By Ed Bott and Azure Security News
Microsoft Azure is Microsoft’s comprehensive collection of cloud-based alternatives to physical hardware and services. Azure virtual machines run all of Microsoft’s server products as well as a wide range of third-party products including Linux distributions and third-party software; the Azure product line also includes a comprehensive collection of services that developers can use to build cloud-based apps. This guide offers an executive-level overview of Microsoft Azure services, including product offerings and prices.
What is Microsoft Azure?
Microsoft Azure is a broad, ever-expanding set of cloud-based computing services that are available to businesses, developers, government agencies, and anyone who wants to build an app or run an enterprise on the internet without having to install and manage hardware or server software. It has been the fastest-growing business segment for Microsoft in recent years and will probably overtake Windows in terms of revenue within two or three years.
Cynics love to dismiss the entire concept of cloud computing with a scoff: “The cloud is just someone else’s computer.” But that oversimplification describes only one small part of the Azure business: Infrastructure as a Service (IaaS), in which cloud-based services replace physical hardware.
The full range of Microsoft Azure services covers much more ground than simply relocating on-premises servers to the cloud. In addition to IaaS resources, you have a full range of Platform as a Service (PaaS) and Software as a Service (SaaS) options, giving your organization access to cloud-based services without the necessity of managing a server. For example, you can stand up a website based on WordPress or build a basic Node JS site without having to configure (or patch) the underlying Windows or Linux server.
In addition, developers of apps and web-based sites and services can use Azure storage and services as building blocks, without having to worry about the security or reliability of the underlying infrastructure.
Microsoft announced Azure in 2008. Two years later, in January 2010, Windows Azure debuted to the public. Microsoft rebranded its cloud platform as Microsoft Azure in 2014. The name change wasn’t just cosmetic but was instead an acknowledgment that the scope of Azure cloud services had gone far beyond just Windows-based offerings. By late 2017, in fact, Microsoft reported that 40% of all virtual machines in Azure were running Linux, up from less than one-third just a year earlier.
The Azure Global Infrastructure includes data centers in 54 regions, spanning 140 countries. Microsoft also maintains two Azure Government Secret regions that are in undisclosed locations.
What are the benefits of Microsoft Azure?
The most obvious benefit of Azure’s IaaS offerings is that your organization doesn’t have to buy, configure, maintain, and repair hardware to run cloud-based workloads. Savings start with the cost of the hardware but encompass a far greater number of indirect costs, including the physical space required to house those servers as well as the electricity to keep them running.
Because Azure-based resources are virtual, they can’t fail unexpectedly and result in downtime while you wait for repairs or a replacement. Virtual hardware resources can scale up or down in a way that physical hardware can’t, making it possible to deal with sudden surges in traffic to an Azure-based website. Large organizations that have to meet global privacy requirements for data storage and transfer can easily move data and services to a region of their choosing.
For developers, Azure offers instant access to services for developing mobile apps, designing IoT devices, connecting to online storage and database resources, and deploying container technology. In addition, Microsoft has invested heavily in machine learning and AI tools for developers.
What is Azure infrastructure as a service?
One of the most basic Azure IaaS usage scenarios is replacing a physical server with a virtual server running in Azure’s datacenter, thus eliminating the need to maintain hardware.
That server can run any supported desktop or server version of Windows, up to and including Server 2019. Or you can choose from a long list of Linux distros, also in a wide range of supported versions, including Ubuntu Server, Red Hat Enterprise Linux, FreeBSD, and even Oracle Linux. In the enormous Azure Marketplace, you can find ready-run virtual servers for just about any task, including SQL Server, Docker, SAP Hana, and even (to go with that Oracle Linux server) Oracle Database.
You could, in fact, build an entire virtual desktop infrastructure (VDI) in Azure’s cloud and manage it all with third-party tools. You can sign up for Citrix Virtual Desktops Essentials directly from the Azure Portal, for example, enabling a traditional VDI option from a service provider already well known in corporate circles. For a completely different approach, look at Nerdio for Microsoft Azure, which allows administrators to create an entire business network and manage it from a third-party web portal, which the company bills as “IT as a service.”
At the Ignite conference in late 2018, Microsoft announced plans for its own Azure-based VDI service, called Windows Virtual Desktop. It supports Windows 10 in multi-user configurations available on any device, replacing on-premises server-based virtualization. It’s also available running Windows 7 virtual desktops, with an irresistible perk for enterprises that are struggling with Windows 10 migration plans: three years of free extended security updates, extending from the official Windows 7 end of support on January 14, 2020.
A cloud-based computing infrastructure is capable of tricks you can’t easily accomplish in your own server room, including built-in load balancing and on-the-fly hardware upgrades at the flip of a virtual switch. It also includes some impressive security features such as just-in-time VM access, which locks down VMs at the network level, blocking inbound traffic except when specific requests for access are approved.A cloud-based computing infrastructure is capable of tricks you can’t easily accomplish in your own server room, including built-in load balancing and on-the-fly hardware upgrades at the flip of a virtual switch. It also includes some impressive security features such as just-in-time VM access, which locks down VMs at the network level, blocking inbound traffic except when specific requests for access are approved.
What services compete with Azure?
