- How to bulk detach / attach databases in SQL Server - February 2, 2024
- How to enforce password policy in an Oracle database - 4 January 2024
- How do we change the name of the user / schema in an Oracle database - 1 December 2023
In this article we will analyze what Microsoft's cloud service offers us in terms of infrastructure. By using Azure we can transfer our on-premise systems to the Cloud or even go to some hybrid solution, where our on-premise systems will have a part of them in Azure. So it is very important to know how we will set up our infrastructure step by step.
A typical infrastructure in Visio visualization looks something like this:
But let's see what the Azure service icons mean.
First of all we need a subscription, this is called subscription and it is essentially our wallet. All charges are made through there.
The Azure mainly works with the model pay as you go and we pay for the resources we consume per month. We can also pay for time in advance for a lower cost.
After creating our subscription, if we don't already have one, one is created for us Azure Tenant with our account at Azure Active Directory. From there we can create new users, set role-level permissions (RBAC), user security and more.
Then we have the resource groups, are essentially buckets for separating resources, i.e. they contain all the following that we will analyze such as Virtual Machines, Storages, Vnets, etc.
Their use makes it easier to distinguish productive from test and development systems. We can have different administrators (Contributors) and track the cost of each resource group separately.
We don't need to say much here Virtual machines in Azure they are created easily and quickly, they have many images to choose from and with many variations of pre-installed applications, e.g. Windows Server 2019 with SQL Server 2019 Enterprise. We also have to select the resources of the Server that will host it.
The options we have:
- DTU model, is a unit of measurement between CPU, memory and disk speed:
- Basic (up to 5GB)
- vCore model Cores and Storage are measured in units:
- General purpose: The most common model has the possibility to choose serverless compute so that you are charged only for the resources you use (even if the server stops completely).
- Business Critical: The high availability model that offers many replicas.
- Hyperscale: It has the maximum scaling of resources, backups are taken through snapshots.
The availability sets is the Azure cluster. After it is created you can add two or more VMs. In the event that someone is damaged, the operation of the application can continue without a problem. There are also availability zones involving operation on multiple continents.
The virtual machine scale sets are used to automatically create multiple VMs in case of increased processing power needs. When this need falls, they are again reduced to the set number.
The storage accounts it is where our data will be hosted. We choose whether the performance will be Standard or Premium and whether our data will be hot for immediate use or cold for safekeeping. We can make blob storages, file storages, table storages, file shares and tables.
The type of disk replication is also a very important choice:
Locally redundant storage (LRS)
Zone-redundant storage (ZRS)
Geo-redundant storage (GRS)
Read-access geo-redundant storage (RA-GRS)
Geo-zone-redundant storage (GZRS)
The Recovery Services vault it is the place where backups are taken either at the VM level or in file storage. From there we can see the backups we have taken, change their policies and perform site recovery.
Virtual network it is the network that connects all resources together in a secure environment. We have the ability to create many different subnets under it for each service.
Network Security Group (NSG) is the corresponding firewall at the network level. It controls all data traffic coming and going between subnets and VMs (we can apply one NSG to many different ones).
Peering is the connectivity of two different virtual networks. They can be located on a different continent as long as we don't have a conflict in the subnet IPs between them.
After Azure VPN Gateways we can connect the on-premise physical network in our company to Azure via the Internet (IP security).
The ExpressRoute is an alternative to VPN Gateway. A proposed solution for fast and secure private connection (outside the internet) of our company's on-premise physical network with Microsoft Azure.
The load balancers it is for use in cluster and scaling applications with high availability. They provide connectivity with the private ips of the endpoints so that depending on the load or if there is no availability nodes can be redirected to an available one. Usually there we define the public IPs.
Them Public IP we need them to communicate applications and virtual machines with the internet. Usually in high availability installations we define them in the load balancers. However, their use requires caution because it can lead to a security gap.