AI and analytics manufacturing architectures

Oil and gas scenarios

Run reservoir simulation software on Azure

Oil and gas tank level forecasting

IoT monitor and manage loops

Retail scenarios

Retail and e-commerce Azure database architectures

Demand forecasting with Spark on HDInsight

Demand forecasting with machine learning

AI retail scenarios

Architecture for buy online, pick up in store

The unique values of this book

Summary

Why subscribe?

Other Books You May Enjoy

Section 1: Solution and Infrastructure

In this section, we will first revise the different architecture practices and dimensions, because the word architect is sometimes misunderstood or abused. We will share our views on the different architecture dimensions that we cover throughout the book. The initial chapter will set the scene for your journey. Then, we will get you started with Azure and acquainted with the services that you can assemble to design and build solutions. We will also focus on an essential foundation – the infrastructure – and you will get to know how to leverage Infrastructure as Code and automation, to get an optimal return on investment out of your cloud expenditures.

In this section, we will cover the following topics:

Chapter 1: Getting Started as an Azure Architect

In this chapter, we will focus on what an architect's role entails and explain the various cloud service models that are made available by the Microsoft Azure platform. We will describe how the numerous maps in this book are built, what they intend to demonstrate, and how to make sense of them.

More specifically, in this chapter, we will cover the following topics:

Our purpose is to help you learn the required vocabulary that is used across the book. You will also understand the duties of an Azure architect. We will explain the most frequently used service models and their typical associated use cases, which every Azure architect should know. We start smoothly, but beware that the level of complexity will increase as we go. Let's start by getting acquainted with the definition of an architect.

Technical requirements

The Maps provided in this chapter are available at https://github.com/PacktPublishing/The-Azure-Cloud-Native-Architecture-Mapbook/tree/master/Chapter01.

Getting to know architectural duties

Before we define what an Azure architect is, let's first define what an architect's role is and how our maps specialize to reflect these different profiles. The word architect is used everywhere on the IT planet. Many organizations have their own expectations when it comes to defining the tasks and duties of an architect. Let's share our own definitions as well as some illustrative diagrams.

Enterprise architects

Enterprise architects oversee the IT and business strategies, and they make sure that every IT initiative is in line with the enterprise business goals. They are directly reporting to the IT leadership and are sometimes scattered across business lines. They are also the guardians of building coherent and consistent overall IT landscapes for their respective companies. Given their broad role, enterprise architects have a helicopter view of the IT landscape, and they are not directly dealing with deep-dive technical topics, nor are they looking in detail at specific solutions or platforms, such as Azure, unless a company would put all its assets in Azure. In terms of modeling, they often rely on the TOGAF (short for The Open Group Architecture Framework) modeling framework and ArchiMate. The typical type of diagrams they deal with looks like the following:

Figure 1.1 – Capability viewpoint: ArchiMate

As you can see, this is very high level and not directly related to any technology or platform. Therefore, this book focusing on Azure is not intended for enterprise architects, but they are, of course, still welcome to read it!

Domain architects

Domain architects own a single domain, such as the cloud. In this case, the cloud is broader than just Azure, as it would probably encompass both public and private cloud providers. Domain architects are tech-savvy, and they define their domain roadmaps while supervising domain-related initiatives. Compared to enterprise architects, their scope is more limited, but it is still too broad to master the bits and bytes of an entire domain. This book, and more particularly our generic maps, will certainly be of great interest for cloud domain architects. Diagram-wise, the domain architects will also rely on TOGAF and other architecture frameworks, but scoped to their domain.

Solution architects

Solution architects help different teams to build solutions. They have T-shaped skills, which means that they are specialists in a given field (the base of the T), but they can also collaborate across disciplines with the other experts (the top of the T). Solution architects are usually in charge of designing solution diagrams, and they tackle non-functional requirements, such as security, performance, and scalability. Their preferred readings will be our chapter dedicated to solution architecture, as well as some reference architectures. Solution architects may build both high-level technology-agnostic, and platform-specific diagrams. Azure solution architects may build reference architectures, such as, for instance, one that we can find on the Azure Architecture Center (https://docs.microsoft.com/en-us/azure/architecture/):

Figure 1.2 – AI at the edge with Azure Stack

The preceding diagram illustrates how to leverage both Azure Stack and Azure, together with artificial intelligence services. Such architectures can be instantiated per asset, but still remain rather high-level. They depict the components and their interactions, and must be completed by the non-functional requirements. We will explore this in more detail in the next chapter.

