Archives May 2021

In the previous chapter, we looked at how to secure our Azure applications using key vaults, security principals, and managed identities.

When building solutions in Azure many components use some form of compute – such as a virtual machine (VM). However, there are many different types of compute, each with its own strengths. Therefore, in this chapter, we focus on the different types of compute services we have available to us and which options are best suited to which scenarios.

We will then maintain the security and health of VMs by ensuring they are always up to date with the latest OS patches.

Finally, we’ll look at containerization and how we can use Azure Kubernetes Service (AKS).

With this in mind, we will be covering the following topics:

• Understanding different types of compute
• Automating virtual machine management
• Architecting for containerization and Kubernetes

Technical requirements

This chapter will use the Azure portal (https://portal.azure.com) for examples.

Understanding different types of compute

When we architect solutions, there will often be at least one component that needs to host, or run, an application. The application could be built specifically for the task or an off-the-shelf package bought from a vendor.

Azure provides several compute services for hosting your application; each type can be grouped into one of three kinds of hosting model:

• Infrastructure as a Service (IaaS): VMs are within this category and support services such as storage (that is, disk drives) and networking. IaaS is the closest to a traditional on-premise environment, except Microsoft manages the underlying infrastructure, including hardware and the host operating system. You are still responsible for maintaining the guest operating system, however, including patching, monitoring, anti-virus software, and so on.
• Platform as a Service (PaaS): Azure App Service is an example of a PaaS component. With PaaS, you do not need to worry about the operating system (other than to ensure what you deploy to it is compatible). Microsoft manages all maintenance, patching, and anti-virus software; you simply deploy your applications to it. When provisioning PaaS components, you generally specify an amount and CPU and RAM, and your costs will be based on this.
• Serverless or Function as a Service (FaaS): FaaS, or serverless, is at the opposite end to IaaS. With FaaS, any notion of CPU, RAM, or management is completely abstracted away; you simply deploy your code, and the required resources are utilized to perform the task. Because of this, FaaS pricing models are calculated on exact usage, for example, the number of executions, as opposed to IaaS, where pricing is based on the specific RAM and CPU.

Some services may appear to blur the line between the hosting options; for example, VMs can be built as scale sets that automatically scale up and down on demand.

Generally, as you move from IaaS to FaaS, management becomes easier; however, control, flexibility, and portability are lost.

When choosing a compute hosting model for your solution, you will need to consider many factors:

• Deployment and compatibility

Not all applications can run on all services without modification. Older applications may have dependencies on installed services or can only be deployed via traditionally installed packages. For these legacy systems, an IaaS approach might be the only option.

Conversely, a modern application built using Agile DevOps processes, with regularly updated and redeployed components, might be better suited to Web Apps or Azure Functions.

• Support

Existing enterprise systems typically have support teams and processes embedded within the organization and will be used to patch and update systems in line with existing support processes.

Smaller companies may have fewer IT resources to provide these support tasks. Therefore, they would benefit significantly from PaaS or FaaS systems that do not require maintenance as the Azure platform handles this.