Azure: What to use when, Part 2
In Part 1 we looked at how similar Azure is to ordering a decent cup of coffee. In particular, we looked at Azure Virtual Machines, Cloud Services, App Services, Data Storage and Serverless computing.
In this article, we’ll discuss the more advanced Azure services like Messaging, Networking and Orchestration.
Integration via Messages and Events
When your company’s software solution evolves into a number of distributed systems, it’s time to think about message based and event-based programming.
Azure’s got you covered with Event Grid, Event Hub and Service Bus.
As you may know, there are slight differences between Messages and Events.
Messages are used when the publisher has an expectation about how the subscriber handles each message. The publisher expects a response when the message is handled.
Events are lightweight notifications where the publisher has no expectation about the handling of the event, and expects no response.
When companies have an existing service bus architecture, migrating to Azure Service Bus in the cloud makes perfect sense, as it includes the expected service bus features like duplicate detection, transactions, ordering and retries.
For notification events, use Azure Event Grid as an eventing backplane for reactive programming if your business wants to modernise its code base by eliminating polling.
Or use Azure Event Hub if your company is streaming telemetry data and requires playback functionality on these events.
Note the difference: Hub events may contain data, while Grid events don’t.
Companies often require VPN connections between their offices and the cloud. However, VPNs may be slow because it tunnels over the public internet.
Instead use Azure ExpressRoute to configure private networks between the office and the cloud, because it can be connected to your existing WAN or MPLS network to reduce network latency.
Let’s consider the networking solutions for your Azure hosted applications. Load balancing is a time consuming and tedious feature to set up. Fortunately, Azure Application Gateway provides an HTTP load balancing solution out of the box. It’s a web application firewall with cookie affinity for session sharing and can be configured for SSL offload. Use Application Gateway if your user base has outgrown the capacity of a single server and load-balancing is required.
Similarly, Azure Traffic Manager can be used as a load balancer. However, it has additional uses like AB testing, smooth migrations and automatic failover. Use Traffic Manager if you need to split incoming traffic out to different machines or when zero downtime deployments become a requirement. (And no, AB testing has nothing to do with cricket).
There are many cloud providers out there, and the risk of vendor lock-in may concern your company. However, Docker has emerged as a stable and reliable Open Source technology whereby applications can be hosted in containers. What Azure and other cloud providers have in common, is that they all support Docker containers.
If your company wants to move their software applications to the cloud, but at the same time avoid vendor lock-in, consider dockerising your applications and migrating them to Azure.
Containerised deployments may induce a steep learning curve and need specialised tools to maintain overall health, but when it comes to images, containers and orchestration, Azure’s services should be music to your ears.
However, let’s first revisit some basic terms. A container image is a recipe describing a self-contained OS with your code installed on it. For example a Docker image.
A container is a running instance of your image, for example, a Docker container.
Orchestration is the ability to run your containers reliably and resiliently by automatically managing availability, scaling and updates. For example, multiple load-balanced containers arranged as a complete solution.
When you develop containerised applications, you need a container registry such as Docker Hub. However, your business shouldn’t push its container images to a public registry, but rather to a private and secure container registry.
Use Azure Container Registry (ACR) if your company wants to manage container images in a private registry, secured behind Active Directory, and accessible to multiple regions across the world. ACR is managed with Open Source tools like Docker CLI, and your DevOps team should have no additional learning to do if they’re already familiar with Docker tools.
Azure Container Instances (ACI) runs single containers (Windows or Linux), and in these cases, no orchestration is needed. Use ACI if you’re deploying single instance containers without any load-balancing requirements. ACI can pull your container images from Docker Hub or ACR.
If your company needs to deploy a whole solution made up of several container images, then use Azure Kubernetes Service (AKS) to streamline your deployments. AKS is simply a façade over Open Sources orchestrators like Kubernetes, Swarm and DC/OS. It greatly simplifies the deployment, management and operations of these orchestrators.
If your business is already running on premise Windows based orchestration in the form of Service Fabric, then Azure has you covered. Azure Service Fabric can run executables, services, actors and containers.
As you may know, it’s best practice to externalise your application’s settings and secrets, so that each deployment can be repeated reliably regardless of the hosting environment. Another reason is that connection strings and other secrets should not be visible in your source code. Imagine what could happen if that junior developer gets hold of your production database’s connection string, because it was stored in your Git repository!
Rather use Azure Key Vault for secret management in the cloud, so that you can store your secrets outside of your source code repository. Your application’s start up code will retrieve the secrets and set up any database connections and services without the need to expose secrets to your staff members.
AI + Machine Learning
Machine Learning is the process of computers arriving at their own conclusions without being specifically programmed to do so.
Companies are starting to harness machine learning to do sentiment analysis on web-based forums, blog posts and tweets which mention the company. This gives the company a competitive advantage in dealing with negative sentiment before it becomes a widespread problem.
Azure provides many AI and ML solutions – too many to mention here. Your company could use Azure Machine Learning for image analysis, facial recognition, speech recognition, chatbots and sentiment analysis from text.
Let’s talk about security and your users’ sign-on experience.
Azure Active Directory is your identity provider in the cloud. Use Azure Active Directory if your business already has Active Directory on premise. AD Federation Services (AD FS) can be used to provide a seamless sign-on experience between your on-site and cloud-based applications.
Data loss and data corruption shouldn’t keep you up at night. Your company may already have disaster recovery strategies in place, but consider the Azure Backup and Site Recovery solution as a scalable offsite option to reduce IT infrastructure costs. Your company can backup VMs and apps and covers Linux, Windows, VMware, Hyper-V and bare metal servers.
Click here to learn more about how DVT can assist you with your Cloud strategy.
Coffee’s on us!