From d10291dcde332c4498e790fe00b3e0cfe78d9f29 Mon Sep 17 00:00:00 2001 From: VSC-Service-Account Date: Fri, 23 Mar 2018 06:40:58 +0000 Subject: [PATCH] CI Update --- docs/antipatterns/busy-database/index.md | 8 +- docs/aws-professional/index.md | 6 +- docs/aws-professional/services.md | 276 +++++++++--------- docs/best-practices/monitoring.md | 13 +- docs/best-practices/retry-service-specific.md | 3 +- .../extending-templates/collector.md | 1 + .../extending-templates/conditional-deploy.md | 1 + .../objects-as-parameters.md | 18 +- .../extending-templates/update-resource.md | 16 +- docs/checklist/availability.md | 1 + docs/checklist/dev-ops.md | 2 +- docs/checklist/resiliency-per-service.md | 1 + docs/checklist/resiliency.md | 1 + .../adoption-intro/subscription-explainer.md | 1 + .../adoption-intro/tenant-explainer.md | 1 + .../analytical-data-stores.md | 12 +- .../technology-choices/batch-processing.md | 5 +- .../technology-choices/cognitive-services.md | 56 ++-- .../technology-choices/data-storage.md | 19 +- .../technology-choices/data-warehouses.md | 18 +- .../technology-choices/oltp-data-stores.md | 39 +-- .../technology-choices/search-options.md | 4 + .../technology-choices/stream-processing.md | 4 +- docs/docfx.json | 7 +- docs/guide/architecture-styles/index.md | 12 +- .../minimize-coordination.md | 2 +- docs/guide/index.md | 1 + docs/guide/pillars.md | 3 + .../technology-choices/compute-comparison.md | 2 +- .../data-store-comparison.md | 69 ++--- .../technology-choices/data-store-overview.md | 6 +- docs/index.md | 3 + docs/microservices/index.md | 2 +- docs/multitenant-identity/adfs.md | 1 + docs/multitenant-identity/app-roles.md | 1 + docs/multitenant-identity/authorize.md | 2 +- docs/multitenant-identity/client-assertion.md | 1 + docs/multitenant-identity/index.md | 1 + docs/multitenant-identity/key-vault.md | 5 +- docs/multitenant-identity/run-the-app.md | 142 ++++----- docs/multitenant-identity/signup.md | 1 + docs/multitenant-identity/token-cache.md | 1 + docs/multitenant-identity/web-api.md | 1 + docs/patterns/category/availability.md | 10 +- docs/patterns/category/data-management.md | 22 +- .../category/design-implementation.md | 34 ++- .../category/management-monitoring.md | 24 +- docs/patterns/category/messaging.md | 16 +- .../category/performance-scalability.md | 26 +- docs/patterns/category/resiliency.md | 22 +- docs/patterns/category/security.md | 12 +- docs/patterns/gateway-offloading.md | 30 +- docs/patterns/health-endpoint-monitoring.md | 4 +- docs/patterns/index.liquid.md | 4 +- docs/patterns/index.md | 69 ++--- docs/patterns/leader-election.md | 4 +- docs/patterns/pipes-and-filters.md | 2 +- docs/patterns/static-content-hosting.md | 1 + .../app-service-web-app/basic-web-app.md | 2 +- .../app-service-web-app/index.md | 2 + .../app-service-web-app/scalable-web-app.md | 2 +- docs/reference-architectures/dmz/index.md | 2 + docs/reference-architectures/dmz/nva-ha.md | 4 +- .../dmz/secure-vnet-hybrid.md | 2 +- .../hybrid-networking/considerations.md | 1 + .../hybrid-networking/expressroute.md | 1 + .../hybrid-networking/hub-spoke.md | 160 +++++----- .../hybrid-networking/index.md | 2 + .../hybrid-networking/shared-services.md | 130 ++++----- .../hybrid-networking/vpn.md | 3 + .../identity/adds-extend-domain.md | 1 + .../identity/adds-forest.md | 7 +- docs/reference-architectures/identity/adfs.md | 5 +- .../reference-architectures/identity/index.md | 2 + docs/reference-architectures/index.md | 2 + docs/reference-architectures/jenkins/index.md | 30 +- .../virtual-machines-linux/index.md | 2 + .../multi-region-application.md | 1 + .../virtual-machines-linux/multi-vm.md | 20 +- .../virtual-machines-linux/n-tier.md | 21 +- .../virtual-machines-linux/single-vm.md | 21 +- .../virtual-machines-windows/index.md | 2 + .../multi-region-application.md | 7 +- .../virtual-machines-windows/multi-vm.md | 20 +- .../virtual-machines-windows/n-tier.md | 37 +-- .../virtual-machines-windows/single-vm.md | 21 +- docs/resiliency/failure-mode-analysis.md | 2 +- .../high-availability-azure-applications.md | 1 + docs/resiliency/recovery-local-failures.md | 1 + docs/resiliency/recovery-loss-azure-region.md | 5 + docs/resiliency/recovery-on-premises-azure.md | 1 + .../migrate-from-cloud-services.md | 12 +- docs/service-fabric/refactor-migrated-app.md | 1 + 93 files changed, 845 insertions(+), 737 deletions(-) diff --git a/docs/antipatterns/busy-database/index.md b/docs/antipatterns/busy-database/index.md index 04172b9a9b9..1549273a6c4 100644 --- a/docs/antipatterns/busy-database/index.md +++ b/docs/antipatterns/busy-database/index.md @@ -114,10 +114,10 @@ INNER JOIN [Person].[Person] p ON c.[PersonID] = p.[BusinessEntityID] INNER JOIN [Sales].[SalesOrderDetail] sod ON soh.[SalesOrderID] = sod.[SalesOrderID] WHERE soh.[TerritoryId] = @TerritoryId AND soh.[SalesOrderId] IN ( - SELECT TOP 20 SalesOrderId - FROM [Sales].[SalesOrderHeader] soh - WHERE soh.[TerritoryId] = @TerritoryId - ORDER BY soh.[TotalDue] DESC) + SELECT TOP 20 SalesOrderId + FROM [Sales].[SalesOrderHeader] soh + WHERE soh.[TerritoryId] = @TerritoryId + ORDER BY soh.[TotalDue] DESC) ORDER BY soh.[TotalDue] DESC, sod.[SalesOrderDetailID] ``` diff --git a/docs/aws-professional/index.md b/docs/aws-professional/index.md index 52b1ab6ca26..a8588f29b5c 100644 --- a/docs/aws-professional/index.md +++ b/docs/aws-professional/index.md @@ -48,9 +48,11 @@ account are tied to that account, subscriptions exist independently of their owner accounts, and can be reassigned to new owners as needed. ![Comparison of structure and ownership of AWS accounts and Azure subscriptions](./images/azure-aws-account-compare.png "Comparison of structure and ownership of AWS accounts and Azure subscriptions") -
*Comparison of structure and ownership of AWS accounts and Azure subscriptions* +
Comparison of structure and ownership of AWS accounts and Azure subscriptions +

+ Subscriptions are assigned three types of administrator accounts: - **Account Administrator** - The subscription owner and the @@ -360,7 +362,7 @@ allow you to create and manage the following storage services: storage](https://azure.microsoft.com/documentation/articles/storage-java-how-to-use-file-storage/) - offers shared storage for legacy applications using the standard server message block (SMB) protocol. File storage is used in a similar manner to EFS in the AWS platform. - + #### Glacier and Azure Storage [Azure Archive Blob Storage](/azure/storage/blobs/storage-blob-storage-tiers#archive-access-tier) is comparable to AWS Glacier storage service. It is intended for rarely accessed data that is stored for at least 180 days and can tolerate several hours of retrieval latency. diff --git a/docs/aws-professional/services.md b/docs/aws-professional/services.md index 348b4e73327..97fc5f576c6 100644 --- a/docs/aws-professional/services.md +++ b/docs/aws-professional/services.md @@ -31,50 +31,47 @@ For an overview of Azure for AWS users, see [Introduction to Azure for AWS profe ## Compute -| Area | AWS service | Azure service | Description | -|---------------------------------|---------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Virtual servers | Elastic Compute Cloud (EC2) Instances | [Azure Virtual Machines](https://azure.microsoft.com/services/virtual-machines/) | Virtual servers allow users to deploy, manage, and maintain OS and server software. Instance types provide combinations of CPU/RAM. Users pay for what they use with the flexibility to change sizes. | -| ** ** | Amazon Lightsail | [Azure Virtual Machines & Images](https://azure.microsoft.com/services/virtual-machines/) | Collection of virtual machine templates to select from when building out your virtual machine. | -| Container instances | EC2 Container Service (ECS) | [Azure Container Service](https://azure.microsoft.com/services/container-service/) | Azure Container Instances is the fastest and simplest way to run a container in Azure, without having to provision any virtual machines or adopt a higher-level orchestration service. | -| ** ** | EC2 Container Registry | [Azure Container Registry](https://azure.microsoft.com/services/container-registry/) | Allows customers to store Docker formatted images. Used to create all types of container deployments on Azure. -| Microservices / container orchestrators | Elastic Container Service for Kubernetes (EKS) | [Azure Container Service (AKS)](https://azure.microsoft.com/services/container-service/) | Deploy orchestrated containerized applications with Kubernetes. Simplify monitoring and cluster management through auto upgrades and a built-in operations console. | -|   | | [Service Fabric](https://azure.microsoft.com/services/service-fabric/) | A compute service that orchestrates and manages the execution, lifetime, and resilience of complex, inter-related code components that can be either stateless or stateful. | -|   | | [Azure Container Service (ACS)](/azure/container-service/) | Quickly deploy a production ready Kubernetes, DC/OS, or Docker Swarm cluster | -| Serverless | Lambda | [Azure Functions](https://azure.microsoft.com/services/functions/)

[Azure Event Grid](https://azure.microsoft.com/services/event-grid/) | Integrate systems and run backend processes in response to events or schedules without provisioning or managing servers. | -| ** ** | Lambda @ Edge | [Functions on Azure IoT Edge](/azure/iot-edge/tutorial-deploy-function) | Runs functions at the edge (directly on IoT devices) even with intermittent cloud connectivity. | -| Backend process logic |   | [Web Jobs](/azure/app-service-web/websites-webjobs-resources) | Provides an easy way to run background processes in an application context. | -| Batch computing | AWS Batch | [Azure Batch](https://azure.microsoft.com/services/batch/) | Run large-scale parallel and high-performance computing applications efficiently in the cloud. | -| Scalability | AWS Auto Scaling | [Virtual Machine Scale Sets](/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-overview)

[Azure App Service Scale Capability (PAAS)](https://azure.microsoft.com/documentation/articles/web-sites-scale/)

[Azure AutoScaling](/azure/app-service/app-service-environment-auto-scale) | Lets you automatically change the number of instances providing a particular compute workload. You set defined metric and thresholds that determine if the platform adds or removes instances. | - +| Area | AWS service | Azure service | Description | +|-----------------------------------------|------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Virtual servers | Elastic Compute Cloud (EC2) Instances | [Azure Virtual Machines](https://azure.microsoft.com/services/virtual-machines/) | Virtual servers allow users to deploy, manage, and maintain OS and server software. Instance types provide combinations of CPU/RAM. Users pay for what they use with the flexibility to change sizes. | +|   | Amazon Lightsail | [Azure Virtual Machines & Images](https://azure.microsoft.com/services/virtual-machines/) | Collection of virtual machine templates to select from when building out your virtual machine. | +| Container instances | EC2 Container Service (ECS) | [Azure Container Service](https://azure.microsoft.com/services/container-service/) | Azure Container Instances is the fastest and simplest way to run a container in Azure, without having to provision any virtual machines or adopt a higher-level orchestration service. | +|   | EC2 Container Registry | [Azure Container Registry](https://azure.microsoft.com/services/container-registry/) | Allows customers to store Docker formatted images. Used to create all types of container deployments on Azure. | +| Microservices / container orchestrators | Elastic Container Service for Kubernetes (EKS) | [Azure Container Service (AKS)](https://azure.microsoft.com/services/container-service/) | Deploy orchestrated containerized applications with Kubernetes. Simplify monitoring and cluster management through auto upgrades and a built-in operations console. | +|   | | [Service Fabric](https://azure.microsoft.com/services/service-fabric/) | A compute service that orchestrates and manages the execution, lifetime, and resilience of complex, inter-related code components that can be either stateless or stateful. | +|   | | [Azure Container Service (ACS)](/azure/container-service/) | Quickly deploy a production ready Kubernetes, DC/OS, or Docker Swarm cluster | +| Serverless | Lambda | [Azure Functions](https://azure.microsoft.com/services/functions/)

[Azure Event Grid](https://azure.microsoft.com/services/event-grid/) | Integrate systems and run backend processes in response to events or schedules without provisioning or managing servers. | +|   | Lambda @ Edge | [Functions on Azure IoT Edge](/azure/iot-edge/tutorial-deploy-function) | Runs functions at the edge (directly on IoT devices) even with intermittent cloud connectivity. | +| Backend process logic |   | [Web Jobs](/azure/app-service-web/websites-webjobs-resources) | Provides an easy way to run background processes in an application context. | +| Batch computing | AWS Batch | [Azure Batch](https://azure.microsoft.com/services/batch/) | Run large-scale parallel and high-performance computing applications efficiently in the cloud. | +| Scalability | AWS Auto Scaling | [Virtual Machine Scale Sets](/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-overview)

[Azure App Service Scale Capability (PAAS)](https://azure.microsoft.com/documentation/articles/web-sites-scale/)

[Azure AutoScaling](/azure/app-service/app-service-environment-auto-scale) | Lets you automatically change the number of instances providing a particular compute workload. You set defined metric and thresholds that determine if the platform adds or removes instances. | ## Storage -| Area | AWS service | Azure service | Description | -|------------------------------------|-----------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Object storage | Simple Storage Services (S3) | [Azure Storage—Block Blob (for content logs, files) (Standard—Hot)](/rest/api/storageservices/fileservices/understanding-block-blobs--append-blobs--and-page-blobs#about-block-blobs) | Object storage service, for use cases including cloud applications, content distribution, backup, archiving, disaster recovery, and big data analytics. | -| Virtual Server disk infrastructure | Elastic Block Store (EBS) | [Azure Storage Disk—Page Blobs (for VHDs or other random-write type data)](/rest/api/storageservices/fileservices/understanding-block-blobs--append-blobs--and-page-blobs#about-page-blobs)

[Azure Storage Disks—Premium Storage](https://azure.microsoft.com/services/storage/disks/) | SSD storage optimized for I/O intensive read/write operations. For use as high performance Azure virtual machine storage. | -| Shared file storage | Elastic File System | [Azure Files (file share between VMs)](https://azure.microsoft.com/services/storage/files/) | Provides a simple interface to create and configure file systems quickly, and share common files. It’s shared file storage without the need for a supporting virtual machine, and can be used with traditional protocols that access files over a network. | -| Archiving—cool storage | S3 Infrequent Access (IA) | [Azure Storage—Standard Cool](/azure/storage/blobs/storage-blob-storage-tiers) | Cool storage is a lower cost tier for storing data that is infrequently accessed and long-lived. | -| Archiving—cold storage | S3 Glacier | [Azure Storage-Standard Archive](/azure/storage/blobs/storage-blob-storage-tiers) | Archive storage has the lowest storage cost and higher data retrieval costs compared to hot and cool storage. | -| Backup | None | [Azure Backup](https://azure.microsoft.com/services/backup/) | Backup and archival solutions allow files and folders to be backed up and recovered from the cloud, and provide off-site protection against data loss. There are two components of backup—the software service that orchestrates backup/retrieval and the underlying backup storage infrastructure. | -| Hybrid storage | Storage Gateway | [StorSimple](https://azure.microsoft.com/services/storsimple/) | Integrates on-premises IT environments with cloud storage. Automates data management and storage, plus supports disaster recovery. | -| Bulk data transfer | AWS Import/Export Disk | [Import/Export](https://azure.microsoft.com/documentation/articles/storage-import-export-service/) | A data transport solution that uses secure disks and appliances to transfer large amounts of data. Also offers data protection during transit. | -| ** ** | AWS Import/Export Snowball

AWS Snowball Edge

AWS Snowmobile | [Azure Data Box](https://azure.microsoft.com/services/storage/databox/) | Petabyte- to Exabyte-scale data transport solution that uses secure data storage devices to transfer large amounts of data into and out of the AWS cloud, at lower cost than Internet-based transfers. | -| Disaster recovery | None | [Site Recovery](https://azure.microsoft.com/services/site-recovery/) | Automates protection and replication of virtual machines. Offers health monitoring, recovery plans, and recovery plan testing. | - +| Area | AWS service | Azure service | Description | +|------------------------------------|-------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Object storage | Simple Storage Services (S3) | [Azure Storage—Block Blob (for content logs, files) (Standard—Hot)](/rest/api/storageservices/fileservices/understanding-block-blobs--append-blobs--and-page-blobs#about-block-blobs) | Object storage service, for use cases including cloud applications, content distribution, backup, archiving, disaster recovery, and big data analytics. | +| Virtual Server disk infrastructure | Elastic Block Store (EBS) | [Azure Storage Disk—Page Blobs (for VHDs or other random-write type data)](/rest/api/storageservices/fileservices/understanding-block-blobs--append-blobs--and-page-blobs#about-page-blobs)

[Azure Storage Disks—Premium Storage](https://azure.microsoft.com/services/storage/disks/) | SSD storage optimized for I/O intensive read/write operations. For use as high performance Azure virtual machine storage. | +| Shared file storage | Elastic File System | [Azure Files (file share between VMs)](https://azure.microsoft.com/services/storage/files/) | Provides a simple interface to create and configure file systems quickly, and share common files. It’s shared file storage without the need for a supporting virtual machine, and can be used with traditional protocols that access files over a network. | +| Archiving—cool storage | S3 Infrequent Access (IA) | [Azure Storage—Standard Cool](/azure/storage/blobs/storage-blob-storage-tiers) | Cool storage is a lower cost tier for storing data that is infrequently accessed and long-lived. | +| Archiving—cold storage | S3 Glacier | [Azure Storage-Standard Archive](/azure/storage/blobs/storage-blob-storage-tiers) | Archive storage has the lowest storage cost and higher data retrieval costs compared to hot and cool storage. | +| Backup | None | [Azure Backup](https://azure.microsoft.com/services/backup/) | Backup and archival solutions allow files and folders to be backed up and recovered from the cloud, and provide off-site protection against data loss. There are two components of backup—the software service that orchestrates backup/retrieval and the underlying backup storage infrastructure. | +| Hybrid storage | Storage Gateway | [StorSimple](https://azure.microsoft.com/services/storsimple/) | Integrates on-premises IT environments with cloud storage. Automates data management and storage, plus supports disaster recovery. | +| Bulk data transfer | AWS Import/Export Disk | [Import/Export](https://azure.microsoft.com/documentation/articles/storage-import-export-service/) | A data transport solution that uses secure disks and appliances to transfer large amounts of data. Also offers data protection during transit. | +|   | AWS Import/Export Snowball

AWS Snowball Edge

AWS Snowmobile | [Azure Data Box](https://azure.microsoft.com/services/storage/databox/) | Petabyte- to Exabyte-scale data transport solution that uses secure data storage devices to transfer large amounts of data into and out of the AWS cloud, at lower cost than Internet-based transfers. | +| Disaster recovery | None | [Site Recovery](https://azure.microsoft.com/services/site-recovery/) | Automates protection and replication of virtual machines. Offers health monitoring, recovery plans, and recovery plan testing. | ## Networking and content delivery -| Area | AWS service | Azure service | Description | -|-------------------------------|------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Cloud virtual networking | Virtual Private Cloud | [Virtual Network](https://azure.microsoft.com/services/virtual-network/) | Provides an isolated, private environment in the cloud. Users have control over their virtual networking environment, including selection of their own IP address range, creation of subnets, and configuration of route tables and network gateways. | -| Cross-premises connectivity | AWS VPN Gateway | [Azure VPN Gateway](/azure/vpn-gateway/vpn-gateway-about-vpngateways) | Azure VPN Gateways connect Azure virtual networks to other Azure virtual networks, or customer on-premises networks (Site To Site). It also allows end users to connect to Azure services through VPN tunneling (Point To Site). | -| Domain name system management | Route 53 | [Azure DNS](https://azure.microsoft.com/services/dns/) | Manage your DNS records using the same credentials and billing and support contract as your other Azure services | -| ** ** | Route 53 | [Traffic Manager](https://azure.microsoft.com/services/traffic-manager/) | A service that hosts domain names, plus routes users to Internet applications, connects user requests to datacenters, manages traffic to apps, and improves app availability with automatic failover. | -| Content delivery network | CloudFront | [Azure Content Delivery Network](https://azure.microsoft.com/services/cdn/) | A global content delivery network that delivers audio, video, applications, images, and other files. | -| Dedicated network | Direct Connect | [ExpressRoute](https://azure.microsoft.com/services/expressroute/) | Establishes a dedicated, private network connection from a location to the cloud provider (not over the Internet). | -| Load balancing | Classic Load Balancer

Network Load Balancer

Application Load Balancer | [Load Balancer](https://azure.microsoft.com/services/load-balancer/)

[Application Gateway](https://azure.microsoft.com/services/application-gateway/) | Automatically distributes incoming application traffic to add scale, handle failover, and route to a collection of resources. | - +| Area | AWS service | Azure service | Description | +|-------------------------------|---------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Cloud virtual networking | Virtual Private Cloud | [Virtual Network](https://azure.microsoft.com/services/virtual-network/) | Provides an isolated, private environment in the cloud. Users have control over their virtual networking environment, including selection of their own IP address range, creation of subnets, and configuration of route tables and network gateways. | +| Cross-premises connectivity | AWS VPN Gateway | [Azure VPN Gateway](/azure/vpn-gateway/vpn-gateway-about-vpngateways) | Azure VPN Gateways connect Azure virtual networks to other Azure virtual networks, or customer on-premises networks (Site To Site). It also allows end users to connect to Azure services through VPN tunneling (Point To Site). | +| Domain name system management | Route 53 | [Azure DNS](https://azure.microsoft.com/services/dns/) | Manage your DNS records using the same credentials and billing and support contract as your other Azure services | +|   | Route 53 | [Traffic Manager](https://azure.microsoft.com/services/traffic-manager/) | A service that hosts domain names, plus routes users to Internet applications, connects user requests to datacenters, manages traffic to apps, and improves app availability with automatic failover. | +| Content delivery network | CloudFront | [Azure Content Delivery Network](https://azure.microsoft.com/services/cdn/) | A global content delivery network that delivers audio, video, applications, images, and other files. | +| Dedicated network | Direct Connect | [ExpressRoute](https://azure.microsoft.com/services/expressroute/) | Establishes a dedicated, private network connection from a location to the cloud provider (not over the Internet). | +| Load balancing | Classic Load Balancer

Network Load Balancer

Application Load Balancer | [Load Balancer](https://azure.microsoft.com/services/load-balancer/)

[Application Gateway](https://azure.microsoft.com/services/application-gateway/) | Automatically distributes incoming application traffic to add scale, handle failover, and route to a collection of resources. | ## Database @@ -89,128 +86,123 @@ For an overview of Azure for AWS users, see [Introduction to Azure for AWS profe ## Analytics and big data -| Area | AWS service | Azure service | Description | -|------------------------|-------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Elastic data warehouse | Redshift | [SQL Data Warehouse](https://azure.microsoft.com/services/sql-data-warehouse/) | A fully managed data warehouse that analyzes data using business intelligence tools. It can transact SQL queries across relational and nonrelational data. | -| Big data processing | Elastic MapReduce (EMR) | [HDInsight](https://azure.microsoft.com/services/hdinsight/) | Supports technologies that break up large data processing tasks into multiple jobs, and then combine the results to enable massive parallelism. | -| Data orchestration | Data Pipeline | [Data Factory](https://azure.microsoft.com/services/data-factory/) | Processes and moves data between different compute and storage services, as well as on-premises data sources at specified intervals. Users can create, schedule, orchestrate, and manage data pipelines. | -| ** ** | AWS Glue | [Data Factory](https://azure.microsoft.com/services/data-factory/)

[Data Catalog](https://azure.microsoft.com/services/data-catalog/) | Cloud-based ETL/data integration service that orchestrates and automates the movement and transformation of data from various sources. | -| Analytics | Kinesis Analytics | [Stream Analytics](https://azure.microsoft.com/services/stream-analytics/)

[Data Lake Analytics](https://azure.microsoft.com/services/data-lake-analytics/)

[Data Lake Store](https://azure.microsoft.com/services/data-lake-store/) | Storage and analysis platforms that create insights from large quantities of data, or data that originates from many sources. | -| Visualization | QuickSight (Preview) | [PowerBI](https://powerbi.microsoft.com/) | Business intelligence tools that build visualizations, perform ad hoc analysis, and develop business insights from data. | -| ** ** | None | [Power BI Embedded](https://azure.microsoft.com/services/power-bi-embedded/) | Allows visualization and data analysis tools to be embedded in applications. | -| Search | Elasticsearch Service | [Marketplace—Elasticsearch](https://azuremarketplace.microsoft.com/marketplace/apps?page=1&search=Elasticsearch) | A scalable search server based on Apache Lucene. | -| ** ** | CloudSearch | [Azure Search](https://azure.microsoft.com/services/search/) | Delivers full-text search and related search analytics and capabilities. | -| Machine learning | Machine Learning | [Azure Machine Learning Studio](https://azure.microsoft.com/services/machine-learning/)

[Azure Machine Learning Workbench](https://azure.microsoft.com/services/machine-learning-services/) | Produces an end-to-end workflow to create, process, refine, and publish predictive models that can be used to understand what might happen from complex data sets. | -| Data discovery | None | [Data Catalog](https://azure.microsoft.com/services/data-catalog/) | Provides the ability to better register, enrich, discover, understand, and consume data sources. | -| ** ** | Amazon Athena | [Azure Data Lake Analytics](https://azure.microsoft.com/services/data-lake-analytics/) | Provides a serverless interactive query service that uses standard SQL for analyzing databases. | - +| Area | AWS service | Azure service | Description | +|-------------------------|-------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Elastic data warehouse | Redshift | [SQL Data Warehouse](https://azure.microsoft.com/services/sql-data-warehouse/) | A fully managed data warehouse that analyzes data using business intelligence tools. It can transact SQL queries across relational and nonrelational data. | +| Big data processing | Elastic MapReduce (EMR) | [HDInsight](https://azure.microsoft.com/services/hdinsight/) | Supports technologies that break up large data processing tasks into multiple jobs, and then combine the results to enable massive parallelism. | +| Data orchestration | Data Pipeline | [Data Factory](https://azure.microsoft.com/services/data-factory/) | Processes and moves data between different compute and storage services, as well as on-premises data sources at specified intervals. Users can create, schedule, orchestrate, and manage data pipelines. | +|   | AWS Glue | [Data Factory](https://azure.microsoft.com/services/data-factory/)

[Data Catalog](https://azure.microsoft.com/services/data-catalog/) | Cloud-based ETL/data integration service that orchestrates and automates the movement and transformation of data from various sources. | +| Analytics | Kinesis Analytics | [Stream Analytics](https://azure.microsoft.com/services/stream-analytics/)

[Data Lake Analytics](https://azure.microsoft.com/services/data-lake-analytics/)

[Data Lake Store](https://azure.microsoft.com/services/data-lake-store/) | Storage and analysis platforms that create insights from large quantities of data, or data that originates from many sources. | +| Visualization | QuickSight (Preview) | [PowerBI](https://powerbi.microsoft.com/) | Business intelligence tools that build visualizations, perform ad hoc analysis, and develop business insights from data. | +|   | None | [Power BI Embedded](https://azure.microsoft.com/services/power-bi-embedded/) | Allows visualization and data analysis tools to be embedded in applications. | +| Search | Elasticsearch Service | [Marketplace—Elasticsearch](https://azuremarketplace.microsoft.com/marketplace/apps?page=1&search=Elasticsearch) | A scalable search server based on Apache Lucene. | +|   | CloudSearch | [Azure Search](https://azure.microsoft.com/services/search/) | Delivers full-text search and related search analytics and capabilities. | +| Machine learning | Machine Learning | [Azure Machine Learning Studio](https://azure.microsoft.com/services/machine-learning/)

