Azure – anoop.blog

January 31, 2023January 31, 2023

Optimizing Design and Deployment Process with AI Guidance

We frequently ask questions to gather requirements and provide our designs and solutions. Many organizations standardize their questions for consistency among teams. Can chatbots handle these questions? Yes, AI services can be utilized to make decisions and trigger DevOps pipelines to deploy the desired design or service.

By using Infrastructure as Code (IAC), we can quickly deploy design templates using AI to assist in choosing the appropriate design. This allows customers to focus on workload migration instead of landing zone design. Although, not every customer is the same, for example, a secure Azure VNet hub and spoke design can be deployed initially and improved upon while testing non-critical workloads in the cloud. We can drive move from design workshop to design selection workshop where you are helping the customers to pick up one of best design available.

Another solution is deploying services on an existing subscription, where customers can quickly deploy VMs or PaaS services by answering a few questions posed by a chatbot, without waiting for a human response. This speeds up the deployment process and increases customer satisfaction.

In conclusion, by utilizing AI and chatbots, customers can avoid creating tickets and waiting for support, as they can immediately provision resources by answering questions and confirming with AI suggestions.

What do you think?

September 14, 2021September 14, 2021

Disaster Recovery – Do you really need one?

Last week, Microsoft announced the Preview of Capacity Reservation for VMs. You can reserve VM capacity in your DR region to ensure that you have VM resources available to create or turn on your protected VMs using ASR. ASR does not guarantee that your VMs can be turned on in your DR region in the event of disaster recovery. So, capacity reservation is a welcome feature and much needed. However, this is increasing the cost of your solution again.

Cost factors
- VM cost
- ASR protected VM cost
- Capacity Reservation Cost ( as same as your actual VM cost)
- other costs

_{Note: DR is not just the VMs but including other components. I did not provide the details above because it applies to both the options}.

Hmm.. Can we plan a DR cost-effectively in Azure? Let’s take a look:

September 13, 2021

Review of Preview – Azure Capacity Reservation

The long waiting feature is now Public Preview. When there is a Azure region disaster recovery, we need our VMs to be turned on in the secondary region. This feature guarantees you the recovery. You may learn about this feature in this URL.

As you know already, Azure Site Recovery does not 100% guarantee to turn on your VMs in the event of DR. This feature addition helps you gaining more confidence with your BCP with this feature addition.

Take a look at the Microsoft statement about the use cases for this feature.
- Business-critical applications—use on-demand capacity reservations to protect your capacity, for example when taking these VMs offline to perform updates.
- Disaster recovery—you now have the option to set aside compute capacity to ensure a seamless recovery in the event of a natural disaster. The compute capacity can be repurposed to run other workloads whenever DR is not in effect. The VM maintenance can be handled by keeping core images up to date without the need to deploy or maintain VMs outside of DR testing.
- Special events—claiming capacity ahead of time provides assurance that your business can handle the extra demand.

I have been asking for this feature for a long time now, and finally, it is here. I am happy about Microsoft as they are listening to customers and partners. However, the first bullet point is a bit worrisome as it states, It is not guaranteed to get your VM back if it is offline for some time due to maintenance. Does MSFT force customers to take this for all the critical workload? I hope they do not make things worse to this point.

May 12, 2021May 17, 2021

Can Public Cloud Turn All Your Protected VMs ON in another Region during the Region Fail-over?

It is an interesting point to discuss. I am taking example of Azure here but it is applicable to other Public Clouds as well.

Azure Site Recovery is great native tool which helps us enable disaster recovery (DR) by replicating VMs to another region with few clicks. Microsoft allows you to turn the VM ON during the disaster recovery or whenever you want to. It helps you saving the running cost of VMs for the DR set up. However, Can Microsoft Turn all the VM On in the secondary region if a region fails? How many of you thought about that scenario?

My concerns around this grew more and more last year during the early covid19 period when utilization peaked to a new height. There were lot cases reported that organizations were unable to create new VMs as Microsoft data centers including Azure region were running out of resources due sudden usage spike across the world. What would happen if thousands of customers in a region wanted to start their VMs in their secondary Azure region which results starting lakhs VMs on the same day.

December 2, 2020December 3, 2020

Azure App Service vNET integration – What you need to know..

Azure App Service supports connecting to Application (App) Server and Database (DB) Server hosted in Azure VM or on-premise server using vNET integration that is part of App Service Plan(ASP). You get such scenarios often if you are migrating your applications landscape to Azure from on-premise. You will have different scenarios like shared DBs or may be DB team is not ready yet to DBs to PaaS, or there is no PaaS DB service available for the like of DB2, Oracle database services. App Service vNET integration is a useful feature if you do not chose to go with App Service Environment (ASE).

