Connect with us

Hi, what are you looking for?

Microsoft Azure

Microsoft Azure Services, Deployment Models, ExpressRoute, & VNets Explained

azure
I get asked a lot of questions about Microsoft Azure. To really understand Azure you need to have a good basic understanding of where Azure is at today. Azure is constantly changing. New features are added pretty much every week. What you knew last year could be very different from how things are running today. I want to discuss some high level topics around Azure in this article:

  • Why is Azure so important?
  • What are Classic and ARM deployment models?
  • What can I do with Infrastructure as a Service (IaaS) in Azure?
  • What can I do with Platform as a Service (PaaS) in Azure?
  • What is Azure ExpressRoute?
  • What is a VNet?
  • What is an ARM template or Artifact?

Why is Azure so important?

Some people think Azure is some light, airy, cloud thing floating around outside their datacenter they can connect to. A buzzword that’s going to evaporate and then it’s on to the next big thing. Don’t bother reading or learning about anything cloud, it’s just a fad. That’s a massive mistake if you plan on having a career in IT for the long term. I don’t even think of Azure as cloud. Think bigger (or higher in the case of this analogy). It’s an expansive ATMOSPHERE around your datacenter that quite literally stretches around the planet. No matter what part of IT you are in, you are going to be using it.

It’s important for you to understand when people say “everything is going into the cloud”, it’s not sticking everything you have in your datacenter in the cloud and shutting it’s doors. There are very few Fortune 500 companies with that kind of cloud strategy but yes, I can name a few that do. That’s not the norm. The point of the cloud is concentrate on building services without worrying about scaling out infrastructure on premises. That’s how Azure was born. Then enterprises realized they could stick infrastructure itself in the cloud and leverage it as they would infrastructure in their local datacenters. They could make a hybrid offering utilizing both. And that’s the other side of what’s available to you in Azure. A platform for building services and a platform for building infrastructure.

It’s not going away, it’s foundational in nature. It’s only getting bigger as more and more companies are leveraging it. There was a period of time where many companies were dipping their toes and wanting to try out cloud services by leveraging it for non-business critical services and data to see exactly how robust and reliable it could be. That time has come and gone and if your company doesn’t have a cloud strategy, leave. You are working at the wrong company. In a few years your skills will be obsolete. Almost every aspect of IT is represented in a cloud service as robust as Azure is and if you take the time to read through all the services I have listed, you’ll quickly understand how massive it truly is. What I like about Azure over other cloud service providers is that it fits well with enterprises that are already leveraging the Microsoft stack on premises. It’s a natural progression to extend this stack into Microsoft Azure.

What are Classic and ARM deployment models?

First I want to make sure you understand the differences between Classic and ARM. Azure has two deployment models, Classic (aka Azure Service Management, or ASM for short) and Resource Manager (aka Azure Resource Manager, or commonly called ARM). In a nutshell, Classic was back when Microsoft wanted Azure to be a platform for services. ARM is the newer model where Microsoft has decided customers want IaaS (Infrastructure as a Service) where they treat Azure as a hybrid or datacenter extension. Think compute, storage, network, etc. Eventually Classic will go away and ARM will become the only deployment model. Right now if you’re an Azure customer, you might have resources in both Classic and Azure. Most resources you have in Classic can be migrated to ARM without issue. There will be a lot more info on migration released soon.

So to visually describe this, if you are using Classic the management portal will be https://manage.windowsazure.com/ and look like this:
azure-classic

while ARM is managed at https://portal.azure.com and looks like this using “blades” that slide in and out:
azure-arm-portal

There’s also Azure Stack where you basically build a mini version of Azure in your own datacenter so you can run a hybrid cloud offering that you manage. It is in Technical Preview at the time of writing this article.

Just to put this out there, Office 365 runs in Azure yes. But not in the deployment models above, that’s Microsoft’s own playground dedicated to Office 365 tenants for their customers.

What can I do with Infrastructure as a Service (IaaS) in Azure?

In my experience when the words Microsoft Azure come up, people instantly think compute. A sever VM running in the cloud somewhere you can install your apps on. This is actually accurate, it’s a part of IaaS. But Azure is so much more than this. The bigger broader part of Azure is the PaaS side where the whole point is not to have to worry about the infrastructure, you just concentrate on building up your service. I’ll go over a brief description of the services offered in Azure below.

Product Managers at Microsoft, please don’t kill me. These are quick one line descriptions of what I think each component will do for a customer in a nutshell. Each service is actually very expansive so you should pull up the actual service page for each one you are interested in and get more info.