[Azure Machine Learning Workbench](https://azure.microsoft.com/services/machine-learning-services/) | Produces an end-to-end workflow to create, process, refine, and publish predictive models that can be used to understand what might happen from complex data sets. | +| Data discovery | None | [Data Catalog](https://azure.microsoft.com/services/data-catalog/) | Provides the ability to better register, enrich, discover, understand, and consume data sources. | +|   | Amazon Athena | [Azure Data Lake Analytics](https://azure.microsoft.com/services/data-lake-analytics/) | Provides a serverless interactive query service that uses standard SQL for analyzing databases. | ## Intelligence -| Area | AWS service | Azure service | Description | -|-----------------------------------------------------------|--------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Conversational user interfaces virtual personal assistant | Alexa Skills Kits | [Cortana Intelligence Suite —Cortana Integration](https://azure.microsoft.com/suites/cortana-intelligence-suite/) | Services cover intelligence cognitive services, machine learning, analytics, information management, big data and dashboards and visualizations. | -| ** ** | | [Microsoft Bot Framework + Azure Bot Service](https://dev.botframework.com/) | Builds and connects intelligent bots that interact with your users using text/SMS, Skype, Teams, Slack, Office 365 mail, Twitter, and other popular services. | -| Speech recognition | Amazon Lex | [Bing Speech API](https://azure.microsoft.com/services/cognitive-services/speech/) | API capable of converting speech to text, understanding intent, and converting text back to speech for natural responsiveness. | -| ** ** | | [Language Understanding Intelligent Service (LUIS)](https://azure.microsoft.com/services/cognitive-services/language-understanding-intelligent-service/) | Allows your applications to understand user commands contextually. | -| ** ** | | [Speaker Recognition API](https://azure.microsoft.com/services/cognitive-services/speaker-recognition/) | Gives your app the ability to recognize individual speakers. | -| ** ** | | [Custom Recognition Intelligent Service (CRIS)](https://azure.microsoft.com/services/cognitive-services/custom-speech-service/) | Fine-tunes speech recognition to eliminate barriers such as speaking style, background noise, and vocabulary. | -| Text to Speech | Amazon Polly | [Bing Speech API](https://azure.microsoft.com/services/cognitive-services/speech/) | Enables both Speech to Text, and Text into Speech capabilities. | -| Visual recognition | Amazon Rekognition | [Computer Vision API](https://azure.microsoft.com/services/cognitive-services/computer-vision/) | Distills actionable information from images, generates captions and identifies objects in images. | -| ** ** | | [Face API](https://azure.microsoft.com/services/cognitive-services/face/) | Detects, identifies, analyzes, organizes, and tags faces in photos. | -| ** ** | | [Emotions API](https://azure.microsoft.com/services/cognitive-services/emotion/) | Recognizes emotions in images. | -| ** ** | | [Video API](https://www.microsoft.com/cognitive-services/video-api) | Intelligent video processing produces stable video output, detects motion, creates intelligent thumbnails, detects and tracks faces. | - +| Area | AWS service | Azure service | Description | +|-----------------------------------------------------------|--------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Conversational user interfaces virtual personal assistant | Alexa Skills Kits | [Cortana Intelligence Suite —Cortana Integration](https://azure.microsoft.com/suites/cortana-intelligence-suite/) | Services cover intelligence cognitive services, machine learning, analytics, information management, big data and dashboards and visualizations. | +|   | | [Microsoft Bot Framework + Azure Bot Service](https://dev.botframework.com/) | Builds and connects intelligent bots that interact with your users using text/SMS, Skype, Teams, Slack, Office 365 mail, Twitter, and other popular services. | +| Speech recognition | Amazon Lex | [Bing Speech API](https://azure.microsoft.com/services/cognitive-services/speech/) | API capable of converting speech to text, understanding intent, and converting text back to speech for natural responsiveness. | +|   | | [Language Understanding Intelligent Service (LUIS)](https://azure.microsoft.com/services/cognitive-services/language-understanding-intelligent-service/) | Allows your applications to understand user commands contextually. | +|   | | [Speaker Recognition API](https://azure.microsoft.com/services/cognitive-services/speaker-recognition/) | Gives your app the ability to recognize individual speakers. | +|   | | [Custom Recognition Intelligent Service (CRIS)](https://azure.microsoft.com/services/cognitive-services/custom-speech-service/) | Fine-tunes speech recognition to eliminate barriers such as speaking style, background noise, and vocabulary. | +| Text to Speech | Amazon Polly | [Bing Speech API](https://azure.microsoft.com/services/cognitive-services/speech/) | Enables both Speech to Text, and Text into Speech capabilities. | +| Visual recognition | Amazon Rekognition | [Computer Vision API](https://azure.microsoft.com/services/cognitive-services/computer-vision/) | Distills actionable information from images, generates captions and identifies objects in images. | +|   | | [Face API](https://azure.microsoft.com/services/cognitive-services/face/) | Detects, identifies, analyzes, organizes, and tags faces in photos. | +|   | | [Emotions API](https://azure.microsoft.com/services/cognitive-services/emotion/) | Recognizes emotions in images. | +|   | | [Video API](https://www.microsoft.com/cognitive-services/video-api) | Intelligent video processing produces stable video output, detects motion, creates intelligent thumbnails, detects and tracks faces. | ## Internet of things (IoT) -| Area | AWS service | Azure service | Description | -|--------------------|-----------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Internet of Things | AWS IoT Other Services (Kinesis, Machine Learning, EMR, Data Pipeline, SNS, QuickSight) | [Azure IoT Suite (IoT Hub, Machine Learning, Stream Analytics, Notification Hubs, PowerBI)](https://azure.microsoft.com/suites/iot-suite/) | Provides a preconfigured solution for monitoring, maintaining, and deploying common IoT scenarios. | -| ** ** | AWS IoT | [Azure IoT Hub](https://azure.microsoft.com/services/iot-hub/) | A cloud gateway for managing bidirectional communication with billions of IoT devices, securely and at scale. | -| Edge compute for IoT | AWS Greengrass | [Azure IoT Edge](https://azure.microsoft.com/services/iot-edge/) | Managed service that deploys cloud intelligence directly on IoT devices to run in on-prem scenarios. | -| Streaming data | Kinesis Firehose

Kinesis Streams | [Event Hubs](https://azure.microsoft.com/services/event-hubs/) | Services that allow the mass ingestion of small data inputs, typically from devices and sensors, to process and route the data. | - +| Area | AWS service | Azure service | Description | +|-------------------------|-----------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------| +| Internet of Things | AWS IoT Other Services (Kinesis, Machine Learning, EMR, Data Pipeline, SNS, QuickSight) | [Azure IoT Suite (IoT Hub, Machine Learning, Stream Analytics, Notification Hubs, PowerBI)](https://azure.microsoft.com/suites/iot-suite/) | Provides a preconfigured solution for monitoring, maintaining, and deploying common IoT scenarios. | +|   | AWS IoT | [Azure IoT Hub](https://azure.microsoft.com/services/iot-hub/) | A cloud gateway for managing bidirectional communication with billions of IoT devices, securely and at scale. | +| Edge compute for IoT | AWS Greengrass | [Azure IoT Edge](https://azure.microsoft.com/services/iot-edge/) | Managed service that deploys cloud intelligence directly on IoT devices to run in on-prem scenarios. | +| Streaming data | Kinesis Firehose

Kinesis Streams | [Event Hubs](https://azure.microsoft.com/services/event-hubs/) | Services that allow the mass ingestion of small data inputs, typically from devices and sensors, to process and route the data. | ## Management and monitoring -| Area | AWS service | Azure service | Description | -|-----------------------------------|-----------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Cloud advisor | Trusted Advisor | [Azure Advisor](https://azure.microsoft.com/services/advisor/) | Provides analysis of cloud resource configuration and security so subscribers can ensure they’re making use of best practices and optimum configurations. | -| Deployment orchestration (DevOps) | OpsWorks (Chef-based) | [Azure Automation](https://azure.microsoft.com/services/automation/) | Configures and operates applications of all shapes and sizes, and provides templates to create and manage a collection of resources. | -| ** ** | CloudFormation | [Azure Resource Manager](https://azure.microsoft.com/features/resource-manager/)

[VM extensions](https://azure.microsoft.com/documentation/articles/virtual-machines-windows-extensions-features/)

[Azure Automation](https://azure.microsoft.com/services/automation/) | Provides a way for users to automate the manual, long-running, error-prone, and frequently repeated IT tasks. | -| Management & monitoring (DevOps) | CloudWatch | [Azure portal](https://azure.microsoft.com/features/azure-portal/)

[Azure Monitor](https://azure.microsoft.com/services/monitor/) | A unified console that simplifies building, deploying, and managing your cloud resources. | -| ** ** | CloudWatch | [Azure Application Insights + Azure Monitor](https://azure.microsoft.com/services/application-insights/) | An extensible analytics service that helps you understand the performance and usage of your live web application. It's designed for developers, to help you continuously improve the performance and usability of your app. | -| ** ** | AWS X-Ray | [Azure Application Insights + Azure Monitor](https://azure.microsoft.com/services/application-insights/) | An extensible application performance management service for web developers on multiple platforms. You can use it to monitor your live web application, detect performance anomalies, and diagnose issues with your app. | -| ** ** | AWS Usage and Billing Report | [Azure Billing API](/azure/billing/billing-usage-rate-card-overview) | Services to help generate, monitor, forecast, and share billing data for resource usage by time, organization, or product resources. | -| ** ** | AWS Management Console | [Azure portal](https://azure.microsoft.com/features/azure-portal/) | A unified management console that simplifies building, deploying, and operating your cloud resources. | -| Administration | AWS Application Discovery Service | [Azure Log Analytics in Operations Management Suite](https://azure.microsoft.com/services/log-analytics) | Provides deeper insights into your application and workloads by collecting, correlating and visualizing all your machine data, such as event logs, network logs, performance data, and much more, from both on-premises and cloud assets. | -| ** ** | Amazon EC2 Systems Manager | [Microsoft Operations Management Suite—Automation and Control functionalities](https://www.microsoft.com/cloud-platform/operations-management-suite) | Enables continuous IT services and compliance through process automation and configuration management. You can transform complex and repetitive tasks with IT automation. | -| ** ** | AWS Personal Health Dashboard | [Azure Resource Health](/azure/resource-health/resource-health-overview) | Provides detailed information about the health of resources as well as recommended actions for maintaining resource health. | -| ** ** | Third Party | [Azure Storage Explorer](http://storageexplorer.com/) | Standalone app from Microsoft that allows you to easily work with Azure Storage data on Windows, Mac OS, and Linux. | - +| Area | AWS service | Azure service | Description | +|-----------------------------------|-----------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Cloud advisor | Trusted Advisor | [Azure Advisor](https://azure.microsoft.com/services/advisor/) | Provides analysis of cloud resource configuration and security so subscribers can ensure they’re making use of best practices and optimum configurations. | +| Deployment orchestration (DevOps) | OpsWorks (Chef-based) | [Azure Automation](https://azure.microsoft.com/services/automation/) | Configures and operates applications of all shapes and sizes, and provides templates to create and manage a collection of resources. | +|   | CloudFormation | [Azure Resource Manager](https://azure.microsoft.com/features/resource-manager/)

[VM extensions](https://azure.microsoft.com/documentation/articles/virtual-machines-windows-extensions-features/)

[Azure Automation](https://azure.microsoft.com/services/automation/) | Provides a way for users to automate the manual, long-running, error-prone, and frequently repeated IT tasks. | +| Management & monitoring (DevOps) | CloudWatch | [Azure portal](https://azure.microsoft.com/features/azure-portal/)

[Azure Monitor](https://azure.microsoft.com/services/monitor/) | A unified console that simplifies building, deploying, and managing your cloud resources. | +|   | CloudWatch | [Azure Application Insights + Azure Monitor](https://azure.microsoft.com/services/application-insights/) | An extensible analytics service that helps you understand the performance and usage of your live web application. It's designed for developers, to help you continuously improve the performance and usability of your app. | +|   | AWS X-Ray | [Azure Application Insights + Azure Monitor](https://azure.microsoft.com/services/application-insights/) | An extensible application performance management service for web developers on multiple platforms. You can use it to monitor your live web application, detect performance anomalies, and diagnose issues with your app. | +|   | AWS Usage and Billing Report | [Azure Billing API](/azure/billing/billing-usage-rate-card-overview) | Services to help generate, monitor, forecast, and share billing data for resource usage by time, organization, or product resources. | +|   | AWS Management Console | [Azure portal](https://azure.microsoft.com/features/azure-portal/) | A unified management console that simplifies building, deploying, and operating your cloud resources. | +| Administration | AWS Application Discovery Service | [Azure Log Analytics in Operations Management Suite](https://azure.microsoft.com/services/log-analytics) | Provides deeper insights into your application and workloads by collecting, correlating and visualizing all your machine data, such as event logs, network logs, performance data, and much more, from both on-premises and cloud assets. | +|   | Amazon EC2 Systems Manager | [Microsoft Operations Management Suite—Automation and Control functionalities](https://www.microsoft.com/cloud-platform/operations-management-suite) | Enables continuous IT services and compliance through process automation and configuration management. You can transform complex and repetitive tasks with IT automation. | +|   | AWS Personal Health Dashboard | [Azure Resource Health](/azure/resource-health/resource-health-overview) | Provides detailed information about the health of resources as well as recommended actions for maintaining resource health. | +|   | Third Party | [Azure Storage Explorer](http://storageexplorer.com/) | Standalone app from Microsoft that allows you to easily work with Azure Storage data on Windows, Mac OS, and Linux. | ## Mobile services -| Area | AWS service | Azure service | Description | -|--------------------------------|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Pro app development | Mobile Hub | [Mobile Apps](https://azure.microsoft.com/services/app-service/mobile/)

[Xamarin Apps](https://azure.microsoft.com/features/xamarin/) | Provides backend mobile services for rapid development of mobile solutions, identity management, data synchronization, and storage and notifications across devices. | -| ** ** | Mobile SDK | [Mobile Apps](https://azure.microsoft.com/services/app-service/mobile/) | Provides the technology to rapidly build cross-platform and native apps for mobile devices. | -| ** ** | Cognito | [Mobile Apps](https://azure.microsoft.com/services/app-service/mobile/) | Provides authentication capabilities for mobile applications. | -| App testing | AWS Device Farm | [Xamarin Test Cloud (front end)](https://www.xamarin.com/test-cloud) | Provides services to support testing mobile applications. | -| Analytics | Mobile Analytics | [HockeyApp](https://azure.microsoft.com/services/hockeyapp/)

[Application Insights](https://azure.microsoft.com/services/application-insights/) | Supports monitoring, and feedback collection for the debugging and analysis of a mobile application service quality. | -| Enterprise mobility management | None | [Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) | Provides mobile device management, mobile application management, and PC management capabilities from the cloud. | - +| Area | AWS service | Azure service | Description | +|--------------------------------|------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Pro app development | Mobile Hub | [Mobile Apps](https://azure.microsoft.com/services/app-service/mobile/)

[Xamarin Apps](https://azure.microsoft.com/features/xamarin/) | Provides backend mobile services for rapid development of mobile solutions, identity management, data synchronization, and storage and notifications across devices. | +|   | Mobile SDK | [Mobile Apps](https://azure.microsoft.com/services/app-service/mobile/) | Provides the technology to rapidly build cross-platform and native apps for mobile devices. | +|   | Cognito | [Mobile Apps](https://azure.microsoft.com/services/app-service/mobile/) | Provides authentication capabilities for mobile applications. | +| App testing | AWS Device Farm | [Xamarin Test Cloud (front end)](https://www.xamarin.com/test-cloud) | Provides services to support testing mobile applications. | +| Analytics | Mobile Analytics | [HockeyApp](https://azure.microsoft.com/services/hockeyapp/)

[Application Insights](https://azure.microsoft.com/services/application-insights/) | Supports monitoring, and feedback collection for the debugging and analysis of a mobile application service quality. | +| Enterprise mobility management | None | [Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) | Provides mobile device management, mobile application management, and PC management capabilities from the cloud. | ## Security, identity, and access -| Area | AWS service | Azure service | Description | -|----------------------------------|----------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Authentication and authorization | Identity and Access Management (IAM) | [Azure Active Directory](https://azure.microsoft.com/documentation/articles/role-based-access-control-configure/)

[Azure Active Directory Premium](https://www.microsoft.com/cloud-platform/azure-active-directory) | Allows users to securely control access to services and resources while offering data security and protection. Create and manage users and groups, and use permissions to allow and deny access to resources. | -| ** ** | AWS Organizations | [Azure Subscription and Service Management + Azure RBAC](/azure/azure-subscription-service-limits) | Security policy and role management for working with multiple accounts. | -| ** ** | Multi-Factor Authentication | [Multi-Factor Authentication](https://azure.microsoft.com/services/multi-factor-authentication/) | Helps safeguard access to data and applications while meeting user demand for a simple sign-in process. It delivers strong authentication with a range of verification options, allowing users to choose the method they prefer. | -| Information protection | None | [Azure Information Protection](https://www.microsoft.com/cloud-platform/azure-information-protection) | Service to help control and secure email, documents, and sensitive data that you share outside your company walls. | -| Encryption | Server-side encryption with Amazon S3 Key Management Service | [Azure Storage Service Encryption](/azure/storage/storage-service-encryption) | Helps you protect and safeguard your data and meet your organizational security and compliance commitments. | -| ** ** | Key Management Service

CloudHSM | [Key Vault](https://azure.microsoft.com/services/key-vault/) | Provides security solution and works with other services by providing a way to manage, create, and control encryption keys stored in hardware security modules (HSM). | -| Firewall | Web Application Firewall | [Application Gateway Web Application Firewall (preview)](https://azure.microsoft.com/updates/application-gateway-web-application-firewall-in-public-preview/) | A firewall that protects web applications from common web exploits. Users can define customizable web security rules. | -| Security | Inspector | [Security Center](https://azure.microsoft.com/services/security-center/) | An automated security assessment service that improves the security and compliance of applications. Automatically assess applications for vulnerabilities or deviations from best practices. | -| ** ** | Certificate Manager | [App Service Certificates available on the Portal](https://azure.microsoft.com/blog/internals-of-app-service-certificate/) | Service that allows customers to create, manage and consume certificates seamlessly in the cloud. | -| Directory services | AWS Directory Service + Windows Server Active Directory on AWS | [Azure Active Directory Domain Services + Windows Server Active Directory on Azure IaaS](https://azure.microsoft.com/services/active-directory/) | Comprehensive identity and access management cloud solution that provides a robust set of capabilities to manage users and groups. It helps secure access to on-premises and cloud applications, including Microsoft online services like Office 365 and many non-Microsoft SaaS applications. | -| ** ** | Cognito | [Azure Active Directory B2C](https://azure.microsoft.com/services/active-directory-b2c/) | A highly available, global, identity management service for consumer-facing applications that scales to hundreds of millions of identities. | -| ** ** | AWS Directory Service | [Windows Server Active Directory](https://azure.microsoft.com/services/active-directory-ds/) | Services for supporting Microsoft Active Directory in the cloud. | -| Compliance | AWS Artifact | [Microsoft Service Trust Portal](https://www.microsoft.com/TrustCenter/STP/default.aspx) | Provides access to audit reports, compliance guides, and trust documents from across cloud services. | -| Security | AWS Shield | [Azure DDos Protection Service (Preview)](https://azure.microsoft.com/blog/azure-ddos-protection-service-preview/) | Provides cloud services with protection from distributed denial of services (DDoS) attacks. | - +| Area | AWS service | Azure service | Description | +|----------------------------------|----------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Authentication and authorization | Identity and Access Management (IAM) | [Azure Active Directory](https://azure.microsoft.com/documentation/articles/role-based-access-control-configure/)

[Azure Active Directory Premium](https://www.microsoft.com/cloud-platform/azure-active-directory) | Allows users to securely control access to services and resources while offering data security and protection. Create and manage users and groups, and use permissions to allow and deny access to resources. | +|   | AWS Organizations | [Azure Subscription and Service Management + Azure RBAC](/azure/azure-subscription-service-limits) | Security policy and role management for working with multiple accounts. | +|   | Multi-Factor Authentication | [Multi-Factor Authentication](https://azure.microsoft.com/services/multi-factor-authentication/) | Helps safeguard access to data and applications while meeting user demand for a simple sign-in process. It delivers strong authentication with a range of verification options, allowing users to choose the method they prefer. | +| Information protection | None | [Azure Information Protection](https://www.microsoft.com/cloud-platform/azure-information-protection) | Service to help control and secure email, documents, and sensitive data that you share outside your company walls. | +| Encryption | Server-side encryption with Amazon S3 Key Management Service | [Azure Storage Service Encryption](/azure/storage/storage-service-encryption) | Helps you protect and safeguard your data and meet your organizational security and compliance commitments. | +|   | Key Management Service

CloudHSM | [Key Vault](https://azure.microsoft.com/services/key-vault/) | Provides security solution and works with other services by providing a way to manage, create, and control encryption keys stored in hardware security modules (HSM). | +| Firewall | Web Application Firewall | [Application Gateway Web Application Firewall (preview)](https://azure.microsoft.com/updates/application-gateway-web-application-firewall-in-public-preview/) | A firewall that protects web applications from common web exploits. Users can define customizable web security rules. | +| Security | Inspector | [Security Center](https://azure.microsoft.com/services/security-center/) | An automated security assessment service that improves the security and compliance of applications. Automatically assess applications for vulnerabilities or deviations from best practices. | +|   | Certificate Manager | [App Service Certificates available on the Portal](https://azure.microsoft.com/blog/internals-of-app-service-certificate/) | Service that allows customers to create, manage and consume certificates seamlessly in the cloud. | +| Directory services | AWS Directory Service + Windows Server Active Directory on AWS | [Azure Active Directory Domain Services + Windows Server Active Directory on Azure IaaS](https://azure.microsoft.com/services/active-directory/) | Comprehensive identity and access management cloud solution that provides a robust set of capabilities to manage users and groups. It helps secure access to on-premises and cloud applications, including Microsoft online services like Office 365 and many non-Microsoft SaaS applications. | +|   | Cognito | [Azure Active Directory B2C](https://azure.microsoft.com/services/active-directory-b2c/) | A highly available, global, identity management service for consumer-facing applications that scales to hundreds of millions of identities. | +|   | AWS Directory Service | [Windows Server Active Directory](https://azure.microsoft.com/services/active-directory-ds/) | Services for supporting Microsoft Active Directory in the cloud. | +| Compliance | AWS Artifact | [Microsoft Service Trust Portal](https://www.microsoft.com/TrustCenter/STP/default.aspx) | Provides access to audit reports, compliance guides, and trust documents from across cloud services. | +| Security | AWS Shield | [Azure DDos Protection Service (Preview)](https://azure.microsoft.com/blog/azure-ddos-protection-service-preview/) | Provides cloud services with protection from distributed denial of services (DDoS) attacks. | ## Developer tools -| Area | AWS service | Azure service | Description | -|--------------------------------------|----------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Media transcoding | Elastic Transcoder | [Media Services](https://azure.microsoft.com/services/media-services/) | Services that offer broadcast-quality video streaming services, including various transcoding technologies. | -| Email | Simple Email Service (SES) | [Marketplace—Email](https://azuremarketplace.microsoft.com/marketplace/apps?page=1&search=Email) | Services for integrating email functionality into applications. | -| Messaging | Simple Queue Service (SQS) | [Azure Queue Storage](https://azure.microsoft.com/services/storage/queues/) | Provides a managed message queueing service for communicating between decoupled application components. | -| Messaging | Simple Queue Service (SQS) | [Service Bus Queues, Topics, Relays](/azure/service-bus-messaging/service-bus-queues-topics-subscriptions) | Supports a set of cloud-based, message-oriented middleware technologies including reliable message queuing and durable publish/subscribe messaging. | -| Workflow | Simple Workflow Service (SWF) | [Logic Apps](https://azure.microsoft.com/services/logic-apps/) | Serverless technology for connecting apps, data and devices anywhere—on-premises or in the cloud for large ecosystems of SaaS and cloud based connectors. | -| API management | API Gateway | [API Management](https://azure.microsoft.com/services/api-management/) | A turnkey solution for publishing APIs to external and internal consumers. | -| ** ** | Elastic Beanstalk | [Web Apps (App Service)](https://azure.microsoft.com/services/app-service/web/)

[Cloud Services](https://azure.microsoft.com/services/cloud-services/)

[API Apps (App Service)](https://azure.microsoft.com/services/app-service/api/) | Managed hosting platforms providing easy to use services for deploying and scaling web applications and services. | -| ** ** | CodeDeploy

CodeCommit

CodePipeline | [Visual Studio Team Services](https://www.visualstudio.com/team-services/) | Developer tools for scripting application deployment. | -| ** ** | AWS Developer Tools | [Azure Developer Tools](https://azure.microsoft.com/tools/) | Collection of tools for building, debugging, deploying, diagnosing, and managing multi-platform, scalable apps and services. | -| ** ** |   | [Power Apps](https://powerapps.microsoft.com/) | Technology to rapidly build business solutions, connecting to existing services and data sources such as Excel, SharePoint, Dynamics 365, and more using a visual designer. | -| App testing | None | [Azure DevTest Labs (backend)](https://azure.microsoft.com/solutions/dev-test/) | Testing technology to build out heterogeneous solutions for testing cross-platform functionality to your dev/test environment. Integrates to a full DevOps Continuous Integration/Deployment with Visual Studio Online service and 3rd parties such as Jenkins, Chef, Puppet, CloudTest Lite, Octopus Deploy, and others. | -| App customer payment service | Amazon Flexible Payment Service and Amazon Dev Pay | None | Cloud service that provides developers a payment service for their cloud based applications. | -| Game development (cloud-based tools) | GameLift | None | AWS managed service for hosting dedicated game servers. | -| ** ** | Lumberyard | None | Game engine integrated with AWS and Twitch. | -| DevOps | AWS CodeBuild | [Visual Studio Team Services](https://azure.microsoft.com/services/visual-studio-team-services/) | Fully managed build service that supports continuous integration and deployment. | -| Backend process logic | AWS Step Functions | [Logic Apps](https://azure.microsoft.com/services/logic-apps/) | Cloud technology to build distributed applications using out-of-the-box connectors to reduce integration challenges. Connect apps, data and devices on-premises or in the cloud. | -| Programmatic access | Command Line Interface | [Azure Command Line Interface (CLI)](https://azure.microsoft.com/documentation/articles/xplat-cli-install/)

[Azure PowerShell](https://azure.microsoft.com/documentation/articles/powershell-install-configure/) | Built on top of the native REST API across all cloud services, various programming language-specific wrappers provide easier ways to create solutions. | -| Predefined templates | AWS Quick Start | [Azure Quickstart templates](https://azure.microsoft.com/documentation/templates/) | Community-led templates for creating and deploying virtual machine–based solutions. | +| Area | AWS service | Azure service | Description | +|--------------------------------------|--------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Media transcoding | Elastic Transcoder | [Media Services](https://azure.microsoft.com/services/media-services/) | Services that offer broadcast-quality video streaming services, including various transcoding technologies. | +| Email | Simple Email Service (SES) | [Marketplace—Email](https://azuremarketplace.microsoft.com/marketplace/apps?page=1&search=Email) | Services for integrating email functionality into applications. | +| Messaging | Simple Queue Service (SQS) | [Azure Queue Storage](https://azure.microsoft.com/services/storage/queues/) | Provides a managed message queueing service for communicating between decoupled application components. | +| Messaging | Simple Queue Service (SQS) | [Service Bus Queues, Topics, Relays](/azure/service-bus-messaging/service-bus-queues-topics-subscriptions) | Supports a set of cloud-based, message-oriented middleware technologies including reliable message queuing and durable publish/subscribe messaging. | +| Workflow | Simple Workflow Service (SWF) | [Logic Apps](https://azure.microsoft.com/services/logic-apps/) | Serverless technology for connecting apps, data and devices anywhere—on-premises or in the cloud for large ecosystems of SaaS and cloud based connectors. | +| API management | API Gateway | [API Management](https://azure.microsoft.com/services/api-management/) | A turnkey solution for publishing APIs to external and internal consumers. | +|   | Elastic Beanstalk | [Web Apps (App Service)](https://azure.microsoft.com/services/app-service/web/)

[Cloud Services](https://azure.microsoft.com/services/cloud-services/)

[API Apps (App Service)](https://azure.microsoft.com/services/app-service/api/) | Managed hosting platforms providing easy to use services for deploying and scaling web applications and services. | +|   | CodeDeploy

CodeCommit

CodePipeline | [Visual Studio Team Services](https://www.visualstudio.com/team-services/) | Developer tools for scripting application deployment. | +|   | AWS Developer Tools | [Azure Developer Tools](https://azure.microsoft.com/tools/) | Collection of tools for building, debugging, deploying, diagnosing, and managing multi-platform, scalable apps and services. | +|   |   | [Power Apps](https://powerapps.microsoft.com/) | Technology to rapidly build business solutions, connecting to existing services and data sources such as Excel, SharePoint, Dynamics 365, and more using a visual designer. | +| App testing | None | [Azure DevTest Labs (backend)](https://azure.microsoft.com/solutions/dev-test/) | Testing technology to build out heterogeneous solutions for testing cross-platform functionality to your dev/test environment. Integrates to a full DevOps Continuous Integration/Deployment with Visual Studio Online service and 3rd parties such as Jenkins, Chef, Puppet, CloudTest Lite, Octopus Deploy, and others. | +| App customer payment service | Amazon Flexible Payment Service and Amazon Dev Pay | None | Cloud service that provides developers a payment service for their cloud based applications. | +| Game development (cloud-based tools) | GameLift | None | AWS managed service for hosting dedicated game servers. | +|   | Lumberyard | None | Game engine integrated with AWS and Twitch. | +| DevOps | AWS CodeBuild | [Visual Studio Team Services](https://azure.microsoft.com/services/visual-studio-team-services/) | Fully managed build service that supports continuous integration and deployment. | +| Backend process logic | AWS Step Functions | [Logic Apps](https://azure.microsoft.com/services/logic-apps/) | Cloud technology to build distributed applications using out-of-the-box connectors to reduce integration challenges. Connect apps, data and devices on-premises or in the cloud. | +| Programmatic access | Command Line Interface | [Azure Command Line Interface (CLI)](https://azure.microsoft.com/documentation/articles/xplat-cli-install/)

