DotNetCurry Logo

Microsoft Azure Platform and its AWS equivalent - Part two

Posted by: Kunal Chandratre , on 8/7/2016, in Category Microsoft Azure
Views: 21836
Abstract: A skinny to-the-point overview of the Microsoft Azure Platform and its AWS equivalent

The Microsoft Azure platform offers 50+ services as of this writing. We can divide these services into 11 broad categories.In the first part of the Windows Azure Platform and its AWS equivalent - Part One, we covered Compute, Web & Mobile, Data & Storage, Analytics and IoT services.

In the second part, today we will be covering - Networking, Media & CDN, Hybrid Integration, Identity & Access Management, Developer, and Management services. Let us get started.

This article is published from the DNC Magazine for Developers and ArchitectsDownload this magazine from here [Zip PDF] or Subscribe to this magazine for FREE and download all previous and current editions

Networking

Below is the list of services present under the networking category –

networking

Virtual Network

virtual-network

Hybrid cloud implementation is a very common scenario. As a part of the hybrid cloud scenario, enterprises often look for hosting the front end of an application on Azure. However due to security and compliance reasons, they wish to have the data stored on-premises. This is where connectivity between application front-end hosted on Azure, and Data store present on-premises is required. Azure VNET caters to such scenarios.

Using Azure VNET, you can control IP address blocks, DNS settings, security policies, route tables etc. within the network.

AWS equivalent service – Virtual Private Cloud.

Express Route

expressroute

If we establish connectivity using Azure site to site, or Point to site, the VPN is established over public internet infrastructure only. This may introduce extra latency or low response time for end users which may not be acceptable in mission critical workloads. To overcome this situation, Azure offers Express Route service that can be used to establish VPN connectivity over dedicated private connection facilitated by the connectivity provider.

Express route connections do not go over the public internet as a result of which more reliability, faster speeds, lower latencies and higher security can be experienced.

AWS equivalent service – Direct Connect.

Application Gateway

application-gateway

Application Gateway on Azure is basically HTTP load balancer service that works on OSI layer seven load balancing semantics.

Http load balancer can be used to achieve –

1. Cookies based session affinity – Applications that require requests from same user/client session to reach the same backed virtual machine. Example is session maintainance in shopping cart application.

2. SSL termination/ offload – This way we can free web servers from SSL termination hence helping in improving the performance of the web server.

3. URL content based routing – Depending on the contents of the URL, you can route the request to server streaming videos, images etc.

AWS equivalent service – Elastic Load Balancing.

Traffic Manager

traffic-manager

Traffic manager is a load balancer service on Azure that operates at DNS level. It has 3 strategies –

1. Performance – Let’s say you have one application deployment in the US and another in the UK, then if users from the US region access the application URL, it is expected that the request should serve from the US region only as it will be the nearest region for a US based user. Similarly for the UK based user, the request should get served from UK region only for better response time. If you want this type of load balancing done automatically, then use “Performance” strategy.

2. Failover - Let’s say you have one application deployment in US and another in UK. You want that the request coming from any location of the world should always get served from US deployment primarily. In case the US region deployment goes down, then UK based deployment should serve all the request. Once US deployment is up and working again, it should be treated as primary. If you want this type of load balancing done automatically, then use “Failover” strategy.

3. Round robin – This is a traditional round robin algorithm based load balancing; only difference being of DNS level.

AWS equivalent service – Route 53.

Azure DNS

azure-dns

Let’s clear out a common misconception everyone has when they hear about this service – “It is NOT a domain registrar offering on Azure.”

Azure DNS is a service that can be used for DNS delegation, so you still need to purchase a domain from a Domain registrar like Enom, HostGator etc. on top of which you can apply DNS delegation.

Azure DNS uses “Anycast networking” methodology which directs incoming request always to the nearest server. This helps to drastically improve the performance which may not be the case with non-delegated DNS. Plus inherent structure of Azure cloud platform offers high availability.

AWS equivalent service – Route 53.

Load Balancer

azure-load-balancer

Traffic manager works at the DNS level, Application Gateway works at HTTP level, whereas Load Balancer works at the Network level.

For performing load balancing of traffic between virtual machines present in cloud service or VNET, Load balancer is used. For example, if we host a web application on Azure VM on port 80; then we can create a load balancer for port 80 so that incoming request will be distributed across two machines in a round robin fashion.

