Microsoft Azure Services

As you learned before, Azure started as a platform for developers. Most functionality is still targeted at developers and to make applications running in the cloud accessible for consumers. In this section, we will shortly discuss those services to give you a better understanding of what Azure has to offer.

Basically, there are three main services offered by Azure:

Azure can be seen as a box full of Lego bricks. An Azure customer can choose which bricks to use for the application they require. Azure offers several of those bricks that are called services by Microsoft. Each service has its own pricing and Service Level Agreement and can be purchased separately. These can be categorized into four classes:

As this book is solely focused on the Infrastructure as a Service (IaaS) features of Azure, we will not go into the details of each service in this book.

Using these Azure services, the following use cases can be built:

To get to know the Azure use cases in detail, we will discuss each of them in depth.

Web Sites was one of the first features available when Azure became available to public in 2010. Web Sites allows customers to deploy websites on Azure. Provisioning is made very easy using preconfigured virtual machine images. Many tools to create web-based applications are supported. To cover peaks in demand, bursting can be configured.

Mobile Apps services allow developers to support apps running on mobile devices. The backend for these apps are different from websites. Mobile Apps allows support for Software Development Kits of mobile platforms such as Windows Mobile, iOS, and Android. It allows us to send push notifications to mobile devices and is able to authenticate platforms such as Facebook, Twitter, and Microsoft.

Big data is a service that offers Hadoop software to perform data analytics. Hadoop is one of the best known software for analyzing all sorts of data. The service is called HDInsight by Microsoft.

On-demand and live streaming of media content such as video is offered by Media Services. Customers can upload, convert, and encode all kinds of media.

Storage, backup, and recovery allows us to store data into Microsoft Azure. This can be live data, backup data, or archival data. Recovery allows us to perform an orchestrated recovery of datacenters running System Center by Microsoft Azure. You will learn more about this in one of the next chapters.

Identity and access management services enable users to authenticate to Microsoft Azure Directory Services. Two-factor authentication is supported. On-premises Active Directory can be extended to Azure. Single sign-on is supported when Federation Services is used. You will learn more about authentication in the next chapters. Access management allows users to have single sign-on access to SaaS applications once they are authenticated to Windows Azure Active Directory.

Dev/test is all about the ability to quickly deploy virtual machines with preconfigured software. Microsoft made many software tools available that are preinstalled in a virtual machine image. Getting access to these applications is as simple as selecting the image, selecting the size of the virtual machine, selecting the location, and done!

Some examples of the software available in virtual machine images are Oracle WebLogic and Ruby on Rails.

When these images are not sufficient, there is also a library full of images. These are not stored in the Microsoft Azure datacenters but need to be downloaded. When even this does not meet the requirements of the needy customer, you can always upload your sysprepped company image or a prepared .vhd virtual disk to implement in the Microsoft Azure Cloud.

Stateless versus stateful virtual machines

As described earlier, Azure offers two models of cloud computing: PaaS and IaaS.

Services offered in PaaS run in a virtual machine, but the consumer is not aware of this. They don't have to create a virtual machine, networking, or storage and are also not able to manage the operating system. Patching and updates on the operating system are done by Microsoft. Microsoft does this by deploying a new operating system with the latest patches.

Virtual machines in PaaS are stateless, which means if the host crashes, a new virtual machine will be created. All data on the crashed virtual machine, however, is lost. Data in this model needs to be stored in Microsoft Azure Storage, which is persistent storage.

This model does not work in IaaS. So, here the virtual machine is stateful.

Microsoft Azure Infrastructure Services

Microsoft Azure is a service name. It provides virtual machines and virtual networking. But it goes a bit further in available services than the average IaaS offering. Azure Infrastructure Services also offer a SQL server running inside virtual machines which allows you to use Microsoft Azure as a DR site. It is also possible to connect an on-premises Active Directory with Microsoft Windows Azure Active Directory (WAAD) to provide single sign-on for applications running on Azure.