[Azure PowerShell](https://azure.microsoft.com/documentation/articles/powershell-install-configure/) | Built on top of the native REST API across all cloud services, various programming language-specific wrappers provide easier ways to create solutions. | +| Predefined templates | AWS Quick Start | [Azure Quickstart templates](https://azure.microsoft.com/documentation/templates/) | Community-led templates for creating and deploying virtual machine–based solutions. | ## Enterprise integration -| Area | AWS service | Azure service | Description | -|--------------------------------------|---------------------------------|-----------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Enterprise app integration | None | [Logic Apps](https://azure.microsoft.com/services/logic-apps/) | Provides out-of-the box line-of-business application integration for SAP, Oracle, SQL Server, and Websphere MQ. Connect apps, data, and devices on-premises or in the cloud with our large ecosystem of SaaS and cloud-based connectors, including Salesforce, Office 365, Twitter, Dropbox, Google Services, and more. | -| Enterprise application services | None | [Dynamics 365](https://www.microsoft.com/dynamics365/home) | Dynamics 365 delivers the full spectrum of CRM through five individual apps— Sales, Customer Service, Field Service, Project Service Automation, and Marketing —that work seamlessly together. | -| ** ** | Amazon WorkMail

Amazon WorkDocs | [Office 365](https://products.office.com/) | Fully integrated Cloud service providing communications, email, document management in the cloud and available on a wide variety of devices. | -| Content management in the cloud | None | [SharePoint Online](https://products.office.com/sharepoint) | Provides a collaborative way for individuals, teams, and organizations to intelligently discover, share, and collaborate on content from anywhere and on any device. | -| Commercial PAAS-IAAS-DBaaS framework | None | [Azure Stack](https://azure.microsoft.com/overview/azure-stack/) | A hybrid cloud platform that lets you deliver Azure services from your organization’s datacenter. | +| Area | AWS service | Azure service | Description | +|--------------------------------------|-------------------------------------------|------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Enterprise app integration | None | [Logic Apps](https://azure.microsoft.com/services/logic-apps/) | Provides out-of-the box line-of-business application integration for SAP, Oracle, SQL Server, and Websphere MQ. Connect apps, data, and devices on-premises or in the cloud with our large ecosystem of SaaS and cloud-based connectors, including Salesforce, Office 365, Twitter, Dropbox, Google Services, and more. | +| Enterprise application services | None | [Dynamics 365](https://www.microsoft.com/dynamics365/home) | Dynamics 365 delivers the full spectrum of CRM through five individual apps— Sales, Customer Service, Field Service, Project Service Automation, and Marketing —that work seamlessly together. | +|   | Amazon WorkMail

