Best Practices for Azure based applications and Workloads

Posted by: Vikram Pendse , on 7/26/2017, in Category Microsoft Azure
Views: 23609
Abstract: This article covers some common scenarios for designing Azure based applications and workloads where you can save costs by following best practices.

There is a massive adoption of the Microsoft Azure platform across the world. Some enterprises/customers have been using it since its inception and have grown their products, services based on the platform over a period of time. There is also a large number of audiences for whom Azure is new and some of them have migrated to Azure from a different cloud platform like AWS (Amazon), Digital Ocean, IBM Blue Mix etc.

This article gives an overview of the end-to-end services that allow small customers as well as large enterprise to move their workloads on Azure smoothly. It also provides best practices to keep costs in control and ensure highly available scalable deployments.

Are you keeping up with new developer technologies? Advance your IT career with our Free Developer magazines covering C#, Patterns, .NET Core, MVC, Azure, Angular, React, and more. Subscribe to the DotNetCurry (DNC) Magazine for FREE and download all previous, current and upcoming editions.

Case Study

A mid-size Foo Solutions Ltd. has recently moved into Cloud Business and Solutions.

Their team has started offering managed services and consulting to their customers and are offering help to move on to Azure from any other cloud service.

A challenge in front of them is, their customers are demanding high availability solutions on Azure. Unfortunately, Foo Solutions Ltd. is relatively new in the cloud business, they rather have more expertise on traditional hosting platforms. So they are missing out on some basic Azure best practices, availability, security and monitoring guidance.

This article aims at providing Foo Solutions some best practices so that they can address their customers’ needs and add more value to their managed services.

Understanding the design considerations and pain areas while building Azure based application

Here are some commonly acknowledged design considerations while building Azure based applications.

  • Availability (Platform and Infrastructure)
  • Dev and Test Environment
  • Monitoring – Security and other advisory
  • Cost

Now let us also state the very common workloads we usually see on Azure (more on the Microsoft stack but some of them can be part of Linux/open source ecosystem as well)

  1. Virtual Machines
  2. SQL DB (PaaS and IaaS)
  3. Monitoring
  4. Backup

Note: Although “Storage” is a common component, since we are discussing more from a cost sensitive and rapid/robust deployment point of view, hence will not consider storage here.

Before we start discussing the above points, let us quickly understand the nature and types of Azure Subscriptions.

Understanding the types of Azure Subscriptions

There are various types of Azure Subscriptions available today. Each one has its own benefits and limitations.

Let us go through the commonly used Azure Subscriptions:

1. Enterprise Agreement (EA) – This is normally purchased by large enterprise customers where they give commitment for consumption of certain amount. Microsoft then adds a couple of value-add benefits on top of it, depending on type of customer, nature of business, country, region and policies.

2. Pay as you go – This is very commonly used by small startups, individuals as well as large enterprises. This is purely based on consumption and there is no pre-commitment for consumption. The amount is chargeable solely on the basis of actual consumption.

3. MSDN – This option is available if you are a MSDN subscriber and it comes with limited credit. Usually it is not used for deploying production workloads.

4. Cloud Solution Partner (CSP) – The Cloud Solution Partner is a newly launched program where one can get an Azure subscription from an authorized CSP qualified by Microsoft in that particular region. Pricing, Terms and conditions are different than that of Enterprise Agreement (EA).


One very common definition of “High Availability” is “Always available i.e. 24x7”.

When we say so, there are a couple of perceptions and misunderstandings that gets attached to this term. Most of the time, people fail to understand the responsibility aspect when they build High availability solutions. It is generally assumed that Microsoft is solely responsible for High availability which is obviously wrong to assume.

We will now see how we can achieve “High Availability” in Microsoft Azure.

While going for High Availability / Highly Available solutions, you first need to understand which bucket does your solution fall in - Infrastructure-as-a-Service (IaaS) or Platform-as-a-Service (PaaS).

Sometimes it might be a mixed solution as well.

While building high availability solutions, you need to ask two questions before designing your application:

1. What is the amount of downtime acceptable for a particular deployment?

2. If deployed resources/environment is down, then what happens next and what is the roadmap or action plan post this crisis?

High Availability in Azure IaaS (Infrastructure-as-a-Service) using “Availability Sets”

Virtual Machines (VM) are the core of Azure IaaS Services along with allied offerings of Virtual Networks (VNETs) and related connectivity patterns like P2S, S2S and Express Route.

There is a common perception that we always need high power CPU and large memory machines for better performance and availability. It does makes response time faster and reduces the need of any additional machine or load balancing.

However, in Microsoft Azure or for any cloud platform for that matter, there is always a possibility that VM can go down or is not available due to planned/unplanned maintenance.

Here are some very common issues due to which VM might not be available and an application on VM can have downtime or in some cases it is available, but not accessible or reachable.

  • Disk failure – Very commonly observed problem for a VM.
  • Host Machine Updates – Microsoft keeps on updating and patching their host machines. There is no defined schedule available publicly for this. But during update cycle, few VMs may face issues in booting or may boot up, but becomes inaccessible.
  • Node failure – Node failure at the datacenter level.
  • Power/Network issues at Datacenter – Power or Network failure at Datacenter side.
  • Datacenter down – Very rare phenomenon but it can be down due to natural disasters.

