Microsoft Azure relies on a few key architectural components to provide redundancy and high availability. Core Azure architectural components include Azure regions, Azure Availability Zones, resource groups, and the Azure Resource Manager.
In this article, we’ll discuss the basics about each component and the functionality it provides. For a deeper dive into Azure Resource Manager, Availability Zones, regions, resource groups, and other Azure architectural components, check out our AZ-900 Learning Path: Microsoft Azure Fundamentals.
The Azure region is a set of data centers that are deployed within a latency-defined perimeter, and connected via an underlying dedicated regional low-latency network. There are currently 42 regions available around the world, with another 12 additional Azure regions planned for the future.
Microsoft operates Azure data centers all over the world, in many different locations (otherwise referred to as geographies). A geography in Azure refers to an area of the world where at least one Azure region resides. An Azure region refers to an area within a geography that contains one or more Azure data centers.
To facilitate high availability, each Azure region is paired with another region that’s located within the same geography. This pairing is called a “regional pair.” While almost all regional pairs consist of regions with the same geography, there is one exclusion: Brazil South. Brazil South is the only region that is paired with another region outside of its geography.
Regional pairs allow Azure to serialize platform updates and planned maintenance. This ensures that only one paired region is updated at a given time. In the event of an unplanned outage that affects multiple regions, Microsoft prioritizes at least one region in each pair for troubleshooting and recovery.
Microsoft recommends that organizations configure business continuity disaster recovery, or BCDR, so that it spans across regional pairs. Doing so allows the organization to take advantage of Azure’s isolation and availability policies. Applications that can support multiple active regions should be deployed so that they use both regions in a region pair whenever possible. This ensure optimal application availability and minimizes recovery time in the event of a disaster occurring.
Azure Availability Zones
Availability Zones is an Azure offering that is used to protect applications and data centers from data center failures. Each Availability Zone is a unique physical location within an Azure region, and each zone is supported by one or more data centers, equipped with their own independent power, cooling, and networking infrastructure.
Each Availability Zone within an Azure region is comprised of a combination of fault domains and update domains. In a scenario where three or more virtual machines (VMs) are deployed across three different zones in an Azure Region, those virtual machines would be distributed across three different fault domains and three different update domains. Azure recognizes such a distribution across update domains and ensures that virtual machines in different zones are not updated at the same time.
Resiliency is achieved through the existence of at least three separate Availability Zones in each enabled Azure Region. Because Availability Zones are physically separate within each region, applications and data are inherently protected from data center failures. With zone-redundant services replicating apps across Availability Zones, there is no single point-of-failure to deal with.
Azure offers a 99.99% VM uptime SLA for virtual machines that are deployed in an Availability Zone.
Resource Groups in Azure
Resource groups are logical containers in Azure. They hold related Azure resources that are part of a larger Azure solution. These resource groups can host all resources that comprise an overall Azure solution, or they can also host just the resources that need to be managed as part of a group. The administrator gets to decide, based on needs, how to allocate resources in resource groups within Azure.
When working with Azure resource groups, there are a few things to consider. First and foremost, since all resources within a single resource group usually share a similar lifecycle, it’s important to determine the lifecycle of the resources you plan to place in a single resource group. An example of this would be a scenario where you are deploying a web application that relies on a database server. If the database server is only used to host the database for the web app, then it would make sense to host the database server and web app in the same resource group. However, if the database server hosts databases for other applications, its lifecycle is likely different from the web app. That said, the database server might belong in a different resource group with resources that share its lifecycle.
Because a resource can only exist in one resource group, it’s important to determine the best location for the resource. That said, resources CAN be moved between resource groups if necessary. On a similar note, it’s important to understand that a resource group can contain resources from different regions. That said, resource groups are often used to scope access control to resources and to better-organize billing and resource management.
While resources within a resource group are logically separated from resources in other resource groups, this doesn’t prevent the resources from communicating with one another. In fact, it’s quite common for resources from multiple resource groups to interact with one another. For example, a web application in one resource group might rely on a database hosted by a SQL server in another resource group.
Azure Resource Manager
Within Azure, there are several underlying components that provide the infrastructure for an application or service that’s been deployed in Azure. For example, a solution deployed in Azure might consist of a virtual machine or two that run an application, a storage account that’s used to host storage for the application, an Azure web app that provides the front end for the application, and maybe even a database, which is running on a SQL server.
Because all these parts function together to provide a solution, you’ll usually want to deploy, manage, and monitor all these resources as a group. The Azure Resource Manager is a tool that lets you work with all the underlying resources that are part of a solution as a group. With Resource Manager, you can deploy, update, and even delete all resources that form a solution in a single, coordinated operation. Resource Manager also allows you to use templates to streamline deployments. Such templates can be used to uniformly (and easily) deploy separate environments, such as development, staging, and production.
Resource Manager provides a consistent management layer for all Azure resources, security and auditing features, as well as tagging features that you can use to manage your resources once they’ve been deployed into Azure. Using Resource Manager, you can deploy, manage, and monitor all Azure resources for a solution as one group. You can also use Resource Manager to apply access controls to resources within a resource group because Role-Based Access Control (or RBAC) is natively integrated into the Azure platform.
