From cec6d257b3fe5c2ea02bc80f0e0cb4bc34dd1f45 Mon Sep 17 00:00:00 2001 From: VSC-Service-Account Date: Thu, 5 Apr 2018 18:40:25 +0000 Subject: [PATCH 1/3] CI Update --- docs/aws-professional/services.md | 276 +++++++++--------- docs/best-practices/retry-service-specific.md | 3 +- .../objects-as-parameters.md | 17 +- docs/checklist/dev-ops.md | 2 +- .../relational-data/data-warehousing.md | 18 +- .../online-analytical-processing.md | 11 +- .../online-transaction-processing.md | 39 +-- .../analytical-data-stores.md | 12 +- .../technology-choices/batch-processing.md | 5 +- .../technology-choices/cognitive-services.md | 56 ++-- .../technology-choices/data-storage.md | 19 +- .../technology-choices/search-options.md | 4 + .../technology-choices/stream-processing.md | 4 +- docs/docfx.json | 7 +- .../data-store-comparison.md | 66 ++--- docs/index.md | 4 +- docs/multitenant-identity/authorize.md | 1 - docs/multitenant-identity/run-the-app.md | 82 +++--- docs/patterns/category/availability.md | 10 +- docs/patterns/category/data-management.md | 22 +- .../category/design-implementation.md | 34 ++- .../category/management-monitoring.md | 24 +- docs/patterns/category/messaging.md | 16 +- .../category/performance-scalability.md | 26 +- docs/patterns/category/resiliency.md | 22 +- docs/patterns/category/security.md | 12 +- docs/patterns/health-endpoint-monitoring.md | 4 +- docs/patterns/index.liquid.md | 6 +- docs/patterns/index.md | 69 ++--- docs/patterns/leader-election.md | 4 +- docs/patterns/pipes-and-filters.md | 2 +- .../app-service-web-app/basic-web-app.md | 2 +- .../app-service-web-app/scalable-web-app.md | 2 +- docs/reference-architectures/dmz/nva-ha.md | 2 +- .../dmz/secure-vnet-hybrid.md | 2 +- .../hybrid-networking/hub-spoke.md | 160 +++++----- .../hybrid-networking/shared-services.md | 130 ++++----- .../identity/adds-forest.md | 6 +- docs/reference-architectures/identity/adfs.md | 4 +- docs/reference-architectures/jenkins/index.md | 28 +- .../virtual-machines-linux/multi-vm.md | 20 +- .../virtual-machines-linux/n-tier.md | 20 +- .../virtual-machines-linux/single-vm.md | 20 +- .../multi-region-application.md | 6 +- .../virtual-machines-windows/multi-vm.md | 20 +- .../virtual-machines-windows/n-tier.md | 36 +-- .../virtual-machines-windows/single-vm.md | 20 +- docs/resiliency/failure-mode-analysis.md | 2 +- .../high-availability-azure-applications.md | 1 + docs/resiliency/recovery-local-failures.md | 1 + docs/resiliency/recovery-loss-azure-region.md | 1 + docs/resiliency/recovery-on-premises-azure.md | 1 + 52 files changed, 696 insertions(+), 665 deletions(-) diff --git a/docs/aws-professional/services.md b/docs/aws-professional/services.md index 7a8243844d3..f19763bd9d9 100644 --- a/docs/aws-professional/services.md +++ b/docs/aws-professional/services.md @@ -31,50 +31,47 @@ For an overview of Azure for AWS users, see [Introduction to Azure for AWS profe ## Compute -| Area | AWS service | Azure service | Description | -|---------------------------------|---------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Virtual servers | Elastic Compute Cloud (EC2) Instances | [Azure Virtual Machines](https://azure.microsoft.com/services/virtual-machines/) | Virtual servers allow users to deploy, manage, and maintain OS and server software. Instance types provide combinations of CPU/RAM. Users pay for what they use with the flexibility to change sizes. | -| ** ** | Amazon Lightsail | [Azure Virtual Machines & Images](https://azure.microsoft.com/services/virtual-machines/) | Collection of virtual machine templates to select from when building out your virtual machine. | -| Container instances | EC2 Container Service (ECS) | [Azure Container Service](https://azure.microsoft.com/services/container-service/) | Azure Container Instances is the fastest and simplest way to run a container in Azure, without having to provision any virtual machines or adopt a higher-level orchestration service. | -| ** ** | EC2 Container Registry | [Azure Container Registry](https://azure.microsoft.com/services/container-registry/) | Allows customers to store Docker formatted images. Used to create all types of container deployments on Azure. -| Microservices / container orchestrators | Elastic Container Service for Kubernetes (EKS) | [Azure Container Service (AKS)](https://azure.microsoft.com/services/container-service/) | Deploy orchestrated containerized applications with Kubernetes. Simplify monitoring and cluster management through auto upgrades and a built-in operations console. | -|   | | [Service Fabric](https://azure.microsoft.com/services/service-fabric/) | A compute service that orchestrates and manages the execution, lifetime, and resilience of complex, inter-related code components that can be either stateless or stateful. | -|   | | [Azure Container Service (ACS)](/azure/container-service/) | Quickly deploy a production ready Kubernetes, DC/OS, or Docker Swarm cluster | -| Serverless | Lambda | [Azure Functions](https://azure.microsoft.com/services/functions/)

[Azure Event Grid](https://azure.microsoft.com/services/event-grid/) | Integrate systems and run backend processes in response to events or schedules without provisioning or managing servers. | -| ** ** | Lambda @ Edge | [Functions on Azure IoT Edge](/azure/iot-edge/tutorial-deploy-function) | Runs functions at the edge (directly on IoT devices) even with intermittent cloud connectivity. | -| Backend process logic |   | [Web Jobs](/azure/app-service-web/websites-webjobs-resources) | Provides an easy way to run background processes in an application context. | -| Batch computing | AWS Batch | [Azure Batch](https://azure.microsoft.com/services/batch/) | Run large-scale parallel and high-performance computing applications efficiently in the cloud. | -| Scalability | AWS Auto Scaling | [Virtual Machine Scale Sets](/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-overview)

[Azure App Service Scale Capability (PAAS)](https://azure.microsoft.com/documentation/articles/web-sites-scale/)

[Azure AutoScaling](/azure/app-service/app-service-environment-auto-scale) | Lets you automatically change the number of instances providing a particular compute workload. You set defined metric and thresholds that determine if the platform adds or removes instances. | - +| Area | AWS service | Azure service | Description | +|-----------------------------------------|------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Virtual servers | Elastic Compute Cloud (EC2) Instances | [Azure Virtual Machines](https://azure.microsoft.com/services/virtual-machines/) | Virtual servers allow users to deploy, manage, and maintain OS and server software. Instance types provide combinations of CPU/RAM. Users pay for what they use with the flexibility to change sizes. | +|   | Amazon Lightsail | [Azure Virtual Machines & Images](https://azure.microsoft.com/services/virtual-machines/) | Collection of virtual machine templates to select from when building out your virtual machine. | +| Container instances | EC2 Container Service (ECS) | [Azure Container Service](https://azure.microsoft.com/services/container-service/) | Azure Container Instances is the fastest and simplest way to run a container in Azure, without having to provision any virtual machines or adopt a higher-level orchestration service. | +|   | EC2 Container Registry | [Azure Container Registry](https://azure.microsoft.com/services/container-registry/) | Allows customers to store Docker formatted images. Used to create all types of container deployments on Azure. | +| Microservices / container orchestrators | Elastic Container Service for Kubernetes (EKS) | [Azure Container Service (AKS)](https://azure.microsoft.com/services/container-service/) | Deploy orchestrated containerized applications with Kubernetes. Simplify monitoring and cluster management through auto upgrades and a built-in operations console. | +|   | | [Service Fabric](https://azure.microsoft.com/services/service-fabric/) | A compute service that orchestrates and manages the execution, lifetime, and resilience of complex, inter-related code components that can be either stateless or stateful. | +|   | | [Azure Container Service (ACS)](/azure/container-service/) | Quickly deploy a production ready Kubernetes, DC/OS, or Docker Swarm cluster | +| Serverless | Lambda | [Azure Functions](https://azure.microsoft.com/services/functions/)

[Azure Event Grid](https://azure.microsoft.com/services/event-grid/) | Integrate systems and run backend processes in response to events or schedules without provisioning or managing servers. | +|   | Lambda @ Edge | [Functions on Azure IoT Edge](/azure/iot-edge/tutorial-deploy-function) | Runs functions at the edge (directly on IoT devices) even with intermittent cloud connectivity. | +| Backend process logic |   | [Web Jobs](/azure/app-service-web/websites-webjobs-resources) | Provides an easy way to run background processes in an application context. | +| Batch computing | AWS Batch | [Azure Batch](https://azure.microsoft.com/services/batch/) | Run large-scale parallel and high-performance computing applications efficiently in the cloud. | +| Scalability | AWS Auto Scaling | [Virtual Machine Scale Sets](/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-overview)

[Azure App Service Scale Capability (PAAS)](https://azure.microsoft.com/documentation/articles/web-sites-scale/)

[Azure AutoScaling](/azure/app-service/app-service-environment-auto-scale) | Lets you automatically change the number of instances providing a particular compute workload. You set defined metric and thresholds that determine if the platform adds or removes instances. | ## Storage -| Area | AWS service | Azure service | Description | -|------------------------------------|-----------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Object storage | Simple Storage Services (S3) | [Azure Storage—Block Blob (for content logs, files) (Standard—Hot)](/rest/api/storageservices/fileservices/understanding-block-blobs--append-blobs--and-page-blobs#about-block-blobs) | Object storage service, for use cases including cloud applications, content distribution, backup, archiving, disaster recovery, and big data analytics. | -| Virtual Server disk infrastructure | Elastic Block Store (EBS) | [Azure Storage Disk—Page Blobs (for VHDs or other random-write type data)](/rest/api/storageservices/fileservices/understanding-block-blobs--append-blobs--and-page-blobs#about-page-blobs)

[Azure Storage Disks—Premium Storage](https://azure.microsoft.com/services/storage/disks/) | SSD storage optimized for I/O intensive read/write operations. For use as high performance Azure virtual machine storage. | -| Shared file storage | Elastic File System | [Azure Files (file share between VMs)](https://azure.microsoft.com/services/storage/files/) | Provides a simple interface to create and configure file systems quickly, and share common files. It’s shared file storage without the need for a supporting virtual machine, and can be used with traditional protocols that access files over a network. | -| Archiving—cool storage | S3 Infrequent Access (IA) | [Azure Storage—Standard Cool](/azure/storage/blobs/storage-blob-storage-tiers) | Cool storage is a lower cost tier for storing data that is infrequently accessed and long-lived. | -| Archiving—cold storage | S3 Glacier | [Azure Storage-Standard Archive](/azure/storage/blobs/storage-blob-storage-tiers) | Archive storage has the lowest storage cost and higher data retrieval costs compared to hot and cool storage. | -| Backup | None | [Azure Backup](https://azure.microsoft.com/services/backup/) | Backup and archival solutions allow files and folders to be backed up and recovered from the cloud, and provide off-site protection against data loss. There are two components of backup—the software service that orchestrates backup/retrieval and the underlying backup storage infrastructure. | -| Hybrid storage | Storage Gateway | [StorSimple](https://azure.microsoft.com/services/storsimple/) | Integrates on-premises IT environments with cloud storage. Automates data management and storage, plus supports disaster recovery. | -| Bulk data transfer | AWS Import/Export Disk | [Import/Export](https://azure.microsoft.com/documentation/articles/storage-import-export-service/) | A data transport solution that uses secure disks and appliances to transfer large amounts of data. Also offers data protection during transit. | -| ** ** | AWS Import/Export Snowball

AWS Snowball Edge

AWS Snowmobile | [Azure Data Box](https://azure.microsoft.com/services/storage/databox/) | Petabyte- to Exabyte-scale data transport solution that uses secure data storage devices to transfer large amounts of data into and out of the AWS cloud, at lower cost than Internet-based transfers. | -| Disaster recovery | None | [Site Recovery](https://azure.microsoft.com/services/site-recovery/) | Automates protection and replication of virtual machines. Offers health monitoring, recovery plans, and recovery plan testing. | - +| Area | AWS service | Azure service | Description | +|------------------------------------|-------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Object storage | Simple Storage Services (S3) | [Azure Storage—Block Blob (for content logs, files) (Standard—Hot)](/rest/api/storageservices/fileservices/understanding-block-blobs--append-blobs--and-page-blobs#about-block-blobs) | Object storage service, for use cases including cloud applications, content distribution, backup, archiving, disaster recovery, and big data analytics. | +| Virtual Server disk infrastructure | Elastic Block Store (EBS) | [Azure Storage Disk—Page Blobs (for VHDs or other random-write type data)](/rest/api/storageservices/fileservices/understanding-block-blobs--append-blobs--and-page-blobs#about-page-blobs)

[Azure Storage Disks—Premium Storage](https://azure.microsoft.com/services/storage/disks/) | SSD storage optimized for I/O intensive read/write operations. For use as high performance Azure virtual machine storage. | +| Shared file storage | Elastic File System | [Azure Files (file share between VMs)](https://azure.microsoft.com/services/storage/files/) | Provides a simple interface to create and configure file systems quickly, and share common files. It’s shared file storage without the need for a supporting virtual machine, and can be used with traditional protocols that access files over a network. | +| Archiving—cool storage | S3 Infrequent Access (IA) | [Azure Storage—Standard Cool](/azure/storage/blobs/storage-blob-storage-tiers) | Cool storage is a lower cost tier for storing data that is infrequently accessed and long-lived. | +| Archiving—cold storage | S3 Glacier | [Azure Storage-Standard Archive](/azure/storage/blobs/storage-blob-storage-tiers) | Archive storage has the lowest storage cost and higher data retrieval costs compared to hot and cool storage. | +| Backup | None | [Azure Backup](https://azure.microsoft.com/services/backup/) | Backup and archival solutions allow files and folders to be backed up and recovered from the cloud, and provide off-site protection against data loss. There are two components of backup—the software service that orchestrates backup/retrieval and the underlying backup storage infrastructure. | +| Hybrid storage | Storage Gateway | [StorSimple](https://azure.microsoft.com/services/storsimple/) | Integrates on-premises IT environments with cloud storage. Automates data management and storage, plus supports disaster recovery. | +| Bulk data transfer | AWS Import/Export Disk | [Import/Export](https://azure.microsoft.com/documentation/articles/storage-import-export-service/) | A data transport solution that uses secure disks and appliances to transfer large amounts of data. Also offers data protection during transit. | +|   | AWS Import/Export Snowball

AWS Snowball Edge

AWS Snowmobile | [Azure Data Box](https://azure.microsoft.com/services/storage/databox/) | Petabyte- to Exabyte-scale data transport solution that uses secure data storage devices to transfer large amounts of data into and out of the AWS cloud, at lower cost than Internet-based transfers. | +| Disaster recovery | None | [Site Recovery](https://azure.microsoft.com/services/site-recovery/) | Automates protection and replication of virtual machines. Offers health monitoring, recovery plans, and recovery plan testing. | ## Networking and content delivery -| Area | AWS service | Azure service | Description | -|-------------------------------|------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Cloud virtual networking | Virtual Private Cloud (VPC) | [Virtual Network](https://azure.microsoft.com/services/virtual-network/) | Provides an isolated, private environment in the cloud. Users have control over their virtual networking environment, including selection of their own IP address range, creation of subnets, and configuration of route tables and network gateways. | -| Cross-premises connectivity | AWS VPN Gateway | [Azure VPN Gateway](/azure/vpn-gateway/vpn-gateway-about-vpngateways) | Azure VPN Gateways connect Azure virtual networks to other Azure virtual networks, or customer on-premises networks (Site To Site). It also allows end users to connect to Azure services through VPN tunneling (Point To Site). | -| Domain name system management | Route 53 | [Azure DNS](https://azure.microsoft.com/services/dns/) | Manage your DNS records using the same credentials and billing and support contract as your other Azure services | -| ** ** | Route 53 | [Traffic Manager](https://azure.microsoft.com/services/traffic-manager/) | A service that hosts domain names, plus routes users to Internet applications, connects user requests to datacenters, manages traffic to apps, and improves app availability with automatic failover. | -| Content delivery network | CloudFront | [Azure Content Delivery Network](https://azure.microsoft.com/services/cdn/) | A global content delivery network that delivers audio, video, applications, images, and other files. | -| Dedicated network | Direct Connect | [ExpressRoute](https://azure.microsoft.com/services/expressroute/) | Establishes a dedicated, private network connection from a location to the cloud provider (not over the Internet). | -| Load balancing | Classic Load Balancer

Network Load Balancer

Application Load Balancer | [Load Balancer](https://azure.microsoft.com/services/load-balancer/)

[Application Gateway](https://azure.microsoft.com/services/application-gateway/) | Automatically distributes incoming application traffic to add scale, handle failover, and route to a collection of resources. | - +| Area | AWS service | Azure service | Description | +|-------------------------------|---------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Cloud virtual networking | Virtual Private Cloud (VPC) | [Virtual Network](https://azure.microsoft.com/services/virtual-network/) | Provides an isolated, private environment in the cloud. Users have control over their virtual networking environment, including selection of their own IP address range, creation of subnets, and configuration of route tables and network gateways. | +| Cross-premises connectivity | AWS VPN Gateway | [Azure VPN Gateway](/azure/vpn-gateway/vpn-gateway-about-vpngateways) | Azure VPN Gateways connect Azure virtual networks to other Azure virtual networks, or customer on-premises networks (Site To Site). It also allows end users to connect to Azure services through VPN tunneling (Point To Site). | +| Domain name system management | Route 53 | [Azure DNS](https://azure.microsoft.com/services/dns/) | Manage your DNS records using the same credentials and billing and support contract as your other Azure services | +|   | Route 53 | [Traffic Manager](https://azure.microsoft.com/services/traffic-manager/) | A service that hosts domain names, plus routes users to Internet applications, connects user requests to datacenters, manages traffic to apps, and improves app availability with automatic failover. | +| Content delivery network | CloudFront | [Azure Content Delivery Network](https://azure.microsoft.com/services/cdn/) | A global content delivery network that delivers audio, video, applications, images, and other files. | +| Dedicated network | Direct Connect | [ExpressRoute](https://azure.microsoft.com/services/expressroute/) | Establishes a dedicated, private network connection from a location to the cloud provider (not over the Internet). | +| Load balancing | Classic Load Balancer

Network Load Balancer

Application Load Balancer | [Load Balancer](https://azure.microsoft.com/services/load-balancer/)

[Application Gateway](https://azure.microsoft.com/services/application-gateway/) | Automatically distributes incoming application traffic to add scale, handle failover, and route to a collection of resources. | ## Database @@ -89,128 +86,123 @@ For an overview of Azure for AWS users, see [Introduction to Azure for AWS profe ## Analytics and big data -| Area | AWS service | Azure service | Description | -|------------------------|-------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Elastic data warehouse | Redshift | [SQL Data Warehouse](https://azure.microsoft.com/services/sql-data-warehouse/) | A fully managed data warehouse that analyzes data using business intelligence tools. It can transact SQL queries across relational and nonrelational data. | -| Big data processing | Elastic MapReduce (EMR) | [HDInsight](https://azure.microsoft.com/services/hdinsight/) | Supports technologies that break up large data processing tasks into multiple jobs, and then combine the results to enable massive parallelism. | -| Data orchestration | Data Pipeline | [Data Factory](https://azure.microsoft.com/services/data-factory/) | Processes and moves data between different compute and storage services, as well as on-premises data sources at specified intervals. Users can create, schedule, orchestrate, and manage data pipelines. | -| ** ** | AWS Glue | [Data Factory](https://azure.microsoft.com/services/data-factory/)

[Data Catalog](https://azure.microsoft.com/services/data-catalog/) | Cloud-based ETL/data integration service that orchestrates and automates the movement and transformation of data from various sources. | -| Analytics | Kinesis Analytics | [Stream Analytics](https://azure.microsoft.com/services/stream-analytics/)

[Data Lake Analytics](https://azure.microsoft.com/services/data-lake-analytics/)

[Data Lake Store](https://azure.microsoft.com/services/data-lake-store/) | Storage and analysis platforms that create insights from large quantities of data, or data that originates from many sources. | -| Visualization | QuickSight (Preview) | [PowerBI](https://powerbi.microsoft.com/) | Business intelligence tools that build visualizations, perform ad hoc analysis, and develop business insights from data. | -| ** ** | None | [Power BI Embedded](https://azure.microsoft.com/services/power-bi-embedded/) | Allows visualization and data analysis tools to be embedded in applications. | -| Search | Elasticsearch Service | [Marketplace—Elasticsearch](https://azuremarketplace.microsoft.com/marketplace/apps?page=1&search=Elasticsearch) | A scalable search server based on Apache Lucene. | -| ** ** | CloudSearch | [Azure Search](https://azure.microsoft.com/services/search/) | Delivers full-text search and related search analytics and capabilities. | -| Machine learning | Machine Learning | [Azure Machine Learning Studio](https://azure.microsoft.com/services/machine-learning/)

[Azure Machine Learning Workbench](https://azure.microsoft.com/services/machine-learning-services/) | Produces an end-to-end workflow to create, process, refine, and publish predictive models that can be used to understand what might happen from complex data sets. | -| Data discovery | None | [Data Catalog](https://azure.microsoft.com/services/data-catalog/) | Provides the ability to better register, enrich, discover, understand, and consume data sources. | -| ** ** | Amazon Athena | [Azure Data Lake Analytics](https://azure.microsoft.com/services/data-lake-analytics/) | Provides a serverless interactive query service that uses standard SQL for analyzing databases. | - +| Area | AWS service | Azure service | Description | +|-------------------------|-------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Elastic data warehouse | Redshift | [SQL Data Warehouse](https://azure.microsoft.com/services/sql-data-warehouse/) | A fully managed data warehouse that analyzes data using business intelligence tools. It can transact SQL queries across relational and nonrelational data. | +| Big data processing | Elastic MapReduce (EMR) | [HDInsight](https://azure.microsoft.com/services/hdinsight/) | Supports technologies that break up large data processing tasks into multiple jobs, and then combine the results to enable massive parallelism. | +| Data orchestration | Data Pipeline | [Data Factory](https://azure.microsoft.com/services/data-factory/) | Processes and moves data between different compute and storage services, as well as on-premises data sources at specified intervals. Users can create, schedule, orchestrate, and manage data pipelines. | +|   | AWS Glue | [Data Factory](https://azure.microsoft.com/services/data-factory/)

[Data Catalog](https://azure.microsoft.com/services/data-catalog/) | Cloud-based ETL/data integration service that orchestrates and automates the movement and transformation of data from various sources. | +| Analytics | Kinesis Analytics | [Stream Analytics](https://azure.microsoft.com/services/stream-analytics/)

