Understanding the Core Azure Architectural Components

Microsoft Azure relies on a few key architectural components to provide redundancy and high availability. Core Azure architectural components include Azure regions, Azure Availability Zones, resource groups, and the Azure Resource Manager.

In this article, we’ll discuss the basics about each component and the functionality it provides. For a deeper dive into Azure Resource Manager, Availability Zones, regions, resource groups, and other Azure architectural components, check out our AZ-900 Learning Path: Microsoft Azure Fundamentals.

Azure Regions

The Azure region is a set of data centers that are deployed within a latency-defined perimeter, and connected via an underlying dedicated regional low-latency network. There are currently 42 regions available around the world, with another 12 additional Azure regions planned for the future.

Paired regions

Microsoft operates Azure data centers all over the world, in many different locations (otherwise referred to as geographies). A geography in Azure refers to an area of the world where at least one Azure region resides. An Azure region refers to an area within a geography that contains one or more Azure data centers.

To facilitate high availability, each Azure region is paired with another region that’s located within the same geography. This pairing is called a “regional pair.” While almost all regional pairs consist of regions with the same geography, there is one exclusion: Brazil South. Brazil South is the only region that is paired with another region outside of its geography.

Regional pairs allow Azure to serialize platform updates and planned maintenance. This ensures that only one paired region is updated at a given time. In the event of an unplanned outage that affects multiple regions, Microsoft prioritizes at least one region in each pair for troubleshooting and recovery.

Microsoft recommends that organizations configure business continuity disaster recovery, or BCDR, so that it spans across regional pairs. Doing so allows the organization to take advantage of Azure’s isolation and availability policies. Applications that can support multiple active regions should be deployed so that they use both regions in a region pair whenever possible. This ensure optimal application availability and minimizes recovery time in the event of a disaster occurring.

Azure Availability Zones

Availability Zones is an Azure offering that is used to protect applications and data centers from data center failures. Each Availability Zone is a unique physical location within an Azure region, and each zone is supported by one or more data centers, equipped with their own independent power, cooling, and networking infrastructure.

Each Availability Zone within an Azure region is comprised of a combination of fault domains and update domains. In a scenario where three or more virtual machines (VMs) are deployed across three different zones in an Azure Region, those virtual machines would be distributed across three different fault domains and three different update domains. Azure recognizes such a distribution across update domains and ensures that virtual machines in different zones are not updated at the same time.

Resiliency is achieved through the existence of at least three separate Availability Zones in each enabled Azure Region. Because Availability Zones are physically separate within each region, applications and data are inherently protected from data center failures. With zone-redundant services replicating apps across Availability Zones, there is no single point-of-failure to deal with.

Azure offers a 99.99% VM uptime SLA for virtual machines that are deployed in an Availability Zone.

Resource Groups in Azure

Resource groups are logical containers in Azure. They hold related Azure resources that are part of a larger Azure solution. These resource groups can host all resources that comprise an overall Azure solution, or they can also host just the resources that need to be managed as part of a group. The administrator gets to decide, based on needs, how to allocate resources in resource groups within Azure.

When working with Azure resource groups, there are a few things to consider. First and foremost, since all resources within a single resource group usually share a similar lifecycle, it’s important to determine the lifecycle of the resources you plan to place in a single resource group. An example of this would be a scenario where you are deploying a web application that relies on a database server. If the database server is only used to host the database for the web app, then it would make sense to host the database server and web app in the same resource group. However, if the database server hosts databases for other applications, its lifecycle is likely different from the web app. That said, the database server might belong in a different resource group with resources that share its lifecycle.

Because a resource can only exist in one resource group, it’s important to determine the best location for the resource. That said, resources CAN be moved between resource groups if necessary. On a similar note, it’s important to understand that a resource group can contain resources from different regions. That said, resource groups are often used to scope access control to resources and to better-organize billing and resource management.

While resources within a resource group are logically separated from resources in other resource groups, this doesn’t prevent the resources from communicating with one another. In fact, it’s quite common for resources from multiple resource groups to interact with one another. For example, a web application in one resource group might rely on a database hosted by a SQL server in another resource group.

Azure Resource Manager

Within Azure, there are several underlying components that provide the infrastructure for an application or service that’s been deployed in Azure. For example, a solution deployed in Azure might consist of a virtual machine or two that run an application, a storage account that’s used to host storage for the application, an Azure web app that provides the front end for the application, and maybe even a database, which is running on a SQL server.

