Azure network and compute services

Azure Virtual Machine

Azure Virtual Machines (VMs) are an Infrastructure as a Service (IaaS) offering that allows users to create and run virtual machines in the cloud. Like physical computers, users can install operating systems, applications, and configure settings as needed.

When to Use Azure VMs?

Azure VMs are suitable when you need:

• Full control over the operating system (OS).
• Ability to run custom software.
• Customizable hosting configurations.

With Azure VMs, users get virtualization flexibility without purchasing and maintaining physical hardware, but remain responsible for managing, updating, and maintaining the software running on the VM.

Azure VMs Scalability

You can run a single VM for testing or development, or group multiple VMs to achieve high availability, scalability, and redundancy.

Virtual Machine Scale Sets

• Enable automatic creation and management of identical VM groups.
• VMs can scale out or in automatically based on demand.
• Include automatic load balancing for resource efficiency.
• Suitable for big data, container workloads, and large-scale computing.

Virtual Machine Availability Sets

• Designed to improve application resilience and availability.

• Help prevent total failure due to network or power outages.

• Two main mechanisms:

  • Update Domain: Groups VMs for phased updates.
  • Fault Domain: Separates VMs by resources and network to avoid total failure.

• No additional cost for using Availability Sets; you pay only for the VMs used.

When to Use Azure VMs? (Use Cases)

• Testing & Development: Helps developers quickly test applications across various OS and software configurations.
• Running Applications in the Cloud: Provides more flexibility than traditional infrastructure.
• Extending Data Centers to the Cloud: Connects Azure VMs with on-premises networks to increase capacity.
• Disaster Recovery: If the primary data center fails, Azure VMs can temporarily run critical applications.
• Lift & Shift to Cloud: Migrate physical servers to the cloud with minimal or no changes.

Resources to Choose When Creating a VM

When creating a VM, you can configure aspects such as:

• VM size (number of CPU cores, RAM, etc.)
• Storage type (HDD, SSD)
• Networking (Virtual Network, Public IP, port configuration)

Conclusion

Azure VMs provide high flexibility for running applications in the cloud with full control over OS and software. However, since it is an IaaS service, you remain responsible for software maintenance. With scale sets and availability sets, you can ensure VMs remain efficient, scalable, and reliable.

---

Azure Virtual Desktop

Azure Virtual Desktop (AVD) is a cloud-based desktop and application virtualization service. With AVD, you can access Windows hosted in the cloud from anywhere, on various devices and operating systems.

Advantages of Azure Virtual Desktop

• Enhanced Security

• Centralized security management with Microsoft Entra ID.

• Multi-factor Authentication (MFA) to improve login security.

• Role-Based Access Control (RBAC) for granular data access control.

• Data and applications are separated from local devices, reducing data leakage risks.

• Multi-Session Windows 10 & 11

• AVD supports Windows 10 & 11 Enterprise Multi-Session, allowing multiple users to share a single VM simultaneously.

• More stable and compatible than Windows Server-based OS.

Conclusion

Azure Virtual Desktop is a flexible solution to access Windows in the cloud with high security,
multi-device access, and multi-session support. Ideal for organizations looking to secure data,
reduce infrastructure costs, and improve remote work efficiency.

---

Azure Virtual Containers

Azure Containers are lightweight virtualization solutions to run multiple applications on a single physical or virtual host without managing the operating system directly. Compared to virtual machines (VMs), containers are faster, more flexible, and use fewer resources.

What is a Container?

• A lightweight virtualization environment allowing multiple applications to run on one host.
• No need to manage the OS like in VMs.
• Faster and more dynamic, can be created, stopped, or scaled on demand.
• Quick failure response, with automatic restart on crashes.
• Docker is one of the most popular container engines supported by Azure.