When you configure the vNET integration, your WebApp will get private IP from the vNET. App Service will be able to communicate with a VM in the vNET or another vNET peered in the same region, or a server on-premises over express route or s2s VPN.

November 29, 2020December 6, 2020

Review of Preview – vNET Peering Support for Azure Bastion

Much awaited, Badly wanted but was missing from long time. It is now Public Preview…Thanks Microsoft for adding it now.

One of the reasons why I was staying away from recommending customers the Azure Bastion primarily because of this missing feature. I think it is the time to change my mind and recommend Azure Bastion as it save lots of dollars now. Because we are moving away from per vNET deployment model to per AAD tenant or as per customer requirement.

August 20, 2020August 20, 2020

All about Azure Reservation – Azure SQL Database

Let’s focus on Azure SQL Database reservation today. If you have not read my other blog posts on VM, please read it here. You can save cost on SQL costs with Azure reserved capacity. It covers both for Azure SQL database and SQL Managed Instance. You must be owner of the subscription or EA admin if it is EA and you must a admin agent or sale agent to buy Azure Blob Storage reserved capacity.

Importantly, a reservation covers only the compute charges of the instances in the subscription, it does not cover for software, networking, or storage charges associated with the services. You may note the below points when you think about the reserving the Azure SQL database or SQL Managed Instance. It provides good amount of cost saving along with Azure Hybrid benefits.

April 12, 2020April 24, 2020

All About Azure Reservation – Disks

We talked about Azure Reservation for VM in my previous blog post. If you have not read it already, I suggest you to read it.

The VM RI discounts applicable only to the VM infrastructure cost but it does not include disks or storage used. Azure Disk Storage reservations combined with Azure reserved VM instances help you reduce total VM cost.

The common rules are applicable here as well “Use it or Lose it”,

Currently, Azure Disk Storage reservations are available only for selected Azure premium SSD SKUs. But it doesn’t apply to unmanaged, ultra disks and page blob consumption.

The reservation for disk is not based on capacity but it is based on total number of disks per SKU. That means you make reservation consumption based on the units of the disk SKUs instead of the provided size. Example, you cannot use P40 reservation for 2 P30 disks. It is does not have instance flexibility like in VM reservations.

April 12, 2020April 14, 2020

All About Azure Reservation – Storage

Let me try bring some insight on Azure storage reservations. If you have not read my previous blog posts on VM reserved instance, please read it here. You can save on storage cost for blob data with Azure Storage reserved capacity. It covers both for block blobs and Data Lake Gen2. You must be owner of the subscription or EA admin if it is EA and you must a admin agent or sale agent to buy Azure Blob Storage reserved capacity. I tried to bring information from different MS article to one place with bullet points to help you on this.

Importantly, a reservation covers only the data stored in the subscription, it does not cover other actions like early deletion, operations, bandwidth and data transfer charges. You may note the below points when you think about the reserving the Azure storage.

February 25, 2020February 26, 2020

Are You Automating Too Much?

We hear lot about the automation now a days. Should we automate anything and everything? Yes, most of it. However, we must understand why do we need to bring automation. As far as I understand, we need to automate if it relates to below mentioned points at least.

Is it a repeated task?
Does it save time during deployment (like saving down time)
Does it avoid human error?
Does it bring standardization in repeated tasks?

I have seen engineers trying to codify everything which might waste hours of time or days, but it could have done in few minutes vs hours vs days. I have done such things in the past, but it is for learning though.

February 21, 2020February 24, 2020

Different connectivity methods for Azure Database for PostgreSQL

I am writing this blog to explain different methods for connecting Azure Database for PostgreSQL server those who knows Azure but never worked in PostgreSQL. So, I will not be explaining how to manage databases but managing the PaaS from the portal. You may review details of this PaaS service from the Microsoft documentation to understand details like the SKUs, different plan, generations etc. I am just sharing some of my experience when I tried to deal with this for the first time.

Before we get into the connectivity methods, let’s talk about deploying PostgreSQL with the General-Purpose performance configuration which I think it is important . The available Generation is 5 as Generation 4 is not available for the deployment.

We can use either ARM templates or portal to perform the deployment. There are few ARM templates for PostgreSQL available in the Gibhub.

There are few things you need to remember when you input the parameters using ARM. The below things might confuse you.

August 31, 2019January 12, 2021

Azure Regions Explored

I was exploring some of the information on each Azure regions but I could not find a single page with all the information listed. So I thought of creating a table and share it with our Cloud Community. The research for the blog made me to realize that some of the interesting facts about Azure regions. I think this will help the Architects who want to quickly do the fact checks for designing their Azure solutions.

