Andrew Dorokhov
open_in_new Microsoft Azure is a public cloud platform: compute, storage, networking, databases, identity, AI, and DevOps services hosted in Microsoft data centers.
Core ideas
- Subscription — billing and access boundary; one org may use several subscriptions (e.g. dev / prod).
- Resource group — a container for related resources (VMs, networks, databases) that you manage and delete as a unit. Resources belong to one region (or span services that are region-specific).
- Region — a geographic area with one or more data centers; pick regions for latency, compliance, and paired-region disaster recovery.
Using Azure CLI with Docker
You can quickly use the Azure CLI without installing it directly on your system by running it in a Docker container. Microsoft provides an official image for this purpose.
Run the following command:
docker run --rm -it \
-v ~/.ssh:/root/.ssh \
-v ~/.azure:/root/.azure \
mcr.microsoft.com/azure-cli:azurelinux3.0 \
az --version
Log in to your Azure account interactively:
az login
Display details about the currently active Azure account:
az account show
Networking
In Azure, virtual networks (Virtual Network or VNet) are the fundamental building blocks for creating isolated and secure network infrastructure. Key aspects to keep in mind when creating networks and subnets:
-
Virtual Network (VNet): Defines a private IP address space and an isolation boundary for your resources (such as VMs, databases, etc.). When creating a VNet, you must specify an address range using CIDR notation.
-
Subnets: Subnets are mandatory in Azure - you cannot have a virtual network without at least one subnet. Subnets divide your virtual network into logical segments to separate workloads or manage access. Each resource is connected to a specific subnet. You assign a distinct IP range to each subnet that fits within the VNet’s address space.
Azure Endpoints
An endpoint is simply an address or entry point that allows communication to or from a service. Azure services often support multiple types of endpoints to control how resources are accessed, facilitate connectivity, and enhance security:
-
Public endpoints: Most Azure resources (such as storage accounts, SQL databases, etc.) are, by default, accessible over the public internet via their public endpoints. Restrict access by using firewall rules, network security groups, or private endpoints.
-
Private endpoints: Azure Private Endpoint lets you map a service’s public endpoint into your own VNet, assigning it a private IP address. This means your traffic to the service stays entirely within the Microsoft backbone network and does not traverse the public internet.
-
Service endpoints: Service endpoints improve connectivity to Azure services (such as Azure Storage, SQL Database) over the backbone network from your VNet, while still using the service’s public IP address. They allow you to secure the service to only accept traffic from selected VNets and subnets.
Service endpoints
Common Azure services that support service endpoints include:
- Azure Storage
- Azure SQL Database
- Azure Synapse Analytics
- Azure Cosmos DB
- Azure Key Vault
- Azure Service Bus
- Azure Event Hubs
- Azure App Service (Web Apps)
- Azure Data Lake Storage Gen1 & Gen2
- Azure MySQL Database
- Azure PostgreSQL Database
- Azure MariaDB Database
- Azure Container Registry
- Azure Cognitive Services
Virtual Machines
Virtual Machines (VMs) in Azure are versatile compute resources that let you run a wide range of workloads. To set up a VM, you define key aspects such as the operating system image, size (CPU/memory), networking configuration, disks, and authentication methods.
The setup process typically involves:
- Selecting a resource group and region
- Specifying the VM image (Windows, Linux, custom)
- Choosing a VM size (based on performance and cost needs)
- Configuring virtual networks and subnets for connectivity
- Setting up storage and disks
- Defining admin credentials or SSH keys