Because all these parts function together to provide a solution, you’ll usually want to deploy, manage, and monitor all these resources as a group.  The Azure Resource Manager is a tool that lets you work with all the underlying resources that are part of a solution as a group. With Resource Manager, you can deploy, update, and even delete all resources that form a solution in a single, coordinated operation. Resource Manager also allows you to use templates to streamline deployments. Such templates can be used to uniformly (and easily) deploy separate environments, such as development, staging, and production.

Resource Manager provides a consistent management layer for all Azure resources, security and auditing features, as well as tagging features that you can use to manage your resources once they’ve been deployed into Azure. Using Resource Manager, you can deploy, manage, and monitor all Azure resources for a solution as one group. You can also use Resource Manager to apply access controls to resources within a resource group because Role-Based Access Control (or RBAC) is natively integrated into the Azure platform.

Watch this short video, taken from Cloud Academy’s Managing Role-Based Access Control on Azure Course, to learn more on RBAC.

Another underutilized benefit of Resource Manager is the ability to tag resources. By tagging resources through Resource Manager, you can logically organize them within an Azure subscription. Tagging also helps clarify an organization’s billing because it allows you to break out costs for groups of resources that share the same tag.

Wrap Up

Core Azure architectural components such as regions, resource groups, and Availability Zones serve as the underlying building blocks for any Azure solution that gets deployed. Azure Resource Manager is used to manage these building blocks and the solutions that are built upon them.

While Azure regions dictate where Azure resources are deployed, Availability Zones are used to provide redundancy for those resources that are deployed. Resource groups are used to group and manage related Azure resources that have been deployed to support an overall solution.

By understanding these key architectural components, you will have a better understanding of how Azure solutions are built and supported.

Learn More

Cloud Academy’s AZ-900 Exam Preparation Learning Path will help you understand the core Azure architecture components.

The four major subject areas include:

  • Cloud concepts
  • Core Azure services
  • Security, privacy, compliance, and trust
  • Azure pricing and support

To see how you can build, develop, and update your cloud skills with the Cloud Academy platform, request a demo.

Avatar

Written by

Thomas Mitchell

Tom is not only a Cloud Platform & Infrastructure MCSE but also an IT industry veteran with 20+ years of experience in multiple technologies. An Active Directory specialist, Tom has never met an AD problem that he couldn't solve. He also speaks Microsoft Exchange fluently.


Related Posts

Alisha Reyes
Alisha Reyes
— March 17, 2020

Cloud Academy’s Blog Digest: How Do AWS Certifications Increase Your Employability, How to Become a Microsoft Certified Azure Data Engineer, and more

With everything going on right now, it's likely that the only thing you've been reading lately is related to the coronavirus pandemic. It's important to stay informed during these times, but it's also good to jump into something that can take your mind off of the current situation for j...

Read more
  • AWS
  • Azure
  • blog digest
  • Certifications
  • Cloud Academy
  • programming
  • Security
Avatar
Cloud Academy Team
— March 13, 2020

Which Certifications Should I Get?

As we mentioned in an earlier post, the old AWS slogan, “Cloud is the new normal” is indeed a reality today. Really, cloud has been the new normal for a while now and getting credentials has become an increasingly effective way to quickly showcase your abilities to recruiters and compan...

Read more
  • AWS
  • Azure
  • Certifications
  • Cloud Computing
  • Google Cloud Platform
Avatar
Guy Hummel
— March 10, 2020

How to Become a Microsoft Certified Azure Data Engineer

Data engineering is one of the most sought-after skills in the job market. According to a 2019 Dice.com report, there was an 88% year-over-year growth in job postings for data engineers, which was the highest growth rate among all technology jobs. If you want to become a data enginee...

Read more
  • Azure
  • Data Engineer
  • DP-200
  • DP-201
  • Microsoft
Alisha Reyes
Alisha Reyes
— March 7, 2020

New on Cloud Academy: Intro to GitOps; AWS Courses; Java, Python, Amazon Linux 2, Ubuntu, & Docker Playgrounds; and much more

New Lab Playgrounds This month, our Content Team released six new "playground labs." Our playground labs provide a safe and secure sandbox environment for you to explore your own ideas, follow along with Cloud Academy courses, or answer your own questions — all without having to instal...

