Azure fundamentals

1. What is cloud computing?

Cloud computing is renting resources, like storage space or CPU cycles, on another company’s computers. You
only pay for what you use. The computing services offered tend to vary by cloud provider.

A virtual machine (VM) is an emulation of a computer - just like your desktop or laptop you’re using now.
Each VM includes an operating system and hardware that appears to the user like a physical computer
running Windows or Linux. You can then install whatever software you need to do the tasks you want
to run in the cloud.
The difference is that you don’t have to buy any of the hardware or install the OS. The cloud provider runs
your virtual machine on a physical server in one of their datacenters - often sharing that server with
other VMs (isolated and secure). With the cloud, you can have a VM ready to go in minutes at less cost
than a physical computer.
VMs aren’t the only computing choice - there are two other popular options: containers and serverless
computing:
• Containers are similar to VMs except they don’t require a guest operating system. Instead, the
application and all its dependencies is packaged into a “container” and then a standard runtime
environment is used to execute the app.
• Serverless computing lets you run application code without creating, configuring, or maintaining a
server. The core idea is that your application is broken into separate functions that run when
triggered by some action. This is ideal for automated tasks - for example, you can build a
serverless process that automatically sends an email confirmation after a customer makes an
online purchase.
The serverless model differs from VMs and containers in that you only pay for the processing time
used by each function as it executes. VMs and containers are charged while they’re running - even if
the applicationson them are idle.
Here’s a diagram comparing the three compute approaches we’ve covered.

VM vs container vs serverless computing

1.2 BENEFITS OF CLOUD COMPUTING

1.2.1 COST-EFFECTIVE

Cloud computing provides a pay-as-you-go or consumption-based pricing model. Rather than paying
upfront for a pre-defined amount of computing resources or hardware, you can rent hardware and pay
for the resources that you actually use.
This consumption-based model brings with it many benefits, including:

• No upfront costs
• No need to purchase and manage costly infrastructure that you may not use to its fullest
• The ability to pay for additional resources only when they are needed
• The ability to stop paying for resources that are no longer

needed Renting infrastructure also allows for better cost

prediction.

1.2.2 SCALABLE

Both vertical and horizontal scaling are supported, allowing to increase or decrease usage.

Vertical scaling, also known as “scaling up”, is the process of adding resources to increase the power of an
existing server. Some examples of vertical scaling are: adding more CPUs, or adding more memory.

Horizontal scaling, also known as “scaling out”, is the process of adding more servers that function together as
one unit. For example, you have more than one server processing incoming requests.

Scaling can be done manually or automatically based on specific triggers such as CPU utilization or the
number of requests and resources can be allocated or de-allocated in minutes.

1.2.3 ELASTIC

As your workload changes due to a spike or drop in demand, a cloud computing system can compensate by
automatically adding or removing resources.

1.2.4 CURRENT

Cloud eliminates the burdens of maintaining software patches, hardware setup, upgrades, and other IT
management tasks.

1.2.5 RELIABLE

Cloud computing providers offer data backup, disaster recovery, and data replication services to make
sure your data is always safe. In addition, redundancy is often built into cloud services architecture so
if one component fails, a backup component takes its place. This is referred to as fault tolerance and it
ensures that your customers aren’t impacted when a disaster occurs.

1.2.6 GLOBAL

Cloud providers have fully redundant datacenters located in various regions all over the globe. This gives
you a local presence close to your customers to give them the best response time possible no matter
where in the world they are.
You can replicate your services into multiple regions for redundancy and locality, or select a specific
region to ensure you meet data-residency and compliance laws for your customers.

1.2.7 SECURE

Cloud providers offer a broad set of policies, technologies, controls, and expert technical skills that can
provide better security than most organizations can otherwise achieve. The result is strengthened
security, which helpsto protect data, apps, and infrastructure from potential threats.