Infrastructure Services (IaaS)

  • OS/Server Compute
    • Virtual Machines – Windows or Linux virtual machines, you pay every minute the VM is up.
    • Virtual Machine Scale Sets – highly available, auto scaling version of the above.
    • Azure Container Service – orchestration and deployment of your containerized apps.
  • Storage
    • BLOB Storage – stores text or binary unstructured data like docs, media files, etc.
    • Azure File Storage – managed file shares using SMB 3.0.
    • Premium Storage – high performance low latency SSDs for VMs achieving up to 80,000 IOPS per VM.
  • Networking
    • Virtual Network – your very own private networks in Azure.
    • Load Balancer – layer 4 load balancer providing high availability to your VMs over any protocol.
    • DNS – DNS record hosting from Azure global DNS servers. This keeps your apps close to where the DNS query originated which makes your apps just a bit faster.
    • Express Route – a private circuit from your datacenter to Azure datacenters provided by your ISP. I’ll cover Express Route in detail later in this article.
    • Traffic Manager – uses DNS responses to direct end user traffic to globally distributed endpoints over any protocol.
    • VPN Gateway – provides connectivity between your datacenter and Azure via site to site VPN tunnel. Traffic to Azure is free, traffic from Azure to your datacenter is charged by the hour. You’ll need a compatible VPN device like Cisco ASA, Citrix CloudBridge, or even Microsoft RRAS on a Server 2012 box. I prefer Express Route over VPN Gateway.
    • App Gateway – layer 7 reverse proxy service terminating client connections and forwarding requests to back end VMs over HTTP and HTTPS only.

 

What can I do with Platform as a Service (PaaS) in Azure?

Now to the Platform side which is the big brunt of what’s offered in Azure.

Platform Services (PaaS)

  • Services Compute
    • Cloud Services – deploy highly available, infinitely scalable apps and APIs without having to worry about buying and managing hardware. Supports Java, Node.js, PHP, Python, .NET, and Ruby and has automatic OS and app patching.
    • Service Fabric – build and deploy microservice-based apps.
    • Batch – job scheduling and compute management. Imagine thousands of CPU cores in the cloud ready to do your bidding.
    • RemoteApp – RDS in the cloud to deliver your Windows apps to any device.
  • Integration
    • Storage Queues – message queues in the cloud for communication between app components.
    • BizTalk Services – extend your EDI, B2B, etc. systems to the cloud. Connect to any HTTP, FTP, SFTP, or REST data source.
    • Hybrid Connections – easily connect web apps and mobile apps to on prem resources securely via Shared Access Signature (SAS). Think key based communication via TCP or HTTP.
    • Service Bus – generic cloud based messaging system connecting apps, services, and devices in Azure or on prem with guaranteed message delivery.
  • Media & CDN
    • Media Services – broadcast quality video streaming to any device globally.
    • Content Delivery Network (CDN) – content delivery network for hosting audio, video, apps, images, any other files on global content servers closeset to the user for very fast load times. My website for example uses a CDN so people all over the world can load the screenshots in my articles as fast as possible.
  • Web & Mobile
    • Web Apps – create any deploy .NET, Java, PHP, Node.js, or Python web apps at scale on web servers all over the world without worrying about underlying infrastructure. Designed for DevOps so integration into Git, TFS, GitHub, and Visual Studio Team Services. Auto patching, built in HA, load balancing, and scaling.
    • API Apps – build APIs in the cloud or push existing APIs up. You can secure them with AD, single sign-on, or OAuth.
    • Mobile Apps – build native iOS, Android, and Windows apps or cross-platform Xamarin or Cordova (Phonegap) apps. They can all use single sign-on with your AD accounts or tons of other identity providers like Google, Facebook, Twitter, etc.
    • Logic Apps – design workflows with triggers and automatic actions to analyze, report, and act on disparate data sources.
    • API Management – turnkey solutions for publishing APIs to external and internal consumers.
    • Notification Hubs – push notifications for your apps from on prem or Azure to iOS, Windows Universal, Windows Phone, Android, Kindle, & more.
  • Developer Services
    • Visual Studio Team Services – let teams share code (unlimited code repositories), track work/bugs, and ship software.
    • Azure DevTest Labs – let users create environments using templates and artifacts but you still have total control of the infrastructure and usage.
    • Visual Studio Application Insights – detect and fix issues with your web apps or services.
    • HockeyApp – crash reporting for your mobile apps.
  • Data
    • SQL Database – managed SQL server databases.
    • SQL Data Warehouse – stretch SQL databases to Azure.
    • DocumentDB – managed NoSQL document databases.
    • Redis Cache – high throughput, low latency data access.
    • Azure Search – add cloud based search into your apps.
    • Storage Tables – for storing structured NoSQL data.
  • Analytics & IoT
    • HDInsight – managed Hadoop in the cloud.
    • Machine Learning – predictive analysis.
    • Stream Analytics – streaming processing in real time.
    • Data Lake Store -hyperscale repository for big data workloads.
    • Data Lake Analytics – distributed analytics service for big data.
    • Data Factory – orchestrate data transformation from multiple on-prem or cloud sources.
    • Event Hubs – receive telemetry from devices.
    • Data Catalog – metadata catalog.
    • Azure IoT Hub – connect, monitor, and control IoT assets.
    • Mobile Engagement – realtime analytics and marketing campaigns.
  • Security & Management
    • Portal – build, manage, and monitor everything in Azure from a single web console.
    • Azure Active Directory – extending your on premises Active Directory into Azure so you can use things like Office 365, SharePoint Online, etc. I wrote about setting it up from scratch and using AD Connect for syncing HERE.
    • Azure AD B2C – identity and access management in the cloud
    • Multi-Factor Authentication – Woohoo! One of my favorite Azure services for authenticating your users. I wrote about integrating it with Citrix NetScaler HERE.
    • Automation – automate anything in Azure using PowerShell, including using DSC to build your VMs.
    • Scheduler – job scheduler.
    • Key Vault – store, monitor, and audit access to your crypto keys.
    • Store/Marketplace – think app store on your phone but for Azure. Contains apps from ISVs (Independent Software Vendors) including appliances that fall int the IaaS space.
    • VM Image Gallery & VM Depot – preconfigured VMs/appliances.
  • Hybrid Operations
    • Azure AD Health Monitoring – monitors your connection to Office 365, health of AD FS servers, AD Connect servers, domain controllers, etc.
    • AD Privileged Identity Management – manage, control, monitor privileged accounts/admin accounts in Azure and Office 365.
    • Domain Services – join Azure VMs to a domain without deploying domain controllers, think DCs as-a-service.
    • Backup – backup everything to Azure both on-prem or in the cloud.
    • Log Analytics – log and analyze data from any system on-prem or in Azure.
    • Import/Export – transfer large amounts of data into our out of Azure using hard disk drives (when Internet is too slow to get it over).
    • Azure Site Recovery – aka ASR, orchestrated disaster recovery or even simply moving resources around.
    • StorSimple – intelligent hybrid storage array, you have a StorSimple appliance in your datacenter that talks to Azure and it keeps stuff on the array or sends it up to Azure depending on usage.

