The Azure Portal A to Z


This is a post about the Azure platform at large. It attempts to explain it in its entirety, using the Azure portal as the launching point for discussion. There are currently around 26 separate menu selections from the portal itself.

Each one of these menu items can be considered a career in itself. Think about machine learning, networking, big data, and much more.

Even though I am an insider at Microsoft, and have access to some of the product engineering teams, I am constantly challenged with keeping up. The rate of innovation now taking place can boggle the mind.

I created this post so that you could evaluate your own knowledge and find gaps or weaknesses. At the end of the post I try to do a little more drilling down into identity and storage, but I’m still scratching the surface. I hope you find this useful and I look forward to your comments.

  1. Deck built by Bruno Terkaly

    image001

    • Principal Software Engineer
    • Microsoft
    • Mobile/Cloud/Startup/Enterprise
  2. Understanding the whole platform

    image002

    • Can you explain to a call all the different parts in the Azure portal?
  3. Microsoft engineering is on fire

    image003

    • Microsoft’s cloud offering, Azure, is growing at an exponential pace
  4. Number speak for themselves

    image004

    • The scale of the 19 public data centers is remarkable
  5. This is the portal that were walking through

    image005

    • It currently has 26 separate menu selections to choose from
    • There is a newer, more modern portal at http://portal.azure.com (in preview)
  6. Azure Web Sites

    image006

    • Represents the most automated way to run websites
    • A migration assistant can aid in moving existing web sites over
    • This is essentially platform as a service
  7. Virtual Machines

    image007

    • The core for infrastructure as a service
    • This is where you provision linux and windows virtual machines
    • You choose your hardware, your operating system, and configure networking and storage
    • The high-end G5 machine is a 32 core, incredibly powerful piece of hardware
  8. Mobile Services

    image008

    • Brings together a bunch of disparate services all in one place
    • It’s about identity, storage, web services, and more
  9. Mobile Services

    image009

    • This is platform as a service
    • Has built-in health, monitoring, and patching
    • Operates the concept of upgrade and fault domains
    • Skills up and down very easily
    • Simple deployment model, directly from visual studio
  10. SQL Database

    image010

    • This is a relational database as a service
    • Extremely economical
    • Works with all the traditional tools, like SQL server management studio
  11. Storage

    image011

    • Azure includes a variety of triply replicated, scalable, high performance data stores
    • All of them have a rest interface to support virtually any language or environment
    • Some include high performance options like azure premium storage
  12. The Portal

    image012

    • This is the portal that were walking through
    • It currently has 26 separate menu selections to choose from
  13. HDInsight

    image013

    • This is Microsoft’s big data offering
    • Based on the HortonWorks implementation
    • Typically means you are programming in hive and pig
  14. Media Services

    image014

    • This is about making media consumable from mobile and web
    • It is about streaming and encoding at scale
    • It is about DRM
    • There is also audio to text services
  15. Service Bus

    image015

    • The Service Bus is about messaging
    • It is about connecting computers, punching through firewalls
    • It supports the Pub/Sub Model with multiple producers and multiple message consumers
    • It supports sending push notifications through the Apple Push Notification Network, Google Push Notifications, Windows Notifications
  16. Visual Studio Online

    image016

    • Supports the DevOps playing a role in building, deployment, load testing
    • Store test results for future analysis
  17. Cache

    image017

    • The name Redis means REmote DIctionary Server
    • Redis is a data structure server
    • It is open-source, networked, in-memory, and stores keys with optional durability
    • The development of Redis has been sponsored by Pivotal Software since May 2013;[1] before that, it was sponsored by VMware
  18. The Portal

    image018

    • This is the portal that were walking through
    • It currently has 26 separate menu selections to choose from
    • There is a newer, more modern portal at http://portal.azure.com (in preview)
  19. BizTalk Services

    image019

    • Typically use for B2B scenarios
    • Enables companies to automate business processes
    • Uses adapters which are tailored to communicate with different software systems used in an enterprise
    • It is about enterprise application integration, business process automation, business-to-business communication, message broker and business activity monitoring
  20. Recovery Services

