Azure Compute and Networking services

Table of Contents

Compute Services

“Execute code” in the cloud

https://learn.microsoft.com/en-us/azure/architecture/guide/technology-choices/compute-decision-tree

  1. Azure Virtual Machines: A service where you deploy and manage virtual machines (VMs) inside an Azure virtual network.
    1. https://learn.microsoft.com/en-us/azure/virtual-machines/overview
    2. Closest analogue to a “server” in cloud computing
    3. It is virtual
    4. A single physical machine will be subdivided into slices and you get to rent a single slice of it
    5. Virtual Machine Types
      1. Over 700 to choose from
      2. Number of CPU cores, CPU speed, RAM size, temporary disk size, IOPS, etc.
  2. Azure App Service: A managed service for hosting web apps, mobile app back ends, RESTful APIs, or automated business processes.
    1. PaaS
    2. A new paradigm for running code in the cloud
    3. Give your code and configuration to Azure, and they will run it
    4. Promise of performance but no access to hardware
  3. Azure Functions: A managed function as a service.
  4. Azure Kubernetes Service (AKS): A managed Kubernetes service for running containerized applications.
  5. Azure Container Apps: A managed service built on Kubernetes, which simplifies the deployment of containerized applications in a serverless environment.
  6. Azure Container Instances: This service is a fast and simple way to run a container in Azure. You don’t have to provision any VMs or adopt a higher-level service.
  7. Azure Red Hat OpenShift: A fully managed OpenShift cluster for running containers in production with Kubernetes.
  8. Azure Spring Apps: A managed service designed and optimized for hosting Spring Boot apps.
  9. Azure Service Fabric: A distributed systems platform that can run in many environments, including Azure or on-premises.
  10. Azure Batch: A managed service for running large-scale parallel and high-performance computing (HPC) applications.

VM Scale Sets (VMSS)

  1. Elasticity is the goal
  2. Autoscaling (grow and reduce)
  3. A group of virtual machines that can grow and shrink in quantity based on a predefined rule
  4. Usually based on monitoring demand
  5. Can be based on time (schedule)
  6. Can be based on many other factors
  7. With a “load balancer” in front to direct traffic randomly to one of the machines
  8. Can handle up to 100 VMs in a single scale set
  9. Can be configured to increase that to 1000 VMs in a single scale set
  10. If you need more, you can create more scalesets

Container Services

  1. Another paradigm for running code in the cloud
  2. Containers contain everything the app needs to run in a “container image”
  3. Fastest and easiest to deploy
  4. Azure Container Instance (ACI) - single instances, quickest way to deploy a container
  5. Azure Container Apps - easy to use like a web service, with advanced features
  6. Azure Kubernetes Service (AKS) - runs on a cluster of servers, enterprise-grade

Azure Virtual Desktop

  1. Desktop version of Windows that runs in the cloud
  2. Your software installed, your files - available from anywhere
  3. Can even see your desktop on iOS and Android, or from any web browser
  4. Runs on Azure

Azure Functions

  1. FaaS (Function as a Service)
  2. Serverless model
  3. Small pieces of code that run entirely in the cloud
  4. Utility function - does something specific in a finite amount of time
  5. Is triggered by something happening
    1. HTTP call, timer, blob creation, message queue, etc.
  6. Very inexpensive
    1. Free tie - one million executions per month free
  7. Can support more complicated designs
    1. Durable functions
    2. Long-running functions
    3. Premium or dedicated hosting options
  8. Examples
    1. A small piece of code that runs every day at 12 am, and summarizes yesterday’s data
    2. A small piece of code that checks a blob container for new files, and does something everytime it finds a new one
    3. A small piece of code that runs every six hours, and retrieves the latest weather forecase from a publicly accessible weather API

Azure Networking Services

  1. They are called Virtual Networks or VNets
  2. Extensive global network of cables, switches and routers - physical network
  3. By default, two virtual machines in Azure are not allowed to talk with each other - security
  4. Virtual networks are analogous to the physical networks we would set up in our own office or data center - IaaS
  5. In Azure, its virtual because it is effectively just a database entry in a table that establishes the path between VM A and VM B.
  6. Virtual Networks are assigned an address space of either IPv4 or IPv6 addresses, or both
  7. These are private addresses, which cannot be accessed from outside of Azure or other networks inside of Azure
  8. A single VNet is usually assigned a large quantity address space to support potential future growth
  9. There is no shortage of private IP addresses

Subnets

  1. All VNets are subdivided into one or more subnets
  2. The subnet is assigned a range of IP addresses which must exist in the address space of the parent VNet
  3. Usually, there is a security layer between subnets; traffic must match a predefined ruleset to pass
  4. All virtual machines must belong to at least one subnet, using a Network Interface Card (NIC)
  5. Some VMs have more than one NIC and can connect to more than one subnet
  6. VMs can optionally be assigned to a public IP, which makes it eligible to be accessed from outside Azure (subnet to security/firewalls)

Network Security Group

  1. Aka NSG
  2. An access control list (ACL) that blocks traffic inbound and outbound from a subnet unless it matches certain rules
  3. The rules are based on source IP, source port, destination IP, destination port, and protocol (5-tuple match)

Network Peering

  1. Communication is blocked between two subnets on different networks
  2. Connecting two subnets together is called peering
  3. This allows communication between a VN on one network and a VM on a different network

Azure DNS

  1. Azure DNS only applies internal to Azure to applied networks

Azure VPN Gateway

  1. VPN in Virtual Private Network
  2. Allows communication between a workstation and a network, or between two networks
  3. Encrypts traffic between those two points

VPNs

  1. Outside of Azure, VPNs require a physical device to be installed on a network
  2. Inside of Azure, you can install a VPN Gateway as a virtual device on your network
  3. VPN Gateway requires its own subnet
  4. Example scenario - Work from home
    1. You might need to use a VPN to connect to the office network
    2. This is called “point to site” VPN or P2S

VPN Peering

  1. You can also connect two distant networks using VPN devices
  2. This is called “site to site” VPN, or S2S
  3. Can connect an entire office of computers to an Azure subnet, to two offices together

ExpressRoute

  1. If communicating into Azure at high speeds is important to you, look into ExpressRoute
  2. A private connection from your ISP to an Azure endpoint
  3. Bypasses the public Internet

Public and Private endpoints

Anything with a private endpoint in Azure is not accessible from the public internet at all.

Links to this note