Azure Fundamentals Part 2 Summary

This is a summary of Azure Fundamentals part 2: Describe core Azure services. This learning path consists of five modules. The first one is the “Introduction to Azure fundamentals”, which is repeated in every Azure Fundamentals learning path — we’ve already covered this in Azure Fundamentals Part 1. The remaining four modules cover the core services: compute, storage (databases and unstructured data), and networking.

Database and Analytics Services

This section is a summary of the Explore Azure database and analytics services module.

Managed Database Services

Azure Cosmos DB:

  • is a globally distributed, multi-model database service
  • can scale throughput and storage across any number of Azure regions
  • provides fast, single-digit millisecond data access (latency)
  • stores schemaless data in atom-record-sequence (ARS) format
  • can be accessed using various different APIs including SQL, MongoDB, Cassandra, Tables, or Gremlin

Azure SQL Database:

  • is a relational database based on the latest stable version of MS SQL Server
  • is fully managed (PaaS) so things like upgrading patching, backups and monitoring are all taken care of
  • offers 99.99% availability

Azure SQL Managed Instance is also a managed SQL Server-based offering with 99.99% availability. However, this has better compatibility (i.e. feature coverage) with the SQL Server engine than Azure SQL Database (the example given is that Azure SQL Database supports only one default collation, which makes it a little hard to support foreign characters outside of the Latin set).

The Azure Database Migration Service provides guided migration from existing on-premises databases (e.g. SQL Server, MySQL, etc) to Azure-managed databases (e.g. Azure SQL Database). It works as follows:

  1. You first get an assessment report to identify any hurdles with migration.
  2. After any issues are resolved, the Database Migration Service carries out the migration for you.
  3. You just have to change the connection string in your applications.

Azure Database for MySQL:

  • is a managed version of MySQL based on MySQL Community Edition 5.6, 5.7 and 8.0
  • offers 99.99% availability
  • supports point-in-time restore as far back as 35 days
  • can scale as needed
  • can protect data in transit and at rest

Azure Database for PostgreSQL, similarly, is a managed PostgreSQL instance that offers high availability, can scale, and supports point-in-time restore up to 35 days. What’s interesting here is the deployment options:

  • Single server: 99.99% availability, can scale vertically
  • Hyperscale (Citus): horizontally scales queries across multiple machines using sharding; good for workloads of around 100GB or more

Big Data and Analytics

Azure Synapse Analytics is an enterprise data warehouse and big data analytics service. You can query data using either serverless or provisioned resources.

Azure HDInsight is a managed analytics service for enterprise based on open source software. It can process massive amounts of data and is suitable for things like ETL, data warehousing, machine learning and IoT. It supports different cluster types such as:

  • Apache Spark
  • Apache Hadoop
  • Apache Kafka
  • Apache HBase
  • Apache Storm
  • Machine Learning Services (R-based analytics)

Azure Databricks:

  • Analytics and AI based on Apache Spark
  • Supports languages: Python, Scala, R, Java, SQL
  • Supports libraries: TensorFlow, PyTorch, scikit-learn

Azure Data Lake Analytics is an on-demand analytics job service.

  • You set the dial for how much power you need
  • You pay for jobs only when they’re running
  • No hardware deployment

Compute Services

This section is a summary of the Explore Azure compute services module.

Virtual Machines

Azure virtual machines (VMs):

  • Include virtual processor, memory, storage and networking (IaaS)
  • Provide full control over the OS and applications, but you need to maintain them
  • Useful for lift-and-shift cloud migration

Azure virtual machine scale sets are a group of identical, load-balanced VMs that autoscale (increase/decrease in number) in response to demand or a defined schedule.

Azure Batch runs large-scale parallel and high-performance computing (HPC) batch jobs across a pool of VMs. It also identifies failures and requeues work.


Virtual machines provide an abstraction for CPU, memory and storage, making these easy to change. However:

  • You install the OS and applications (more maintenance effort)
  • They support only one OS at a time, which is not that great where different runtime environments are required
  • Starting up or taking snapshots can be slow

Containers provide a lighter-weight abstraction. Whereas VMs virtualise the hardware, containers virtualise the OS.