Azure is a clear second among cloud providers — well behind Amazon Web Services, but well ahead of any other competition. Among the other competitors, Google Cloud Platform offers a similar set of cloud-based infrastructure and app services using the search giant’s global infrastructure. Other companies, including Salesforce and Oracle, offer a subset of cloud-based services that are aimed primarily at those firms’ existing customers.
What else can you do on Azure?
We could probably write an entire book covering the full range of services available on Azure, and it would be out of date the next day, because that universe is continually expanding. Here’s a broad summary of other services available, organized by category.
STORAGE AND DATABASES
Storing huge amounts of data, structured or unstructured, is what Azure was built for. The native Azure Storage services include: Azure Blobs (for unstructured data, including serving images, documents, and video streams directly to a browser); Azure Files, which are cloud-based file shares accessible using Standard Message Block (SMB) protocols; Azure Queues, for messaging between application components; and Azure Tables, a NoSQL store for structured data.
For migrating databases built on SQL Server, there’s Azure SQL Database, a fully managed service that can be used as Managed Instances to migrate on-premises workloads or deployed from scratch to supply SQL database as a service.
And then there’s Azure Cosmos DB, Microsoft’s really big bet on big data. Microsoft calls it a “fully managed, globally-distributed, horizontally scalable in storage and throughput, multi-model database service backed up by comprehensive SLAs [service level agreements].”
APP DEVELOPMENT TOOLS AND SERVICES
Developers of desktop and mobile apps have a full set of tools for building and deploying those apps, starting with the Visual Studio development environment, which is available in multiple versions (including preview releases) on Windows Server and Windows 10 Enterprise N virtual machines.
In addition to offering Visual Studio Team Services and Azure DevOps, Azure includes a broad selection of third-party devops tools for sharing code, managing workflows, deploying software, and monitoring performance and usage. You can use Jenkins, for example, to build apps in the cloud and deploy them directly to Azure. Use Terraform or Ansible to provision and configure infrastructure, and then manage it all with Chef Automate.
CONTAINERS AND CONTAINER SERVICES
Containers are standardized, encapsulated environments that run applications securely, with high availability and the capability to scale quickly. Azure’s marketplace makes it particularly easy to deploy and scale container images. The standard for managing containerized workloads is the Kubernetes container orchestration service, which is available on Azure as Azure Kubernetes Service (AKS).
How important is containerization to the future of cloud-based workloads? As ZDNet’s Scott Fulton has noted, “Microsoft has completely retooled its entire server system philosophy around Kubernetes, and hired several of its principal creators.”
Azure offers well over 100 container images in its marketplace, along with tools from Docker and others for managing those images.
Among the most recent additions to Azure are a set of tools for performing predictive analytics and identifying useful algorithms. The Azure Machine Learning service makes it possible to build, train, and deploy machine learning in hybrid environments or directly in the cloud, using the same frameworks and tools you use on-premises.
How do you manage Azure services?
The primary interface for managing Azure subscriptions and resources is the Microsoft Azure Portal. That destination includes a customizable dashboard that offers at-a-glance information about running services, as well as a point-and-click interface for adding, configuring, and deploying new Azure resources.
From the Azure Portal, you can deploy, manage, and monitor resources in groups, using the Azure Resource Manager. For repetitive tasks, you can use Azure PowerShell and the Azure Command Line Interface (Azure CLI).
Using a custom dashboard, you can monitor the operation and performance of Azure-based applications and infrastructure, including the ability to query and analyze logs. To avoid surprises, you can set up alerts to receive notifications of critical conditions and assign automated actions based on user-defined triggers.
The Azure Security Center provides a numeric score that analyzes how well your cloud-based resources stack up against security best practices. Based on that score, the AI-based service provides recommendations to help remediate vulnerabilities and harden those resources against threats.
Finally, a separate Cost Management center allows you to analyze usage-based costs, configure alerts to avoid unpleasant budget surprises, and review recommendations for reducing waste.
What is Azure Active Directory?
Even if you’ve never opened the Microsoft Azure Portal or worked directly with any Azure services, there’s a strong possibility that your organization already has a presence in Azure Active Directory (Azure AD).
Microsoft’s cloud services are interconnected at fundamental levels, a fact that simplifies administration and license management. If you have a Microsoft 365 (formerly Office 365) Business or Enterprise subscription, for example, all of your user management goes through Azure AD. The same is true of Dynamics CRM and Microsoft Intune. You can manage users and associated devices through the Azure AD portal.
Those basic accounts are free. Additional features are available in Premium P1 and Premium P2 tiers, for an additional per-user fee of $6 and $9 per month, respectively.
What does Microsoft Azure cost?
Most Azure services are billed on a pay-as-you-go model, with no upfront costs. You can receive a discount on Azure services by purchasing one-year or three-year reservations that substantially reduce costs. The Azure Portal provides cost estimates when you add a new resource; you can also use the Azure Pricing Calculator to quickly estimate costs for a new resource on a pay-as-you-go or reserved-instance basis.
Most Visual Studio subscriptions provide free monthly Azure credit as a benefit; the exact amount depends on the subscription level. Likewise, anyone who’s a BizSpark or Microsoft Partner Network member receives a monthly allotment of Azure credits, as well.
And if you just want to try your hand at Azure services, you can sign up for a free account that includes $200 worth of credit for the first month as well as access to a handful of popular services that are free for the first year.