1.3 COMPLIANCE TERMS AND REQUIREMENTS

When selecting a cloud provider to host your solutions, you should understand how that provider can
help you comply with regulations and standards.
1.4 ECONOMIES OF SCALE

Economies of scale is the ability to do things more efficiently or at a lower-cost per unit when operating
at a larger scale.
1.5 CAPITAL EXPENDITURE (CAPEX) VERSUS OPERATIONAL EXPENDITURE (OPEX)

In the past, companies needed to acquire physical premises and infrastructure to start their business.
There was a substantial up-front cost in hardware and infrastructure to start or grow a business. Cloud
computing provides services to customers without significant upfront costs or equipment setup time.
These two approaches to investment are referred to as capital expenditure and operational expenditure

• Capital Expenditure (CapEx): CapEx is the spending of money on physical infrastructure up front,
and then deducting that expense from your tax bill over time. CapEx is an upfront cost, which has
a value that reduces over time.

• Operational Expenditure (OpEx): OpEx is spending money on services or products now and being
billed for them now. You can deduct this expense from your tax bill in the same year. There’s no
upfront cost. You pay for a service or product as you use it.

Computing costs comparison:

CapEx OpEx
Server Leasing cloud-based server
Storage Leasing software & features
Network Usage
Backup and archive
Disaster recovery
Datacenter
infrastructure
Technical personnel
Benefits comparison:

CapEx OpEx
Expenses are planned at the start of a project Costs are managed dynamically.
Costs are fixed; you know exactly how much is being spent. Costs fluctuate along with the demand.
Appealing when you need to predict the expenses Appealing if the demand fluctuates or is
before a project starts. unknown.

1.6 CLOUD DEPLOYMENT MODELS

A cloud deployment model defines where your data is stored and how your customers interact with it –
how do they get to it, and where do the applications run? It also depends on how much of your own
infrastructure you want or need to manage.

1.6.1 PUBLIC CLOUD

There is no local hardware to manage or keep up-to-date in a public cloud – everything runs on your
cloud provider’s hardware.

Advantages Disadvantages
High scalability/agility Security requirements that cannot be met by using public
cloud
Pay-as-you-go pricing Government policies, industry standards, or legal requirements
which public clouds cannot meet
 Not responsible for You don’t own the hardware or services and cannot manage
maintenance or updates of the them
hardware as you may want to
Minimal technical knowledge to set up Unique business requirements, such as having to
and use maintain a legacy application might be hard to meet

1.6.2 PRIVATE CLOUD

In a private cloud, you create a cloud environment in your own datacenter and provide self-service
access to compute resources to users in your organization. This offers a simulation of a public cloud to
your users, but you remain completely responsible for the purchase and maintenance of the hardware
and software services you provide.

Advantages Disadvantages
You can ensure the configuration can You have some initial CapEx costs and must
support any scenario or legacy purchase the hardware for startup and maintenance
application
You can control (and responsibility) over Owning the equipment limits the agility - to scale you
security must buy, install, and setup new hardware
Private clouds can meet strict Private clouds require IT skills and expertise that’s hard
security, compliance, or legal to
requirements come by
Economies at scale and integration with Azure
Security Center
1.6.3 HYBRID CLOUD

A hybrid cloud combines public and private clouds, allowing you to run your applications in the most
appropriate location.

Advantages Disadvantages
Keep any systems running and accessible that use out- Can be more expensive than selecting
of-date hardware or an out-of-date operating system one deployment model since it
involves some CapEx cost up front
You have flexibility with what you run locally versus in the It can be more complicated to set up
cloud and manage
You can take advantage of economies of scale from public
cloud providers for services and resources where it’s cheaper,
and thensupplement with your own equipment when it’s not
You can use your own equipment to meet security,
compliance, or legacy scenarios where you need to
completely control the environment

Azure Virtual Machines

A virtual machine, or VM, is a software emulation of a physical computer. A snapshot of a running VM is called an
image. Azure provides images for Windows and several flavors of Linux. You can also create your own preconfigured
images to make deployments go faster.
A virtual machine is defined by a number of factors, including its size and location. Before you bring up your VM, let’s
briefly cover what’s involved.

• Size: A VM’s size defines its processor speed, amount of memory, initial amount of storage, and expected network
bandwidth.