Amazon WorkDocs | [Office 365](https://products.office.com/) | Fully integrated Cloud service providing communications, email, document management in the cloud and available on a wide variety of devices. | +| Content management in the cloud | None | [SharePoint Online](https://products.office.com/sharepoint) | Provides a collaborative way for individuals, teams, and organizations to intelligently discover, share, and collaborate on content from anywhere and on any device. | +| Commercial PAAS-IAAS-DBaaS framework | None | [Azure Stack](https://azure.microsoft.com/overview/azure-stack/) | A hybrid cloud platform that lets you deliver Azure services from your organization’s datacenter. | + diff --git a/docs/best-practices/monitoring.md b/docs/best-practices/monitoring.md index 5c501d1f8f3..391c340446d 100644 --- a/docs/best-practices/monitoring.md +++ b/docs/best-practices/monitoring.md @@ -88,6 +88,7 @@ All timeouts, network connectivity failures, and connection retry attempts must + ### Analyzing availability data The instrumentation data must be aggregated and correlated to support the following types of analysis: @@ -199,6 +200,7 @@ A feature of security monitoring is the variety of sources from which the data a + ## SLA monitoring Many commercial systems that support paying customers make guarantees about the performance of the system in the form of SLAs. Essentially, SLAs state that the system can handle a defined volume of work within an agreed time frame and without losing critical information. SLA monitoring is concerned with ensuring that the system can meet measurable SLAs. @@ -313,6 +315,7 @@ For metering purposes, you also need to be able to identify which users are resp + ## Issue tracking Customers and other users might report issues if unexpected events or behavior occurs in the system. Issue tracking is concerned with managing these issues, associating them with efforts to resolve any underlying problems in the system, and informing customers of possible resolutions. @@ -392,16 +395,16 @@ Security issues might occur at any point in the system. For example, a user migh The section [Instrumenting an application](#instrumenting-an-application) contains more guidance on the information that you should capture. But you can use a variety of strategies to gather this information: * **Application/system monitoring**. This strategy uses internal sources within the application, application frameworks, operating system, and infrastructure. The application code can generate its own monitoring data at notable points during the lifecycle of a client request. The application can include tracing statements that might be selectively enabled or disabled as circumstances dictate. It might also be possible to inject diagnostics dynamically by using a diagnostics framework. These frameworks typically provide plug-ins that can attach to various instrumentation points in your code and capture trace data at these points. - + Additionally, your code and/or the underlying infrastructure might raise events at critical points. Monitoring agents that are configured to listen for these events can record the event information. * **Real user monitoring**. This approach records the interactions between a user and the application and observes the flow of each request and response. This information can have a two-fold purpose: it can be used for metering usage by each user, and it can be used to determine whether users are receiving a suitable quality of service (for example, fast response times, low latency, and minimal errors). You can use the captured data to identify areas of concern where failures occur most often. You can also use the data to identify elements where the system slows down, possibly due to hotspots in the application or some other form of bottleneck. If you implement this approach carefully, it might be possible to reconstruct users' flows through the application for debugging and testing purposes. - + > [!IMPORTANT] > You should consider the data that's captured by monitoring real users to be highly sensitive because it might include confidential material. If you save captured data, store it securely. If you want to use the data for performance monitoring or debugging purposes, strip out all personally identifiable information first. > > * **Synthetic user monitoring**. In this approach, you write your own test client that simulates a user and performs a configurable but typical series of operations. You can track the performance of the test client to help determine the state of the system. You can also use multiple instances of the test client as part of a load-testing operation to establish how the system responds under stress, and what sort of monitoring output is generated under these conditions. - + > [!NOTE] > You can implement real and synthetic user monitoring by including code that traces and times the execution of method calls and other critical parts of an application. > @@ -413,6 +416,7 @@ For maximum coverage, you should use a combination of these techniques. + ## Instrumenting an application Instrumentation is a critical part of the monitoring process. You can make meaningful decisions about the performance and health of a system only if you first capture the data that enables you to make these decisions. The information that you gather by using instrumentation should be sufficient to enable you to assess performance, diagnose problems, and make decisions without requiring you to sign in to a remote production server to perform tracing (and debugging) manually. Instrumentation data typically comprises metrics and information that's written to trace logs. @@ -429,6 +433,7 @@ Metrics will generally be a measure or count of some aspect or resource in the s + ### Information for correlating data You can easily monitor individual system-level performance counters, capture metrics for resources, and obtain application trace information from various log files. But some forms of monitoring require the analysis and diagnostics stage in the monitoring pipeline to correlate the data that's retrieved from several sources. This data might take several forms in the raw data, and the analysis process must be provided with sufficient instrumentation data to be able to map these different forms. For example, at the application framework level, a task might be identified by a thread ID. Within an application, the same work might be associated with the user ID for the user who is performing that task. @@ -537,6 +542,7 @@ For scalability, you can run multiple instances of the storage writing service. + #### *Consolidating instrumentation data* The instrumentation data that the data-collection service retrieves from a single instance of an application gives a localized view of the health and performance of that instance. To assess the overall health of the system, it's necessary to consolidate some aspects of the data in the local views. You can perform this after the data has been stored, but in some cases, you can also achieve it as the data is collected. Rather than being written directly to shared storage, the instrumentation data can pass through a separate data consolidation service that combines data and acts as a filter and cleanup process. For example, instrumentation data that includes the same correlation information such as an activity ID can be amalgamated. (It's possible that a user starts performing a business operation on one node and then gets transferred to another node in the event of node failure, or depending on how load balancing is configured.) This process can also detect and remove any duplicated data (always a possibility if the telemetry service uses message queues to push instrumentation data out to storage). Figure 5 illustrates an example of this structure. @@ -591,6 +597,7 @@ As described in the section [Consolidating instrumentation data](#consolidating- + ### Supporting hot, warm, and cold analysis Analyzing and reformatting data for visualization, reporting, and alerting purposes can be a complex process that consumes its own set of resources. Some forms of monitoring are time-critical and require immediate analysis of data to be effective. This is known as *hot analysis*. Examples include the analyses that are required for alerting and some aspects of security monitoring (such as detecting an attack on the system). Data that's required for these purposes must be quickly available and structured for efficient processing. In some cases, it might be necessary to move the analysis processing to the individual nodes where the data is held. diff --git a/docs/best-practices/retry-service-specific.md b/docs/best-practices/retry-service-specific.md index 6ead3be831a..84ff32628d5 100644 --- a/docs/best-practices/retry-service-specific.md +++ b/docs/best-practices/retry-service-specific.md @@ -474,7 +474,6 @@ public async static Task ExecuteReaderWithRetryAsync(this SqlComm }, cancellationToken); } - ``` This asynchronous extension method can be used as follows. @@ -788,7 +787,7 @@ namespace RetryCodeSamples try { var retryTimeInMilliseconds = TimeSpan.FromSeconds(4).Milliseconds; // delay between retries - + // Using object-based configuration. var options = new ConfigurationOptions { diff --git a/docs/building-blocks/extending-templates/collector.md b/docs/building-blocks/extending-templates/collector.md index 2d48462c99e..d0005854fa9 100644 --- a/docs/building-blocks/extending-templates/collector.md +++ b/docs/building-blocks/extending-templates/collector.md @@ -302,6 +302,7 @@ Finally, our `Microsoft.Network/networkSecurityGroups` resource directly assigns * This technique is implemented in the [template building blocks project](https://github.com/mspnp/template-building-blocks) and the [Azure reference architectures](/azure/architecture/reference-architectures/). You can use these to create your own architecture or deploy one of our reference architectures. + [objects-as-parameters]: ./objects-as-parameters.md [resource-manager-linked-template]: /azure/azure-resource-manager/resource-group-linked-templates [resource-manager-variables]: /azure/azure-resource-manager/resource-group-template-functions-deployment diff --git a/docs/building-blocks/extending-templates/conditional-deploy.md b/docs/building-blocks/extending-templates/conditional-deploy.md index ad2c8a2d334..4b21dcbcd20 100644 --- a/docs/building-blocks/extending-templates/conditional-deploy.md +++ b/docs/building-blocks/extending-templates/conditional-deploy.md @@ -120,6 +120,7 @@ Now that we've worked around the validation issue, we can simply specify the dep * This technique is implemented in the [template building blocks project](https://github.com/mspnp/template-building-blocks) and the [Azure reference architectures](/azure/architecture/reference-architectures/). You can use these to create your own architecture or deploy one of our reference architectures. + [azure-resource-manager-condition]: /azure/azure-resource-manager/resource-group-authoring-templates#resources [azure-resource-manager-variable]: /azure/azure-resource-manager/resource-group-authoring-templates#variables [vnet-peering-resource-schema]: /azure/templates/microsoft.network/virtualnetworks/virtualnetworkpeerings \ No newline at end of file diff --git a/docs/building-blocks/extending-templates/objects-as-parameters.md b/docs/building-blocks/extending-templates/objects-as-parameters.md index 4c6a447691a..fc963615b0e 100644 --- a/docs/building-blocks/extending-templates/objects-as-parameters.md +++ b/docs/building-blocks/extending-templates/objects-as-parameters.md @@ -291,7 +291,6 @@ Now let's take a look at our template. Our first resource named `NSG1` deploys t ], "outputs": {} } - ``` Let's take a closer look at how we specify our property values in the `securityRules` child resource. All of our properties are referenced using the `parameter()` function, and then we use the dot operator to reference our `securityRules` array, indexed by the current value of the iteration. Finally, we use another dot operator to reference the name of the object. @@ -300,18 +299,18 @@ Let's take a closer look at how we specify our property values in the `securityR If you would like to experiment with this template, follow these steps: -1. Go to the Azure portal, select the **+** icon, and search for the **template deployment** resource type, and select it. -2. Navigate to the **template deployment** page, select the **create** button. This button opens the **custom deployment** blade. -3. Select the **edit template** button. -4. Delete the empty template. -5. Copy and paste the sample template into the right pane. -6. Select the **save** button. -7. When you are returned to the **custom deployment** pane, select the **edit parameters** button. +1. Go to the Azure portal, select the **+** icon, and search for the **template deployment** resource type, and select it. +2. Navigate to the **template deployment** page, select the **create** button. This button opens the **custom deployment** blade. +3. Select the **edit template** button. +4. Delete the empty template. +5. Copy and paste the sample template into the right pane. +6. Select the **save** button. +7. When you are returned to the **custom deployment** pane, select the **edit parameters** button. 8. On the **edit parameters** blade, delete the existing template. 9. Copy and paste the sample parameter template from above. 10. Select the **save** button, which returns you to the **custom deployment** blade. 11. On the **custom deployment** blade, select your subscription, either create new or use existing resource group, and select a location. Review the terms and conditions, and select the **I agree** checkbox. -12. Select the **purchase** button. +12. Select the **purchase** button. ## Next steps @@ -319,6 +318,7 @@ If you would like to experiment with this template, follow these steps: * This technique is also implemented in the [template building blocks project](https://github.com/mspnp/template-building-blocks) and the [Azure reference architectures](/azure/architecture/reference-architectures/). You can review our templates to see how we've implemented this technique. + [azure-resource-manager-authoring-templates]: /azure/azure-resource-manager/resource-group-authoring-templates [azure-resource-manager-create-template]: /azure/azure-resource-manager/resource-manager-create-first-template [azure-resource-manager-create-multiple-instances]: /azure/azure-resource-manager/resource-group-create-multiple diff --git a/docs/building-blocks/extending-templates/update-resource.md b/docs/building-blocks/extending-templates/update-resource.md index b7bd9abaff5..b6a649f38fa 100644 --- a/docs/building-blocks/extending-templates/update-resource.md +++ b/docs/building-blocks/extending-templates/update-resource.md @@ -120,14 +120,14 @@ Let's take a look at the resource object for our `firstVNet` resource first. Not If you would like to experiment with this template, follow these steps: -1. Go to the Azure portal, select the **+** icon, and search for the **template deployment** resource type, and select it. -2. Navigate to the **template deployment** page, select the **create** button. This button opens the **custom deployment** blade. -3. Select the **edit** icon. -4. Delete the empty template. -5. Copy and paste the sample template into the right pane. -6. Select the **save** button. -7. You return to the **custom deployment** pane, but this time there are some drop-down list boxes. Select your subscription, either create new or use existing resource group, and select a location. Review the terms and conditions, then select the **I agree** button. -8. Select the **purchase** button. +1. Go to the Azure portal, select the **+** icon, and search for the **template deployment** resource type, and select it. +2. Navigate to the **template deployment** page, select the **create** button. This button opens the **custom deployment** blade. +3. Select the **edit** icon. +4. Delete the empty template. +5. Copy and paste the sample template into the right pane. +6. Select the **save** button. +7. You return to the **custom deployment** pane, but this time there are some drop-down list boxes. Select your subscription, either create new or use existing resource group, and select a location. Review the terms and conditions, then select the **I agree** button. +8. Select the **purchase** button. Once deployment has finished, open the resource group you specified in the portal. You see a virtual network named `firstVNet` and a NIC named `nic1`. Click `firstVNet`, then click `subnets`. You see the `firstSubnet` that was originally created, and you see the `secondSubnet` that was added in the `updateVNet` resource. diff --git a/docs/checklist/availability.md b/docs/checklist/availability.md index 0683f8cf4b1..e750104b7bc 100644 --- a/docs/checklist/availability.md +++ b/docs/checklist/availability.md @@ -75,4 +75,5 @@ Availability is the proportion of time that a system is functional and working, **Plan for disaster recovery.** Create an accepted, fully-tested plan for recovery from any type of failure that may affect system availability. Choose a multi-site disaster recovery architecture for any mission-critical applications. Identify a specific owner of the disaster recovery plan, including automation and testing. Ensure the plan is well-documented, and automate the process as much as possible. Establish a backup strategy for all reference and transactional data, and test the restoration of these backups regularly. Train operations staff to execute the plan, and perform regular disaster simulations to validate and improve the plan. + [availability-sets]:/azure/virtual-machines/virtual-machines-windows-manage-availability/ diff --git a/docs/checklist/dev-ops.md b/docs/checklist/dev-ops.md index 0e6432c37cf..d58a4354673 100644 --- a/docs/checklist/dev-ops.md +++ b/docs/checklist/dev-ops.md @@ -126,7 +126,7 @@ Shared documentation is critical. Encourage team members to contribute and share **Follow least-privilege principles when granting access to resources.** Carefully manage access to resources. Access should be denied by default, unless a user is explicitly given access to a resource. Only grant a user access to what they need to complete their tasks. Track user permissions and perform regular security audits. -**Use role-based access control.** Assigning user accounts and access to resources should not be a manual process. Use [Role-Based Access Control][rbac] (RBAC) grant access based on [Azure Active Directory][azure-ad] identities and groups. +Use role-based access control. Assigning user accounts and access to resources should not be a manual process. Use [Role-Based Access Control][rbac] (RBAC) grant access based on [Azure Active Directory][azure-ad] identities and groups. **Use a bug tracking system to track issues.** Without a good way to track issues, it's easy to miss items, duplicate work, or introduce additional problems. Don't rely on informal person-to-person communication to track the status of bugs. Use a bug tracking tool to record details about problems, assign resources to address them, and provide an audit trail of progress and status. diff --git a/docs/checklist/resiliency-per-service.md b/docs/checklist/resiliency-per-service.md index 19789485c10..39fd023906b 100644 --- a/docs/checklist/resiliency-per-service.md +++ b/docs/checklist/resiliency-per-service.md @@ -138,6 +138,7 @@ If you are using Redis Cache as a temporary data cache and not as a persistent s **Enable Load Balancer logging.** The logs show how many VMs on the back-end are not receiving network traffic due to failed probe responses. For more information, see [Log analytics for Azure Load Balancer](/azure/load-balancer/load-balancer-monitor-log/). + [boot-diagnostics]: https://azure.microsoft.com/blog/boot-diagnostics-for-virtual-machines-v2/ [diagnostics-logs]: /azure/monitoring-and-diagnostics/monitoring-overview-of-diagnostic-logs/ [managed-disks]: /azure/storage/storage-managed-disks-overview diff --git a/docs/checklist/resiliency.md b/docs/checklist/resiliency.md index 6352ca3dac4..9b47b8a3d63 100644 --- a/docs/checklist/resiliency.md +++ b/docs/checklist/resiliency.md @@ -158,6 +158,7 @@ Resiliency is the ability of a system to recover from failures and continue to f + [app-service-autoscale]: /azure/monitoring-and-diagnostics/insights-how-to-scale/ [asynchronous-c-sharp]: /dotnet/articles/csharp/async [availability-sets]:/azure/virtual-machines/virtual-machines-windows-manage-availability/ diff --git a/docs/cloud-adoption-guide/adoption-intro/subscription-explainer.md b/docs/cloud-adoption-guide/adoption-intro/subscription-explainer.md index 3154fd99ff2..0fcea77de85 100644 --- a/docs/cloud-adoption-guide/adoption-intro/subscription-explainer.md +++ b/docs/cloud-adoption-guide/adoption-intro/subscription-explainer.md @@ -19,6 +19,7 @@ Organizations can use subscriptions to manage costs and creation of resource by * Now that you have learned about Azure subscriptions, learn more about [creating a subscription](subscription.md) before you create your first Azure resources.. + [azure-get-started]: https://azure.microsoft.com/get-started/ [azure-offers]: https://azure.microsoft.com/support/legal/offer-details/ [azure-free-trial]: https://azure.microsoft.com/offers/ms-azr-0044p/ diff --git a/docs/cloud-adoption-guide/adoption-intro/tenant-explainer.md b/docs/cloud-adoption-guide/adoption-intro/tenant-explainer.md index 3e35fd12789..3bff9c2661b 100644 --- a/docs/cloud-adoption-guide/adoption-intro/tenant-explainer.md +++ b/docs/cloud-adoption-guide/adoption-intro/tenant-explainer.md @@ -21,4 +21,5 @@ Most enterprises already have at least one identity management service, typicall * Now that you have learned about Azure AD tenants, the first step in the foundational adoption stage is to learn [how to get an Azure Active Directory tenant][how-to-get-aad-tenant]. Then review the [design guidance for Azure AD tenants](tenant.md). + [how-to-get-aad-tenant]: /azure/active-directory/develop/active-directory-howto-tenant?toc=/azure/architecture/cloud-adoption-guide/toc.json \ No newline at end of file diff --git a/docs/data-guide/technology-choices/analytical-data-stores.md b/docs/data-guide/technology-choices/analytical-data-stores.md index e88a309f11e..05c29c5a34b 100644 --- a/docs/data-guide/technology-choices/analytical-data-stores.md +++ b/docs/data-guide/technology-choices/analytical-data-stores.md @@ -61,12 +61,12 @@ The following tables summarize the key differences in capabilities. ### Scalability capabilities -| | SQL Database | SQL Data Warehouse | HBase/Phoenix on HDInsight | Hive LLAP on HDInsight | Azure Analysis Services | Cosmos DB | -| --- | --- | --- | --- | --- | --- | --- | -| Redundant regional servers for high availability | Yes | Yes | Yes | No | No | Yes | Yes | -| Supports query scale out | No | Yes | Yes | Yes | Yes | Yes | -| Dynamic scalability (scale up) | Yes | Yes | No | No | Yes | Yes | -| Supports in-memory caching of data | Yes | Yes | No | Yes | Yes | No | +| | SQL Database | SQL Data Warehouse | HBase/Phoenix on HDInsight | Hive LLAP on HDInsight | Azure Analysis Services | Cosmos DB | +|--------------------------------------------------|--------------|--------------------|----------------------------|------------------------|-------------------------|-----------| +| Redundant regional servers for high availability | Yes | Yes | Yes | No | No | Yes | +| Supports query scale out | No | Yes | Yes | Yes | Yes | Yes | +| Dynamic scalability (scale up) | Yes | Yes | No | No | Yes | Yes | +| Supports in-memory caching of data | Yes | Yes | No | Yes | Yes | No | ### Security capabilities diff --git a/docs/data-guide/technology-choices/batch-processing.md b/docs/data-guide/technology-choices/batch-processing.md index b68c12a59db..c30ac952165 100644 --- a/docs/data-guide/technology-choices/batch-processing.md +++ b/docs/data-guide/technology-choices/batch-processing.md @@ -49,8 +49,9 @@ The following tables summarize the key differences in capabilities. | Pricing model | Per batch job | By cluster hour | By cluster hour | By cluster hour | By cluster hour | [1] With manual configuration and scaling. - + ### Integration capabilities + | | Azure Data Lake Analytics | SQL Data Warehouse | HDInsight with Spark | HDInsight with Hive | HDInsight with Hive LLAP | | --- | --- | --- | --- | --- | --- | | Access from Azure Data Lake Store | Yes | Yes | Yes | Yes | Yes | @@ -58,6 +59,7 @@ The following tables summarize the key differences in capabilities. | Query from external relational stores | Yes | No | Yes | No | No | ### Scalability capabilities + | | Azure Data Lake Analytics | SQL Data Warehouse | HDInsight with Spark | HDInsight with Hive | HDInsight with Hive LLAP | | --- | --- | --- | --- | --- | --- | | Scale-out granularity | Per job | Per cluster | Per cluster | Per cluster | Per cluster | @@ -65,6 +67,7 @@ The following tables summarize the key differences in capabilities. | In-memory caching of data | No | Yes | Yes | No | Yes | ### Security capabilities + | | Azure Data Lake Analytics | SQL Data Warehouse | HDInsight with Spark | Apache Hive on HDInsight | Hive LLAP on HDInsight | | --- | --- | --- | --- | --- | --- | | Authentication | Azure Active Directory (Azure AD) | SQL / Azure AD | No | local / Azure AD 1 | local / Azure AD 1 | diff --git a/docs/data-guide/technology-choices/cognitive-services.md b/docs/data-guide/technology-choices/cognitive-services.md index 05bca518abf..ca26068d611 100644 --- a/docs/data-guide/technology-choices/cognitive-services.md +++ b/docs/data-guide/technology-choices/cognitive-services.md @@ -50,35 +50,37 @@ To narrow the choices, start by answering these questions: The following tables summarize the key differences in capabilities. ### Uses prebuilt models -| | Input type | Key benefit | -| --- | --- | --- | -| Text Analytics API | Text | Evaluate sentiment and topics to understand what users want. | -| Entity Linking API| Text | Power your app's data links with named entity recognition and disambiguation. | -| Language Understanding Intelligent Service (LUIS)| Text | Teach your apps to understand commands from your users. | -| QnA Maker Service| Text | Distill FAQ formatted information into conversational, easy-to-navigate answers. | -| Linguistic Analysis API | Text | Simplify complex language concepts and parse text. | -| Knowledge Exploration Service | Text | Enable interactive search experiences over structured data via natural language inputs. | -| Web Language Model API | Text | Use predictive language models trained on web-scale data. | -| Academic Knowledge API | Text | Tap into the wealth of academic content in the Microsoft Academic Graph populated by Bing. | -| Bing Autosuggest API | Text | Give your app intelligent autosuggest options for searches. | -| Bing Spell Check API | Text | Detect and correct spelling mistakes in your app. | -| Translator Text API | Text | Machine translation. | -| Recommendations API | Text | Predict and recommend items your customers want. | -| Bing Entity Search API | Text (web search query) | Identify and augment entity information from the web. | -| Bing Image Search API | Text (web search query) | Search for images. | -| Bing News Search API | Text (web search query) | Search for news. | -| Bing Video Search API | Text (web search query) | Search for videos. | -| Bing Web Search API | Text (web search query) | Get enhanced search details from billions of web documents. |. -| Bing Speech API | Text or Speech | Convert speech to text and back again. | -| Speaker Recognition API | Speech | Use speech to identify and authenticate individual speakers. | -| Translator Speech API | Speech | Perform real-time speech translation. | -| Computer Vision API | Images (or frames from video) | Distill actionable information from images, automatically create description of photos, derive tags, recognize celebrities, extract text, and create accurate thumbnails. | -| Content Moderator | Text, Images or Video | Automated image, text, and video moderation. | -| Emotion API | Images (photos with human subjects) | Identify the range emotions of human subjects. | -| Face API | Images (photos with human subjects) | Detect, identify, analyze, organize, and tag faces in photos. | -| Video Indexer | Video | Video insights such as sentiment, transcript speech, translate speech, recognize faces and emotions, and extract keywords. | + +| | Input type | Key benefit | +|---------------------------------------------------|-------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Text Analytics API | Text | Evaluate sentiment and topics to understand what users want. | +| Entity Linking API | Text | Power your app's data links with named entity recognition and disambiguation. | +| Language Understanding Intelligent Service (LUIS) | Text | Teach your apps to understand commands from your users. | +| QnA Maker Service | Text | Distill FAQ formatted information into conversational, easy-to-navigate answers. | +| Linguistic Analysis API | Text | Simplify complex language concepts and parse text. | +| Knowledge Exploration Service | Text | Enable interactive search experiences over structured data via natural language inputs. | +| Web Language Model API | Text | Use predictive language models trained on web-scale data. | +| Academic Knowledge API | Text | Tap into the wealth of academic content in the Microsoft Academic Graph populated by Bing. | +| Bing Autosuggest API | Text | Give your app intelligent autosuggest options for searches. | +| Bing Spell Check API | Text | Detect and correct spelling mistakes in your app. | +| Translator Text API | Text | Machine translation. | +| Recommendations API | Text | Predict and recommend items your customers want. | +| Bing Entity Search API | Text (web search query) | Identify and augment entity information from the web. | +| Bing Image Search API | Text (web search query) | Search for images. | +| Bing News Search API | Text (web search query) | Search for news. | +| Bing Video Search API | Text (web search query) | Search for videos. | +| Bing Web Search API | Text (web search query) | Get enhanced search details from billions of web documents. | +| Bing Speech API | Text or Speech | Convert speech to text and back again. | +| Speaker Recognition API | Speech | Use speech to identify and authenticate individual speakers. | +| Translator Speech API | Speech | Perform real-time speech translation. | +| Computer Vision API | Images (or frames from video) | Distill actionable information from images, automatically create description of photos, derive tags, recognize celebrities, extract text, and create accurate thumbnails. | +| Content Moderator | Text, Images or Video | Automated image, text, and video moderation. | +| Emotion API | Images (photos with human subjects) | Identify the range emotions of human subjects. | +| Face API | Images (photos with human subjects) | Detect, identify, analyze, organize, and tag faces in photos. | +| Video Indexer | Video | Video insights such as sentiment, transcript speech, translate speech, recognize faces and emotions, and extract keywords. | ### Trained with custom data you provide + | | Input type | Key benefit | | --- | --- | --- | | Custom Vision Service | Images (or frames from video) | Customize your own computer vision models. | diff --git a/docs/data-guide/technology-choices/data-storage.md b/docs/data-guide/technology-choices/data-storage.md index fa44706b5ba..325e8f6ed38 100644 --- a/docs/data-guide/technology-choices/data-storage.md +++ b/docs/data-guide/technology-choices/data-storage.md @@ -105,12 +105,13 @@ The following tables summarize the key differences in capabilities. ### NoSQL database capabilities -| | Azure Cosmos DB | HBase on HDInsight | -| --- | --- | --- | -| Primary database model | Document store, graph, key-value store, wide column store | Wide column store | -| Secondary indexes | Yes | No | -| SQL language support | Yes | Yes (using the [Phoenix](http://phoenix.apache.org/) JDBC driver) | -| Consistency | Strong, bounded-staleness, session, consistent prefix, eventual | Strong | -| Native Azure Functions integration | [Yes](/azure/cosmos-db/serverless-computing-database) | No | -| Automatic global distribution | [Yes](/azure/cosmos-db/distribute-data-globally) | No [HBase cluster replication can be configured](/azure/hdinsight/hbase/apache-hbase-replication) across regions with eventual consistency | -| Pricing model | Elastically scalable request units (RUs) charged per-second as needed, elastically scalable storage | Per-minute pricing for HDInsight cluster (horizontal scaling of nodes), storage | +| | Azure Cosmos DB | HBase on HDInsight | +|------------------------------------|-----------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------| +| Primary database model | Document store, graph, key-value store, wide column store | Wide column store | +| Secondary indexes | Yes | No | +| SQL language support | Yes | Yes (using the [Phoenix](http://phoenix.apache.org/) JDBC driver) | +| Consistency | Strong, bounded-staleness, session, consistent prefix, eventual | Strong | +| Native Azure Functions integration | [Yes](/azure/cosmos-db/serverless-computing-database) | No | +| Automatic global distribution | [Yes](/azure/cosmos-db/distribute-data-globally) | No [HBase cluster replication can be configured](/azure/hdinsight/hbase/apache-hbase-replication) across regions with eventual consistency | +| Pricing model | Elastically scalable request units (RUs) charged per-second as needed, elastically scalable storage | Per-minute pricing for HDInsight cluster (horizontal scaling of nodes), storage | + diff --git a/docs/data-guide/technology-choices/data-warehouses.md b/docs/data-guide/technology-choices/data-warehouses.md index dd648f6892c..e6e9175b829 100644 --- a/docs/data-guide/technology-choices/data-warehouses.md +++ b/docs/data-guide/technology-choices/data-warehouses.md @@ -114,15 +114,15 @@ The following tables summarize the key differences in capabilities. ### Security capabilities -| | Azure SQL Database | SQL Server in a virtual machine | SQL Data Warehouse | Apache Hive on HDInsight | Hive LLAP on HDInsight | -| --- | --- | --- | --- | --- | --- | -- | -| Authentication | SQL / Azure Active Directory (Azure AD) | SQL / Azure AD / Active Directory | SQL / Azure AD | local / Azure AD 1 | local / Azure AD 1 | -| Authorization | Yes | Yes | Yes | Yes | Yes 1 | Yes 1 | -| Auditing | Yes | Yes | Yes | Yes | Yes 1 | Yes 1 | -| Data encryption at rest | Yes 2 | Yes 2 | Yes 2 | Yes 2 | Yes 1 | Yes 1 | -| Row-level security | Yes | Yes | Yes | No | Yes 1 | Yes 1 | -| Supports firewalls | Yes | Yes | Yes | Yes | Yes 3 | Yes 3 | -| Dynamic data masking | Yes | Yes | Yes | No | Yes 1 | Yes 1 | +| | Azure SQL Database | SQL Server in a virtual machine | SQL Data Warehouse | Apache Hive on HDInsight | Hive LLAP on HDInsight | +|-------------------------|-----------------------------------------|-----------------------------------|--------------------|-------------------------------|-------------------------------| +| Authentication | SQL / Azure Active Directory (Azure AD) | SQL / Azure AD / Active Directory | SQL / Azure AD | local / Azure AD 1 | local / Azure AD 1 | +| Authorization | Yes | Yes | Yes | Yes | Yes 1 | +| Auditing | Yes | Yes | Yes | Yes | Yes 1 | +| Data encryption at rest | Yes 2 | Yes 2 | Yes 2 | Yes 2 | Yes 1 | +| Row-level security | Yes | Yes | Yes | No | Yes 1 | +| Supports firewalls | Yes | Yes | Yes | Yes | Yes 3 | +| Dynamic data masking | Yes | Yes | Yes | No | Yes 1 | [1] Requires using a [domain-joined HDInsight cluster](/azure/hdinsight/domain-joined/apache-domain-joined-introduction). diff --git a/docs/data-guide/technology-choices/oltp-data-stores.md b/docs/data-guide/technology-choices/oltp-data-stores.md index 24213c8fea2..4451079b83a 100644 --- a/docs/data-guide/technology-choices/oltp-data-stores.md +++ b/docs/data-guide/technology-choices/oltp-data-stores.md @@ -44,15 +44,17 @@ To narrow the choices, start by answering these questions: The following tables summarize the key differences in capabilities. ### General capabilities -| | Azure SQL Database | SQL Server in an Azure virtual machine | Azure Database for MySQL | Azure Database for PostgreSQL | -| --- | --- | --- | --- | --- | --- | -| Is Managed Service | Yes | No | Yes | Yes | -| Runs on Platform | N/A | Windows, Linux, Docker | N/A | N/A | -| Programmability 1 | T-SQL, .NET, R | T-SQL, .NET, R, Python | T-SQL, .NET, R, Python | SQL | SQL | + +| | Azure SQL Database | SQL Server in an Azure virtual machine | Azure Database for MySQL | Azure Database for PostgreSQL | +|------------------------------|--------------------|----------------------------------------|--------------------------|-------------------------------| +| Is Managed Service | Yes | No | Yes | Yes | +| Runs on Platform | N/A | Windows, Linux, Docker | N/A | N/A | +| Programmability 1 | T-SQL, .NET, R | T-SQL, .NET, R, Python | T-SQL, .NET, R, Python | SQL | [1] Not including client driver support, which allows many programming languages to connect to and use the OLTP data store. ### Scalability capabilities + | | Azure SQL Database | SQL Server in an Azure virtual machine| Azure Database for MySQL | Azure Database for PostgreSQL| | --- | --- | --- | --- | --- | --- | | Maximum database instance size | [4 TB](/azure/sql-database/sql-database-resource-limits) | 256 TB | [1 TB](/azure/mysql/concepts-limits) | [1 TB](/azure/postgresql/concepts-limits) | @@ -61,6 +63,7 @@ The following tables summarize the key differences in capabilities. | Dynamic scalability (scale up) | Yes | No | Yes | Yes | ### Analytic workload capabilities + | | Azure SQL Database | SQL Server in an Azure virtual machine| Azure Database for MySQL | Azure Database for PostgreSQL| | --- | --- | --- | --- | --- | --- | | Temporal tables | Yes | Yes | No | No | @@ -69,6 +72,7 @@ The following tables summarize the key differences in capabilities. | Adaptive query processing | Yes | Yes | No | No | ### Availability capabilities + | | Azure SQL Database | SQL Server in an Azure virtual machine| Azure Database for MySQL | Azure Database for PostgreSQL| | --- | --- | --- | --- | --- | --- | | Readable secondaries | Yes | Yes | No | No | @@ -77,16 +81,17 @@ The following tables summarize the key differences in capabilities. | Point-in-time restore | Yes | Yes | Yes | Yes | ### Security capabilities -| | Azure SQL Database | SQL Server in an Azure virtual machine| Azure Database for MySQL | Azure Database for PostgreSQL| -| --- | --- | --- | --- | --- | --- | -| Row level security | Yes | Yes | Yes | Yes | -| Data masking | Yes | Yes | No | No | -| Transparent data encryption | Yes | Yes | Yes | Yes | -| Restrict access to specific IP addresses | Yes | Yes | Yes | Yes | -| Restrict access to allow VNET access only | Yes | Yes | No | No | -| Azure Active Directory authentication | Yes | Yes | No | No | -| Active Directory authentication | No | Yes | No | No | -| Multi-factor authentication | Yes | Yes | No | No | -| Supports [Always Encrypted](/sql/relational-databases/security/encryption/always-encrypted-database-engine) | Yes | Yes | Yes | No | No | -| Private IP | No | Yes | Yes | No | No | + +| | Azure SQL Database | SQL Server in an Azure virtual machine | Azure Database for MySQL | Azure Database for PostgreSQL | +|-------------------------------------------------------------------------------------------------------------|--------------------|----------------------------------------|--------------------------|-------------------------------| +| Row level security | Yes | Yes | Yes | Yes | +| Data masking | Yes | Yes | No | No | +| Transparent data encryption | Yes | Yes | Yes | Yes | +| Restrict access to specific IP addresses | Yes | Yes | Yes | Yes | +| Restrict access to allow VNET access only | Yes | Yes | No | No | +| Azure Active Directory authentication | Yes | Yes | No | No | +| Active Directory authentication | No | Yes | No | No | +| Multi-factor authentication | Yes | Yes | No | No | +| Supports [Always Encrypted](/sql/relational-databases/security/encryption/always-encrypted-database-engine) | Yes | Yes | Yes | No | +| Private IP | No | Yes | Yes | No | diff --git a/docs/data-guide/technology-choices/search-options.md b/docs/data-guide/technology-choices/search-options.md index 816de82a787..15b5d10faeb 100644 --- a/docs/data-guide/technology-choices/search-options.md +++ b/docs/data-guide/technology-choices/search-options.md @@ -38,6 +38,7 @@ For search scenarios, begin choosing the appropriate search data store for your The following tables summarize the key differences in capabilities. ### General capabilities + | | Azure Search | Elasticsearch | HDInsight with Solr | SQL Database | | --- | --- | --- | --- | --- | | Is managed service | Yes | No | Yes | Yes | @@ -46,12 +47,14 @@ The following tables summarize the key differences in capabilities. | Document indexers for common file types (PDF, DOCX, TXT, and so on) | Yes | No | Yes | No | ### Manageability capabilities + | | Azure Search | Elasticsearch | HDInsight with Solr | SQL Database | | --- | --- | --- | --- | --- | | Updateable schema | No | Yes | Yes | Yes | | Supports scale out | Yes | Yes | Yes | No | ### Analytic workload capabilities + | | Azure Search | Elasticsearch | HDInsight with Solr | SQL Databash | | --- | --- | --- | --- | --- | | Supports analytics beyond full text search | No | Yes | Yes | Yes | @@ -59,6 +62,7 @@ The following tables summarize the key differences in capabilities. | Supports semantic search | Yes (find similar documents only) | Yes | Yes | Yes | ### Security capabilities + | | Azure Search | Elasticsearch | HDInsight with Solr | SQL Databash | | --- | --- | --- | --- | --- | | Row-level security | Partial (requires application query to filter by group id) | Partial (requires application query to filter by group id) | Yes | Yes | diff --git a/docs/data-guide/technology-choices/stream-processing.md b/docs/data-guide/technology-choices/stream-processing.md index 42818a9524f..9181d8046f3 100644 --- a/docs/data-guide/technology-choices/stream-processing.md +++ b/docs/data-guide/technology-choices/stream-processing.md @@ -1,4 +1,3 @@ - --- title: Choosing a stream processing technology description: @@ -38,6 +37,7 @@ For real-time processing scenarios, begin choosing the appropriate service for y The following tables summarize the key differences in capabilities. ### General capabilities + | | Azure Stream Analytics | HDInsight with Spark Streaming | Apache Spark in Azure Databricks | HDInsight with Storm | Azure Functions | Azure App Service WebJobs | | --- | --- | --- | --- | --- | --- | --- | | Programmability | Stream analytics query language, JavaScript | Scala, Python, Java | Scala, Python, Java, R | Java, C# | C#, F#, Node.js | C#, Node.js, PHP, Java, Python | @@ -45,12 +45,14 @@ The following tables summarize the key differences in capabilities. | Pricing model | [Streaming units](https://azure.microsoft.com/pricing/details/stream-analytics/) | Per cluster hour | [Databricks units](https://azure.microsoft.com/pricing/details/databricks/) | Per cluster hour | Per function execution and resource consumption | Per app service plan hour | ### Integration capabilities + | | Azure Stream Analytics | HDInsight with Spark Streaming | Apache Spark in Azure Databricks | HDInsight with Storm | Azure Functions | Azure App Service WebJobs | | --- | --- | --- | --- | --- | --- | --- | | Inputs | [Stream Analytics inputs](/azure/stream-analytics/stream-analytics-define-inputs) | Event Hubs, IoT Hub, Kafka, HDFS, Storage Blobs, Azure Data Lake Store | Event Hubs, IoT Hub, Kafka, HDFS, Storage Blobs, Azure Data Lake Store | Event Hubs, IoT Hub, Storage Blobs, Azure Data Lake Store | [Supported bindings](/azure/azure-functions/functions-triggers-bindings#supported-bindings) | Service Bus, Storage Queues, Storage Blobs, Event Hubs, WebHooks, Cosmos DB, Files | | Sinks | [Stream Analytics outputs](/azure/stream-analytics/stream-analytics-define-outputs) | HDFS, Kafka, Storage Blobs, Azure Data Lake Store, Cosmos DB | HDFS, Kafka, Storage Blobs, Azure Data Lake Store, Cosmos DB | Event Hubs, Service Bus, Kafka | [Supported bindings](/azure/azure-functions/functions-triggers-bindings#supported-bindings) | Service Bus, Storage Queues, Storage Blobs, Event Hubs, WebHooks, Cosmos DB, Files | ### Processing capabilities + | | Azure Stream Analytics | HDInsight with Spark Streaming | Apache Spark in Azure Databricks | HDInsight with Storm | Azure Functions | Azure App Service WebJobs | | --- | --- | --- | --- | --- | --- | --- | | Built-in temporal/windowing support | Yes | Yes | Yes | Yes | No | No | diff --git a/docs/docfx.json b/docs/docfx.json index 8d19d866483..82c295a4864 100644 --- a/docs/docfx.json +++ b/docs/docfx.json @@ -60,13 +60,14 @@ ] }, "fileMetadata": { - "tocRel":{ - "reference-architectures/**.md":"../toc.json" + "tocRel": { + "reference-architectures/**.md": "../toc.json" } }, "template": [ "docs.html" ], - "dest": "azure" + "dest": "azure", + "markdownEngineName": "markdig" } } diff --git a/docs/guide/architecture-styles/index.md b/docs/guide/architecture-styles/index.md index 126842f14d0..813aed18e2d 100644 --- a/docs/guide/architecture-styles/index.md +++ b/docs/guide/architecture-styles/index.md @@ -16,7 +16,7 @@ We have identified a set of architecture styles that are commonly found in cloud - A recommended deployment using relevant Azure services. -## A quick tour of the styles +## A quick tour of the styles This section gives a quick tour of the architecture styles that we've identified, along with some high-level considerations for their use. Read more details in the linked topics. @@ -24,6 +24,7 @@ This section gives a quick tour of the architecture styles that we've identified + **[N-tier][n-tier]** is a traditional architecture for enterprise applications. Dependencies are managed by dividing the application into *layers* that perform logical functions, such as presentation, business logic, and data access. A layer can only call into layers that sit below it. However, this horizontal layering can be a liability. It can be hard to introduce changes in one part of the application without touching the rest of the application. That makes frequent updates a challenge, limiting how quickly new features can be added. N-tier is a natural fit for migrating existing applications that already use a layered architecture. For that reason, N-tier is most often seen in infrastructure as a service (IaaS) solutions, or application that use a mix of IaaS and managed services. @@ -32,6 +33,7 @@ N-tier is a natural fit for migrating existing applications that already use a l + For a purely PaaS solution, consider a **[Web-Queue-Worker](./web-queue-worker.md)** architecture. In this style, the application has a web front end that handles HTTP requests and a back-end worker that performs CPU-intensive tasks or long-running operations. The front end communicates to the worker through an asynchronous message queue. Web-queue-worker is suitable for relatively simple domains with some resource-intensive tasks. Like N-tier, the architecture is easy to understand. The use of managed services simplifies deployment and operations. But with a complex domains, it can be hard to manage dependencies. The front end and the worker can easily become large, monolithic components that are hard to maintain and update. As with N-tier, this can reduce the frequency of updates and limit innovation. @@ -40,6 +42,7 @@ Web-queue-worker is suitable for relatively simple domains with some resource-in + If your application has a more complex domain, consider moving to a **[Microservices][microservices]** architecture. A microservices application is composed of many small, independent services. Each service implements a single business capability. Services are loosely coupled, communicating through API contracts. Each service can be built by a small, focused development team. Individual services can be deployed without a lot of coordination between teams, which encourages frequent updates. A microservice architecture is more complex to build and manage than either N-tier or web-queue-worker. It requires a mature development and DevOps culture. But done right, this style can lead to higher release velocity, faster innovation, and a more resilient architecture. @@ -48,6 +51,7 @@ Each service can be built by a small, focused development team. Individual servi + The **[CQRS](./cqrs.md)** (Command and Query Responsibility Segregation) style separates read and write operations into separate models. This isolates the parts of the system that update data from the parts that read the data. Moreover, reads can be executed against a materialized view that is physically separate from the write database. That lets you scale the read and write workloads independently, and optimize the materialized view for queries. CQRS makes the most sense when it's applied to a subsystem of a larger architecture. Generally, you shouldn't impose it across the entire application, as that will just create unneeded complexity. Consider it for collaborative domains where many users access the same data. @@ -56,11 +60,13 @@ CQRS makes the most sense when it's applied to a subsystem of a larger architect + **[Event-Driven Architectures](./event-driven.md)** use a publish-subscribe (pub-sub) model, where producers publish events, and consumers subscribe to them. The producers are independent from the consumers, and consumers are independent from each other. Consider an event-driven architecture for applications that ingest and process a large volume of data with very low latency, such as IoT solutions. The style is also useful when different subsystems must perform different types of processing on the same event data.
+ ### Big Data, Big Compute **[Big Data](./big-data.md)** and **[Big Compute](./big-compute.md)** are specialized architecture styles for workloads that fit certain specific profiles. Big data divides a very large dataset into chunks, performing paralleling processing across the entire set, for analysis and reporting. Big compute, also called high-performance computing (HPC), makes parallel computations across a large number (thousands) of cores. Domains include simulations, modeling, and 3-D rendering. @@ -82,11 +88,11 @@ Before choosing an architecture style, make sure that you understand the underly The following table summarizes how each style manages dependencies, and the types of domain that are best suited for each. -| Architecture style | Dependency management | Domain type | +| Architecture style | Dependency management | Domain type | |--------------------|------------------------|-------------| | N-tier | Horizontal tiers divided by subnet | Traditional business domain. Frequency of updates is low. | | Web-Queue-Worker | Front and backend jobs, decoupled by async messaging. | Relatively simple domain with some resource intensive tasks. | -| Microservices | Vertically (functionally) decomposed services that call each other through APIs. | Complicated domain. Frequent updates. | +| Microservices | Vertically (functionally) decomposed services that call each other through APIs. | Complicated domain. Frequent updates. | | CQRS | Read/write segregation. Schema and scale are optimized separately. | Collaborative domain where lots of users access the same data. | | Event-driven architecture. | Producer/consumer. Independent view per sub-system. | IoT and real-time systems | | Big data | Divide a huge dataset into small chunks. Parallel processing on local datasets. | Batch and real-time data analysis. Predictive analysis using ML. | diff --git a/docs/guide/design-principles/minimize-coordination.md b/docs/guide/design-principles/minimize-coordination.md index e4360d0bce8..f440130c829 100644 --- a/docs/guide/design-principles/minimize-coordination.md +++ b/docs/guide/design-principles/minimize-coordination.md @@ -42,7 +42,7 @@ These two patterns complement each other. If the write-only store in CQRS uses e **Design idempotent operations**. When possible, design operations to be idempotent. That way, they can be handled using at-least-once semantics. For example, you can put work items on a queue. If a worker crashes in the middle of an operation, another worker simply picks up the work item. -**Use asynchronous parallel processing**. If an operation requires multiple steps that are performed asynchronously (such as remote service calls), you might be able to call them in parallel, and then aggregate the results. This approach assumes that each step does not depend on the results of the previous step. +**Use asynchronous parallel processing**. If an operation requires multiple steps that are performed asynchronously (such as remote service calls), you might be able to call them in parallel, and then aggregate the results. This approach assumes that each step does not depend on the results of the previous step. **Use optimistic concurrency when possible**. Pessimistic concurrency control uses database locks to prevent conflicts. This can cause poor performance and reduce availability. With optimistic concurrency control, each transaction modifies a copy or snapshot of the data. When the transaction is committed, the database engine validates the transaction and rejects any transactions that would affect database consistency. diff --git a/docs/guide/index.md b/docs/guide/index.md index b8a85517b7c..0bb1b1daa8c 100644 --- a/docs/guide/index.md +++ b/docs/guide/index.md @@ -8,6 +8,7 @@ This guide presents a structured approach for designing applications on Azure th + ## Introduction The cloud is changing the way applications are designed. Instead of monoliths, applications are decomposed into smaller, decentralized services. These services communicate through APIs or by using asynchronous messaging or eventing. Applications scale horizontally, adding new instances as demand requires. diff --git a/docs/guide/pillars.md b/docs/guide/pillars.md index 4259b3d733e..c2188011e56 100644 --- a/docs/guide/pillars.md +++ b/docs/guide/pillars.md @@ -181,6 +181,7 @@ Use Key Vault to safeguard cryptographic keys and secrets. By using Key Vault, y + [availability-patterns]: ../patterns/category/availability.md [management-patterns]: ../patterns/category/management-monitoring.md [resiliency-patterns]: ../patterns/category/resiliency.md @@ -188,6 +189,7 @@ Use Key Vault to safeguard cryptographic keys and secrets. By using Key Vault, y + [autoscale]: ../best-practices/auto-scaling.md [background-jobs]: ../best-practices/background-jobs.md [caching]: ../best-practices/caching.md @@ -199,6 +201,7 @@ Use Key Vault to safeguard cryptographic keys and secrets. By using Key Vault, y + [availability-checklist]: ../checklist/availability.md [devops-checklist]: ../checklist/dev-ops.md [resiliency-checklist]: ../checklist/resiliency.md diff --git a/docs/guide/technology-choices/compute-comparison.md b/docs/guide/technology-choices/compute-comparison.md index ef71b2a0b27..733857771ed 100644 --- a/docs/guide/technology-choices/compute-comparison.md +++ b/docs/guide/technology-choices/compute-comparison.md @@ -65,7 +65,7 @@ Notes | Criteria | Virtual Machines | App Service | Service Fabric | Azure Functions | Azure Container Service | Cloud Services | Azure Batch | |----------|-----------------|-------------|----------------|-----------------|-------------------------|----------------|-------------| | SLA | [SLA for Virtual Machines][sla-vm] | [SLA for App Service][sla-app-service] | [SLA for Service Fabric][sla-sf] | [SLA for Functions][sla-functions] | [SLA for Azure Container Service][sla-acs] | [SLA for Cloud Services][sla-cloud-service] | [SLA for Azure Batch][sla-batch] | -| Multi region failover | Traffic manager | Traffic manager | Traffic manager, Multi-Region Cluster | Not supported | Traffic manager | Traffic manager | Not Supported | +| Multi region failover | Traffic manager | Traffic manager | Traffic manager, Multi-Region Cluster | Not supported | Traffic manager | Traffic manager | Not Supported | ## Security diff --git a/docs/guide/technology-choices/data-store-comparison.md b/docs/guide/technology-choices/data-store-comparison.md index 8f1a34998e1..30521df11c0 100644 --- a/docs/guide/technology-choices/data-store-comparison.md +++ b/docs/guide/technology-choices/data-store-comparison.md @@ -57,7 +57,7 @@ The following sections compare various data store models in terms of workload pr ## Relational database management systems (RDBMS) - + - + - +
**Workload**
Workload
  • Both the creation of new records and updates to existing data happen regularly.
    • @@ -70,7 +70,7 @@ The following sections compare various data store models in terms of workload pr
**Data type**
Data type
  • Data is highly normalized.
    • @@ -83,7 +83,7 @@ The following sections compare various data store models in terms of workload pr
**Examples**
Examples
  • Line of business (human capital management, customer relationship management, enterprise resource planning)
    • @@ -101,7 +101,7 @@ The following sections compare various data store models in terms of workload pr ## Document databases - + - + - +
    **Workload**
    Workload
    • General purpose.
      • @@ -113,7 +113,7 @@ The following sections compare various data store models in terms of workload pr
    • Individual documents are retrieved and written as a single block.
    **Data type**
    Data type
    • Data can be managed in de-normalized way.
      • @@ -125,7 +125,7 @@ The following sections compare various data store models in terms of workload pr
    **Examples**
    Examples
    • Product catalog
      • @@ -145,7 +145,7 @@ The following sections compare various data store models in terms of workload pr ## Key/value stores - + - + - +
      **Workload**
      Workload
      • Data is identified and accessed using a single ID key, like a dictionary.
        • @@ -156,7 +156,7 @@ The following sections compare various data store models in terms of workload pr
      **Data type**
      Data type
      • Data size tends to be large.
        • @@ -166,7 +166,7 @@ The following sections compare various data store models in terms of workload pr
      **Examples**
      Examples
      • Data caching
        • @@ -182,7 +182,7 @@ The following sections compare various data store models in terms of workload pr ## Graph databases - + - + - +
        **Workload**
        Workload
        • The relationships between data items are very complex, involving many hops between related data items.
          • @@ -191,7 +191,7 @@ The following sections compare various data store models in terms of workload pr
        **Data type**
        Data type
        • Data is comprised of nodes and relationships.
          • @@ -201,7 +201,7 @@ The following sections compare various data store models in terms of workload pr
        **Examples**
        Examples
        • Organization charts
          • @@ -217,7 +217,7 @@ The following sections compare various data store models in terms of workload pr ## Column-family databases - + - + - +
          **Workload**
          Workload
          • Most column-family databases perform write operations extremely quickly.
            • @@ -228,7 +228,7 @@ The following sections compare various data store models in terms of workload pr
          **Data type**
          Data type
          • Data is stored in tables consisting of a key column and one or more column families.
            • @@ -238,7 +238,7 @@ The following sections compare various data store models in terms of workload pr
          **Examples**
          Examples
          • Recommendations
            • @@ -258,7 +258,7 @@ The following sections compare various data store models in terms of workload pr ## Search engine databases - + - + - +
            **Workload**
            Workload
            • Indexing data from multiple sources and services.
              • @@ -270,7 +270,7 @@ The following sections compare various data store models in terms of workload pr
            **Data type**
            Data type
            • Semi-structured or unstructured
              • @@ -279,7 +279,7 @@ The following sections compare various data store models in terms of workload pr
            **Examples**
            Examples
            • Product catalogs
              • @@ -295,25 +295,25 @@ The following sections compare various data store models in terms of workload pr ## Data warehouse - + - + - + @@ -323,7 +323,7 @@ The following sections compare various data store models in terms of workload pr ## Time series databases
              **Workload**
              Workload
              • Data analytics
                • -
              • Enterprise BI
                • +
              • Enterprise BI
              **Data type**
              Data type
              • Historical data from multiple sources.
                • -
              • Usually denormalized in a "star" or "snowflake" schema, consisting of fact and dimension tables.
                • +
              • Usually denormalized in a "star" or "snowflake" schema, consisting of fact and dimension tables.
              • Usually loaded with new data on a scheduled basis.
                • -
              • Dimension tables often include multiple historic versions of an entity, referred to as a *slowly changing dimension*.
                • +
              • Dimension tables often include multiple historic versions of an entity, referred to as a slowly changing dimension.
              **Examples**
              Examples An enterprise data warehouse that provides data for analytical models, reports, and dashboards.
              - + - + - +
              **Workload**
              Workload
              • An overwhelmingly proportion of operations (95-99%) are writes.
                • @@ -331,12 +331,12 @@ The following sections compare various data store models in terms of workload pr
              • Updates are rare.
              • Deletes occur in bulk, and are made to contiguous blocks or records.
              • Read requests can be larger than available memory.
                • -
              • It's common for multiple reads to occur simultaneously.
                • +
              • It's common for multiple reads to occur simultaneously.
              • Data is read sequentially in either ascending or descending time order.
              **Data type**
              Data type
              • A time stamp that is used as the primary key and sorting mechanism.
                • @@ -345,7 +345,7 @@ The following sections compare various data store models in terms of workload pr
              **Examples**
              Examples
              • Monitoring and event telemetry.
                • @@ -358,7 +358,7 @@ The following sections compare various data store models in terms of workload pr ## Object storage - + - + - +
                **Workload**
                Workload
                • Identified by key.
                  • @@ -368,7 +368,7 @@ The following sections compare various data store models in terms of workload pr
                **Data type**
                Data type
                • Data size is large.
                  • @@ -377,7 +377,7 @@ The following sections compare various data store models in terms of workload pr
                **Examples**
                Examples
                • Images, videos, office documents, PDFs
                  • @@ -393,7 +393,7 @@ The following sections compare various data store models in terms of workload pr ## Shared files - + - + - +
                  **Workload**
                  Workload
                  • Migration from existing apps that interact with the file system.
                    • @@ -401,7 +401,7 @@ The following sections compare various data store models in terms of workload pr
                  **Data type**
                  Data type
                  • Files in a hierarchical set of folders.
                    • @@ -409,7 +409,7 @@ The following sections compare various data store models in terms of workload pr
                  **Examples**
                  Examples
                  • Legacy files
                    • @@ -418,3 +418,4 @@ The following sections compare various data store models in terms of workload pr
                  + diff --git a/docs/guide/technology-choices/data-store-overview.md b/docs/guide/technology-choices/data-store-overview.md index 61ef8244e97..e4d1ef8a59b 100644 --- a/docs/guide/technology-choices/data-store-overview.md +++ b/docs/guide/technology-choices/data-store-overview.md @@ -110,7 +110,7 @@ The key characteristics of a search engine database are the ability to store and Searching can be exact or fuzzy. A fuzzy search finds documents that match a set of terms and calculates how closely they match. Some search engines also support linguistic analysis that can return matches based on synonyms, genre expansions (for example, matching `dogs` to `pets`), and stemming (matching words with the same root). -Relevant Azure service: [Azure Search][search] +Relevant Azure service: [Azure Search][search] ## Time Series Databases @@ -118,13 +118,13 @@ Time series data is a set of values organized by time, and a time series databas Time series databases are good for storing telemetry data. Scenarios include IoT sensors or application/system counters. -Relevant Azure service: [Time Series Insights][time-series] +Relevant Azure service: [Time Series Insights][time-series] ## Object storage Object storage is optimized for storing and retrieving large binary objects (images, files, video and audio streams, large application data objects and documents, virtual machine disk images). Objects in these store types are composed of the stored data, some metadata, and a unique ID for accessing the object. Object stores enables the management of extremely large amounts of unstructured data. -Relevant Azure service: [Blob Storage][blob] +Relevant Azure service: [Blob Storage][blob] ## Shared files diff --git a/docs/index.md b/docs/index.md index c1b241aa4ad..1bcbea70725 100644 --- a/docs/index.md +++ b/docs/index.md @@ -8,6 +8,7 @@ ms.topic: landing-page # Azure Architecture Center +
                  • @@ -63,6 +64,7 @@ ms.topic: landing-page
                  +
                  • @@ -346,3 +348,4 @@ ms.topic: landing-page
                  + diff --git a/docs/microservices/index.md b/docs/microservices/index.md index 5fcaa0675c6..fdd1c20098e 100644 --- a/docs/microservices/index.md +++ b/docs/microservices/index.md @@ -73,7 +73,7 @@ These benefits don't come for free. This series of articles is designed to addre To explore these issues, and to illustrate some of the best practices for a microservices architecture, we created a reference implementation that we call the Drone Delivery application. You can find the reference implementation on [GitHub][drone-ri]. -​Fabrikam, Inc. is starting a drone delivery service. The company manages a fleet of drone aircraft. Businesses register with the service, and users can request a drone to pick up goods for delivery. When a customer schedules a pickup, a backend system assigns a drone and notifies the user with an estimated delivery time. While the delivery is in progress, the customer can track the location of the drone, with a continuously updated ETA. + Fabrikam, Inc. is starting a drone delivery service. The company manages a fleet of drone aircraft. Businesses register with the service, and users can request a drone to pick up goods for delivery. When a customer schedules a pickup, a backend system assigns a drone and notifies the user with an estimated delivery time. While the delivery is in progress, the customer can track the location of the drone, with a continuously updated ETA. This scenario involves a fairly complicated domain. Some of the business concerns include scheduling drones, tracking packages, managing user accounts, and storing and analyzing historical data. Moreover, Fabrikam wants to get to market quickly and then iterate quickly, adding new functionality and capabilities. The application needs to operate at cloud scale, with a high service level objective (SLO). Fabrikam also expects that different parts of the system will have very different requirements for data storage and querying. All of these considerations lead Fabrikam to choose a microservices architecture for the Drone Delivery application. diff --git a/docs/multitenant-identity/adfs.md b/docs/multitenant-identity/adfs.md index af486ced8b5..9d0d6619555 100644 --- a/docs/multitenant-identity/adfs.md +++ b/docs/multitenant-identity/adfs.md @@ -175,6 +175,7 @@ The customer must do the following: + [Azure AD Connect]: /azure/active-directory/active-directory-aadconnect/ [federation trust]: https://technet.microsoft.com/library/cc770993(v=ws.11).aspx [account partner]: https://technet.microsoft.com/library/cc731141(v=ws.11).aspx diff --git a/docs/multitenant-identity/app-roles.md b/docs/multitenant-identity/app-roles.md index acc484b84e7..e8198ca6c3a 100644 --- a/docs/multitenant-identity/app-roles.md +++ b/docs/multitenant-identity/app-roles.md @@ -159,6 +159,7 @@ Drawbacks: [**Next**][authorization] + [Tailspin]: tailspin.md [authorization]: authorize.md diff --git a/docs/multitenant-identity/authorize.md b/docs/multitenant-identity/authorize.md index 563226a275b..02afc89290b 100644 --- a/docs/multitenant-identity/authorize.md +++ b/docs/multitenant-identity/authorize.md @@ -98,7 +98,6 @@ In earlier versions of ASP.NET, you would set the **Roles** property on the attr ```csharp // old way [Authorize(Roles = "SurveyCreator")] - ``` This is still supported in ASP.NET Core, but it has some drawbacks compared with authorization policies: @@ -244,6 +243,7 @@ static readonly Dictionary + [Tailspin]: tailspin.md [Application roles]: app-roles.md diff --git a/docs/multitenant-identity/client-assertion.md b/docs/multitenant-identity/client-assertion.md index f2180debe0a..80a227b2d34 100644 --- a/docs/multitenant-identity/client-assertion.md +++ b/docs/multitenant-identity/client-assertion.md @@ -97,6 +97,7 @@ For information about setting up client assertion in the Surveys application, se [**Next**][key vault] + [configure-web-app]: /azure/app-service-web/web-sites-configure/ [azure-management-portal]: https://portal.azure.com [client assertion]: https://tools.ietf.org/html/rfc7521 diff --git a/docs/multitenant-identity/index.md b/docs/multitenant-identity/index.md index 4abe6fa3a43..fd8ee605115 100644 --- a/docs/multitenant-identity/index.md +++ b/docs/multitenant-identity/index.md @@ -90,6 +90,7 @@ This guidance does not consider other aspects of multitenancy such as data parti + [ADConnect]: /azure/active-directory/active-directory-aadconnect [AzureAD]: /azure/active-directory diff --git a/docs/multitenant-identity/key-vault.md b/docs/multitenant-identity/key-vault.md index 4d6f056aa75..89f3373def6 100644 --- a/docs/multitenant-identity/key-vault.md +++ b/docs/multitenant-identity/key-vault.md @@ -100,9 +100,9 @@ Now assign this user as the subscription owner. 3. Select **Azure Active Directory** > **App Registrations** > Surveys -4. Click **Manifest** and then **Edit**. +4. Click **Manifest** and then **Edit**. -5. Paste the output from the script into the `keyCredentials` property. It should look similar to the following: +5. Paste the output from the script into the `keyCredentials` property. It should look similar to the following: ```json "keyCredentials": [ @@ -281,6 +281,7 @@ Replace the entries in [square brackets] and save the secrets.json file. [**Next**][adfs] + [adfs]: ./adfs.md [authorize-app]: /azure/key-vault/key-vault-get-started//#authorize [azure-portal]: https://portal.azure.com diff --git a/docs/multitenant-identity/run-the-app.md b/docs/multitenant-identity/run-the-app.md index b7fe3b32a18..0165c5f306f 100644 --- a/docs/multitenant-identity/run-the-app.md +++ b/docs/multitenant-identity/run-the-app.md @@ -19,8 +19,8 @@ Here is a summary of the steps: 6. Add application roles to users. ## Prerequisites -- [Visual Studio 2017][VS2017] -- [Microsoft Azure](https://azure.microsoft.com) account +- [Visual Studio 2017][VS2017] +- [Microsoft Azure](https://azure.microsoft.com) account ## Create the Tailspin tenant @@ -48,15 +48,15 @@ To complete the end-to-end scenario, you'll need a second Azure AD directory to 3. Click **App registrations** > **New application registration**. -4. In the **Create** blade, enter the following information: +4. In the **Create** blade, enter the following information: - - **Name**: `Surveys.WebAPI` + - **Name**: `Surveys.WebAPI` - - **Application type**: `Web app / API` + - **Application type**: `Web app / API` - - **Sign-on URL**: `https://localhost:44301/` + - **Sign-on URL**: `https://localhost:44301/` - ![](./images/running-the-app/register-web-api.png) + ![](./images/running-the-app/register-web-api.png) 5. Click **Create**. @@ -70,19 +70,19 @@ To complete the end-to-end scenario, you'll need a second Azure AD directory to 9. Set **Multi-tenanted** to **YES**. -10. Click **Save**. +10. Click **Save**. ## Register the Surveys web app -1. Navigate back to the **App registrations** blade, and click **New application registration**. +1. Navigate back to the **App registrations** blade, and click **New application registration**. -2. In the **Create** blade, enter the following information: +2. In the **Create** blade, enter the following information: - - **Name**: `Surveys` - - **Application type**: `Web app / API` - - **Sign-on URL**: `https://localhost:44300/` + - **Name**: `Surveys` + - **Application type**: `Web app / API` + - **Sign-on URL**: `https://localhost:44300/` - Notice that the sign-on URL has a different port number from the `Surveys.WebAPI` app in the previous step. + Notice that the sign-on URL has a different port number from the `Surveys.WebAPI` app in the previous step. 3. Click **Create**. @@ -114,28 +114,28 @@ To complete the end-to-end scenario, you'll need a second Azure AD directory to 15. In the **Select Duration** dropdown, select **1 year**. -16. Click **Save**. The key will be generated when you save. +16. Click **Save**. The key will be generated when you save. -17. Before you navigate away from this blade, copy the value of the key. +17. Before you navigate away from this blade, copy the value of the key. > [!NOTE] > The key won't be visible again after you navigate away from the blade. -18. Under **API ACCESS**, click **Required permissions**. +18. Under **API ACCESS**, click **Required permissions**. -19. Click **Add** > **Select an API**. +19. Click **Add** > **Select an API**. -20. In the search box, search for `Surveys.WebAPI`. +20. In the search box, search for `Surveys.WebAPI`. ![Permssions](./images/running-the-app/permissions.png) -21. Select `Surveys.WebAPI` and click **Select**. +21. Select `Surveys.WebAPI` and click **Select**. -22. Under **Delegated Permissions**, check **Access Surveys.WebAPI**. +22. Under **Delegated Permissions**, check **Access Surveys.WebAPI**. ![Setting delegated permissions](./images/running-the-app/delegated-permissions.png) -23. Click **Select** > **Done**. +23. Click **Select** > **Done**. ## Update the application manifests @@ -146,36 +146,36 @@ To complete the end-to-end scenario, you'll need a second Azure AD directory to ![](./images/running-the-app/manifest.png) -3. Add the following JSON to the `appRoles` element. Generate new GUIDs for the `id` properties. - - ```json - { - "allowedMemberTypes": ["User"], - "description": "Creators can create surveys", - "displayName": "SurveyCreator", - "id": "", - "isEnabled": true, - "value": "SurveyCreator" - }, - { - "allowedMemberTypes": ["User"], - "description": "Administrators can manage the surveys in their tenant", - "displayName": "SurveyAdmin", - "id": "", - "isEnabled": true, - "value": "SurveyAdmin" - } - ``` - -5. In the `knownClientApplications` property, add the application ID for the Surveys web application, which you got when you registered the Surveys application earlier. For example: - - ```json - "knownClientApplications": ["be2cea23-aa0e-4e98-8b21-2963d494912e"], - ``` - - This setting adds the Surveys app to the list of clients authorized to call the web API. - -6. Click **Save**. +3. Add the following JSON to the `appRoles` element. Generate new GUIDs for the `id` properties. + + ```json + { + "allowedMemberTypes": ["User"], + "description": "Creators can create surveys", + "displayName": "SurveyCreator", + "id": "", + "isEnabled": true, + "value": "SurveyCreator" + }, + { + "allowedMemberTypes": ["User"], + "description": "Administrators can manage the surveys in their tenant", + "displayName": "SurveyAdmin", + "id": "", + "isEnabled": true, + "value": "SurveyAdmin" + } + ``` + +4. In the `knownClientApplications` property, add the application ID for the Surveys web application, which you got when you registered the Surveys application earlier. For example: + + ```json + "knownClientApplications": ["be2cea23-aa0e-4e98-8b21-2963d494912e"], + ``` + + This setting adds the Surveys app to the list of clients authorized to call the web API. + +5. Click **Save**. Now repeat the same steps for the Surveys app, except do not add an entry for `knownClientApplications`. Use the same role definitions, but generate new GUIDs for the IDs. @@ -183,9 +183,9 @@ Now repeat the same steps for the Surveys app, except do not add an entry for `k The Surveys application uses Redis to cache OAuth 2 access tokens. To create the cache: -1. Go to [Azure Portal](https://portal.azure.com) and click **New** > **Databases** > **Redis Cache**. +1. Go to [Azure Portal](https://portal.azure.com) and click **New** > **Databases** > **Redis Cache**. -2. Fill in the required information, including DNS name, resource group, location, and pricing tier. You can create a new resource group or use an existing resource group. +2. Fill in the required information, including DNS name, resource group, location, and pricing tier. You can create a new resource group or use an existing resource group. 