Data architects

Data architects oversee the entire data landscape. They mostly focus on designing data platforms, for storage, insights, and advanced analytics. They deal with data modeling, data quality, and business intelligence, which consists of extracting valuable insights from the data, in order to realize substantial business benefits. A well-organized data architecture should ultimately deliver the DIKW (Data, Information, Knowledge, Wisdom) pyramid as shown in Figure 1.3:

Figure 1.3 – DIKW pyramid

Organizations have a lot of data, from which they try to extract valuable information, knowledge, and wisdom over time. The more you climb the pyramid, the higher the value. Consider the following scenario to understand the DIKW pyramid:

Figure 1.4 – DIKW pyramid example

Figure 1.4 shows that we start with raw data, which does not really make sense without context. These are just numbers. At the information stage, we understand that 31 stands for a day, 3 is March, and 3,000 is the number of visits. Now, these numbers mean something. The knowledge block is self-explanatory. We have analyzed our data and noticed that year after year, March 31 is a busy day. Thanks to this valuable insight, we can take the wise decision to restock our warehouses up front to make sure we do not run short on goods.

That is, among other things, the work of a data architect to help organizations learn from their data.

Data is the new gold rush, and Azure has a ton of data services as part of its catalog, which we will cover in Chapter 6, Data Architecture.

Technical architects

Technical architects have a deep vertical knowledge of a platform or technology stack, and they have hands-on practical experience. They usually coach developers, IT professionals, and DevOps engineers in the day-to-day implementation of a solution. They contribute to reference architectures by zooming inside some of the high-level components. For instance, if a reference architecture, designed by a solution architect, uses Azure Kubernetes Services (AKS) as part of the diagram, the technical architect might zoom inside the AKS cluster, to bring extra information on the cluster internals and some specific technologies. To illustrate this, Figure 1.5 shows a high-level diagram a solution architect might have done:

Figure 1.5 – Reference architecture example

Figure 1.6 shows the extra contribution of a technical architect:

Figure 1.6 – Reference architecture refined by a technical architect

We see that the reviewed diagram contains precise technologies, such as KEDA (Kubernetes-based Event Driven Autoscaling), and Dapr (Distributed Application Runtime), for both autoscaling and interactions with event and data stores.

The technical architect will mostly be interested in our detailed maps.

Security architects

In this hyper-connected world, the importance of security architecture has grown a lot. Security architects have a vertical knowledge of the security field. They usually deal with regulatory or in-house compliance requirements. The cloud and, more particularly, the public cloud, often emphasizes security concerns (much more than for equivalent on-premises systems and applications). With regard to diagrams, security architects will add a security view (or request one) to the reference solution architectures, such as the following:

Figure 1.7 – Simplified security view example

In the preceding example, the focus is set on pure security concerns: encryption in transit (TLS 1.2) between the browser and the web application firewall (WAF). The WAF enforces a security ruleset to protect against the Open Web Application Security Project (OWASP) top 10 vulnerabilities. The API gateway acts as a policy enforcement point before it forwards the request to the backend service. The backend authenticates to the database using managed service identity (MSI), and the database is encrypted at REST with customer-managed keys. Figure 1.7 clearly emphasizes what security architects are interested in.

However, as we will explore further in Chapter 7, Security Architecture, mastering cloud and cloud-native security is a tough challenge for a traditional (on-premises) security architect. Cloud native's defense in depth primarily relies on identity, while traditional defense in depth relies heavily on the network perimeter. This gap is often a source of tension between the cloud and non-cloud worlds.