• Region: A region is a set of Azure data centers in a named geographic location. Every Azure resource, including
virtual machines, is assigned a region. East US and North Europe are examples of regions.
• Network: A virtual network is a logically isolated network on Azure. Each virtual machine on Azure is associated
with a virtual network. Azure provides cloud-level firewalls for your virtual networks called network security groups.

• Resource groups: Virtual machines and other cloud resources are grouped into logical containers called resource
groups. Groups are typically used to organize sets of resources that are deployed together as part of an application or
service. You refer to a resource group by its name.

What is Azure Compute?

Azure compute is an on-demand computing service for running cloud-based applications. It provides computing
resources like multi-core processors and supercomputers via virtual machines and containers. It also provides serverless
computing to run apps without requiring infrastructure setup or configuration.

There are four common techniques for performing compute in Azure:

 Virtual machines
 Containers
 Azure App Service
 Serverless computing

Features

 Server environments are called virtual machines.

 A package OS and additional installations in a reusable template are called VM Images.
 Supports various configurations of CPU, memory, storage, and networking capacity for your virtual machines,
known as virtual machine series.
o A, Bs, D, and DC-Series for general purpose
o F-Series for compute optimized
o E and M-Series for memory optimized
o Ls-Series for storage optimized
o G-series for memory and storage optimized
o H-series for high-performance computing
o N-series for GPU optimized

Azure Virtual Machine Types

 Contain the virtual machines using a resource group.

 Secure login information for your virtual machines using key pairs.
 Persistent storage volumes for your data using Azure Disk.
 Multiple physical locations for deploying your resources, such as virtual machines and Azure disk, known
as Regions and Availability Zones.
 You can replicate your data in Availability Zones or Availability Sets
 Azure VMs have one operating system disk and a temporary disk for short-term storage
 Metadata, known as tags,that you can create and assign to your VM resources.
 Virtual networks that you can create are logically isolated from the rest of the Azure environment and can
optionally connect to your own network, known as Azure Virtual Network or VNet.
  Add a script that will be run into the virtual machine while it is being provisioned called custom data.
 A firewall allows you to specify the protocols, ports, and source IP ranges that can reach your virtual machines
using network security groups.
 You can create an automation runbook that automatically starts/stops virtual machines based on user-defined
schedules for cost efficiency.

VM Status

 Start – run your virtual machines. You are continuously billed while your VM is running.
 Restart – some updates do require a reboot. In such cases, the VMs are shut down while Azure patches the
infrastructure, and then the VMs are restarted.
 Stop – is just a normal shutdown. If the VM is in a deallocated status, you will continue to be charged for the
storage needed for the operating system disk.
 You can also directly delete the virtual machines/resources. Deleting the selected virtual machines is
irreversible.
 You can redeploy a VM if you’re having difficulties connecting to your Linux/Windows server. When the
redeployment is in progress, the VM will be unavailable because the status of the VM changes to Updating (as
the VM prepares to redeploy).
 If the VM is currently running, changing its size will cause it to be restarted and will result in system downtime.

Disks

 Select an OS disk type using Standard HDD, Standard SSD, and Premium SSD
 Every virtual machine has one attached operating system disk
 The OS disk has a maximum capacity of 4,095 GiB.
 Every VM contains a temporary disk that provides short-term storage only for page or swap files.
 Data on the temporary disk may be lost during a maintenance event or when you redeploy a VM
 You can enable ultra disk compatibility for high throughput, high IOPS, and consistent low latency disk storage
 A VM with an enabled Ultra Disk capability will result in a reservation charge even without attaching an Ultra
Disk
 An Availability zone supports managed disks.
 You get lower read/write latency to the OS disk with Ephemeral OS disk, and faster reimage of VM. You incur
no storage cost with ephemeral OS disks.

Azure managed disks currently offers five disk types, each intended to address a specific customer scenario

Standard HDD (Hard Disk Drive):

Description: Standard HDDs are traditional spinning hard disk drives that provide cost-effective storage for
workloads with low I/O requirements.

Use Cases: Suitable for applications that require large storage capacity with lower performance needs.

Standard SSD (Solid State Drive):

Description: Standard SSDs use flash-based storage, providing better performance compared to HDDs at a higher
cost.

Use Cases: General-purpose workloads with balanced performance and cost considerations.