AWS equivalent service – Elastic Load Balancer.

VPN Gateway

vpn-gateway

A VPN gateway is a type of networking device that connects two or more devices, or networks together, in a VPN infrastructure. It is designed to bridge the connection between networks or multiple VPNs together.

Azure VPN gateway serves the same purpose. It is used to send the network traffic between virtual networks and on-premises locations. It can also be used for sending traffic between VNET to VNET connections.

AWS equivalent service – VPN gateway is part of Virtual Private Cloud service.

Media and CDN

There are two services in this category as explained below –

Media services

media-services

If you wish to stream videos to HTML5, Flash, Silverlight, Windows 8/10, iPad, iPhone, Android, Xbox, Windows phone and any other client, irrespective of their streaming formats, then you need to build media solution that encodes and streams videos to various devices and client. Needless to state, it is a very complex task. Azure media services provides a cloud enabled solution for this problem.

Any video processing includes uploading, encoding and protecting streaming and consumption steps. Azure media services provides numerous ways by which these processes become super easy for you.

AWS equivalent service – Not available for all of the services of media solution. The details are as below

image

Content Delivery Network (CDN)

content-delivery-network-cdn

Azure CDN is a system of distributed servers that delivers content (mostly cached) upon request depending on the nearest geographic location of the request. In a way, this is similar to the caching mechanism but the difference in traditional caching and CDN is that, traditional caching works at application level, whereas CDN caches the data across various locations across the world.

AWS equivalent service – CloudFront.

Hybrid Integration

The following services are present in this category: 

hybrid-integration

BizTalk Services

biztalk-services

Biztalk can be provisioned on Azure either as IaaS (Biztalk installed on VM) or as PaaS (Biztalk services).

Biztalk service is a PaaS offering hence all types of maintenance is avoided, which is unavoidable with IaaS offering.

The Biztalk service main documentation page talks about Azure App Service and it looks like Azure Biztalk services will get replaced by App Services in the long run.

AWS equivalent service – None.

Service Bus

service-bus

Applications often need to interact with other application and services. To facilitate this communication in the most powerful and easiest way so that decoupled system can communicate seamlessly with each other, Azure provides Service Bus offering.

The following services are provided by service bus –

Queue

service-bus-queue

This is a brokered messaging service where messages are stored onto Azure service bus infrastructure so that both sender and receiver are not required to be always online for communication to happen. This is for one-to-one communication.

Topics-Subscription

service-bus-topic

This is similar to Queue but provides one-to-many communication capability.

Relay

service-bus-relay

This is used for point-to-point communication where sender and receiver both have to be always online. If you wish to access on-premises services without opening firewall or NAT, then service bus relay can be the option.

AWS equivalent service – for all – Simple Queue Service.

Backup Service

backup-service

We can call this offering as “Backup as a service”. Traditional backups taken on the physical storage or tape have scaling limitations. Azure backup service being a cloud offering offers unlimited possibilities, plus you can introduce great level of automation in the backup tasks.

Backup service can be used to take backup of on-premises resources to Azure and restore back.

AWS equivalent service – none.

Site Recovery

site-recovery

We can call this service as “Disaster recovery as a service (DRaaS)”. This service can be used to replicate VMs from on-premises environment such as VMware, HyperV directly to Azure instead of a secondary on-premises site.

AWS equivalent service – none.

Identity and Access management

The following services are present in this category:

identity

Azure Active Directory

image

Azure AD is an “Identity Management Solution throughout the internet”. Identity management is the only area today addressed by Azure AD. It is worth to mention that Azure AD is not same as Windows Server AD.

Azure AD supports all modern protocols for authentication like WsFederation, SAML-P, OAuth and more in the future. This capability of Azure AD enables it to integrate with many enterprise level SaaS applications like Salesforce, Facebook at work, and Twitter for business, DropBox and so on.

AWS equivalent service – Directory Service.

Azure AD B2C (Business to Customers)

This service is an identity management solution for consumer facing web and mobile applications. If you want your application users to be authenticated, then it is your responsibility to create an identity store database and then maintain it. If the requirement is to integrate this solution with social identity, then a change in the application is required depending on the API offered by various social integration platforms. To avoid this headache and simplify the integration with social identity of the user, AAD B2C can be used.

Using B2C, your users/ consumers can sign up using their existing social accounts such as (Facebook, Google, Amazon, LinkedIn) or can create new credentials which is termed as “Local accounts”.