Infrastructure architects

Infrastructure architects focus on building IT systems that host applications, or systems that are sometimes shared across workloads. They play a prominent role in setting up hybrid infrastructures, which bridge both the cloud and the on-premises world. Their diagrams reflect an infrastructure-only view, often related to the concept of a landing zone, which consists of defining how and where business assets will be hosted. A typical infrastructure diagram that comes to mind for a hybrid setup is the Hub & Spoke architecture (https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke):

Figure 1.8 – Hub and spoke architecture

Figure 1.8 is a simplified view of the hub and spoke, which, in reality, is much more complex than this. We will explore this further in Chapter 3, Infrastructure Design. We will also stress some important aspects related to legacy processes, so as to maximize the chances of a successful cloud journey.

Application architects

Application architects focus on building features that are requested by the business. Unlike other architects, they are not primarily concerned by non-functional requirements. Their role is to enforce industry best practices and coding patterns in order to make maintainable and readable applications. Their primary concerns are to integrate with the various Azure services and SDKs, as well as leverage cloud and cloud-native design patterns that are immensely different from traditional systems. Beyond this book, a good source of information for them is the Microsoft documentation on cloud design patterns (https://docs.microsoft.com/en-us/azure/architecture/patterns/).

What is challenging for application architects is to correctly understand the ecosystem in which the application runs. Today, there is a clear trend that entails breaking the monolith. In other words, we slice the architecture into multiple decoupled pieces, and we end up with a very distributed architecture. In most modern applications, a lot of common duties are offloaded to specialized services, often not so well known by old school application architects. For instance, an API gateway already has built-in policies for API throttling, token validation, and caching. Instead of writing your own plumbing in code to handle this, it is better to offload it. Another attention point for application architects is the horizontal scaling story of the cloud, meaning that applications/services must be multi-instance aware, which is rarely the case with monoliths. We will explore these concerns further in Chapter 5, Application Architecture.

Azure architects

From the top to the bottom of our enumeration, the IT landscape shrinks, from the broadest to the narrowest scope. It would be very surprising to ever meet an Azure enterprise architect. Similarly, it is unlikely that we will stumble upon an Azure domain architect, since the parent domain would rather be the cloud (which is much broader than just Azure).

However, it makes sense to have Azure-focused solution architects, technical architects, and data architects, because they get closer to the actual implementation of a solution or platform. Depending on your interest and background, you might specialize in one or more service models, which are depicted in the following section. Thus, some Azure architects will be interested in specialized maps, and some simply won't be interested, although it is always highly recommended to look at the broader picture.

Architects versus engineers

Before we move on, we need to address the engineer that we all have inside of us! What differentiates architects from engineers is probably the fact that most architects have to deal with the non-functional requirements piece. In contrast, engineers, such as developers and IT professionals, are focused on delivering and maintaining the features and systems requested by the business, which makes them very close to the final solution. Nevertheless, this book also contains some sections that are likely to help engineers build effective solutions.

Now that we are clear with what the role of an architect is all about, it is time to get started with the different service models and acquire the essential vocabulary that every Azure architect should know.

Getting started with the essential cloud vocabulary

In this section, we will cover the essential basic skills every Azure architect should have. The cloud has different service models, which all serve different purposes. It is very important to understand the advantages and inconveniences of each model, and to get acquainted with the jargon relating to the cloud.

Cloud service models map

Figure 1.9 demonstrates our first map (not counting our sample map), which depicts the different cloud service models and introduces some vocabulary. This map features two additional dimensions (costs and ops) to each service model, as well as some typical use cases:

Figure 1.9 – Cloud service models

In terms of cost models, we see two big trends: consumption and pre-paid compute/plans. The consumption billing model is based on the actual consumption of dynamically allocated resources. Pre-paid plans guarantee a certain compute capacity that is immediately made available to the cloud consumer. In terms of operations, the map highlights what is done by the cloud provider, and what you still have to do yourself. For instance, very low means that you have almost nothing to do yourself. We will now walk through each service model.