Watch this short video, taken from Cloud Academy’s Managing Role-Based Access Control on Azure Course, to learn more on RBAC.
Another underutilized benefit of Resource Manager is the ability to tag resources. By tagging resources through Resource Manager, you can logically organize them within an Azure subscription. Tagging also helps clarify an organization’s billing because it allows you to break out costs for groups of resources that share the same tag.
Core Azure architectural components such as regions, resource groups, and Availability Zones serve as the underlying building blocks for any Azure solution that gets deployed. Azure Resource Manager is used to manage these building blocks and the solutions that are built upon them.
While Azure regions dictate where Azure resources are deployed, Availability Zones are used to provide redundancy for those resources that are deployed. Resource groups are used to group and manage related Azure resources that have been deployed to support an overall solution.
By understanding these key architectural components, you will have a better understanding of how Azure solutions are built and supported.
Cloud Academy’s AZ-900 Exam Preparation Learning Path will help you understand the core Azure architecture components.
The four major subject areas include:
- Cloud concepts
- Core Azure services
- Security, privacy, compliance, and trust
- Azure pricing and support
To see how you can build, develop, and update your cloud skills with the Cloud Academy platform, request a demo.
New on Cloud Academy: Red Hat, Agile, OWASP Labs, Amazon SageMaker Lab, Linux Command Line Lab, SQL, Git Labs, Scrum Master, Azure Architects Lab, and Much More
Happy New Year! We hope you're ready to kick your training in overdrive in 2020 because we have a ton of new content for you. Not only do we have a bunch of new courses, hands-on labs, and lab challenges on AWS, Azure, and Google Cloud, but we also have three new courses on Red Hat, th...
Azure Security: Best Practices You Need to Know
When it comes to Azure Security best practices, where do you begin? In a lot of ways, Azure is very similar to any other data center. But with that said, Azure can also be very different. Securing Azure can pose many unique challenges. The security of resources hosted in Azure is of the...
Google Cloud Platform Certification: Preparation and Prerequisites
Google Cloud Platform (GCP) has evolved from being a niche player to a serious competitor to Amazon Web Services and Microsoft Azure. In 2019, research firm Gartner placed Google in the Leaders quadrant in its Magic Quadrant for Cloud Infrastructure as a Service for the second consecuti...
New Lab Challenges: Push Your Skills to the Next Level
Build hands-on experience using real accounts on AWS, Azure, Google Cloud Platform, and more Meaningful cloud skills require more than book knowledge. Hands-on experience is required to translate knowledge into real-world results. We see this time and time again in studies about how pe...
New on Cloud Academy: AWS Solution Architect Lab Challenge, Azure Hands-on Labs, Foundation Certificate in Cyber Security, and Much More
Now that Thanksgiving is over and the craziness of Black Friday has died down, it's now time for the busiest season of the year. Whether you're a last-minute shopper or you already have your shopping done, the holidays bring so much more excitement than any other time of year. Since our...
Understanding Enterprise Cloud Migration
What is enterprise cloud migration? Cloud migration is about moving your data, applications, and even infrastructure from your on-premises computers or infrastructure to a virtual pool of on-demand, shared resources that offer compute, storage, and network services at scale. Why d...
Kubernetes Services: AWS vs. Azure vs. Google Cloud
Kubernetes is a popular open-source container orchestration platform that allows us to deploy and manage multi-container applications at scale. Businesses are rapidly adopting this revolutionary technology to modernize their applications. Cloud service providers — such as Amazon Web Ser...
New on Cloud Academy: AZ-900 Exam Update; MS-100 Exam Prep; PRINCE2 Foundation; Azure, Kubernetes, and Google Hands-on Labs; and Much More
This month, our Content Team really kicked it into overdrive with tons of new content. If you're Team Azure, then you'll be amazed at the number of Azure Courses and Hands-on Labs we published this month alone! At any time, you can find all of our new releases by going to our Training ...
How to Get Hands-on Experience on AWS, Azure, and GCP: Lab Challenges
Meaningful cloud skills require more than book knowledge. Hands-on experience is required to translate knowledge into real-world results. We see this time and time again in studies about how kids and adults best learn — doing the actual learning task is key. Hands-on Labs and Lab Challe...
Which Certifications Should I Get?
As we mentioned in an earlier post, the old AWS slogan, “Cloud is the new normal” is indeed a reality today. Really, cloud has been the new normal for a while now and getting credentials has become an increasingly effective way to quickly showcase your abilities to recruiters and compan...
New on Cloud Academy: ITIL® 4, Microsoft 365 Tenant, Jenkins, TOGAF® 9.1, and more
At Cloud Academy, we're always striving to make improvements to our training platform. Based on your feedback, we released some new features to help make it easier for you to continue studying. These new features allow you to: Remove content from “Continue Studying” section Disc...
Cloud Migration Risks & Benefits
If you’re like most businesses, you already have at least one workload running in the cloud. However, that doesn’t mean that cloud migration is right for everyone. While cloud environments are generally scalable, reliable, and highly available, those won’t be the only considerations dri...