Introduction
In this module, you’ll be introduced to the core architectural components of Azure. You’ll learn about the physical organization of Azure: datacenters, availability zones, and regions; and you’ll learn about the organizational structure of Azure: resources and resource groups, subscriptions, and management groups.
Learning objectives
After completing this module, you’ll be able to:
• Describe Azure regions.
• Describe Availability Zones.
• Describe Azure datacenters.
• Describe Azure resources and Resource Groups.
• Describe subscriptions.
• Describe management groups.
• Describe the hierarchy of resource groups, subscriptions, and management groups.
What is Microsoft Azure?
Microsoft Azure is a comprehensive cloud computing platform that provides a wide range of services to build, deploy, and manage applications. Understanding its core architectural components is essential for leveraging its full potential.
Throughout your journey with Microsoft Azure, you’ll hear and use terms like Regions, Availability Zones, Resources, Subscriptions, and more. This module focuses on the core architectural components of Azure. The core architectural components of Azure may be broken down into two main groupings: the physical infrastructure, and the management infrastructure.
Azure Physical infrastructure
The physical infrastructure for Azure starts with datacenters. Conceptually, the datacenters are the same as large corporate datacenters. They’re facilities with resources arranged in racks, with dedicated power, cooling, and networking infrastructure.
As a global cloud provider, Azure has datacenters around the world. However, these individual datacenters aren’t directly accessible. Datacenters are grouped into Azure Regions or Azure Availability Zones that are designed to help you achieve resiliency and reliability for your business-critical workloads.
The Global infrastructure site gives you a chance to interactively explore the underlying Azure infrastructure.
1. Azure Regions
A region is a geographical area on the planet that contains at least one, but potentially multiple datacenters that are nearby and networked together with a low-latency network. Azure intelligently assigns and controls the resources within each region to ensure workloads are appropriately balanced.
When you deploy a resource in Azure, you'll often need to choose the region where you want your resource deployed.
Key Points
• Geographic Distribution: Azure has over 60 regions globally, providing extensive coverage.
• Data Residency: Ensures data stays within specific geographic boundaries.
• Latency Optimization: Users can deploy resources closer to their end-users to reduce latency.
Some services or virtual machine (VM) features are only available in certain regions, such as specific VM sizes or storage types. There are also some global Azure services that don't require you to select a particular region, such as Microsoft Entra ID, Azure Traffic Manager, and Azure DNS.
2. Azure Availability Zones
Availability Zones are unique physically separate datacenters within an Azure region. Each zone is made up of one or more data centers equipped with independent power, cooling, and networking. They are designed to protect applications and data from data center failures. Availability zones are connected through high-speed, private fiber-optic networks.
Key Points
• High Availability: Ensures that applications remain available even if one zone goes down.
• Fault Isolation: Each zone is isolated from the others to prevent cascading failures.
• SLA: Provides a higher service level agreement (SLA) for uptime.
To ensure resiliency, a minimum of three separate availability zones are present in all availability zone-enabled regions. However, not all Azure Regions currently support availability zones.
Use availability zones in your apps
You want to ensure your services and data are redundant so you can protect your information in case of failure. When you host your infrastructure, setting up your own redundancy requires that you create duplicate hardware environments. Azure can help make your app highly available through availability zones.
You can use availability zones to run mission-critical applications and build high-availability into your application architecture by co-locating your compute, storage, networking, and data resources within an availability zone and replicating in other availability zones. Keep in mind that there could be a cost to duplicating your services and transferring data between availability zones.
Azure Management infrastructure
The management infrastructure includes Azure resources and resource groups, subscriptions, and accounts. Understanding the hierarchical organization will help you plan your projects and products within Azure.
3. Azure Resources and Resource Groups
A resource is the basic building block of Azure. Anything you create, provision, deploy, etc. is a resource. Virtual Machines (VMs), virtual networks, databases, cognitive services, etc. are all considered resources within Azure.
Resource Groups are containers that hold related resources for an Azure solution. They help manage and organize resources like virtual machines, storage accounts, and databases.
Key Points
• Logical Grouping: Simplifies management by grouping related resources.
• Access Control: Permissions can be applied at the resource group level.