AWS equivalent service – Directory Service.

AAD Domain Services (AADDS)

This can be referred as “Domain controller as a service” offering in Azure. As stated earlier, Azure AD is mainly an identity management solution and fundamentally it is not the same as Windows Server Active Directory. To bridge this gap eventually, Microsoft Azure has introduced AADDS. Using this service, you can join an Azure VM to domain without deploying Domain controller VMs which was not possible earlier.

AWS equivalent service – Directory Service.

Multi Factory Authentication

multi-factor-authentication

Today if you try to transfer funds or pay utility bills via internet banking, you are asked for Login credentials. After successful login, a verification code is sent to your handheld device (example, smartphone) in the form of a message. Once you have entered the code on the transaction site, the transaction is done. So in a way, the process of fund transfer is dependent on 2 step authentication. This is called as “Multi Factor Authentication”.

Azure provides cloud enabled services using which you can implement MFA in your application very easily and securely.

AWS equivalent service – Directory service – multi factor authentication.

Azure Access control service

This service is made freely available on Azure and specifically designed for federated authentication implementation. However no update has been made to this service since a long time. Although there is no official word from MS about deprecation of ACS, at the same time there are no upgrades or SLA applications associated with this service.

The recommended approach is to use Azure AD based services and features.

Developer Services

The following services are present this category:

developer-services

Visual Studio Team Services (VSTS)

 

Earlier VSTS was known as “Visual Studio Online”. A common misconception around this was VSO allows you to write code online without the need to install Visual Studio on local machine, but this is not true. VSO or VSTS is Team foundation services on the cloud. So essentially it provides source control features over the cloud. Most of the features that were part of Team Foundation Server offering are now present on VSTS.

AWS equivalent service – None.

Application Insight

application-insights

This service is an application monitoring service on Azure. Earlier App monitoring was dominated by tools from companies like AppDynamics, New Relic etc. With “Application Insight”, Microsoft has entered into the space of “Application Performance Monitoring (APM)” tools.

This tool offers all usual services and features that may be required to understand the application health and performance parameters as a part of the monitoring process. It can help to diagnose and detect performance issues and what users are doing with your application.

AWS equivalent service – Cloud Watch, Cloud Trail.

Dev Test Lab

devtest-labs-mono

The usual challenges faced by Dev and test teams are delay in setting up a staging environment, creating replicas of production environment, Licensing issues, and cost. Dev Test labs allows you to create an environment in Azure with controlled cost options and with ease. Check out this article by Vikram that talks about DevTest Lab in detail.

The Dev Test Labs feature allows you to create Artifacts (a JSON template files) which contains instructions, commands to perform deployment and configuration. These artifact files are nothing but ARM templates which carries all ARM template benefits like create once-use always, idempotent deployment, focus on What instead of How for resource provisioning and so on.

AWS equivalent service – Device Farm.

Hockey App

hockeyapp

This service provides DevOps enablement for mobile applications. Hockey App is not integrated as a part of Application Insights. If you build mobile apps for any platform using any framework and language; using hockey app it becomes easy to invite users to test the app, collect feedback, metrics, live crash reports in Dev or production phase. This helps in making sure that users always get the latest updated version of the application and at the same time, developers get latest crash reports and feedback.

AWS equivalent service – None

Management

Following are the services which can be considered in this category:

management

AutoScaling

autoscaling

Autoscaling in Azure is supported for Cloud services roles, App Service plan and VM scale sets.

Scaling can be either vertical or horizontal.

Vertical – If you have a machine with 4GB RAM and you increase the RAM to 8GB for more computing power, then it is termed as Vertical scaling.

Horizontal - If you have a machine with 4GB RAM and you put another machine of the same configuration for parallel processing, then it is termed as horizontal scaling.

Azure supports both types of scaling.

AWS equivalent service – AutoScale

Alerts

azure-alert

Azure allows to configure alert notifications. These alerts can be for monitoring metrics or events on azure services. For configuration alert rule, a value is provided. This value is treated as threshold value and once it is crosses the limit, an alert is raised automatically. Alerts can be configured for application insights, sent to other systems, or can be set for billing notifications and so on.