Microsoft Azure Virtual Machines

The Azure Virtual Machines service allows us to create, delete, and modify virtual machines running a selected number of operating systems. Currently (January 2015) supported operating systems are Windows Server 2008, Windows Server 2012, Windows Server 2012 R2, and 6 different Linux distributions.

Virtual machines come in fixed sizes. Generally, these are called "t-shirt-sized virtual machines." Currently (January 2015), there are 23 choices of configurations, and each configuration is a fixed number of virtual cores and virtual memory. Virtual machine configurations are grouped in A, D and G series.

It is not possible to configure specific preferences for the number of virtual processors, amount of internal memory, or the disk size of the operating system disk. Customers are able to add additional virtual disks, but the maximum number of disks that can be added to the virtual machine depends on the size of the virtual machine.

Microsoft Azure Storage

Microsoft offers cloud-based storage. Storage capacity can be used by customers without the need to consume processing, as in the case of virtual machines. Azure storage can be used for backup purposes for storage of virtual machine data, SQL Server, SharePoint data, and so on.

Data can be accessed by customers using a REST API. That is a standard protocol of accessing various sources. Using the REST API, it is very simple for applications to connect to Microsoft Azure. Data located on Azure storage is stored three times in a single datacenter; this way, the data is protected from the failure of a single disk. Thanks to geo-replication the data is replicated to yet another location. If enabled (which is the case by default), geo-replication will replicate the data to another datacenter in the same region.

In the next chapter on Microsoft Azure architecture, you will learn about storage in detail. You will learn about storage accounts, IOPS, best practices, and so on.

Azure Virtual Network

Azure Virtual Networks allow customers to extend their on-premises infrastructure to Microsoft Azure. Azure Virtual Networks offer functionality like site-to-site (S2S) VPN, point-to-site VPN, and internal cloud networking.

Azure customers can set up a secure connection over the Internet using a S2S VPN between Microsoft Azure and an on-premises location. At the moment, only one S2S connection can be set up per subscription.

A secure connection between desktops/laptops and Microsoft Azure can be set ( ) up as well without installing a VPN client to the corporate network. This point-to-site connection will be described later.

Virtual machines running in Microsoft Azure will require a network connection to communicate with each other, and they will need IP configuration as well.

Microsoft Azure has dynamic IP addresses for virtual machines. The addresses are fixed to the virtual machine as long as the cloud service to which the virtual machine belongs to is active.

In September 2013, Microsoft announced that Microsoft Azure will be connected to the AT&T network. As many datacenters of US organizations are already connected to the AT&T MPLS VPN network, this means a very easy connection to Azure. Besides easy on-boarding to Azure, it will also provide additional security benefits, reduced latencies, and faster data transfers.

Microsoft Azure Directory Services

Almost all enterprise applications require some sort of authentication. This enables control over who has access and permission to the application.

Microsoft Active Directory is used by many organizations worldwide for identity management and access control. A multitenant version of Active Directory called Windows Azure Active Directory (WAAD) is available in Microsoft Azure. It is a very important component of many online Microsoft services. Examples of these services are Office 365, Dynamics CRM Online, Windows Intune, and other (third-party) cloud services.

On-premises Active Directory hosted on Windows Server can be synchronized with WAAD. The process of setting up WAAD and directory synchronization with on-premises Active Directory will be described later in this book.

To enable single sign-on for on-premises users to services running in Microsoft Azure Active Directory Federation Services (ADFS) needs to be installed on-premises. ADFS is a kind of proxy between the AD and the Microsoft Azure AD. It does not relay the username/password, but it uses a ticket to authenticate to Azure services.

For an even higher level of security, Microsoft has developed multifactor authentication. Users don't just use their credentials to log on to a server or service, but they must additionally authenticate with another device (another factor), with an app or by responding to an automated text message, before access is granted.