    image020

    • Data recovery is critical
    • There is a Windows backup is as well as the DPM backup agent
    • You can use Microsoft system Center to back up data to Windows Azure
    • You will need to use or set up a certificate to work with Azure recovery services backup
    • This allows you to back up on premises Windows server to Azure
    • It involves a certificate ( download the vault credential)m the installation of a backup agent, and some simple configuration
  21. CDN

    image021

    • A global solution for delivering high-bandwidth content
    • You can cash blobs or static web content
    • Better performance and user experiences for your users
    • Be prepared for instant high load, such as what occurs during a product launch
  22. Automation

    image022

    • Automate frequent, time-consuming, error-prone cloud management tasks
    • Handle processes that span tools, systems, and departmental silos
  23. Scheduler

    image023

    • CDNManages the schedule for scripting
    • Coordinates the schedule among the many Azure services
    • A cloud scale Cron job, doesn’t execute code, but invokes a service which executes code
    • Used indirectly versus service within Azure and directly by developer to invoke a service
    • Invoke big data jobs within HDInsight
  24. The Portal

    image024

    • This is the portal that were walking through
    • It currently has 26 separate menu selections to choose from
  25. API Management

    image025

    • Good for companies that want to sell an API or accelerate the adoption of your API by developers
    • Examples include making phone calls, sending SMS messages
    • Expose data and services for your products to other business partners
    • Create an integrated experience within portals
    • Make it easy to discover and use and have managed access
    • Supports authentication, throttling, rate limiting, quota setting
  26. Machine Learning

    image026

    • Machine learning is a scientific discipline that explores the construction and study of algorithms that can learn from data
    • One great way to think about machine learning is to break down analytics into 3 questions: What happened?, What will happen? What should I do next?
    • Relevant to information workers, IT professionals, and data scientists
  27. Networks

    image027

    • Extend your data Center into the cloud
    • Isolate/segregate networks to improve security (only VM’s and services within the same virtual network can identify or connect to each other)
  28. Traffic Manager

    image028

    • Monitors your endpoints to validate ongoing availability
    • Remap your domain name to route traffic manager domain name servers
  29. Remote App

    image029

    • Azure RemoteApp helps employees stay productive anywhere, and on a variety of devices – Windows, Mac OS X, iOS, or Android
    • Your company’s applications run on Windows Server in the Azure cloud, where they’re easier to scale and update
    • Employees install Microsoft Remote Desktop clients on their Internet-connected laptop, tablet, or phone’and can then access applications as if they were running locally
    • Quickly ramp up and ramp down for seasonal workers
  30. The Portal

    image030

    • This is the portal that were walking through
    • It currently has 26 separate menu selections to choose from
    • There is a newer, more modern portal at http://portal.azure.com (in preview)
  31. Management Services

    image031

    • Empower administrators to easily manage your entire cloud infrastructure from one place
    • View the status of a variety of wonders Azure services
    • You incident notifications and log files
  32. Active Directory

    image032

    • Secure your web applications, web services, as well as mobile applications
    • Make use of REST API based identity Services, WS-Federation, SAML 2.0, OAuth 2.0, OpenID Connect
  33. Marketplace

    image033

    • If you’re an ISV, sell your products and services to a global audience
    • Published an application service in the Azure Marketplace
    • Publish a virtual machine image in the Azure Marketplace
  34. StorSimple

    image034

    • Azure StorSimple is an efficient, cost-effective, and manageable solution that eliminates many of the issues and expense associated with enterprise storage and data protection
    • It uses a proprietary device (the Microsoft Azure StorSimple device) and integrated management tools to provide a seamless view of all enterprise storage, including cloud storage
    • 60-80% Lower Total Cost of Ownership (TCO)
    • Reduced cost associated with: Cloud integration, Data management, Media management, Data center resources
  35. Settings