What is Azure ExpressRoute?

I covered ExpressRoute in my list above but I want to make sure you understand this. Microsoft Azure ExpressRoute allows you to connect your datacenter(s) to any of Microsoft’s Azure 22 datacenters in 30 different regions directly straight through your ISP, no need for VPN. Azure then becomes an extension of your datacenter. The benefit is you have a private low latency highly available connection straight into Azure with a 99.9% dedicated circuit uptime guarantee. None of your traffic has to be routed through the Internet.

You can choose the speed you want into Azure. Currently they are 50 Mbps, 100 Mbps, 200 Mbps, 500 Mbps, 1 Gbps, 2 Gbps, 5 Gbps, & 10 Gbps. Whatever your network throughput needs are, Azure ExpressRoute has an answer. You pay a monthly fee for this port speed. Additionally, you have to pay for the bandwidth you utilize. Inbound traffic is free, so getting stuff into Azure like backups, etc. won’t cost you a thing. Outbound traffic however is charged at anywhere from $0.025 to $0.14 per GB. So if you wanted to pull down a copy of your backups, you have to pay for that bandwidth. Instead of doing a metered plan you can do an all inclusive plan where both inbound and outbound traffic is unlimited. You must pay a higher monthly fee for the port speed. As an example, your 50 Mbps port speed would rise from $55 a month to $300 a month on an unlimited plan. Wow, I’m starting to sound like a cell phone salesman. 🙂

If you are serious about building a solid bridge between your datacenter(s) and Azure datacenters(s), then ExpressRoute is the way to go and I really want to encourage you to look into this over using VPN.

WHAT IS A VNET?

So what is a VNet and how does it work with ExpressRoute? A VNet is a virtual network you create in Azure. It is your little network you create in the Azure cloud. You can do whatever you like with it, it’s completely yours and you have full control over it. You can carve it up into different subnets and treat it just like any network in your datacenter.

