Architecting Microsoft Azure Solutions - andres-gu3y-20240305-083345

Overview

This course session provides an in-depth exploration of Azure architecture design principles, focusing on cost management, resource organization, storage solutions, compute services, and governance. The training guides learners through real-world case studies centered on Tailwind Traders, covering subscription and management group hierarchies, tagging strategies, Azure Files and Blob Storage, relational and non-relational databases, virtual machines, Kubernetes, serverless functions, and network design. Emphasis is placed on decision-making frameworks—such as the Azure decision tree for workload selection—and practical implementation using tools like the Azure Pricing Calculator and Total Cost of Ownership (TCO) estimator. The session concludes with hands-on breakout activities where participants design and present cloud architectures, reinforcing best practices for scalability, redundancy, security, and cost optimization.

Topic (Timeline)

1. Introduction & Governance Design [00:03:09.160 - 00:06:21.480]

• Session begins with greetings and recap of previous day’s topic: designing a governance solution for Tailwind Traders, a company with two business units (apparel and sporting goods) and three departments (product development, marketing, sales).
• Key question: How to track Azure spending per business unit and subunit?
• Two primary solutions introduced:
  1. One subscription per business unit – straightforward, enables direct cost allocation.
  2. Resource groups per unit – alternative for shared subscription models.
• Emphasis on cost transparency and accountability as core governance goals.

2. Tagging Strategy & Cost Tracking [00:06:21.480 - 00:10:33.300]

• Third solution: Resource tagging for cost allocation within a single subscription.
• Demonstration of tagging resources via Azure portal: creating tags such as CostCenter=Marketing.
• Tags propagate to all resources within a tagged resource group.
• Practical guidance: Use tags to attribute costs to departments, projects, or environments (dev/test/prod).
• Instructor emphasizes tagging as a critical practice for organizations with shared subscriptions.

3. Architecture Design & AI Collaboration [00:10:35.340 - 00:15:45.900]

• Goal: Design a company-wide Azure Cost Reporting Tool using hierarchical structures.
• Learners collaborate with AI (Gemini) to evaluate two topology options:
  • Business unit focus: Subscriptions under business units (apparel/sports).
  • Department focus: Subscriptions under departments (marketing, sales, etc.).
• Live Teams poll reveals preference for business unit focus due to budget ownership alignment (“follow the money”).
• Discussion concludes: No single right answer—design must reflect organizational budget ownership.

4. Management Group Hierarchy Implementation [00:18:04.160 - 00:29:23.820]

• Demonstration of creating Azure Management Groups:
  • Root: Tenant-level organization.
  • Child: Business units (Apparel, Sports).
  • Sub-child: Departments (Marketing, Sales).
• Subscriptions are assigned to appropriate management groups for policy enforcement and access control.
• Instructor shows how to create, assign, and organize subscriptions within the hierarchy.
• Emphasis on using management groups to enforce governance policies (e.g., naming, tagging, security) at scale.

5. Naming Conventions & Policy Frameworks [00:30:43.240 - 00:34:10.900]

• Lab 16 focus: Implementing naming conventions and tagging policies for cost tracking and compliance.
• Use of Azure naming template tool to generate standardized resource names (e.g., app-<env>-<region>-<service>).
• Importance of aligning naming with business units, cost centers, and environments.
• Link to documentation for policy templates and naming standards (Slide 208).

6. App Service Decision Tree & Workload Selection [00:39:29.780 - 00:45:05.680]

• Detailed walkthrough of Azure’s decision tree for selecting compute services:
  • Migrate vs. Innovate.
  • Full OS control → Virtual Machine.
  • No full control → Evaluate: High performance? Microservices? Event-driven? .NET integration?
  • Containerizable? → Container Instances or Kubernetes.
  • Not containerizable? → App Service (if supported language).
• Emphasis: Virtual Machines are common but often unnecessary; App Services and Containers are preferred for cloud-native efficiency.
• Real-world insight: Many legacy apps can be containerized with minimal effort.

7. App Service Architecture & Deployment [00:47:19.760 - 00:52:13.620]

• Explanation of App Service Plans as hosting containers for web apps.
• Pricing tiers: Free (60 min/day), Basic, Standard, Premium (scalable CPU/RAM).
• Features: CI/CD integration, custom domains, SSL, auto-scaling, deployment slots.
• Architecture example: App Service Plan → Web App → Backend Database → Monitoring.
• Demo: Deployment of sample apps (My Shuttle, My Health Clinic, etc.) via DevOps pipelines.

8. DevOps Pipeline Demonstration & Debugging [00:53:39.240 - 01:06:20.640]

• Breakout groups deploy sample applications using Azure DevOps.
• Pipelines: CI builds Docker images; CD deploys to App Service.
• Common issues: Outdated base images (Ubuntu 16.04), missing variables, failed deployments.
• Instructor highlights real DevOps workflow: debugging pipeline failures, updating Dockerfiles, managing artifacts.
• Key takeaway: Understanding the 10–20 line deployment YAML is the culmination of all prior design decisions.

9. Storage Solutions Overview [01:27:53.820 - 01:55:39.400]

• Case study: Design storage for Tailwind Traders (media files, PDFs, sensitive docs).
• Two data types:
  • Non-relational: Files (blobs), documents, media.
  • Relational: Structured data (SQL).
• Blob Storage: For unstructured data; tiers: Hot (frequent), Cool (infrequent), Archive (rare).
• Azure Files: SMB/NFS shares for traditional file access; ideal for legacy apps.
• Azure Disks: Block storage for VMs; options: Standard, Premium, Ultra (IOPS-dependent).
• Security: Avoid public endpoints; use SAS keys, RBAC, lifecycle policies.
• Redundancy options: LRS, ZRS, GRS, RA-GRS.

