There is plenty of information about Azure on the internet. However, a lot of it is written as marketing material or simply outdated. When it comes to real tasks, it turns out that much of those scripts and tutorials no longer work. This Q/A session with Elkhan Yusubov is covering key terms behind Azure, to set a good start for learning on your own. It is by no means an all-inclusive tutorial.
Elkhan is a principal engineer architect & trainer with experience in healthcare systems, C#, Python, Nodejs, HL7 FHIR, EDI X12 and overall healthcare data standards. He is an active MCT, Azure SME (Architecture, DevOps, Security) and specialized in tech training of development teams.
Table of contents (click to navigate to corresponding section):
- Top 3 Hot Features
- Important Azure Terms / Vocabulary
- Serverless VS Web API
- Azure VS Other Vendors
- Azure Tools for Various OS
- Troubleshooting Applications in Azure
- Serverless Over Docker
- Azure and Private Cloud
- Azure at Scale
- SLA and Security Issues
- Getting Started with Azure
Top 3 Hot Features
List top 3 hot features in Azure, either just released, or quickly gaining popularity in the recent days? Feel free to provide more than 3 if you want.
Storage account - provides a unique namespace for your Azure Storage data that is accessible from anywhere in the world over HTTP or HTTPS. Data in your Azure storage account is durable and highly available, secure, and massively scalable. You could use it as a Server Message Block (SMB) protocol to store your folders & files in the cloud.
AKS (Azure Kubernetes Services) - combines functionalities of Kubernetes and Microsoft Azure for better outcomes in application development. It is a fully managed container orchestration platform that has its foundation in the open source Kubernetes system. It makes the deployment, scaling, and management of containers and container-based applications possible across a cluster of container hosts.
Security Center - is a security posture management for your cloud workloads. The Security Center gives you defense in depth with its ability to both detect and help protect against cyber threats. Actually, it is using machine learning to process trillions of signals across Microsoft services and systems. The Security Center alerts you of threats to your environments, such as remote desktop protocol (RDP) brute-force attacks and SQL injections. And it provides actionable recommendations for mitigating these threats. You can always start with its free tier and advance forward based on your organizational needs.
Important Azure Terms / Vocabulary
Explain top 3-5 Azure specific terms that most non-Azure folks do not know, or that have a different meaning in Azure, when coming from the old world of hosted environments?
Elkhan: Global administrator is a very powerful role in Azure to manage pretty much everything, and assigned by default to the Azure account holder. Keep in mind that Azure Active Directory (AAD) and Azure resources are secured independently from one another. That is, Azure AD role assignments do not grant access to Azure resources, and Azure role assignments do not grant access to Azure AD. However, if you are a Global Administrator in Azure AD, you can assign yourself access to all Azure subscriptions and management groups in your directory.
Use this capability if you don’t have access to Azure subscription resources, such as virtual machines or storage accounts, and you want to use your Global Administrator privilege to gain access to those resources. When you elevate your access, you will be assigned the User Access Administrator role in Azure at root scope (/). This allows you to view all resources and assign access in any subscription or management group in the directory. User Access Administrator role assignments can be removed using Azure PowerShell, Azure CLI, or the REST API.
Be very careful with this elevation, and it is recommended to remove this elevated access once you have made the changes you need to make at root scope.
Region - An Azure region is a set of datacenters deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network.
Availability Zones are physically separate locations within an Azure region. Each Availability Zone is made up of one or more datacenters equipped with independent power, cooling, and networking. Availability Zones allow customers to run mission-critical applications with high availability and low-latency replication.
Resource group - is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group. You decide how you want to allocate resources to resource groups based on what makes the most sense for your organization. Generally, add resources that share the same lifecycle to the same resource group so you can easily deploy, update, and delete them as a group.
Subscription - Adopting Azure begins by creating an Azure subscription, associating it with an account, and deploying resources like virtual machines and databases to the subscription. Everything will suspend or halt if the subscription carries zero credit unless the subscription is a post-paid subscription through organizational agreement.
Management groups - Governance in Azure is one aspect of Azure Management. If your organization has many subscriptions, you may need a way to efficiently manage access, policies, and compliance for those subscriptions. Azure management groups provide a level of scope above subscriptions. You organize subscriptions into containers called “management groups” and apply your governance conditions to the management groups. All subscriptions within a management group automatically inherit the conditions applied to the management group. Management groups give you enterprise-grade management at a large scale no matter what type of subscriptions you might have. All subscriptions within a single management group must trust the same Azure Active Directory tenant.
