September 26, 2021

Azure Architecture

Looking at 6 pieces here.

1 of 6 | Azure Regions

Microsoft carved up the planet into geographical boundaries called regions. Sometimes it’s based on countries due to different laws and regulations for handling data such as the Chinese firewall, GDPR, etc.

Each Geography contains >= 2 Regions

Each Region Pair contains exactly 2 Regions. Because pair implies 2.

Latency inside the pair < 2ms. In other words traffic leaving Region A will arrive at Region B in less than a pair of milliseconds. That guaranteed by Microsoft.

Azure Region pairs down to Update Domains

Azure Regional Pairs

GeographyRegion Pair ARegion Pair B
Asia-PacificEast Asia (Hong Kong)Southeast Asia (Singapore)
AustraliaAustralia EastAustralia Southeast
AustraliaAustralia CentralAustralia Central 2
BrazilBrazil SouthSouth Central US
CanadaCanada CentralCanada East
ChinaChina NorthChina East
ChinaChina North 2China East 2
EuropeNorth Europe (Ireland)West Europe (Netherlands)
FranceFrance CentralFrance South
GermanyGermany CentralGermany Northeast
IndiaCentral IndiaSouth India
IndiaWest IndiaSouth India
JapanJapan EastJapan West
KoreaKorea CentralKorea South
North AmericaEast USWest US
North AmericaEast US 2Central US
North AmericaNorth Central USSouth Central US
North AmericaWest US 2West Central US
NorwayNorway EastNorway West
South AfricaSouth Africa NorthSouth Africa West
SwitzerlandSwitzerland NorthSwitzerland West
UKUK WestUK South
United Arab EmiratesUAE NorthUAE Central
US Department of DefenseUS DoD EastUS DoD Central
US GovernmentUS Gov ArizonaUS Gov Texas
US GovernmentUS Gov IowaUS Gov Virginia
US GovernmentUS Gov VirginiaUS Gov Texas

2 of 6 | Availability Zones

A Data Center is an Availability Zone, Why couldn’t they just call it data center. Why make up other words

There are >= 3 Availability Zones (AZ) per Region IF the Region supports Availability Zones at all. This looks like a trick question. The phrase might say “Availability Zone Enabled Region.”

TODO: Find out which Regions don’t support AZs.

Not all Azure Services support AZs, but here are the ones that do:

Services related to IAM that support AZs

  • Azure Active Directory

Services related to Applications that support AZs

  • Application Gateway V2

Services related to Databases that support AZs

  • Azure Data Explorer
  • Azure SQL Database
  • Azure Cache for Redis
  • Azure Cosmos DB

Services related to Orchestration that support AZs

  • Azure Kubernetes Service

Services related to Networking that support AZs

  • Azure Firewall
  • Standard Load Balancer
  • Standard IP Address
  • VPN Gateway
  • ExpressRoute Gateway

Services related to Storage that support AZs

  • Managed Disks
  • Zone-redundant Storage

Services related to Virtual Machines that support AZs

  • Linux VMs
  • Windows VMs
  • Virtual Machine Scale Sets

Services related to Events that support AZs

  • Event Hubs
  • Event Grid

Services related to Messaging (MaaS) that support AZs

  • Service Bus (Premium Tier)

SLA for AZ = 99.99% (4 nines), but only if you have >= 2 VMs in 2 different AZs

SLA for 2 VMs in 2 AZs

SLA for Availability Set is 99.95% (3 nines)

SLA for 2 VMs in 2 Fault Domains (FD)

Two categories of services that support AZs (obviously for High Availability you need to put them in at least 2 AZs):

  1. Zonal Services
    • VMs
    • Managed Disks in the VMs
    • Public IP addresses used for the VMs
  2. Zone Redundant Services – There is an option when you create the service to make them zone redundant. Azure will take care of it for you and put it across 2 AZs.
    • Zone Redundant Storage
    • SQL Databases

3 of 6 | Resource Groups

A Resource Group (RG) is logical container for Azure services.