[Data Lake Analytics](https://azure.microsoft.com/services/data-lake-analytics/)

[Data Lake Store](https://azure.microsoft.com/services/data-lake-store/) | Storage and analysis platforms that create insights from large quantities of data, or data that originates from many sources. | +| Visualization | QuickSight (Preview) | [PowerBI](https://powerbi.microsoft.com/) | Business intelligence tools that build visualizations, perform ad hoc analysis, and develop business insights from data. | +|   | None | [Power BI Embedded](https://azure.microsoft.com/services/power-bi-embedded/) | Allows visualization and data analysis tools to be embedded in applications. | +| Search | Elasticsearch Service | [Marketplace—Elasticsearch](https://azuremarketplace.microsoft.com/marketplace/apps?page=1&search=Elasticsearch) | A scalable search server based on Apache Lucene. | +|   | CloudSearch | [Azure Search](https://azure.microsoft.com/services/search/) | Delivers full-text search and related search analytics and capabilities. | +| Machine learning | Machine Learning | [Azure Machine Learning Studio](https://azure.microsoft.com/services/machine-learning/)

[Azure Machine Learning Workbench](https://azure.microsoft.com/services/machine-learning-services/) | Produces an end-to-end workflow to create, process, refine, and publish predictive models that can be used to understand what might happen from complex data sets. | +| Data discovery | None | [Data Catalog](https://azure.microsoft.com/services/data-catalog/) | Provides the ability to better register, enrich, discover, understand, and consume data sources. | +|   | Amazon Athena | [Azure Data Lake Analytics](https://azure.microsoft.com/services/data-lake-analytics/) | Provides a serverless interactive query service that uses standard SQL for analyzing databases. | ## Intelligence -| Area | AWS service | Azure service | Description | -|-----------------------------------------------------------|--------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Conversational user interfaces virtual personal assistant | Alexa Skills Kits | [Cortana Intelligence Suite —Cortana Integration](https://azure.microsoft.com/suites/cortana-intelligence-suite/) | Services cover intelligence cognitive services, machine learning, analytics, information management, big data and dashboards and visualizations. | -| ** ** | | [Microsoft Bot Framework + Azure Bot Service](https://dev.botframework.com/) | Builds and connects intelligent bots that interact with your users using text/SMS, Skype, Teams, Slack, Office 365 mail, Twitter, and other popular services. | -| Speech recognition | Amazon Lex | [Bing Speech API](https://azure.microsoft.com/services/cognitive-services/speech/) | API capable of converting speech to text, understanding intent, and converting text back to speech for natural responsiveness. | -| ** ** | | [Language Understanding Intelligent Service (LUIS)](https://azure.microsoft.com/services/cognitive-services/language-understanding-intelligent-service/) | Allows your applications to understand user commands contextually. | -| ** ** | | [Speaker Recognition API](https://azure.microsoft.com/services/cognitive-services/speaker-recognition/) | Gives your app the ability to recognize individual speakers. | -| ** ** | | [Custom Recognition Intelligent Service (CRIS)](https://azure.microsoft.com/services/cognitive-services/custom-speech-service/) | Fine-tunes speech recognition to eliminate barriers such as speaking style, background noise, and vocabulary. | -| Text to Speech | Amazon Polly | [Bing Speech API](https://azure.microsoft.com/services/cognitive-services/speech/) | Enables both Speech to Text, and Text into Speech capabilities. | -| Visual recognition | Amazon Rekognition | [Computer Vision API](https://azure.microsoft.com/services/cognitive-services/computer-vision/) | Distills actionable information from images, generates captions and identifies objects in images. | -| ** ** | | [Face API](https://azure.microsoft.com/services/cognitive-services/face/) | Detects, identifies, analyzes, organizes, and tags faces in photos. | -| ** ** | | [Emotions API](https://azure.microsoft.com/services/cognitive-services/emotion/) | Recognizes emotions in images. | -| ** ** | | [Video API](https://www.microsoft.com/cognitive-services/video-api) | Intelligent video processing produces stable video output, detects motion, creates intelligent thumbnails, detects and tracks faces. | - +| Area | AWS service | Azure service | Description | +|-----------------------------------------------------------|--------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Conversational user interfaces virtual personal assistant | Alexa Skills Kits | [Cortana Intelligence Suite —Cortana Integration](https://azure.microsoft.com/suites/cortana-intelligence-suite/) | Services cover intelligence cognitive services, machine learning, analytics, information management, big data and dashboards and visualizations. | +|   | | [Microsoft Bot Framework + Azure Bot Service](https://dev.botframework.com/) | Builds and connects intelligent bots that interact with your users using text/SMS, Skype, Teams, Slack, Office 365 mail, Twitter, and other popular services. | +| Speech recognition | Amazon Lex | [Bing Speech API](https://azure.microsoft.com/services/cognitive-services/speech/) | API capable of converting speech to text, understanding intent, and converting text back to speech for natural responsiveness. | +|   | | [Language Understanding Intelligent Service (LUIS)](https://azure.microsoft.com/services/cognitive-services/language-understanding-intelligent-service/) | Allows your applications to understand user commands contextually. | +|   | | [Speaker Recognition API](https://azure.microsoft.com/services/cognitive-services/speaker-recognition/) | Gives your app the ability to recognize individual speakers. | +|   | | [Custom Recognition Intelligent Service (CRIS)](https://azure.microsoft.com/services/cognitive-services/custom-speech-service/) | Fine-tunes speech recognition to eliminate barriers such as speaking style, background noise, and vocabulary. | +| Text to Speech | Amazon Polly | [Bing Speech API](https://azure.microsoft.com/services/cognitive-services/speech/) | Enables both Speech to Text, and Text into Speech capabilities. | +| Visual recognition | Amazon Rekognition | [Computer Vision API](https://azure.microsoft.com/services/cognitive-services/computer-vision/) | Distills actionable information from images, generates captions and identifies objects in images. | +|   | | [Face API](https://azure.microsoft.com/services/cognitive-services/face/) | Detects, identifies, analyzes, organizes, and tags faces in photos. | +|   | | [Emotions API](https://azure.microsoft.com/services/cognitive-services/emotion/) | Recognizes emotions in images. | +|   | | [Video API](https://www.microsoft.com/cognitive-services/video-api) | Intelligent video processing produces stable video output, detects motion, creates intelligent thumbnails, detects and tracks faces. | ## Internet of things (IoT) -| Area | AWS service | Azure service | Description | -|--------------------|-----------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Internet of Things | AWS IoT Other Services (Kinesis, Machine Learning, EMR, Data Pipeline, SNS, QuickSight) | [Azure IoT Suite (IoT Hub, Machine Learning, Stream Analytics, Notification Hubs, PowerBI)](https://azure.microsoft.com/suites/iot-suite/) | Provides a preconfigured solution for monitoring, maintaining, and deploying common IoT scenarios. | -| ** ** | AWS IoT | [Azure IoT Hub](https://azure.microsoft.com/services/iot-hub/) | A cloud gateway for managing bidirectional communication with billions of IoT devices, securely and at scale. | -| Edge compute for IoT | AWS Greengrass | [Azure IoT Edge](https://azure.microsoft.com/services/iot-edge/) | Managed service that deploys cloud intelligence directly on IoT devices to run in on-prem scenarios. | -| Streaming data | Kinesis Firehose

Kinesis Streams | [Event Hubs](https://azure.microsoft.com/services/event-hubs/) | Services that allow the mass ingestion of small data inputs, typically from devices and sensors, to process and route the data. | - +| Area | AWS service | Azure service | Description | +|-------------------------|-----------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------| +| Internet of Things | AWS IoT Other Services (Kinesis, Machine Learning, EMR, Data Pipeline, SNS, QuickSight) | [Azure IoT Suite (IoT Hub, Machine Learning, Stream Analytics, Notification Hubs, PowerBI)](https://azure.microsoft.com/suites/iot-suite/) | Provides a preconfigured solution for monitoring, maintaining, and deploying common IoT scenarios. | +|   | AWS IoT | [Azure IoT Hub](https://azure.microsoft.com/services/iot-hub/) | A cloud gateway for managing bidirectional communication with billions of IoT devices, securely and at scale. | +| Edge compute for IoT | AWS Greengrass | [Azure IoT Edge](https://azure.microsoft.com/services/iot-edge/) | Managed service that deploys cloud intelligence directly on IoT devices to run in on-prem scenarios. | +| Streaming data | Kinesis Firehose

Kinesis Streams | [Event Hubs](https://azure.microsoft.com/services/event-hubs/) | Services that allow the mass ingestion of small data inputs, typically from devices and sensors, to process and route the data. | ## Management and monitoring -| Area | AWS service | Azure service | Description | -|-----------------------------------|-----------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Cloud advisor | Trusted Advisor | [Azure Advisor](https://azure.microsoft.com/services/advisor/) | Provides analysis of cloud resource configuration and security so subscribers can ensure they’re making use of best practices and optimum configurations. | -| Deployment orchestration (DevOps) | OpsWorks (Chef-based) | [Azure Automation](https://azure.microsoft.com/services/automation/) | Configures and operates applications of all shapes and sizes, and provides templates to create and manage a collection of resources. | -| ** ** | CloudFormation | [Azure Resource Manager](https://azure.microsoft.com/features/resource-manager/)

[VM extensions](https://azure.microsoft.com/documentation/articles/virtual-machines-windows-extensions-features/)

[Azure Automation](https://azure.microsoft.com/services/automation/) | Provides a way for users to automate the manual, long-running, error-prone, and frequently repeated IT tasks. | -| Management & monitoring (DevOps) | CloudWatch | [Azure portal](https://azure.microsoft.com/features/azure-portal/)

[Azure Monitor](https://azure.microsoft.com/services/monitor/) | A unified console that simplifies building, deploying, and managing your cloud resources. | -| ** ** | CloudWatch | [Azure Application Insights + Azure Monitor](https://azure.microsoft.com/services/application-insights/) | An extensible analytics service that helps you understand the performance and usage of your live web application. It's designed for developers, to help you continuously improve the performance and usability of your app. | -| ** ** | AWS X-Ray | [Azure Application Insights + Azure Monitor](https://azure.microsoft.com/services/application-insights/) | An extensible application performance management service for web developers on multiple platforms. You can use it to monitor your live web application, detect performance anomalies, and diagnose issues with your app. | -| ** ** | AWS Usage and Billing Report | [Azure Billing API](/azure/billing/billing-usage-rate-card-overview) | Services to help generate, monitor, forecast, and share billing data for resource usage by time, organization, or product resources. | -| ** ** | AWS Management Console | [Azure portal](https://azure.microsoft.com/features/azure-portal/) | A unified management console that simplifies building, deploying, and operating your cloud resources. | -| Administration | AWS Application Discovery Service | [Azure Log Analytics in Operations Management Suite](https://azure.microsoft.com/services/log-analytics) | Provides deeper insights into your application and workloads by collecting, correlating and visualizing all your machine data, such as event logs, network logs, performance data, and much more, from both on-premises and cloud assets. | -| ** ** | Amazon EC2 Systems Manager | [Microsoft Operations Management Suite—Automation and Control functionalities](https://www.microsoft.com/cloud-platform/operations-management-suite) | Enables continuous IT services and compliance through process automation and configuration management. You can transform complex and repetitive tasks with IT automation. | -| ** ** | AWS Personal Health Dashboard | [Azure Resource Health](/azure/resource-health/resource-health-overview) | Provides detailed information about the health of resources as well as recommended actions for maintaining resource health. | -| ** ** | Third Party | [Azure Storage Explorer](http://storageexplorer.com/) | Standalone app from Microsoft that allows you to easily work with Azure Storage data on Windows, Mac OS, and Linux. | - +| Area | AWS service | Azure service | Description | +|-----------------------------------|-----------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Cloud advisor | Trusted Advisor | [Azure Advisor](https://azure.microsoft.com/services/advisor/) | Provides analysis of cloud resource configuration and security so subscribers can ensure they’re making use of best practices and optimum configurations. | +| Deployment orchestration (DevOps) | OpsWorks (Chef-based) | [Azure Automation](https://azure.microsoft.com/services/automation/) | Configures and operates applications of all shapes and sizes, and provides templates to create and manage a collection of resources. | +|   | CloudFormation | [Azure Resource Manager](https://azure.microsoft.com/features/resource-manager/)

[VM extensions](https://azure.microsoft.com/documentation/articles/virtual-machines-windows-extensions-features/)

[Azure Automation](https://azure.microsoft.com/services/automation/) | Provides a way for users to automate the manual, long-running, error-prone, and frequently repeated IT tasks. | +| Management & monitoring (DevOps) | CloudWatch | [Azure portal](https://azure.microsoft.com/features/azure-portal/)

[Azure Monitor](https://azure.microsoft.com/services/monitor/) | A unified console that simplifies building, deploying, and managing your cloud resources. | +|   | CloudWatch | [Azure Application Insights + Azure Monitor](https://azure.microsoft.com/services/application-insights/) | An extensible analytics service that helps you understand the performance and usage of your live web application. It's designed for developers, to help you continuously improve the performance and usability of your app. | +|   | AWS X-Ray | [Azure Application Insights + Azure Monitor](https://azure.microsoft.com/services/application-insights/) | An extensible application performance management service for web developers on multiple platforms. You can use it to monitor your live web application, detect performance anomalies, and diagnose issues with your app. | +|   | AWS Usage and Billing Report | [Azure Billing API](/azure/billing/billing-usage-rate-card-overview) | Services to help generate, monitor, forecast, and share billing data for resource usage by time, organization, or product resources. | +|   | AWS Management Console | [Azure portal](https://azure.microsoft.com/features/azure-portal/) | A unified management console that simplifies building, deploying, and operating your cloud resources. | +| Administration | AWS Application Discovery Service | [Azure Log Analytics in Operations Management Suite](https://azure.microsoft.com/services/log-analytics) | Provides deeper insights into your application and workloads by collecting, correlating and visualizing all your machine data, such as event logs, network logs, performance data, and much more, from both on-premises and cloud assets. | +|   | Amazon EC2 Systems Manager | [Microsoft Operations Management Suite—Automation and Control functionalities](https://www.microsoft.com/cloud-platform/operations-management-suite) | Enables continuous IT services and compliance through process automation and configuration management. You can transform complex and repetitive tasks with IT automation. | +|   | AWS Personal Health Dashboard | [Azure Resource Health](/azure/resource-health/resource-health-overview) | Provides detailed information about the health of resources as well as recommended actions for maintaining resource health. | +|   | Third Party | [Azure Storage Explorer](http://storageexplorer.com/) | Standalone app from Microsoft that allows you to easily work with Azure Storage data on Windows, Mac OS, and Linux. | ## Mobile services -| Area | AWS service | Azure service | Description | -|--------------------------------|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Pro app development | Mobile Hub | [Mobile Apps](https://azure.microsoft.com/services/app-service/mobile/)

[Xamarin Apps](https://azure.microsoft.com/features/xamarin/) | Provides backend mobile services for rapid development of mobile solutions, identity management, data synchronization, and storage and notifications across devices. | -| ** ** | Mobile SDK | [Mobile Apps](https://azure.microsoft.com/services/app-service/mobile/) | Provides the technology to rapidly build cross-platform and native apps for mobile devices. | -| ** ** | Cognito | [Mobile Apps](https://azure.microsoft.com/services/app-service/mobile/) | Provides authentication capabilities for mobile applications. | -| App testing | AWS Device Farm | [Xamarin Test Cloud (front end)](https://www.xamarin.com/test-cloud) | Provides services to support testing mobile applications. | -| Analytics | Mobile Analytics | [HockeyApp](https://azure.microsoft.com/services/hockeyapp/)

[Application Insights](https://azure.microsoft.com/services/application-insights/) | Supports monitoring, and feedback collection for the debugging and analysis of a mobile application service quality. | -| Enterprise mobility management | None | [Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) | Provides mobile device management, mobile application management, and PC management capabilities from the cloud. | - +| Area | AWS service | Azure service | Description | +|--------------------------------|------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Pro app development | Mobile Hub | [Mobile Apps](https://azure.microsoft.com/services/app-service/mobile/)

[Xamarin Apps](https://azure.microsoft.com/features/xamarin/) | Provides backend mobile services for rapid development of mobile solutions, identity management, data synchronization, and storage and notifications across devices. | +|   | Mobile SDK | [Mobile Apps](https://azure.microsoft.com/services/app-service/mobile/) | Provides the technology to rapidly build cross-platform and native apps for mobile devices. | +|   | Cognito | [Mobile Apps](https://azure.microsoft.com/services/app-service/mobile/) | Provides authentication capabilities for mobile applications. | +| App testing | AWS Device Farm | [Xamarin Test Cloud (front end)](https://www.xamarin.com/test-cloud) | Provides services to support testing mobile applications. | +| Analytics | Mobile Analytics | [HockeyApp](https://azure.microsoft.com/services/hockeyapp/)

[Application Insights](https://azure.microsoft.com/services/application-insights/) | Supports monitoring, and feedback collection for the debugging and analysis of a mobile application service quality. | +| Enterprise mobility management | None | [Intune](https://www.microsoft.com/cloud-platform/microsoft-intune) | Provides mobile device management, mobile application management, and PC management capabilities from the cloud. | ## Security, identity, and access -| Area | AWS service | Azure service | Description | -|----------------------------------|----------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Authentication and authorization | Identity and Access Management (IAM) | [Azure Active Directory](https://azure.microsoft.com/documentation/articles/role-based-access-control-configure/)

[Azure Active Directory Premium](https://www.microsoft.com/cloud-platform/azure-active-directory) | Allows users to securely control access to services and resources while offering data security and protection. Create and manage users and groups, and use permissions to allow and deny access to resources. | -| ** ** | AWS Organizations | [Azure Subscription and Service Management + Azure RBAC](/azure/azure-subscription-service-limits) | Security policy and role management for working with multiple accounts. | -| ** ** | Multi-Factor Authentication | [Multi-Factor Authentication](https://azure.microsoft.com/services/multi-factor-authentication/) | Helps safeguard access to data and applications while meeting user demand for a simple sign-in process. It delivers strong authentication with a range of verification options, allowing users to choose the method they prefer. | -| Information protection | None | [Azure Information Protection](https://www.microsoft.com/cloud-platform/azure-information-protection) | Service to help control and secure email, documents, and sensitive data that you share outside your company walls. | -| Encryption | Server-side encryption with Amazon S3 Key Management Service | [Azure Storage Service Encryption](/azure/storage/storage-service-encryption) | Helps you protect and safeguard your data and meet your organizational security and compliance commitments. | -| ** ** | Key Management Service

CloudHSM | [Key Vault](https://azure.microsoft.com/services/key-vault/) | Provides security solution and works with other services by providing a way to manage, create, and control encryption keys stored in hardware security modules (HSM). | -| Firewall | Web Application Firewall | [Application Gateway Web Application Firewall (preview)](https://azure.microsoft.com/updates/application-gateway-web-application-firewall-in-public-preview/) | A firewall that protects web applications from common web exploits. Users can define customizable web security rules. | -| Security | Inspector | [Security Center](https://azure.microsoft.com/services/security-center/) | An automated security assessment service that improves the security and compliance of applications. Automatically assess applications for vulnerabilities or deviations from best practices. | -| ** ** | Certificate Manager | [App Service Certificates available on the Portal](https://azure.microsoft.com/blog/internals-of-app-service-certificate/) | Service that allows customers to create, manage and consume certificates seamlessly in the cloud. | -| Directory services | AWS Directory Service + Windows Server Active Directory on AWS | [Azure Active Directory Domain Services + Windows Server Active Directory on Azure IaaS](https://azure.microsoft.com/services/active-directory/) | Comprehensive identity and access management cloud solution that provides a robust set of capabilities to manage users and groups. It helps secure access to on-premises and cloud applications, including Microsoft online services like Office 365 and many non-Microsoft SaaS applications. | -| ** ** | Cognito | [Azure Active Directory B2C](https://azure.microsoft.com/services/active-directory-b2c/) | A highly available, global, identity management service for consumer-facing applications that scales to hundreds of millions of identities. | -| ** ** | AWS Directory Service | [Windows Server Active Directory](https://azure.microsoft.com/services/active-directory-ds/) | Services for supporting Microsoft Active Directory in the cloud. | -| Compliance | AWS Artifact | [Microsoft Service Trust Portal](https://www.microsoft.com/TrustCenter/STP/default.aspx) | Provides access to audit reports, compliance guides, and trust documents from across cloud services. | -| Security | AWS Shield | [Azure DDos Protection Service (Preview)](https://azure.microsoft.com/blog/azure-ddos-protection-service-preview/) | Provides cloud services with protection from distributed denial of services (DDoS) attacks. | - +| Area | AWS service | Azure service | Description | +|----------------------------------|----------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Authentication and authorization | Identity and Access Management (IAM) | [Azure Active Directory](https://azure.microsoft.com/documentation/articles/role-based-access-control-configure/)

[Azure Active Directory Premium](https://www.microsoft.com/cloud-platform/azure-active-directory) | Allows users to securely control access to services and resources while offering data security and protection. Create and manage users and groups, and use permissions to allow and deny access to resources. | +|   | AWS Organizations | [Azure Subscription and Service Management + Azure RBAC](/azure/azure-subscription-service-limits) | Security policy and role management for working with multiple accounts. | +|   | Multi-Factor Authentication | [Multi-Factor Authentication](https://azure.microsoft.com/services/multi-factor-authentication/) | Helps safeguard access to data and applications while meeting user demand for a simple sign-in process. It delivers strong authentication with a range of verification options, allowing users to choose the method they prefer. | +| Information protection | None | [Azure Information Protection](https://www.microsoft.com/cloud-platform/azure-information-protection) | Service to help control and secure email, documents, and sensitive data that you share outside your company walls. | +| Encryption | Server-side encryption with Amazon S3 Key Management Service | [Azure Storage Service Encryption](/azure/storage/storage-service-encryption) | Helps you protect and safeguard your data and meet your organizational security and compliance commitments. | +|   | Key Management Service

