AZ-900 [4] - Azure Core Architecture Components
Azure Core Architecture Components
Azure has around 60 regions where they provide their services
- A region could be a country but not necessarily
- A region pair is when two regions are connected.
- Region pairs have the fastest interlink and special treatment during Azure Updates
- Data stored in a region never leaves the region, the region respects the data privacy laws of the country in which the data centers reside in.
Microsoft Azure Infrastructure Map
Soverign Azure
Sovereign regions are connected to a country or a government and the resources are not publicly available
- Not connected to the Azure Public Cloud
- Require approval to join/create a subscription
- Adhere to different compliance standards
Availabilty Zones
Availability zones are physical locations that are physically separate in each azure region.
- They are physically separate
- They have their power, cooling, and network
- Each AZ has 5 MilliSecond connections with the eachother
- Not all Azure Regions support AZ.
- Not every service supports Availability Zones.
There are three types of Azure Zonal Services
- Zonal Services
- Zone Redundant Services
- Always Available Services
Zonal Service
- We choose the zone where we wish to deploy our services
- Then we choose another zone to deploy the duplicate of the service such that we can improve the resiliency of the deployment. Eg Virtual Machines
Zone Redundant Services
- These services are pre-configured by azure for multiple zonal deployments.
- Needs no additional configuration. Eg Azure SQL Database.
Always Available Services
- These are global services that are managed by Microsoft to be always available.
- also called “non-regional services”.
- Eg. Azure Portal, Azure Active Directory, Azure Front Door.
Some services are flexible and give the client to choose between a zonal and zone-redundant deployment
Resources and Resource Groups
There is a hierarchy of the resources within Microsoft Azure
Resources
- A genric word to represent a service such as a VM, Database, etc
- One can create a resource in many ways, using CLI tools, Azure Portal and ARM Template.
- Each resource is named and unique, and we indicate the region where they are created.
- Resources can be unique just to a resource group or azure as a whole.
- Most resources have all costs associated with them.
- The resource is always associated with one and only one subscription to which its cost is billed.
Resource Groups
- Its the logical grouping of resources
- It is recommended that all the services in the resource group have a similar lifecycle - deploy together, delete together, etc.
- All resources must belong to one and only one resource group.
- Permissions can be assigned at a resource group level
- There is no security offered by a resource group for communications, i.e resource A from Group A can access resource B in group B
Subscriptions
- It is a billing unit within azure
- A payment method is always associated with a subscription.
- Users can have access to more than one subscription and different roles.
These are the plans offered by Azure
- Free Plan - 200 for the first 30 Days
- Pay as you Go - billed to credit card
- Enterprise Agreement - EA
- Free Credits - MSDN, Startup Plans
Although it is possible to manage all the services from a single Subscription. Some companies choose to have multiple subscritions to segregate different teams using Azure services for better security and manageability, some even choose to divide the teams geographically ie country/region wise
Management Group
A management group can be managed by another management group. We can enforce certain policies on certain groups and subscriptions called Azure policies or use these policies as a blueprint.