Premium SSD:

Description: Premium SSDs are high-performance SSDs that deliver low-latency and high-throughput storage for
I/O-intensive applications.

Use Cases: Suitable for applications that require consistent high-performance storage, such as databases and virtual
machines (VMs) running business-critical workloads.

Ultra Disk:
 Description: Ultra Disk is a high-performance disk offering that is designed for the most demanding I/O-intensive
workloads. It provides high throughput and low-latency storage.

Use Cases: Best suited for mission-critical applications that demand extremely high performance, such as large
databases and analytics workloads.

Managed Disks:

Description: Managed Disks simplify disk management by handling the maintenance tasks associated with storage,
such as replication, scaling, and encryption.

Use Cases: Can be used with both standard and premium disks, and are recommended for most production
workloads due to their ease of management.

Shared Disks:

Description: Shared Disks allow multiple virtual machines to share access to the same managed disk, providing
shared storage for clustered or high-availability scenarios.

Use Cases: Suitable for applications that require shared storage, like clustered databases or file servers.

Disk type comparison

The following table provides a comparison of the five disk types to help you decide which to use.

Ultra disk Premium SSD v2 Premium SSD Standard SSD Standard

HDD
Disk type SSD SSD SSD SSD HDD

Scenario IO-intensive Production and Production Web servers, Backup, non-

workloads such performance- and lightly used critical,
as SAP HANA, sensitive workloads performance enterprise infrequent
top tier databases that consistently sensitive applications and access
(for example, require low latency workloads dev/test
SQL, Oracle), and and high IOPS and
other transaction- throughput
heavy workloads.
Max disk 65,536 GiB 65,536 GiB 32,767 GiB 32,767 GiB 32,767 GiB
size

Max 4,000 MB/s 1,200 MB/s 900 MB/s 750 MB/s 500 MB/s
throughput

Max IOPS 160,000 80,000 20,000 6,000 2,000, 3,000*

Usable as No No Yes Yes Yes

OS Disk?

Note: refer Microsoft Documentation for more limitations and details https://learn.microsoft.com/en-us/azure/virtual-
machines/disks-types

Dedicated Host

 Provide physical servers that can host multiple virtual machines.

 Allows you to achieve compliance and regulatory requirements that require you to be the only customer to use
the physical server that will host your virtual machines.
  You have control of the scheduled maintenance events of Azure, wherein you can opt-in to maintenance
windows.
 Bring your existing Windows licenses with Software Assurance to reduce costs.
 A Host group consists of one or more dedicated hosts.
 When you create a host, it will automatically be mapped to a physical server and is created within a host group.
A host can consist of multiple virtual machines.

Azure Virtual Machines Pricing

 Pay as you go – pay for the instances that you use by the second, with no long-term commitments or upfront
payments.
 Reserved – make a low, one-time up-front payment for an instance, reserve it for a one-or three-year term.
 Spot – request unused compute capacity, which can lower your costs significantly. Spot pricing gives you up to
90 percent compared to pay as you go prices.

Backup and Recovery

 A snapshot is a full copy of a virtual machine’s OS or data disk. Snapshots are useful for backup, disaster
recovery, and troubleshooting.
 To store the backups and recovery points, you need to create a Recovery Services vault.
 With the enabled backup option, your VM will be backed up to Recovery Services vault with default backup
policy, or your custom backup policy and will be charged as per backup pricing.
 A backup policy allows you to create a backup schedule with a retention period of daily, weekly, monthly, and
yearly backup points.
 Azure Site Recovery allows organizations to meet their business continuity and disaster recovery (BCDR)
requirements by having your virtual machines’ data replicated to a secondary region and failover in the event
of a downtime.
 You can set up disaster recovery of Azure VMs from a primary region to a secondary region using Azure Site
Recovery.