10. Storage Architecture Design & Comparison [01:56:26.480 - 02:20:43.170]

• Breakout groups design storage solutions using Draw.io.
• Key decisions:
  • Use Blob Storage for public-facing marketing materials (accessible via web app).
  • Use Azure Files for internal corporate documents (SMB access).
  • Storage account as container for both Blob and File services.
• Instructor demonstrates portal navigation: Containers (Blob), File Shares, Storage Explorer.
• Emphasis: Combine Blob + Files within single storage account for cost efficiency and unified management.

11. Relational Database Design [02:22:09.430 - 02:41:26.930]

• Options for SQL workloads:
  • SQL on VM (full control, self-managed).
  • Managed Instance (SQL-only, no OS access).
  • Azure SQL Database (PaaS, scalable).
  • Hyperscale (for large DBs >100TB).
• Scaling: Elastic Pools for cost optimization across multiple databases.
• High Availability: Geo-replication, failover groups.
• Security: VNet integration, firewall rules, Azure AD authentication, TDE encryption.
• Cost trade-off: Encryption increases CPU usage → impacts pricing model.

12. Non-Relational (NoSQL) Databases [02:41:31.390 - 03:05:02.750]

• Azure Cosmos DB: Globally distributed, multi-model (document, key-value, graph, column).
• Use cases: High-read, low-latency apps (e.g., web sessions, search indexes).
• Comparison: SQL for structured data (users, catalogs); Cosmos DB for semi-structured data (search, metadata).
• Architecture example: Web App → Cosmos DB (for search) + SQL DB (for transactions) → Traffic Manager for failover.
• Cache: Azure Cache for Redis to preserve user sessions during regional failover.

13. Compute Services & Decision Framework [03:06:10.710 - 03:33:33.320]

• Compute options:
  • Virtual Machines (IaaS).
  • App Services (PaaS).
  • Azure Functions (serverless).
  • Container Instances.
  • Azure Kubernetes Service (AKS).
  • Batch (HPC jobs).
• Decision tree revisited: Match workload to service based on control, scalability, and cost.
• Virtual Machine Scale Sets: Auto-scaling groups for high availability.
• Spot Instances & Low-Priority VMs: Cost-saving for non-critical, interruptible workloads.
• Functions: Ideal for short-lived events (<15 sec); e.g., image processing, API triggers.
• Logic Apps: Low-code workflows to integrate services (e.g., tweet → Dropbox).

14. Compute Architecture Design & Review [03:33:33.320 - 03:48:38.190]

• Case study: Design a scalable app with frontend, middleware (.NET), and backend.
• Four student teams present architectures:
  1. IaaS: VMs + Load Balancers (traditional).
  2. PaaS: App Services + Functions + SQL DB.
  3. Hybrid: App Service + AKS + Cosmos DB + SQL.
  4. Multi-region: Redundant tiers across regions.
• Instructor validates all designs as valid; highlights trade-offs:
  • AKS offers scalability but adds complexity/cost.
  • Functions reduce overhead but require stateless design.
• Emphasis: Start simple; scale complexity only when justified.

15. Cost Management & Optimization [03:53:36.130 - 04:21:17.970]

• Cloud cost is not automatic savings—it requires intentional design.
• Cost drivers:
  • Pay-as-you-go vs. Reserved Instances (up to 60% discount).
  • Data egress fees (expensive for cold storage restores).
  • Geographic pricing variations.
  • Over-provisioned Kubernetes clusters.
• Tools:
  • Azure Pricing Calculator: Estimate costs for architecture components.
  • TCO Calculator: Compare cloud vs. on-premises (e.g., 5-year cost of VMs, storage, networking).
• Demonstration: Sample TCO output shows cloud savings despite higher upfront complexity.
• Final reminder: Always export and save cost estimates; align design with budget constraints.

Appendix

Key Principles

• Follow the money: Align resource ownership (subscriptions, tags) with budget holders (business units).
• Tag everything: Use consistent tags (CostCenter, Environment, Owner) for granular cost allocation.
• Start simple: Begin with minimal architecture; add complexity only when needed (KISS principle).
• Avoid VM overuse: Prefer App Services, Functions, or Containers unless full OS control is required.
• Design for redundancy: Use geo-replication, availability sets, and traffic managers for resilience.
• Secure endpoints: Never expose storage or databases publicly; use VNet, RBAC, and private links.

Tools Used

• Azure Portal (Management Groups, Tags, Storage Accounts)
• Azure DevOps (CI/CD Pipelines)
• Draw.io (Architecture Diagramming)
• Azure Pricing Calculator
• Total Cost of Ownership (TCO) Calculator
• Azure Cache for Redis
• Azure Cosmos DB
• Azure Functions
• Azure Kubernetes Service (AKS)

Common Pitfalls

• Using VMs for workloads better suited to App Services or Functions.
• Ignoring data egress costs in backup and recovery strategies.
• Assigning same IP subnets to on-premises and cloud networks (causing routing conflicts).
• Over-provisioning Kubernetes nodes without monitoring usage.
• Not using reserved instances for predictable workloads.
• Storing sensitive data in public blob containers without SAS or RBAC.

Practice Suggestions

• Recreate the Tailwind Traders governance hierarchy in your own Azure subscription.
• Build a tagging policy and apply it to 5+ resources.
• Use the Azure Pricing Calculator to model a simple web app (App Service + SQL + Blob).
• Run the TCO Calculator comparing 3 VMs + 10TB storage on-premises vs. cloud.
• Design a 3-tier app (frontend, middleware, backend) using two different compute models (IaaS vs. PaaS) and compare cost/complexity.
• Practice deploying a sample app via DevOps pipeline and debug a failed deployment.