Read more
  • AWS
  • Azure
  • gitops
  • Google Cloud Platform
  • lab playground
  • programming
Alisha Reyes
Alisha Reyes
— March 6, 2020

New on Cloud Academy: Intro to GitOps; AWS Courses; Java, Python, Amazon Linux 2, Ubuntu, & Docker Playgrounds; and much more

New Lab Playgrounds This month, our Content Team released six new "playground labs." Our playground labs provide a safe and secure sandbox environment for you to explore your own ideas, follow along with Cloud Academy courses, or answer your own questions — all without having to instal...

Read more
  • AWS
  • Azure
  • gitops
  • Google Cloud Platform
  • lab playground
  • programming
Avatar
Thomas Mitchell
— February 27, 2020

5 Steps to Vulnerability Management for Containers

Organizations have begun embracing containers due to their simplicity and to the fact that they allow for a faster development and deployment velocity. Although developers are thrilled with containers because they allow them to deliver solutions more quickly, security teams are sometime...

Read more
  • AZ-500
  • AZ-500 Exam
  • Azure
  • vulnerability management
Avatar
Chandan Patra
— February 21, 2020

Elasticsearch vs. CloudSearch: AWS Cloud Search Choices

Elasticsearch vs. CloudSearch: What's the main difference? Let's compare AWS-based cloud tools: Elasticsearch vs. CloudSearch. While both services use proven technologies, Elasticsearch is more popular, open source, and has a flexible API to use for customization; in comparison, CloudS...

Read more
  • AWS
  • Azure
  • cloudsearch
  • elasticsearch
Avatar
Andrew Larkin
— February 13, 2020

Cloud Academy Content Roadmap Updates

Welcome to our Q1 2020 roadmap. This is the content we plan to build over the next three months, between February 1 - and April 30, 2020. Let's look at some of our roadmap highlights. Atlassian Bamboo for CI/CD We had a lot of requests for practical guides on how to apply DevOps tool...

Read more
  • Artificial Intelligence
  • AWS
  • Azure
  • Docker
  • Google Cloud Platform
  • Kubernetes
  • Machine Learning
Alisha Reyes
Alisha Reyes
— February 7, 2020

New on Cloud Academy: Git Labs, CKA and CKAD Lab Challenges, AWS and Azure Learning Paths, AGILE, and Much More

We just kicked off our first Free Weekend of 2020. This means we've unlocked our Training Library for just 72 hours. Until Sunday at 11:59 pm (PST), you can get unlimited access to our industry-leading learning paths, courses, certification prep exams, and our most popular hands-on labs...

Read more
  • agile
  • AWS
  • Azure
  • Google Cloud Platform
  • Linux
  • OWASP
  • programming
  • red hat
  • scrum
Alisha Reyes
Alisha Reyes
— January 31, 2020

How to Unlock Complimentary Access to Cloud Academy

Are you looking to get trained or certified on AWS, Azure, Google Cloud Platform, DevOps, Cybersecurity, Information Security, Python, Java, or another technical skill? Then you'll want to mark your calendars. Starting Friday, February 7 at 12:00 a.m. PST (3:00 a.m. EST), Cloud Acade...

Read more
  • AWS
  • Azure
  • cloud academy content
  • complimentary access
  • GCP
  • on the house
Alisha Reyes
Alisha Reyes
— January 6, 2020

New on Cloud Academy: Red Hat, Agile, OWASP Labs, Amazon SageMaker Lab, Linux Command Line Lab, SQL, Git Labs, Scrum Master, Azure Architects Lab, and Much More

Happy New Year! We hope you're ready to kick your training in overdrive in 2020 because we have a ton of new content for you. Not only do we have a bunch of new courses, hands-on labs, and lab challenges on AWS, Azure, and Google Cloud, but we also have three new courses on Red Hat, th...

Read more
  • agile
  • AWS
  • Azure
  • Google Cloud Platform
  • Linux
  • OWASP
  • programming
  • red hat
  • scrum
Orion Withrow
Orion Withrow
— December 17, 2019

Azure Security: Best Practices You Need to Know

When it comes to Azure Security best practices, where do you begin? In a lot of ways, Azure is very similar to any other data center. But with that said, Azure can also be very different. Securing Azure can pose many unique challenges. The security of resources hosted in Azure is of the...

Read more
  • Azure
  • azure best practices
  • azure security center
  • Security