Serverless VS Web API
Serverless and Web API (REST), which one do you recommend? Think about convenience, performance, cost. Seems like everything is going serverless. Is there any reason to choose Web API in 2020?
Elkhan: It depends on what workloads and usage pattern your project has in place.
For unpredictable burstbursts in usage, serverless will be the right choice, like one day 150 concurrent users and then suddenly you get 450-1500 current users the next day.
Serverless - is not an answer to everything either. As, you might save substantially on predictable workloads with reserved instances of compute (aka, VMs or compute instances). For example: Running a website that has an average load of 300-5000 active users - would be cost effective on a reserved web-app instance.
When not to use serverless is well summarized in this article.
Azure VS Other Vendors
How does Azure compare to other cloud vendors (AWS, Google)?
Elkhan: Azure will shine and safe you bucks on Microsoft related licensing and workloads. Also keep in mind that enterprise customers get more value with Azure AD and Office 365 integrations. Enterprise level security and management is also big on azure platform. Microsoft also has many tools and utilities to develop and manage cloud services.
Big data, Kubernetes, Analytics and OSS works best with GCP.
Amazon is the current leader in cloud computing, and might offer unique services if you already invested in that ecosystems
Azure Tools for Various OS
Do you know any tools for Azure outside of portal and CLI? For example, is there a GUI tool for Windows or Linux? What about mobile phones and tablets?
Elkhan: Yes, there are a bunch of tools like Storage explorer and emulators that help to develop for Azure while being offline.
You can manage Azure services (windows and/or linux) from a mobile app (Android/iOS) as well.
Troubleshooting Applications in Azure
If your Azure app does not perform well, how do you troubleshoot it? Anything similar to server/event log, network/Cisco log etc?
Elkhan: Yes, there are good tutorials to deal with that. For example: Kudu is an open source tool to troubleshoot issues on your web app/api. Below is a good 11 minute tutorial.
Another big one is Network watcher. It is designed to monitor and repair the network health of IaaS.
And of course Azure Log analytics, a big repository for events and logs that you interconnect for system troubleshooting and analysis. See here for tutorial.
Serverless Over Docker
Serverless (Azure functions) is the evolution of docker, same as docker was once an evolution over VMs. Is there any reason to keep using docker containers over serverless? What are the typical use cases?
Elkhan: Well, Azure functions is definitely using some type of container engine behind the scene to power code execution. But, it is much more than that. It is a convenient configuration/environment where developers just run the code.
It also come with baked in limitations regarding which environment you could have and how long your code could be executed (5-30 minutes).
You could definitely choose Docker containers or Kuberenetes pods for long running processes, and gain much better control over the environment and its dependents.
You would go with serverless functions (lambda or azure functions) for unpredictable usage scenarios, where a readily available environment satisfies your needs, as it would scale in demand and would cost you $0 while idle.
Azure and Private Cloud
What about outside integration, can Azure work with other cloud providers? What about private cloud?
Elkhan: Yes, that is supported and called Azure Stack. Extend Azure services and capabilities to your environment of choice—from the datacenter to edge locations and remote offices—with Azure Stack.
In addition, there is a concept of hybrid-cloud in Azure, where you could extend your cloud network to use on-prem servers or services.
Hybrid-cloud also refers to the option of running and managing a multi-cloud environment (AWS, Google Cloud, Alibaba, etc.) with Azure management capabilities called - Azure Arc.
Azure at Scale
Do you know any big companies that are running on Azure, not counting Microsoft?
Elkhan: Yes, 97% of the Fortune 500 companies are running on or utilizing Azure cloud resources. Those are BMW, Johsons and Johnsons, Maersk, BP, Shell, Medical hospitals, US Military, NFL, NBA, soccer clubs like Real Madrid, etc. - more case studies.
SLA and Security Issues
What is Azure’s SLA? Does it depend on how much you buy? How do you monitor recent issues?
Elkhan: SLA’s depend on the service tier, but they usually start with 99 or 99.5% uptime.
Security is a shared responsibility of client and platform, and Azure does a good job by helping to secure workloads with tools like Security Center and Azure Sentinel.
Azure keeps outages and any issues transparent through the Trust center.
Getting Started with Azure
Tutorials, videos, books - what do you recommend?
Elkhan: If you look forward to get good fundamentals in Azure platform - then just start with free online tutorials on Azure fundamentals.
Keep up to date with Azure on “Azure Friday” video channel.
I also recommend the following Youtube channels: