Cloud Computing Advantages

There are several benefits that a Cloud environment has over a physical environment:

High AvailabilityCloud-based applications can provide a continuous user-experience with no apparent downtime.
ScalabilityApplications in the Cloud can be scaled in two ways:
1) Vertically: adding RAM or CPUs to a virtual machine. 
2) Horizontally: adding instances of a resource, say, virtual machines to your configuration.
ElasticityCloud-based applications can be configured to take advantage of auto-scaling so your applications will always have the resources they need.
AgilityCloud-based resources can be deployed and configured quickly as your application requirements change.
Geo-distributionApplications and data can be deployed to regional data centers around 
the globe so your customers always have the best performance in their region.
Disaster RecoveryDeploy your applications with the confidence that your data is safe in the event that disaster should occur.


Cloud service providers operate on a consumption-based model, which means that end users only pay for the resources that they use. When analyzing the benefits of Cloud computing, there are two different types of expenses that you should consider:

Capital Expenditure (CapEX)The upfront spending of money on physical infrastructure, and then deducting that upfront expense over time.
Operational Expenditure (OpEX)You spend money on products or services and are build for them at the moment of use.

When  a capital investment was made, accountants categorize this transaction as a CapEx over time to account for the assets limited useful lifespan, assets are depreciated or amortized. Cloud services, on the other hand, are categorized as an OpEx because of their consumption model. Cloud service provider, Azure, manages the costs that are associated with the purchase and lifespan of the physical equipment.

Cloud Service Models

These models define the different level of shared responsibility that a cloud provider and cloud tenant are responsible for.

The most flexible category of cloud services, it aims to give you complete control over the hardware that runs your application.
Data center, networking firewall, servers, storage, …
Provides the same benefits and considerations as IaaS but there are some additional benefits.
Operating systems, development tools, …
Software that centrally hosted and managed for you and your users or customers.
Hosted applications, …

Like PaaS, serverless computing enables developers to build applications faster by eliminating the need for them to manage infrastructure. Note that servers are still running the code. The name serverless comes from the fact that the tasks associated with infrastructure provisioning and management are invisible to the developer. With serverless computing, the Cloud service provider automatically provisions scales, and manages the infrastructure required to run the code.

There are three deployment models for cloud computing:

Public cloudServices are offered over the public internet and available to anyone. Cloud resources, such as servers and storage are owned and operated by a third-party cloud service provider and delivered over the Internet.
Private cloudComputing resources used exclusively by users from one business or organization. It can be physically located at your organization’s on-site or on-premises data center. It can also be hosted by a third-party service provider.
Hybrid cloudCombine a public cloud and a private cloud by allowing data and applications to be shared between them.

Microsoft Azure Architecture

There are four levels in the organization of resources in Azure:

Management GroupsManage access, policy, and compliance for multiple subscriptions.
Subscriptionslogical units of Azure services that links to an Azure account.
Resource GroupsLogical containers of resources.
ResourcesInstances of services, say virtual machines.

Management Groups

Azure management groups provide a level of scope above subscriptions. Apply your governance conditions to the management groups. All subscriptions within a management group, automatically inherit the conditions applied to the management group.

Management groups give you Enterprise grade management at a large scale, no matter what type of subscriptions you might have. All subscriptions within a single management group must trust the same Azure AD tenant.


Using Azure requires subscription, at least one subscription is needed to create cloud-based resources in Azure. There are two subscription boundaries that you can use:

  1. Billing boundary – separate billing reports and invoices for each subscription so that you can organize and manage costs.
  2. Access control boundary – access management policies is applied at the subscription level. You can create separate subscriptions to reflect different organizational structures.

You might want to create additional subscriptions for different purposes: for example, environments, organizational structures, billing, or subscription limits. If you have multiple subscriptions, they can be organized into invoice sections. You can further set up multiple invoices within the same billing account. Each billing profile has its own monthly invoice and payment method.

Resource Groups and Resources

After you’ve created a subscription, you’re ready to start creating resources and storing them in resource groups. You decide which resources belong in a resource group based on what makes the most sense for your organization.