3. Click **Create**. @@ -197,11 +197,11 @@ For more information about creating a Redis cache, see [How to Use Azure Redis C ## Set application secrets -1. Open the Tailspin.Surveys solution in Visual Studio. +1. Open the Tailspin.Surveys solution in Visual Studio. -2. In Solution Explorer, right-click the Tailspin.Surveys.Web project and select **Manage User Secrets**. +2. In Solution Explorer, right-click the Tailspin.Surveys.Web project and select **Manage User Secrets**. -3. In the secrets.json file, paste in the following: +3. In the secrets.json file, paste in the following: ```json { @@ -224,9 +224,9 @@ For more information about creating a Redis cache, see [How to Use Azure Redis C - `AzureAd:WebApiResourceId`: The App ID URI that you specified when you created the Surveys.WebAPI application in Azure AD. It should have the form `https://.onmicrosoft.com/surveys.webapi` - `Redis:Configuration`: Build this string from the DNS name of the Redis cache and the primary access key. For example, "tailspin.redis.cache.windows.net,password=2h5tBxxx,ssl=true". -4. Save the updated secrets.json file. +4. Save the updated secrets.json file. -5. Repeat these steps for the Tailspin.Surveys.WebAPI project, but paste the following into secrets.json. Replace the items in angle brackets, as before. +5. Repeat these steps for the Tailspin.Surveys.WebAPI project, but paste the following into secrets.json. Replace the items in angle brackets, as before. ```json { @@ -243,11 +243,11 @@ For more information about creating a Redis cache, see [How to Use Azure Redis C In this step, you will use Entity Framework 7 to create a local SQL database, using LocalDB. -1. Open a command window +1. Open a command window -2. Navigate to the Tailspin.Surveys.Data project. +2. Navigate to the Tailspin.Surveys.Data project. -3. Run the following command: +3. Run the following command: ``` dotnet ef database update --startup-project ..\Tailspin.Surveys.Web @@ -259,9 +259,9 @@ To run the application, start both the Tailspin.Surveys.Web and Tailspin.Surveys You can set Visual Studio to run both projects automatically on F5, as follows: -1. In Solution Explorer, right-click the solution and click **Set Startup Projects**. -2. Select **Multiple startup projects**. -3. Set **Action** = **Start** for the Tailspin.Surveys.Web and Tailspin.Surveys.WebAPI projects. +1. In Solution Explorer, right-click the solution and click **Set Startup Projects**. +2. Select **Multiple startup projects**. +3. Set **Action** = **Start** for the Tailspin.Surveys.Web and Tailspin.Surveys.WebAPI projects. ## Sign up a new tenant @@ -290,23 +290,23 @@ When a tenant signs up, an AD admin for the tenant must assign application roles 3. Click **Enterprise applications** > **All applications**. The portal will list `Survey` and `Survey.WebAPI`. If not, make sure that you completed the sign up process. -4. Click on the Surveys application. +4. Click on the Surveys application. -5. Click **Users and Groups**. +5. Click **Users and Groups**. -4. Click **Add user**. +4. Click **Add user**. -5. If you have Azure AD Premium, click **Users and groups**. Otherwise, click **Users**. (Assigning a role to a group requires Azure AD Premium.) +5. If you have Azure AD Premium, click **Users and groups**. Otherwise, click **Users**. (Assigning a role to a group requires Azure AD Premium.) 6. Select one or more users and click **Select**. ![Select user or group](./images/running-the-app/select-user-or-group.png) -6. Select the role and click **Select**. +6. Select the role and click **Select**. ![Select user or group](./images/running-the-app/select-role.png) -7. Click **Assign**. +7. Click **Assign**. Repeat the same steps to assign roles for the Survey.WebAPI application. diff --git a/docs/multitenant-identity/signup.md b/docs/multitenant-identity/signup.md index fd1e3f1ba8a..01532dc0bc1 100644 --- a/docs/multitenant-identity/signup.md +++ b/docs/multitenant-identity/signup.md @@ -251,6 +251,7 @@ Here is a summary of the entire sign-up flow in the Surveys application: [**Next**][app roles] + [app roles]: app-roles.md [Tailspin]: tailspin.md diff --git a/docs/multitenant-identity/token-cache.md b/docs/multitenant-identity/token-cache.md index bc1eb0b4493..29df29474e2 100644 --- a/docs/multitenant-identity/token-cache.md +++ b/docs/multitenant-identity/token-cache.md @@ -134,6 +134,7 @@ In our case, we decided not to handle these two events. [**Next**][client-assertion] + [ADAL]: https://msdn.microsoft.com/library/azure/jj573266.aspx [client-assertion]: ./client-assertion.md [data-protection]: /aspnet/core/security/data-protection/ diff --git a/docs/multitenant-identity/web-api.md b/docs/multitenant-identity/web-api.md index b045d3d44cb..9dbc313a67a 100644 --- a/docs/multitenant-identity/web-api.md +++ b/docs/multitenant-identity/web-api.md @@ -262,6 +262,7 @@ public void ConfigureServices(IServiceCollection services) [**Next**][token cache] + [ADAL]: https://msdn.microsoft.com/library/azure/jj573266.aspx [JwtBearer]: https://www.nuget.org/packages/Microsoft.AspNet.Authentication.JwtBearer diff --git a/docs/patterns/category/availability.md b/docs/patterns/category/availability.md index 5ff18674de4..32d7250e6a3 100644 --- a/docs/patterns/category/availability.md +++ b/docs/patterns/category/availability.md @@ -14,8 +14,10 @@ pnp.series.title: Cloud Design Patterns Availability defines the proportion of time that the system is functional and working. It will be affected by system errors, infrastructure problems, malicious attacks, and system load. It is usually measured as a percentage of uptime. Cloud applications typically provide users with a service level agreement (SLA), which means that applications must be designed and implemented in a way that maximizes availability. -| Pattern | Summary | -| ------- | ------- | + +| Pattern | Summary | +|----------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------| | [Health Endpoint Monitoring](../health-endpoint-monitoring.md) | Implement functional checks in an application that external tools can access through exposed endpoints at regular intervals. | -| [Queue-Based Load Leveling](../queue-based-load-leveling.md) | Use a queue that acts as a buffer between a task and a service that it invokes in order to smooth intermittent heavy loads. | -| [Throttling](../throttling.md) | Control the consumption of resources used by an instance of an application, an individual tenant, or an entire service. | \ No newline at end of file +| [Queue-Based Load Leveling](../queue-based-load-leveling.md) | Use a queue that acts as a buffer between a task and a service that it invokes in order to smooth intermittent heavy loads. | +| [Throttling](../throttling.md) | Control the consumption of resources used by an instance of an application, an individual tenant, or an entire service. | + diff --git a/docs/patterns/category/data-management.md b/docs/patterns/category/data-management.md index 87a3ed9ae0f..9a30f908e5d 100644 --- a/docs/patterns/category/data-management.md +++ b/docs/patterns/category/data-management.md @@ -14,13 +14,15 @@ pnp.series.title: Cloud Design Patterns Data management is the key element of cloud applications, and influences most of the quality attributes. Data is typically hosted in different locations and across multiple servers for reasons such as performance, scalability or availability, and this can present a range of challenges. For example, data consistency must be maintained, and data will typically need to be synchronized across different locations. -| Pattern | Summary | -| ------- | ------- | -| [Cache-Aside](../cache-aside.md) | Load data on demand into a cache from a data store | -| [CQRS](../cqrs.md) | Segregate operations that read data from operations that update data by using separate interfaces. | -| [Event Sourcing](../event-sourcing.md) | Use an append-only store to record the full series of events that describe actions taken on data in a domain. | -| [Index Table](../index-table.md) | Create indexes over the fields in data stores that are frequently referenced by queries. | -| [Materialized View](../materialized-view.md) | Generate prepopulated views over the data in one or more data stores when the data isn't ideally formatted for required query operations. | -| [Sharding](../sharding.md) | Divide a data store into a set of horizontal partitions or shards. | -| [Static Content Hosting](../static-content-hosting.md) | Deploy static content to a cloud-based storage service that can deliver them directly to the client. | -| [Valet Key](../valet-key.md) | Use a token or key that provides clients with restricted direct access to a specific resource or service. | \ No newline at end of file + +| Pattern | Summary | +|--------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------| +| [Cache-Aside](../cache-aside.md) | Load data on demand into a cache from a data store | +| [CQRS](../cqrs.md) | Segregate operations that read data from operations that update data by using separate interfaces. | +| [Event Sourcing](../event-sourcing.md) | Use an append-only store to record the full series of events that describe actions taken on data in a domain. | +| [Index Table](../index-table.md) | Create indexes over the fields in data stores that are frequently referenced by queries. | +| [Materialized View](../materialized-view.md) | Generate prepopulated views over the data in one or more data stores when the data isn't ideally formatted for required query operations. | +| [Sharding](../sharding.md) | Divide a data store into a set of horizontal partitions or shards. | +| [Static Content Hosting](../static-content-hosting.md) | Deploy static content to a cloud-based storage service that can deliver them directly to the client. | +| [Valet Key](../valet-key.md) | Use a token or key that provides clients with restricted direct access to a specific resource or service. | + diff --git a/docs/patterns/category/design-implementation.md b/docs/patterns/category/design-implementation.md index e7d58710681..68dd46aaeca 100644 --- a/docs/patterns/category/design-implementation.md +++ b/docs/patterns/category/design-implementation.md @@ -12,19 +12,21 @@ pnp.series.title: Cloud Design Patterns Good design encompasses factors such as consistency and coherence in component design and deployment, maintainability to simplify administration and development, and reusability to allow components and subsystems to be used in other applications and in other scenarios. Decisions made during the design and implementation phase have a huge impact on the quality and the total cost of ownership of cloud hosted applications and services. -| Pattern | Summary | -| ------- | ------- | -| [Ambassador](../ambassador.md) | Create helper services that send network requests on behalf of a consumer service or application. | -| [Anti-Corruption Layer](../anti-corruption-layer.md) | Implement a façade or adapter layer between a modern application and a legacy system. | -| [Backends for Frontends](../backends-for-frontends.md) | Create separate backend services to be consumed by specific frontend applications or interfaces. | -| [CQRS](../cqrs.md) | Segregate operations that read data from operations that update data by using separate interfaces. | -| [Compute Resource Consolidation](../compute-resource-consolidation.md) | Consolidate multiple tasks or operations into a single computational unit | -| [External Configuration Store](../external-configuration-store.md) | Move configuration information out of the application deployment package to a centralized location. | -| [Gateway Aggregation](../gateway-aggregation.md) | Use a gateway to aggregate multiple individual requests into a single request. | -| [Gateway Offloading](../gateway-offloading.md) | Offload shared or specialized service functionality to a gateway proxy. | -| [Gateway Routing](../gateway-routing.md) | Route requests to multiple services using a single endpoint. | -| [Leader Election](../leader-election.md) | Coordinate the actions performed by a collection of collaborating task instances in a distributed application by electing one instance as the leader that assumes responsibility for managing the other instances. | -| [Pipes and Filters](../pipes-and-filters.md) | Break down a task that performs complex processing into a series of separate elements that can be reused. | -| [Sidecar](../sidecar.md) | Deploy components of an application into a separate process or container to provide isolation and encapsulation. | -| [Static Content Hosting](../static-content-hosting.md) | Deploy static content to a cloud-based storage service that can deliver them directly to the client. | -| [Strangler](../strangler.md) | Incrementally migrate a legacy system by gradually replacing specific pieces of functionality with new applications and services. | \ No newline at end of file + +| Pattern | Summary | +|------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| [Ambassador](../ambassador.md) | Create helper services that send network requests on behalf of a consumer service or application. | +| [Anti-Corruption Layer](../anti-corruption-layer.md) | Implement a façade or adapter layer between a modern application and a legacy system. | +| [Backends for Frontends](../backends-for-frontends.md) | Create separate backend services to be consumed by specific frontend applications or interfaces. | +| [CQRS](../cqrs.md) | Segregate operations that read data from operations that update data by using separate interfaces. | +| [Compute Resource Consolidation](../compute-resource-consolidation.md) | Consolidate multiple tasks or operations into a single computational unit | +| [External Configuration Store](../external-configuration-store.md) | Move configuration information out of the application deployment package to a centralized location. | +| [Gateway Aggregation](../gateway-aggregation.md) | Use a gateway to aggregate multiple individual requests into a single request. | +| [Gateway Offloading](../gateway-offloading.md) | Offload shared or specialized service functionality to a gateway proxy. | +| [Gateway Routing](../gateway-routing.md) | Route requests to multiple services using a single endpoint. | +| [Leader Election](../leader-election.md) | Coordinate the actions performed by a collection of collaborating task instances in a distributed application by electing one instance as the leader that assumes responsibility for managing the other instances. | +| [Pipes and Filters](../pipes-and-filters.md) | Break down a task that performs complex processing into a series of separate elements that can be reused. | +| [Sidecar](../sidecar.md) | Deploy components of an application into a separate process or container to provide isolation and encapsulation. | +| [Static Content Hosting](../static-content-hosting.md) | Deploy static content to a cloud-based storage service that can deliver them directly to the client. | +| [Strangler](../strangler.md) | Incrementally migrate a legacy system by gradually replacing specific pieces of functionality with new applications and services. | + diff --git a/docs/patterns/category/management-monitoring.md b/docs/patterns/category/management-monitoring.md index e0aefc02e9e..1a6f3844ef1 100644 --- a/docs/patterns/category/management-monitoring.md +++ b/docs/patterns/category/management-monitoring.md @@ -12,14 +12,16 @@ pnp.series.title: Cloud Design Patterns Cloud applications run in in a remote datacenter where you do not have full control of the infrastructure or, in some cases, the operating system. This can make management and monitoring more difficult than an on-premises deployment. Applications must expose runtime information that administrators and operators can use to manage and monitor the system, as well as supporting changing business requirements and customization without requiring the application to be stopped or redeployed. -| Pattern | Summary | -| ------- | ------- | -| [Ambassador](../ambassador.md) | Create helper services that send network requests on behalf of a consumer service or application. | -| [Anti-Corruption Layer](../anti-corruption-layer.md) | Implement a façade or adapter layer between a modern application and a legacy system. | -| [External Configuration Store](../external-configuration-store.md) | Move configuration information out of the application deployment package to a centralized location. | -| [Gateway Aggregation](../gateway-aggregation.md) | Use a gateway to aggregate multiple individual requests into a single request. | -| [Gateway Offloading](../gateway-offloading.md) | Offload shared or specialized service functionality to a gateway proxy. | -| [Gateway Routing](../gateway-routing.md) | Route requests to multiple services using a single endpoint. | -| [Health Endpoint Monitoring](../health-endpoint-monitoring.md) | Implement functional checks in an application that external tools can access through exposed endpoints at regular intervals. | -| [Sidecar](../sidecar.md) | Deploy components of an application into a separate process or container to provide isolation and encapsulation. | -| [Strangler](../strangler.md) | Incrementally migrate a legacy system by gradually replacing specific pieces of functionality with new applications and services. | + +| Pattern | Summary | +|--------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------| +| [Ambassador](../ambassador.md) | Create helper services that send network requests on behalf of a consumer service or application. | +| [Anti-Corruption Layer](../anti-corruption-layer.md) | Implement a façade or adapter layer between a modern application and a legacy system. | +| [External Configuration Store](../external-configuration-store.md) | Move configuration information out of the application deployment package to a centralized location. | +| [Gateway Aggregation](../gateway-aggregation.md) | Use a gateway to aggregate multiple individual requests into a single request. | +| [Gateway Offloading](../gateway-offloading.md) | Offload shared or specialized service functionality to a gateway proxy. | +| [Gateway Routing](../gateway-routing.md) | Route requests to multiple services using a single endpoint. | +| [Health Endpoint Monitoring](../health-endpoint-monitoring.md) | Implement functional checks in an application that external tools can access through exposed endpoints at regular intervals. | +| [Sidecar](../sidecar.md) | Deploy components of an application into a separate process or container to provide isolation and encapsulation. | +| [Strangler](../strangler.md) | Incrementally migrate a legacy system by gradually replacing specific pieces of functionality with new applications and services. | + diff --git a/docs/patterns/category/messaging.md b/docs/patterns/category/messaging.md index 0166aec3a87..34e5dd4bcf4 100644 --- a/docs/patterns/category/messaging.md +++ b/docs/patterns/category/messaging.md @@ -14,10 +14,12 @@ pnp.series.title: Cloud Design Patterns The distributed nature of cloud applications requires a messaging infrastructure that connects the components and services, ideally in a loosely coupled manner in order to maximize scalability. Asynchronous messaging is widely used, and provides many benefits, but also brings challenges such as the ordering of messages, poison message management, idempotency, and more. -| Pattern | Summary | -| ------- | ------- | -| [Competing Consumers](../competing-consumers.md) | Enable multiple concurrent consumers to process messages received on the same messaging channel. | -| [Pipes and Filters](../pipes-and-filters.md) | Break down a task that performs complex processing into a series of separate elements that can be reused. | -| [Priority Queue](../priority-queue.md) | Prioritize requests sent to services so that requests with a higher priority are received and processed more quickly than those with a lower priority. | -| [Queue-Based Load Leveling](../queue-based-load-leveling.md) | Use a queue that acts as a buffer between a task and a service that it invokes in order to smooth intermittent heavy loads. | -| [Scheduler Agent Supervisor](../scheduler-agent-supervisor.md) | Coordinate a set of actions across a distributed set of services and other remote resources. | \ No newline at end of file + +| Pattern | Summary | +|----------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------| +| [Competing Consumers](../competing-consumers.md) | Enable multiple concurrent consumers to process messages received on the same messaging channel. | +| [Pipes and Filters](../pipes-and-filters.md) | Break down a task that performs complex processing into a series of separate elements that can be reused. | +| [Priority Queue](../priority-queue.md) | Prioritize requests sent to services so that requests with a higher priority are received and processed more quickly than those with a lower priority. | +| [Queue-Based Load Leveling](../queue-based-load-leveling.md) | Use a queue that acts as a buffer between a task and a service that it invokes in order to smooth intermittent heavy loads. | +| [Scheduler Agent Supervisor](../scheduler-agent-supervisor.md) | Coordinate a set of actions across a distributed set of services and other remote resources. | + diff --git a/docs/patterns/category/performance-scalability.md b/docs/patterns/category/performance-scalability.md index b366ba7becf..95501851f6a 100644 --- a/docs/patterns/category/performance-scalability.md +++ b/docs/patterns/category/performance-scalability.md @@ -14,15 +14,17 @@ pnp.series.title: Cloud Design Patterns Performance is an indication of the responsiveness of a system to execute any action within a given time interval, while scalability is ability of a system either to handle increases in load without impact on performance or for the available resources to be readily increased. Cloud applications typically encounter variable workloads and peaks in activity. Predicting these, especially in a multi-tenant scenario, is almost impossible. Instead, applications should be able to scale out within limits to meet peaks in demand, and scale in when demand decreases. Scalability concerns not just compute instances, but other elements such as data storage, messaging infrastructure, and more. -| Pattern | Summary | -| ------- | ------- | -| [Cache-Aside](../cache-aside.md) | Load data on demand into a cache from a data store | -| [CQRS](../cqrs.md) | Segregate operations that read data from operations that update data by using separate interfaces. | -| [Event Sourcing](../event-sourcing.md) | Use an append-only store to record the full series of events that describe actions taken on data in a domain. | -| [Index Table](../index-table.md) | Create indexes over the fields in data stores that are frequently referenced by queries. | -| [Materialized View](../materialized-view.md) | Generate prepopulated views over the data in one or more data stores when the data isn't ideally formatted for required query operations. | -| [Priority Queue](../priority-queue.md) | Prioritize requests sent to services so that requests with a higher priority are received and processed more quickly than those with a lower priority. | -| [Queue-Based Load Leveling](../queue-based-load-leveling.md) | Use a queue that acts as a buffer between a task and a service that it invokes in order to smooth intermittent heavy loads. | -| [Sharding](../sharding.md) | Divide a data store into a set of horizontal partitions or shards. | -| [Static Content Hosting](../static-content-hosting.md) | Deploy static content to a cloud-based storage service that can deliver them directly to the client. | -| [Throttling](../throttling.md) | Control the consumption of resources used by an instance of an application, an individual tenant, or an entire service. | \ No newline at end of file + +| Pattern | Summary | +|--------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------| +| [Cache-Aside](../cache-aside.md) | Load data on demand into a cache from a data store | +| [CQRS](../cqrs.md) | Segregate operations that read data from operations that update data by using separate interfaces. | +| [Event Sourcing](../event-sourcing.md) | Use an append-only store to record the full series of events that describe actions taken on data in a domain. | +| [Index Table](../index-table.md) | Create indexes over the fields in data stores that are frequently referenced by queries. | +| [Materialized View](../materialized-view.md) | Generate prepopulated views over the data in one or more data stores when the data isn't ideally formatted for required query operations. | +| [Priority Queue](../priority-queue.md) | Prioritize requests sent to services so that requests with a higher priority are received and processed more quickly than those with a lower priority. | +| [Queue-Based Load Leveling](../queue-based-load-leveling.md) | Use a queue that acts as a buffer between a task and a service that it invokes in order to smooth intermittent heavy loads. | +| [Sharding](../sharding.md) | Divide a data store into a set of horizontal partitions or shards. | +| [Static Content Hosting](../static-content-hosting.md) | Deploy static content to a cloud-based storage service that can deliver them directly to the client. | +| [Throttling](../throttling.md) | Control the consumption of resources used by an instance of an application, an individual tenant, or an entire service. | + diff --git a/docs/patterns/category/resiliency.md b/docs/patterns/category/resiliency.md index a91a6cf88c5..15d4309f32b 100644 --- a/docs/patterns/category/resiliency.md +++ b/docs/patterns/category/resiliency.md @@ -12,13 +12,15 @@ pnp.series.title: Cloud Design Patterns Resiliency is the ability of a system to gracefully handle and recover from failures. The nature of cloud hosting, where applications are often multi-tenant, use shared platform services, compete for resources and bandwidth, communicate over the Internet, and run on commodity hardware means there is an increased likelihood that both transient and more permanent faults will arise. Detecting failures, and recovering quickly and efficiently, is necessary to maintain resiliency. -| Pattern | Summary | -| ------- | ------- | -| [Bulkhead](../bulkhead.md) | Isolate elements of an application into pools so that if one fails, the others will continue to function. | -| [Circuit Breaker](../circuit-breaker.md) | Handle faults that might take a variable amount of time to fix when connecting to a remote service or resource. | -| [Compensating Transaction](../compensating-transaction.md) | Undo the work performed by a series of steps, which together define an eventually consistent operation. | -| [Health Endpoint Monitoring](../health-endpoint-monitoring.md) | Implement functional checks in an application that external tools can access through exposed endpoints at regular intervals. | -| [Leader Election](../leader-election.md) | Coordinate the actions performed by a collection of collaborating task instances in a distributed application by electing one instance as the leader that assumes responsibility for managing the other instances. | -| [Queue-Based Load Leveling](../queue-based-load-leveling.md) | Use a queue that acts as a buffer between a task and a service that it invokes in order to smooth intermittent heavy loads. | -| [Retry](../retry.md) | Enable an application to handle anticipated, temporary failures when it tries to connect to a service or network resource by transparently retrying an operation that's previously failed. | -| [Scheduler Agent Supervisor](../scheduler-agent-supervisor.md) | Coordinate a set of actions across a distributed set of services and other remote resources. | \ No newline at end of file + +| Pattern | Summary | +|----------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| [Bulkhead](../bulkhead.md) | Isolate elements of an application into pools so that if one fails, the others will continue to function. | +| [Circuit Breaker](../circuit-breaker.md) | Handle faults that might take a variable amount of time to fix when connecting to a remote service or resource. | +| [Compensating Transaction](../compensating-transaction.md) | Undo the work performed by a series of steps, which together define an eventually consistent operation. | +| [Health Endpoint Monitoring](../health-endpoint-monitoring.md) | Implement functional checks in an application that external tools can access through exposed endpoints at regular intervals. | +| [Leader Election](../leader-election.md) | Coordinate the actions performed by a collection of collaborating task instances in a distributed application by electing one instance as the leader that assumes responsibility for managing the other instances. | +| [Queue-Based Load Leveling](../queue-based-load-leveling.md) | Use a queue that acts as a buffer between a task and a service that it invokes in order to smooth intermittent heavy loads. | +| [Retry](../retry.md) | Enable an application to handle anticipated, temporary failures when it tries to connect to a service or network resource by transparently retrying an operation that's previously failed. | +| [Scheduler Agent Supervisor](../scheduler-agent-supervisor.md) | Coordinate a set of actions across a distributed set of services and other remote resources. | + diff --git a/docs/patterns/category/security.md b/docs/patterns/category/security.md index 37f334c6d47..61e8521d202 100644 --- a/docs/patterns/category/security.md +++ b/docs/patterns/category/security.md @@ -14,8 +14,10 @@ pnp.series.title: Cloud Design Patterns Security is the capability of a system to prevent malicious or accidental actions outside of the designed usage, and to prevent disclosure or loss of information. Cloud applications are exposed on the Internet outside trusted on-premises boundaries, are often open to the public, and may serve untrusted users. Applications must be designed and deployed in a way that protects them from malicious attacks, restricts access to only approved users, and protects sensitive data. -| Pattern | Summary | -| ------- | ------- | -| [Federated Identity](../federated-identity.md) | Delegate authentication to an external identity provider. | -| [Gatekeeper](../gatekeeper.md) | Protect applications and services by using a dedicated host instance that acts as a broker between clients and the application or service, validates and sanitizes requests, and passes requests and data between them. | -| [Valet Key](../valet-key.md) | Use a token or key that provides clients with restricted direct access to a specific resource or service. | \ No newline at end of file + +| Pattern | Summary | +|------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| [Federated Identity](../federated-identity.md) | Delegate authentication to an external identity provider. | +| [Gatekeeper](../gatekeeper.md) | Protect applications and services by using a dedicated host instance that acts as a broker between clients and the application or service, validates and sanitizes requests, and passes requests and data between them. | +| [Valet Key](../valet-key.md) | Use a token or key that provides clients with restricted direct access to a specific resource or service. | + diff --git a/docs/patterns/gateway-offloading.md b/docs/patterns/gateway-offloading.md index 5a8ce64d765..675f7184e63 100644 --- a/docs/patterns/gateway-offloading.md +++ b/docs/patterns/gateway-offloading.md @@ -57,25 +57,25 @@ Using Nginx as the SSL offload appliance, the following configuration terminates ``` upstream iis { - server 10.3.0.10 max_fails=3 fail_timeout=15s; - server 10.3.0.20 max_fails=3 fail_timeout=15s; - server 10.3.0.30 max_fails=3 fail_timeout=15s; + server 10.3.0.10 max_fails=3 fail_timeout=15s; + server 10.3.0.20 max_fails=3 fail_timeout=15s; + server 10.3.0.30 max_fails=3 fail_timeout=15s; } server { - listen 443; - ssl on; - ssl_certificate /etc/nginx/ssl/domain.cer; - ssl_certificate_key /etc/nginx/ssl/domain.key; - - location / { - set $targ iis; - proxy_pass http://$targ; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; + listen 443; + ssl on; + ssl_certificate /etc/nginx/ssl/domain.cer; + ssl_certificate_key /etc/nginx/ssl/domain.key; + + location / { + set $targ iis; + proxy_pass http://$targ; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - } + proxy_set_header Host $host; + } } ``` diff --git a/docs/patterns/health-endpoint-monitoring.md b/docs/patterns/health-endpoint-monitoring.md index 564e795114e..6a5fa2d7d55 100644 --- a/docs/patterns/health-endpoint-monitoring.md +++ b/docs/patterns/health-endpoint-monitoring.md @@ -76,9 +76,9 @@ How to configure security for the monitoring endpoints to protect them from publ - Secure the endpoint by requiring authentication. You can do this by using an authentication security key in the request header or by passing credentials with the request, provided that the monitoring service or tool supports authentication. - - Use an obscure or hidden endpoint. For example, expose the endpoint on a different IP address to that used by the default application URL, configure the endpoint on a nonstandard HTTP port, and/or use a complex path to the test page. You can usually specify additional endpoint addresses and ports in the application configuration, and add entries for these endpoints to the DNS server if required to avoid having to specify the IP address directly. + - Use an obscure or hidden endpoint. For example, expose the endpoint on a different IP address to that used by the default application URL, configure the endpoint on a nonstandard HTTP port, and/or use a complex path to the test page. You can usually specify additional endpoint addresses and ports in the application configuration, and add entries for these endpoints to the DNS server if required to avoid having to specify the IP address directly. - - Expose a method on an endpoint that accepts a parameter such as a key value or an operation mode value. Depending on the value supplied for this parameter, when a request is received the code can perform a specific test or set of tests, or return a 404 (Not Found) error if the parameter value isn't recognized. The recognized parameter values could be set in the application configuration. + - Expose a method on an endpoint that accepts a parameter such as a key value or an operation mode value. Depending on the value supplied for this parameter, when a request is received the code can perform a specific test or set of tests, or return a 404 (Not Found) error if the parameter value isn't recognized. The recognized parameter values could be set in the application configuration. > DoS attacks are likely to have less impact on a separate endpoint that performs basic functional tests without compromising the operation of the application. Ideally, avoid using a test that might expose sensitive information. If you must return information that might be useful to an attacker, consider how you'll protect the endpoint and the data from unauthorized access. In this case just relying on obscurity isn't enough. You should also consider using an HTTPS connection and encrypting any sensitive data, although this will increase the load on the server. diff --git a/docs/patterns/index.liquid.md b/docs/patterns/index.liquid.md index 97cdd2f6e1b..f892d78c9a9 100644 --- a/docs/patterns/index.liquid.md +++ b/docs/patterns/index.liquid.md @@ -24,7 +24,9 @@ Each pattern describes the problem that the pattern addresses, considerations fo ## Catalog of patterns | Pattern | Summary | -| ------- | ------- | +|---------|---------| +| | | + {%- for pattern in patterns %} | [{{ pattern.title }}](./{{ pattern.file }}) | {{ pattern.description }} | {%- endfor %} \ No newline at end of file diff --git a/docs/patterns/index.md b/docs/patterns/index.md index 99c25bdb46c..5bb6654ed91 100644 --- a/docs/patterns/index.md +++ b/docs/patterns/index.md @@ -72,37 +72,38 @@ Each pattern describes the problem that the pattern addresses, considerations fo ## Catalog of patterns -| Pattern | Summary | -| ------- | ------- | -| [Ambassador](./ambassador.md) | Create helper services that send network requests on behalf of a consumer service or application. | -| [Anti-Corruption Layer](./anti-corruption-layer.md) | Implement a façade or adapter layer between a modern application and a legacy system. | -| [Backends for Frontends](./backends-for-frontends.md) | Create separate backend services to be consumed by specific frontend applications or interfaces. | -| [Bulkhead](./bulkhead.md) | Isolate elements of an application into pools so that if one fails, the others will continue to function. | -| [Cache-Aside](./cache-aside.md) | Load data on demand into a cache from a data store | -| [Circuit Breaker](./circuit-breaker.md) | Handle faults that might take a variable amount of time to fix when connecting to a remote service or resource. | -| [CQRS](./cqrs.md) | Segregate operations that read data from operations that update data by using separate interfaces. | -| [Compensating Transaction](./compensating-transaction.md) | Undo the work performed by a series of steps, which together define an eventually consistent operation. | -| [Competing Consumers](./competing-consumers.md) | Enable multiple concurrent consumers to process messages received on the same messaging channel. | -| [Compute Resource Consolidation](./compute-resource-consolidation.md) | Consolidate multiple tasks or operations into a single computational unit | -| [Event Sourcing](./event-sourcing.md) | Use an append-only store to record the full series of events that describe actions taken on data in a domain. | -| [External Configuration Store](./external-configuration-store.md) | Move configuration information out of the application deployment package to a centralized location. | -| [Federated Identity](./federated-identity.md) | Delegate authentication to an external identity provider. | -| [Gatekeeper](./gatekeeper.md) | Protect applications and services by using a dedicated host instance that acts as a broker between clients and the application or service, validates and sanitizes requests, and passes requests and data between them. | -| [Gateway Aggregation](./gateway-aggregation.md) | Use a gateway to aggregate multiple individual requests into a single request. | -| [Gateway Offloading](./gateway-offloading.md) | Offload shared or specialized service functionality to a gateway proxy. | -| [Gateway Routing](./gateway-routing.md) | Route requests to multiple services using a single endpoint. | -| [Health Endpoint Monitoring](./health-endpoint-monitoring.md) | Implement functional checks in an application that external tools can access through exposed endpoints at regular intervals. | -| [Index Table](./index-table.md) | Create indexes over the fields in data stores that are frequently referenced by queries. | -| [Leader Election](./leader-election.md) | Coordinate the actions performed by a collection of collaborating task instances in a distributed application by electing one instance as the leader that assumes responsibility for managing the other instances. | -| [Materialized View](./materialized-view.md) | Generate prepopulated views over the data in one or more data stores when the data isn't ideally formatted for required query operations. | -| [Pipes and Filters](./pipes-and-filters.md) | Break down a task that performs complex processing into a series of separate elements that can be reused. | -| [Priority Queue](./priority-queue.md) | Prioritize requests sent to services so that requests with a higher priority are received and processed more quickly than those