Concepts

 To protect your resources from an entire data center failure, you need to deploy the VMs to a minimum of three
Availability Zones to ensure resiliency.
 To protect from hardware failures within a data center, you can deploy the virtual machine to an availability set.
Each VM in an availability set is assigned to an update domain and fault domain.
 Update domains (planned maintenance)
o A logical group of virtual machines that can undergo maintenance at the same time.
o By default, it has five non-user-configurable update domains. It can be increased up to 20 update
domains.
o Given 30 minutes to recover before maintenance is initiated on a different update domain.
 Fault domains (unplanned maintenance)
o A logical group of virtual machines that share a common power source and network switch.
o By default, VMs within an availability set are separated up to three fault domains.
 Quota is based on the total number of cores used in both allocated and deallocated.
o vCPU quotas tiers:
 Total Regional vCPUs
 VM size family cores
o You can’t deploy a VM if the quotas exceeded the limit for each region.
 You can move a virtual machine to a new subscription or resource group that is under the same subscription.
 When you move a virtual machine to a new resource group or subscription, the location of the VM will not
change.

Scale Sets (VMSS)

 Create and manage a group of load-balanced VMs to provide high availability to your applications.
 Automatically scale your application as demand changes.
 Orchestration modes:
o ScaleSetVM – virtual machines are implicitly created and added to the scale set.
 o VM – virtual machines are explicitly added to the scale set.
 Support up to 1,000 VM instances. But if you create and upload your own custom VM images, the limit is 600.
 You can use a custom script extension if you need to download and execute scripts on multiple virtual machines.
The extension is used for post-deployment configuration, software installation, or any management tasks.
 Use Azure Monitor to automate the collection of information from the VMs in your scale set.
 No additional cost to scale sets. You only pay for the underlying computing services, such as virtual machines,
load balancers, or managed disk storage.

Limitations of Virtual machines

Resource Limit

VMs per subscription 25,0001 per region.

VM total cores per subscription 201 per region. Contact support to increase limit.

Azure Spot VM total cores per subscription 201 per region. Contact support to increase limit.

VM per series, such as Dv2 and F, cores

201 per region. Contact support to increase limit.
per subscription

Availability sets per subscription 2,500 per region.

Virtual machines per availability set 200

Proximity placement groups per resource

800
group

Certificates per availability set 1992

Certificates per subscription Unlimited3

Public IP addresses
Public IP addresses allow Internet resources to communicate inbound to Azure resources. Public IP addresses
enable Azure resources to communicate to Internet and public-facing Azure services.

Public IP addresses are created with one of the following SKUs:

Public IP Standard Basic

address
Allocation method Static For IPv4: Dynamic or Static; For IPv6:
Dynamic.

Idle Timeout Have an adjustable inbound originated flow idle Have an adjustable inbound originated
timeout of 4-30 minutes, with a default of 4 flow idle timeout of 4-30 minutes, with a
minutes, and fixed outbound originated flow idle default of 4 minutes, and fixed outbound
timeout of 4 minutes. originated flow idle timeout of 4 minutes.

Security Secure by default model and be closed to inbound Open by default. Network security groups
traffic when used as a frontend. Allow traffic are recommended but optional for
with network security group (NSG) is required (for restricting inbound or outbound traffic.
example, on the NIC of a virtual machine with a
Standard SKU Public IP attached).

Availability zones Supported. Standard IPs can be nonzonal, zonal, or Not supported.
zone-redundant. Zone redundant IPs can only be
created in regions where 3 availability zones are
Note: Basic SKU IPv4 addresses can be upgraded after creation to Standard SKU. To learn about SKU upgrade, refer
to Public IP upgrade.
 live. IPs created before availability zones aren't
zone redundant.

Routing Supported to enable more granular control of how Not supported.

preference traffic is routed between Azure and the Internet.

Global tier Supported via cross-region load balancers. Not supported.

Azure reliability

Azure reliability documentation for availability zones, cross-regional disaster recovery, availability of services
for sovereign clouds, regions, and category.

What are availability zones?

Availability zones are separated groups of datacentres within a region. Availability zones are close enough to
have low-latency connections to other availability zones. They're connected by a high-performance network
with a round-trip latency of less than 2ms. However, availability zones are far enough apart to reduce the
likelihood that more than one will be affected by local outages or weather.

Availability zones have independent power, cooling, and networking infrastructure. They're designed so that
if one zone experiences an outage, then regional services, capacity, and high availability are supported by the
remaining zones. They help your data stay synchronized and accessible when things go wrong.