It is a good idea to organize your resources by life cycle in non-production environments. If you delete a resource group, all resources contained within it are also deleted. Resource groups are also a scope for applying role based access control permissions. By applying RBAC permissions to a resource group, you can ease administration and limit access to allow only what’s needed.

Azure Resource Manager

Azure Resource Manager commonly referred to his ARM, is the deployment and management service for Azure. It provides a management layer that enables you to create, update and delete resources in your Azure account.

When a user sends a request from any of the Azure tools, APIs, SDKs, etc; Resource Manager receives the request. It authenticates and authorizes the request, then it sends the request to the Azure service.

Resource Manager brings many benefits:

  1. Manage your infrastructure through decorative template rather than scripts.
  2. Deploy, manage and monitor all the resources for your solution as a group.
  3. Redeploy your solution throughout the development life cycle.
  4. Deploy in a consistent state defined the dependencies.
  5. Apply access control to all services because RBAC is natively integrated into the management platform.
  6. Apply tags to resources to logically organize all the resources in your subscription.
  7. Clarify your organization’s billing by viewing costs for a group of resources that share the same tag.


Resources are created in regions which are different geographical locations around the globe that contain Azure data centers. Regions are what you use to identify the location for your resources. There are two other terms you should also be aware of, geographies and Availability Zones.

Region Pairs

Each Azure region is always paired with another region within the same geography. This approach allows for the replication of resources across a geography, that helps reduce the likelihood of interruptions because of events such as natural disasters. If a region in a pair was affected, services would automatically fail over to the other region in its region pair.

Availability Zones

Azure can help make your app highly available through Availability Zones. Availability Zones are physically separate data centers within an Azure region. Each availability zone is made up of one or more data centers equipped with independent power, cooling and networking. An availability zone is set up to be an isolation boundary.

Availability Zones are primarily for VMs, managed disks, load balances and SQL databases. Azure services that support Availability Zones fall into two categories:

  1. Zonal services, you pin the resource to a specific zone.
  2. Zone-redundant services. The platform replicates automatically across zones.

Databases, Big Data & Analytics

Azure Cosmos DB

Azure cosmos DB is a globally distributed multi-model database service. Using Azure Cosmos DB, you can elastically and independently scale throughput and storage across any number of Azure regions worldwide.

Azure Cosmos DB also support schema-less data which lets you build highly responsive and always on applications to support constantly changing data. You can use this feature to store data that’s updated and maintained by users around the world.

At the lowest level, Azure Cosmos DB stores Data in atom record sequence (ARS) format. The data is then abstracted and projected as an API, which you specify when you’re creating your database. Azure Cosmos DB supports SQL, MongoDB, Cassandra, Tables and Gremlin APIs.

Azure SQL Database

Azure SQL Database is a PaaS relational database based on the latest stable version of the Microsoft SQL Server database engine, which provides you with a high performance, reliable, fully managed and secure database.

With Azure SQL Database, you can create a highly available and high performance data storage layer for the applications and solutions in Azure. You can use it to build data driven applications and websites in the programming language of your choice without needing to manage infrastructure. You can migrate your existing SQL Server databases with minimal downtime by using the Azure Database Migration Service.

Azure SQL Managed Instance

Azure SQL Managed Instance is a scalable cloud data service that provides the broadest SQL Server Database Engine compatibility with all the benefits of a fully managed Platform as a Service. Depending on your scenario, Azure SQL Managed Instance might offer more options for your database needs.

Azure SQL Managed Instance provides several options that might not be available to Azure SQL Database. One of the features of Azure SQL Managed Instance is that server-level collation could be specified when the instance is created. On the other hand, Azure SQL Database only uses the default SQL_Latin1_General_CP1_CI_AS server collation.

Azure SQL Managed Instance makes it easy to migrate your on-premises data on SQL Server to the client using the Azure Database Migration Service (DMS) or native backup and restore.

Azure Database for MySQL

Azure Database for MySQL is a relational database service in the cloud, and it’s based on the MySQL community edition database engine. You can migrate your existing MySQL databases with minimal downtime by using the Azure Database Migration Service.

Azure Database for PostgreSQL

You and your team probably already know the benefits of PostgreSQL. The server’s software is based on the community version of the open-source PostgreSQL database engine. The service is available in two deployment options:

  1. Single Server
  2. Hyperscale (Citus)
    • Horizontally scales across multiple machines
    • Query parallelization for faster responses
    • Best for greater scale and performance

Big Data and Analytics

Microsoft Azure offers a broad range of technologies and services that provide big data and analytic solutions, including:

Azure Synapse AnalyticsFormerly Azure SQL Data Warehouse, a limitless analytics service that brings together enterprise data warehousing and big data analytics.
You have a unified experience to ingest, prepare, manage, and serve data
for immediate via machine learning needs.
Azure HDInsightA fully managed open-source analytics service for enterprises.
You can run popular open-source frameworks and create cluster types such as Apache Spark, Hadoop, Kafka, HBase, Storm, and Machine Learning Services.
HDInsight also supports a broad range of scenarios such as extraction,
transformation, and loading, ETL, data warehousing, machine learning and IoT.
Azure DatabricksHelp you unlock insights from all your data and build artificial intelligence solutions. You can set up your Apache Spark environment in minutes, and then autoscale and collaborate on shared projects in an interactive workspace.
Azure Databricks supports Python, Scala, R, Java, and SQL, as well as data science frameworks and libraries including TensorFlow, PyTorch, and scikit-learn.
Azure Data Lake AnalyticsAn on-demand analytics job service that simplifies big data. Instead of deploying, configuring, and tuning hardware, you write queries to transform
your data and extract valuable insights.


Using Azure, you can create compute resources, configure them to do the work that’s needed and pay for only what you use. Azure compute is an on-demand computing service for running Cloud-based applications. It provides computing resources such as disks, processors, memory, networking, and operating systems.

Azure Virtual Machines and Scale Sets

Virtual Machines are software emulations of physical computers. Virtual machines provide Infrastructure-as-a-Service (IaaS), and can be used in different ways. Just like a physical computer, you can customize all the software running on the Virtual Machine. This ability is helpful when you’re running custom software or custom hosting configurations.

Virtual Machine Scale Sets are an Azure compute resource that you can use to deploy and manage a set of load-balanced identical Virtual Machines. The number of Virtual Machines instances can automatically increase or decrease in response to demand or defined schedule.

Azure Batch

Azure Batch enables large scale parallel and high performance computing or HPC, batch jobs with the ability to scale to even thousands of virtual machines. When you’re ready to run a job, Batch does the following:

  1. Starts a pool of compute virtual machines for you
  2. Installs applications and staging data
  3. Runs jobs with as many tasks is you have
  4. Identifies failures
  5. Re-queues work
  6. Scales down the pool as work completes

Azure Container Instances (ACI) and Kubernetes Service (AKS)

If you want to run multiple instances of an application on a single host machine, Containers are an excellent choice. Containers are lightweight virtualized application environments. They’re designed to be quickly created, scaled out, and stopped dynamically.

Containers are managed through a container orchestrator, there a two options:

Azure Container Instances
The fastest and simplest way to run a container in Azure, without having to manage any Virtual Machines or adopt any additional services. It’s a Platform-as-a-Service offering that allows you to upload your containers, which it runs for you.
Azure Kubernetes Service
A complete orchestration service for containers with distributed architectures
and large volumes of containers. Orchestration is the task of automating and
managing a large number of containers and how they interact.

Containers are often used to create solutions by using a micro service architectures. A microservice architecture consists of a collection of small autonomous services. Each service is self contained and should implement a single business capability.

Azure App Service

Azure App Service, on the other hand, is a Platform-as-a-Service (PaaS) offering. With Azure App Service, you can quickly build, deploy, and scale enterprise grade web, mobile and API apps running on any platform.

Azure Functions

Let’s suppose you’re not concerned about the underlying platform or infrastructure, but only about the code running your service. They’re commonly used when you need to perform work in response to an event, often via a rest request, timer or message from another Azure service and when that work can be completed quickly within seconds or less.

Azure Logic Apps

Logic Apps are designed in a web-based designer and can execute logic triggered by Azure services without writing any code. Logic Apps are similar to Functions. Both enable you to trigger logic based on an event. Where Functions execute code, Logic Apps execute workflows that are designed to automate business scenarios and are built from predefined logic blocks.

Windows Virtual Desktop

Windows Virtual Desktop on Azure, is a desktop and application virtualization service, that runs on the Cloud. It enables your users to use a client hosted version of Windows from any location. Users have the freedom to connect to Windows Virtual Desktop with any device over the Internet.


To begin using Azure Storage, you first create an Azure Storage account to store your data objects. Your storage account will contain all of your Azure Storage data objects such as blobs, files and disks. Note that for Azure VMs, you use Azure Disk Storage to store virtual disks. However, you can’t use Azure Disk Storage to store a disk outside of a virtual machine.

Azure Disk Storage

Disk storage provides disks for Azure Virtual Machines. Applications and other services can access and use these disks as needed, similar to how they would in on-premises scenarios. Disk storage allows data to be persistently stored and accessed from an attached virtual hard disk.

Disks come in many different sizes and performance levels, from solid-state drives SSDs, to traditional spinning hard disk drives HDDs, with varying performance tiers.

Standard SSD and HDDfor less critical workloads
Premium SSDmission-critical production applications
Ultra disksfor data-intensive and transaction-heavy workloads.
SAP HANA, top-tier databases, etc.

Azure Blob Storage

Blob storage is an unstructured object storage solution for the Cloud. It can store massive amounts of data, there are no restrictions on the kinds of data it can hold. One advantage of Blob Storage over Disk Storage is that it does not require developers to think about or manage disks. Data is uploaded as blobs and Azure takes care of the physical storage needs.

Blob Storage is ideal for

  1. storing up to 8TB of data for virtual machines
  2. storing data for analysis by an on-premises or Azure hosted service
  3. storing data for backup and restore
  4. disaster recovery, and archiving
  5. streaming video and audio
  6. storing files for distributed access
  7. serving images or documents directly to a browser

Azure Blob Access Tiers

To manage costs for your expanding storage needs, it’s helpful to organize your data based on attributes like frequency of access and planned retention period. Azure storage offers different access tiers for your blob storage, helping you store object data in the most cost effective manner.

Hot tieroptimized for storing data that is accessed frequently
Cool tieroptimized for data that is infrequently accessed and stored for at least 30 days
Archive tierappropriate for data that is rarely accessed and stored for at least 180 days with flexible latency requirements

Some considerations apply to the different access tiers:

  1. Only Hot and Cool tiers can be set at the account level
  2. Hot, Cool and Archive tiers can be set at the blob level
  3. Cool tier can tolerate lower availability
  4. Archive stores data offline and offers the lowest storage costs

Azure Files Storage

Azure Files offers fully-managed file shares in the Cloud that are accessible via the industry standard Server Message Block (SMB) and Network File System (NFS) protocols. Azure File shares can be mounted concurrently by Clouds or on-premises deployments of Windows, Linux, and macOS.

Applications running in Azure Virtual Machines or Cloud services can mount a file share to access file data just as a desktop application would mount, like a typical SMB share. Any number of Azure Virtual Machines or roles can mount and access the file storage share simultaneously.

Azure Files ensures the data is encrypted at rest, and the SMB protocol ensures that the data is encrypted in transit. Shared Access Signature (SAS) tokens allow access to a private asset for a specific amount of time.


Azure virtual networks enable Azure resources such as VMs, web apps, and databases, to communicate with each other, with users on the Internet, and with your on-premises client computers. Managing networks on Azure isn’t entirely different from managing on-premises networks.