CloudHSM | [Key Vault](https://azure.microsoft.com/services/key-vault/) | Provides security solution and works with other services by providing a way to manage, create, and control encryption keys stored in hardware security modules (HSM). | +| Firewall | Web Application Firewall | [Application Gateway Web Application Firewall (preview)](https://azure.microsoft.com/updates/application-gateway-web-application-firewall-in-public-preview/) | A firewall that protects web applications from common web exploits. Users can define customizable web security rules. | +| Security | Inspector | [Security Center](https://azure.microsoft.com/services/security-center/) | An automated security assessment service that improves the security and compliance of applications. Automatically assess applications for vulnerabilities or deviations from best practices. | +|   | Certificate Manager | [App Service Certificates available on the Portal](https://azure.microsoft.com/blog/internals-of-app-service-certificate/) | Service that allows customers to create, manage and consume certificates seamlessly in the cloud. | +| Directory services | AWS Directory Service + Windows Server Active Directory on AWS | [Azure Active Directory Domain Services + Windows Server Active Directory on Azure IaaS](https://azure.microsoft.com/services/active-directory/) | Comprehensive identity and access management cloud solution that provides a robust set of capabilities to manage users and groups. It helps secure access to on-premises and cloud applications, including Microsoft online services like Office 365 and many non-Microsoft SaaS applications. | +|   | Cognito | [Azure Active Directory B2C](https://azure.microsoft.com/services/active-directory-b2c/) | A highly available, global, identity management service for consumer-facing applications that scales to hundreds of millions of identities. | +|   | AWS Directory Service | [Windows Server Active Directory](https://azure.microsoft.com/services/active-directory-ds/) | Services for supporting Microsoft Active Directory in the cloud. | +| Compliance | AWS Artifact | [Microsoft Service Trust Portal](https://www.microsoft.com/TrustCenter/STP/default.aspx) | Provides access to audit reports, compliance guides, and trust documents from across cloud services. | +| Security | AWS Shield | [Azure DDos Protection Service (Preview)](https://azure.microsoft.com/blog/azure-ddos-protection-service-preview/) | Provides cloud services with protection from distributed denial of services (DDoS) attacks. | ## Developer tools -| Area | AWS service | Azure service | Description | -|--------------------------------------|----------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Media transcoding | Elastic Transcoder | [Media Services](https://azure.microsoft.com/services/media-services/) | Services that offer broadcast-quality video streaming services, including various transcoding technologies. | -| Email | Simple Email Service (SES) | [Marketplace—Email](https://azuremarketplace.microsoft.com/marketplace/apps?page=1&search=Email) | Services for integrating email functionality into applications. | -| Messaging | Simple Queue Service (SQS) | [Azure Queue Storage](https://azure.microsoft.com/services/storage/queues/) | Provides a managed message queueing service for communicating between decoupled application components. | -| Messaging | Simple Queue Service (SQS) | [Service Bus Queues, Topics, Relays](/azure/service-bus-messaging/service-bus-queues-topics-subscriptions) | Supports a set of cloud-based, message-oriented middleware technologies including reliable message queuing and durable publish/subscribe messaging. | -| Workflow | Simple Workflow Service (SWF) | [Logic Apps](https://azure.microsoft.com/services/logic-apps/) | Serverless technology for connecting apps, data and devices anywhere—on-premises or in the cloud for large ecosystems of SaaS and cloud based connectors. | -| API management | API Gateway | [API Management](https://azure.microsoft.com/services/api-management/) | A turnkey solution for publishing APIs to external and internal consumers. | -| ** ** | Elastic Beanstalk | [Web Apps (App Service)](https://azure.microsoft.com/services/app-service/web/)

[Cloud Services](https://azure.microsoft.com/services/cloud-services/)

[API Apps (App Service)](https://azure.microsoft.com/services/app-service/api/) | Managed hosting platforms providing easy to use services for deploying and scaling web applications and services. | -| ** ** | CodeDeploy

CodeCommit

CodePipeline | [Visual Studio Team Services](https://www.visualstudio.com/team-services/) | Developer tools for scripting application deployment. | -| ** ** | AWS Developer Tools | [Azure Developer Tools](https://azure.microsoft.com/tools/) | Collection of tools for building, debugging, deploying, diagnosing, and managing multi-platform, scalable apps and services. | -| ** ** |   | [Power Apps](https://powerapps.microsoft.com/) | Technology to rapidly build business solutions, connecting to existing services and data sources such as Excel, SharePoint, Dynamics 365, and more using a visual designer. | -| App testing | None | [Azure DevTest Labs (backend)](https://azure.microsoft.com/solutions/dev-test/) | Testing technology to build out heterogeneous solutions for testing cross-platform functionality to your dev/test environment. Integrates to a full DevOps Continuous Integration/Deployment with Visual Studio Online service and 3rd parties such as Jenkins, Chef, Puppet, CloudTest Lite, Octopus Deploy, and others. | -| App customer payment service | Amazon Flexible Payment Service and Amazon Dev Pay | None | Cloud service that provides developers a payment service for their cloud based applications. | -| Game development (cloud-based tools) | GameLift | None | AWS managed service for hosting dedicated game servers. | -| ** ** | Lumberyard | None | Game engine integrated with AWS and Twitch. | -| DevOps | AWS CodeBuild | [Visual Studio Team Services](https://azure.microsoft.com/services/visual-studio-team-services/) | Fully managed build service that supports continuous integration and deployment. | -| Backend process logic | AWS Step Functions | [Logic Apps](https://azure.microsoft.com/services/logic-apps/) | Cloud technology to build distributed applications using out-of-the-box connectors to reduce integration challenges. Connect apps, data and devices on-premises or in the cloud. | -| Programmatic access | Command Line Interface | [Azure Command Line Interface (CLI)](https://azure.microsoft.com/documentation/articles/xplat-cli-install/)

[Azure PowerShell](https://azure.microsoft.com/documentation/articles/powershell-install-configure/) | Built on top of the native REST API across all cloud services, various programming language-specific wrappers provide easier ways to create solutions. | -| Predefined templates | AWS Quick Start | [Azure Quickstart templates](https://azure.microsoft.com/documentation/templates/) | Community-led templates for creating and deploying virtual machine–based solutions. | +| Area | AWS service | Azure service | Description | +|--------------------------------------|--------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Media transcoding | Elastic Transcoder | [Media Services](https://azure.microsoft.com/services/media-services/) | Services that offer broadcast-quality video streaming services, including various transcoding technologies. | +| Email | Simple Email Service (SES) | [Marketplace—Email](https://azuremarketplace.microsoft.com/marketplace/apps?page=1&search=Email) | Services for integrating email functionality into applications. | +| Messaging | Simple Queue Service (SQS) | [Azure Queue Storage](https://azure.microsoft.com/services/storage/queues/) | Provides a managed message queueing service for communicating between decoupled application components. | +| Messaging | Simple Queue Service (SQS) | [Service Bus Queues, Topics, Relays](/azure/service-bus-messaging/service-bus-queues-topics-subscriptions) | Supports a set of cloud-based, message-oriented middleware technologies including reliable message queuing and durable publish/subscribe messaging. | +| Workflow | Simple Workflow Service (SWF) | [Logic Apps](https://azure.microsoft.com/services/logic-apps/) | Serverless technology for connecting apps, data and devices anywhere—on-premises or in the cloud for large ecosystems of SaaS and cloud based connectors. | +| API management | API Gateway | [API Management](https://azure.microsoft.com/services/api-management/) | A turnkey solution for publishing APIs to external and internal consumers. | +|   | Elastic Beanstalk | [Web Apps (App Service)](https://azure.microsoft.com/services/app-service/web/)

[Cloud Services](https://azure.microsoft.com/services/cloud-services/)

[API Apps (App Service)](https://azure.microsoft.com/services/app-service/api/) | Managed hosting platforms providing easy to use services for deploying and scaling web applications and services. | +|   | CodeDeploy

CodeCommit

CodePipeline | [Visual Studio Team Services](https://www.visualstudio.com/team-services/) | Developer tools for scripting application deployment. | +|   | AWS Developer Tools | [Azure Developer Tools](https://azure.microsoft.com/tools/) | Collection of tools for building, debugging, deploying, diagnosing, and managing multi-platform, scalable apps and services. | +|   |   | [Power Apps](https://powerapps.microsoft.com/) | Technology to rapidly build business solutions, connecting to existing services and data sources such as Excel, SharePoint, Dynamics 365, and more using a visual designer. | +| App testing | None | [Azure DevTest Labs (backend)](https://azure.microsoft.com/solutions/dev-test/) | Testing technology to build out heterogeneous solutions for testing cross-platform functionality to your dev/test environment. Integrates to a full DevOps Continuous Integration/Deployment with Visual Studio Online service and 3rd parties such as Jenkins, Chef, Puppet, CloudTest Lite, Octopus Deploy, and others. | +| App customer payment service | Amazon Flexible Payment Service and Amazon Dev Pay | None | Cloud service that provides developers a payment service for their cloud based applications. | +| Game development (cloud-based tools) | GameLift | None | AWS managed service for hosting dedicated game servers. | +|   | Lumberyard | None | Game engine integrated with AWS and Twitch. | +| DevOps | AWS CodeBuild | [Visual Studio Team Services](https://azure.microsoft.com/services/visual-studio-team-services/) | Fully managed build service that supports continuous integration and deployment. | +| Backend process logic | AWS Step Functions | [Logic Apps](https://azure.microsoft.com/services/logic-apps/) | Cloud technology to build distributed applications using out-of-the-box connectors to reduce integration challenges. Connect apps, data and devices on-premises or in the cloud. | +| Programmatic access | Command Line Interface | [Azure Command Line Interface (CLI)](https://azure.microsoft.com/documentation/articles/xplat-cli-install/)

[Azure PowerShell](https://azure.microsoft.com/documentation/articles/powershell-install-configure/) | Built on top of the native REST API across all cloud services, various programming language-specific wrappers provide easier ways to create solutions. | +| Predefined templates | AWS Quick Start | [Azure Quickstart templates](https://azure.microsoft.com/documentation/templates/) | Community-led templates for creating and deploying virtual machine–based solutions. | ## Enterprise integration -| Area | AWS service | Azure service | Description | -|--------------------------------------|---------------------------------|-----------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Enterprise app integration | None | [Logic Apps](https://azure.microsoft.com/services/logic-apps/) | Provides out-of-the box line-of-business application integration for SAP, Oracle, SQL Server, and Websphere MQ. Connect apps, data, and devices on-premises or in the cloud with our large ecosystem of SaaS and cloud-based connectors, including Salesforce, Office 365, Twitter, Dropbox, Google Services, and more. | -| Enterprise application services | None | [Dynamics 365](https://www.microsoft.com/dynamics365/home) | Dynamics 365 delivers the full spectrum of CRM through five individual apps— Sales, Customer Service, Field Service, Project Service Automation, and Marketing —that work seamlessly together. | -| ** ** | Amazon WorkMail

Amazon WorkDocs | [Office 365](https://products.office.com/) | Fully integrated Cloud service providing communications, email, document management in the cloud and available on a wide variety of devices. | -| Content management in the cloud | None | [SharePoint Online](https://products.office.com/sharepoint) | Provides a collaborative way for individuals, teams, and organizations to intelligently discover, share, and collaborate on content from anywhere and on any device. | -| Commercial PAAS-IAAS-DBaaS framework | None | [Azure Stack](https://azure.microsoft.com/overview/azure-stack/) | A hybrid cloud platform that lets you deliver Azure services from your organization’s datacenter. | +| Area | AWS service | Azure service | Description | +|--------------------------------------|-------------------------------------------|------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Enterprise app integration | None | [Logic Apps](https://azure.microsoft.com/services/logic-apps/) | Provides out-of-the box line-of-business application integration for SAP, Oracle, SQL Server, and Websphere MQ. Connect apps, data, and devices on-premises or in the cloud with our large ecosystem of SaaS and cloud-based connectors, including Salesforce, Office 365, Twitter, Dropbox, Google Services, and more. | +| Enterprise application services | None | [Dynamics 365](https://www.microsoft.com/dynamics365/home) | Dynamics 365 delivers the full spectrum of CRM through five individual apps— Sales, Customer Service, Field Service, Project Service Automation, and Marketing —that work seamlessly together. | +|   | Amazon WorkMail