AWS equivalent service – Cloud Watch, Alarms

Key Vault

key-vault

Key Vault allows developers to implement cryptographic functionality in an application without worrying about storing and managing associated keys. Key Vault can be used to encrypt keys and secrets (like storage account key, connection strings) using the keys stored on Azure Key Vault and protected by Hardware Security Modules (HSM). These keys can also be used to encrypt sensitive data directly.

AWS equivalent service – Key Management Service, Cloud HSM.

Scheduler

devtest-labs-mono

Scheduler can be used for scheduling job invoking http/s endpoints, making entry in queue storage or any services that are inside or outside of azure. For example, you may want to ping your website address after every 1 minute to check if status code is 200 (ok) and there is no error. This can be one of the real life implementations of scheduler job.

Please note that scheduler will only schedule the job and not execute it.

AWS equivalent service – None.

Automation

azure-automation

Azure Automation is “Configuration Management Service” on Azure. Popular services in this area are Chef and Puppet. This provides a way for users to automate manual, long running or frequently repeated tasks. For example, you are using a VM on Azure and during non-business hours, you want the VM to shut down every day and start every morning, then you can use Azure Automation.

AWS equivalent service – OpsWork, Cloud Formation.

Log Analytics

operational-insights

Log Analytics is the service in Operational Management Suite (OMS) that helps you gain insights into details of infrastructure hosted on premises and cloud.

App insights is for monitoring applications telemetry, whereas Log Analytics is for capturing telemetry of infrastructure components.

AWS equivalent service – CloudWatch, Cloud Trail

Security Center

security-center

This service provides a holistic view of security state of all the azure resources owned by you. Once you enable “data Collection” for security center, then the data that gets collected automatically gets analyzed for security incidents and notifications, alerts are displayed about possible vulnerabilities and recommendations.

AWS equivalent service – Inspector.

Azure Marketplace

azure-marketplace

Azure Marketplace is a great platform where you can globally promote your products built on top of Azure services. Without a marketplace, it is almost an impossible and expensive task if you decide to do promotions on your own. Marketplace today is available in around 56+ countries hence making it possible to sell your product in those countries easily and giving you a global reach. Plus the billing part is embedded in Azure billing which makes it an even more attractive solution to market your products. You can publish VM based solutions, Machine learning web services, API App connectors, web applications as SaaS on Marketplace and monetize them.

AWS equivalent service – AWS Marketplace.

Azure Portals

Today there are two portals for Azure –

1. Classic portal – http://manage.windowsazure.com

2. New portal – http://portal.azure.com

The future lies in the new portal which provides more options and better control over azure resources.

Miscellaneous

Here I am listing those Azure service and their AWS equivalents which I could not fit in any category but find it worth mentioning them.

image

Where can I get the Azure service Icons?

Most of the times, we need to draw architectural diagrams while presenting Azure services to clients in Proposals and pre-sales activities. In such situations, Icons representing Azure services will come very handy and it will make the Architecture diagram look more self-explanatory; as you would be using real world Icons instead of using generic squares or circles and annotating them.

Now the question is, “how can I get these”? Well get them here - https://www.microsoft.com/en-in/download/details.aspx?id=41937. This URL has all Microsoft product Icons, PNGs, PPTs, Visio diagrams and so on and is a great essential link for Documentation.

An Appeal to readers

Thanks for reading through! I hope you found this guide about the Windows Azure Platform useful. Azure services are being developed very actively and in reference to AWS to Azure mapping, things can change. While we will keep an eye out, I would request you to let us know from time to time when you comes across a change, a new service replacing old one and similar.

Please make sure you have read the first part - Windows Azure Platform and its AWS equivalent - Part One to get a complete overview of the Microsoft Azure platform.

Conclusion

This article enlightens how the Microsoft Azure cloud platform is becoming richer day by day and almost everything is going to be cloud oriented very soon.

Was this article worth reading? Share it with fellow developers too. Thanks!
Share on Google+
Further Reading - Articles You May Like!
Author
Kunal Chandratre is a Microsoft Azure MVP. He is working as Azure SME in leading software company in (Pune) India. He also works as a Freelancer with various organizations for Azure support and provides quick start trainings on Azure to corporates and individuals on weekends. He regularly blogs about his Azure experience and is a very active member in various Microsoft Communities and also participates as a ‘Speaker’ in many events. You can follow him on Twitter at: @kunalchandratre or subscribe to his blog


Page copy protected against web site content infringement 	by Copyscape




Feedback - Leave us some adulation, criticism and everything in between!