  • A container bundles a single app and its dependencies.
  • You deploy a containerised app to a container host.
  • The container host provides a standardised runtime environment which abstracts away the OS and infrastructure requirements.
  • The same container works in different environments (e.g. dev and prod).
  • Cluster orchestration can handle the problem of where to deploy containers, and take care of starting them, stopping them, and scaling them out.

Azure supports Docker, and provides the following services to manage containers:

  • Azure Container Instances: a PaaS service making it fast and easy to deploy containers without having to manage any VMs.
  • Azure Kubernetes Service: complete orchestration service suitable for distributed architectures with lots of containers

Hosted Apps

Azure App Service provides a managed environment for hosting different kinds of apps.

  • You pay depending on how much hardware is devoted to your host
  • Covers deployment, management, securing endpoints, scaling, and high availability (load balancing and traffic manager)

The following types of apps are supported:

  • Web apps: ASP .NET, ASP .NET Core, Java, Ruby, Node.js, PHP, Python, running on Windows or Linux.
  • API apps: REST APIs with HTTP or HTTPS endpoints, Swagger support, and the ability to publish to Azure Marketplace.
  • WebJobs: schedule/trigger a program (.exe, Java, PHP, Python, Node.js) or script (.cmd, .bat, PowerShell, Bash) in the same context as a web application – good for background tasks.
  • Mobile apps: backend for a mobile app, providing services such as databases, authentication via social logins, push notifications, or custom backend logic (C# or Node.js).

Serverless Functions

Azure provides Azure Functions and Azure Logic Apps, both serverless (i.e. they run on servers but they are hidden away) and triggering based on an event (e.g. timers, HTTP requests, queues, etc).

Azure Functions have the following features:

  • Automatic scaling
  • Micro-billing (you pay only for the time the code is running)
  • Stateless (restarted each time) or stateful (Durable Functions – context is passed to the function on execution)
  • Can run locally or in the cloud

Azure Logic Apps:

  • Execute workflows built on predefined logic blocks to automate business scenarios
  • Are created using a visual designer in the Azure Portal, or Visual Studio. They are stored as JSON using a defined schema.
  • Use connectors (over 200 in-built, or you can write your own) to interact with enterprise apps
  • Run only in the cloud (not locally)

Windows Virtual Desktop

Instead of shipping laptops to remote employees, IT administrators can use Windows Virtual Desktop to provide them with a cloud-based (virtualised) version of Windows.

  • They can remote in from Windows, Mac, iOS, Android or Linux
  • They can also access it directly from most modern browsers
  • It separates the compute environment from user devices, making it less likely for employees to leave confidential data on personal devices
  • Windows 10 Enterprise Multi-Session allows more than 2 users on the same VM
  • Uses reverse connect technology, so it does not open any ports for RDP

Azure Storage Services

This section is a summary of the Explore Azure Storage services module.

You can use several different data storage services after first creating an Azure Storage account.

  • The storage account will contain your data objects (e.g. blobs).
  • It also serves as a unique namespace for your data.
  • Data is secure, highly available, durable, massively scalable, and accessible over HTTP or HTTPS.

Azure Disk Storage is an IaaS service providing virtual disks for Azure VMs. Disks come in different sizes and performance levels (e.g. HDDs vs SSDs).

Azure Blob Storage:

  • Object (think “file”) storage solution for the cloud
  • Can store massive amounts of data
  • Data is unstructured, so you can put any type of data (e.g. videos, backups, etc)
  • Storage Account contains Containers (think “folders”), which in turn contain Blobs (think “files”)

Understanding Blob access tiers:

  • Hot access tier is for frequently accessed data.
  • Cool access tier is for infrequently accessed data stored for at least 30 days. Slightly lower availability and higher access costs are a tradeoff for lower storage costs.
  • Archive access tier is for rarely accessed data stored for at least 180 days, with flexible latency requirements. Data is stored offline, and this tier carries the highest costs to rehydrate and access data.
  • All access tiers can be set at the blob level, whereas only the hot or cool tier can be set at the account level.