I will try my best to update the table to ensure that you get latest information. At the same time you can also verify this information from the URLs provided bottom of this blog.

What you get from this blog post:

Geography, Azure Region, Availability Zones (AZ) in that region, Location and its Paired Region(s) in single table.
You can get all the resources in that Geography by clicking on each Geography in the first column. I have selected all the azure native services available in that area for you. So you get the services for all the regions in a single click.
I have marked Featured Regions in bold and you get details about that region by clicking on the region column where applicable.

Some facts about Azure regions:

Only South India, South Central US and US Gov Texas Azure regions are paired with more than one regions. But condition apply.
- West India’s paired region is South India, it is paired only in one direction.
- But South India’s secondary region is only Central India.
- Brazil South’s secondary region is South Central US but its secondary region is not Brazil.
- Interestingly, US Gov Virginia’s secondary region is US Gov Texas and then you see US Gov Arizona is the secondary region of US Texas.
Only 6 Azure regions have paired regions in different countries.
- Brazil South
- South Central US
- North Europe
- West Europe
- East Asia
- Southeast Asia
Only three Azure Regions are located undisclosed locations in US.
Switzerland North is available only for selected customers now. You need to contact support for creating the resources
Switzerland West is reserved for customers requiring in country disaster recovery. You may need to contact Azure Support for creating the resources.
US Gov Iowa regions will be the first retired Azure Region.
Total Azure Regions – 70 (54+16)
Number of Regions with Availability Zones – 30(16 +14)
Newly Announced Regions – 16
US Gov Regions – 8 (7+1)

Azure Region Commercial

Geography	Region	Location	AZ	Paired Region
Asia Pacific	East Asia	Hong Kong	0	Southeast Asia
Asia Pacific	Southeast Asia	Singapore	3	East Asia
Australia	Australia Central	Canberra	0	Australia Central 2
Australia	Australia Central 2	Canberra	0	Australia Central
Australia	Australia East	New South Wales	0	Australia Southeast
Australia	Australia Southeast	Victoria	0	Australia East
Brazil	Brazil South	Sao Paulo State	3	South Central US
Brazil	Brazil Southeast	Rio de Janerio	0	Brazil South
Canada	Canada Central	Toronto	0	Canada East
Canada	Canada East	Quebec City	0	Canada Central
China	China East	Shanghai	0	China North
China	China North	Beijing	0	China East
China	China North 2	Beijing	0	China East 2
China	China East 2	Shanghai	0	China North 2
Europe	North Europe	Ireland	3	West Europe
Europe	West Europe	Netherlands	3	North Europe
France	France Central	Paris	3	France South
France	France South	Marseille	0	France Central
India	Central India	Pune	0	South India
India	South India	Chennai	0	Central India , West India
India	West India	Mumbai	0	South India
Germany	Germany Central	Frankfurt	0	Germany Northeast
Germany	Germany Northeast	Magdeburg	0	Germany Central
Germany	Germany West Central	Frankfurt	0	Germany North
Germany	Germany North	Berlin	0	Germany West Central
Norway	Norway West	Stavanger	0	Norway East
Norway	Norway East	Oslo	0	Norway West
Japan	Japan East	Tokyo	3	Japan West
Japan	Japan West	Osaka	0	Japan East
Korea	Korea Central	Seoul	0	Korea Soutth
Korea	Korea South	Busan	0	Korea Central
South Africa	South Africa North	Johannesburg	0	South Africa West
South Africa	South Africa West	Cape Town	0	South Africa North
Switzerland	Switzerland North	Zurich	0	Switzerland West
Switzerland	Switzerland West	Geneva	0	Switzerland North
United Arab Emirates	UAE Central	Abu Dhabi	0	UAE North
United Arab Emirates	UAE North	Dubai	0	UAE Central
United Kingdom	UK South	London	3	UK West
United Kingdom	UK West	Cardiff	0	UK South
United States	Central US	Iowa	3	East US 2
United States	East US	Virginia	3	West US
United States	East US 2	Virginia	3	Central US
United States	North Central US	Illinois	0	South Central US
United States	South Central US	Texas	3	North Central US,Brazil South
United States	West Central US	Wyoming	0	West US 2
United States	West US	California	0	East US
United States	West US 2	Washington	3	West Central US