Feature	Virtual Machines (VMs)	Containers
OS Management	Must be managed manually	No need to manage
Heavy vs Lightweight	Heavy because it includes the OS	Lightweight because it's just the application
Startup Speed	Slower	Very fast
Scalability	Possible but more complex	Easy and fast
Isolation	Full OS for each VM	Shared OS but still secure

Azure Container Services

Azure Container Instances (ACI)

• The fastest and easiest way to run containers in Azure.
• Platform as a Service (PaaS), no need to manage VMs.
• Just upload the container, and Azure runs it automatically.

Azure Container Apps

• Similar to ACI but with additional features like load balancing & auto-scaling.
• Suitable for applications requiring high elasticity.

Azure Kubernetes Service (AKS)

• Container orchestration service managing the lifecycle of many containers simultaneously.
• Ideal for deploying container fleets efficiently.

Containers in Microservices Architecture

Containers are often used in microservices architectures, where applications are split into small, manageable, scalable, and independently updatable parts.

Example: Website with container architecture

• Front-end in one container.
• Back-end in another container.
• Database/Storage in separate container.

If the back-end is overloaded, you can scale it without affecting the front-end or database.

Conclusion

Azure Containers are modern virtualization solutions that are faster, lighter, and more flexible than VMs.
With services like ACI, Container Apps, and AKS, companies can build high-performance, scalable, and cost-efficient cloud applications.

---

Azure Functions

Azure Functions is an event-driven serverless computing service that allows users to run code without maintaining infrastructure like virtual machines (VMs) or containers. Azure Functions run only when triggered by events, saving costs and simplifying scalability.

Benefits of Azure Functions

• No need to manage servers or infrastructure — just focus on the code.
• Automatic scalability — resources increase or decrease as needed.
• Pay-as-you-go — charges apply only when the function runs.
• Quick response to events — suitable for applications requiring instant reaction.

How Do Azure Functions Work?

• Triggered by events such as REST requests, timers, or messages from other Azure services.
• Code executes when triggered, without the need to keep resources active.
• Once finished, Azure automatically releases resources to save costs.

Azure Function Type	Characteristics
Stateless (Default)	Functions run as if new each time they are called. Does not retain context.
Stateful (Durable Functions)	Can track state and context between function calls. Suitable for complex workflows.

When to Use Azure Functions?

Common Use Cases:

• Real-time data processing (e.g., updating a database when a new event occurs).
• Automated notifications (e.g., sending emails after transactions).
• Integration with other services (e.g., Azure Blob Storage, IoT, or APIs).
• Backend for serverless applications (e.g., functions as API endpoints for web or mobile apps).

Conclusion

Azure Functions is a flexible, cost-effective, and auto-scaled serverless solution.
With event-driven programming support, it is ideal for building modern, scalable, and responsive cloud applications.

---

Azure Virtual Networking

Azure Virtual Network (VNet) is a fundamental Azure networking service that enables secure communication between cloud resources and on-premises environments. A VNet functions like a local network but is fully cloud-based, offering scalability and high security.

Key Features of Azure Virtual Networking

1. Isolation & Segmentation

• Each VNet is isolated from other VNets, similar to private networks.
• Subnets can be created to allocate IP addresses to different resources.
• Supports both internal and external DNS for domain resolution.

2. Internet Communication

• Internet access can be provided via Public IPs or Load Balancers.
• Public endpoints have global IPs, while private endpoints remain within the VNet.

3. Communication Between Azure Resources

• VNets can connect various Azure services such as:
  • Azure Virtual Machines (VMs)
  • Azure Kubernetes Service (AKS)
  • Azure App Service (with App Service Environment)
  • Service Endpoints connect to other Azure services like Azure SQL Database and Storage Accounts.

4. Communication with On-Premises

Several methods connect on-premises networks to Azure:

Method	Description
Point-to-Site VPN	Individual computers connect to Azure via VPN. Suitable for remote workers.
Site-to-Site VPN	Connects entire on-premises networks to Azure via VPN gateway.
Azure ExpressRoute	Private connection directly to Azure, bypassing the internet. Higher speed and more secure.

5. Network Traffic Routing

• Azure automatically manages routing between subnets, VNets, and the internet.
• Can be customized with:
  • Route Tables to define specific network paths.
  • Border Gateway Protocol (BGP) for routing information exchange with on-premises networks.