Amazon WorkDocs | [Office 365](https://products.office.com/) | Fully integrated Cloud service providing communications, email, document management in the cloud and available on a wide variety of devices. | +| Content management in the cloud | None | [SharePoint Online](https://products.office.com/sharepoint) | Provides a collaborative way for individuals, teams, and organizations to intelligently discover, share, and collaborate on content from anywhere and on any device. | +| Commercial PAAS-IAAS-DBaaS framework | None | [Azure Stack](https://azure.microsoft.com/overview/azure-stack/) | A hybrid cloud platform that lets you deliver Azure services from your organization’s datacenter. | + diff --git a/docs/best-practices/retry-service-specific.md b/docs/best-practices/retry-service-specific.md index 6ead3be831a..84ff32628d5 100644 --- a/docs/best-practices/retry-service-specific.md +++ b/docs/best-practices/retry-service-specific.md @@ -474,7 +474,6 @@ public async static Task ExecuteReaderWithRetryAsync(this SqlComm }, cancellationToken); } - ``` This asynchronous extension method can be used as follows. @@ -788,7 +787,7 @@ namespace RetryCodeSamples try { var retryTimeInMilliseconds = TimeSpan.FromSeconds(4).Milliseconds; // delay between retries - + // Using object-based configuration. var options = new ConfigurationOptions { diff --git a/docs/building-blocks/extending-templates/objects-as-parameters.md b/docs/building-blocks/extending-templates/objects-as-parameters.md index 4c6a447691a..51072b34415 100644 --- a/docs/building-blocks/extending-templates/objects-as-parameters.md +++ b/docs/building-blocks/extending-templates/objects-as-parameters.md @@ -291,7 +291,6 @@ Now let's take a look at our template. Our first resource named `NSG1` deploys t ], "outputs": {} } - ``` Let's take a closer look at how we specify our property values in the `securityRules` child resource. All of our properties are referenced using the `parameter()` function, and then we use the dot operator to reference our `securityRules` array, indexed by the current value of the iteration. Finally, we use another dot operator to reference the name of the object. @@ -300,18 +299,18 @@ Let's take a closer look at how we specify our property values in the `securityR If you would like to experiment with this template, follow these steps: -1. Go to the Azure portal, select the **+** icon, and search for the **template deployment** resource type, and select it. -2. Navigate to the **template deployment** page, select the **create** button. This button opens the **custom deployment** blade. -3. Select the **edit template** button. -4. Delete the empty template. -5. Copy and paste the sample template into the right pane. -6. Select the **save** button. -7. When you are returned to the **custom deployment** pane, select the **edit parameters** button. +1. Go to the Azure portal, select the **+** icon, and search for the **template deployment** resource type, and select it. +2. Navigate to the **template deployment** page, select the **create** button. This button opens the **custom deployment** blade. +3. Select the **edit template** button. +4. Delete the empty template. +5. Copy and paste the sample template into the right pane. +6. Select the **save** button. +7. When you are returned to the **custom deployment** pane, select the **edit parameters** button. 8. On the **edit parameters** blade, delete the existing template. 9. Copy and paste the sample parameter template from above. 10. Select the **save** button, which returns you to the **custom deployment** blade. 11. On the **custom deployment** blade, select your subscription, either create new or use existing resource group, and select a location. Review the terms and conditions, and select the **I agree** checkbox. -12. Select the **purchase** button. +12. Select the **purchase** button. ## Next steps diff --git a/docs/checklist/dev-ops.md b/docs/checklist/dev-ops.md index 0e6432c37cf..d58a4354673 100644 --- a/docs/checklist/dev-ops.md +++ b/docs/checklist/dev-ops.md @@ -126,7 +126,7 @@ Shared documentation is critical. Encourage team members to contribute and share **Follow least-privilege principles when granting access to resources.** Carefully manage access to resources. Access should be denied by default, unless a user is explicitly given access to a resource. Only grant a user access to what they need to complete their tasks. Track user permissions and perform regular security audits. -**Use role-based access control.** Assigning user accounts and access to resources should not be a manual process. Use [Role-Based Access Control][rbac] (RBAC) grant access based on [Azure Active Directory][azure-ad] identities and groups. +Use role-based access control. Assigning user accounts and access to resources should not be a manual process. Use [Role-Based Access Control][rbac] (RBAC) grant access based on [Azure Active Directory][azure-ad] identities and groups. **Use a bug tracking system to track issues.** Without a good way to track issues, it's easy to miss items, duplicate work, or introduce additional problems. Don't rely on informal person-to-person communication to track the status of bugs. Use a bug tracking tool to record details about problems, assign resources to address them, and provide an audit trail of progress and status. diff --git a/docs/data-guide/relational-data/data-warehousing.md b/docs/data-guide/relational-data/data-warehousing.md index 1f93c3f8635..915646a8a59 100644 --- a/docs/data-guide/relational-data/data-warehousing.md +++ b/docs/data-guide/relational-data/data-warehousing.md @@ -145,15 +145,15 @@ The following tables summarize the key differences in capabilities. ### Security capabilities -| | Azure SQL Database | SQL Server in a virtual machine | SQL Data Warehouse | Apache Hive on HDInsight | Hive LLAP on HDInsight | -| --- | --- | --- | --- | --- | --- | -- | -| Authentication | SQL / Azure Active Directory (Azure AD) | SQL / Azure AD / Active Directory | SQL / Azure AD | local / Azure AD 1 | local / Azure AD 1 | -| Authorization | Yes | Yes | Yes | Yes | Yes 1 | Yes 1 | -| Auditing | Yes | Yes | Yes | Yes | Yes 1 | Yes 1 | -| Data encryption at rest | Yes 2 | Yes 2 | Yes 2 | Yes 2 | Yes 1 | Yes 1 | -| Row-level security | Yes | Yes | Yes | No | Yes 1 | Yes 1 | -| Supports firewalls | Yes | Yes | Yes | Yes | Yes 3 | Yes 3 | -| Dynamic data masking | Yes | Yes | Yes | No | Yes 1 | Yes 1 | +| | Azure SQL Database | SQL Server in a virtual machine | SQL Data Warehouse | Apache Hive on HDInsight | Hive LLAP on HDInsight | +|-------------------------|-----------------------------------------|-----------------------------------|--------------------|-------------------------------|-------------------------------| +| Authentication | SQL / Azure Active Directory (Azure AD) | SQL / Azure AD / Active Directory | SQL / Azure AD | local / Azure AD 1 | local / Azure AD 1 | +| Authorization | Yes | Yes | Yes | Yes | Yes 1 | +| Auditing | Yes | Yes | Yes | Yes | Yes 1 | +| Data encryption at rest | Yes 2 | Yes 2 | Yes 2 | Yes 2 | Yes 1 | +| Row-level security | Yes | Yes | Yes | No | Yes 1 | +| Supports firewalls | Yes | Yes | Yes | Yes | Yes 3 | +| Dynamic data masking | Yes | Yes | Yes | No | Yes 1 | [1] Requires using a [domain-joined HDInsight cluster](/azure/hdinsight/domain-joined/apache-domain-joined-introduction). diff --git a/docs/data-guide/relational-data/online-analytical-processing.md b/docs/data-guide/relational-data/online-analytical-processing.md index a41aede0519..bbc9d97a8a5 100644 --- a/docs/data-guide/relational-data/online-analytical-processing.md +++ b/docs/data-guide/relational-data/online-analytical-processing.md @@ -136,8 +136,9 @@ The following tables summarize the key differences in capabilities. ### Scalability Capabilities -| | Azure Analysis Services | SQL Server Analysis Services | SQL Server with Columnstore Indexes | Azure SQL Database with Columnstore Indexes | -| --- | --- | --- | --- | --- | -| Redundant regional servers for high availability | Yes | No | Yes | Yes | -| Supports query scale out | Yes | No | Yes | No | -| Dynamic scalability (scale up) | Yes | No | Yes | No | +| | Azure Analysis Services | SQL Server Analysis Services | SQL Server with Columnstore Indexes | Azure SQL Database with Columnstore Indexes | +|--------------------------------------------------|-------------------------|------------------------------|-------------------------------------|---------------------------------------------| +| Redundant regional servers for high availability | Yes | No | Yes | Yes | +| Supports query scale out | Yes | No | Yes | No | +| Dynamic scalability (scale up) | Yes | No | Yes | No | + diff --git a/docs/data-guide/relational-data/online-transaction-processing.md b/docs/data-guide/relational-data/online-transaction-processing.md index 9838797182b..08214689d10 100644 --- a/docs/data-guide/relational-data/online-transaction-processing.md +++ b/docs/data-guide/relational-data/online-transaction-processing.md @@ -90,15 +90,17 @@ To narrow the choices, start by answering these questions: The following tables summarize the key differences in capabilities. ### General capabilities -| | Azure SQL Database | SQL Server in an Azure virtual machine | Azure Database for MySQL | Azure Database for PostgreSQL | -| --- | --- | --- | --- | --- | --- | -| Is Managed Service | Yes | No | Yes | Yes | -| Runs on Platform | N/A | Windows, Linux, Docker | N/A | N/A | -| Programmability 1 | T-SQL, .NET, R | T-SQL, .NET, R, Python | T-SQL, .NET, R, Python | SQL | SQL | + +| | Azure SQL Database | SQL Server in an Azure virtual machine | Azure Database for MySQL | Azure Database for PostgreSQL | +|------------------------------|--------------------|----------------------------------------|--------------------------|-------------------------------| +| Is Managed Service | Yes | No | Yes | Yes | +| Runs on Platform | N/A | Windows, Linux, Docker | N/A | N/A | +| Programmability 1 | T-SQL, .NET, R | T-SQL, .NET, R, Python | T-SQL, .NET, R, Python | SQL | [1] Not including client driver support, which allows many programming languages to connect to and use the OLTP data store. ### Scalability capabilities + | | Azure SQL Database | SQL Server in an Azure virtual machine| Azure Database for MySQL | Azure Database for PostgreSQL| | --- | --- | --- | --- | --- | --- | | Maximum database instance size | [4 TB](/azure/sql-database/sql-database-resource-limits) | 256 TB | [1 TB](/azure/mysql/concepts-limits) | [1 TB](/azure/postgresql/concepts-limits) | @@ -107,6 +109,7 @@ The following tables summarize the key differences in capabilities. | Dynamic scalability (scale up) | Yes | No | Yes | Yes | ### Analytic workload capabilities + | | Azure SQL Database | SQL Server in an Azure virtual machine| Azure Database for MySQL | Azure Database for PostgreSQL| | --- | --- | --- | --- | --- | --- | | Temporal tables | Yes | Yes | No | No | @@ -115,6 +118,7 @@ The following tables summarize the key differences in capabilities. | Adaptive query processing | Yes | Yes | No | No | ### Availability capabilities + | | Azure SQL Database | SQL Server in an Azure virtual machine| Azure Database for MySQL | Azure Database for PostgreSQL| | --- | --- | --- | --- | --- | --- | | Readable secondaries | Yes | Yes | No | No | @@ -123,16 +127,17 @@ The following tables summarize the key differences in capabilities. | Point-in-time restore | Yes | Yes | Yes | Yes | ### Security capabilities -| | Azure SQL Database | SQL Server in an Azure virtual machine| Azure Database for MySQL | Azure Database for PostgreSQL| -| --- | --- | --- | --- | --- | --- | -| Row level security | Yes | Yes | Yes | Yes | -| Data masking | Yes | Yes | No | No | -| Transparent data encryption | Yes | Yes | Yes | Yes | -| Restrict access to specific IP addresses | Yes | Yes | Yes | Yes | -| Restrict access to allow VNET access only | Yes | Yes | No | No | -| Azure Active Directory authentication | Yes | Yes | No | No | -| Active Directory authentication | No | Yes | No | No | -| Multi-factor authentication | Yes | Yes | No | No | -| Supports [Always Encrypted](/sql/relational-databases/security/encryption/always-encrypted-database-engine) | Yes | Yes | Yes | No | No | -| Private IP | No | Yes | Yes | No | No | + +| | Azure SQL Database | SQL Server in an Azure virtual machine | Azure Database for MySQL | Azure Database for PostgreSQL | +|-------------------------------------------------------------------------------------------------------------|--------------------|----------------------------------------|--------------------------|-------------------------------| +| Row level security | Yes | Yes | Yes | Yes | +| Data masking | Yes | Yes | No | No | +| Transparent data encryption | Yes | Yes | Yes | Yes | +| Restrict access to specific IP addresses | Yes | Yes | Yes | Yes | +| Restrict access to allow VNET access only | Yes | Yes | No | No | +| Azure Active Directory authentication | Yes | Yes | No | No | +| Active Directory authentication | No | Yes | No | No | +| Multi-factor authentication | Yes | Yes | No | No | +| Supports [Always Encrypted](/sql/relational-databases/security/encryption/always-encrypted-database-engine) | Yes | Yes | Yes | No | +| Private IP | No | Yes | Yes | No | diff --git a/docs/data-guide/technology-choices/analytical-data-stores.md b/docs/data-guide/technology-choices/analytical-data-stores.md index 2a60a7ee039..16591bf9530 100644 --- a/docs/data-guide/technology-choices/analytical-data-stores.md +++ b/docs/data-guide/technology-choices/analytical-data-stores.md @@ -61,12 +61,12 @@ The following tables summarize the key differences in capabilities. ### Scalability capabilities -| | SQL Database | SQL Data Warehouse | HBase/Phoenix on HDInsight | Hive LLAP on HDInsight | Azure Analysis Services | Cosmos DB | -| --- | --- | --- | --- | --- | --- | --- | -| Redundant regional servers for high availability | Yes | Yes | Yes | No | No | Yes | Yes | -| Supports query scale out | No | Yes | Yes | Yes | Yes | Yes | -| Dynamic scalability (scale up) | Yes | Yes | No | No | Yes | Yes | -| Supports in-memory caching of data | Yes | Yes | No | Yes | Yes | No | +| | SQL Database | SQL Data Warehouse | HBase/Phoenix on HDInsight | Hive LLAP on HDInsight | Azure Analysis Services | Cosmos DB | +|--------------------------------------------------|--------------|--------------------|----------------------------|------------------------|-------------------------|-----------| +| Redundant regional servers for high availability | Yes | Yes | Yes | No | No | Yes | +| Supports query scale out | No | Yes | Yes | Yes | Yes | Yes | +| Dynamic scalability (scale up) | Yes | Yes | No | No | Yes | Yes | +| Supports in-memory caching of data | Yes | Yes | No | Yes | Yes | No | ### Security capabilities diff --git a/docs/data-guide/technology-choices/batch-processing.md b/docs/data-guide/technology-choices/batch-processing.md index b68c12a59db..c30ac952165 100644 --- a/docs/data-guide/technology-choices/batch-processing.md +++ b/docs/data-guide/technology-choices/batch-processing.md @@ -49,8 +49,9 @@ The following tables summarize the key differences in capabilities. | Pricing model | Per batch job | By cluster hour | By cluster hour | By cluster hour | By cluster hour | [1] With manual configuration and scaling. - + ### Integration capabilities + | | Azure Data Lake Analytics | SQL Data Warehouse | HDInsight with Spark | HDInsight with Hive | HDInsight with Hive LLAP | | --- | --- | --- | --- | --- | --- | | Access from Azure Data Lake Store | Yes | Yes | Yes | Yes | Yes | @@ -58,6 +59,7 @@ The following tables summarize the key differences in capabilities. | Query from external relational stores | Yes | No | Yes | No | No | ### Scalability capabilities + | | Azure Data Lake Analytics | SQL Data Warehouse | HDInsight with Spark | HDInsight with Hive | HDInsight with Hive LLAP | | --- | --- | --- | --- | --- | --- | | Scale-out granularity | Per job | Per cluster | Per cluster | Per cluster | Per cluster | @@ -65,6 +67,7 @@ The following tables summarize the key differences in capabilities. | In-memory caching of data | No | Yes | Yes | No | Yes | ### Security capabilities + | | Azure Data Lake Analytics | SQL Data Warehouse | HDInsight with Spark | Apache Hive on HDInsight | Hive LLAP on HDInsight | | --- | --- | --- | --- | --- | --- | | Authentication | Azure Active Directory (Azure AD) | SQL / Azure AD | No | local / Azure AD 1 | local / Azure AD 1 | diff --git a/docs/data-guide/technology-choices/cognitive-services.md b/docs/data-guide/technology-choices/cognitive-services.md index 05bca518abf..ca26068d611 100644 --- a/docs/data-guide/technology-choices/cognitive-services.md +++ b/docs/data-guide/technology-choices/cognitive-services.md @@ -50,35 +50,37 @@ To narrow the choices, start by answering these questions: The following tables summarize the key differences in capabilities. ### Uses prebuilt models -| | Input type | Key benefit | -| --- | --- | --- | -| Text Analytics API | Text | Evaluate sentiment and topics to understand what users want. | -| Entity Linking API| Text | Power your app's data links with named entity recognition and disambiguation. | -| Language Understanding Intelligent Service (LUIS)| Text | Teach your apps to understand commands from your users. | -| QnA Maker Service| Text | Distill FAQ formatted information into conversational, easy-to-navigate answers. | -| Linguistic Analysis API | Text | Simplify complex language concepts and parse text. | -| Knowledge Exploration Service | Text | Enable interactive search experiences over structured data via natural language inputs. | -| Web Language Model API | Text | Use predictive language models trained on web-scale data. | -| Academic Knowledge API | Text | Tap into the wealth of academic content in the Microsoft Academic Graph populated by Bing. | -| Bing Autosuggest API | Text | Give your app intelligent autosuggest options for searches. | -| Bing Spell Check API | Text | Detect and correct spelling mistakes in your app. | -| Translator Text API | Text | Machine translation. | -| Recommendations API | Text | Predict and recommend items your customers want. | -| Bing Entity Search API | Text (web search query) | Identify and augment entity information from the web. | -| Bing Image Search API | Text (web search query) | Search for images. | -| Bing News Search API | Text (web search query) | Search for news. | -| Bing Video Search API | Text (web search query) | Search for videos. | -| Bing Web Search API | Text (web search query) | Get enhanced search details from billions of web documents. |. -| Bing Speech API | Text or Speech | Convert speech to text and back again. | -| Speaker Recognition API | Speech | Use speech to identify and authenticate individual speakers. | -| Translator Speech API | Speech | Perform real-time speech translation. | -| Computer Vision API | Images (or frames from video) | Distill actionable information from images, automatically create description of photos, derive tags, recognize celebrities, extract text, and create accurate thumbnails. | -| Content Moderator | Text, Images or Video | Automated image, text, and video moderation. | -| Emotion API | Images (photos with human subjects) | Identify the range emotions of human subjects. | -| Face API | Images (photos with human subjects) | Detect, identify, analyze, organize, and tag faces in photos. | -| Video Indexer | Video | Video insights such as sentiment, transcript speech, translate speech, recognize faces and emotions, and extract keywords. | + +| | Input type | Key benefit | +|---------------------------------------------------|-------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Text Analytics API | Text | Evaluate sentiment and topics to understand what users want. | +| Entity Linking API | Text | Power your app's data links with named entity recognition and disambiguation. | +| Language Understanding Intelligent Service (LUIS) | Text | Teach your apps to understand commands from your users. | +| QnA Maker Service | Text | Distill FAQ formatted information into conversational, easy-to-navigate answers. | +| Linguistic Analysis API | Text | Simplify complex language concepts and parse text. | +| Knowledge Exploration Service | Text | Enable interactive search experiences over structured data via natural language inputs. | +| Web Language Model API | Text | Use predictive language models trained on web-scale data. | +| Academic Knowledge API | Text | Tap into the wealth of academic content in the Microsoft Academic Graph populated by Bing. | +| Bing Autosuggest API | Text | Give your app intelligent autosuggest options for searches. | +| Bing Spell Check API | Text | Detect and correct spelling mistakes in your app. | +| Translator Text API | Text | Machine translation. | +| Recommendations API | Text | Predict and recommend items your customers want. | +| Bing Entity Search API | Text (web search query) | Identify and augment entity information from the web. | +| Bing Image Search API | Text (web search query) | Search for images. | +| Bing News Search API | Text (web search query) | Search for news. | +| Bing Video Search API | Text (web search query) | Search for videos. | +| Bing Web Search API | Text (web search query) | Get enhanced search details from billions of web documents. | +| Bing Speech API | Text or Speech | Convert speech to text and back again. | +| Speaker Recognition API | Speech | Use speech to identify and authenticate individual speakers. | +| Translator Speech API | Speech | Perform real-time speech translation. | +| Computer Vision API | Images (or frames from video) | Distill actionable information from images, automatically create description of photos, derive tags, recognize celebrities, extract text, and create accurate thumbnails. | +| Content Moderator | Text, Images or Video | Automated image, text, and video moderation. | +| Emotion API | Images (photos with human subjects) | Identify the range emotions of human subjects. | +| Face API | Images (photos with human subjects) | Detect, identify, analyze, organize, and tag faces in photos. | +| Video Indexer | Video | Video insights such as sentiment, transcript speech, translate speech, recognize faces and emotions, and extract keywords. | ### Trained with custom data you provide + | | Input type | Key benefit | | --- | --- | --- | | Custom Vision Service | Images (or frames from video) | Customize your own computer vision models. | diff --git a/docs/data-guide/technology-choices/data-storage.md b/docs/data-guide/technology-choices/data-storage.md index fa44706b5ba..325e8f6ed38 100644 --- a/docs/data-guide/technology-choices/data-storage.md +++ b/docs/data-guide/technology-choices/data-storage.md @@ -105,12 +105,13 @@ The following tables summarize the key differences in capabilities. ### NoSQL database capabilities -| | Azure Cosmos DB | HBase on HDInsight | -| --- | --- | --- | -| Primary database model | Document store, graph, key-value store, wide column store | Wide column store | -| Secondary indexes | Yes | No | -| SQL language support | Yes | Yes (using the [Phoenix](http://phoenix.apache.org/) JDBC driver) | -| Consistency | Strong, bounded-staleness, session, consistent prefix, eventual | Strong | -| Native Azure Functions integration | [Yes](/azure/cosmos-db/serverless-computing-database) | No | -| Automatic global distribution | [Yes](/azure/cosmos-db/distribute-data-globally) | No [HBase cluster replication can be configured](/azure/hdinsight/hbase/apache-hbase-replication) across regions with eventual consistency | -| Pricing model | Elastically scalable request units (RUs) charged per-second as needed, elastically scalable storage | Per-minute pricing for HDInsight cluster (horizontal scaling of nodes), storage | +| | Azure Cosmos DB | HBase on HDInsight | +|------------------------------------|-----------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------| +| Primary database model | Document store, graph, key-value store, wide column store | Wide column store | +| Secondary indexes | Yes | No | +| SQL language support | Yes | Yes (using the [Phoenix](http://phoenix.apache.org/) JDBC driver) | +| Consistency | Strong, bounded-staleness, session, consistent prefix, eventual | Strong | +| Native Azure Functions integration | [Yes](/azure/cosmos-db/serverless-computing-database) | No | +| Automatic global distribution | [Yes](/azure/cosmos-db/distribute-data-globally) | No [HBase cluster replication can be configured](/azure/hdinsight/hbase/apache-hbase-replication) across regions with eventual consistency | +| Pricing model | Elastically scalable request units (RUs) charged per-second as needed, elastically scalable storage | Per-minute pricing for HDInsight cluster (horizontal scaling of nodes), storage | + diff --git a/docs/data-guide/technology-choices/search-options.md b/docs/data-guide/technology-choices/search-options.md index 816de82a787..15b5d10faeb 100644 --- a/docs/data-guide/technology-choices/search-options.md +++ b/docs/data-guide/technology-choices/search-options.md @@ -38,6 +38,7 @@ For search scenarios, begin choosing the appropriate search data store for your The following tables summarize the key differences in capabilities. ### General capabilities + | | Azure Search | Elasticsearch | HDInsight with Solr | SQL Database | | --- | --- | --- | --- | --- | | Is managed service | Yes | No | Yes | Yes | @@ -46,12 +47,14 @@ The following tables summarize the key differences in capabilities. | Document indexers for common file types (PDF, DOCX, TXT, and so on) | Yes | No | Yes | No | ### Manageability capabilities + | | Azure Search | Elasticsearch | HDInsight with Solr | SQL Database | | --- | --- | --- | --- | --- | | Updateable schema | No | Yes | Yes | Yes | | Supports scale out | Yes | Yes | Yes | No | ### Analytic workload capabilities + | | Azure Search | Elasticsearch | HDInsight with Solr | SQL Databash | | --- | --- | --- | --- | --- | | Supports analytics beyond full text search | No | Yes | Yes | Yes | @@ -59,6 +62,7 @@ The following tables summarize the key differences in capabilities. | Supports semantic search | Yes (find similar documents only) | Yes | Yes | Yes | ### Security capabilities + | | Azure Search | Elasticsearch | HDInsight with Solr | SQL Databash | | --- | --- | --- | --- | --- | | Row-level security | Partial (requires application query to filter by group id) | Partial (requires application query to filter by group id) | Yes | Yes | diff --git a/docs/data-guide/technology-choices/stream-processing.md b/docs/data-guide/technology-choices/stream-processing.md index 82c4cd4f56d..97702f9d78a 100644 --- a/docs/data-guide/technology-choices/stream-processing.md +++ b/docs/data-guide/technology-choices/stream-processing.md @@ -1,4 +1,3 @@ - --- title: Choosing a stream processing technology description: @@ -38,6 +37,7 @@ For real-time processing scenarios, begin choosing the appropriate service for y The following tables summarize the key differences in capabilities. ### General capabilities + | | Azure Stream Analytics | HDInsight with Spark Streaming | Apache Spark in Azure Databricks | HDInsight with Storm | Azure Functions | Azure App Service WebJobs | | --- | --- | --- | --- | --- | --- | --- | | Programmability | Stream analytics query language, JavaScript | Scala, Python, Java | Scala, Python, Java, R | Java, C# | C#, F#, Node.js | C#, Node.js, PHP, Java, Python | @@ -45,12 +45,14 @@ The following tables summarize the key differences in capabilities. | Pricing model | [Streaming units](https://azure.microsoft.com/pricing/details/stream-analytics/) | Per cluster hour | [Databricks units](https://azure.microsoft.com/pricing/details/databricks/) | Per cluster hour | Per function execution and resource consumption | Per app service plan hour | ### Integration capabilities + | | Azure Stream Analytics | HDInsight with Spark Streaming | Apache Spark in Azure Databricks | HDInsight with Storm | Azure Functions | Azure App Service WebJobs | | --- | --- | --- | --- | --- | --- | --- | | Inputs | [Stream Analytics inputs](/azure/stream-analytics/stream-analytics-define-inputs) | Event Hubs, IoT Hub, Kafka, HDFS, Storage Blobs, Azure Data Lake Store | Event Hubs, IoT Hub, Kafka, HDFS, Storage Blobs, Azure Data Lake Store | Event Hubs, IoT Hub, Storage Blobs, Azure Data Lake Store | [Supported bindings](/azure/azure-functions/functions-triggers-bindings#supported-bindings) | Service Bus, Storage Queues, Storage Blobs, Event Hubs, WebHooks, Cosmos DB, Files | | Sinks | [Stream Analytics outputs](/azure/stream-analytics/stream-analytics-define-outputs) | HDFS, Kafka, Storage Blobs, Azure Data Lake Store, Cosmos DB | HDFS, Kafka, Storage Blobs, Azure Data Lake Store, Cosmos DB | Event Hubs, Service Bus, Kafka | [Supported bindings](/azure/azure-functions/functions-triggers-bindings#supported-bindings) | Service Bus, Storage Queues, Storage Blobs, Event Hubs, WebHooks, Cosmos DB, Files | ### Processing capabilities + | | Azure Stream Analytics | HDInsight with Spark Streaming | Apache Spark in Azure Databricks | HDInsight with Storm | Azure Functions | Azure App Service WebJobs | | --- | --- | --- | --- | --- | --- | --- | | Built-in temporal/windowing support | Yes | Yes | Yes | Yes | No | No | diff --git a/docs/docfx.json b/docs/docfx.json index 8d19d866483..82c295a4864 100644 --- a/docs/docfx.json +++ b/docs/docfx.json @@ -60,13 +60,14 @@ ] }, "fileMetadata": { - "tocRel":{ - "reference-architectures/**.md":"../toc.json" + "tocRel": { + "reference-architectures/**.md": "../toc.json" } }, "template": [ "docs.html" ], - "dest": "azure" + "dest": "azure", + "markdownEngineName": "markdig" } } diff --git a/docs/guide/technology-choices/data-store-comparison.md b/docs/guide/technology-choices/data-store-comparison.md index 8f1a34998e1..f2505673227 100644 --- a/docs/guide/technology-choices/data-store-comparison.md +++ b/docs/guide/technology-choices/data-store-comparison.md @@ -57,7 +57,7 @@ The following sections compare various data store models in terms of workload pr ## Relational database management systems (RDBMS) - + - + - +
**Workload**
Workload
  • Both the creation of new records and updates to existing data happen regularly.
  • @@ -70,7 +70,7 @@ The following sections compare various data store models in terms of workload pr
**Data type**
Data type
  • Data is highly normalized.
  • @@ -83,7 +83,7 @@ The following sections compare various data store models in terms of workload pr
**Examples**
Examples
  • Line of business (human capital management, customer relationship management, enterprise resource planning)
  • @@ -101,7 +101,7 @@ The following sections compare various data store models in terms of workload pr ## Document databases - + - + - +
    **Workload**
    Workload
    • General purpose.
    • @@ -113,7 +113,7 @@ The following sections compare various data store models in terms of workload pr
    • Individual documents are retrieved and written as a single block.
    **Data type**
    Data type
    • Data can be managed in de-normalized way.
    • @@ -125,7 +125,7 @@ The following sections compare various data store models in terms of workload pr
    **Examples**
    Examples
    • Product catalog
    • @@ -145,7 +145,7 @@ The following sections compare various data store models in terms of workload pr ## Key/value stores - + - + - +
      **Workload**
      Workload
      • Data is identified and accessed using a single ID key, like a dictionary.
      • @@ -156,7 +156,7 @@ The following sections compare various data store models in terms of workload pr
      **Data type**
      Data type
      • Data size tends to be large.
      • @@ -166,7 +166,7 @@ The following sections compare various data store models in terms of workload pr
      **Examples**
      Examples
      • Data caching
      • @@ -182,7 +182,7 @@ The following sections compare various data store models in terms of workload pr ## Graph databases - + - + - +
        **Workload**
        Workload
        • The relationships between data items are very complex, involving many hops between related data items.
        • @@ -191,7 +191,7 @@ The following sections compare various data store models in terms of workload pr
        **Data type**
        Data type
        • Data is comprised of nodes and relationships.
        • @@ -201,7 +201,7 @@ The following sections compare various data store models in terms of workload pr
        **Examples**
        Examples
        • Organization charts
        • @@ -217,7 +217,7 @@ The following sections compare various data store models in terms of workload pr ## Column-family databases - + - + - +
          **Workload**
          Workload
          • Most column-family databases perform write operations extremely quickly.
          • @@ -228,7 +228,7 @@ The following sections compare various data store models in terms of workload pr
          **Data type**
          Data type
          • Data is stored in tables consisting of a key column and one or more column families.
          • @@ -238,7 +238,7 @@ The following sections compare various data store models in terms of workload pr
          **Examples**
          Examples
          • Recommendations
          • @@ -258,7 +258,7 @@ The following sections compare various data store models in terms of workload pr ## Search engine databases - + - + - +
            **Workload**
            Workload
            • Indexing data from multiple sources and services.
            • @@ -270,7 +270,7 @@ The following sections compare various data store models in terms of workload pr
            **Data type**
            Data type
            • Semi-structured or unstructured
            • @@ -279,7 +279,7 @@ The following sections compare various data store models in terms of workload pr
            **Examples**
            Examples
            • Product catalogs
            • @@ -295,7 +295,7 @@ The following sections compare various data store models in terms of workload pr ## Data warehouse - + - + - + @@ -323,7 +323,7 @@ The following sections compare various data store models in terms of workload pr ## Time series databases
              **Workload**
              Workload
              • Data analytics
              • @@ -303,17 +303,17 @@ The following sections compare various data store models in terms of workload pr
              **Data type**
              Data type
              • Historical data from multiple sources.
              • -
              • Usually denormalized in a "star" or "snowflake" schema, consisting of fact and dimension tables.
              • +
              • Usually denormalized in a "star" or "snowflake" schema, consisting of fact and dimension tables.
              • Usually loaded with new data on a scheduled basis.
              • -
              • Dimension tables often include multiple historic versions of an entity, referred to as a *slowly changing dimension*.
              • +
              • Dimension tables often include multiple historic versions of an entity, referred to as a slowly changing dimension.
              **Examples**
              Examples An enterprise data warehouse that provides data for analytical models, reports, and dashboards.
              - + - + - +
              **Workload**
              Workload
              • An overwhelmingly proportion of operations (95-99%) are writes.
              • @@ -331,12 +331,12 @@ The following sections compare various data store models in terms of workload pr
              • Updates are rare.
              • Deletes occur in bulk, and are made to contiguous blocks or records.
              • Read requests can be larger than available memory.
              • -
              • It's common for multiple reads to occur simultaneously.
              • +
              • It's common for multiple reads to occur simultaneously.
              • Data is read sequentially in either ascending or descending time order.
              **Data type**
              Data type
              • A time stamp that is used as the primary key and sorting mechanism.
              • @@ -345,7 +345,7 @@ The following sections compare various data store models in terms of workload pr
              **Examples**
              Examples
              • Monitoring and event telemetry.
              • @@ -358,7 +358,7 @@ The following sections compare various data store models in terms of workload pr ## Object storage - + - + - +
                **Workload**
                Workload
                • Identified by key.
                • @@ -368,7 +368,7 @@ The following sections compare various data store models in terms of workload pr
                **Data type**
                Data type
                • Data size is large.
                • @@ -377,7 +377,7 @@ The following sections compare various data store models in terms of workload pr
                **Examples**
                Examples
                • Images, videos, office documents, PDFs
                • @@ -393,7 +393,7 @@ The following sections compare various data store models in terms of workload pr ## Shared files - + - + - +
                  **Workload**
                  Workload
                  • Migration from existing apps that interact with the file system.
                  • @@ -401,7 +401,7 @@ The following sections compare various data store models in terms of workload pr
                  **Data type**
                  Data type
                  • Files in a hierarchical set of folders.
                  • @@ -409,7 +409,7 @@ The following sections compare various data store models in terms of workload pr
                  **Examples**
                  Examples
                  • Legacy files
                  • diff --git a/docs/index.md b/docs/index.md index c1b6a0678b2..5657cd0a723 100644 --- a/docs/index.md +++ b/docs/index.md @@ -318,7 +318,7 @@ ms.topic: landing-page

                    Azure Customer Advisory Team

                    -

                    The AzureCAT team's blog

                    +

                    The AzureCAT team's blog

                    @@ -338,7 +338,7 @@ ms.topic: landing-page

                    SQL Server Customer Advisory Team

                    -

                    The SQLCAT team's blog

                    +

                    The SQLCAT team's blog

                    diff --git a/docs/multitenant-identity/authorize.md b/docs/multitenant-identity/authorize.md index 563226a275b..24895496897 100644 --- a/docs/multitenant-identity/authorize.md +++ b/docs/multitenant-identity/authorize.md @@ -98,7 +98,6 @@ In earlier versions of ASP.NET, you would set the **Roles** property on the attr ```csharp // old way [Authorize(Roles = "SurveyCreator")] - ``` This is still supported in ASP.NET Core, but it has some drawbacks compared with authorization policies: diff --git a/docs/multitenant-identity/run-the-app.md b/docs/multitenant-identity/run-the-app.md index b7fe3b32a18..4ed9a3af1b4 100644 --- a/docs/multitenant-identity/run-the-app.md +++ b/docs/multitenant-identity/run-the-app.md @@ -48,15 +48,15 @@ To complete the end-to-end scenario, you'll need a second Azure AD directory to 3. Click **App registrations** > **New application registration**. -4. In the **Create** blade, enter the following information: +4. In the **Create** blade, enter the following information: - - **Name**: `Surveys.WebAPI` + - **Name**: `Surveys.WebAPI` - - **Application type**: `Web app / API` + - **Application type**: `Web app / API` - - **Sign-on URL**: `https://localhost:44301/` + - **Sign-on URL**: `https://localhost:44301/` - ![](./images/running-the-app/register-web-api.png) + ![](./images/running-the-app/register-web-api.png) 5. Click **Create**. @@ -74,15 +74,15 @@ To complete the end-to-end scenario, you'll need a second Azure AD directory to ## Register the Surveys web app -1. Navigate back to the **App registrations** blade, and click **New application registration**. +1. Navigate back to the **App registrations** blade, and click **New application registration**. -2. In the **Create** blade, enter the following information: +2. In the **Create** blade, enter the following information: - - **Name**: `Surveys` - - **Application type**: `Web app / API` - - **Sign-on URL**: `https://localhost:44300/` + - **Name**: `Surveys` + - **Application type**: `Web app / API` + - **Sign-on URL**: `https://localhost:44300/` - Notice that the sign-on URL has a different port number from the `Surveys.WebAPI` app in the previous step. + Notice that the sign-on URL has a different port number from the `Surveys.WebAPI` app in the previous step. 3. Click **Create**. @@ -146,36 +146,36 @@ To complete the end-to-end scenario, you'll need a second Azure AD directory to ![](./images/running-the-app/manifest.png) -3. Add the following JSON to the `appRoles` element. Generate new GUIDs for the `id` properties. - - ```json - { - "allowedMemberTypes": ["User"], - "description": "Creators can create surveys", - "displayName": "SurveyCreator", - "id": "", - "isEnabled": true, - "value": "SurveyCreator" - }, - { - "allowedMemberTypes": ["User"], - "description": "Administrators can manage the surveys in their tenant", - "displayName": "SurveyAdmin", - "id": "", - "isEnabled": true, - "value": "SurveyAdmin" - } - ``` - -5. In the `knownClientApplications` property, add the application ID for the Surveys web application, which you got when you registered the Surveys application earlier. For example: - - ```json - "knownClientApplications": ["be2cea23-aa0e-4e98-8b21-2963d494912e"], - ``` - - This setting adds the Surveys app to the list of clients authorized to call the web API. - -6. Click **Save**. +3. Add the following JSON to the `appRoles` element. Generate new GUIDs for the `id` properties. + + ```json + { + "allowedMemberTypes": ["User"], + "description": "Creators can create surveys", + "displayName": "SurveyCreator", + "id": "", + "isEnabled": true, + "value": "SurveyCreator" + }, + { + "allowedMemberTypes": ["User"], + "description": "Administrators can manage the surveys in their tenant", + "displayName": "SurveyAdmin", + "id": "", + "isEnabled": true, + "value": "SurveyAdmin" + } + ``` + +4. In the `knownClientApplications` property, add the application ID for the Surveys web application, which you got when you registered the Surveys application earlier. For example: + + ```json + "knownClientApplications": ["be2cea23-aa0e-4e98-8b21-2963d494912e"], + ``` + + This setting adds the Surveys app to the list of clients authorized to call the web API. + +5. Click **Save**. Now repeat the same steps for the Surveys app, except do not add an entry for `knownClientApplications`. Use the same role definitions, but generate new GUIDs for the IDs. diff --git a/docs/patterns/category/availability.md b/docs/patterns/category/availability.md index 5ff18674de4..32d7250e6a3 100644 --- a/docs/patterns/category/availability.md +++ b/docs/patterns/category/availability.md @@ -14,8 +14,10 @@ pnp.series.title: Cloud Design Patterns Availability defines the proportion of time that the system is functional and working. It will be affected by system errors, infrastructure problems, malicious attacks, and system load. It is usually measured as a percentage of uptime. Cloud applications typically provide users with a service level agreement (SLA), which means that applications must be designed and implemented in a way that maximizes availability. -| Pattern | Summary | -| ------- | ------- | + +| Pattern | Summary | +|----------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------| | [Health Endpoint Monitoring](../health-endpoint-monitoring.md) | Implement functional checks in an application that external tools can access through exposed endpoints at regular intervals. | -| [Queue-Based Load Leveling](../queue-based-load-leveling.md) | Use a queue that acts as a buffer between a task and a service that it invokes in order to smooth intermittent heavy loads. | -| [Throttling](../throttling.md) | Control the consumption of resources used by an instance of an application, an individual tenant, or an entire service. | \ No newline at end of file +| [Queue-Based Load Leveling](../queue-based-load-leveling.md) | Use a queue that acts as a buffer between a task and a service that it invokes in order to smooth intermittent heavy loads. | +| [Throttling](../throttling.md) | Control the consumption of resources used by an instance of an application, an individual tenant, or an entire service. | + diff --git a/docs/patterns/category/data-management.md b/docs/patterns/category/data-management.md index 87a3ed9ae0f..9a30f908e5d 100644 --- a/docs/patterns/category/data-management.md +++ b/docs/patterns/category/data-management.md @@ -14,13 +14,15 @@ pnp.series.title: Cloud Design Patterns Data management is the key element of cloud applications, and influences most of the quality attributes. Data is typically hosted in different locations and across multiple servers for reasons such as performance, scalability or availability, and this can present a range of challenges. For example, data consistency must be maintained, and data will typically need to be synchronized across different locations. -| Pattern | Summary | -| ------- | ------- | -| [Cache-Aside](../cache-aside.md) | Load data on demand into a cache from a data store | -| [CQRS](../cqrs.md) | Segregate operations that read data from operations that update data by using separate interfaces. | -| [Event Sourcing](../event-sourcing.md) | Use an append-only store to record the full series of events that describe actions taken on data in a domain. | -| [Index Table](../index-table.md) | Create indexes over the fields in data stores that are frequently referenced by queries. | -| [Materialized View](../materialized-view.md) | Generate prepopulated views over the data in one or more data stores when the data isn't ideally formatted for required query operations. | -| [Sharding](../sharding.md) | Divide a data store into a set of horizontal partitions or shards. | -| [Static Content Hosting](../static-content-hosting.md) | Deploy static content to a cloud-based storage service that can deliver them directly to the client. | -| [Valet Key](../valet-key.md) | Use a token or key that provides clients with restricted direct access to a specific resource or service. | \ No newline at end of file + +| Pattern | Summary | +|--------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------| +| [Cache-Aside](../cache-aside.md) | Load data on demand into a cache from a data store | +| [CQRS](../cqrs.md) | Segregate operations that read data from operations that update data by using separate interfaces. | +| [Event Sourcing](../event-sourcing.md) | Use an append-only store to record the full series of events that describe actions taken on data in a domain. | +| [Index Table](../index-table.md) | Create indexes over the fields in data stores that are frequently referenced by queries. | +| [Materialized View](../materialized-view.md) | Generate prepopulated views over the data in one or more data stores when the data isn't ideally formatted for required query operations. | +| [Sharding](../sharding.md) | Divide a data store into a set of horizontal partitions or shards. | +| [Static Content Hosting](../static-content-hosting.md) | Deploy static content to a cloud-based storage service that can deliver them directly to the client. | +| [Valet Key](../valet-key.md) | Use a token or key that provides clients with restricted direct access to a specific resource or service. | + diff --git a/docs/patterns/category/design-implementation.md b/docs/patterns/category/design-implementation.md index e7d58710681..68dd46aaeca 100644 --- a/docs/patterns/category/design-implementation.md +++ b/docs/patterns/category/design-implementation.md @@ -12,19 +12,21 @@ pnp.series.title: Cloud Design Patterns Good design encompasses factors such as consistency and coherence in component design and deployment, maintainability to simplify administration and development, and reusability to allow components and subsystems to be used in other applications and in other scenarios. Decisions made during the design and implementation phase have a huge impact on the quality and the total cost of ownership of cloud hosted applications and services. -| Pattern | Summary | -| ------- | ------- | -| [Ambassador](../ambassador.md) | Create helper services that send network requests on behalf of a consumer service or application. | -| [Anti-Corruption Layer](../anti-corruption-layer.md) | Implement a façade or adapter layer between a modern application and a legacy system. | -| [Backends for Frontends](../backends-for-frontends.md) | Create separate backend services to be consumed by specific frontend applications or interfaces. | -| [CQRS](../cqrs.md) | Segregate operations that read data from operations that update data by using separate interfaces. | -| [Compute Resource Consolidation](../compute-resource-consolidation.md) | Consolidate multiple tasks or operations into a single computational unit | -| [External Configuration Store](../external-configuration-store.md) | Move configuration information out of the application deployment package to a centralized location. | -| [Gateway Aggregation](../gateway-aggregation.md) | Use a gateway to aggregate multiple individual requests into a single request. | -| [Gateway Offloading](../gateway-offloading.md) | Offload shared or specialized service functionality to a gateway proxy. | -| [Gateway Routing](../gateway-routing.md) | Route requests to multiple services using a single endpoint. | -| [Leader Election](../leader-election.md) | Coordinate the actions performed by a collection of collaborating task instances in a distributed application by electing one instance as the leader that assumes responsibility for managing the other instances. | -| [Pipes and Filters](../pipes-and-filters.md) | Break down a task that performs complex processing into a series of separate elements that can be reused. | -| [Sidecar](../sidecar.md) | Deploy components of an application into a separate process or container to provide isolation and encapsulation. | -| [Static Content Hosting](../static-content-hosting.md) | Deploy static content to a cloud-based storage service that can deliver them directly to the client. | -| [Strangler](../strangler.md) | Incrementally migrate a legacy system by gradually replacing specific pieces of functionality with new applications and services. | \ No newline at end of file + +| Pattern | Summary | +|------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| [Ambassador](../ambassador.md) | Create helper services that send network requests on behalf of a consumer service or application. | +| [Anti-Corruption Layer](../anti-corruption-layer.md) | Implement a façade or adapter layer between a modern application and a legacy system. | +| [Backends for Frontends](../backends-for-frontends.md) | Create separate backend services to be consumed by specific frontend applications or interfaces. | +| [CQRS](../cqrs.md) | Segregate operations that read data from operations that update data by using separate interfaces. | +| [Compute Resource Consolidation](../compute-resource-consolidation.md) | Consolidate multiple tasks or operations into a single computational unit | +| [External Configuration Store](../external-configuration-store.md) | Move configuration information out of the application deployment package to a centralized location. | +| [Gateway Aggregation](../gateway-aggregation.md) | Use a gateway to aggregate multiple individual requests into a single request. | +| [Gateway Offloading](../gateway-offloading.md) | Offload shared or specialized service functionality to a gateway proxy. | +| [Gateway Routing](../gateway-routing.md) | Route requests to multiple services using a single endpoint. | +| [Leader Election](../leader-election.md) | Coordinate the actions performed by a collection of collaborating task instances in a distributed application by electing one instance as the leader that assumes responsibility for managing the other instances. | +| [Pipes and Filters](../pipes-and-filters.md) | Break down a task that performs complex processing into a series of separate elements that can be reused. | +| [Sidecar](../sidecar.md) | Deploy components of an application into a separate process or container to provide isolation and encapsulation. | +| [Static Content Hosting](../static-content-hosting.md) | Deploy static content to a cloud-based storage service that can deliver them directly to the client. | +| [Strangler](../strangler.md) | Incrementally migrate a legacy system by gradually replacing specific pieces of functionality with new applications and services. | + diff --git a/docs/patterns/category/management-monitoring.md b/docs/patterns/category/management-monitoring.md index e0aefc02e9e..1a6f3844ef1 100644 --- a/docs/patterns/category/management-monitoring.md +++ b/docs/patterns/category/management-monitoring.md @@ -12,14 +12,16 @@ pnp.series.title: Cloud Design Patterns Cloud applications run in in a remote datacenter where you do not have full control of the infrastructure or, in some cases, the operating system. This can make management and monitoring more difficult than an on-premises deployment. Applications must expose runtime information that administrators and operators can use to manage and monitor the system, as well as supporting changing business requirements and customization without requiring the application to be stopped or redeployed. -| Pattern | Summary | -| ------- | ------- | -| [Ambassador](../ambassador.md) | Create helper services that send network requests on behalf of a consumer service or application. | -| [Anti-Corruption Layer](../anti-corruption-layer.md) | Implement a façade or adapter layer between a modern application and a legacy system. | -| [External Configuration Store](../external-configuration-store.md) | Move configuration information out of the application deployment package to a centralized location. | -| [Gateway Aggregation](../gateway-aggregation.md) | Use a gateway to aggregate multiple individual requests into a single request. | -| [Gateway Offloading](../gateway-offloading.md) | Offload shared or specialized service functionality to a gateway proxy. | -| [Gateway Routing](../gateway-routing.md) | Route requests to multiple services using a single endpoint. | -| [Health Endpoint Monitoring](../health-endpoint-monitoring.md) | Implement functional checks in an application that external tools can access through exposed endpoints at regular intervals. | -| [Sidecar](../sidecar.md) | Deploy components of an application into a separate process or container to provide isolation and encapsulation. | -| [Strangler](../strangler.md) | Incrementally migrate a legacy system by gradually replacing specific pieces of functionality with new applications and services. | + +| Pattern | Summary | +|--------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------| +| [Ambassador](../ambassador.md) | Create helper services that send network requests on behalf of a consumer service or application. | +| [Anti-Corruption Layer](../anti-corruption-layer.md) | Implement a façade or adapter layer between a modern application and a legacy system. | +| [External Configuration Store](../external-configuration-store.md) | Move configuration information out of the application deployment package to a centralized location. | +| [Gateway Aggregation](../gateway-aggregation.md) | Use a gateway to aggregate multiple individual requests into a single request. | +| [Gateway Offloading](../gateway-offloading.md) | Offload shared or specialized service functionality to a gateway proxy. | +| [Gateway Routing](../gateway-routing.md) | Route requests to multiple services using a single endpoint. | +| [Health Endpoint Monitoring](../health-endpoint-monitoring.md) | Implement functional checks in an application that external tools can access through exposed endpoints at regular intervals. | +| [Sidecar](../sidecar.md) | Deploy components of an application into a separate process or container to provide isolation and encapsulation. | +| [Strangler](../strangler.md) | Incrementally migrate a legacy system by gradually replacing specific pieces of functionality with new applications and services. | + diff --git a/docs/patterns/category/messaging.md b/docs/patterns/category/messaging.md index 0166aec3a87..34e5dd4bcf4 100644 --- a/docs/patterns/category/messaging.md +++ b/docs/patterns/category/messaging.md @@ -14,10 +14,12 @@ pnp.series.title: Cloud Design Patterns The distributed nature of cloud applications requires a messaging infrastructure that connects the components and services, ideally in a loosely coupled manner in order to maximize scalability. Asynchronous messaging is widely used, and provides many benefits, but also brings challenges such as the ordering of messages, poison message management, idempotency, and more. -| Pattern | Summary | -| ------- | ------- | -| [Competing Consumers](../competing-consumers.md) | Enable multiple concurrent consumers to process messages received on the same messaging channel. | -| [Pipes and Filters](../pipes-and-filters.md) | Break down a task that performs complex processing into a series of separate elements that can be reused. | -| [Priority Queue](../priority-queue.md) | Prioritize requests sent to services so that requests with a higher priority are received and processed more quickly than those with a lower priority. | -| [Queue-Based Load Leveling](../queue-based-load-leveling.md) | Use a queue that acts as a buffer between a task and a service that it invokes in order to smooth intermittent heavy loads. | -| [Scheduler Agent Supervisor](../scheduler-agent-supervisor.md) | Coordinate a set of actions across a distributed set of services and other remote resources. | \ No newline at end of file + +| Pattern | Summary | +|----------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------| +| [Competing Consumers](../competing-consumers.md) | Enable multiple concurrent consumers to process messages received on the same messaging channel. | +| [Pipes and Filters](../pipes-and-filters.md) | Break down a task that performs complex processing into a series of separate elements that can be reused. | +| [Priority Queue](../priority-queue.md) | Prioritize requests sent to services so that requests with a higher priority are received and processed more quickly than those with a lower priority. | +| [Queue-Based Load Leveling](../queue-based-load-leveling.md) | Use a queue that acts as a buffer between a task and a service that it invokes in order to smooth intermittent heavy loads. | +| [Scheduler Agent Supervisor](../scheduler-agent-supervisor.md) | Coordinate a set of actions across a distributed set of services and other remote resources. | + diff --git a/docs/patterns/category/performance-scalability.md b/docs/patterns/category/performance-scalability.md index b366ba7becf..95501851f6a 100644 --- a/docs/patterns/category/performance-scalability.md +++ b/docs/patterns/category/performance-scalability.md @@ -14,15 +14,17 @@ pnp.series.title: Cloud Design Patterns Performance is an indication of the responsiveness of a system to execute any action within a given time interval, while scalability is ability of a system either to handle increases in load without impact on performance or for the available resources to be readily increased. Cloud applications typically encounter variable workloads and peaks in activity. Predicting these, especially in a multi-tenant scenario, is almost impossible. Instead, applications should be able to scale out within limits to meet peaks in demand, and scale in when demand decreases. Scalability concerns not just compute instances, but other elements such as data storage, messaging infrastructure, and more. -| Pattern | Summary | -| ------- | ------- | -| [Cache-Aside](../cache-aside.md) | Load data on demand into a cache from a data store | -| [CQRS](../cqrs.md) | Segregate operations that read data from operations that update data by using separate interfaces. | -| [Event Sourcing](../event-sourcing.md) | Use an append-only store to record the full series of events that describe actions taken on data in a domain. | -| [Index Table](../index-table.md) | Create indexes over the fields in data stores that are frequently referenced by queries. | -| [Materialized View](../materialized-view.md) | Generate prepopulated views over the data in one or more data stores when the data isn't ideally formatted for required query operations. | -| [Priority Queue](../priority-queue.md) | Prioritize requests sent to services so that requests with a higher priority are received and processed more quickly than those with a lower priority. | -| [Queue-Based Load Leveling](../queue-based-load-leveling.md) | Use a queue that acts as a buffer between a task and a service that it invokes in order to smooth intermittent heavy loads. | -| [Sharding](../sharding.md) | Divide a data store into a set of horizontal partitions or shards. | -| [Static Content Hosting](../static-content-hosting.md) | Deploy static content to a cloud-based storage service that can deliver them directly to the client. | -| [Throttling](../throttling.md) | Control the consumption of resources used by an instance of an application, an individual tenant, or an entire service. | \ No newline at end of file + +| Pattern | Summary | +|--------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------| +| [Cache-Aside](../cache-aside.md) | Load data on demand into a cache from a data store | +| [CQRS](../cqrs.md) | Segregate operations that read data from operations that update data by using separate interfaces. | +| [Event Sourcing](../event-sourcing.md) | Use an append-only store to record the full series of events that describe actions taken on data in a domain. | +| [Index Table](../index-table.md) | Create indexes over the fields in data stores that are frequently referenced by queries. | +| [Materialized View](../materialized-view.md) | Generate prepopulated views over the data in one or more data stores when the data isn't ideally formatted for required query operations. | +| [Priority Queue](../priority-queue.md) | Prioritize requests sent to services so that requests with a higher priority are received and processed more quickly than those with a lower priority. | +| [Queue-Based Load Leveling](../queue-based-load-leveling.md) | Use a queue that acts as a buffer between a task and a service that it invokes in order to smooth intermittent heavy loads. | +| [Sharding](../sharding.md) | Divide a data store into a set of horizontal partitions or shards. | +| [Static Content Hosting](../static-content-hosting.md) | Deploy static content to a cloud-based storage service that can deliver them directly to the client. | +| [Throttling](../throttling.md) | Control the consumption of resources used by an instance of an application, an individual tenant, or an entire service. | + diff --git a/docs/patterns/category/resiliency.md b/docs/patterns/category/resiliency.md index a91a6cf88c5..15d4309f32b 100644 --- a/docs/patterns/category/resiliency.md +++ b/docs/patterns/category/resiliency.md @@ -12,13 +12,15 @@ pnp.series.title: Cloud Design Patterns Resiliency is the ability of a system to gracefully handle and recover from failures. The nature of cloud hosting, where applications are often multi-tenant, use shared platform services, compete for resources and bandwidth, communicate over the Internet, and run on commodity hardware means there is an increased likelihood that both transient and more permanent faults will arise. Detecting failures, and recovering quickly and efficiently, is necessary to maintain resiliency. -| Pattern | Summary | -| ------- | ------- | -| [Bulkhead](../bulkhead.md) | Isolate elements of an application into pools so that if one fails, the others will continue to function. | -| [Circuit Breaker](../circuit-breaker.md) | Handle faults that might take a variable amount of time to fix when connecting to a remote service or resource. | -| [Compensating Transaction](../compensating-transaction.md) | Undo the work performed by a series of steps, which together define an eventually consistent operation. | -| [Health Endpoint Monitoring](../health-endpoint-monitoring.md) | Implement functional checks in an application that external tools can access through exposed endpoints at regular intervals. | -| [Leader Election](../leader-election.md) | Coordinate the actions performed by a collection of collaborating task instances in a distributed application by electing one instance as the leader that assumes responsibility for managing the other instances. | -| [Queue-Based Load Leveling](../queue-based-load-leveling.md) | Use a queue that acts as a buffer between a task and a service that it invokes in order to smooth intermittent heavy loads. | -| [Retry](../retry.md) | Enable an application to handle anticipated, temporary failures when it tries to connect to a service or network resource by transparently retrying an operation that's previously failed. | -| [Scheduler Agent Supervisor](../scheduler-agent-supervisor.md) | Coordinate a set of actions across a distributed set of services and other remote resources. | \ No newline at end of file + +| Pattern | Summary | +|----------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| [Bulkhead](../bulkhead.md) | Isolate elements of an application into pools so that if one fails, the others will continue to function. | +| [Circuit Breaker](../circuit-breaker.md) | Handle faults that might take a variable amount of time to fix when connecting to a remote service or resource. | +| [Compensating Transaction](../compensating-transaction.md) | Undo the work performed by a series of steps, which together define an eventually consistent operation. | +| [Health Endpoint Monitoring](../health-endpoint-monitoring.md) | Implement functional checks in an application that external tools can access through exposed endpoints at regular intervals. | +| [Leader Election](../leader-election.md) | Coordinate the actions performed by a collection of collaborating task instances in a distributed application by electing one instance as the leader that assumes responsibility for managing the other instances. | +| [Queue-Based Load Leveling](../queue-based-load-leveling.md) | Use a queue that acts as a buffer between a task and a service that it invokes in order to smooth intermittent heavy loads. | +| [Retry](../retry.md) | Enable an application to handle anticipated, temporary failures when it tries to connect to a service or network resource by transparently retrying an operation that's previously failed. | +| [Scheduler Agent Supervisor](../scheduler-agent-supervisor.md) | Coordinate a set of actions across a distributed set of services and other remote resources. | + diff --git a/docs/patterns/category/security.md b/docs/patterns/category/security.md index 37f334c6d47..61e8521d202 100644 --- a/docs/patterns/category/security.md +++ b/docs/patterns/category/security.md @@ -14,8 +14,10 @@ pnp.series.title: Cloud Design Patterns Security is the capability of a system to prevent malicious or accidental actions outside of the designed usage, and to prevent disclosure or loss of information. Cloud applications are exposed on the Internet outside trusted on-premises boundaries, are often open to the public, and may serve untrusted users. Applications must be designed and deployed in a way that protects them from malicious attacks, restricts access to only approved users, and protects sensitive data. -| Pattern | Summary | -| ------- | ------- | -| [Federated Identity](../federated-identity.md) | Delegate authentication to an external identity provider. | -| [Gatekeeper](../gatekeeper.md) | Protect applications and services by using a dedicated host instance that acts as a broker between clients and the application or service, validates and sanitizes requests, and passes requests and data between them. | -| [Valet Key](../valet-key.md) | Use a token or key that provides clients with restricted direct access to a specific resource or service. | \ No newline at end of file + +| Pattern | Summary | +|------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| [Federated Identity](../federated-identity.md) | Delegate authentication to an external identity provider. | +| [Gatekeeper](../gatekeeper.md) | Protect applications and services by using a dedicated host instance that acts as a broker between clients and the application or service, validates and sanitizes requests, and passes requests and data between them. | +| [Valet Key](../valet-key.md) | Use a token or key that provides clients with restricted direct access to a specific resource or service. | + diff --git a/docs/patterns/health-endpoint-monitoring.md b/docs/patterns/health-endpoint-monitoring.md index 564e795114e..6a5fa2d7d55 100644 --- a/docs/patterns/health-endpoint-monitoring.md +++ b/docs/patterns/health-endpoint-monitoring.md @@ -76,9 +76,9 @@ How to configure security for the monitoring endpoints to protect them from publ - Secure the endpoint by requiring authentication. You can do this by using an authentication security key in the request header or by passing credentials with the request, provided that the monitoring service or tool supports authentication. - - Use an obscure or hidden endpoint. For example, expose the endpoint on a different IP address to that used by the default application URL, configure the endpoint on a nonstandard HTTP port, and/or use a complex path to the test page. You can usually specify additional endpoint addresses and ports in the application configuration, and add entries for these endpoints to the DNS server if required to avoid having to specify the IP address directly. + - Use an obscure or hidden endpoint. For example, expose the endpoint on a different IP address to that used by the default application URL, configure the endpoint on a nonstandard HTTP port, and/or use a complex path to the test page. You can usually specify additional endpoint addresses and ports in the application configuration, and add entries for these endpoints to the DNS server if required to avoid having to specify the IP address directly. - - Expose a method on an endpoint that accepts a parameter such as a key value or an operation mode value. Depending on the value supplied for this parameter, when a request is received the code can perform a specific test or set of tests, or return a 404 (Not Found) error if the parameter value isn't recognized. The recognized parameter values could be set in the application configuration. + - Expose a method on an endpoint that accepts a parameter such as a key value or an operation mode value. Depending on the value supplied for this parameter, when a request is received the code can perform a specific test or set of tests, or return a 404 (Not Found) error if the parameter value isn't recognized. The recognized parameter values could be set in the application configuration. > DoS attacks are likely to have less impact on a separate endpoint that performs basic functional tests without compromising the operation of the application. Ideally, avoid using a test that might expose sensitive information. If you must return information that might be useful to an attacker, consider how you'll protect the endpoint and the data from unauthorized access. In this case just relying on obscurity isn't enough. You should also consider using an HTTPS connection and encrypting any sensitive data, although this will increase the load on the server. diff --git a/docs/patterns/index.liquid.md b/docs/patterns/index.liquid.md index 97cdd2f6e1b..06fa84404d1 100644 --- a/docs/patterns/index.liquid.md +++ b/docs/patterns/index.liquid.md @@ -16,7 +16,7 @@ Each pattern describes the problem that the pattern addresses, considerations fo
                      {%- for category in categories %}
                    • - {% include 'pattern-category-card' %} + {% include 'pattern-category-card' %}
                    • {%- endfor %}
                    @@ -24,7 +24,9 @@ Each pattern describes the problem that the pattern addresses, considerations fo ## Catalog of patterns | Pattern | Summary | -| ------- | ------- | +|---------|---------| +| | | + {%- for pattern in patterns %} | [{{ pattern.title }}](./{{ pattern.file }}) | {{ pattern.description }} | {%- endfor %} \ No newline at end of file diff --git a/docs/patterns/index.md b/docs/patterns/index.md index 99c25bdb46c..5bb6654ed91 100644 --- a/docs/patterns/index.md +++ b/docs/patterns/index.md @@ -72,37 +72,38 @@ Each pattern describes the problem that the pattern addresses, considerations fo ## Catalog of patterns -| Pattern | Summary | -| ------- | ------- | -| [Ambassador](./ambassador.md) | Create helper services that send network requests on behalf of a consumer service or application. | -| [Anti-Corruption Layer](./anti-corruption-layer.md) | Implement a façade or adapter layer between a modern application and a legacy system. | -| [Backends for Frontends](./backends-for-frontends.md) | Create separate backend services to be consumed by specific frontend applications or interfaces. | -| [Bulkhead](./bulkhead.md) | Isolate elements of an application into pools so that if one fails, the others will continue to function. | -| [Cache-Aside](./cache-aside.md) | Load data on demand into a cache from a data store | -| [Circuit Breaker](./circuit-breaker.md) | Handle faults that might take a variable amount of time to fix when connecting to a remote service or resource. | -| [CQRS](./cqrs.md) | Segregate operations that read data from operations that update data by using separate interfaces. | -| [Compensating Transaction](./compensating-transaction.md) | Undo the work performed by a series of steps, which together define an eventually consistent operation. | -| [Competing Consumers](./competing-consumers.md) | Enable multiple concurrent consumers to process messages received on the same messaging channel. | -| [Compute Resource Consolidation](./compute-resource-consolidation.md) | Consolidate multiple tasks or operations into a single computational unit | -| [Event Sourcing](./event-sourcing.md) | Use an append-only store to record the full series of events that describe actions taken on data in a domain. | -| [External Configuration Store](./external-configuration-store.md) | Move configuration information out of the application deployment package to a centralized location. | -| [Federated Identity](./federated-identity.md) | Delegate authentication to an external identity provider. | -| [Gatekeeper](./gatekeeper.md) | Protect applications and services by using a dedicated host instance that acts as a broker between clients and the application or service, validates and sanitizes requests, and passes requests and data between them. | -| [Gateway Aggregation](./gateway-aggregation.md) | Use a gateway to aggregate multiple individual requests into a single request. | -| [Gateway Offloading](./gateway-offloading.md) | Offload shared or specialized service functionality to a gateway proxy. | -| [Gateway Routing](./gateway-routing.md) | Route requests to multiple services using a single endpoint. | -| [Health Endpoint Monitoring](./health-endpoint-monitoring.md) | Implement functional checks in an application that external tools can access through exposed endpoints at regular intervals. | -| [Index Table](./index-table.md) | Create indexes over the fields in data stores that are frequently referenced by queries. | -| [Leader Election](./leader-election.md) | Coordinate the actions performed by a collection of collaborating task instances in a distributed application by electing one instance as the leader that assumes responsibility for managing the other instances. | -| [Materialized View](./materialized-view.md) | Generate prepopulated views over the data in one or more data stores when the data isn't ideally formatted for required query operations. | -| [Pipes and Filters](./pipes-and-filters.md) | Break down a task that performs complex processing into a series of separate elements that can be reused. | -| [Priority Queue](./priority-queue.md) | Prioritize requests sent to services so that requests with a higher priority are received and processed more quickly than those with a lower priority. | -| [Queue-Based Load Leveling](./queue-based-load-leveling.md) | Use a queue that acts as a buffer between a task and a service that it invokes in order to smooth intermittent heavy loads. | -| [Retry](./retry.md) | Enable an application to handle anticipated, temporary failures when it tries to connect to a service or network resource by transparently retrying an operation that's previously failed. | -| [Scheduler Agent Supervisor](./scheduler-agent-supervisor.md) | Coordinate a set of actions across a distributed set of services and other remote resources. | -| [Sharding](./sharding.md) | Divide a data store into a set of horizontal partitions or shards. | -| [Sidecar](./sidecar.md) | Deploy components of an application into a separate process or container to provide isolation and encapsulation. | -| [Static Content Hosting](./static-content-hosting.md) | Deploy static content to a cloud-based storage service that can deliver them directly to the client. | -| [Strangler](./strangler.md) | Incrementally migrate a legacy system by gradually replacing specific pieces of functionality with new applications and services. | -| [Throttling](./throttling.md) | Control the consumption of resources used by an instance of an application, an individual tenant, or an entire service. | -| [Valet Key](./valet-key.md) | Use a token or key that provides clients with restricted direct access to a specific resource or service. | \ No newline at end of file +| Pattern | Summary | +|-----------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| [Ambassador](./ambassador.md) | Create helper services that send network requests on behalf of a consumer service or application. | +| [Anti-Corruption Layer](./anti-corruption-layer.md) | Implement a façade or adapter layer between a modern application and a legacy system. | +| [Backends for Frontends](./backends-for-frontends.md) | Create separate backend services to be consumed by specific frontend applications or interfaces. | +| [Bulkhead](./bulkhead.md) | Isolate elements of an application into pools so that if one fails, the others will continue to function. | +| [Cache-Aside](./cache-aside.md) | Load data on demand into a cache from a data store | +| [Circuit Breaker](./circuit-breaker.md) | Handle faults that might take a variable amount of time to fix when connecting to a remote service or resource. | +| [CQRS](./cqrs.md) | Segregate operations that read data from operations that update data by using separate interfaces. | +| [Compensating Transaction](./compensating-transaction.md) | Undo the work performed by a series of steps, which together define an eventually consistent operation. | +| [Competing Consumers](./competing-consumers.md) | Enable multiple concurrent consumers to process messages received on the same messaging channel. | +| [Compute Resource Consolidation](./compute-resource-consolidation.md) | Consolidate multiple tasks or operations into a single computational unit | +| [Event Sourcing](./event-sourcing.md) | Use an append-only store to record the full series of events that describe actions taken on data in a domain. | +| [External Configuration Store](./external-configuration-store.md) | Move configuration information out of the application deployment package to a centralized location. | +| [Federated Identity](./federated-identity.md) | Delegate authentication to an external identity provider. | +| [Gatekeeper](./gatekeeper.md) | Protect applications and services by using a dedicated host instance that acts as a broker between clients and the application or service, validates and sanitizes requests, and passes requests and data between them. | +| [Gateway Aggregation](./gateway-aggregation.md) | Use a gateway to aggregate multiple individual requests into a single request. | +| [Gateway Offloading](./gateway-offloading.md) | Offload shared or specialized service functionality to a gateway proxy. | +| [Gateway Routing](./gateway-routing.md) | Route requests to multiple services using a single endpoint. | +| [Health Endpoint Monitoring](./health-endpoint-monitoring.md) | Implement functional checks in an application that external tools can access through exposed endpoints at regular intervals. | +| [Index Table](./index-table.md) | Create indexes over the fields in data stores that are frequently referenced by queries. | +| [Leader Election](./leader-election.md) | Coordinate the actions performed by a collection of collaborating task instances in a distributed application by electing one instance as the leader that assumes responsibility for managing the other instances. | +| [Materialized View](./materialized-view.md) | Generate prepopulated views over the data in one or more data stores when the data isn't ideally formatted for required query operations. | +| [Pipes and Filters](./pipes-and-filters.md) | Break down a task that performs complex processing into a series of separate elements that can be reused. | +| [Priority Queue](./priority-queue.md) | Prioritize requests sent to services so that requests with a higher priority are received and processed more quickly than those with a lower priority. | +| [Queue-Based Load Leveling](./queue-based-load-leveling.md) | Use a queue that acts as a buffer between a task and a service that it invokes in order to smooth intermittent heavy loads. | +| [Retry](./retry.md) | Enable an application to handle anticipated, temporary failures when it tries to connect to a service or network resource by transparently retrying an operation that's previously failed. | +| [Scheduler Agent Supervisor](./scheduler-agent-supervisor.md) | Coordinate a set of actions across a distributed set of services and other remote resources. | +| [Sharding](./sharding.md) | Divide a data store into a set of horizontal partitions or shards. | +| [Sidecar](./sidecar.md) | Deploy components of an application into a separate process or container to provide isolation and encapsulation. | +| [Static Content Hosting](./static-content-hosting.md) | Deploy static content to a cloud-based storage service that can deliver them directly to the client. | +| [Strangler](./strangler.md) | Incrementally migrate a legacy system by gradually replacing specific pieces of functionality with new applications and services. | +| [Throttling](./throttling.md) | Control the consumption of resources used by an instance of an application, an individual tenant, or an entire service. | +| [Valet Key](./valet-key.md) | Use a token or key that provides clients with restricted direct access to a specific resource or service. | + diff --git a/docs/patterns/leader-election.md b/docs/patterns/leader-election.md index 63e309e198d..bb257977ec4 100644 --- a/docs/patterns/leader-election.md +++ b/docs/patterns/leader-election.md @@ -66,9 +66,9 @@ This pattern might not be useful if: The DistributedMutex project in the LeaderElection solution (a sample that demonstrates this pattern is available on [GitHub](https://github.com/mspnp/cloud-design-patterns/tree/master/leader-election)) shows how to use a lease on an Azure Storage blob to provide a mechanism for implementing a shared, distributed mutex. This mutex can be used to elect a leader among a group of role instances in an Azure cloud service. The first role instance to acquire the lease is elected the leader, and remains the leader until it releases the lease or isn't able to renew the lease. Other role instances can continue to monitor the blob lease in case the leader is no longer available. > A blob lease is an exclusive write lock over a blob. A single blob can be the subject of only one lease at any point in time. A role instance can request a lease over a specified blob, and it'll be granted the lease if no other role instance holds a lease over the same blob. Otherwise the request will throw an exception. - +> > To avoid a faulted role instance retaining the lease indefinitely, specify a lifetime for the lease. When this expires, the lease becomes available. However, while a role instance holds the lease it can request that the lease is renewed, and it'll be granted the lease for a further period of time. The role instance can continually repeat this process if it wants to retain the lease. -For more information on how to lease a blob, see [Lease Blob (REST API)](https://msdn.microsoft.com/library/azure/ee691972.aspx). +> For more information on how to lease a blob, see [Lease Blob (REST API)](https://msdn.microsoft.com/library/azure/ee691972.aspx). The `BlobDistributedMutex` class in the C# example below contains the `RunTaskWhenMutexAquired` method that enables a role instance to attempt to acquire a lease over a specified blob. The details of the blob (the name, container, and storage account) are passed to the constructor in a `BlobSettings` object when the `BlobDistributedMutex` object is created (this object is a simple struct that is included in the sample code). The constructor also accepts a `Task` that references the code that the role instance should run if it successfully acquires the lease over the blob and is elected the leader. Note that the code that handles the low-level details of acquiring the lease is implemented in a separate helper class named `BlobLeaseManager`. diff --git a/docs/patterns/pipes-and-filters.md b/docs/patterns/pipes-and-filters.md index 066664a33c9..d204cc2304c 100644 --- a/docs/patterns/pipes-and-filters.md +++ b/docs/patterns/pipes-and-filters.md @@ -269,7 +269,7 @@ public class FinalReceiverRoleEntry : RoleEntryPoint } ``` -##Related patterns and guidance +## Related patterns and guidance The following patterns and guidance might also be relevant when implementing this pattern: - A sample that demonstrates this pattern is available on [GitHub](https://github.com/mspnp/cloud-design-patterns/tree/master/pipes-and-filters). diff --git a/docs/reference-architectures/app-service-web-app/basic-web-app.md b/docs/reference-architectures/app-service-web-app/basic-web-app.md index 74d0814138f..fa105973f8c 100644 --- a/docs/reference-architectures/app-service-web-app/basic-web-app.md +++ b/docs/reference-architectures/app-service-web-app/basic-web-app.md @@ -154,7 +154,7 @@ Tips for troubleshooting your application: * Use the [troubleshoot blade][troubleshoot-blade] in the Azure portal to find solutions to common problems. * Enable [log streaming][web-app-log-stream] to see logging information in near-real time. -* The [Kudu dashboard][kudu] has several tools for monitoring and debugging your application. For more information, see [Azure Websites online tools you should know about][kudu] (blog post). You can reach the Kudu dashboard from the Azure portal. Open the blade for your app and click **Tools**, then click **Kudu**. +* The [Kudu dashboard][kudu] has several tools for monitoring and debugging your application. For more information, see [Azure Websites online tools you should know about][kudu] (blog post). You can reach the Kudu dashboard from the Azure portal. Open the blade for your app and click Tools, then click Kudu. * If you use Visual Studio, see the article [Troubleshoot a web app in Azure App Service using Visual Studio][troubleshoot-web-app] for debugging and troubleshooting tips. ## Security considerations diff --git a/docs/reference-architectures/app-service-web-app/scalable-web-app.md b/docs/reference-architectures/app-service-web-app/scalable-web-app.md index 74ff639b852..81499b21e4e 100644 --- a/docs/reference-architectures/app-service-web-app/scalable-web-app.md +++ b/docs/reference-architectures/app-service-web-app/scalable-web-app.md @@ -26,7 +26,7 @@ This architecture builds on the one shown in [Basic web application][basic-web-a * **WebJob**. Use [Azure WebJobs][webjobs] to run long-running tasks in the background. WebJobs can run on a schedule, continously, or in response to a trigger, such as putting a message on a queue. A WebJob runs as a background process in the context of an App Service app. * **Queue**. In the architecture shown here, the application queues background tasks by putting a message onto an [Azure Queue storage][queue-storage] queue. The message triggers a function in the WebJob. Alternatively, you can use Service Bus queues. For a comparison, see [Azure Queues and Service Bus queues - compared and contrasted][queues-compared]. * **Cache**. Store semi-static data in [Azure Redis Cache][azure-redis]. -* **CDN**. Use [Azure Content Delivery Network][azure-cdn] (CDN) to cache publicly available content for lower latency and faster delivery of content. +* CDN. Use [Azure Content Delivery Network][azure-cdn] (CDN) to cache publicly available content for lower latency and faster delivery of content. * **Data storage**. Use [Azure SQL Database][sql-db] for relational data. For non-relational data, consider a NoSQL store, such as [Cosmos DB][cosmosdb]. * **Azure Search**. Use [Azure Search][azure-search] to add search functionality such as search suggestions, fuzzy search, and language-specific search. Azure Search is typically used in conjunction with another data store, especially if the primary data store requires strict consistency. In this approach, store authoritative data in the other data store and the search index in Azure Search. Azure Search can also be used to consolidate a single search index from multiple data stores. * **Email/SMS**. Use a third-party service such as SendGrid or Twilio to send email or SMS messages instead of building this functionality directly into the application. diff --git a/docs/reference-architectures/dmz/nva-ha.md b/docs/reference-architectures/dmz/nva-ha.md index b968767d900..bb06d46ac4a 100644 --- a/docs/reference-architectures/dmz/nva-ha.md +++ b/docs/reference-architectures/dmz/nva-ha.md @@ -12,7 +12,7 @@ cardTitle: Deploy highly available network virtual appliances This article shows how to deploy a set of network virtual appliances (NVAs) for high availability in Azure. An NVA is typically used to control the flow of network traffic from a perimeter network, also known as a DMZ, to other networks or subnets. To learn about implementing a DMZ in Azure, see [Microsoft cloud services and network security][cloud-security]. The article includes example architectures for ingress only, egress only, and both ingress and egress. -**Prerequisites:** This article assumes a basic understanding of Azure networking, [Azure load balancers][lb-overview], and [user-defined routes][udr-overview] (UDRs). +Prerequisites: This article assumes a basic understanding of Azure networking, [Azure load balancers][lb-overview], and [user-defined routes][udr-overview] (UDRs). ## Architecture Diagrams diff --git a/docs/reference-architectures/dmz/secure-vnet-hybrid.md b/docs/reference-architectures/dmz/secure-vnet-hybrid.md index fa39cce439d..b5d38e583e7 100644 --- a/docs/reference-architectures/dmz/secure-vnet-hybrid.md +++ b/docs/reference-architectures/dmz/secure-vnet-hybrid.md @@ -176,7 +176,7 @@ A deployment for a reference architecture that implements these recommendations * For more information about managing network security with Azure, see [Microsoft cloud services and network security][cloud-services-network-security]. * For detailed information about protecting resources in Azure, see [Getting started with Microsoft Azure security][getting-started-with-azure-security]. * For additional details on addressing security concerns across an Azure gateway connection, see [Implementing a hybrid network architecture with Azure and on-premises VPN][guidance-vpn-gateway-security] and [Implementing a hybrid network architecture with Azure ExpressRoute][guidance-expressroute-security]. -> + > diff --git a/docs/reference-architectures/hybrid-networking/hub-spoke.md b/docs/reference-architectures/hybrid-networking/hub-spoke.md index dee836bc7f4..bb2d64c5ec6 100644 --- a/docs/reference-architectures/hybrid-networking/hub-spoke.md +++ b/docs/reference-architectures/hybrid-networking/hub-spoke.md @@ -120,9 +120,9 @@ Before you can deploy the reference architecture to your own subscription, you m 4. From a command prompt, bash prompt, or PowerShell prompt, login to your Azure account by using the command below, and follow the prompts. - ```bash - az login - ``` + ```bash + az login + ``` ### Deploy the simulated on-premises datacenter using azbb @@ -132,20 +132,20 @@ To deploy the simulated on-premises datacenter as an Azure VNet, follow these st 2. Open the `onprem.json` file and enter a username and password between the quotes in line 36 and 37, as shown below, then save the file. - ```bash - "adminUsername": "XXX", - "adminPassword": "YYY", - ``` + ```bash + "adminUsername": "XXX", + "adminPassword": "YYY", + ``` 3. On line 38, for `osType`, type `Windows` or `Linux` to install either Windows Server 2016 Datacenter, or Ubuntu 16.04 as the operating system for the jumpbox. 4. Run `azbb` to deploy the simulated onprem environment as shown below. - ```bash - azbb -s -g onprem-vnet-rg - l -p onoprem.json --deploy - ``` - > [!NOTE] - > If you decide to use a different resource group name (other than `onprem-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. + ```bash + azbb -s -g onprem-vnet-rg - l -p onoprem.json --deploy + ``` + > [!NOTE] + > If you decide to use a different resource group name (other than `onprem-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. 5. Wait for the deployment to finish. This deployment creates a virtual network, a virtual machine, and a VPN gateway. The VPN gateway creation can take more than 40 minutes to complete. @@ -155,26 +155,26 @@ To deploy the hub VNet, and connect to the simulated on-premises VNet created ab 1. Open the `hub-vnet.json` file and enter a username and password between the quotes in line 39 and 40, as shown below. - ```bash - "adminUsername": "XXX", - "adminPassword": "YYY", - ``` + ```bash + "adminUsername": "XXX", + "adminPassword": "YYY", + ``` 2. On line 41, for `osType`, type `Windows` or `Linux` to install either Windows Server 2016 Datacenter, or Ubuntu 16.04 as the operating system for the jumpbox. 3. Enter a shared key between the quotes in line 72, as shown below, then save the file. - ```bash - "sharedKey": "", - ``` + ```bash + "sharedKey": "", + ``` 4. Run `azbb` to deploy the simulated onprem environment as shown below. - ```bash - azbb -s -g hub-vnet-rg - l -p hub-vnet.json --deploy - ``` - > [!NOTE] - > If you decide to use a different resource group name (other than `hub-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. + ```bash + azbb -s -g hub-vnet-rg - l -p hub-vnet.json --deploy + ``` + > [!NOTE] + > If you decide to use a different resource group name (other than `hub-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. 5. Wait for the deployment to finish. This deployment creates a virtual network, a virtual machine, a VPN gateway, and a connection to the gateway created in the previous section. The VPN gateway creation can take more than 40 minutes to complete. @@ -184,15 +184,15 @@ To test conectivity from the simulated on-premises environment to the hub VNet u 1. From the Azure portal, navigate to the `onprem-jb-rg` resource group, then click on the `jb-vm1` virtual machine resource. -2. On the top left hand corner of your VM blade in the portal, click `Connect`, and follow the prompts to use remote desktop to connect to the VM. Make sure to use the username and password you specified in lines 36 and 37 in the `onprem.json` file. +2. On the top left hand corner of your VM blade in the portal, click `Connect`, and follow the prompts to use remote desktop to connect to the VM. Make sure to use the username and password you specified in lines 36 and 37 in the `onprem.json` file. 3. Open a PowerShell console in the VM, and use the `Test-NetConnection` cmdlet to verify that you can connect to the hub jumpbox VM as shown below. - ```powershell - Test-NetConnection 10.0.0.68 -CommonTCPPort RDP - ``` - > [!NOTE] - > By default, Windows Server VMs do not allow ICMP responses in Azure. If you want to use `ping` to test connectivity, you need to enable ICMP traffic in the Windows Advanced Firewall for each VM. + ```powershell + Test-NetConnection 10.0.0.68 -CommonTCPPort RDP + ``` + > [!NOTE] + > By default, Windows Server VMs do not allow ICMP responses in Azure. If you want to use `ping` to test connectivity, you need to enable ICMP traffic in the Windows Advanced Firewall for each VM. To test conectivity from the simulated on-premises environment to the hub VNet using Linux VMs, perform the following steps: @@ -202,17 +202,17 @@ To test conectivity from the simulated on-premises environment to the hub VNet u 3. From a Linux prompt, run `ssh` to connect to the simulated on-premises environment jumpbox witht the information you copied in step 2 above, as shown below. - ```bash - ssh @ - ``` + ```bash + ssh @ + ``` 4. Use the password you specified in line 37 in the `onprem.json` file to the connect to the VM. 5. Use the `ping` command to test connectivity to the hub jumpbox, as shown below. - ```bash - ping 10.0.0.68 - ``` + ```bash + ping 10.0.0.68 + ``` ### Azure spoke VNets @@ -220,31 +220,31 @@ To deploy the spoke VNets, perform the following steps. 1. Open the `spoke1.json` file and enter a username and password between the quotes in lines 47 and 48, as shown below, then save the file. - ```bash - "adminUsername": "XXX", - "adminPassword": "YYY", - ``` + ```bash + "adminUsername": "XXX", + "adminPassword": "YYY", + ``` 2. On line 49, for `osType`, type `Windows` or `Linux` to install either Windows Server 2016 Datacenter, or Ubuntu 16.04 as the operating system for the jumpbox. 3. Run `azbb` to deploy the first spoke VNet environment as shown below. - ```bash - azbb -s -g spoke1-vnet-rg - l -p spoke1.json --deploy - ``` + ```bash + azbb -s -g spoke1-vnet-rg - l -p spoke1.json --deploy + ``` - > [!NOTE] - > If you decide to use a different resource group name (other than `spoke1-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. + > [!NOTE] + > If you decide to use a different resource group name (other than `spoke1-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. -3. Repeat step 1 above for file `spoke2.json`. +4. Repeat step 1 above for file `spoke2.json`. -4. Run `azbb` to deploy the second spoke VNet environment as shown below. +5. Run `azbb` to deploy the second spoke VNet environment as shown below. - ```bash - azbb -s -g spoke2-vnet-rg - l -p spoke2.json --deploy - ``` - > [!NOTE] - > If you decide to use a different resource group name (other than `spoke2-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. + ```bash + azbb -s -g spoke2-vnet-rg - l -p spoke2.json --deploy + ``` + > [!NOTE] + > If you decide to use a different resource group name (other than `spoke2-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. ### Azure hub VNet peering to spoke VNets @@ -254,12 +254,12 @@ To create a peering connection from the hub VNet to the spoke VNets, perform the 2. Run `azbb` to deploy the first spoke VNet environment as shown below. - ```bash - azbb -s -g hub-vnet-rg - l -p hub-vnet-peering.json --deploy - ``` + ```bash + azbb -s -g hub-vnet-rg - l -p hub-vnet-peering.json --deploy + ``` - > [!NOTE] - > If you decide to use a different resource group name (other than `hub-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. + > [!NOTE] + > If you decide to use a different resource group name (other than `hub-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. ### Test connectivity @@ -267,14 +267,14 @@ To test conectivity from the simulated on-premises environment to the spoke VNet 1. From the Azure portal, navigate to the `onprem-jb-rg` resource group, then click on the `jb-vm1` virtual machine resource. -2. On the top left hand corner of your VM blade in the portal, click `Connect`, and follow the prompts to use remote desktop to connect to the VM. Make sure to use the username and password you specified in lines 36 and 37 in the `onprem.json` file. +2. On the top left hand corner of your VM blade in the portal, click `Connect`, and follow the prompts to use remote desktop to connect to the VM. Make sure to use the username and password you specified in lines 36 and 37 in the `onprem.json` file. 3. Open a PowerShell console in the VM, and use the `Test-NetConnection` cmdlet to verify that you can connect to the hub jumpbox VM as shown below. - ```powershell - Test-NetConnection 10.1.0.68 -CommonTCPPort RDP - Test-NetConnection 10.2.0.68 -CommonTCPPort RDP - ``` + ```powershell + Test-NetConnection 10.1.0.68 -CommonTCPPort RDP + Test-NetConnection 10.2.0.68 -CommonTCPPort RDP + ``` To test conectivity from the simulated on-premises environment to the spoke VNets using Linux VMs, perform the following steps: @@ -284,18 +284,18 @@ To test conectivity from the simulated on-premises environment to the spoke VNet 3. From a Linux prompt, run `ssh` to connect to the simulated on-premises environment jumpbox witht the information you copied in step 2 above, as shown below. - ```bash - ssh @ - ``` + ```bash + ssh @ + ``` -5. Use the password you specified in line 37 in the `onprem.json` file to the connect to the VM. +4. Use the password you specified in line 37 in the `onprem.json` file to the connect to the VM. -6. Use the `ping` command to test connectivity to the jumpbox VMs in each spoke, as shown below. +5. Use the `ping` command to test connectivity to the jumpbox VMs in each spoke, as shown below. - ```bash - ping 10.1.0.68 - ping 10.2.0.68 - ``` + ```bash + ping 10.1.0.68 + ping 10.2.0.68 + ``` ### Add connectivity between spokes @@ -303,17 +303,17 @@ If you want to allow spokes to connect to each other, you need to use a newtwork 1. Open the `hub-nva.json` file and enter a username and password between the quotes in lines 13 and 14, as shown below, then save the file. - ```bash - "adminUsername": "XXX", - "adminPassword": "YYY", - ``` + ```bash + "adminUsername": "XXX", + "adminPassword": "YYY", + ``` 2. Run `azbb` to deploy the NVA VM and user defined routes. - ```bash - azbb -s -g hub-nva-rg - l -p hub-nva.json --deploy - ``` - > [!NOTE] - > If you decide to use a different resource group name (other than `hub-nva-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. + ```bash + azbb -s -g hub-nva-rg - l -p hub-nva.json --deploy + ``` + > [!NOTE] + > If you decide to use a different resource group name (other than `hub-nva-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. diff --git a/docs/reference-architectures/hybrid-networking/shared-services.md b/docs/reference-architectures/hybrid-networking/shared-services.md index 908ec05ad4b..1ded26e727f 100644 --- a/docs/reference-architectures/hybrid-networking/shared-services.md +++ b/docs/reference-architectures/hybrid-networking/shared-services.md @@ -103,9 +103,9 @@ Before you can deploy the reference architecture to your own subscription, you m 4. From a command prompt, bash prompt, or PowerShell prompt, login to your Azure account by using the command below, and follow the prompts. - ```bash - az login - ``` + ```bash + az login + ``` ### Deploy the simulated on-premises datacenter using azbb @@ -115,18 +115,18 @@ To deploy the simulated on-premises datacenter as an Azure VNet, follow these st 2. Open the `onprem.json` file and enter a username and password between the quotes in line 45 and 46, as shown below, then save the file. - ```bash - "adminUsername": "XXX", - "adminPassword": "YYY", - ``` + ```bash + "adminUsername": "XXX", + "adminPassword": "YYY", + ``` 3. Run `azbb` to deploy the simulated onprem environment as shown below. - ```bash - azbb -s -g onprem-vnet-rg - l -p onoprem.json --deploy - ``` - > [!NOTE] - > If you decide to use a different resource group name (other than `onprem-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. + ```bash + azbb -s -g onprem-vnet-rg - l -p onoprem.json --deploy + ``` + > [!NOTE] + > If you decide to use a different resource group name (other than `onprem-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. 4. Wait for the deployment to finish. This deployment creates a virtual network, a virtual machine running Windows, and a VPN gateway. The VPN gateway creation can take more than 40 minutes to complete. @@ -136,26 +136,26 @@ To deploy the hub VNet, and connect to the simulated on-premises VNet created ab 1. Open the `hub-vnet.json` file and enter a username and password between the quotes in line 50 and 51, as shown below. - ```bash - "adminUsername": "XXX", - "adminPassword": "YYY", - ``` + ```bash + "adminUsername": "XXX", + "adminPassword": "YYY", + ``` 2. On line 52, for `osType`, type `Windows` or `Linux` to install either Windows Server 2016 Datacenter, or Ubuntu 16.04 as the operating system for the jumpbox. 3. Enter a shared key between the quotes in line 83, as shown below, then save the file. - ```bash - "sharedKey": "", - ``` + ```bash + "sharedKey": "", + ``` 4. Run `azbb` to deploy the simulated onprem environment as shown below. - ```bash - azbb -s -g hub-vnet-rg - l -p hub-vnet.json --deploy - ``` - > [!NOTE] - > If you decide to use a different resource group name (other than `hub-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. + ```bash + azbb -s -g hub-vnet-rg - l -p hub-vnet.json --deploy + ``` + > [!NOTE] + > If you decide to use a different resource group name (other than `hub-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. 5. Wait for the deployment to finish. This deployment creates a virtual network, a virtual machine, a VPN gateway, and a connection to the gateway created in the previous section. The VPN gateway creation can take more than 40 minutes to complete. @@ -165,22 +165,22 @@ To deploy the ADDS domain controllers in Azure, perform the following steps. 1. Open the `hub-adds.json` file and enter a username and password between the quotes in lines 14 and 15, as shown below, then save the file. - ```bash - "adminUsername": "XXX", - "adminPassword": "YYY", - ``` + ```bash + "adminUsername": "XXX", + "adminPassword": "YYY", + ``` 2. Run `azbb` to deploy the ADDS domain controllers as shown below. - ```bash - azbb -s -g hub-adds-rg - l -p hub-adds.json --deploy - ``` + ```bash + azbb -s -g hub-adds-rg - l -p hub-adds.json --deploy + ``` - > [!NOTE] - > If you decide to use a different resource group name (other than `hub-adds-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. + > [!NOTE] + > If you decide to use a different resource group name (other than `hub-adds-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. - > [!NOTE] - > This part of the deployment may take several minutes, since it requires joining the two VMs to the domain hosted int he simulated on-premises datacenter, then installing AD DS on them. + > [!NOTE] + > This part of the deployment may take several minutes, since it requires joining the two VMs to the domain hosted int he simulated on-premises datacenter, then installing AD DS on them. ### NVA @@ -188,17 +188,17 @@ To deploy an NVA in the `dmz` subnet, perform the following steps: 1. Open the `hub-nva.json` file and enter a username and password between the quotes in lines 13 and 14, as shown below, then save the file. - ```bash - "adminUsername": "XXX", - "adminPassword": "YYY", - ``` + ```bash + "adminUsername": "XXX", + "adminPassword": "YYY", + ``` 2. Run `azbb` to deploy the NVA VM and user defined routes. - ```bash - azbb -s -g hub-nva-rg - l -p hub-nva.json --deploy - ``` - > [!NOTE] - > If you decide to use a different resource group name (other than `hub-nva-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. + ```bash + azbb -s -g hub-nva-rg - l -p hub-nva.json --deploy + ``` + > [!NOTE] + > If you decide to use a different resource group name (other than `hub-nva-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. ### Azure spoke VNets @@ -206,31 +206,31 @@ To deploy the spoke VNets, perform the following steps. 1. Open the `spoke1.json` file and enter a username and password between the quotes in lines 52 and 53, as shown below, then save the file. - ```bash - "adminUsername": "XXX", - "adminPassword": "YYY", - ``` + ```bash + "adminUsername": "XXX", + "adminPassword": "YYY", + ``` 2. On line 54, for `osType`, type `Windows` or `Linux` to install either Windows Server 2016 Datacenter, or Ubuntu 16.04 as the operating system for the jumpbox. 3. Run `azbb` to deploy the first spoke VNet environment as shown below. - ```bash - azbb -s -g spoke1-vnet-rg - l -p spoke1.json --deploy - ``` + ```bash + azbb -s -g spoke1-vnet-rg - l -p spoke1.json --deploy + ``` - > [!NOTE] - > If you decide to use a different resource group name (other than `spoke1-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. + > [!NOTE] + > If you decide to use a different resource group name (other than `spoke1-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. -3. Repeat step 1 above for file `spoke2.json`. +4. Repeat step 1 above for file `spoke2.json`. -4. Run `azbb` to deploy the second spoke VNet environment as shown below. +5. Run `azbb` to deploy the second spoke VNet environment as shown below. - ```bash - azbb -s -g spoke2-vnet-rg - l -p spoke2.json --deploy - ``` - > [!NOTE] - > If you decide to use a different resource group name (other than `spoke2-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. + ```bash + azbb -s -g spoke2-vnet-rg - l -p spoke2.json --deploy + ``` + > [!NOTE] + > If you decide to use a different resource group name (other than `spoke2-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. ### Azure hub VNet peering to spoke VNets @@ -240,12 +240,12 @@ To create a peering connection from the hub VNet to the spoke VNets, perform the 2. Run `azbb` to deploy the first spoke VNet environment as shown below. - ```bash - azbb -s -g hub-vnet-rg - l -p hub-vnet-peering.json --deploy - ``` + ```bash + azbb -s -g hub-vnet-rg - l -p hub-vnet-peering.json --deploy + ``` - > [!NOTE] - > If you decide to use a different resource group name (other than `hub-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. + > [!NOTE] + > If you decide to use a different resource group name (other than `hub-vnet-rg`), make sure to search for all parameter files that use that name and edit them to use your own resource group name. diff --git a/docs/reference-architectures/identity/adds-forest.md b/docs/reference-architectures/identity/adds-forest.md index f799ddbbd94..7520dcfefe9 100644 --- a/docs/reference-architectures/identity/adds-forest.md +++ b/docs/reference-architectures/identity/adds-forest.md @@ -116,8 +116,8 @@ A solution is available on [GitHub][github] to deploy this reference architectur 5. If you are using the simulated on-premises configuration, configure the incoming trust relationship: - 1. Connect to the jump box (*ra-adtrust-mgmt-vm1* in the *ra-adtrust-security-rg* resource group). Log in as *testuser* with password *AweS0me@PW*. - 2. On the jump box open an RDP session on the first VM in the *contoso.com* domain (the on-premises domain). This VM has the IP address 192.168.0.4. The username is *contoso\testuser* with password *AweS0me@PW*. + 1. Connect to the jump box (ra-adtrust-mgmt-vm1 in the ra-adtrust-security-rg resource group). Log in as testuser with password AweS0me@PW. + 2. On the jump box open an RDP session on the first VM in the contoso.com domain (the on-premises domain). This VM has the IP address 192.168.0.4. The username is contoso\testuser with password AweS0me@PW. 3. Download the [incoming-trust.ps1][incoming-trust] script and run it to create the incoming trust from the *treyresearch.com* domain. 6. If you are using your own on-premises infrastructure: @@ -126,7 +126,7 @@ A solution is available on [GitHub][github] to deploy this reference architectur 2. Edit the script and replace the value of the `$TrustedDomainName` variable with the name of your own domain. 3. Run the script. -7. From the jump-box, connect to the first VM in the *treyresearch.com* domain (the domain in the cloud). This VM has the IP address 10.0.4.4. The username is *treyresearch\testuser* with password *AweS0me@PW*. +7. From the jump-box, connect to the first VM in the treyresearch.com domain (the domain in the cloud). This VM has the IP address 10.0.4.4. The username is treyresearch\testuser with password AweS0me@PW. 8. Download the [outgoing-trust.ps1][outgoing-trust] script and run it to create the incoming trust from the *treyresearch.com* domain. If you are using your own on-premises machines, then edit the script first. Set the `$TrustedDomainName` variable to the name of your on-premises domain, and specify the IP addresses of the Active Directory DS servers for this domain in the `$TrustedDomainDnsIpAddresses` variable. diff --git a/docs/reference-architectures/identity/adfs.md b/docs/reference-architectures/identity/adfs.md index c9cd9a9e8c2..0f26a061b2b 100644 --- a/docs/reference-architectures/identity/adfs.md +++ b/docs/reference-architectures/identity/adfs.md @@ -248,7 +248,7 @@ A solution is available on [GitHub][github] to deploy this reference architectur 5. Restart the jump box (*ra-adfs-mgmt-vm1* in the *ra-adfs-security-rg* group) to allow its DNS settings to take effect. -6. [Obtain an SSL Certificate for AD FS][adfs_certificates] and install this certificate on the AD FS VMs. Note that you can connect to them through the jump box. The IP addresses are *10.0.5.4* and *10.0.5.5*. The default username is *contoso\testuser* with password *AweSome@PW*. +6. [Obtain an SSL Certificate for AD FS][adfs_certificates] and install this certificate on the AD FS VMs. Note that you can connect to them through the jump box. The IP addresses are 10.0.5.4 and 10.0.5.5. The default username is contoso\testuser with password AweSome@PW. > [!NOTE] > The comments in the Deploy-ReferenceArchitecture.ps1 script at this point provides detailed instructions for creating a self-signed test certificate and authority using the `makecert` command. However, perform these steps as a **test** only and do not use the certificates generated by makecert in a production environment. @@ -261,7 +261,7 @@ A solution is available on [GitHub][github] to deploy this reference architectur .