Newly Announced Commercial Regions

Geography	Region	Location	AZ	Paired regions
New Zealand	New Zealand North	Auckland	3	not yet announced
Qatar	Norway North	Doha	0	not yet announced
Taiwan	Taiwan North	Taipei	3	not yet announced
Israel	Israel Central	Israel	0	not yet announced
Mexico	Mexico Central	Queretaro State	0	not yet Announced
Spain	Spain Central	Mandrid	0	not yet announced
Sweden	Sweden Central	Gavle	0	Sweden South
Sweden	Sweden South	Staffanstorp	3	Sweden Central
Denmark	Denmark East	Copenhagen	3	not yet announced
Greece	Not Available	Not Available	0	not yet announced
Itay	Italy North	Milan	0	not yet announced
Austria	Austria East	Vienna	3	not yet announced
Poland	Poland Central	Warsaw	3	not yet announced
Chile	Chile North Central	Santiago	3	not yet announced
United States	West US 3	Arizona	3	not yet announced
United States	US Sec Central	Undisclosed	0	not yet announced

US security region is available for private preview and pending for accreditation

United Nations Government Regions

Geography	Regions	Location	AZ	Paired Region
United states -Defence	US DoD Central	Iowa	0	US DoD East
United states -Defernce	US DoD East	Virginia	0	US DoD Central
United states	US Gov Arizona	Arizona	0	US Gov Texas
United states	US Gov Texas	Texas	0	US Gov Arizona ,US Gov Virginia
United states	US Gov Virginia	Virginia	0	US Gov Texas , US Gov Iowa
United States	US Sec East	Undisclosed		not yet announced
United States	US Sec West	Undisclosed		not yet announced

Some useful URLs

Service Status in regions
Azure Data Center IP Range
Latency Test
Azure Upload Speed Test
Azure Regions
Azure Product by Regions You need to just click the required Geography in the table below, I have selected all the services for you, just a click.

Switzerland North is available only for selected customers now. Contact support for creating the resources,
Switzerland West is reserved for customers requiring in country disaster recovery. You may need to contact Azure Support for creating the resources.

I hope this blog helps you. Please provide your comments on improving this below page. Thank for showing interest in reading this blog post.

August 27, 2019August 30, 2019

Mapping of Security Services of Cloud Service Provider

The below is nice illustration of mapping security services from different Cloud Service Providers. I see Azure is clearly winning as you hardly see third party solution mapped in their security product list. It does not tell you which service serve better for the multiple customer use cases. It is interesting to see Alibaba is catching up with list of products.

Credits to : https://www.managedsentinel.com/2019/05/28/on-prem-vs-cloud/ . The original figure and online version are available there.

IDS/IPS – Azure Firewall is not a solution for this today we need to go with NVAs.

August 7, 2019August 7, 2019

Review of Preview – Azure Dedicated Host

Azure dedicated host will enable you to run your organization’s Linux and Windows virtual machines on single-tenant physical servers. It helps you to provide with visibility and control to help address corporate compliance and regulatory requirements.

You can find the documentation from Microsoft here.

AWS had this feature available from some time now, it is good that Microsoft also catching up and closing the gap.

Benefits of Dedicated Hosts.

Azure Hybrid benefit to Azure Dedicated Hosts – Microsoft offers on-premise Windows
Host level isolation
Underlying hardware infrastructure
Processor brand, capabilities and more
Type and size of the Azure

With an Azure Dedicated Host, you can control all host-level platform maintenance initiated by Azure (e.g., host OS updates). An Azure Dedicated Host gives you the option to defer host maintenance operations and apply them within a defined maintenance window, 35 days. During this self-maintenance window, you can apply maintenance to your hosts at your convenience, thus gaining full control over the sequence and velocity of the maintenance process. Continue reading “Review of Preview – Azure Dedicated Host”

June 23, 2019May 7, 2020

All About Azure Reservation – VMs

Azure Reservations help you save money by pre-paying for one-year or three-years or monthly but commitment for 1 or 3 years of virtual machines, SQL Database compute capacity, Azure Cosmos DB throughput, or other Azure resources. Pre-paying allows you to get a discount on the resources you use. Reservations can significantly reduce your virtual machine, SQL database compute, Azure Cosmos DB, or other resource costs up to 72% on pay-as-you-go prices.

I would like to talk about how best we can utilize reserved instances (RI) and other techniques (runbooks) to bring more cost savings. We will also talk about how we can decide whether we should go with RI or on Demand Virtual Machines (VMs).

Let’s look at the some of the terminologies and how is it being used in the buy the RI from Microsoft.

Purchasing options

1 Year commitment – Paid upfront or monthly
3 Years commitment – Paid upfront or monthly

Microsoft has recently announced monthly payment of RI price which is really a welcome move from Microsoft. You can buy new reservations with monthly payment frequency and you can convert the existing RIs when you renew it to get the bills monthly.