Azure virtual networks enable you to link resources together in your on-premises environment and within your azure subscription. You can create a network that spans both your local and cloud environments. There are three mechanisms for you to achieve this:

  1. Point-to-site virtual private networks
  2. Site-to-site virtual private networks
  3. Azure ExpressRoute

Azure virtual networks enable you to filter traffic between subnet by using the following approaches:

Network security groupsContain multiple inbound and outbound security rules. You can define these rules to allow or block traffic based on factors such as source and destination IP address, port and protocol.
Network virtual appliancesA specialized VM that can be compared to a hardware network appliance, which carries out a particular network function, such as running a firewall or performing a wide area network WAN optimization.

You can link virtual networks together by using virtual network peering. Peering enables resources in each virtual network to communicate with each other. These virtual networks could be in separate regions, which allows you to create a global, interconnected network through azure.

Azure VPN Gateways

A virtual private network (VPN) is a type of private, interconnected network. VPNs use an encrypted tunnel within another network. They’re typically deployed to connect two or more trusted private networks to one another over an untrusted network.

When you deploy a VPN gateway, you specify the VPN type, either policy based or route based. In Azure, both types of VPN gateways use a pre-shared key as the only method of authentication. The main difference between these two types of VPNs is how traffic to be encrypted is specified.

Policy basedSpecify statically the IP address of packets that should be encrypted through each tunnel. This type of device evaluates every data packet against those sets of IP addresses to choose the tunnel where that packet is going to be sent through.
1. Support for IKEv1 only
2. Use of static routing
3. Compatible with legacy on-premises VPN devices
Route basedIP SEC tunnels are modeled as a network interface or virtual tunnel interface. IP routing either static routes or dynamic routes protocols, decides which one of
these tunnel interfaces to use when sending each packet.
1. IKEv2 support
2. Wildcard traffic selectors
3. Dynamic routing protocols

You’ll need these Azure resources before you can deploy an operational VPN gateway:

  1. A virtual network with enough address space for the additional subnets. You can deploy only one VPN gateway within a virtual network.
  2. A subnet called Gatway Subnet for the VPN Gateway. Use at least a forward /27 address mask to make sure you have enough IP addresses in the subnet for future growth, you can’t use this subnet for any other services.
  3. A basic SKU dynamic public IP address If you’re using a non-zone aware gateway, this address provides a public routable IP address as the target for your on-premises VPN device.
  4. A virtual network gateway to write traffic between the virtual network on the on-premises data center or other virtual networks.
  5. A local network gateway to define the on-premises networks configuration, such as where the VPN gateway will connect and what it will connect to.
  6. A connection resource to create a logical connection between the VPN gateway on the local network gateway.

By default VPN gateways are deployed as two instances in an active-standby configuration. With the introduction of the support for the Border Gateway Protocol BGP routing protocol, you could also deploy VPN gateways in an active-active configuration.

Azure ExpressRoute

ExpressRoute lets you exchange your on-premises networks into the Microsoft cloud over a private connection with the help of a connectivity provider. ExpressRoute connections don’t go over the public Internet, this allows ExpressRoute connections to offer more reliability, faster speeds, consistent latency on higher security than typical connections over the Internet.

Following are supported ExpressRoute models:

Cloud exchange colocationCo-located providers can normally offer both Layer 2 and Layer 3 connections between your infrastructure, which might be located in the colocation facility, and the Microsoft cloud.
Point-to-point Ethernet connectionPoint-to-point connections provide Layer 2 and Layer 3 connectivity between your on-premises site and Microsoft Azure. You can connect your offices or datacenters to Azure by using the point-to-point links.
Any-to-any connectionWith any-to-any connectivity you can integrate your wide area network (WAN) with Microsoft Azure by providing connections to your offices and datacenters.

My Certificate

For more on Microsoft Azure Core Concepts and Services, please refer to the wonderful course here

Related Quick Recap

I am Kesler Zhu, thank you for visiting my website. Check out more course reviews at

All of your support will be used for maintenance of this site and more great content. I am humbled and grateful for your generosity. Thank you!

Don't forget to sign up newsletter, don't miss any chance to learn.

Or share what you've learned with friends!

Leave a Reply

Your email address will not be published. Required fields are marked *