    image035

    • Specify co-administrators for your subscription
    • You how many cores, cloud services, and storage counts you have used so you know how much you have left
  36. The Portal

    image036

    • This is the portal that were walking through
    • It currently has 26 separate menu selections to choose from
    • There is a newer, more modern portal at http://portal.azure.com (in preview)
  37. Azure: Security, Privacy and Compliance

    image037

    • Azure invests heavily into security, privacy, and compliance
    • We will review how Azure reduces exposure, saves time, and improves global coverage
  38. Goals / Mission Statement

    image038

    • The goal is for businesses to spend less time engineering solutions for compliance purposes
  39. SOC 2 Audits

    image039

    • SOC 2 is focused on financial controls in Azure is SOC 2 compliant
    • Microsoft has retained a large public accounting firm as its auditor
  40. Why Azure is Secure

    image040

    • 24 hour monitored physical security. Datacenters are physically constructed, managed, and monitored to shelter data and services from unauthorized access as well as environmental threats
    • Monitoring and logging. Security is monitored with the aid of centralized monitoring, correlation, and analysis systems that manage the large amount of information generated by devices within the environment and providing timely alerts. In addition, multiple levels of monitoring, logging, and reporting are available to provide visibility to customers
    • Patching. Integrated deployment systems manage the distribution and installation of security patches. Customers can apply similar patch management processes for Virtual Machines deployed in Azure
    • Antivirus/Antimalware protection. Microsoft Antimalware is built-in to Cloud Services and can be enabled for Virtual Machines to help identify and remove viruses, spyware and other malicious software and provide real time protection. Customers can also run antimalware solutions from partners on their Virtual Machines
    • Intrusion detection and DDoS. Intrusion detection and prevention systems, denial of service attack prevention, regular penetration testing, and forensic tools help identify and mitigate threats from both outside and inside of Azure
    • Zero standing privileges. Access to customer data by Microsoft operations and support personnel is denied by default. When granted, access is carefully managed and logged. Data center access to the systems that store customer data is strictly controlled via lock box processes
    • Isolation. Azure uses network isolation to prevent unwanted communications between deployments, and access controls block unauthorized users. Virtual Machines do not receive inbound traffic from the Internet unless customers configure them to do so
    • Azure Virtual Networks. Customers can choose to assign multiple deployments to an isolated Virtual Network and allow those deployments to communicate with each other through private IP addresses
    • Encrypted communications. Built-in SSL and TLS cryptography enables customers to encrypt communications within and between deployments, from Azure to on-premises datacenters, and from Azure to administrators and users
    • Private connection. Customers can use ExpressRoute to establish a private connection to Azure datacenters, keeping their traffic off the Internet
    • Data encryption. Azure offers a wide range of encryption capabilities up to AES-256, giving customers the flexibility to implement the methods that best meets their needs
    • Identity and access. Azure Active Directory enables customers to manage access to Azure, Office 365 and a world of other cloud apps. Multi-Factor Authentication and access monitoring offer enhanced security
  41. Certifications

    image041

    • There are a vast number of certifications that Azure has secured
  42. Bonus Material

    image042

    • Mobile applications are becoming increasingly popular in the enterprise
    • This next section will focus on some of the solutions available to solve authentication challenges for mobile applications
  43. Mobile Applications

    image043

    • Mobile applications are becoming increasingly popular in the enterprise
    • This next section will focus on some of the solutions available to solve authentication challenges for mobile applications
  44. Options for secure mobile

    image044

    • I have authored several articles in MSDN magazine around this topic
    • To the content here can be seen in its entirety at MSDN magazine
  45. Thinking about LOB Apps

    image045

    • Key Characteristics of LOB/Mobile Apps
    • Identity as a key pillar
  46. Options for secure mobile