You get the recommendation from the Azure Advisor which is available in the Azure portal for all the subscriptions. It is based on your usage. However, it is good if we could plan to select the right VM SKUs. Will talk about it.

One thing that you must remember that reservation discount is ‘USE IT OR LOSE IT’. You can’t carry forward unused reserved hours.

Generally, you do not get any benefits from RI if the VMs are not utilized above 60-70%. But I will talk about this how we can bring additional benefits on such scenarios.

I will be talking only about VM RI in this blog.

To plan, you need to know few things.

June 6, 2019April 9, 2020

All about Application Security Group

What is Application Security Groups?

ASGs enable you to define fine-grained network security policies based on workloads, centralized on applications, instead of explicit IP addresses. Implementing granular security traffic controls improves isolation of workloads and protects them individually. If a breach occurs, this technique limits the potential impact of lateral exploration of your networks from hackers.

You may find the details in the MS site more about this which I do not want to copy and paste it here. Let’s talk about the use case and how we can make use of his in better way.

Deny all the communication and open the specific communication using ASG. Yes, you can create a Deny All rule with lower priority within your vNET. Then you create specific ports to open but you will select ASG as source and destination. This will open the communication between those servers have the specific ASG configured. Looks at the below pictures (figure1&2) to understand this better.

You do not have any option to add a server in the ASG but you need to go and select the required ASG from the vNIC of the VMs. You can add this option in the ARM templates to configure when you create this VM. This will reduce number NSG changes you need to make every time you add a server rather you select required ASG while you create the VM.

You need to remember few things about ASG.

You cannot make any settings on ASG but you can only add tags.
You can only select one ASG as source or destination in every NSG rules.
You can select multiple ASGs for single VM.
Limitations
- 3000 per subscription
- 20 per vNIC
- 4000 IP configuration per ASG
You can only assign ASG from the same subscription.
You cannot have VMs from different vNETs in one ASG.
Both source and destination ASGs in your NSG rules should be in same vNET.

Continue reading “All about Application Security Group”

March 19, 2018March 21, 2018

Don’t hurry up. Wait. Prepare first then make slow cloud move.

Most of the organizations are keen on moving their workload to cloud today for several reasons like their IT vision, reduce the spend on hardware refreshes, data center consolidations etc.

Are they ready move into the Cloud? It is an important question that every organization should ask again and again before taking the decision to move in with big bang. We see a trend with many customers to move their existing legacy applications ‘as is’ to the cloud. Shouldn’t we move into the cloud and utilize those benefits, or we just move in and I don’t care about those cloud features?

Let me start with an example here. Let’s take a case of four webservers and two database servers clustered available 24/7 with environments like Dev, Test and Prod. And you wanted to move this workload to cloud ‘as is’. My question is, what is the objectives are you trying to achieve? If the answer is, our organization wanted to move all the workload to cloud for cost saving, changing from Capex to Opex model etc. Guys, hold on… Let’s calm down, think, look around and plan again.

Lift and shift should not be our strategy for cloud migration. We should make our application to live smartly in the cloud to utilize the cloud benefits and reduce the cost. Let’s use the above example to explore this further.

Can we make this application horizontally scalable?
Can we make this application to use cloud native authentication?
Can we make this application to work stateless?
Can we make the applications to use distributed data storage?

Continue reading “Don’t hurry up. Wait. Prepare first then make slow cloud move.”

September 23, 2017September 24, 2017

Availability Zones for Azure, like in AWS.

Microsoft has now announced its long pending Availability Zones in each region. It is currently on preview and recommended only for non-critical workload as Micorsoft does not provide any SLA now. With this, you can now provision your workload from different data centers in the same regions for resilience as you will have options to select between minimum of 3 AZs in each region with GA. However, it is now available only on East US2 and West Europe for Preview.

AZ Fig01.png

AWS currently operate 44 AZs across 16 Regions and 14 more AZs are already planned (44+14 =58). Microsoft currently operate in 36 regions and 6 more to come. If you assume that Microsoft will bring 3 AZs minimums at each of these regions, Microsoft would have (36+6) *3= 126 which itself is more than double the size of AZs across the globe. I agree, it does not make much sense to just play with the numbers so Microsoft need to bring the services that would help customers to make use availability zones and add value to their workloads hosted in Azure services. AWS currently offers multiple PaaS services for their Multi-AZ deployment model so Microsoft still need do good job on making sure that more services are available for Multiple AZ deployments.

Continue reading “Availability Zones for Azure, like in AWS.”