Availability Sets allows you to put 2 or more virtual machines (usually with similar configuration). There can be maximum 100 VMs in an individual availability set. When you put your Virtual Machines (VMs) in availability set, you are bound to get availability around 99.95% as per the Microsoft’s standard SLAs. Each of the machine is associated with Fault and Update Domain.

Let’s understand what Fault Domain is and what Update Domain is.

Fault Domain – Failure due to Network/Power/Hardware Issues causing your VMs down/inaccessible.

Update Domain – Guest VMs undergoes a planned/unplanned maintenance to update the patch of Guest VMs/Service Fabric bringing down your VMs.

Availability Sets addresses these issues with the help of Load Balancer. Load Balancers distribute the traffic and enables to keep minimum one instance active during plan/unplanned maintenance activities or failures.

This is how an availability set looks like:


Here is how its architecture looks like.


How you can verify whether Availability Set Configuration or HA is really working or not?

It is very simple to test. Once you have installed your application on both VMs, you can shutdown either of the VMs and observe how the request goes to second VM without having any downtime. You can customize the default landing page of your app and put some text in the header like “Running on VM1” or “Running on VM2” just to check if HA is working or not. You can remove the text once test is successful.

Is “High Availability” with Single Virtual Machine possible?

Earlier there were no SLA that single instance will not fail. Now since November 2016, Microsoft guarantees that it will be available for 99.9% with premium storage. This is very unique since no other Cloud providers provide such Single Instance SLA.

However single instance SLA and High Availability are two different concepts. Single instance SLA does not mean your solution is highly available. For High Availability, you still need Availability sets. If you need High Availability, then still go for Availability sets.

High Availability in Azure PaaS (Platform-as-a-Service)

In the previous section, we talked about the availability of an application hosted on an Azure Infrastructure. But what about applications hosted as Azure PaaS?

In Azure PaaS, the environment is multitenant and High Availability is built-in. Hence no additional configurations or efforts are required similar to what we have in IaaS to configure Availability Sets. Also, High Availability can be achieved using a single instance as Microsoft is responsible to maintain the SLA as a service provider.

One of the common question which majority of customers asks “What happens when entire region goes down?”

Here doing Multi-site deployment can save you during an outage at a particular Data Center.


If you see the above architecture, we can see that we have deployed multiple instances of the application which are scattered across datacenters. Usually we tend to provision it in the same region to overcome latency issues, but if the problem is region wide, then it is good to have it in a nearby region, instead of having it in the same region.

Geo replication of data helps you achieve consistency. There are various data replication strategies available in Azure and you need to choose one based on your needs. The new Traffic manager policy allows you to configure distribution of your workload based on the geography as shown below.


In case of a failover, Traffic Manager will route the traffic to the most immediate available deployment in order to maintain availability and overcome the downtime of the application.

There are also couple of patterns which Microsoft has recommended like “Active-Active”,” Active-Passive” etc. which are based on your data read/write and synchronization strategy. Usually these patterns come up with additional monitoring apps which does the job of probing and ensures which deployments are healthy and which are not.

Thus, you can maintain high availability in the platform-as-a-service kind of deployment strategy.

SQL PaaS and SQL IaaS – Which one to choose?

There are a majority of enterprises having one or the other flavor of SQL Server. It can be Professional or can be Enterprise or even can be Express in some cases.

Now-a-days due to awareness about cloud and data security, enterprises are keen to leverage benefits of the cloud platform and wish to save their infrastructure and maintenance cost.

There are two major SQL offerings in Azure which are SQL PaaS (also widely known by “SQL Azure/Azure SQL”) and SQL IaaS.

Here are some differences which will help you to understand which option is right for you and what you need to know while making a choice between SQL PaaS and SQL IaaS.


Dev and Test Environments

Dev/Test Labs is one of Azure’s offerings which enables you to quickly spin up the Dev and Test environment in Azure. It helps to spin up VMs and also allows to store the template as “formulae” and provides reusability of a machine image.

It also helps to install the commonly required software/ tools as “Assets” via package management methodologies like “Chocolatey”. Dev/Test labs allows you to implement RBAC (Role Based Access Control) on your environments and enables you to put the cap/restriction on the new IaaS component provision and puts control on overall deployment as shown below:



These are a unique set of features will allow enterprises to quickly provision the environment and can be integrated well with DevOps and CI/CD pipeline as well. So instead of provisioning single VMs or set of VMs one by one, this is a good quick and scalable option available for rapid infrastructure deployment with tons of good features. We have already covered this service in one of our articles here which you can refer to right away:

Monitoring – Security and other advisory

Monitoring is one of the core services which most of the time is overlooked by a majority of customers.

The primary reasons are cost, configuration and perceptions about these services. There are plenty of monitoring services available. There are rich logging solutions like Application Insights which gives you minute details about the behavior of your application.