    image046

    • Another important concern when running applications on personal devices is Network Location Awareness (NLA)
    • This means when a request comes in for a protected network resource, you can determine whether that request originated from outside the corporate network
    • NLA provides an extra layer of protection because it helps enforce additional rules, such as multi-factor authentication for requests generated outside the corporate network
    • To implement network location transparency typically means you create some sort of proxy Web service in a DMZ
    • A DMZ is a network that exposes an organization’s external-facing services to a larger and untrusted network, like the Internet
    • You can use these proxies to trigger additional rules and insulate private resources on a network from outside access
  47. Identity Landscape

    image047

    • The enterprise identity landscape is large and complex
    • First, you have a variety of software technology to solve identity challenges
    • You need to take into account the identity stakeholders and what type of devices you wish to support
    • Then there are some industry-standard protocols and token formats that you need to adhere to
  48. BYOD – Registering Device

    image048

    • How to ensure secure, encrypted communication between corporate resources and the device itself
    • In the enterprise there needs to enforce some type of control over personal devices
    • But it is too to force users to fully domain join their devices
    • A less-extreme version of control is called a workplace join
    • Installing a device certificate as part of the provisioning process
    • Step 1 is to authenticate a user against a trusted directory service
    • Successful device provisioning (or registration) results in a JSON-based token on the device
    • The token can be used to ensure secure communication between users and the corporate network
  49. Azure Mobile Services

    image049

    • Simple provisioning and management of tables for storing app data
    • Integration with notification services to deliver push notifications to your app
    • Integration with well-known identity providers for authentication
    • Granular control for authorizing access to tables
    • Custom business logic on the server
    • Integration with other cloud services
    • Supports the ability to scale a mobile service instance
    • Service monitoring and logging
  50. Azure Mobile Services

    image050

    • Azure mobile services provides an easy workflow to provision secure mobile applications in the enterprise
    • Tokens can be saved directly to the key store of a mobile device so that a user does not need to continually login
  51. Azure Mobile Services

    image051

    • Azure mobile services provides an easy workflow for iOS, android and Windows devices
    • The portal even provide some starter projects that are supported in Xcode, android studio, and Visual Studio
    • Azure mobile services provides constructs for identity, database storage, and web service back ends
  52. Active Directory Trust Relationships

    image052

    • The traditional approach of using trust relationships documented here
    • This can be a cumbersome process but does provide many advantages, like single sign-on
  53. Configure Active Directory

    image053

    • When provisioning your Azure mobile service backend, there are a few questions to answer
    • In return you will receive some metadata that you can encode directly into your mobile application
    • Allowed tenants, the app is only going to accept from this tenant.
    • Client id from the web app registration, app within the tenant
    • App url is what msdn magazine wants to expose
    • Add a user, or dirsync
    • Users from that domain have access to the app url
    • App is inside of tenant, giving to members of tenant
    • You could map a user from another tenant
  54. A deeper example

    image054

    • Here is an example scenario whereby free text search is provided to a variety of rest capable client’s
    • The specific diagram leverages Azure search, which is one of the services available similar to ElasticSearch
    • Notice that there are a variety of authentication mechanisms
    • Also notice that there is an abstraction layer of the web service that brokers the conversation to some of the other services within Azure
  55. Applications to Support Multiple Companies

    image055

    • Azure active directory led to set up a variety of tenants or directory entries for specific companies
  56. ADFS versus Directory Sync

    image056

    • Azure active directory provides directory sync, which enables you to take your on premises identities and migrate them to the cloud, offloading authentication away from your on premises infrastructure
    • This diagram also illustrates the use of ADFS 2.0, which can provide a single sign-on token directly from your on premises infrastructure. This may not be the ideal approach since it forces you to expose your corporate infrastructure to external applications
  57. Directory Sync – Authenticating in the Cloud

    image057

    • Directory sync is a feature of Azure active directory that allows you to take your on premises identities and store them up in Azure data center, allowing applications from the Internet to authenticate, keeping your on premises directory services safe
  58. Using Hybrid Connections

