Azure Infrastructure Services provides compute, network, and storage services on Microsoft's Azure cloud platform. The presentation discusses how IT infrastructure supports business objectives, outlines various Azure services including virtual machines, networking, storage and identity/access management, and demonstrates how to migrate applications to Azure through strategies like lift and shift or refactoring for the cloud. It also compares Azure services to analogous offerings on AWS.

1. Azure Infrastructure Services
Compute , Network and Storage Overview
RIYADH 3
16 February 2019
Microsoft Riyadh

2. Ahmed Fakhry
IT Infrastructure Presales Consultant & Solution Architect
Cloud Architect , CCNP , CCDP , MCITP , VCP , EMCIE , EMCTA ,ITIL, AWSCSA

3. Agenda
Relation between Business and Infrastructure
Cloud Migration Strategies
Azure Infrastructure Services
Azure Account Management
Azure Virtual Machines
Azure Networking
Azure Storage Account
Identity and Access Management
Demo

4. Business and Infrastructure

5. Business-IT Alignment
IT Strategy
IT
Infrastructure
Business
Infrastructure
Business
strategy
Business organization uses information technology (IT) to achieve business objectives
Harmony between IT and business decision-makers within the organizations
The ability of IT to produce business value

6. Business-IT Alignment Cont.
Decision Makers
Applications
IT infrastructure
Operation Team
Availability
Performance
Security
Cost/ROI

7. IT Infrastructure
IE/Navigator DDN/FR
Internet Router
Firewall
Internet Router
PSTN
Backup Server
Switch
Application
Server
Phone
Fax
Internet
Isolation region
Recovery Center
Lan
Lan
DB Servers

8. IT Infrastructure Components
Servers Storage Networking Security
Data Processing Storing Data Interconnectivity Data Protection
CPUs, RAMs, Interfaces Disks , Controllers , - -
Rack , Blade , Tower DAS , SAN , NAS Switches , Routers .. NGFW , SIEM , MFA ,..
Bare metal or
Virtualization
Software-defined storage or
traditional
Software-defined Network or
traditional
Virtual controls or
Appliances

9. IT Infrastructure Deployment Models

10. Migration to Cloud

11. Cloud Infrastructure Services

12. Cloud characteristics and Benefits
Cloud
On-
demand
self-service
Broad
network
access
Resource
pooling
Rapid
elasticity
Measured
service
Business agility
Reduced IT costs
High availability
Business continuity
Flexible scaling
Flexibility of access
Application development and testing
Simplified Infrastructure Management
Increased collaboration
Masked complexity

13. Cloud Services Models
Application
Database
Programming
Framework
OS
Compute system
Storage
Network
Application
Database
Programming
Framework
OS
Compute system
Storage
Network
PaaSIaaS SaaS
Application
Database
Programming
Framework
OS
Compute system
Storage
Network
CloudProvider
Consumer
CloudProvider
CloudProvider

14. Azure Cloud Migration Journey

15. Cloud Migration Strategies
Lift and Shift (Re-host)
Lift and shift is a strategy for moving an application or operation from
one environment to another “Cloud”– without redesigning the app.
The lift-and-shift approach is a common option for replicating on-
premises apps in the cloud while avoiding costly, time-consuming re-
design.
The complexity of an application is a key factor in the decision whether it
should be lifted and shifted or re-architected.
Redesign (Refactor/Re-architect/Rebuild)
Utilize Available “Software As A Service” Services
Utilize Available “Platform As A Service” Services
Build Cloud Native Application
Graceful degradation of Application Functionality
Retry Logic in Application Code
Persistent Application state model
Even-driven processing

16. Migrate & Modernize
Re-host
• Moving applications from your datacenter to the cloud
quickly.
• Often referred to as “lift and shift” migration
• Each application is migrated as-is, which provides the
benefits of the cloud without the risks or costs of
making code changes.
• A quick way to modernize your apps.
• Often referred to as repackage
• Involves some change to the application design
• Application can take advantage of infrastructure as a
service (IaaS) and platform as a service (PaaS)
products, such as Azure App Service, Azure SQL
Database Managed Instance, and containers.
Refactor