Advantages for setting up a Resource Group:

  • Easily set deployments using ARM Templates
  • Give the RG an easily recognizable name, so you know what services go with an application, like rg-Post288.com, rg-Gingsoft.com, and rg-awpsec.com

Resource Group Rules:

  • An Azure resource == 1 Resource Group. You can’t have a resource be a part of more than 1 Resource Group.
  • You can move a resource to a different Resource Group is you want.
  • When you delete a Resource Group, all of the resources go to bye-bye village.

4 of 6 | Azure Subscriptions

Azure Subscription Overview

You get an Azure Subscription automagically when you sign up for an Azure Account.

Subscription Rules:

  • Every subscription has these and other fields:
    • Subscription ID : char(32) or 4-bytes
      • 12345678-1234-1234-1234-123456789abc
    • Subscription Name : Friendly name that you provide
      • Gingsoft Cloud
    • Parent management group : char(32) or 4-bytes
      • 87654321-4321-4321-4321-cba987654321
    • Offer : Select one of the Types
      • Free Trial
      • Pay-As-You-Go
      • Pay-As-You-Go Dev/Test
      • Azure for Students
      • Azure for Students Starter
      • Azure Pass - Sponsorship
      • Azure in Open
      • Microsoft Partner Network
      • Microsoft Azure Sponsorship
      • Microsoft Azure Sponsorship 2
      • MSDN Platforms Subscription
      • Visual Studio Enterprise Subscription
      • Visual Studio Enterprise Subscription - MPN
      • Visual Studio Enterprise: BizSpark
      • Visual Studio Professional Subscription
      • Visual Studio Test Professional Subscription
      • Developer Support
      • Standard Support
      • Professional Direct Support
    • Offer ID : a code that Microsoft uses
      • MS-AZR-0003P
  • A single Account can have many Subscriptions. Examples:
    • Subscription: Day Job
    • Subscription: Nocturnal Job
    • Subscription: Beer League Hockey Team
  • Subscriptions have limits (aka Quotas) assigned to it.
    • So you might want to use multiple subscriptions to get around the limits.
    • If you have a good business justification, Microsoft can increase the limits.
    • Not all limits can be increased.

Adding a subscription

You can easily add subscription by selecting the type

Add an Azure Subscription

5 of 6 | Management Groups

A Management Group is a container for organizing resources. If your organization has many subscriptions, you may need a way to organize subscriptions and apply your governance conditions to the management groups.

Benefits of using Management Groups:

  • More precise control with access to resources
  • Efficiently manage access, policies, and compliance for those subscriptions
  • Management groups give you enterprise-grade management at a large scale no matter what type of subscriptions you might have.

Rules for Management Group:

  • Management Groups can only contain Subscriptions and other Management Groups
  • You can manage access for subscriptions
  • You can manage policies for subscriptions
  • You can manage compliance for subscriptions
  • All subscriptions within a management group automatically inherit the conditions applied to the management group
  • All subscriptions within a single management group must trust the same Azure Active Directory tenant
  • You are limited to 10,000 Management Groups
  • The hierarchy can only be 6 levels deep
  • You can not have multiple parents, only 1 parent.

6 of 6 | Azure Resource Manager (ARM)

In order to make it easier to deploy and manage shit in Azure, Microsoft developed ARM

Benefits of ARM

  • ARM allows you to easily deploy multiple Azure resources at once
  • Easy to reproduce deployments (aka repeatable)
  • Allows you to create declarative templates for deployment instead of complex deployment scripts.
  • Setup dependencies so resources are deployed in the correct order.

Rules for ARM

  • ARM is a service that runs in Azure
  • ARM is responsible for all interactions with Azure services
  • When you attempt to create a new service, ARM checks for authorization to verify you are allowed to create it. Then talks to the Resource Provider for the service that you are creating
  • There are Resource Providers for every service in Azure
  • The ARM API is the same for all inputs such as the Azure Portal, Command Line, Visual Studio, etc.
  • You can’t create or manage anything in Azure without going through the ARM API
  • ARM uses a declarative syntax
  • You don’t tell ARM how to do anything, you just tell it what you want
  • ARM Templates are in JSON format

ARM Template has the following elements:

{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "",
"apiProfile": "",
"parameters": { },
"variables": { },
"functions": [ ],
"resources": [ ],
"outputs": { }
}