A few months back I wrote about Multi-Cloud Architectures for the Enterprise: Part 1; summarized, it was an example of how you could connect AWS, Azure and On-Premise using IPSec VPNs. Part 2 was intended to talk about platform services, however, after a few months working with Azure outside of my sandbox environment and seeing what some of the clients I work with are doing, I thought I’d pivot a little and talk about the big three cloud providers and provide my opinions on how they can co-exist and complement each other.
For anyone who is building SaaS products or externally facing applications, AWS is hands down the platform of choice.
There are a few reasons I say this:
- AWS is more developer-focused. Not to say Azure and Google aren’t, but when AWS releases services they do so in such a way that they are more easily consumed by developers and people building software. Although Google is often further out on the bleeding edge, generally their services aren’t so easy to consume initially (think Google App Engine and Kubernetes). Azure has a long way to go when it comes to deploying infrastructure as code, although CloudFormation can at times be frustrating, it is nicer to work with than ARM and has since released the CDK to abstract away some of the pain points of vanilla CloudFormation. When it comes to service native integrations AWS is more flexible in this way, take API Gateway, I can integrate with almost any Identity Provider using custom authorizers.
- Developer community. If you ever get stuck doing something with an AWS service, there is generally a guide on sites like Stack Overflow or Medium etc as an alternative to AWS’ documentation. Not to say there isn’t for Azure or Google, but there appears to be more extensive knowledge available on these kinds of sites.
- Availability. Let’s look at this from the perspective of EC2 and VMs on AWS and Azure. AWS has had the Availability Zones concept since 2008, whereas Azure only has AZ in select regions — you need to pick wisely if this is important to your workload. They have had Availability Sets where you can specify your servers run in different racks, but it’s not quite the same in my opinion.
My main gripe with AWS is it’s often difficult to know exactly what resources are in your account, especially if it’s just a sandbox account and you want to make sure everything has been cleaned up after experimentation. It can be done with a few tricks (I usually look at the billing interface to see what I’m being charged for) and then go and check those regions and services for provisioned services.
The biggest thing Azure has going for it is the seamless integration with Office 365. Any company who has an O365 tenant automatically has Azure (albeit in a limited form, initially) whether they realise it or not.
The main reasons I like Azure for business or enterprise and internal workloads are:
- Azure Active Directory forms the backbone for identity and security in the cloud. A lot of companies struggle with Identity and Security — and is often a major concern. Azure AD makes this easy with turn-key features like MFA. When companies are migrating to the cloud, most still have on-premise infrastructure and opting for hybrid cloud becomes easy by implementing Azure AD Connect to sync their on-prem AD. A lot of this all integrates seamlessly into Windows.
- Azure functions, Logic Apps and other services integrate seamlessly with Exchange, Sharepoint, Teams or many of the tools in Azure and O365 with minimal code — sometimes none at all. Automation and orchestration of tasks and services along with authentication into APIs becomes quite easy as they’ve been implemented as low-code solutions.
- Azure also has more traditional services such as Virtual Machines, Networking, etc. If you’re only using a single cloud provider, then it makes sense to put everything in the one place and host your VMs here as well. Microsoft has services which enable you to join Windows servers to your domain via Azure AD and without VPNs, which is great for smaller businesses.
Maybe I’ve been spoilt on AWS, but I find Azure is slow to provision resources. From 2 minutes to provision a Public IP address to an hour to provision a Virtual Network Gateway is just frustrating, especially when a failure occurs which wasn’t picked up on during validation or some other reason with an ambiguous error message.
The last gripe, there are far too many pricing options. Services such as Azure Functions or API Management both offer consumption-based or hourly pricing, but this also affects the feature sets available and quite often more features come with the hourly only, which can end up very expensive for a small project.
I’ve not used Google Cloud much outside of Firebase and messaging so I won’t comment too deeply on GCP. In my opinion, Google Cloud is quite targeted to those who want to work with the absolute latest technology or the most powerful AI services. If this is the kind of thing you’re into, Google is probably a good choice.
In summary, AWS and Azure are fairly like for like in their offerings. Both providers have their strengths, weaknesses and “characteristics”. If you’re building SaaS apps or products, I’d recommend AWS. If you’re a business or enterprise running internal workloads, I’d recommend Azure to compliment your O365 subscription.
Not to say that you can’t use AWS for internal resources or Azure for building products, either cloud will get you there — these are just my thoughts and preferences!