❑Core Azure architectural components

❑Azure compute and networking services

❑Azure storage services
❑Azure identity, access, and security
Region :-

❑ A region is a geographical area on the planet that contains at least one, but potentially
multiple datacenters that are nearby and networked together with a low-latency network.
❑ Azure intelligently assigns and controls the resources within each region to ensure workloads
are appropriately balanced.
❑ When you deploy a resource in Azure, you'll often need to choose the region where you
want your resource deployed.
❑ https://azure.microsoft.com/en-in/explore/global-infrastructure/geographies/#overview

Note :-
➢ Some services or virtual machine (VM) features are only available in certain regions, such as
specific VM sizes or storage types.
➢ There are also some global Azure services that don't require you to select a particular region,
such as Azure Active Directory, Azure Traffic Manager, and Azure DNS.
 Region pairs

❑ Most Azure regions are paired with another region within the same geography (such as US,
Europe, or Asia) at least 300 miles away.
❑ This approach allows for the replication of resources across a geography that helps reduce
the likelihood of interruptions because of events such as natural disasters, civil unrest, power
outages, or physical network outages that affect an entire region.
❑ For example, if a region in a pair was affected by a natural disaster, services would
automatically fail over to the other region in its region pair.

Note :-

❑ Not all Azure services automatically replicate data or automatically fall back from a failed
region to cross-replicate to another enabled region.
❑ In these scenarios, recovery and replication must be configured by the customer.
 Sovereign Regions

❑ In addition to regular regions, Azure also has sovereign regions.

❑ Sovereign regions are instances of Azure that are isolated from the main instance of Azure.
❑ You may need to use a sovereign region for compliance or legal purposes.

Azure sovereign regions include:

❑ US DoD Central, US Gov Virginia, US Gov Iowa and more: These regions are physical and
logical network-isolated instances of Azure for U.S. government agencies and partners.
❑ These datacenters are operated by screened U.S. personnel and include additional
compliance certifications.
❑ China East, China North, and more: These regions are available through a unique
partnership between Microsoft and 21Vianet, whereby Microsoft doesn't directly maintain
the datacenters.
 Availability Zones

❑ Availability zones are physically separate datacenters within an Azure region.

❑ Each availability zone is made up of one or more datacenters equipped with independent
power, cooling, and networking.
❑ An availability zone is set up to be an isolation boundary.
❑ If one zone goes down, the other continues working. Availability zones are connected
through high-speed, private fiber-optic networks.

Note :-
➢ You can use availability zones to run mission-critical applications and build high-availability
into your application architecture by co-locating your compute, storage, networking, and
data resources within an availability zone and replicating in other availability zones.
➢ Keep in mind that there could be a cost to duplicating your services and transferring data
between availability zones.
 Azure Resources

❑ A resource is the basic building block of Azure. Anything you create, provision, deploy, etc. is
a resource.
❑ Virtual Machines (VMs), virtual networks, databases, cognitive services, etc. are all
considered resources within Azure.

Resource Groups

❑ Resource groups are simply groupings of resources.

❑ When you create a resource, you’re required to place it into a resource group.
❑ While a resource group can contain many resources, a single resource can only be in one
resource group at a time.
❑ Some resources may be moved between resource groups, but when you move a resource to
a new group, it will no longer be associated with the former group. Additionally, resource
groups can't be nested, meaning you can’t put resource group B inside of resource group A.
Putting it all together
 Azure subscriptions
❑ Subscriptions are a unit of management, billing, and scale.
❑ Similar to how resource groups are a way to logically organize resources, subscriptions allow
you to logically organize your resource groups and facilitate billing.
❑ A subscription provides you with authenticated and authorized access to Azure products and
services.
❑ It also allows you to provision resources.
❑ An Azure subscription links to an Azure account, which is an identity in Azure Active Directory
(Azure AD) or in a directory that Azure AD trusts.
❑ An account can have multiple subscriptions, but it’s only required to have one.
❑ In a multi-subscription account, you can use the subscriptions to configure different billing
models and apply different access-management policies.

There are two types of subscription boundaries that you can use:

1) Billing boundary: This subscription type determines how an Azure account is billed for using
Azure.
2) Access control boundary: Azure applies access-management policies at the subscription
level, and you can create separate subscriptions to reflect different organizational structures
 Azure management groups

❑ Resources are gathered into resource groups, and resource groups are gathered into
subscriptions. After that Subscription are gathered in to management groups.
❑ If you have many subscriptions, you might need a way to efficiently manage access, policies,
and compliance for those subscriptions.
❑ You organize subscriptions into containers called management groups and apply governance
conditions to the management groups.
❑ 10,000 management groups can be supported in a single directory.
❑ You can build a flexible structure of management groups and subscriptions to organize your
resources into a hierarchy for unified policy and access management.
❑ The following diagram shows an example of creating a hierarchy for governance by using
management groups.