Azure Files:

  • Fully managed file shares in the cloud
  • Accessible via Server Message Block and Network File System (preview) protocols
  • Can be mounted concurrently by cloud or on-premises deployments of Windows, Linux and macOS
  • Files can be accessed from anywhere using limited-time URLs using Shared Access Signature (SAS)


This section is a summary of the Explore Azure networking services module.

Virtual Networks

Azure virtual networks are an IaaS service providing cloud-based equivalents of networks in a data centre. Features include:

  • Isolation and segmentation – private IP address space, subnets
  • Internet communications – via public IP or load balancer
  • Communicate between Azure resources – virtual networks and service endpoints (which link Azure services to virtual networks)
  • Communicate with on-premises resources
    • Point-to-site VPN: computer connects to Azure virtual network
    • Site-to-site VPN: connect on-premises network to Azure network via VPN gateway
    • Azure ExpressRoute: dedicated private connectivity to Azure
  • Route network traffic – route tables, Border Gateway Protocol (BGP)
  • Filter network traffic – network security groups, network virtual appliances
  • Connect virtual networks – virtual network peering (connect networks even across regions)


VPN = virtual private network, a secure connection between 2 or more trusted private networks over an untrusted network (e.g. the internet).

Azure VPN Gateway:

  • Connects on-premises data centres to Azure virtual networks via site-to-site connection
  • Connects devices to virtual networks via point-to-site connection
  • Connects virtual networks to other virtual networks via network-to-network connection
  • You can deploy only one VPN gateway in each virtual network, but it can connect to multiple locations
  • Policy-based or Route-based: both use pre-shared key and rely on Internet Key Exchange (IKE) on v1 or v2 of IPSec

Policy-based VPN:

  • Supports IKE v1 only
  • Uses static routing: IP address configuration controls how traffic is encrypted/decrypted
  • Use this only where necessary (compatibility with legacy devices)

Route-based VPNs:

  • IPSec tunnels are modelled as a network interface
  • Support static or dynamic routing (using routing tables, BGP)
  • Are resilient to topology changes (e.g. creation of new subnets)
  • Support IKE v2
  • Use any-to-any (wildcard) traffic selectors

To deploy a VPN gateway you need the following in Azure:

  • A virtual network (address space must not overlap with the on-premises network)
  • A dedicated subnet for the VPN gateway
  • A public IP address (dynamic, but it won’t change until you delete the VPN gateway)
  • A local network gateway (represents the on-premises network from Azure’s point of view)
  • A virtual network gateway
  • One or more connection objects, connecting the on-premises VPN device’s IP address to the virtual network gateway’s IP address

To deploy a VPN gateway, you also need to have the following on-premises:

  • A VPN device supporting policy-based or route-based VPN gateways
  • A public-facing IPv4 address

VPN high availability scenarios:

  • Active/standby: 2 instances, brief downtime during maintenance
  • Active/active: additional tunnels and devices are used as fallback
  • ExpressRoute failover: use VPN gateways as fallback if ExpressRoute fails
  • Zone-redundant gateways: deploy VPN gateways or ExpressRoute across availability zones. Needs different gateway instances and Standard (not Basic) IP addresses.


Azure ExpressRoute:

  • On-premises data centre connects to Azure via a private connection (i.e. not over the internet) via a connectivity provider
  • It provides better speed, reliability, security, and more consistent latencies compared to going over the internet
  • It covers two layers of the OSI Model:
    • Layer 2: Data Link Layer (node-to-node communication on the same network)
    • Layer 3: Network Layer (addressing and routing on a multi-node network)
  • Provides connectivity to MS cloud services (e.g. Office 365, Dynamics 365 and Azure services)
  • ExpressRoute Global Reach: connect private data centres together via ExpressRoute
  • Uses BGP, dynamic routing

ExpressRoute connectivity models:

  • Colocation at cloud exchange: provider (e.g. ISP) provides Layer 2 and Layer 3 connections between your infrastructure and the MS cloud
  • Point-to-point Ethernet connection
  • Any-to-any networks: Layer 3 connection between your WAN and Azure