6. Filtering & Security

• Network Security Groups (NSG): Control inbound and outbound traffic based on IP, port, and protocol.
• Network Virtual Appliance (NVA): VM-based firewalls for enhanced security.

7. Virtual Network Peering

• VNet Peering allows two VNets to communicate directly over Microsoft's backbone network.
• Supports Global VNet Peering for cross-region communication.

Conclusion

• Azure Virtual Network enables secure and flexible communication in the cloud.
• Hybrid support to connect Azure with on-premises.
• High security through NSGs, VPNs, and VM-based firewalls (NVAs).
• Global scale with VNet Peering & ExpressRoute.

---

Azure Virtual Private Networks

Azure VPN is a secure solution to connect multiple networks over the public internet using encrypted tunnels (tunneling). This technology enables secure communication between on-premises networks, individual devices, and Azure Virtual Networks (VNets).

Key Features of Azure VPN

• Encrypted traffic — all data is encrypted to prevent eavesdropping.
• Secure connectivity — connects data centers, remote workers, and VNets in Azure.
• Flexible connection methods — supports Site-to-Site, Point-to-Site, and VNet-to-VNet.
• High availability & redundancy — ensures connectivity remains active even during disruptions.

What is Azure VPN Gateway?

VPN Gateway is a special Azure resource that secures connections between networks.
It is deployed in a dedicated subnet within a Virtual Network (VNet).

VPN Gateway Connection Types

1. Site-to-Site (S2S) VPN

• Connects on-premises physical networks to Azure VNet.
• Uses IPSec/IKE VPN tunnels.

2. Point-to-Site (P2S) VPN

• Connects individual devices (laptops, remote workers) to Azure VNet.
• Uses protocols like OpenVPN, SSTP, or IKEv2.

3. Network-to-Network (VNet-to-VNet) VPN

• Securely connects two or more Azure VNets.

VPN Gateway Types

VPN Type	How It Works	When to Use
Policy-Based VPN	Uses static rules to encrypt traffic.	Older systems, less flexible.
Route-Based VPN	Uses dynamic routing to determine traffic paths.	Recommended for high scalability and flexibility.

warning

• Route-Based VPN is recommended due to greater flexibility and support for complex scenarios.

High Availability & Redundancy Options

1. Active/Standby Mode (Default)

• Azure provides two instances but only one is active at a time.
• If disruption occurs, the standby instance activates within seconds up to 90 seconds.

2. Active/Active Mode

• Uses BGP (Border Gateway Protocol) for routing.
• Two active instances with separate public IPs for higher redundancy.

3. ExpressRoute Failover

• VPN Gateway can be a backup for ExpressRoute.
• If ExpressRoute fails, VPN Gateway takes over.

4. Zone-Redundant Gateways

• Can be deployed in Azure Availability Zones for higher resilience.
• Protects against failures at the Azure zone level.

Conclusion

• Azure VPN enables secure communication between networks with data encryption.
• Can connect on-premises, individual devices, and VNets.
• Route-Based VPN is recommended for better scalability.
• Redundancy options ensure connectivity remains during disruptions.

---

Azure ExpressRoute

Azure ExpressRoute is a private connection service that allows organizations to extend their on-premises networks to Microsoft Cloud without traversing the public internet. This connection is called an ExpressRoute Circuit and is provided through connectivity providers.

Used to connect:

• Data centers, offices, or other facilities to Microsoft services like Azure & Microsoft 365.
• Provides faster, more secure, and more stable connections than typical internet connections.

ExpressRoute Features & Advantages

• Direct connection to Microsoft cloud services in all regions within a geopolitical area.
• Global Reach — Connects ExpressRoute circuits across multiple on-premises locations.
• Dynamic routing using BGP (Border Gateway Protocol).
• Built-in redundancy at each peering location for high reliability.