with a lower priority. | -| [Queue-Based Load Leveling](./queue-based-load-leveling.md) | Use a queue that acts as a buffer between a task and a service that it invokes in order to smooth intermittent heavy loads. | -| [Retry](./retry.md) | Enable an application to handle anticipated, temporary failures when it tries to connect to a service or network resource by transparently retrying an operation that's previously failed. | -| [Scheduler Agent Supervisor](./scheduler-agent-supervisor.md) | Coordinate a set of actions across a distributed set of services and other remote resources. | -| [Sharding](./sharding.md) | Divide a data store into a set of horizontal partitions or shards. | -| [Sidecar](./sidecar.md) | Deploy components of an application into a separate process or container to provide isolation and encapsulation. | -| [Static Content Hosting](./static-content-hosting.md) | Deploy static content to a cloud-based storage service that can deliver them directly to the client. | -| [Strangler](./strangler.md) | Incrementally migrate a legacy system by gradually replacing specific pieces of functionality with new applications and services. | -| [Throttling](./throttling.md) | Control the consumption of resources used by an instance of an application, an individual tenant, or an entire service. | -| [Valet Key](./valet-key.md) | Use a token or key that provides clients with restricted direct access to a specific resource or service. | \ No newline at end of file +| Pattern | Summary | +|-----------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| [Ambassador](./ambassador.md) | Create helper services that send network requests on behalf of a consumer service or application. | +| [Anti-Corruption Layer](./anti-corruption-layer.md) | Implement a façade or adapter layer between a modern application and a legacy system. | +| [Backends for Frontends](./backends-for-frontends.md) | Create separate backend services to be consumed by specific frontend applications or interfaces. | +| [Bulkhead](./bulkhead.md) | Isolate elements of an application into pools so that if one fails, the others will continue to function. | +| [Cache-Aside](./cache-aside.md) | Load data on demand into a cache from a data store | +| [Circuit Breaker](./circuit-breaker.md) | Handle faults that might take a variable amount of time to fix when connecting to a remote service or resource. | +| [CQRS](./cqrs.md) | Segregate operations that read data from operations that update data by using separate interfaces. | +| [Compensating Transaction](./compensating-transaction.md) | Undo the work performed by a series of steps, which together define an eventually consistent operation. | +| [Competing Consumers](./competing-consumers.md) | Enable multiple concurrent consumers to process messages received on the same messaging channel. | +| [Compute Resource Consolidation](./compute-resource-consolidation.md) | Consolidate multiple tasks or operations into a single computational unit | +| [Event Sourcing](./event-sourcing.md) | Use an append-only store to record the full series of events that describe actions taken on data in a domain. | +| [External Configuration Store](./external-configuration-store.md) | Move configuration information out of the application deployment package to a centralized location. | +| [Federated Identity](./federated-identity.md) | Delegate authentication to an external identity provider. | +| [Gatekeeper](./gatekeeper.md) | Protect applications and services by using a dedicated host instance that acts as a broker between clients and the application or service, validates and sanitizes requests, and passes requests and data between them. | +| [Gateway Aggregation](./gateway-aggregation.md) | Use a gateway to aggregate multiple individual requests into a single request. | +| [Gateway Offloading](./gateway-offloading.md) | Offload shared or specialized service functionality to a gateway proxy. | +| [Gateway Routing](./gateway-routing.md) | Route requests to multiple services using a single endpoint. | +| [Health Endpoint Monitoring](./health-endpoint-monitoring.md) | Implement functional checks in an application that external tools can access through exposed endpoints at regular intervals. | +| [Index Table](./index-table.md) | Create indexes over the fields in data stores that are frequently referenced by queries. | +| [Leader Election](./leader-election.md) | Coordinate the actions performed by a collection of collaborating task instances in a distributed application by electing one instance as the leader that assumes responsibility for managing the other instances. | +| [Materialized View](./materialized-view.md) | Generate prepopulated views over the data in one or more data stores when the data isn't ideally formatted for required query operations. | +| [Pipes and Filters](./pipes-and-filters.md) | Break down a task that performs complex processing into a series of separate elements that can be reused. | +| [Priority Queue](./priority-queue.md) | Prioritize requests sent to services so that requests with a higher priority are received and processed more quickly than those with a lower priority. | +| [Queue-Based Load Leveling](./queue-based-load-leveling.md) | Use a queue that acts as a buffer between a task and a service that it invokes in order to smooth intermittent heavy loads. | +| [Retry](./retry.md) | Enable an application to handle anticipated, temporary failures when it tries to connect to a service or network resource by transparently retrying an operation that's previously failed. | +| [Scheduler Agent Supervisor](./scheduler-agent-supervisor.md) | Coordinate a set of actions across a distributed set of services and other remote resources. | +| [Sharding](./sharding.md) | Divide a data store into a set of horizontal partitions or shards. | +| [Sidecar](./sidecar.md) | Deploy components of an application into a separate process or container to provide isolation and encapsulation. | +| [Static Content Hosting](./static-content-hosting.md) | Deploy static content to a cloud-based storage service that can deliver them directly to the client. | +| [Strangler](./strangler.md) | Incrementally migrate a legacy system by gradually replacing specific pieces of functionality with new applications and services. | +| [Throttling](./throttling.md) | Control the consumption of resources used by an instance of an application, an individual tenant, or an entire service. | +| [Valet Key](./valet-key.md) | Use a token or key that provides clients with restricted direct access to a specific resource or service. | + diff --git a/docs/patterns/leader-election.md b/docs/patterns/leader-election.md index 63e309e198d..bb257977ec4 100644 --- a/docs/patterns/leader-election.md +++ b/docs/patterns/leader-election.md @@ -66,9 +66,9 @@ This pattern might not be useful if: The DistributedMutex project in the LeaderElection solution (a sample that demonstrates this pattern is available on [GitHub](https://github.com/mspnp/cloud-design-patterns/tree/master/leader-election)) shows how to use a lease on an Azure Storage blob to provide a mechanism for implementing a shared, distributed mutex. This mutex can be used to elect a leader among a group of role instances in an Azure cloud service. The first role instance to acquire the lease is elected the leader, and remains the leader until it releases the lease or isn't able to renew the lease. Other role instances can continue to monitor the blob lease in case the leader is no longer available. > A blob lease is an exclusive write lock over a blob. A single blob can be the subject of only one lease at any point in time. A role instance can request a lease over a specified blob, and it'll be granted the lease if no other role instance holds a lease over the same blob. Otherwise the request will throw an exception. - +> > To avoid a faulted role instance retaining the lease indefinitely, specify a lifetime for the lease. When this expires, the lease becomes available. However, while a role instance holds the lease it can request that the lease is renewed, and it'll be granted the lease for a further period of time. The role instance can continually repeat this process if it wants to retain the lease. -For more information on how to lease a blob, see [Lease Blob (REST API)](https://msdn.microsoft.com/library/azure/ee691972.aspx). +> For more information on how to lease a blob, see [Lease Blob (REST API)](https://msdn.microsoft.com/library/azure/ee691972.aspx). The `BlobDistributedMutex` class in the C# example below contains the `RunTaskWhenMutexAquired` method that enables a role instance to attempt to acquire a lease over a specified blob. The details of the blob (the name, container, and storage account) are passed to the constructor in a `BlobSettings` object when the `BlobDistributedMutex` object is created (this object is a simple struct that is included in the sample code). The constructor also accepts a `Task` that references the code that the role instance should run if it successfully acquires the lease over the blob and is elected the leader. Note that the code that handles the low-level details of acquiring the lease is implemented in a separate helper class named `BlobLeaseManager`. diff --git a/docs/patterns/pipes-and-filters.md b/docs/patterns/pipes-and-filters.md index 066664a33c9..d204cc2304c 100644 --- a/docs/patterns/pipes-and-filters.md +++ b/docs/patterns/pipes-and-filters.md @@ -269,7 +269,7 @@ public class FinalReceiverRoleEntry : RoleEntryPoint } ``` -##Related patterns and guidance +## Related patterns and guidance The following patterns and guidance might also be relevant when implementing this pattern: - A sample that demonstrates this pattern is available on [GitHub](https://github.com/mspnp/cloud-design-patterns/tree/master/pipes-and-filters). diff --git a/docs/patterns/static-content-hosting.md b/docs/patterns/static-content-hosting.md index 01bf077af12..64dd8509d86 100644 --- a/docs/patterns/static-content-hosting.md +++ b/docs/patterns/static-content-hosting.md @@ -93,6 +93,7 @@ A solution named StaticContentHosting that demonstrates using external storage f ```xml + ``` diff --git a/docs/reference-architectures/app-service-web-app/basic-web-app.md b/docs/reference-architectures/app-service-web-app/basic-web-app.md index 8b10090c1f4..d042c0e57ee 100644 --- a/docs/reference-architectures/app-service-web-app/basic-web-app.md +++ b/docs/reference-architectures/app-service-web-app/basic-web-app.md @@ -154,7 +154,7 @@ Tips for troubleshooting your application: * Use the [troubleshoot blade][troubleshoot-blade] in the Azure portal to find solutions to common problems. * Enable [log streaming][web-app-log-stream] to see logging information in near-real time. -* The [Kudu dashboard][kudu] has several tools for monitoring and debugging your application. For more information, see [Azure Websites online tools you should know about][kudu] (blog post). You can reach the Kudu dashboard from the Azure portal. Open the blade for your app and click **Tools**, then click **Kudu**. +* The [Kudu dashboard][kudu] has several tools for monitoring and debugging your application. For more information, see [Azure Websites online tools you should know about][kudu] (blog post). You can reach the Kudu dashboard from the Azure portal. Open the blade for your app and click Tools, then click Kudu. * If you use Visual Studio, see the article [Troubleshoot a web app in Azure App Service using Visual Studio][troubleshoot-web-app] for debugging and troubleshooting tips. ## Security considerations diff --git a/docs/reference-architectures/app-service-web-app/index.md b/docs/reference-architectures/app-service-web-app/index.md index 3ab7c36645f..40cf15d91f9 100644 --- a/docs/reference-architectures/app-service-web-app/index.md +++ b/docs/reference-architectures/app-service-web-app/index.md @@ -4,7 +4,9 @@ description: Recommended architectures for a web applications running in Microso layout: LandingPage --- + + # App Service web application diff --git a/docs/reference-architectures/app-service-web-app/scalable-web-app.md b/docs/reference-architectures/app-service-web-app/scalable-web-app.md index 16a9f09e40c..d7deb37e79e 100644 --- a/docs/reference-architectures/app-service-web-app/scalable-web-app.md +++ b/docs/reference-architectures/app-service-web-app/scalable-web-app.md @@ -26,7 +26,7 @@ This architecture builds on the one shown in [Basic web application][basic-web-a * **WebJob**. Use [Azure WebJobs][webjobs] to run long-running tasks in the background. WebJobs can run on a schedule, continously, or in response to a trigger, such as putting a message on a queue. A WebJob runs as a background process in the context of an App Service app. * **Queue**. In the architecture shown here, the application queues background tasks by putting a message onto an [Azure Queue storage][queue-storage] queue. The message triggers a function in the WebJob. Alternatively, you can use Service Bus queues. For a comparison, see [Azure Queues and Service Bus queues - compared and contrasted][queues-compared]. * **Cache**. Store semi-static data in [Azure Redis Cache][azure-redis]. -* **CDN**. Use [Azure Content Delivery Network][azure-cdn] (CDN) to cache publicly available content for lower latency and faster delivery of content. +* CDN. Use [Azure Content Delivery Network][azure-cdn] (CDN) to cache publicly available content for lower latency and faster delivery of content. * **Data storage**. Use [Azure SQL Database][sql-db] for relational data. For non-relational data, consider a NoSQL store, such as [Cosmos DB][cosmosdb]. * **Azure Search**. Use [Azure Search][azure-search] to add search functionality such as search suggestions, fuzzy search, and language-specific search. Azure Search is typically used in conjunction with another data store, especially if the primary data store requires strict consistency. In this approach, store authoritative data in the other data store and the search index in Azure Search. Azure Search can also be used to consolidate a single search index from multiple data stores. * **Email/SMS**. Use a third-party service such as SendGrid or Twilio to send email or SMS messages instead of building this functionality directly into the application. diff --git a/docs/reference-architectures/dmz/index.md b/docs/reference-architectures/dmz/index.md index e0ee58413ba..71f10b7a786 100644 --- a/docs/reference-architectures/dmz/index.md +++ b/docs/reference-architectures/dmz/index.md @@ -4,7 +4,9 @@ description: Explains and compares the different methods available for protectin layout: LandingPage --- + + # Network DMZ diff --git a/docs/reference-architectures/dmz/nva-ha.md b/docs/reference-architectures/dmz/nva-ha.md index b968767d900..8956ee4c296 100644 --- a/docs/reference-architectures/dmz/nva-ha.md +++ b/docs/reference-architectures/dmz/nva-ha.md @@ -12,7 +12,7 @@ cardTitle: Deploy highly available network virtual appliances This article shows how to deploy a set of network virtual appliances (NVAs) for high availability in Azure. An NVA is typically used to control the flow of network traffic from a perimeter network, also known as a DMZ, to other networks or subnets. To learn about implementing a DMZ in Azure, see [Microsoft cloud services and network security][cloud-security]. The article includes example architectures for ingress only, egress only, and both ingress and egress. -**Prerequisites:** This article assumes a basic understanding of Azure networking, [Azure load balancers][lb-overview], and [user-defined routes][udr-overview] (UDRs). +Prerequisites: This article assumes a basic understanding of Azure networking, [Azure load balancers][lb-overview], and [user-defined routes][udr-overview] (UDRs). ## Architecture Diagrams @@ -89,6 +89,7 @@ The preceding figure shows an example [ZooKeeper][zookeeper] cluster providing a * Learn how to [implement a DMZ between Azure and the Internet][dmz-internet] using layer-7 NVAs. + [cloud-security]: /azure/best-practices-network-security [dmz-on-prem]: ./secure-vnet-hybrid.md [dmz-internet]: ./secure-vnet-dmz.md @@ -102,6 +103,7 @@ The preceding figure shows an example [ZooKeeper][zookeeper] cluster providing a [zookeeper]: https://zookeeper.apache.org/ + [0]: ./images/nva-ha/single-nva.png "Single NVA architecture" [1]: ./images/nva-ha/l7-ingress.png "Layer 7 ingress" [2]: ./images/nva-ha/l7-ingress-egress.png "Layer 7 egress" diff --git a/docs/reference-architectures/dmz/secure-vnet-hybrid.md b/docs/reference-architectures/dmz/secure-vnet-hybrid.md index 97f2a6f6737..6c922faf3e0 100644 --- a/docs/reference-architectures/dmz/secure-vnet-hybrid.md +++ b/docs/reference-architectures/dmz/secure-vnet-hybrid.md @@ -176,7 +176,7 @@ A deployment for a reference architecture that implements these recommendations * For more information about managing network security with Azure, see [Microsoft cloud services and network security][cloud-services-network-security]. * For detailed information about protecting resources in Azure, see [Getting started with Microsoft Azure security][getting-started-with-azure-security]. * For additional details on addressing security concerns across an Azure gateway connection, see [Implementing a hybrid network architecture with Azure and on-premises VPN][guidance-vpn-gateway-security] and [Implementing a hybrid network architecture with Azure ExpressRoute][guidance-expressroute-security]. -> + > diff --git a/docs/reference-architectures/hybrid-networking/considerations.md b/docs/reference-architectures/hybrid-networking/considerations.md index 3897e0df13f..c4690598a22 100644 --- a/docs/reference-architectures/hybrid-networking/considerations.md +++ b/docs/reference-architectures/hybrid-networking/considerations.md @@ -65,6 +65,7 @@ This architecture is suitable for hybrid applications that need the higher bandw **[Read more...][expressroute-vpn-failover]** + [expressroute]: ./expressroute.md [expressroute-vpn-failover]: ./expressroute-vpn-failover.md [vpn]: ./vpn.md \ No newline at end of file diff --git a/docs/reference-architectures/hybrid-networking/expressroute.md b/docs/reference-architectures/hybrid-networking/expressroute.md index f2855ffa2bc..43e5a5a3762 100644 --- a/docs/reference-architectures/hybrid-networking/expressroute.md +++ b/docs/reference-architectures/hybrid-networking/expressroute.md @@ -263,6 +263,7 @@ To deploy the solution, perform the following steps. + [forced-tuneling]: ../dmz/secure-vnet-hybrid.md [highly-available-network-architecture]: ./expressroute-vpn-failover.md diff --git a/docs/reference-architectures/hybrid-networking/hub-spoke.md b/docs/reference-architectures/hybrid-networking/hub-spoke.md index b3f744f334b..629c57add3f 100644 --- a/docs/reference-architectures/hybrid-networking/hub-spoke.md +++ b/docs/reference-architectures/hybrid-networking/hub-spoke.md @@ -120,9 +120,9 @@ Before you can deploy the reference architecture to your own subscription, you m 4. From a command prompt, bash prompt, or PowerShell prompt, login to your Azure account by using the command below, and follow the prompts. - ```bash - az login - ``` + ```bash + az login + ``` ### Deploy the simulated on-premises datacenter using azbb @@ -132,20 +132,20 @@ To deploy the simulated on-premises datacenter as an Azure VNet, follow these st 2. Open the `onprem.json` file and enter a username and password between the quotes in line 36 and 37, as shown below, then save the file. - ```bash - "adminUsername": "XXX", - "adminPassword": "YYY", - ``` + ```bash + "adminUsername": "XXX", + "adminPassword": "YYY", + ``` 3. On line 38, for `osType`, type `Windows` or `Linux` to install either Windows Server 2016 Datacenter, or Ubuntu 16.04 as the operating system for the jumpbox. 4. Run `azbb` to deploy the simulated onprem environment as shown below. - ```bash - azbb -s -g onprem-vnet-rg - l -p onoprem.json --deploy - ``` - > [!NOTE] - > If you decide to use a different resource group name (other than `onprem-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. + ```bash + azbb -s -g onprem-vnet-rg - l -p onoprem.json --deploy + ``` + > [!NOTE] + > If you decide to use a different resource group name (other than `onprem-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. 5. Wait for the deployment to finish. This deployment creates a virtual network, a virtual machine, and a VPN gateway. The VPN gateway creation can take more than 40 minutes to complete. @@ -155,26 +155,26 @@ To deploy the hub VNet, and connect to the simulated on-premises VNet created ab 1. Open the `hub-vnet.json` file and enter a username and password between the quotes in line 39 and 40, as shown below. - ```bash - "adminUsername": "XXX", - "adminPassword": "YYY", - ``` + ```bash + "adminUsername": "XXX", + "adminPassword": "YYY", + ``` 2. On line 41, for `osType`, type `Windows` or `Linux` to install either Windows Server 2016 Datacenter, or Ubuntu 16.04 as the operating system for the jumpbox. 3. Enter a shared key between the quotes in line 72, as shown below, then save the file. - ```bash - "sharedKey": "", - ``` + ```bash + "sharedKey": "", + ``` 4. Run `azbb` to deploy the simulated onprem environment as shown below. - ```bash - azbb -s -g hub-vnet-rg - l -p hub-vnet.json --deploy - ``` - > [!NOTE] - > If you decide to use a different resource group name (other than `hub-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. + ```bash + azbb -s -g hub-vnet-rg - l -p hub-vnet.json --deploy + ``` + > [!NOTE] + > If you decide to use a different resource group name (other than `hub-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. 5. Wait for the deployment to finish. This deployment creates a virtual network, a virtual machine, a VPN gateway, and a connection to the gateway created in the previous section. The VPN gateway creation can take more than 40 minutes to complete. @@ -184,15 +184,15 @@ To test conectivity from the simulated on-premises environment to the hub VNet u 1. From the Azure portal, navigate to the `onprem-jb-rg` resource group, then click on the `jb-vm1` virtual machine resource. -2. On the top left hand corner of your VM blade in the portal, click `Connect`, and follow the prompts to use remote desktop to connect to the VM. Make sure to use the username and password you specified in lines 36 and 37 in the `onprem.json` file. +2. On the top left hand corner of your VM blade in the portal, click `Connect`, and follow the prompts to use remote desktop to connect to the VM. Make sure to use the username and password you specified in lines 36 and 37 in the `onprem.json` file. 3. Open a PowerShell console in the VM, and use the `Test-NetConnection` cmdlet to verify that you can connect to the hub jumpbox VM as shown below. - ```powershell - Test-NetConnection 10.0.0.68 -CommonTCPPort RDP - ``` - > [!NOTE] - > By default, Windows Server VMs do not allow ICMP responses in Azure. If you want to use `ping` to test connectivity, you need to enable ICMP traffic in the Windows Advanced Firewall for each VM. + ```powershell + Test-NetConnection 10.0.0.68 -CommonTCPPort RDP + ``` + > [!NOTE] + > By default, Windows Server VMs do not allow ICMP responses in Azure. If you want to use `ping` to test connectivity, you need to enable ICMP traffic in the Windows Advanced Firewall for each VM. To test conectivity from the simulated on-premises environment to the hub VNet using Linux VMs, perform the following steps: @@ -202,17 +202,17 @@ To test conectivity from the simulated on-premises environment to the hub VNet u 3. From a Linux prompt, run `ssh` to connect to the simulated on-premises environment jumpbox witht the information you copied in step 2 above, as shown below. - ```bash - ssh @ - ``` + ```bash + ssh @ + ``` 4. Use the password you specified in line 37 in the `onprem.json` file to the connect to the VM. 5. Use the `ping` command to test connectivity to the hub jumpbox, as shown below. - ```bash - ping 10.0.0.68 - ``` + ```bash + ping 10.0.0.68 + ``` ### Azure spoke VNets @@ -220,31 +220,31 @@ To deploy the spoke VNets, perform the following steps. 1. Open the `spoke1.json` file and enter a username and password between the quotes in lines 47 and 48, as shown below, then save the file. - ```bash - "adminUsername": "XXX", - "adminPassword": "YYY", - ``` + ```bash + "adminUsername": "XXX", + "adminPassword": "YYY", + ``` 2. On line 49, for `osType`, type `Windows` or `Linux` to install either Windows Server 2016 Datacenter, or Ubuntu 16.04 as the operating system for the jumpbox. 3. Run `azbb` to deploy the first spoke VNet environment as shown below. - ```bash - azbb -s -g spoke1-vnet-rg - l -p spoke1.json --deploy - ``` + ```bash + azbb -s -g spoke1-vnet-rg - l -p spoke1.json --deploy + ``` - > [!NOTE] - > If you decide to use a different resource group name (other than `spoke1-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. + > [!NOTE] + > If you decide to use a different resource group name (other than `spoke1-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. -3. Repeat step 1 above for file `spoke2.json`. +4. Repeat step 1 above for file `spoke2.json`. -4. Run `azbb` to deploy the second spoke VNet environment as shown below. +5. Run `azbb` to deploy the second spoke VNet environment as shown below. - ```bash - azbb -s -g spoke2-vnet-rg - l -p spoke2.json --deploy - ``` - > [!NOTE] - > If you decide to use a different resource group name (other than `spoke2-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. + ```bash + azbb -s -g spoke2-vnet-rg - l -p spoke2.json --deploy + ``` + > [!NOTE] + > If you decide to use a different resource group name (other than `spoke2-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. ### Azure hub VNet peering to spoke VNets @@ -254,12 +254,12 @@ To create a peering connection from the hub VNet to the spoke VNets, perform the 2. Run `azbb` to deploy the first spoke VNet environment as shown below. - ```bash - azbb -s -g hub-vnet-rg - l -p hub-vnet-peering.json --deploy - ``` + ```bash + azbb -s -g hub-vnet-rg - l -p hub-vnet-peering.json --deploy + ``` - > [!NOTE] - > If you decide to use a different resource group name (other than `hub-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. + > [!NOTE] + > If you decide to use a different resource group name (other than `hub-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. ### Test connectivity @@ -267,14 +267,14 @@ To test conectivity from the simulated on-premises environment to the spoke VNet 1. From the Azure portal, navigate to the `onprem-jb-rg` resource group, then click on the `jb-vm1` virtual machine resource. -2. On the top left hand corner of your VM blade in the portal, click `Connect`, and follow the prompts to use remote desktop to connect to the VM. Make sure to use the username and password you specified in lines 36 and 37 in the `onprem.json` file. +2. On the top left hand corner of your VM blade in the portal, click `Connect`, and follow the prompts to use remote desktop to connect to the VM. Make sure to use the username and password you specified in lines 36 and 37 in the `onprem.json` file. 3. Open a PowerShell console in the VM, and use the `Test-NetConnection` cmdlet to verify that you can connect to the hub jumpbox VM as shown below. - ```powershell - Test-NetConnection 10.1.0.68 -CommonTCPPort RDP - Test-NetConnection 10.2.0.68 -CommonTCPPort RDP - ``` + ```powershell + Test-NetConnection 10.1.0.68 -CommonTCPPort RDP + Test-NetConnection 10.2.0.68 -CommonTCPPort RDP + ``` To test conectivity from the simulated on-premises environment to the spoke VNets using Linux VMs, perform the following steps: @@ -284,18 +284,18 @@ To test conectivity from the simulated on-premises environment to the spoke VNet 3. From a Linux prompt, run `ssh` to connect to the simulated on-premises environment jumpbox witht the information you copied in step 2 above, as shown below. - ```bash - ssh @ - ``` + ```bash + ssh @ + ``` -5. Use the password you specified in line 37 in the `onprem.json` file to the connect to the VM. +4. Use the password you specified in line 37 in the `onprem.json` file to the connect to the VM. -6. Use the `ping` command to test connectivity to the jumpbox VMs in each spoke, as shown below. +5. Use the `ping` command to test connectivity to the jumpbox VMs in each spoke, as shown below. - ```bash - ping 10.1.0.68 - ping 10.2.0.68 - ``` + ```bash + ping 10.1.0.68 + ping 10.2.0.68 + ``` ### Add connectivity between spokes @@ -303,17 +303,17 @@ If you want to allow spokes to connect to each other, you need to use a newtwork 1. Open the `hub-nva.json` file and enter a username and password between the quotes in lines 13 and 14, as shown below, then save the file. - ```bash - "adminUsername": "XXX", - "adminPassword": "YYY", - ``` + ```bash + "adminUsername": "XXX", + "adminPassword": "YYY", + ``` 2. Run `azbb` to deploy the NVA VM and user defined routes. - ```bash - azbb -s -g hub-nva-rg - l -p hub-nva.json --deploy - ``` - > [!NOTE] - > If you decide to use a different resource group name (other than `hub-nva-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. + ```bash + azbb -s -g hub-nva-rg - l -p hub-nva.json --deploy + ``` + > [!NOTE] + > If you decide to use a different resource group name (other than `hub-nva-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. diff --git a/docs/reference-architectures/hybrid-networking/index.md b/docs/reference-architectures/hybrid-networking/index.md index 189d9ec3dc2..8a60a795b9a 100644 --- a/docs/reference-architectures/hybrid-networking/index.md +++ b/docs/reference-architectures/hybrid-networking/index.md @@ -4,7 +4,9 @@ description: Recommended architectures for secure, robust network connections be layout: LandingPage --- + + # Connect an on-premises network to Azure diff --git a/docs/reference-architectures/hybrid-networking/shared-services.md b/docs/reference-architectures/hybrid-networking/shared-services.md index 85f1f1ce659..091aaec2894 100644 --- a/docs/reference-architectures/hybrid-networking/shared-services.md +++ b/docs/reference-architectures/hybrid-networking/shared-services.md @@ -103,9 +103,9 @@ Before you can deploy the reference architecture to your own subscription, you m 4. From a command prompt, bash prompt, or PowerShell prompt, login to your Azure account by using the command below, and follow the prompts. - ```bash - az login - ``` + ```bash + az login + ``` ### Deploy the simulated on-premises datacenter using azbb @@ -115,18 +115,18 @@ To deploy the simulated on-premises datacenter as an Azure VNet, follow these st 2. Open the `onprem.json` file and enter a username and password between the quotes in line 45 and 46, as shown below, then save the file. - ```bash - "adminUsername": "XXX", - "adminPassword": "YYY", - ``` + ```bash + "adminUsername": "XXX", + "adminPassword": "YYY", + ``` 3. Run `azbb` to deploy the simulated onprem environment as shown below. - ```bash - azbb -s -g onprem-vnet-rg - l -p onoprem.json --deploy - ``` - > [!NOTE] - > If you decide to use a different resource group name (other than `onprem-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. + ```bash + azbb -s -g onprem-vnet-rg - l -p onoprem.json --deploy + ``` + > [!NOTE] + > If you decide to use a different resource group name (other than `onprem-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. 4. Wait for the deployment to finish. This deployment creates a virtual network, a virtual machine running Windows, and a VPN gateway. The VPN gateway creation can take more than 40 minutes to complete. @@ -136,26 +136,26 @@ To deploy the hub VNet, and connect to the simulated on-premises VNet created ab 1. Open the `hub-vnet.json` file and enter a username and password between the quotes in line 50 and 51, as shown below. - ```bash - "adminUsername": "XXX", - "adminPassword": "YYY", - ``` + ```bash + "adminUsername": "XXX", + "adminPassword": "YYY", + ``` 2. On line 52, for `osType`, type `Windows` or `Linux` to install either Windows Server 2016 Datacenter, or Ubuntu 16.04 as the operating system for the jumpbox. 3. Enter a shared key between the quotes in line 83, as shown below, then save the file. - ```bash - "sharedKey": "", - ``` + ```bash + "sharedKey": "", + ``` 4. Run `azbb` to deploy the simulated onprem environment as shown below. - ```bash - azbb -s -g hub-vnet-rg - l -p hub-vnet.json --deploy - ``` - > [!NOTE] - > If you decide to use a different resource group name (other than `hub-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. + ```bash + azbb -s -g hub-vnet-rg - l -p hub-vnet.json --deploy + ``` + > [!NOTE] + > If you decide to use a different resource group name (other than `hub-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. 5. Wait for the deployment to finish. This deployment creates a virtual network, a virtual machine, a VPN gateway, and a connection to the gateway created in the previous section. The VPN gateway creation can take more than 40 minutes to complete. @@ -165,22 +165,22 @@ To deploy the ADDS domain controllers in Azure, perform the following steps. 1. Open the `hub-adds.json` file and enter a username and password between the quotes in lines 14 and 15, as shown below, then save the file. - ```bash - "adminUsername": "XXX", - "adminPassword": "YYY", - ``` + ```bash + "adminUsername": "XXX", + "adminPassword": "YYY", + ``` 2. Run `azbb` to deploy the ADDS domain controllers as shown below. - ```bash - azbb -s -g hub-adds-rg - l -p hub-adds.json --deploy - ``` + ```bash + azbb -s -g hub-adds-rg - l -p hub-adds.json --deploy + ``` - > [!NOTE] - > If you decide to use a different resource group name (other than `hub-adds-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. + > [!NOTE] + > If you decide to use a different resource group name (other than `hub-adds-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. - > [!NOTE] - > This part of the deployment may take several minutes, since it requires joining the two VMs to the domain hosted int he simulated on-premises datacenter, then installing AD DS on them. + > [!NOTE] + > This part of the deployment may take several minutes, since it requires joining the two VMs to the domain hosted int he simulated on-premises datacenter, then installing AD DS on them. ### NVA @@ -188,17 +188,17 @@ To deploy an NVA in the `dmz` subnet, perform the following steps: 1. Open the `hub-nva.json` file and enter a username and password between the quotes in lines 13 and 14, as shown below, then save the file. - ```bash - "adminUsername": "XXX", - "adminPassword": "YYY", - ``` + ```bash + "adminUsername": "XXX", + "adminPassword": "YYY", + ``` 2. Run `azbb` to deploy the NVA VM and user defined routes. - ```bash - azbb -s -g hub-nva-rg - l -p hub-nva.json --deploy - ``` - > [!NOTE] - > If you decide to use a different resource group name (other than `hub-nva-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. + ```bash + azbb -s -g hub-nva-rg - l -p hub-nva.json --deploy + ``` + > [!NOTE] + > If you decide to use a different resource group name (other than `hub-nva-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. ### Azure spoke VNets @@ -206,31 +206,31 @@ To deploy the spoke VNets, perform the following steps. 1. Open the `spoke1.json` file and enter a username and password between the quotes in lines 52 and 53, as shown below, then save the file. - ```bash - "adminUsername": "XXX", - "adminPassword": "YYY", - ``` + ```bash + "adminUsername": "XXX", + "adminPassword": "YYY", + ``` 2. On line 54, for `osType`, type `Windows` or `Linux` to install either Windows Server 2016 Datacenter, or Ubuntu 16.04 as the operating system for the jumpbox. 3. Run `azbb` to deploy the first spoke VNet environment as shown below. - ```bash - azbb -s -g spoke1-vnet-rg - l -p spoke1.json --deploy - ``` + ```bash + azbb -s -g spoke1-vnet-rg - l -p spoke1.json --deploy + ``` - > [!NOTE] - > If you decide to use a different resource group name (other than `spoke1-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. + > [!NOTE] + > If you decide to use a different resource group name (other than `spoke1-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. -3. Repeat step 1 above for file `spoke2.json`. +4. Repeat step 1 above for file `spoke2.json`. -4. Run `azbb` to deploy the second spoke VNet environment as shown below. +5. Run `azbb` to deploy the second spoke VNet environment as shown below. - ```bash - azbb -s -g spoke2-vnet-rg - l -p spoke2.json --deploy - ``` - > [!NOTE] - > If you decide to use a different resource group name (other than `spoke2-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. + ```bash + azbb -s -g spoke2-vnet-rg - l -p spoke2.json --deploy + ``` + > [!NOTE] + > If you decide to use a different resource group name (other than `spoke2-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. ### Azure hub VNet peering to spoke VNets @@ -240,12 +240,12 @@ To create a peering connection from the hub VNet to the spoke VNets, perform the 2. Run `azbb` to deploy the first spoke VNet environment as shown below. - ```bash - azbb -s -g hub-vnet-rg - l -p hub-vnet-peering.json --deploy - ``` + ```bash + azbb -s -g hub-vnet-rg - l -p hub-vnet-peering.json --deploy + ``` - > [!NOTE] - > If you decide to use a different resource group name (other than `hub-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. + > [!NOTE] + > If you decide to use a different resource group name (other than `hub-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. diff --git a/docs/reference-architectures/hybrid-networking/vpn.md b/docs/reference-architectures/hybrid-networking/vpn.md index eb4b6682ea0..bab84ae4c12 100644 --- a/docs/reference-architectures/hybrid-networking/vpn.md +++ b/docs/reference-architectures/hybrid-networking/vpn.md @@ -490,8 +490,11 @@ To deploy the solution, perform the following steps. [visio-download]: https://archcenter.azureedge.net/cdn/hybrid-network-architectures.vsdx [vpn-appliance-ipsec]: /azure/vpn-gateway/vpn-gateway-about-vpn-devices#ipsec-parameters + + + [azure-cli]: https://azure.microsoft.com/documentation/articles/xplat-cli-install/ [CIDR]: https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing [0]: ./images/vpn.png "Hybrid network spanning on-premises and Azure infrastructures" diff --git a/docs/reference-architectures/identity/adds-extend-domain.md b/docs/reference-architectures/identity/adds-extend-domain.md index 133f538f84f..3ffe3d3eab4 100644 --- a/docs/reference-architectures/identity/adds-extend-domain.md +++ b/docs/reference-architectures/identity/adds-extend-domain.md @@ -129,6 +129,7 @@ A solution is available on [GitHub][github] to deploy this reference architectur * Learn the best practices for [creating an Active Directory Federation Services (AD FS) infrastructure][adfs] in Azure. + [adds-resource-forest]: adds-forest.md [adfs]: adfs.md diff --git a/docs/reference-architectures/identity/adds-forest.md b/docs/reference-architectures/identity/adds-forest.md index d6a145af89b..f2724d42ad4 100644 --- a/docs/reference-architectures/identity/adds-forest.md +++ b/docs/reference-architectures/identity/adds-forest.md @@ -116,8 +116,8 @@ A solution is available on [GitHub][github] to deploy this reference architectur 5. If you are using the simulated on-premises configuration, configure the incoming trust relationship: - 1. Connect to the jump box (*ra-adtrust-mgmt-vm1* in the *ra-adtrust-security-rg* resource group). Log in as *testuser* with password *AweS0me@PW*. - 2. On the jump box open an RDP session on the first VM in the *contoso.com* domain (the on-premises domain). This VM has the IP address 192.168.0.4. The username is *contoso\testuser* with password *AweS0me@PW*. + 1. Connect to the jump box (ra-adtrust-mgmt-vm1 in the ra-adtrust-security-rg resource group). Log in as testuser with password AweS0me. + 2. On the jump box open an RDP session on the first VM in the contoso.com domain (the on-premises domain). This VM has the IP address 192.168.0.4. The username is contoso\testuser with password AweS0me. 3. Download the [incoming-trust.ps1][incoming-trust] script and run it to create the incoming trust from the *treyresearch.com* domain. 