17. Migrate & Modernize Cont.
Re-Architect
• Modernize your app into a resilient, highly scalable,
independently deployable architecture and use Azure to
accelerate the process, scale applications with confidence,
and manage your apps with ease..
• Modify or extend your application's code base to scale
and optimize it for the cloud.
• Rebuild an application from scratch using cloud-native
technologies. (E.g. using PaaS for Dev & Deploy)
• With this cloud migration strategy, you manage the
applications and services you develop, and Azure manages
everything else.
Rebuild

18. Azure Infrastructure Services

21. Azure Compute services
Area Azure service AWS service Description
Virtual servers Azure Virtual
Machines
Elastic Compute
Cloud (EC2)
Instances
Virtual servers allow users to deploy, manage, and maintain
OS and server software. Instance types provide
combinations of CPU/RAM. Users pay for what they use
with the flexibility to change sizes.
Container
instances
Azure Container
Service
EC2 Container
Service (ECS)
Azure Container Instances is the fastest and simplest way to
run a container in Azure, without having to provision any
virtual machines or adopt a higher-level orchestration
service.
Microservices
/ container
orchestrators
Azure Kubernetes
Service (AKS)
Elastic Container
Service for
Kubernetes (EKS)
Deploy orchestrated containerized applications with
Kubernetes. Simplify monitoring and cluster management
through auto upgrades and a built-in operations console.
Serverless Azure Functions Lambda Integrate systems and run backend processes in response to
events or schedules without provisioning or managing
servers.
Scalability Azure AutoScaling AWS Auto Scaling Lets you automatically change the number of instances
providing a particular compute workload. You set defined
metric and thresholds that determine if the platform adds or
removes instances.

22. Azure Storage Services
Area Azure service AWS Service Description
Object storage Azure Storage—Block
Blob (for content logs,
files) (Standard—Hot)
Simple Storage
Services (S3)
Object storage service, for use cases including cloud
applications, content distribution, backup, archiving,
disaster recovery, and big data analytics.
Virtual Server
disk
infrastructure
Azure Storage Disk—
Page Blobs
Azure Storage Disks—
Premium Storage
Elastic Block Store
(EBS)
SSD storage optimized for I/O intensive read/write
operations. For use as high performance Azure virtual
machine storage.
Shared file
storage
Azure Files (file share
between VMs)
Elastic File System Provides a simple interface to create and configure file
systems quickly, and share common files. It’s shared file
storage without the need for a supporting virtual
machine, and can be used with traditional protocols that
access files over a network.
Archiving—
cool storage
Azure Storage—
Standard Cool
S3 Infrequent
Access (IA)
Cool storage is a lower cost tier for storing data that is
infrequently accessed and long-lived.
Archiving—
cold storage
Azure Storage-Standard
Archive
S3 Glacier Archive storage has the lowest storage cost and higher
data retrieval costs compared to hot and cool storage.
Bulk data
transfer
Import/Export AWS
Import/Export Disk
A data transport solution that uses secure disks and
appliances to transfer large amounts of data. Also offers

23. Azure Network Services
Area Azure service AWS Service Description
Cloud virtual
networking
Virtual Network Virtual Private
Cloud (VPC)
Provides an isolated, private environment in the cloud.
Users have control over their virtual networking
environment, including selection of their own IP
address range, creation of subnets, and configuration of
route tables and network gateways.
Domain name
system
management
Azure DNS Route 53 Manage your DNS records using the same credentials
and billing and support contract as your other Azure
services
Content
delivery
network
Azure Content Delivery
Network
CloudFront A global content delivery network that delivers audio,
video, applications, images, and other files.
Dedicated
network
ExpressRoute Direct Connect Establishes a dedicated, private network connection
from a location to the cloud provider (not over the
Internet).
Load balancing Load Balancer
Application Gateway
Classic
Load/network/App
lication Balancer
Automatically distributes incoming application traffic to
add scale, handle failover, and route to a collection of
resources.

24. Azure Security, identity, and access Services
Area Azure service AWS Service Description
Authentication
and
authorization
Azure Active Directory
Azure Active Directory
Premium
Identity and
Access
Management
(IAM)
Allows users to securely control access to services and
resources while offering data security and protection.
Create and manage users and groups, and use
permissions to allow and deny access to resources.
Azure Subscription and
Service Management +
Azure RBAC
AWS Organizations Security policy and role management for working with
multiple accounts.
Multi-Factor
Authentication
Multi-Factor
Authentication
Helps safeguard access to data and applications while
meeting user demand for a simple sign-in process. It
delivers strong authentication with a range of
verification options, allowing users to choose the
method they prefer.
Encryption Key Vault Key Management
Service
Provides security solution and works with other services
by providing a way to manage, create, and control
encryption keys stored in hardware security modules
(HSM).
Firewall Application Gateway
Web Application Firewall
Web Application
Firewall
A firewall that protects web applications from common
web exploits. Users can define customizable web
security rules.

25. Azure Security, identity, and access Services Cont.
Area Azure service AWS Service Description
Security Security Center Inspector An automated security assessment service that
improves the security and compliance of applications.
Automatically assess applications for vulnerabilities or
deviations from best practices.
App Service Certificates
available on the Portal
Certificate
Manager
Service that allows customers to create, manage and
consume certificates seamlessly in the cloud.
Azure DDos Protection
Service
AWS Shield Provides cloud services with protection from distributed
denial of services (DDoS) attacks.
Compliance Service Trust Platform AWS Artifact Provides access to audit reports, compliance guides, and
trust documents from across cloud services.

26. Account Management

27. Azure Account hierarchy
Azure Enterprise
Departments
Accounts
Subscriptions
Resource Groups
Resources
https://ea.azure.com/
http://aacount.azure.com
https://portal.azure.com

28. Azure Account hierarchy Cont.

29. Azure Resource Manager [ARM]
• Azure Resource Manager is the deployment and management service for Azure.
• Deploy , Manage, and monitor all the resources for your solution as a group, rather than handling these
resources individually.

30. Virtual Machines

31. Virtual Machine (VM)
• A virtual machine (VM) is an operating system (OS) or application environment that is installed on software,
which imitates dedicated hardware
 Virtualization enables multiple operating systems to run on the same physical platform
• Without VMs: A single OS owns all hardware resources
• With VMs: Multiple OSes, each running its own virtual machine, share hardware resources
• Ability to divide workloadsDeployment
• Mobility
• Backups and disaster recovery
Portability
• Limited direct Access to hardwareAbstraction
• Limits Security exposure
• Reduces spread of risks
Isolation
• Quickly Recover from Security
breachesRoll-back

32. Azure Virtual Machine
• Azure Virtual Machines (VM) is one of several types of on-demand, scalable computing resources that Azure offers.
• Gives the flexibility of virtualization without having to buy and maintain the physical hardware that runs it.
• Maintain the VM by performing tasks, such as configuring, patching, and installing the software that runs on it
Use Cases
Applications
in the cloud
Development
and test
Extended
datacenter

33. Virtual Machine Type
Type Description
General purpose Balanced CPU-to-memory ratio. Ideal for testing and development, small to medium
databases, and low to medium traffic web servers.
Compute optimized High CPU-to-memory ratio. Good for medium traffic web servers, network appliances,
batch processes, and application servers.
Memory optimized High memory-to-CPU ratio. Great for relational database servers, medium to large
caches, and in-memory analytics.
Storage optimized High disk throughput and IO ideal for Big Data, SQL, NoSQL databases, data warehousing
and large transactional databases.
GPU Specialized virtual machines targeted for heavy graphic rendering and video editing, as
well as model training and inferencing (ND) with deep learning. Available with single or
multiple GPUs.
High performance
compute
Our fastest and most powerful CPU virtual machines with optional high-throughput
network interfaces (RDMA).
More Details : https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes

34. Azure Virtual Machine checklist
Select an operating system
Storage for the VM
Understanding the pricing model
Determine the size of the VM
Decide the location for the VM
Name the VM
Start with the network

35. Virtual Network

36. Azure Virtual Network (VNet)
• Azure Virtual Network enables many types of Azure resources, such as Azure Virtual Machines (VM), to
securely communicate with each other, the internet, and on-premises networks.
• A virtual network is scoped to a single region; however, multiple virtual networks from different
regions can be connected together using Virtual Network Peering.
Communicate between Azure resources
Communicate with the internet
Communicate with on-premises resources
Isolation and segmentation
Filter network traffic
Route network traffic
Connect virtual networks

37. Plan virtual networks
• All Azure resources are created in an Azure region and subscription.Regions
• Deploy as many virtual networks as required within each subscription, up to
the limit.Subscriptions
• Create multiple virtual networks per subscription and per region.
• Create multiple subnets within each virtual network.Segmentation
• Filter network traffic to and from resources in a virtual network using
network security groups and network virtual appliances.Security
• Connect a virtual network to other virtual networks using virtual network
peering, or to your on-premises network, using an Azure VPN gateway.Connectivity
• Enforce different rules over your resourcesPolicy

38. Virtual Network (VNet) Components
• A virtual network is a virtual, isolated portion of the Azure public network. Each virtual network is
dedicated to your subscription.
• A virtual network can be segmented into one or more subnets up to the limits.
• A network security group contains several default security rules that allow or deny traffic to or from
resources

39. Virtual networks and virtual machines in Azure
Before you create a VM or you can as you
create a VM.
You create these resources to support
communication with a VM:
Virtual network and subnets
Network interfaces
IP addresses
In addition to those basic resources, you
should also consider these optional
resources:
Network security groups
Load balancers

40. DEMO

41. Storage

42. Data Classes and Azure Storage Solutions
Structured
data
Adheres to a
schema
Database
Azure SQL ,
MySQL
Semi-
structured
Less organized
non-relational
, NoSQL
(XML,JSON)
Azure Cosmos
DB
Unstructured
data
Generally
ambiguous
Documents ,
videos
Azure Blobs
Data is a collection of Raw Facts which conclusions may be draw

43. Azure Storage
• Azure Storage is Microsoft's cloud storage solution for
Modern data storage scenarios.
• Azure Storage offers a massively scalable object store
for
• Data objects
• A file system service for the cloud
• A messaging store for reliable messaging
• NoSQL store Azure
Storage
Durable
and highly
available
Secure
ScalableManaged
Accessible

44. Azure Storage services
Service Description / Use case
Azure Blob Storage • A massively scalable object store for text and binary data.
• Useful for storing files, small and large, like audio, video or VHD files
Azure File Storage • Managed file shares for cloud or on-premises deployments.
• Based on the SMB protocol, File Storage is meant to be mounted as a disk in a VM. It is very useful to use for
lifting and shifting applications into the cloud
Azure Disk Storage • A NoSQL store for schemaless storage of structured data.
• Disk Storage is optimized for high I/O operations and can be used as a hard disk for a VM, like a server
Azure Queue Storage • A messaging store for reliable messaging between application components.
• Meant for storing small messages that are picked up by other applications. Queue Storage can help to
decouple your applications

45. Azure Storage Account
• A storage account is a container that groups a set of Azure Storage services together.
• Only data services from Azure Storage can be included in a storage account (Azure Blobs, Azure Files, Azure
Queues, and Azure Tables).
• Organizations often have multiple storage accounts to let them implement different sets of requirements.
Storageaccountsettings
Subscription
Location
Performance
Replication
Access tier
Secure transfer
required
Virtual networks

46. Azure Storage Account & Types
• An Azure storage account contains all of your Azure Storage data objects: blobs, files, queues, tables, and
disks.
• Data in your Azure storage account is durable and highly available, secure, massively scalable, and
accessible from anywhere in the world over HTTP or HTTPS.
Basic storage
account type for
blobs, files,
queues, and
tables.
Recommended for
most scenarios
using Azure
Storage.
General-
purpose
v2
accounts
Legacy account
type for blobs,
files, queues, and
tables.
Use general-
purpose v2
accounts instead
when possible.
General-
purpose
v1
accounts Blob-only storage
accounts.
Use general-
purpose v2
accounts instead
when possible
Blob
storage
accounts

47. Storage Tiers
Hot
Higher Storage
Costs
Lower Access
Costs
Cold
Lower Storage
Costs
Higher Access
Costs
Intended for data
that will remain
cool for 30 days
or more
Archive
Lower Storage
Costs
Higher retrieval
costs
When a blob in
archive storage
it’s offline and
cannot be read

48. Azure Storage Account Limits
Resource Default limit
Number of storage accounts per region per subscription, including both standard and
premium accounts
250
Max storage account capacity 2 PB for US and Europe, 500 TB for all other regions
including UK
Max number of blob containers, blobs, file shares, tables, queues, entities, or messages
per storage account
No limit
Maximum request rate
1
per storage account 20,000 requests per second
Max ingress
1
per storage account (US Regions) 10 Gbps if RA-GRS/GRS enabled, 20 Gbps for LRS/ZRS
2
Max ingress
1
per storage account (Non-US regions) 5 Gbps if RA-GRS/GRS enabled, 10 Gbps for LRS/ZRS
2
Max egress for general-purpose v2 and Blob storage accounts (all regions) 50 Gbps
Max egress for general-purpose v1 storage accounts (US regions) 20 Gbps if RA-GRS/GRS enabled, 30 Gbps for LRS/ZRS
2
Max egress for general-purpose v1 storage accounts (Non-US regions) 10 Gbps if RA-GRS/GRS enabled, 15 Gbps for LRS/ZRS
2
The following table describes default limits for Azure Storage. The ingress limit refers to all data (requests) being sent
to a storage account. The egress limit refers to all data (responses) being received from a storage account.
Azure standard storage accounts support higher limits for ingress by request

49. Blobs vs Files vs Disks
• Access Application data from anywhere
• large Amount of objects to store , images , videos etc .
Blobs
• Access files across multiple machines
• Jumpbox scenarios for shared development scenarios
Files
• Do not need to access the data outside of the VM
• lift-and-shift of machines from on-premised
• Disk explansion for application installation
Disks

50. Block Blobs vs Page Blobs
Block
Blobs
Ideal for storing text or
binary files
A Single block blob cab
contain up to 50K
blocks of up to 100MB
each , for a total size of
4.75TB
Append blobs are
optimized for append
operations (e.g.
Logging)
Page Blobs
Efficient for read/write
operations
Used by Azure VMs
Up to 8Tb in Size

51. Azure Storage Explorer
https://azure.microsoft.com/en-us/features/storage-explorer/

52. Create and access Azure Blob
Create and access Azure FS
DEMO

53. Identity and Access Management

54. Identity and Access management
Azure Active
Directory (AAD)
Modern AD
Service build for
Cloud
Often Same ad
O365 Direcotry
Service
Sync with On-
Premise directory
service
Active Directory
Domain Services
(ADDS)
Legact Active
Direcotry
Tradtional LDAP
Funciotnaly
Deployed on
Windows OS on
VM
Azure Active
Directory Domain
Services (AADS)
Provides managed
domain Services
Allow consume
domain Srvices
No need to patch
or Mainitance
Domain Contollers
Domain Join ,
Group Policy ,
LDAP , ..

55. Azure Active Directory (AAD)
• Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service.
• Azure AD helps your employees sign in and access resources in:
• External resources, such as Microsoft Office 365, the Azure portal, and thousands of other SaaS applications.
• Internal resources, such as apps on your corporate network and intranet, along with any cloud apps developed
by your own organization.

56. AAD Features
Enterprise Identity
Solution
• Create a Single identity for
users and keep them in sync
across the enterprise
Single Sign-On
• provides single sign-on access
to applications and
infrastructure services
Mutifactor
Authencitcaiton (MFA)
• enhance security with
additional factor of
authentication
Self Service
• Empower your users to
complete password resets
themselves as well as request
access to specific apps and
services

57. AAD Options
Provides user and group management, on-premises directory synchronization, basic
reports, and single sign-on across Azure, Office 365, and many popular SaaS apps.
Azure Active
Directory Free
In addition to the Free features, Basic also provides cloud-centric app access, group-based
access management, self-service password reset for cloud apps, and Aure AD Application
Proxy, which lets you publish on-premises web apps using Azure AD.
Azure Active
Directory Basic
Premium P1. In addition to the Free and Basic features, P1 also lets your hybrid users
access both on-premises and cloud resources. It also supports advanced administration,
such as dynamic groups, self-service group management, Microsoft Identity Manager (an
on-premises identity and access management suite) and cloud write-back capabilities,
which allow self-service password reset for your on-premises users.
Azure Active
Directory
In addition to the Free, Basic, and P1 features, P2 also offers Azure Active Directory
Identity Protection to help provide risk-based conditional access to your apps and critical
company data and Privileged Identity Management to help discover, restrict, and monitor
administrators and their access to resources and to provide just-in-time access when
needed.
Azure Active
Directory
Premium P2

58. DEMO

59. Thanks