Azure Series: Multi-part series on Azure Cloud and related guidelines
In this multi-part Azure Cloud series, I intend to cover the general aspects of Azure in simple terms, the business case for cloud, some deep dives where required, migration strategy, AllOps, security by design framework, reference architectures, and/or demo, and more. I am putting up a Lego bricks approach with multiple layers (in conjunction with the OSI / TCP/IP Layer) and will be adding several Reference architectures (for Web, Batch, Mobile, Data Lake, Big Data, Machine Learning, etc) after assorting and categorizing these Lego pieces. Along the way, I will also discuss the adoption of cloud for different sizes of organizations and building a cloud for scale and how best can make it built to last and at the same time extend it to handshake with other cloud providers to enable Poly Cloud / Multi-Cloud based adoption for the organization.
Layers:
I take the layering approach for designing Azure cloud. These layers are essentially divided into 4 groups (1) The Must have stack (2) The Input Stack (3) The Processing Stack and (4) The Output Stack.
The Must Have Stack:
Security Layer:
Login: IAM, Azure AD for MFA, Azure AD and SSO, Azure AD Privileged Identity Management, Users, External Identities, Identity Governance.
Storage / Data: Encryption in Transit, Storage Encryption for Data at Rest, TDE, Key Vault, BYOK/BYOE, Information Protection — AIP (Data Loss Prevention — DLP), Azure Security Centre (File Integrity Monitor — FIM), Key Vault
Network & Web: Route Control, WAF, Network Security Groups, Azure Firewall, Application Gateway, Built in DDoS Defence, Application Gateway (SSL Decryption), Microsoft Defender ATP (Endpoint Protection),
Email: Office Advanced Threat Protection
SIEM & Log Analytics: Azure Sentinel, Azure Monitor
Anti malware: Microsoft Antimalware, Azure Security Centre (Vulnerability assessment)
Compute: Security Policy, Patch Upgrades, VM Disk Encryption
Governance: Azure Security Centre, Azure Policy
Security: Azure Synapse Analytics, Azure Information Protection, Secuirty Center.
Links to Part 1 of the Article:
Cloud Deployment Models (Part1 & Part2)
Azure Series #1: Security Layer — Login
Azure Series #1: Security Layer — 2. Network — Gateway Checks
Azure Series #1: Security Layer — 2. Network — Threat Detection
Infra & Network Layer:
Infra & Network: Virtual Network
Request / Response: CDN
Links: Virtual Network, Express Route, SSTP
Gateways: Application Gateway
Load Balancer: Azure Load Balancer
Patch & Change Management: Azure Security Centre, Update Management, Azure Automation (Change Tracking)
Monitoring & Messaging Layer:
Logging: Azure Audit Logs, Log Analytics Workspaces, Activity Log, Azure Workbooks
Monitor: Diagnostic Settings, Application Insights, Network Watcher, Application Change analysis.
Messaging: Alerts
Additionally,
Management and Governance:
Advisor, Cost Management + Billing, Azure Arc, Managed Desktop.
Migration:
Azure Migrate, Azure Stack Edge, Data Box, Azure Data Box Gateway, Azure Database Migration Services.
The Input Stack:
Sourcing & Streaming Layer:
Kafka on Azure, Event Hubs.
Ingestion Layer:
Data Ingestion: Azure Data Factory, DevOps for Data Ingestion Pipeline, Event Hubs (Real time data ingestion)
Data Preparation: Azure Synapse
File Storage Layer:
Object Storage: Blob Storage
Shared File Storage: File Storage
Data Transport: Import / Export Feature
Data Backup: Backup software
Content Delivery: Content Delivery Network
The Processing Stack:
Compute / Application Layer:
Virtual Services: VM
Auto Scaling: VM Scale Sets, App Service Autoscaling
Virtual Server Disks:Blob Storage, Premium Storage
Containers: Container Service, Azure Kubernetes Service, Azure Container Service, Container Registers, Batch Account, App Services, Service Fabric Cluster
Backend Logic: Cloud Service (Workers), Functions, Logic Apps, Web Jobs
Microservices: Service Fabric
Web Apps: Web Apps, App Service
API Runtime: API Apps
Recovery: Site Recovery
Templates: Quickstart Template
Integration: Service Bus, Event Grid, Integration Service Environments,
Web:
App Services, CDB Profiles, Power Platform, API Connections.
Mobile: App Services, Notification Hub, Power Platform.
Big Data Layer:
Analytics: HDInsights, Azure Synapse Analytics, Event Hubs, Data Lake Storage gen1, Azure Data Explorer Clusters, Data Factories, Azure Data Bricks, Analytics Services, Stream Analytics.
Visualization: Power BI Embeded
Machine Learning Layer:
Azure Synapse Analytics, Machine Learning, Genomics accounts, Bot Services, Machine Learning Studio, Cognitive Services, Bonsai.
DevOps CI/CD Layer:
DevOps Center. DevTestLabs, API Connections, Azure DevOps Organization, API Management Services, Application Change Analysis, Application Insights, Lab Services.
The Output Stack:
Database Layer:
SQL Warehouse, Redis, CosmosDB, Data Factories, Managed Databases.
Data Lake Layer:
Data Lake Analytics, Data Lake gen1.
Consumption Layer:
Databases, File Storage, Visualization.
Backup and Recovery Layer:
Azure Backup, Azure Site Recovery
Look out for updates in the article with links to the sections concerned.
Azure Cloud series is loosely mapped to the OSI layer.
Link to AWS Series Multi part article.
For other articles please check & subscribe to luxananda.medium.com
