Azure cloud solutions offer many advantages for IT workloads. There are five fundamental principles to help you optimize workload quality and results and have success in Azure. These principles are: Security, Cost, DevOps, Resiliency, and Scalability.
- Security: cloud workloads including applications and data must be protected from threats.
- Cost: correctly used, the cloud can be cost-effective, but costs must still be properly managed.
- DevOps: cloud workloads should integrate with the best practices of DevOps for seamless, efficient lifecycles.
- Resiliency: cloud workloads must be robust enough to withstand possible failures and minimize interruption.
- Scalability: as workloads destined for the cloud increase or decrease, cloud resources should adapt smoothly.
Throughout the lifecycle of your solution, you must keep security at the forefront of your mind. By building on success in Azure, you inherently get a lot of security goodness baked in. For instance, the Azure platform protects systems against threats like DDoS attacks and network intrusion. On the other hand, you must also build your own security into your applications and DevOps processes.
Below are security domains to think about.
End users must be authenticated and authorized. Azure Active Directory (Azure AD) offers a fully managed identify and access management service for this. Integration is possible between Azure, on-premises Active Directory, Microsoft applications, and third-party SaaS applications. Authentication can be done via users’ social accounts such as those in Facebook, Google, or LinkedIn.
Role-based access control (RBAC) can be granted to users or groups to simplify granting the correct permissions to Azure resources. Azure also offers audit capability for all infrastructure changes.
Application security best practices typically apply in the cloud in the same way they apply on-premises. Application secrets and access keys to managed services can be stored securely in Azure Key Vault.
Data sovereignty and encryption
Azure’s geo-replicated storage lets you keep your data in the right geopolitical zone, including data for high availability configurations.
Quick wins that bring measurable increases in value are often worthwhile. The flexibility of cloud solutions allows faster deployment and lower capital investment. Solutions can be put in place, results can be measured, and optimization applied to scale the solutions cost-efficiently. Pay-as-you-go pricing means that you can adjust strategy and plan dynamically for the best approach according to business conditions and opportunities. Cost estimation tools let you assess starting and ongoing costs. Cost governance through policy, budgeting, and reporting is important for keeping costs in line.
DevOps practices help development and operations staff work seamlessly together. These practices allow deployments to be streamlined and automated, lessening the risk of human error and ensuring new versions are available without delay. They also let you roll back to a previous version in case of problems to ensure your success in Azure.
In the cloud, DevOps may run over multiple virtual machines (VMs), perhaps with no dedicated VM to connect to. Yet monitoring and diagnostics must still be available to give you the information you need in case of failures. Event logging must be consistent and common for all the systems involved, allowing you to correlate events and retain control.
Monitoring and diagnostics typically follow this sequence:
- Generation of data from sources including application and server logs, and Azure platform diagnostics, through the appropriate instrumentation.
- Consolidation of data after collection to store it in one location.
- Troubleshooting of specific problems and assessment of overall health, through analysis and diagnostics.
- Trend alerts, using telemetry data for visualization and notifications to the operations team.
With built-in elasticity, the cloud is well positioned to offer system resiliency to recover from failures and resume operations in a fully functioning state.
The cloud offers a different perspective on failures, compared to traditional approaches of increasing mean time between failures (MTBF). Rather than trying to prevent a system from failing, the cloud mitigates failure by using multiple instances of low-cost commodity hardware. If one system fails, others can continue to ensure service.
Cloud applications should therefore be built with the expectation of occasional failure and use the cloud architecture for recovery. In the cloud, complex, distributed systems can be shielded from knock-on effects of failure in one location or from lack of availability of external services. This helps meet end user expectations of 24/7 availability.
- Built-in data replication with Azure Storage, SQL Database, and Cosmos DB, within a region and across multiple regions.
- Automatic location of Azure managed disks in different storage units to mitigate possible hardware failures.
- Distribution of virtual machines in an availability set across multiple fault domains (multiple VM groups that each have their own power and network switch).
To take advantage of these resiliency features, applications also need their own resiliency logic. Issues such as transient network congestion arise more frequently than global network failures, for example. Resiliency logic should therefore target these more frequent occurrences first. Detecting any issue will also depend on adequate monitoring with diagnostics to determine the root causes.
There may be tradeoffs between resiliency and cost. The effort you put into making your cloud applications resilient will depend on the potential cost of downtime to your business. The greater the cost of downtime, the more investment is justified in increasing resiliency and availability.
Cloud also changes the perspective for many businesses about the way to manage higher loads. Traditional solutions have often involved scaling up (vertical scaling) by using a bigger version of the system. In the cloud, the multiple instances of commodity hardware favor scaling out (horizontal scaling) to add new instances of the system to the existing one.
Vertical scaling often lets users increase power without changes to their application. However, any single system will have a ceiling, at which point vertical scaling can no longer continue.
By comparison, horizontal scaling allows expansion to as many as thousands of lower-cost commodity systems. It can also be elastic, so that resources can be scaled up or down dynamically as needed. This dynamic scaling can be automated, while bringing the advantage of resiliency (the application can continue to run even if one or more of the systems fail) and cost-effectiveness.
Managed Platform as a Service (PaaS) solutions often include horizontal and automated scaling. In other cases, horizontal scaling must be designed into the system, for example, by making the application stateless, so that VMs in a pool can handle any client request.
While horizontal scaling may solve a scaling challenge in one area such as a web front end, it may then uncover a problem elsewhere, such as in a backend database. Databases are stateful and thus a frequent cause of bottlenecks. They need to be designed correctly for horizontal scaling. Overall, performance and load testing must be carried out in each case to identify both immediate bottlenecks and other potential bottlenecks behind them.
Using these five principles to plan and continually evaluate your solutions will help insure they meet the standards and requirements you and your organization have set. In upcoming articles I’ll be diving into each of these principles; Security, Cost, DevOps, Resiliency, and Scalability in greater detail.
About the Author:
Jason is a 1st Vice President, Cloud Solutions Architect at City National Bank of Florida headquartered in Miami, Florida. Jason has been working with computers ever since he bought his first, a Timex/Sinclair 1000 in 6th grade and taught himself BASIC programming. Jason was educated at the University of Cincinnati and the Massachusetts Institute of Technology – Sloan School of Management. He is a Microsoft Azure MVP (2010-present), a young adult author, and a cellist.
Milgram, J. (2020). Five Principles for Success in Azure. Available at: https://www.linkedin.com/pulse/five-principles-success-azure-jason-milgram/ [Accessed: 20th May 2020].
Check out more great Azure content here