IaaS (Infrastructure as a Service)

IaaS is probably the least disruptive model. It is basically the process of renting a data center from a cloud provider. It is business as usual (the most common scenario) in the cloud. IaaS is not the service model of choice to accomplish a digital transformation, but there are a number of scenarios that we can tackle with IaaS:

With regard to costs and operations, they are almost equivalent to on-premises, although it is very hard to compare the total cost of ownership (TCO) of IaaS versus on-premises.

Of course, facilities, physical access to the data center, and more are all managed by the cloud provider. It is no longer necessary to buy and manage the hardware and infrastructure software by yourself. However, you should be aware that most companies today have a hybrid strategy, which consists of keeping a certain number of assets on-premises, while gradually expanding their cloud footprint. In this context, IaaS is a required model to some extent, in order to bridge the on-premises and cloud worlds.

PaaS (Platform as a Service)

PaaS is a fully managed service model that helps you build new solutions (or refactor existing ones) much faster. PaaS reuses off-the-shelves services that already come with built-in functionalities and whose underlying infrastructure is fully outsourced to the cloud provider. PaaS is quite disruptive with regard to legacy systems and practices.

Unlike IaaS, in order to make a successful cloud journey, PaaS requires a heavy involvement from all the layers of the company and a top sponsor from the company's leadership. Make no mistake: this is a journey. With PaaS, much of the infrastructure and most operations are delegated to the cloud provider. The multi-tenant offerings are cost-friendly, and you can easily leverage the economies of scale, providing you adopt the PaaS model. PaaS is suitable for many scenarios:

The preceding list of use cases is not exhaustive, but it should give you an idea of what this service model's value proposition is.

FaaS (Function as a Service)

FaaS is also known as serverless. It emerged rather recently; it started with stateless functions that were executed on shared multi-tenant infrastructures. Nowadays, FaaS expanded to much more than just functions, and it is the most elastic flavor of cloud computing. While the infrastructure is also completely outsourced to the cloud provider, the associated costs are calculated based on the actual resource consumption (unlike PaaS, where the cloud consumer pre-pays a monthly fee based on a pricing tier). FaaS is ideal in numerous scenarios:

FaaS allows cloud consumers to focus on building their applications without having to worry about system capacity, while still keeping an eye on costs. The price to pay for the flexibility and elasticity of FaaS is usually a little performance overhead that is caused by the dynamic allocation of system resources when needed, as well as less control over the network perimeter. This leads to some headaches for an internal Security Operations Center (SOC), which is the reason why FaaS cannot be used for everything.

CaaS (Containers as a Service)

CaaS is between PaaS and IaaS. Containerization has become mainstream, and cloud providers could not miss that train. CaaS often involves more operations than PaaS. For example, Azure Kubernetes Service (AKS) involves frequent upgrades of the Kubernetes version on both the control plane and the worker nodes. Rebooting OS-patched worker nodes remains the duty of the cloud consumer. We could say that AKS is a semi-managed service as it is less managed than a PaaS or FaaS one, but it is much more managed than a regular IaaS virtual machine.

On the other hand, Web App for Containers is a fully managed service that sits between PaaS and CaaS, from a feature standpoint. Azure Container Instances (ACI) is also fully managed and sits between serverless (the consumption-pricing model) and CaaS. Admittedly, CaaS is probably the hardest model when it comes to evaluating both costs and the level of operations. It is, nevertheless, suitable for the following scenarios:

We will explore the CaaS world in Chapter 2, Solution Architecture, and AKS in Chapter 3, Infrastructure Design.

DBaaS (Database as a Service)

DBaaS is a fully managed service model that exposes storage capabilities. Data stores, such as Azure SQL, Cosmos DB, and Storage Accounts, significantly reduce operations, while offering strong high availability and disaster recovery options. Other services, such as Databricks and Data Factory, do not strictly belong to the DBaaS category, but we will combine them for the sake of simplicity. Until very recently, Azure DBaaS was mostly based on pre-paid resource allocation, but Microsoft introduced the serverless model in order to have more elastic databases. DBaaS brings the following benefits:

We will explore DBaaS in Chapter 6, Data Architecture.