6. If you are using your own on-premises infrastructure: @@ -126,7 +126,7 @@ A solution is available on [GitHub][github] to deploy this reference architectur 2. Edit the script and replace the value of the `$TrustedDomainName` variable with the name of your own domain. 3. Run the script. -7. From the jump-box, connect to the first VM in the *treyresearch.com* domain (the domain in the cloud). This VM has the IP address 10.0.4.4. The username is *treyresearch\testuser* with password *AweS0me@PW*. +7. From the jump-box, connect to the first VM in the treyresearch.com domain (the domain in the cloud). This VM has the IP address 10.0.4.4. The username is treyresearch\testuser with password AweS0me. 8. Download the [outgoing-trust.ps1][outgoing-trust] script and run it to create the incoming trust from the *treyresearch.com* domain. If you are using your own on-premises machines, then edit the script first. Set the `$TrustedDomainName` variable to the name of your on-premises domain, and specify the IP addresses of the Active Directory DS servers for this domain in the `$TrustedDomainDnsIpAddresses` variable. @@ -138,6 +138,7 @@ A solution is available on [GitHub][github] to deploy this reference architectur * Learn the best practices for [creating an AD FS infrastructure][adfs] in Azure. + [adds-extend-domain]: adds-extend-domain.md [adfs]: adfs.md diff --git a/docs/reference-architectures/identity/adfs.md b/docs/reference-architectures/identity/adfs.md index 8272cf3c387..475f72be4df 100644 --- a/docs/reference-architectures/identity/adfs.md +++ b/docs/reference-architectures/identity/adfs.md @@ -248,7 +248,7 @@ A solution is available on [GitHub][github] to deploy this reference architectur 5. Restart the jump box (*ra-adfs-mgmt-vm1* in the *ra-adfs-security-rg* group) to allow its DNS settings to take effect. -6. [Obtain an SSL Certificate for AD FS][adfs_certificates] and install this certificate on the AD FS VMs. Note that you can connect to them through the jump box. The IP addresses are *10.0.5.4* and *10.0.5.5*. The default username is *contoso\testuser* with password *AweSome@PW*. +6. [Obtain an SSL Certificate for AD FS][adfs_certificates] and install this certificate on the AD FS VMs. Note that you can connect to them through the jump box. The IP addresses are 10.0.5.4 and 10.0.5.5. The default username is contoso\testuser with password AweSome. > [!NOTE] > The comments in the Deploy-ReferenceArchitecture.ps1 script at this point provides detailed instructions for creating a self-signed test certificate and authority using the `makecert` command. However, perform these steps as a **test** only and do not use the certificates generated by makecert in a production environment. @@ -261,7 +261,7 @@ A solution is available on [GitHub][github] to deploy this reference architectur .\Deploy-ReferenceArchitecture.ps1 Adfs ``` -8. On the jump box, browse to `https://adfs.contoso.com/adfs/ls/idpinitiatedsignon.htm` to test the AD FS installation (you may receive a certificate warning that you can ignore for this test). Verify that the Contoso Corporation sign-in page appears. Sign in as *contoso\testuser* with password *AweS0me@PW*. +8. On the jump box, browse to `https://adfs.contoso.com/adfs/ls/idpinitiatedsignon.htm` to test the AD FS installation (you may receive a certificate warning that you can ignore for this test). Verify that the Contoso Corporation sign-in page appears. Sign in as contoso\testuser with password AweS0me. 9. Install the SSL certificate on the AD FS proxy VMs. The IP addresses are *10.0.6.4* and *10.0.6.5*. @@ -287,6 +287,7 @@ A solution is available on [GitHub][github] to deploy this reference architectur * Learn about [Azure Active Directory B2C][aadb2c]. + [extending-ad-to-azure]: adds-extend-domain.md [vm-recommendations]: ../virtual-machines-windows/single-vm.md diff --git a/docs/reference-architectures/identity/index.md b/docs/reference-architectures/identity/index.md index f9edbaa4fff..f3c05b3e0fd 100644 --- a/docs/reference-architectures/identity/index.md +++ b/docs/reference-architectures/identity/index.md @@ -4,7 +4,9 @@ description: Explains and compares the different methods available for managing layout: LandingPage --- + + # Identity management diff --git a/docs/reference-architectures/index.md b/docs/reference-architectures/index.md index efe79cf7a0d..1180e19c554 100644 --- a/docs/reference-architectures/index.md +++ b/docs/reference-architectures/index.md @@ -4,7 +4,9 @@ description: Reference architectures, blueprints, and prescriptive implementatio layout: LandingPage --- + + # Azure Reference Architectures diff --git a/docs/reference-architectures/jenkins/index.md b/docs/reference-architectures/jenkins/index.md index 015a3418798..6e77567d53d 100644 --- a/docs/reference-architectures/jenkins/index.md +++ b/docs/reference-architectures/jenkins/index.md @@ -21,30 +21,30 @@ The focus of this document is on the core Azure operations needed to support Jen The architecture consists of the following components: -- **Resource group.** A [resource group][rg] is used to group Azure assets so they can be managed by lifetime, owner, and other criteria. Use resource groups to deploy and monitor Azure assets as a group and track billing costs by resource group. You can also delete resources as a set, which is very useful for test deployments. +- **Resource group.** A [resource group][rg] is used to group Azure assets so they can be managed by lifetime, owner, and other criteria. Use resource groups to deploy and monitor Azure assets as a group and track billing costs by resource group. You can also delete resources as a set, which is very useful for test deployments. -- **Jenkins server**. A virtual machine is deployed to run [Jenkins][azure-market] as an automation server and serve as Jenkins Master. This reference architecture uses the [solution template for Jenkins on Azure][solution], installed on a Linux (Ubuntu 16.04 LTS) virtual machine on Azure. Other Jenkins offerings are available in the Azure Marketplace. +- **Jenkins server**. A virtual machine is deployed to run [Jenkins][azure-market] as an automation server and serve as Jenkins Master. This reference architecture uses the [solution template for Jenkins on Azure][solution], installed on a Linux (Ubuntu 16.04 LTS) virtual machine on Azure. Other Jenkins offerings are available in the Azure Marketplace. - > [!NOTE] - > Nginx is installed on the VM to act as a reverse proxy to Jenkins. You can configure Nginx to enable SSL for the Jenkins server. - > - > + > [!NOTE] + > Nginx is installed on the VM to act as a reverse proxy to Jenkins. You can configure Nginx to enable SSL for the Jenkins server. + > + > -- **Virtual network**. A [virtual network][vnet] connects Azure resources to each other and provides logical isolation. In this architecture, the Jenkins server runs in a virtual network. +- **Virtual network**. A [virtual network][vnet] connects Azure resources to each other and provides logical isolation. In this architecture, the Jenkins server runs in a virtual network. -- **Subnets**. The Jenkins server is isolated in a [subnet][subnet] to make it easier to manage and segregate network traffic without impacting performance. +- **Subnets**. The Jenkins server is isolated in a [subnet][subnet] to make it easier to manage and segregate network traffic without impacting performance. -- **NSGs**. Use [network security groups][nsg] (NSGs) to restrict network traffic from the Internet to the subnet of a virtual network. +- NSGs. Use [network security groups][nsg] (NSGs) to restrict network traffic from the Internet to the subnet of a virtual network. -- **Managed disks**. A [managed disk][managed-disk] is a persistent virtual hard disk (VHD) used for application storage and also to maintain the state of the Jenkins server and provide disaster recovery. Data disks are stored in Azure Storage. For high performance, [premium storage][premium] is recommended. +- **Managed disks**. A [managed disk][managed-disk] is a persistent virtual hard disk (VHD) used for application storage and also to maintain the state of the Jenkins server and provide disaster recovery. Data disks are stored in Azure Storage. For high performance, [premium storage][premium] is recommended. -- **Azure Blob Storage**. The [Windows Azure Storage plugin][configure-storage] uses Azure Blob Storage to store the build artifacts that are created and shared with other Jenkins builds. +- **Azure Blob Storage**. The [Windows Azure Storage plugin][configure-storage] uses Azure Blob Storage to store the build artifacts that are created and shared with other Jenkins builds. -- **Azure Active Directory (Azure AD)**. [Azure AD][azure-ad] supports user authentication, allowing you to set up SSO. Azure AD [service principals][service-principal] define the policy and permissions for each role authorization in the workflow, using [role-based access control][rbac] (RBAC). Each service principal is associated with a Jenkins job. +- Azure Active Directory (Azure AD). [Azure AD][azure-ad] supports user authentication, allowing you to set up SSO. Azure AD [service principals][service-principal] define the policy and permissions for each role authorization in the workflow, using [role-based access control][rbac] (RBAC). Each service principal is associated with a Jenkins job. -- **Azure Key Vault.** To manage secrets and cryptographic keys used to provision Azure resources when secrets are required, this architecture uses [Key Vault][key-vault]. For added help storing secrets associated with the application in the pipeline, see also the [Azure Credentials][configure-credential] plugin for Jenkins. +- **Azure Key Vault.** To manage secrets and cryptographic keys used to provision Azure resources when secrets are required, this architecture uses [Key Vault][key-vault]. For added help storing secrets associated with the application in the pipeline, see also the [Azure Credentials][configure-credential] plugin for Jenkins. -- **Azure monitoring services**. This service [monitors][monitor] the Azure virtual machine hosting Jenkins. This deployment monitors the virtual machine status and CPU utilization and sends alerts. +- **Azure monitoring services**. This service [monitors][monitor] the Azure virtual machine hosting Jenkins. This deployment monitors the virtual machine status and CPU utilization and sends alerts. ## Recommendations @@ -148,7 +148,7 @@ The Jenkins server has its own user management system, and the Jenkins community Use resource groups to organize the Azure resources that are deployed. Deploy production environments and development/test environments in separate resource groups, so that you can monitor each environment’s resources and roll up billing costs by resource group. You can also delete resources as a set, which is very useful for test deployments. -Azure provides several features for [monitoring and diagnostics][monitoring-diag] of the overall infrastructure. To monitor CPU usage, this architecture deploys Azure Monitor. For example, you can use Azure Monitor to monitor CPU utilization, and send a notification if CPU usage exceeds 80 percent. (High CPU usage indicates that you might want to scale up the Jenkins server VM.) You can also notify a designated user if the VM fails or becomes unavailable. +Azure provides several features for [monitoring and diagnostics][monitoring-diag] of the overall infrastructure. To monitor CPU usage, this architecture deploys Azure Monitor. For example, you can use Azure Monitor to monitor CPU utilization, and send a notification if CPU usage exceeds 80 percent. (High CPU usage indicates that you might want to scale up the Jenkins server VM.) You can also notify a designated user if the VM fails or becomes unavailable. ## Communities diff --git a/docs/reference-architectures/virtual-machines-linux/index.md b/docs/reference-architectures/virtual-machines-linux/index.md index 99429647ac6..ed0c949c6c4 100644 --- a/docs/reference-architectures/virtual-machines-linux/index.md +++ b/docs/reference-architectures/virtual-machines-linux/index.md @@ -4,7 +4,9 @@ description: Explains some common architectures for deploying VMs that host ente layout: LandingPage --- + + # Linux VM workloads diff --git a/docs/reference-architectures/virtual-machines-linux/multi-region-application.md b/docs/reference-architectures/virtual-machines-linux/multi-region-application.md index 10b573efaac..f92dc4c024d 100644 --- a/docs/reference-architectures/virtual-machines-linux/multi-region-application.md +++ b/docs/reference-architectures/virtual-machines-linux/multi-region-application.md @@ -129,6 +129,7 @@ Measure the recovery times and verify they meet your business requirements. Test + [hybrid-vpn]: ../hybrid-networking/vpn.md [azure-dns]: /azure/dns/dns-overview [cassandra-in-azure]: https://academy.datastax.com/resources/deployment-guide-azure diff --git a/docs/reference-architectures/virtual-machines-linux/multi-vm.md b/docs/reference-architectures/virtual-machines-linux/multi-vm.md index 951fee2ea87..a80cf27f190 100644 --- a/docs/reference-architectures/virtual-machines-linux/multi-vm.md +++ b/docs/reference-architectures/virtual-machines-linux/multi-vm.md @@ -137,9 +137,9 @@ Before you can deploy the reference architecture to your own subscription, you m 4. From a command prompt, bash prompt, or PowerShell prompt, login to your Azure account by using one of the commands below, and follow the prompts. - ```bash - az login - ``` + ```bash + az login + ``` ### Deploy the solution using azbb @@ -149,16 +149,16 @@ To deploy the sample single VM workload, follow these steps: 2. Open the `multi-vm-v2.json` file and enter a username and SSH key between the quotes, as shown below, then save the file. - ```bash - "adminUsername": "", - "sshPublicKey": "", - ``` + ```bash + "adminUsername": "", + "sshPublicKey": "", + ``` 3. Run `azbb` to deploy the VMs as shown below. - ```bash - azbb -s -g -l -p multi-vm-v2.json --deploy - ``` + ```bash + azbb -s -g -l -p multi-vm-v2.json --deploy + ``` For more information on deploying this sample reference architecture, visit our [GitHub repository][git]. diff --git a/docs/reference-architectures/virtual-machines-linux/n-tier.md b/docs/reference-architectures/virtual-machines-linux/n-tier.md index 388ee1d2215..9517ab79397 100644 --- a/docs/reference-architectures/virtual-machines-linux/n-tier.md +++ b/docs/reference-architectures/virtual-machines-linux/n-tier.md @@ -29,7 +29,7 @@ There are many ways to implement an N-tier architecture. The diagram shows a typ * **Azure DNS**. [Azure DNS][azure-dns] is a hosting service for DNS domains, providing name resolution using Microsoft Azure infrastructure. By hosting your domains in Azure, you can manage your DNS records using the same credentials, APIs, tools, and billing as your other Azure services. * **Jumpbox.** Also called a [bastion host]. A secure VM on the network that administrators use to connect to the other VMs. The jumpbox has an NSG that allows remote traffic only from public IP addresses on a safe list. The NSG should permit secure shell (SSH) traffic. * **Monitoring.** Monitoring software such as [Nagios], [Zabbix], or [Icinga] can give you insight into response time, VM uptime, and the overall health of your system. Install the monitoring software on a VM that's placed in a separate management subnet. -* **NSGs.** Use [network security groups][nsg] (NSGs) to restrict network traffic within the VNet. For example, in the 3-tier architecture shown here, the database tier does not accept traffic from the web front end, only from the business tier and the management subnet. +* NSGs. Use [network security groups][nsg] (NSGs) to restrict network traffic within the VNet. For example, in the 3-tier architecture shown here, the database tier does not accept traffic from the web front end, only from the business tier and the management subnet. * **Apache Cassandra database**. Provides high availability at the data tier, by enabling replication and failover. ## Recommendations @@ -125,15 +125,15 @@ Before you can deploy the reference architecture to your own subscription, you m 3. Install the [Azure building blocks][azbb] npm package. - ```bash - npm install -g @mspnp/azure-building-blocks - ``` + ```bash + npm install -g @mspnp/azure-building-blocks + ``` 4. From a command prompt, bash prompt, or PowerShell prompt, login to your Azure account by using one of the commands below, and follow the prompts. - ```bash - az login - ``` + ```bash + az login + ``` ### Deploy the solution using azbb @@ -145,13 +145,14 @@ To deploy the Linux VMs for an N-tier application reference architecture, follow 3. Deploy the reference architecture using the **azbb** command line tool as shown below. - ```bash - azbb -s -g -l -p n-tier-linux.json --deploy - ``` + ```bash + azbb -s -g -l -p n-tier-linux.json --deploy + ``` For more information on deploying this sample reference architecture using Azure Building Blocks, visit the [GitHub repository][git]. + [multi-dc]: multi-region-application.md [dmz]: ../dmz/secure-vnet-dmz.md [multi-vm]: ./multi-vm.md diff --git a/docs/reference-architectures/virtual-machines-linux/single-vm.md b/docs/reference-architectures/virtual-machines-linux/single-vm.md index a03e29db581..ab4e5ad18ca 100644 --- a/docs/reference-architectures/virtual-machines-linux/single-vm.md +++ b/docs/reference-architectures/virtual-machines-linux/single-vm.md @@ -164,9 +164,9 @@ Before you can deploy the reference architecture to your own subscription, you m 4. From a command prompt, bash prompt, or PowerShell prompt, login to your Azure account by using one of the commands below, and follow the prompts. - ```bash - az login - ``` + ```bash + az login + ``` ### Deploy the solution using azbb @@ -176,16 +176,16 @@ To deploy the sample single VM workload, follow these steps: 2. Open the `single-vm-v2.json` file and enter a username and SSH public key between the quotes, as shown below, then save the file. - ```bash - "adminUsername": "", - "sshPublicKey": "", - ``` + ```bash + "adminUsername": "", + "sshPublicKey": "", + ``` 3. Run `azbb` to deploy the sample VM as shown below. - ```bash - azbb -s -g -l -p single-vm-v2.json --deploy - ``` + ```bash + azbb -s -g -l -p single-vm-v2.json --deploy + ``` For more information on deploying this sample reference architecture, visit our [GitHub repository][git]. @@ -195,6 +195,7 @@ For more information on deploying this sample reference architecture, visit our - Deploy [multiple VMs][multi-vm] in Azure. + [audit-logs]: https://azure.microsoft.com/blog/analyze-azure-audit-logs-in-powerbi-more/ [availability-set]: /azure/virtual-machines/virtual-machines-linux-manage-availability [azbb]: https://github.com/mspnp/template-building-blocks/wiki/Install-Azure-Building-Blocks diff --git a/docs/reference-architectures/virtual-machines-windows/index.md b/docs/reference-architectures/virtual-machines-windows/index.md index 00fced3863d..ae98e31216f 100644 --- a/docs/reference-architectures/virtual-machines-windows/index.md +++ b/docs/reference-architectures/virtual-machines-windows/index.md @@ -4,7 +4,9 @@ description: Explains some common architectures for deploying VMs that host ente layout: LandingPage --- + + # Windows VM workloads diff --git a/docs/reference-architectures/virtual-machines-windows/multi-region-application.md b/docs/reference-architectures/virtual-machines-windows/multi-region-application.md index 58f4705c00d..dfdb981d5cd 100644 --- a/docs/reference-architectures/virtual-machines-windows/multi-region-application.md +++ b/docs/reference-architectures/virtual-machines-windows/multi-region-application.md @@ -115,9 +115,9 @@ To configure the availability group: * Create a [Windows Server Failover Clustering][wsfc] (WSFC) cluster that includes the SQL Server instances in both regions. * Create a SQL Server Always On Availability Group that includes the SQL Server instances in both the primary and secondary regions. See [Extending Always On Availability Group to Remote Azure Datacenter (PowerShell)](https://blogs.msdn.microsoft.com/sqlcat/2014/09/22/extending-alwayson-availability-group-to-remote-azure-datacenter-powershell/) for the steps. - * Put the primary replica in the primary region. - * Put one or more secondary replicas in the primary region. Configure these to use synchronous commit with automatic failover. - * Put one or more secondary replicas in the secondary region. Configure these to use *asynchronous* commit, for performance reasons. (Otherwise, all T-SQL transactions have to wait on a round trip over the network to the secondary region.) + * Put the primary replica in the primary region. + * Put one or more secondary replicas in the primary region. Configure these to use synchronous commit with automatic failover. + * Put one or more secondary replicas in the secondary region. Configure these to use *asynchronous* commit, for performance reasons. (Otherwise, all T-SQL transactions have to wait on a round trip over the network to the secondary region.) > [!NOTE] > Asynchronous commit replicas do not support automatic failover. @@ -165,6 +165,7 @@ Measure the recovery times and verify they meet your business requirements. Test + [hybrid-vpn]: ../hybrid-networking/vpn.md [azure-dns]: /azure/dns/dns-overview [azure-sla]: https://azure.microsoft.com/support/legal/sla/ diff --git a/docs/reference-architectures/virtual-machines-windows/multi-vm.md b/docs/reference-architectures/virtual-machines-windows/multi-vm.md index 37e2e5b4454..fc0b3155a6c 100644 --- a/docs/reference-architectures/virtual-machines-windows/multi-vm.md +++ b/docs/reference-architectures/virtual-machines-windows/multi-vm.md @@ -137,9 +137,9 @@ Before you can deploy the reference architecture to your own subscription, you m 4. From a command prompt, bash prompt, or PowerShell prompt, login to your Azure account by using one of the commands below, and follow the prompts. - ```bash - az login - ``` + ```bash + az login + ``` ### Deploy the solution using azbb @@ -149,16 +149,16 @@ To deploy the sample single VM workload, follow these steps: 2. Open the `multi-vm-v2.json` file and enter a username and password between the quotes, as shown below, then save the file. - ```bash - "adminUsername": "", - "adminPassword": "", - ``` + ```bash + "adminUsername": "", + "adminPassword": "", + ``` 3. Run `azbb` to deploy the VMs as shown below. - ```bash - azbb -s -g -l -p multi-vm-v2.json --deploy - ``` + ```bash + azbb -s -g -l -p multi-vm-v2.json --deploy + ``` For more information on deploying this sample reference architecture, visit our [GitHub repository][git]. diff --git a/docs/reference-architectures/virtual-machines-windows/n-tier.md b/docs/reference-architectures/virtual-machines-windows/n-tier.md index eb5a84c0693..08b3452233f 100644 --- a/docs/reference-architectures/virtual-machines-windows/n-tier.md +++ b/docs/reference-architectures/virtual-machines-windows/n-tier.md @@ -30,7 +30,7 @@ There are many ways to implement an N-tier architecture. The diagram shows a typ * **Load balancers.** Use an [Internet-facing load balancer][load-balancer-external] to distribute incoming Internet traffic to the web tier, and an [internal load balancer][load-balancer-internal] to distribute network traffic from the web tier to the business tier. * **Jumpbox.** Also called a [bastion host]. A secure VM on the network that administrators use to connect to the other VMs. The jumpbox has an NSG that allows remote traffic only from public IP addresses on a safe list. The NSG should permit remote desktop (RDP) traffic. * **Monitoring.** Monitoring software such as [Nagios], [Zabbix], or [Icinga] can give you insight into response time, VM uptime, and the overall health of your system. Install the monitoring software on a VM that's placed in a separate management subnet. -* **NSGs.** Use [network security groups][nsg] (NSGs) to restrict network traffic within the VNet. For example, in the 3-tier architecture shown here, the database tier does not accept traffic from the web front end, only from the business tier and the management subnet. +* NSGs. Use [network security groups][nsg] (NSGs) to restrict network traffic within the VNet. For example, in the 3-tier architecture shown here, the database tier does not accept traffic from the web front end, only from the business tier and the management subnet. * **SQL Server Always On Availability Group.** Provides high availability at the data tier, by enabling replication and failover. * **Active Directory Domain Services (AD DS) Servers**. Prior to Windows Server 2016, SQL Server Always On Availability Groups must be joined to a domain. This is because Availability Groups depend on Windows Server Failover Cluster (WSFC) technology. Windows Server 2016 introduces the ability to create a Failover Cluster without Active Directory, in which case the AD DS servers are not required for this architecture. For more information, see [What's new in Failover Clustering in Windows Server 2016][wsfc-whats-new]. * **Azure DNS**. [Azure DNS][azure-dns] is a hosting service for DNS domains, providing name resolution using Microsoft Azure infrastructure. By hosting your domains in Azure, you can manage your DNS records using the same credentials, APIs, tools, and billing as your other Azure services. @@ -83,10 +83,10 @@ Configure the SQL Server Always On Availability Group as follows: 3. Create an availability group listener, and map the listener's DNS name to the IP address of an internal load balancer. 4. Create a load balancer rule for the SQL Server listening port (TCP port 1433 by default). The load balancer rule must enable *floating IP*, also called Direct Server Return. This causes the VM to reply directly to the client, which enables a direct connection to the primary replica. - > [!NOTE] - > When floating IP is enabled, the front-end port number must be the same as the back-end port number in the load balancer rule. - > - > + > [!NOTE] + > When floating IP is enabled, the front-end port number must be the same as the back-end port number in the load balancer rule. + > + > When a SQL client tries to connect, the load balancer routes the connection request to the primary replica. If there is a failover to another replica, the load balancer automatically routes subsequent requests to a new primary replica. For more information, see [Configure an ILB listener for SQL Server Always On Availability Groups][sql-alwayson-ilb]. @@ -142,15 +142,15 @@ Before you can deploy the reference architecture to your own subscription, you m 3. Install the [Azure building blocks][azbb] npm package. - ```bash - npm install -g @mspnp/azure-building-blocks - ``` + ```bash + npm install -g @mspnp/azure-building-blocks + ``` 4. From a command prompt, bash prompt, or PowerShell prompt, login to your Azure account by using one of the commands below, and follow the prompts. - ```bash - az login - ``` + ```bash + az login + ``` ### Deploy the solution using azbb @@ -160,23 +160,24 @@ To deploy the Windows VMs for an N-tier application reference architecture, foll 2. The parameter file specifies a default adminstrator user name and password for each VM in the deployment. You must change these before you deploy the reference architecture. Open the `n-tier-windows.json` file and replace each **adminUsername** and **adminPassword** field with your new settings. - > [!NOTE] - > There are multiple scripts that run during this deployment both in the **VirtualMachineExtension** objects and in the **extensions** settings for some of the **VirtualMachine** objects. Some of these scripts require the administrator user name and password that you have just changed. It's recommended that you review these scripts to ensure that you specified the correct credentials. The deployment may fail if you have not specified the correct credentials. - > - > + > [!NOTE] + > There are multiple scripts that run during this deployment both in the **VirtualMachineExtension** objects and in the **extensions** settings for some of the **VirtualMachine** objects. Some of these scripts require the administrator user name and password that you have just changed. It's recommended that you review these scripts to ensure that you specified the correct credentials. The deployment may fail if you have not specified the correct credentials. + > + > Save the file. 3. Deploy the reference architecture using the **azbb** command line tool as shown below. - ```bash - azbb -s -g -l -p n-tier-windows.json --deploy - ``` + ```bash + azbb -s -g -l -p n-tier-windows.json --deploy + ``` For more information on deploying this sample reference architecture using Azure Building Blocks, visit the [GitHub repository][git]. + [dmz]: ../dmz/secure-vnet-dmz.md [multi-dc]: multi-region-application.md [multi-vm]: multi-vm.md diff --git a/docs/reference-architectures/virtual-machines-windows/single-vm.md b/docs/reference-architectures/virtual-machines-windows/single-vm.md index 6c62aa0dc53..0a037676645 100644 --- a/docs/reference-architectures/virtual-machines-windows/single-vm.md +++ b/docs/reference-architectures/virtual-machines-windows/single-vm.md @@ -146,9 +146,9 @@ Before you can deploy the reference architecture to your own subscription, you m 4. From a command prompt, bash prompt, or PowerShell prompt, login to your Azure account by using one of the commands below, and follow the prompts. - ```bash - az login - ``` + ```bash + az login + ``` ### Deploy the solution using azbb @@ -158,16 +158,16 @@ To deploy the sample single VM workload, follow these steps: 2. Open the `single-vm-v2.json` file and enter a username and SSH key between the quotes, as shown below, then save the file. - ```bash - "adminUsername": "", - "adminPassword": "", - ``` + ```bash + "adminUsername": "", + "adminPassword": "", + ``` 3. Run `azbb` to deploy the sample VM as shown below. - ```bash - azbb -s -g -l -p single-vm-v2.json --deploy - ``` + ```bash + azbb -s -g -l -p single-vm-v2.json --deploy + ``` For more information on deploying this sample reference architecture, visit our [GitHub repository][git]. @@ -177,6 +177,7 @@ For more information on deploying this sample reference architecture, visit our - Deploy [multiple VMs][multi-vm] in Azure. + [audit-logs]: https://azure.microsoft.com/blog/analyze-azure-audit-logs-in-powerbi-more/ [availability-set]: /azure/virtual-machines/virtual-machines-windows-create-availability-set [azbb]: https://github.com/mspnp/template-building-blocks/wiki/Install-Azure-Building-Blocks diff --git a/docs/resiliency/failure-mode-analysis.md b/docs/resiliency/failure-mode-analysis.md index ac297d2f5e4..aebcd49c0e4 100644 --- a/docs/resiliency/failure-mode-analysis.md +++ b/docs/resiliency/failure-mode-analysis.md @@ -118,7 +118,7 @@ The default retry policy uses exponential back-off. To use a different retry pol ### Web or worker roles are unexpectedly being shut down. **Detection**. The [RoleEnvironment.Stopping][RoleEnvironment.Stopping] event is fired. -**Recovery**. Override the [RoleEntryPoint.OnStop][RoleEntryPoint.OnStop] method to gracefully clean up. For more information, see [The Right Way to Handle Azure OnStop Events][onstop-events] (blog). +Recovery. Override the [RoleEntryPoint.OnStop][RoleEntryPoint.OnStop] method to gracefully clean up. For more information, see [The Right Way to Handle Azure OnStop Events][onstop-events] (blog). ## Cosmos DB ### Reading data fails. diff --git a/docs/resiliency/high-availability-azure-applications.md b/docs/resiliency/high-availability-azure-applications.md index 8993bf86113..e6c497bc7d8 100644 --- a/docs/resiliency/high-availability-azure-applications.md +++ b/docs/resiliency/high-availability-azure-applications.md @@ -5,6 +5,7 @@ author: adamglick ms.date: 05/31/2017 --- [!INCLUDE [header](../_includes/header.md)] + # High availability for applications built on Microsoft Azure A highly available application absorbs fluctuations in availability, load, and temporary failures in dependent services and hardware. The application continues to perform acceptably, as defined by business requirements or application service-level agreements (SLAs). diff --git a/docs/resiliency/recovery-local-failures.md b/docs/resiliency/recovery-local-failures.md index 66dbc6f19f6..422dc06659c 100644 --- a/docs/resiliency/recovery-local-failures.md +++ b/docs/resiliency/recovery-local-failures.md @@ -5,6 +5,7 @@ author: adamglick ms.date: 08/18/2016 --- [!INCLUDE [header](../_includes/header.md)] + # Azure resiliency technical guidance: Recovery from local failures in Azure There are two primary threats to application availability: diff --git a/docs/resiliency/recovery-loss-azure-region.md b/docs/resiliency/recovery-loss-azure-region.md index 8ef10b9d69e..492ce00807d 100644 --- a/docs/resiliency/recovery-loss-azure-region.md +++ b/docs/resiliency/recovery-loss-azure-region.md @@ -5,6 +5,7 @@ author: adamglick ms.date: 08/18/2016 --- [!INCLUDE [header](../_includes/header.md)] + # Azure resiliency technical guidance: recovery from a region-wide service disruption Azure is divided physically and logically into units called regions. A region consists of one or more datacenters in close proximity. @@ -61,9 +62,13 @@ Geo-replication is included in current pricing for Azure Storage. This is called If a geo-failover occurs, this will be posted to the [Azure Service Health Dashboard](https://azure.microsoft.com/status/). Applications can implement an automated means of detecting this, however, by monitoring the geo-region for their storage account. This can be used to trigger other recovery operations, such as activation of compute resources in the geo-region where their storage moved to. You can perform a query for this from the service management API, by using [Get Storage Account Properties](https://msdn.microsoft.com/library/ee460802.aspx). The relevant properties are: primary-region + [Available|Unavailable] + DateTime + secondary-region + [Available|Unavailable] ### VM disks and geo-failover diff --git a/docs/resiliency/recovery-on-premises-azure.md b/docs/resiliency/recovery-on-premises-azure.md index 7ea38ea268b..0fe25e5ccbc 100644 --- a/docs/resiliency/recovery-on-premises-azure.md +++ b/docs/resiliency/recovery-on-premises-azure.md @@ -5,6 +5,7 @@ author: adamglick ms.date: 08/18/2016 --- [!INCLUDE [header](../_includes/header.md)] + # Azure resiliency technical guidance: Recovery from on-premises to Azure Azure provides a comprehensive set of services for enabling the extension of an on-premises datacenter to Azure for high availability and disaster recovery purposes: diff --git a/docs/service-fabric/migrate-from-cloud-services.md b/docs/service-fabric/migrate-from-cloud-services.md index 59ecbe58636..70c5bc03de7 100644 --- a/docs/service-fabric/migrate-from-cloud-services.md +++ b/docs/service-fabric/migrate-from-cloud-services.md @@ -26,8 +26,8 @@ Surveys is a multitenant application that allows customers to create surveys. Af Now Tailspin wants to move the Surveys application to a microservices architecture, using Service Fabric running on Azure. Because the application is already deployed as a Cloud Services application, Tailspin adopts a multi-phase approach: -1. Port the cloud services to Service Fabric, while minimizing changes to the application. -2. Optimize the application for Service Fabric, by moving to a microservices architecture. +1. Port the cloud services to Service Fabric, while minimizing changes to the application. +2. Optimize the application for Service Fabric, by moving to a microservices architecture. This article describes the first phase. A later article will describe the second phase. In a real-world project, it's likely that both stages would overlap. While porting to Service Fabric, you would also start to re-architect the application into micro-services. Later you might refine the architecture further, perhaps dividing coarse-grained services into smaller services. @@ -47,7 +47,7 @@ An in-depth discussion of microservices is beyond scope of this article, but her - **Small, focused teams**. Because the application is broken down into many small services, each service can be built by a small focused team. ## Why Service Fabric? - + Service Fabric is a good fit for a microservices architecture, because most of the features needed in a distributed system are built into Service Fabric, including: - **Cluster management**. Service Fabric automatically handles node failover, health monitoring, and other cluster management functions. @@ -149,6 +149,7 @@ In Cloud Services, a web or worker role exposes an HTTP endpoint by declaring it ```xml + @@ -158,6 +159,7 @@ Similarly, Service Fabric endpoints are declared in a service manifest: ```xml + @@ -256,8 +258,8 @@ The following diagram shows a cluster that separates front-end and back-end serv To implement this approach: -1. When you create the cluster, define two or more node types. -2. For each service, use [placement constraints][sf-placement-constraints] to assign the service to a node type. +1. When you create the cluster, define two or more node types. +2. For each service, use [placement constraints][sf-placement-constraints] to assign the service to a node type. When you deploy to Azure, each node type is deployed to a separate VM scale set. The Service Fabric cluster spans all node types. For more information, see [The relationship between Service Fabric node types and Virtual Machine Scale Sets][sf-node-types]. diff --git a/docs/service-fabric/refactor-migrated-app.md b/docs/service-fabric/refactor-migrated-app.md index 6d3720026e1..fb50b73e55c 100644 --- a/docs/service-fabric/refactor-migrated-app.md +++ b/docs/service-fabric/refactor-migrated-app.md @@ -146,6 +146,7 @@ The Surveys application code is available on [GitHub][sample-code]. If you are just getting started with [Azure Service Fabric][service-fabric], first set up your development environment then download the latest [Azure SDK][azure-sdk] and the [Azure Service Fabric SDK][service-fabric-sdk]. The SDK includes the OneBox cluster manager so you can deploy and test the Surveys application locally with full F5 debugging. + [azure-sdk]: https://azure.microsoft.com/downloads/archive-net-downloads/ [container-scenarios]: /azure/service-fabric/service-fabric-containers-overview [kestrel]: https://docs.microsoft.com/aspnet/core/fundamentals/servers/kestrel?tabs=aspnetcore2x