    image058

    • Hybrid connections are another technology from Microsoft that allows you to expose corporate resources to cloud hosted applications or mobile applications from the Internet
    • Websites and Mobile Services can access existing on-premises data and services securely
    • Multiple Websites or Mobile Services can share a Hybrid Connection to access an on-premises resource
    • Minimal TCP Ports are required to access your network
    • Applications using Hybrid Connections access only the specific on-premises resource that is published through the Hybrid Connection
    • Can connect to any on-premises resource that uses a static TCP port, such as SQL Server, MySQL, HTTP Web APIs, and most custom Web Services
    • Can be used with all frameworks supported by Azure Websites (.NET, PHP, Java, Python, Node.js) and Azure Mobile Services (Node.js, .NET)
  59. Using Service Bus Relays

    image059

    • The Azure service bus provides a relay mechanism, that makes it possible to have a peer-to-peer connection between two endpoints protected by firewalls
  60. Storage Overview

    image060

    • Azure Storage Options
    • There are many types of storage options for the MS cloud. We will focus on Azure tables
    • Here is what we’ll cover:
    • When to use Azure Tables
    • When are the appropriate to consider
    • Understanding that Azure Tables are collection of entities
    • Access Azure Tables directly or through a cloud application
    • Key Features of Azure Tables
    • Relationship between accounts, Tables, and entities
    • Efficient Inserts and Updates
    • Designing for scale
    • Query Design and Performance
    • Understanding Partition Keys
    • How data is partitioned
    • Coding considerations
    • Azure Table Query Concepts
    • Understanding TableServiceEntity/TableServiceContext
    • Additional Resources
  61. Tables, Blobs, Queues, DBs

    image061

    • Understanding core pillars of storage
  62. Tables – When to use

    image062

    • When to use Azure tables
    • These are some typical use case scenarios for using Azure tables
    • Azure tables are optimized for capacity and performance (scale)
  63. Tables – When to use

    image063

    • Azure Tables – When Appropriate
    • SQL Database does not scale infinately
    • If your code requires strong relational semantics, Azure tables are not appropriate. They don’t allow for join statements
    • You can think of Azure tables as nothing more than a collection of objects. Note that each entity (similar to a row in a table) could have different attributes. In the diagram above, the second entity does not have a city property
    • One of the beauties of Azure Tables is that your can replicate across data centers, aiding in disaster revocery
  64. Tables – Conceptual

    image064

    • Tables: A collection of entities
    • A table is a collection of entities
    • An entity is like an object. It has name/value pairs
    • An entity is kind of like a row in a relational database table, with the caveat that entities don’t need to have the exact same attributes
  65. Tables – Rest-enabled

    image065

    • Accessing Azure Table Storage From Azure
    • Any application that is capable of http is capable of communicating with Azure tables. That is because Azure tables are REST-based. This means a Java or PHP application can directly perform CRUD (create, read, update, delete) operations on an Azure Table
  66. Tables – Service Orientation

    image066

    • Accessing Azure Table Storage From Azure
    • Azure cloud applications can be hosted in the same data center as the Azure Table Storage. The compelling point here is that the latency from the cloud application is very low and can read and update the data at very high speeds
  67. Tables – Partition Key / Row Key

    image067

    • Designing For Scale
    • The Partition Key and RowKey are required properties for each entity. They play a key role on how the data is partitioned and scaled. They also determine performance for various queries. As mentioned previously, they also play a role in transactions (transactions cannot span Partition Keys)
    • How to issue efficient queries will be addressed later in this post
  68. image068


Comments (6)

  1. BNC says:

    What is the cost involved in learning Azure?  Google Apps have a free price to try everything locally.  How about Azure?

  2. Gabriel says:

    Is there a reason why you chose to not publish this as a downloadable PPT as well?

  3. Sephanyah says:

    Is there any difference in the portal experience for Azure in Open?

  4. George Stevens says:

    The growth of Azure features is amazing!  Thanks for the tour.

  5. Maheshk says:

    good one. I am looking for the same in PPT? Pls share if you dont mind. thanks.

Skip to main content