• Lifecycle Management: Resources in a group can be managed collectively.
Resource groups are simply groupings of resources. When you create a resource, you’re required to place it into a resource group. While a resource group can contain many resources, a single resource can only be in one resource group at a time. Some resources may be moved between resource groups, but when you move a resource to a new group, it will no longer be associated with the former group. Additionally, resource groups can't be nested, meaning you can’t put resource group B inside of resource group A.
Resource groups provide a convenient way to group resources together. When you apply an action to a resource group, that action will apply to all the resources within the resource group. If you delete a resource group, all the resources will be deleted. If you grant or deny access to a resource group, you’ve granted or denied access to all the resources within the resource group.
When you’re provisioning resources, it’s good to think about the resource group structure that best suits your needs.
4. Azure Resource Manager (ARM)
Azure Resource Manager is the deployment and management service for Azure. It provides a consistent management layer that enables you to create, update, and delete resources in your Azure account.
Key Points
• Template Deployment: Allows for the use of JSON templates to automate resource deployment.
• Role-Based Access Control (RBAC): Provides fine-grained access management.
• Tagging: Resources can be tagged for easier organization and billing.
5. Azure Subscriptions
In Azure, subscriptions are a unit of management, billing, and scale. Similar to how resource groups are a way to logically organize resources, subscriptions allow you to logically organize your resource groups and facilitate billing.
Key Points
• Billing: Each subscription has its own billing account.
• Resource Limits: Subscriptions have limits on the number of resources that can be created.
• Access Management: Subscriptions can be used to manage access to resources.
Creating additional Azure subscriptions
Similar to using resource groups to separate resources by function or access, you might want to create additional subscriptions for resource or billing management purposes. For example, you might choose to create additional subscriptions to separate:
• Environments: You can choose to create subscriptions to set up separate environments for development and testing, security, or to isolate data for compliance reasons. This design is particularly useful because resource access control occurs at the subscription level.
• Organizational structures: You can create subscriptions to reflect different organizational structures. For example, you could limit one team to lower-cost resources, while allowing the IT department a full range. This design allows you to manage and control access to the resources that users provision within each subscription.
• Billing: You can create additional subscriptions for billing purposes. Because costs are first aggregated at the subscription level, you might want to create subscriptions to manage and track costs based on your needs. For instance, you might want to create one subscription for your production workloads and another subscription for your development and testing workloads.
6. Azure Management Groups
The final piece is the management group. Resources are gathered into resource groups, and resource groups are gathered into subscriptions. If you’re just starting in Azure that might seem like enough hierarchy to keep things organized. But imagine if you’re dealing with multiple applications, multiple development teams, in multiple geographies.
If you have many subscriptions, you might need a way to efficiently manage access, policies, and compliance for those subscriptions. Azure management groups provide a level of scope above subscriptions. You organize subscriptions into containers called management groups and apply governance conditions to the management groups. All subscriptions within a management group automatically inherit the conditions applied to the management group, the same way that resource groups inherit settings from subscriptions and resources inherit from resource groups. Management groups give you enterprise-grade management at a large scale, no matter what type of subscriptions you might have. Management groups can be nested.
Key Points
• Hierarchical Organization: Subscriptions can be grouped into management groups.
• Policy Application: Policies can be applied at the management group level.
• Centralized Management: Simplifies management of multiple subscriptions.
• 10,000 management groups can be supported in a single directory.
• A management group tree can support up to six levels of depth. This limit doesn't include the root level or the subscription level.
• Each management group and subscription can support only one parent
Summary
In this module, you learned about the core architectural components of Microsoft Azure. You were introduced to the relationship between datacenters, availability zones, and regions. You explored how the infrastructure supports the benefits of the cloud, such as high availability and reliability. You also learned about the management infrastructure of Azure. You explored how resources and resource groups are related, and how subscriptions and management groups can help manage resources.
Learning objectives
You should now be able to:
• Describe Azure regions.
• Describe Availability Zones.
• Describe Azure datacenters.
• Describe Azure resources and Resource Groups.
• Describe subscriptions.
• Describe management groups.
• Describe the hierarchy of resource groups, subscriptions, and management groups.
Top comments (0)