Microsoft Azure relies on a few key architectural components to provide redundancy and high availability. Core Azure architectural components include Azure regions, Azure Availability Zones, resource groups, and the Azure Resource Manager.
In this article, we’ll discuss the basics about each component and the functionality it provides. For a deeper dive into Azure Resource Manager, Availability Zones, regions, resource groups, and other Azure architectural components, check out our AZ-900 Learning Path: Microsoft Azure Fundamentals.
The Azure region is a set of data centers that are deployed within a latency-defined perimeter, and connected via an underlying dedicated regional low-latency network. There are currently 42 regions available around the world, with another 12 additional Azure regions planned for the future.
Microsoft operates Azure data centers all over the world, in many different locations (otherwise referred to as geographies). A geography in Azure refers to an area of the world where at least one Azure region resides. An Azure region refers to an area within a geography that contains one or more Azure data centers.
To facilitate high availability, each Azure region is paired with another region that’s located within the same geography. This pairing is called a “regional pair.” While almost all regional pairs consist of regions with the same geography, there is one exclusion: Brazil South. Brazil South is the only region that is paired with another region outside of its geography.
Regional pairs allow Azure to serialize platform updates and planned maintenance. This ensures that only one paired region is updated at a given time. In the event of an unplanned outage that affects multiple regions, Microsoft prioritizes at least one region in each pair for troubleshooting and recovery.
Microsoft recommends that organizations configure business continuity disaster recovery, or BCDR, so that it spans across regional pairs. Doing so allows the organization to take advantage of Azure’s isolation and availability policies. Applications that can support multiple active regions should be deployed so that they use both regions in a region pair whenever possible. This ensure optimal application availability and minimizes recovery time in the event of a disaster occurring.
Azure Availability Zones
Availability Zones is an Azure offering that is used to protect applications and data centers from data center failures. Each Availability Zone is a unique physical location within an Azure region, and each zone is supported by one or more data centers, equipped with their own independent power, cooling, and networking infrastructure.
Each Availability Zone within an Azure region is comprised of a combination of fault domains and update domains. In a scenario where three or more virtual machines (VMs) are deployed across three different zones in an Azure Region, those virtual machines would be distributed across three different fault domains and three different update domains. Azure recognizes such a distribution across update domains and ensures that virtual machines in different zones are not updated at the same time.
Resiliency is achieved through the existence of at least three separate Availability Zones in each enabled Azure Region. Because Availability Zones are physically separate within each region, applications and data are inherently protected from data center failures. With zone-redundant services replicating apps across Availability Zones, there is no single point-of-failure to deal with.
Azure offers a 99.99% VM uptime SLA for virtual machines that are deployed in an Availability Zone.
Resource Groups in Azure
Resource groups are logical containers in Azure. They hold related Azure resources that are part of a larger Azure solution. These resource groups can host all resources that comprise an overall Azure solution, or they can also host just the resources that need to be managed as part of a group. The administrator gets to decide, based on needs, how to allocate resources in resource groups within Azure.
When working with Azure resource groups, there are a few things to consider. First and foremost, since all resources within a single resource group usually share a similar lifecycle, it’s important to determine the lifecycle of the resources you plan to place in a single resource group. An example of this would be a scenario where you are deploying a web application that relies on a database server. If the database server is only used to host the database for the web app, then it would make sense to host the database server and web app in the same resource group. However, if the database server hosts databases for other applications, its lifecycle is likely different from the web app. That said, the database server might belong in a different resource group with resources that share its lifecycle.
Because a resource can only exist in one resource group, it’s important to determine the best location for the resource. That said, resources CAN be moved between resource groups if necessary. On a similar note, it’s important to understand that a resource group can contain resources from different regions. That said, resource groups are often used to scope access control to resources and to better-organize billing and resource management.
While resources within a resource group are logically separated from resources in other resource groups, this doesn’t prevent the resources from communicating with one another. In fact, it’s quite common for resources from multiple resource groups to interact with one another. For example, a web application in one resource group might rely on a database hosted by a SQL server in another resource group.
Azure Resource Manager
Within Azure, there are several underlying components that provide the infrastructure for an application or service that’s been deployed in Azure. For example, a solution deployed in Azure might consist of a virtual machine or two that run an application, a storage account that’s used to host storage for the application, an Azure web app that provides the front end for the application, and maybe even a database, which is running on a SQL server.
Because all these parts function together to provide a solution, you’ll usually want to deploy, manage, and monitor all these resources as a group. The Azure Resource Manager is a tool that lets you work with all the underlying resources that are part of a solution as a group. With Resource Manager, you can deploy, update, and even delete all resources that form a solution in a single, coordinated operation. Resource Manager also allows you to use templates to streamline deployments. Such templates can be used to uniformly (and easily) deploy separate environments, such as development, staging, and production.
Resource Manager provides a consistent management layer for all Azure resources, security and auditing features, as well as tagging features that you can use to manage your resources once they’ve been deployed into Azure. Using Resource Manager, you can deploy, manage, and monitor all Azure resources for a solution as one group. You can also use Resource Manager to apply access controls to resources within a resource group because Role-Based Access Control (or RBAC) is natively integrated into the Azure platform.