There are two ways that Azure services use availability zones:

 Zonal resources are pinned to a specific availability zone. You can combine multiple zonal deployments
across different zones to meet high reliability requirements. You're responsible for managing data
replication and distributing requests across zones. If an outage occurs in a single availability zone, you're
responsible for failover to another availability zone.
 Zone-redundant resources are spread across multiple availability zones. Microsoft manages spreading
requests across zones and the replication of data across zones. If an outage occurs in a single availability
zone, Microsoft manages failover automatically.
 Always-available services: Always available across all Azure geographies and are resilient to zone-
wide outages and region-wide outages. For a complete list of always-available services, also called
non-regional services, in Azure, see Products available by region.

The following regions currently support availability zones:

Americas Europe Middle East Africa Asia Pacific
Brazil South France Central Qatar Central South Africa North Australia East
Canada Central Italy North UAE North Central India
Central US Germany West Central Israel Central Japan East
East US Norway East Korea Central
East US 2 North Europe Southeast Asia
South Central US UK South East Asia
US Gov Virginia West Europe China North 3
West US 2 Sweden Central
West US 3 Switzerland North
Poland Central

What is an availability set?

Availability sets are logical groupings of VMs that reduce the chance of correlated failures bringing down
related VMs at the same time. Availability sets place VMs in different fault domains for better reliability,
especially beneficial if a region doesn't support availability zones. When using availability sets, create two or
more VMs within an availability set. Using two or more VMs in an availability set helps highly available
applications and meets the 99.95% Azure SLA. There's no extra cost for using availability sets, you only pay
for each VM instance you create.
Update domains indicate groups of virtual machines and underlying physical hardware that can be rebooted
at the same time. When more than five virtual machines are configured within a single availability set with
five update domains, the sixth virtual machine is placed into the same update domain as the first virtual
machine, the seventh in the same update domain as the second virtual machine, and so on.

Fault domains define the group of virtual machines that share a common power source and network switch.
By default, the virtual machines configured within your availability set are separated across up to three fault
domains.

VMs are also aligned with disk fault domains. This alignment ensures that all the managed disks attached to
a VM are within the same fault domains.

Paired and unpaired regions

Many regions also have a paired region. Paired regions support certain types of multi-region deployment
approaches.
Azure regions are designed to offer protection against local disasters with availability zones, they can also
provide protection from regional or large geography disasters with disaster recovery by making use of
another secondary region that uses cross-region replication. Both the primary and secondary regions together
form a region pair.

Azure paired regions

Geography Regional pair A Regional pair B

Asia-Pacific East Asia (Hong Kong Special Southeast Asia (Singapore)
Administrative Region)
Australia Australia East Australia Southeast
Australia Central Australia Central 2*
Brazil Brazil South South Central US
Brazil Southeast* Brazil South
Canada Canada Central Canada East
China China North China East
China North 2 China East 2
China North 3 China East 3*
Europe North Europe (Ireland) West Europe (Netherlands)
France France Central France South*
Germany Germany West Central Germany North*
India Central India South India
Central India West India
West India South India
Japan Japan East Japan West
Korea Korea Central Korea South*
Norway Norway East Norway West*
South Africa South Africa North South Africa West*
Sweden Sweden Central Sweden South*
Switzerland Switzerland North Switzerland West*
United Kingdom UK West UK South
United States East US West US
East US 2 Central US
North Central US South Central US
West US 2 West Central US
West US 3 East US
United Arab Emirates UAE North UAE Central*
US Department of Defense US DoD East* US DoD Central*
US Government US Gov Arizona* US Gov Texas*
US Gov Virginia* US Gov Texas*

Regions with availability zones and no region pair

Azure continues to expand globally in regions without a regional pair and achieves high availability by
leveraging availability zones and locally redundant or zone-redundant storage (LRS/ZRS).
Regions without a pair will not have geo-redundant storage (GRS).
Geography Region
Qatar Qatar Central
Poland Poland Central
Israel Israel Central
Italy Italy North
Austria Austria East (Coming soon)
Spain Spain Central (Coming soon)