Your subnets live in your VNets. You can have a front end, middle tier, backend, gateway subnet, etc. Whatever you need for what you’re trying to build out. You can isolate VNets or expose them to the public facing Internet, you have full control.

WHAT IS AN ARM TEMPLATE OR ARTIFACT?

As I mentioned before many companies want to test out Azure first. The best way to do that is leverage Azure DevTest Lab (which is currently in Preview) where you give controlled access to Azure to build VMs so people in your organization can do whatever they want but can’t go crazy. Think self-service for servers. Remember, you’re paying by the hour for every server you build so be careful. You can setup an Auto shutdown and the end of the day and an Auto start every morning for any day of the week to conserve hours. A fairly basic A2 machine won’t cost that much but if someone new to Azure doesn’t understand billing and utilization and builds a G5 server, you’re talking over $7,100 a month they would be wasting. I personally think Microsoft called it G5 on purpose, if you let people build them it can add up quickly and cost as much as a real “G5” (GulfStream V)!
g550-jet

Or even worse than cost, how about a security issue? By default if they spin up a VM it’s going to have a public facing IP. Be careful, don’t let people go nuts in Azure. As an admin you can actually create a DevTest Lab where devs can’t go nuts or have public IPs. So they can only get in via site to site VPN or ExpressRoute. Full role based access control to give them only what they need is available to you.

An Azure Artifact is basically your software. What you install into the OS. It can be 3rd party software or your own software just like you do in your datacenter. You can create a software repository of all your allowed installable apps and that collection is called an Artifact.

ARM templates can be used with Artifacts. An Azure Resources Manager template is just a JSON config to replicate your VM settings and Artifacts over and over again. You can use ARM templates for power services and PaaS as well. Very powerful stuff. You can even use it with Azure’s Automation Service for some really cool and efficient ways to deploy your environments. Lots of really cool templates available at the GitHub repository here: https://github.com/Azure/azure-devtestlab

Chocolatey can be used for package management/installer from the community managed software repository of over 3900 apps. Even the Citrix XenApp 7.8 Trial in the Azure Marketplace uses a bit of Chocolatey to setup some applications, very powerful stuff.

PowerShell DSC (Desired State Configuration) is only available in prod, not in the DevTestLabs at the time of writing this article. Also check into Puppet or Chef for this type of stuff. It’s very similar to Artifacts but for a live running VM, not for something end user facing like Artifacts. DSC is part of Azure Automation by the way.

Lastly, I get asked a lot of questions about Windows 10. Windows 10 is not in the Enterprise Azure subscription, only in MSDN. It’s a client OS and is really meant for dev/test. You can get a premium add-on for your Enterprise subscription to get it added on but again, it can’t be used for production workloads.

FINAL THOUGHTS

I hope this Azure intro has been helpful to you. I can’t urge enough that you need to be taking a look at Azure for the long term. There’s going to be a big industry wide push for IoT (Internet of Things), machine learning, data analytics, and predictive analysis that will occur over the next several years. There is a reason why Microsoft is recruiting some of the top data scientists in the world. If you aren’t laying the foundational pieces of your cloud strategy right now, you’re going to be in trouble when you are going to be asked to deliver these types of services to your business.

If you work at an enterprise and don’t have the ability to leverage Azure in a production capacity, check if your EA (Enterprise Agreement) gives you access to MSDN accounts where you can test stuff out. If you’re an individual you can sign up for trials on most everything I referenced above or purchase an MSDN subscription which will give you a monthly credit on Azure. There’s so much to learn and do in Azure, you’ll be amazed. 🙂

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Apache

Today I would like to go over proper URL redirection when using SSL but first I would like to preface this by describing what...

Citrix Workspace

You can use FIDO2 hardware security keys plugged into your physical desktop over the Citrix HDX remoting protocol for use with virtualized Windows Desktop...

Exchange 2003

A useful Exchange 2003 guide I wrote for a friend’s blog originally but I am posting it here on mine now for your viewing...

Cloud Design Architecture

The community-driven paperback book initiated by my friends Bas van Kaam and Christiaan Brinkhoff is available for sale on Amazon. If you haven’t picked...

JasonSamuel.com began in 2008 as a way for me to give back to the IT community. This website features the latest news and how-to's on enterprise mobility, security, virtualization, cloud architecture, and other technologies I work with. This website has evolved over time to become a go-to reference hub for these technologies. It receives hundreds of thousands of unique visitors from all over the world each month. More details on the About Me page.
Copyright © 2008-2023 JasonSamuel.com