XaaS or *aaS (Anything as a Service)

Other service models exist, such as IDaaS (Identity as a Service), to such an extent that the acronym XaaS, or *aaS, was born around 2016, to designate all the possible service models. It is important for an Azure architect to grasp these different models, as they serve different purposes, require different skills, and directly impact the cloud journey of a company.

Important note

We do not cover Software as a Service (SaaS) in this book. SaaS is a fully managed business suite of software that often relies on a cloud platform for its underlying infrastructure. SaaS examples include Salesforce and Adobe Creative Cloud, as well as Microsoft's own Office 365, Power BI, and Dynamics 365 (among others).

Now that we reviewed the most important service models, let's dive a little more into the rationale behind our maps.

Introducing Azure architecture maps

Although we have already presented a small map, let's explain how Azure architecture maps were born and how to make sense of them. However rich the official Microsoft documentation might be, most of it is textual and straight to the point, with walk-throughs and some reference architectures. While this type of information is necessary, it is quite hard to grasp the broader picture. An exception to this is the Azure Machine Learning Algorithm Cheat Sheet (https://docs.microsoft.com/en-us/azure/machine-learning/algorithm-cheat-sheet), which depicts, in a concise way, the different algorithms and their associated use cases. Unfortunately, Microsoft did not create cheat sheets for everything, nor is there any other real visual representation of the impressive Azure service catalog and its ecosystem. That gap leaves room for some creativity on the matter…and that is how Azure architecture maps were born. The primary purpose of Azure architecture maps is to help architects find their way in Azure, and to grasp, in the blink of an eye, the following:

Given the size of the Azure service catalog, a single map would not suffice. Hence, we created specialized maps. They are not restricted to Microsoft services and, when applicable, may also refer to marketplace and third-party solutions. Let's jump to the next section, which explains how to read and make sense of the maps.

How to read a map

The maps proposed in this book will be your Azure compass. It is therefore important to understand the fundamentals of how to read them. We will therefore go through a sample map to explain the semantics and its workings. Figure 1.10 presents a very tiny, sample map:

Figure 1.10 – A sample map

The central point that the diagram depicts is the Master Domain (MD), the central topic of the map. Each branch represents a different area belonging to the MD. Under the sub domains, you can find the different concerns. Directly underneath the concerns, the different options (the tree's leaves) might help you address the concerns (see POSSIBLE OPTION in Figure 1.10). There might be more than one option to address for a given concern. For example, CONCERN 2 in the diagram offers two options: ALTERNATIVE 1 and ALTERNATIVE 2.

From time to time, dotted connections are established between concerns or options that belong to different areas, which indicates a close relationship. In the preceding example, we see that the ALTERNATIVE 2 option connects down to the SUB DOMAIN 2 concern. To give a concrete example of such a connection, we might find a Dapr leaf under the microservice architecture concern that is connected (by a dotted line) to a Logic Apps leaf under the integration concern. The rationale of this connection is because Dapr has a wrapper for self-hosted Logic Apps workflows. Let's now see how, as an architect, you can get started with your cloud journey.

Understanding the key factors of a successful cloud journey

The role of the Azure architect is to help enterprises leverage the cloud to achieve their goals. This implies that there is some preparation work up front, as there is no such thing as a one-size-fits-all cloud strategy. As we have just seen, the various cloud service models do not respond to the same needs and do not serve similar purposes. It is, therefore, very important to first define a vision that reflects which business and/or IT goals are pursued by your company before you start anything with the cloud.

As an example, typical transversal drivers (when moving to the cloud) are cost optimization and a faster time to market. Cost optimization can be achieved by leveraging the economies of scale from multi-tenant infrastructures. A faster time to market is conceived by maximizing outsourcing from the cloud provider. Should you have these two drivers in mind, rushing to a pure IaaS strategy would be an anti-pattern. Whatever your drivers, a possible recipe of success is the following: Define Vision è Define Strategy è Start Implementation. Let's now go through a few key aspects and start with the vision.

Defining the vision with the right stakeholders

Write a vision paper to identify what you are trying to solve with the cloud. Here are a few example questions for problems you might want to solve: