6. Global Infrastructure
AWS Azure
54 Regions Sovereign regions (US Gov, Germany, China)
2 US Govt secret undisclosed regions
4 in Australia, Australia Central Regions: Govt & Critical Infra Sectors
5 Regions with Availability Zones (3 per region)
(Each Azure region is paired with another region within the same geography)
18 Regions
1 in Australia
55 Availability Zones
4 New regions announced with 12 AZs
7. AWS – Azure Rosetta Stone
Data Centre
Geographical Redundancy
Data Centres
DNS
Firewalls
Load Balancers
Database Servers
Web/App Servers
Multi-region
Availability Zones
Route 53
Security Groups & ACL’s
Elastic Load Balancers
Amazon RDS
Elastic Compute Instances
Multi-region
Availability Zones *
Availability Sets
Azure DNS
Azure Traffic Manager
Network Security Groups
Azure Load Balancer
Azure Application Gateway
Azure SQL Database
Azure DB for PostgreSQL
Azure Virtual Machines
MicrosoftAzureAmazon AWSOn Premises
8. Governance Structure
AWS
Organisational Unit => Account
1 OU=> 1 Master Account, Many Member Account
Resource Groups in AWS are for tagging only
AZURE
Enterprise => Department (opt) => Account => Subscriptions
Subscriptions are billing and service limit boundaries
Azure Resource Groups are used for RBAC
9. Account Structure Example
AWS AZURE
https://www.credera.com/blog/credera-site/azure-
governance-part-1-understanding-the-hierarchies/
10. Security: Identity & ACCESS MGMT
AWS AZURE
Built-In and Custom Roles
Role definitions are JSON based
Contributor Role for a RG allows management of all resources in that group
Also: Azure AD PIM and Conditional Access.
Azure
subscription
App Service VM SQL database
Tags
Resource
group
11. Network
AWS
Virtual Private Cloud
Direct Connect (Layer 2?)
Route 53
AZURE
Virtual Network
Express Route (Layer 3)
Traffic Manager + Azure DNS
AZ BAZ A
VPC Direct Connect Route 53
Virtual Network
VM VM
VM VM
Azure Region A Region B
VNET Express Route Traffic Manager
12. Network
AWS
VPC is within a Region
Subnets are within an AZ
Security Groups are Stateless and applied on EC2 level
Network ACLs are Stateful and applied on Subnet level
AZURE
VNET is within a Region
Only some regions today have AZ (not Australia yet)
Subnets can span AZ
Network Security Group is a stateful firewall, applied at Subnet or VM NIC
172.31.0.0/16
172.31.0.0/24
172.31.1.0/24
Availability Zone Availability Zone Availability Zone
Central US
Region
VNET
Subnet
Subnet
13. Load Balancing
AWS
ELB Flavours:
Classic LB
Application LB
AZURE
Azure Load Balancer Standard SKU – Zone Redundant
Minimum 3 AZ per region
Inter-region latency is 0.6 ms and data is replicated synchronously
Availability Zone Availability Zone Availability Zone
Azure
VNET
Subnet
Region
Azure load
balancer
VM VM VM
VM Scale Set
17. Azure VMs
Fault Domain: 2-3 per region. Independent power source and network
switch (rack).
Update Domain: 5 by default. During planned maintenance only a single
update domain is impacted at any given time.
Single VM SLA: 99.9% with premium disk
Availability Set: 99.95% SLA
Availability Zones: 99.99% SLA
Managed Disks:
18. aPAAS
AWS AZURE
App Service Environment: App Service on isolated & dedicated VMs within a
VNET
Web Apps Hosting Options: Windows, Linux, Docker, Kubernetes
Functions on App Service Plan: Continuously running, execution time >10
sec, more CPU/Memory options, VNET Integration, Always On
App ServiceWeb App API App Mobile App
FunctionsWeb Job
19. Relational DB
AWS
Provisioning/Billing is based on the underlying EC2 instance size. Not very
PaaS (IMHO).
Secured inside VPC
AZURE
Provisioning/Billing based on service tier, storage and DTU (a blended
measure of CPU, Memory and IO). More pure PaaS
New: Managed Instance (for SQL Server, PostgreSQL & MySQL), VNET
Preview Billing Model: vCore based (independent scalability)
Azure Data
Warehouse
21. Azure Cosmos DB
Azure Cosmos DB is a globally distributed, multi-model database service.
One Database Many APIs: SQL API, MongoDB API, Gremlin (Graph API),
Cassandra, Table
Global Distribution: 50+ regions. 99.999% read availability on all multi-
region database.
5 Consistency Model:
Guaranteed Latency 10ms read & 15ms write at 99th percentile
Automatically indexes all data
Server side
Change Feed
AWS has a long history before Azure and is firmly entrenched and overwhelmingly the market share leader
Azure is growing very fast
GCP has moved to Leaders quadrant in 2018
A lot of the companies have just dropped off, only 6 horses left
Saleforce is not shown as they as SAAS but they are playing a different game.
In 2018 among Enterprises
AWS adoption went up from 59% to 68% of respondents (15% growth rate)
Azure adoption went up from 43% to 58% of respondents (35% growth rate)
GCP adoption went up from 15% to 19% of respondents (27% growth rate)
81 percent of enterprises have a multi-cloud strategy.