For infrastructure monitoring, Log Analytics (OMS) is one of the very popular service in Azure, followed by a newly available service such as Azure Monitor.

OMS give you deeper monitoring and add-ons to monitor your Active Directory (AD), IIS logs, Networks and even Containers too. It is very easy to configure and use as well.

OMS also helps you with various filters to search logs effectively and also allows to build data source for Power BI (Microsoft’s interactive data visualization BI tool). Alert configuration and triggering mechanism is baked in.

We have already covered Log Analytics (OMS) in one of our articles:

Here is a glimpse of Azure Monitoring services:


Although there are several ways to protect your infrastructure and application, Azure offers another service called “Azure Security Center” which helps customers to understand what is missing and what are the best practices to be applied on their existing infrastructure in order to make it more secure and stable.

Besides monitoring, we also need to know certain best practices for Security, Patches and overall updates. Moreover, there are value-add services and recommendations available to give you an illustrious ROI based on your consumption.

Here is a quick example of how the Security Centre looks like:



On the other hand, there is another service which acts as an advisory for your deployments in your subscription which is known as “Azure Advisor”.

This service not only gives you best practices, but there are categories like “High Availability (HA)”, “Security”, “Performance” and “Cost” too. You can always look at the advisory and implement the suggestions accordingly. It always gives you the best suitable advisory based on your deployments and the way you have provisioned it.

Here is the dashboard for Azure Advisor service:


This comes in handy and you can keep monitoring this service daily.

Azure Monitor, OMS, Security Center and Advisory are all good to have services for your deployed resources, irrespective of the size, nature and count of resources you have in Azure.

Saving Costs

At the beginning, we saw various ways to get an Azure Subscription. Azure primarily works on “Pay as you go” model and hence “Cost” is one of the most critical aspect of any Cloud/Azure deliverable, since it is always directly proportional to your consumption cost.

We have already stated few best practices and service in the previous sections which can help you to identify bottlenecks on time, provide ease of configuration and deployment.

However, here is a summary as well as some additional best practices to save cost:

1. Use ARM template instead of Classic for all new Azure deployments

2. Azure DevTest labs can be used for quick infrastructure creation

3. Cost can be saved by using Capping and Restriction

4. Use Automation (In PaaS as well as in IaaS) wherever applicable

5. Use Scaling/VM Scale Set for auto scaling for IaaS deployments

6. Automation in start and shut down of VMs if they are idle for certain amount of time

Some additional value-add best practices in terms of monitoring and security:

1. Use Azure Advisory and Monitor for quick resolutions, recommendations etc.

2. Use OMS/Monitor for monitoring – for deeper monitoring

1. Use Azure Security Center for additional security guidance

2. Applying NSG on the network, VMs etc. – UDR, Inbound/Outbound rules

3. Identify the correct size and type of VMs

4. Futuristic design of VNET and Subnets – Ensure enough IPs are available in case additional VMs need to be provisioned in the specific subnet. One can always create a new subnet but good design can allow to accommodate new deployments rather than creating new one for each.

The above list covers most common scenarios and allows you to save cost by following best practices and getting into deeper interaction with Azure Advisory and Security Center.


There is a significant growth in the Azure platform from the past few years because of the value add services in PaaS and IaaS.

The end-to-end services features allow small customers to large enterprise to move their workload on Azure smoothly. Since there is always a cost associated with any Azure component, it is important to keep it in control and ensure the deployments are highly available, robust, secure and scalable in order to serve/cater end customers, flawlessly.

This article has been editorially reviewed by Suprotim Agarwal.

Absolutely Awesome Book on C# and .NET

C# and .NET have been around for a very long time, but their constant growth means there’s always more to learn.

We at DotNetCurry are very excited to announce The Absolutely Awesome Book on C# and .NET. This is a 500 pages concise technical eBook available in PDF, ePub (iPad), and Mobi (Kindle).

Organized around concepts, this Book aims to provide a concise, yet solid foundation in C# and .NET, covering C# 6.0, C# 7.0 and .NET Core, with chapters on the latest .NET Core 3.0, .NET Standard and C# 8.0 (final release) too. Use these concepts to deepen your existing knowledge of C# and .NET, to have a solid grasp of the latest in C# and .NET OR to crack your next .NET Interview.

Click here to Explore the Table of Contents or Download Sample Chapters!

What Others Are Reading!
Was this article worth reading? Share it with fellow developers too. Thanks!
Share on LinkedIn
Share on Google+

Vikram Pendse is currently working as a Cloud Solution Architect from India. He has 13+ years of IT experience spanning a diverse mix of clients and geographies in the Microsoft Technologies Domain. He is an active Microsoft MVP since year 2008. Vikram enables Customers & Communities globally to design, build and deploy Microsoft Azure Cloud and Microsoft AI Solutions. He is a member of many Microsoft Communities and participates as a Speaker in many key Microsoft events like Microsoft Ignite, TechEd, etc. You can follow him on Twitter @VikramPendse and connect at LinkedIn.

Page copy protected against web site content infringement 	by Copyscape

Feedback - Leave us some adulation, criticism and everything in between!