Connecting to Microsoft Services

With ExpressRoute, users can access the following services directly without traversing the public internet:

• Microsoft 365 (Outlook, SharePoint, Teams, etc.)
• Microsoft Dynamics 365
• Azure Compute Services (like Azure Virtual Machines)
• Azure Cloud Services (like Azure Cosmos DB, Azure Storage)

Global Connectivity with ExpressRoute Global Reach

• Enables connection between data centers & offices in different regions via Microsoft’s network.
• Example: An office in Asia and a data center in Europe can communicate directly without using the public internet.

ExpressRoute Connection Models

1. Colocation at Cloud Exchange

   • If your data center or office is located at a cloud exchange, you can use a virtual cross-connect to connect directly to Microsoft Cloud.

2. Point-to-Point Ethernet Connection

   • Uses a direct point-to-point connection from your facility to Microsoft Cloud.

3. Any-to-Any (IP VPN)

   • Connects your organization's WAN networks to Microsoft Cloud via a network provider.

4. ExpressRoute Direct

   • Direct connection to Microsoft's global network at specific peering locations.
   • Supports dual 100 Gbps or 10 Gbps, ideal for large-scale Active/Active connections.

Dynamic Routing with BGP

ExpressRoute uses the BGP protocol to automatically exchange routes between on-premises networks and Azure. Benefits of BGP:

• More flexible & automatic routing.
• Supports automatic failover for high reliability.

ExpressRoute Security

• Does not traverse the public internet, reducing the risk of hacking & cyber-attacks.
• Data traffic is more secure and stable compared to traditional VPN.
• Still requires the internet for DNS queries, certificates, and CDN requests.

Conclusion

• ExpressRoute is a high-performance private connection for extending on-premises infrastructure to Microsoft Cloud.
• Ensures fast, secure, and reliable data transfer without exposure to public internet risks.

Azure DNS

Azure DNS is a hosting service for DNS domains that provides domain name resolution using Microsoft Azure’s infrastructure. With Azure DNS, you can manage DNS records using the same credentials, APIs, tools, and billing systems as other Azure services.

Advantages of Azure DNS

• High Reliability & Performance
• Data Security & Access Control
• Ease of Management
• Support for Custom Virtual Networks
• Alias Records for Azure Resources

High Reliability & Performance

• DNS domains in Azure are hosted on Microsoft Azure’s global network, ensuring high availability and system resilience.
• Uses anycast technology, where the nearest DNS server responds to each DNS query, resulting in fast and reliable responses.

Data Security & Access Control

Azure DNS is based on Azure Resource Manager, which provides security features such as:

• Azure Role-Based Access Control (RBAC) – Controls who has access to manage DNS domains.
• Activity Logs – Monitors changes made to DNS for auditing and troubleshooting.
• Resource Locking – Prevents accidental deletion or modification of critical resources by other users.

Ease of Management

• Can manage DNS records for both Azure services and external resources.
• Integrated with Azure Portal, Azure CLI, PowerShell, and REST API for DNS management automation.
• Can be used with SDKs for code-based management.

Support for Private DNS in Virtual Networks

Azure DNS supports private DNS zones, allowing organizations to use custom domains within their virtual networks.
Benefits:

• No need to use Azure’s default domain names.
• More flexible and secure name resolution for internal infrastructure.

Alias Records for Azure Resources

Azure DNS supports alias record sets, allowing domains to directly point to Azure resources such as:

• Azure Public IP Address
• Azure Traffic Manager
• Azure CDN (Content Delivery Network)

Benefits of Alias Records: If the resource’s IP changes, the record is automatically updated without manual configuration.

⚠ Important Note

❌ Azure DNS cannot be used to purchase domains. Domains can be bought via App Service Domains or third-party domain providers, then managed with Azure DNS.

Conclusion

• Azure DNS is a DNS hosting service offering high reliability, security, and ease of management.
• Supports both public and private DNS, and integrates with other Azure services.
• Alias records enable domains to directly connect to Azure resources with automatic updates.
• Ideal for businesses needing fast, secure DNS services that easily integrate with cloud infrastructure.

---