Watch this short video, taken from Cloud Academy’s Managing Role-Based Access Control on Azure Course, to learn more on RBAC.
Another underutilized benefit of Resource Manager is the ability to tag resources. By tagging resources through Resource Manager, you can logically organize them within an Azure subscription. Tagging also helps clarify an organization’s billing because it allows you to break out costs for groups of resources that share the same tag.
Core Azure architectural components such as regions, resource groups, and Availability Zones serve as the underlying building blocks for any Azure solution that gets deployed. Azure Resource Manager is used to manage these building blocks and the solutions that are built upon them.
While Azure regions dictate where Azure resources are deployed, Availability Zones are used to provide redundancy for those resources that are deployed. Resource groups are used to group and manage related Azure resources that have been deployed to support an overall solution.
By understanding these key architectural components, you will have a better understanding of how Azure solutions are built and supported.
Cloud Academy’s AZ-900 Exam Preparation Learning Path will help you understand the core Azure architecture components.
The four major subject areas include:
- Cloud concepts
- Core Azure services
- Security, privacy, compliance, and trust
- Azure pricing and support
To see how you can build, develop, and update your cloud skills with the Cloud Academy platform, request a demo.
New Content: Platforms, Programming, and DevOps – Something for Everyone
This month our team of expert certification specialists released three new or updated learning paths, 16 courses, 13 hands-on labs, and four lab challenges! New content on Cloud Academy You can always visit our Content Roadmap to see what’s just released as well as what’s coming soon....
New Content: Focus on DevOps and Programming Content this Month
This month our team of expert certification specialists released 12 new or updated learning paths, 15 courses, 25 hands-on labs, and four lab challenges! New content on Cloud Academy You can always visit our Content Roadmap to see what’s just released as well as what’s coming soon. Ja...
New Content: Get Ready for the CISM Cert Exam & Learn About Alibaba, Plus All the AWS, GCP, and Azure Courses You Know You Can Count On
This month our team of intrepid certification specialists released five learning paths, seven courses, 19 hands-on labs, and three lab challenges! One particularly interesting new learning path is Certified Information Security Manager (CISM) Foundations. After completing this learn...
Which Certifications Should I Get?
The old AWS slogan, “Cloud is the new normal” is indeed a reality today. Really, cloud has been the new normal for a while now and getting credentials has become an increasingly effective way to quickly showcase your abilities to recruiters and companies. With all that in mind, the s...
New Content: AWS Terraform, Java Programming Lab Challenges, Azure DP-900 & DP-300 Certification Exam Prep, Plus Plenty More Amazon, Google, Microsoft, and Big Data Courses
This month our Content Team continues building the catalog of courses for everyone learning about AWS, GCP, and Microsoft Azure. In addition, this month’s updates include several Java programming lab challenges and a couple of courses on big data. In total, we released five new learning...
WARNING: Great Cloud Content Ahead
At Cloud Academy, content is at the heart of what we do. We work with the world’s leading cloud and operations teams to develop video courses and learning paths that accelerate teams and drive digital transformation. First and foremost, we listen to our customers’ needs and we stay ahea...
New Content: AWS Data Analytics – Specialty Certification, Azure AI-900 Certification, Plus New Learning Paths, Courses, Labs, and More
This month our Content Team released two big certification Learning Paths: the AWS Certified Data Analytics - Speciality, and the Azure AI Fundamentals AI-900. In total, we released four new Learning Paths, 16 courses, 24 assessments, and 11 labs. New content on Cloud Academy At any ...
New Content: Azure DP-100 Certification, Alibaba Cloud Certified Associate Prep, 13 Security Labs, and Much More
This past month our Content Team served up a heaping spoonful of new and updated content. Not only did our experts release the brand new Azure DP-100 Certification Learning Path, but they also created 18 new hands-on labs — and so much more! New content on Cloud Academy At any time, y...
Constant Content: Cloud Academy’s Q3 2020 Roadmap
Hello — Andy Larkin here, VP of Content at Cloud Academy. I am pleased to release our roadmap for the next three months of 2020 — August through October. Let me walk you through the content we have planned for you and how this content can help you gain skills, get certified, and...
New Content: Alibaba, Azure AZ-303 and AZ-304, Site Reliability Engineering (SRE) Foundation, Python 3 Programming, 16 Hands-on Labs, and Much More
This month our Content Team did an amazing job at publishing and updating a ton of new content. Not only did our experts release the brand new AZ-303 and AZ-304 Certification Learning Paths, but they also created 16 new hands-on labs — and so much more! New content on Cloud Academy At...
Blog Digest: Which Certifications Should I Get?, The 12 Microsoft Azure Certifications, 6 Ways to Prevent a Data Breach, and More
This month, we were excited to announce that Cloud Academy was recognized in the G2 Summer 2020 reports! These reports highlight the top-rated solutions in the industry, as chosen by the source that matters most: customers. We're grateful to have been nominated as a High Performer in se...
New Content: AWS, Azure, Typescript, Java, Docker, 13 New Labs, and Much More
This month, our Content Team released a whopping 13 new labs in real cloud environments! If you haven't tried out our labs, you might not understand why we think that number is so impressive. Our labs are not “simulated” experiences — they are real cloud environments using accounts on A...