\Deploy-ReferenceArchitecture.ps1 Adfs ``` -8. On the jump box, browse to `https://adfs.contoso.com/adfs/ls/idpinitiatedsignon.htm` to test the AD FS installation (you may receive a certificate warning that you can ignore for this test). Verify that the Contoso Corporation sign-in page appears. Sign in as *contoso\testuser* with password *AweS0me@PW*. +8. On the jump box, browse to `https://adfs.contoso.com/adfs/ls/idpinitiatedsignon.htm` to test the AD FS installation (you may receive a certificate warning that you can ignore for this test). Verify that the Contoso Corporation sign-in page appears. Sign in as contoso\testuser with password AweS0me@PW. 9. Install the SSL certificate on the AD FS proxy VMs. The IP addresses are *10.0.6.4* and *10.0.6.5*. diff --git a/docs/reference-architectures/jenkins/index.md b/docs/reference-architectures/jenkins/index.md index 8178fc7cb73..b1fc8247f1e 100644 --- a/docs/reference-architectures/jenkins/index.md +++ b/docs/reference-architectures/jenkins/index.md @@ -21,30 +21,30 @@ The focus of this document is on the core Azure operations needed to support Jen The architecture consists of the following components: -- **Resource group.** A [resource group][rg] is used to group Azure assets so they can be managed by lifetime, owner, and other criteria. Use resource groups to deploy and monitor Azure assets as a group and track billing costs by resource group. You can also delete resources as a set, which is very useful for test deployments. +- **Resource group.** A [resource group][rg] is used to group Azure assets so they can be managed by lifetime, owner, and other criteria. Use resource groups to deploy and monitor Azure assets as a group and track billing costs by resource group. You can also delete resources as a set, which is very useful for test deployments. -- **Jenkins server**. A virtual machine is deployed to run [Jenkins][azure-market] as an automation server and serve as Jenkins Master. This reference architecture uses the [solution template for Jenkins on Azure][solution], installed on a Linux (Ubuntu 16.04 LTS) virtual machine on Azure. Other Jenkins offerings are available in the Azure Marketplace. +- **Jenkins server**. A virtual machine is deployed to run [Jenkins][azure-market] as an automation server and serve as Jenkins Master. This reference architecture uses the [solution template for Jenkins on Azure][solution], installed on a Linux (Ubuntu 16.04 LTS) virtual machine on Azure. Other Jenkins offerings are available in the Azure Marketplace. - > [!NOTE] - > Nginx is installed on the VM to act as a reverse proxy to Jenkins. You can configure Nginx to enable SSL for the Jenkins server. - > - > + > [!NOTE] + > Nginx is installed on the VM to act as a reverse proxy to Jenkins. You can configure Nginx to enable SSL for the Jenkins server. + > + > -- **Virtual network**. A [virtual network][vnet] connects Azure resources to each other and provides logical isolation. In this architecture, the Jenkins server runs in a virtual network. +- **Virtual network**. A [virtual network][vnet] connects Azure resources to each other and provides logical isolation. In this architecture, the Jenkins server runs in a virtual network. -- **Subnets**. The Jenkins server is isolated in a [subnet][subnet] to make it easier to manage and segregate network traffic without impacting performance. +- **Subnets**. The Jenkins server is isolated in a [subnet][subnet] to make it easier to manage and segregate network traffic without impacting performance. -- **NSGs**. Use [network security groups][nsg] (NSGs) to restrict network traffic from the Internet to the subnet of a virtual network. +- NSGs. Use [network security groups][nsg] (NSGs) to restrict network traffic from the Internet to the subnet of a virtual network. -- **Managed disks**. A [managed disk][managed-disk] is a persistent virtual hard disk (VHD) used for application storage and also to maintain the state of the Jenkins server and provide disaster recovery. Data disks are stored in Azure Storage. For high performance, [premium storage][premium] is recommended. +- **Managed disks**. A [managed disk][managed-disk] is a persistent virtual hard disk (VHD) used for application storage and also to maintain the state of the Jenkins server and provide disaster recovery. Data disks are stored in Azure Storage. For high performance, [premium storage][premium] is recommended. -- **Azure Blob Storage**. The [Windows Azure Storage plugin][configure-storage] uses Azure Blob Storage to store the build artifacts that are created and shared with other Jenkins builds. +- **Azure Blob Storage**. The [Windows Azure Storage plugin][configure-storage] uses Azure Blob Storage to store the build artifacts that are created and shared with other Jenkins builds. -- **Azure Active Directory (Azure AD)**. [Azure AD][azure-ad] supports user authentication, allowing you to set up SSO. Azure AD [service principals][service-principal] define the policy and permissions for each role authorization in the workflow, using [role-based access control][rbac] (RBAC). Each service principal is associated with a Jenkins job. +- Azure Active Directory (Azure AD). [Azure AD][azure-ad] supports user authentication, allowing you to set up SSO. Azure AD [service principals][service-principal] define the policy and permissions for each role authorization in the workflow, using [role-based access control][rbac] (RBAC). Each service principal is associated with a Jenkins job. -- **Azure Key Vault.** To manage secrets and cryptographic keys used to provision Azure resources when secrets are required, this architecture uses [Key Vault][key-vault]. For added help storing secrets associated with the application in the pipeline, see also the [Azure Credentials][configure-credential] plugin for Jenkins. +- **Azure Key Vault.** To manage secrets and cryptographic keys used to provision Azure resources when secrets are required, this architecture uses [Key Vault][key-vault]. For added help storing secrets associated with the application in the pipeline, see also the [Azure Credentials][configure-credential] plugin for Jenkins. -- **Azure monitoring services**. This service [monitors][monitor] the Azure virtual machine hosting Jenkins. This deployment monitors the virtual machine status and CPU utilization and sends alerts. +- **Azure monitoring services**. This service [monitors][monitor] the Azure virtual machine hosting Jenkins. This deployment monitors the virtual machine status and CPU utilization and sends alerts. ## Recommendations diff --git a/docs/reference-architectures/virtual-machines-linux/multi-vm.md b/docs/reference-architectures/virtual-machines-linux/multi-vm.md index 25813cd70ec..142ad6f8c85 100644 --- a/docs/reference-architectures/virtual-machines-linux/multi-vm.md +++ b/docs/reference-architectures/virtual-machines-linux/multi-vm.md @@ -137,9 +137,9 @@ Before you can deploy the reference architecture to your own subscription, you m 4. From a command prompt, bash prompt, or PowerShell prompt, login to your Azure account by using one of the commands below, and follow the prompts. - ```bash - az login - ``` + ```bash + az login + ``` ### Deploy the solution using azbb @@ -149,16 +149,16 @@ To deploy the sample single VM workload, follow these steps: 2. Open the `multi-vm-v2.json` file and enter a username and SSH key between the quotes, as shown below, then save the file. - ```bash - "adminUsername": "", - "sshPublicKey": "", - ``` + ```bash + "adminUsername": "", + "sshPublicKey": "", + ``` 3. Run `azbb` to deploy the VMs as shown below. - ```bash - azbb -s -g -l -p multi-vm-v2.json --deploy - ``` + ```bash + azbb -s -g -l -p multi-vm-v2.json --deploy + ``` For more information on deploying this sample reference architecture, visit our [GitHub repository][git]. diff --git a/docs/reference-architectures/virtual-machines-linux/n-tier.md b/docs/reference-architectures/virtual-machines-linux/n-tier.md index b5b017c1c5a..d524137b10d 100644 --- a/docs/reference-architectures/virtual-machines-linux/n-tier.md +++ b/docs/reference-architectures/virtual-machines-linux/n-tier.md @@ -29,7 +29,7 @@ There are many ways to implement an N-tier architecture. The diagram shows a typ * **Azure DNS**. [Azure DNS][azure-dns] is a hosting service for DNS domains, providing name resolution using Microsoft Azure infrastructure. By hosting your domains in Azure, you can manage your DNS records using the same credentials, APIs, tools, and billing as your other Azure services. * **Jumpbox.** Also called a [bastion host]. A secure VM on the network that administrators use to connect to the other VMs. The jumpbox has an NSG that allows remote traffic only from public IP addresses on a safe list. The NSG should permit secure shell (SSH) traffic. * **Monitoring.** Monitoring software such as [Nagios], [Zabbix], or [Icinga] can give you insight into response time, VM uptime, and the overall health of your system. Install the monitoring software on a VM that's placed in a separate management subnet. -* **NSGs.** Use [network security groups][nsg] (NSGs) to restrict network traffic within the VNet. For example, in the 3-tier architecture shown here, the database tier does not accept traffic from the web front end, only from the business tier and the management subnet. +* NSGs. Use [network security groups][nsg] (NSGs) to restrict network traffic within the VNet. For example, in the 3-tier architecture shown here, the database tier does not accept traffic from the web front end, only from the business tier and the management subnet. * **Apache Cassandra database**. Provides high availability at the data tier, by enabling replication and failover. ## Recommendations @@ -125,15 +125,15 @@ Before you can deploy the reference architecture to your own subscription, you m 3. Install the [Azure building blocks][azbb] npm package. - ```bash - npm install -g @mspnp/azure-building-blocks - ``` + ```bash + npm install -g @mspnp/azure-building-blocks + ``` 4. From a command prompt, bash prompt, or PowerShell prompt, login to your Azure account by using one of the commands below, and follow the prompts. - ```bash - az login - ``` + ```bash + az login + ``` ### Deploy the solution using azbb @@ -145,9 +145,9 @@ To deploy the Linux VMs for an N-tier application reference architecture, follow 3. Deploy the reference architecture using the **azbb** command line tool as shown below. - ```bash - azbb -s -g -l -p n-tier-linux.json --deploy - ``` + ```bash + azbb -s -g -l -p n-tier-linux.json --deploy + ``` For more information on deploying this sample reference architecture using Azure Building Blocks, visit the [GitHub repository][git]. diff --git a/docs/reference-architectures/virtual-machines-linux/single-vm.md b/docs/reference-architectures/virtual-machines-linux/single-vm.md index abdc189a73a..9a667b686bf 100644 --- a/docs/reference-architectures/virtual-machines-linux/single-vm.md +++ b/docs/reference-architectures/virtual-machines-linux/single-vm.md @@ -162,9 +162,9 @@ A deployment for this architecture is available on [GitHub][github-folder]. It d 4. From a command prompt, bash prompt, or PowerShell prompt, enter the following command to log into your Azure account. - ```bash - az login - ``` + ```bash + az login + ``` 5. Create an SSH key pair. For more information, see [How to create and use an SSH public and private key pair for Linux VMs in Azure](/azure/virtual-machines/linux/mac-create-ssh-keys). @@ -176,16 +176,16 @@ To deploy this reference architecture, follow these steps: 2. Open the `single-vm-v2.json` file and enter a username and your SSH public key between the quotes, then save the file. - ```bash - "adminUsername": "", - "sshPublicKey": "ssh-rsa AAAAB3NzaC1...", - ``` + ```bash + "adminUsername": "", + "sshPublicKey": "ssh-rsa AAAAB3NzaC1...", + ``` 3. Run `azbb` to deploy the sample VM as shown below. - ```bash - azbb -s -g -l -p single-vm-v2.json --deploy - ``` + ```bash + azbb -s -g -l -p single-vm-v2.json --deploy + ``` To verify the deployment, run the following Azure CLI command to find the public IP address of the VM: diff --git a/docs/reference-architectures/virtual-machines-windows/multi-region-application.md b/docs/reference-architectures/virtual-machines-windows/multi-region-application.md index 906b251057f..946110ff772 100644 --- a/docs/reference-architectures/virtual-machines-windows/multi-region-application.md +++ b/docs/reference-architectures/virtual-machines-windows/multi-region-application.md @@ -115,9 +115,9 @@ To configure the availability group: * Create a [Windows Server Failover Clustering][wsfc] (WSFC) cluster that includes the SQL Server instances in both regions. * Create a SQL Server Always On Availability Group that includes the SQL Server instances in both the primary and secondary regions. See [Extending Always On Availability Group to Remote Azure Datacenter (PowerShell)](https://blogs.msdn.microsoft.com/sqlcat/2014/09/22/extending-alwayson-availability-group-to-remote-azure-datacenter-powershell/) for the steps. - * Put the primary replica in the primary region. - * Put one or more secondary replicas in the primary region. Configure these to use synchronous commit with automatic failover. - * Put one or more secondary replicas in the secondary region. Configure these to use *asynchronous* commit, for performance reasons. (Otherwise, all T-SQL transactions have to wait on a round trip over the network to the secondary region.) + * Put the primary replica in the primary region. + * Put one or more secondary replicas in the primary region. Configure these to use synchronous commit with automatic failover. + * Put one or more secondary replicas in the secondary region. Configure these to use *asynchronous* commit, for performance reasons. (Otherwise, all T-SQL transactions have to wait on a round trip over the network to the secondary region.) > [!NOTE] > Asynchronous commit replicas do not support automatic failover. diff --git a/docs/reference-architectures/virtual-machines-windows/multi-vm.md b/docs/reference-architectures/virtual-machines-windows/multi-vm.md index 1352413101c..1c813b7ef88 100644 --- a/docs/reference-architectures/virtual-machines-windows/multi-vm.md +++ b/docs/reference-architectures/virtual-machines-windows/multi-vm.md @@ -137,9 +137,9 @@ Before you can deploy the reference architecture to your own subscription, you m 4. From a command prompt, bash prompt, or PowerShell prompt, login to your Azure account by using one of the commands below, and follow the prompts. - ```bash - az login - ``` + ```bash + az login + ``` ### Deploy the solution using azbb @@ -149,16 +149,16 @@ To deploy the sample single VM workload, follow these steps: 2. Open the `multi-vm-v2.json` file and enter a username and password between the quotes, as shown below, then save the file. - ```bash - "adminUsername": "", - "adminPassword": "", - ``` + ```bash + "adminUsername": "", + "adminPassword": "", + ``` 3. Run `azbb` to deploy the VMs as shown below. - ```bash - azbb -s -g -l -p multi-vm-v2.json --deploy - ``` + ```bash + azbb -s -g -l -p multi-vm-v2.json --deploy + ``` For more information on deploying this sample reference architecture, visit our [GitHub repository][git]. diff --git a/docs/reference-architectures/virtual-machines-windows/n-tier.md b/docs/reference-architectures/virtual-machines-windows/n-tier.md index 007bceb46aa..1d1993b8fb3 100644 --- a/docs/reference-architectures/virtual-machines-windows/n-tier.md +++ b/docs/reference-architectures/virtual-machines-windows/n-tier.md @@ -30,7 +30,7 @@ There are many ways to implement an N-tier architecture. The diagram shows a typ * **Load balancers.** Use an [Internet-facing load balancer][load-balancer-external] to distribute incoming Internet traffic to the web tier, and an [internal load balancer][load-balancer-internal] to distribute network traffic from the web tier to the business tier. * **Jumpbox.** Also called a [bastion host]. A secure VM on the network that administrators use to connect to the other VMs. The jumpbox has an NSG that allows remote traffic only from public IP addresses on a safe list. The NSG should permit remote desktop (RDP) traffic. * **Monitoring.** Monitoring software such as [Nagios], [Zabbix], or [Icinga] can give you insight into response time, VM uptime, and the overall health of your system. Install the monitoring software on a VM that's placed in a separate management subnet. -* **NSGs.** Use [network security groups][nsg] (NSGs) to restrict network traffic within the VNet. For example, in the 3-tier architecture shown here, the database tier does not accept traffic from the web front end, only from the business tier and the management subnet. +* NSGs. Use [network security groups][nsg] (NSGs) to restrict network traffic within the VNet. For example, in the 3-tier architecture shown here, the database tier does not accept traffic from the web front end, only from the business tier and the management subnet. * **SQL Server Always On Availability Group.** Provides high availability at the data tier, by enabling replication and failover. * **Active Directory Domain Services (AD DS) Servers**. Prior to Windows Server 2016, SQL Server Always On Availability Groups must be joined to a domain. This is because Availability Groups depend on Windows Server Failover Cluster (WSFC) technology. Windows Server 2016 introduces the ability to create a Failover Cluster without Active Directory, in which case the AD DS servers are not required for this architecture. For more information, see [What's new in Failover Clustering in Windows Server 2016][wsfc-whats-new]. * **Azure DNS**. [Azure DNS][azure-dns] is a hosting service for DNS domains, providing name resolution using Microsoft Azure infrastructure. By hosting your domains in Azure, you can manage your DNS records using the same credentials, APIs, tools, and billing as your other Azure services. @@ -83,10 +83,10 @@ Configure the SQL Server Always On Availability Group as follows: 3. Create an availability group listener, and map the listener's DNS name to the IP address of an internal load balancer. 4. Create a load balancer rule for the SQL Server listening port (TCP port 1433 by default). The load balancer rule must enable *floating IP*, also called Direct Server Return. This causes the VM to reply directly to the client, which enables a direct connection to the primary replica. - > [!NOTE] - > When floating IP is enabled, the front-end port number must be the same as the back-end port number in the load balancer rule. - > - > + > [!NOTE] + > When floating IP is enabled, the front-end port number must be the same as the back-end port number in the load balancer rule. + > + > When a SQL client tries to connect, the load balancer routes the connection request to the primary replica. If there is a failover to another replica, the load balancer automatically routes subsequent requests to a new primary replica. For more information, see [Configure an ILB listener for SQL Server Always On Availability Groups][sql-alwayson-ilb]. @@ -142,15 +142,15 @@ Before you can deploy the reference architecture to your own subscription, you m 3. Install the [Azure building blocks][azbb] npm package. - ```bash - npm install -g @mspnp/azure-building-blocks - ``` + ```bash + npm install -g @mspnp/azure-building-blocks + ``` 4. From a command prompt, bash prompt, or PowerShell prompt, login to your Azure account by using one of the commands below, and follow the prompts. - ```bash - az login - ``` + ```bash + az login + ``` ### Deploy the solution using azbb @@ -160,18 +160,18 @@ To deploy the Windows VMs for an N-tier application reference architecture, foll 2. The parameter file specifies a default adminstrator user name and password for each VM in the deployment. You must change these before you deploy the reference architecture. Open the `n-tier-windows.json` file and replace each **adminUsername** and **adminPassword** field with your new settings. - > [!NOTE] - > There are multiple scripts that run during this deployment both in the **VirtualMachineExtension** objects and in the **extensions** settings for some of the **VirtualMachine** objects. Some of these scripts require the administrator user name and password that you have just changed. It's recommended that you review these scripts to ensure that you specified the correct credentials. The deployment may fail if you have not specified the correct credentials. - > - > + > [!NOTE] + > There are multiple scripts that run during this deployment both in the **VirtualMachineExtension** objects and in the **extensions** settings for some of the **VirtualMachine** objects. Some of these scripts require the administrator user name and password that you have just changed. It's recommended that you review these scripts to ensure that you specified the correct credentials. The deployment may fail if you have not specified the correct credentials. + > + > Save the file. 3. Deploy the reference architecture using the **azbb** command line tool as shown below. - ```bash - azbb -s -g -l -p n-tier-windows.json --deploy - ``` + ```bash + azbb -s -g -l -p n-tier-windows.json --deploy + ``` For more information on deploying this sample reference architecture using Azure Building Blocks, visit the [GitHub repository][git]. diff --git a/docs/reference-architectures/virtual-machines-windows/single-vm.md b/docs/reference-architectures/virtual-machines-windows/single-vm.md index 96be06e198e..13dade0eea2 100644 --- a/docs/reference-architectures/virtual-machines-windows/single-vm.md +++ b/docs/reference-architectures/virtual-machines-windows/single-vm.md @@ -144,9 +144,9 @@ A deployment for this architecture is available on [GitHub][github-folder]. It d 4. From a command prompt, bash prompt, or PowerShell prompt, enter the following command to log into your Azure account. - ```bash - az login - ``` + ```bash + az login + ``` ### Deploy the solution using azbb @@ -156,16 +156,16 @@ To deploy this reference architecture, follow these steps: 2. Open the `single-vm-v2.json` file and enter a username and password between the quotes, then save the file. - ```bash - "adminUsername": "", - "adminPassword": "", - ``` + ```bash + "adminUsername": "", + "adminPassword": "", + ``` 3. Run `azbb` to deploy the sample VM as shown below. - ```bash - azbb -s -g -l -p single-vm-v2.json --deploy - ``` + ```bash + azbb -s -g -l -p single-vm-v2.json --deploy + ``` To verify the deployment, run the following Azure CLI command to find the public IP address of the VM: diff --git a/docs/resiliency/failure-mode-analysis.md b/docs/resiliency/failure-mode-analysis.md index ac297d2f5e4..aebcd49c0e4 100644 --- a/docs/resiliency/failure-mode-analysis.md +++ b/docs/resiliency/failure-mode-analysis.md @@ -118,7 +118,7 @@ The default retry policy uses exponential back-off. To use a different retry pol ### Web or worker roles are unexpectedly being shut down. **Detection**. The [RoleEnvironment.Stopping][RoleEnvironment.Stopping] event is fired. -**Recovery**. Override the [RoleEntryPoint.OnStop][RoleEntryPoint.OnStop] method to gracefully clean up. For more information, see [The Right Way to Handle Azure OnStop Events][onstop-events] (blog). +Recovery. Override the [RoleEntryPoint.OnStop][RoleEntryPoint.OnStop] method to gracefully clean up. For more information, see [The Right Way to Handle Azure OnStop Events][onstop-events] (blog). ## Cosmos DB ### Reading data fails. diff --git a/docs/resiliency/high-availability-azure-applications.md b/docs/resiliency/high-availability-azure-applications.md index 8993bf86113..e6c497bc7d8 100644 --- a/docs/resiliency/high-availability-azure-applications.md +++ b/docs/resiliency/high-availability-azure-applications.md @@ -5,6 +5,7 @@ author: adamglick ms.date: 05/31/2017 --- [!INCLUDE [header](../_includes/header.md)] + # High availability for applications built on Microsoft Azure A highly available application absorbs fluctuations in availability, load, and temporary failures in dependent services and hardware. The application continues to perform acceptably, as defined by business requirements or application service-level agreements (SLAs). diff --git a/docs/resiliency/recovery-local-failures.md b/docs/resiliency/recovery-local-failures.md index 66dbc6f19f6..422dc06659c 100644 --- a/docs/resiliency/recovery-local-failures.md +++ b/docs/resiliency/recovery-local-failures.md @@ -5,6 +5,7 @@ author: adamglick ms.date: 08/18/2016 --- [!INCLUDE [header](../_includes/header.md)] + # Azure resiliency technical guidance: Recovery from local failures in Azure There are two primary threats to application availability: diff --git a/docs/resiliency/recovery-loss-azure-region.md b/docs/resiliency/recovery-loss-azure-region.md index 8ef10b9d69e..e8089683566 100644 --- a/docs/resiliency/recovery-loss-azure-region.md +++ b/docs/resiliency/recovery-loss-azure-region.md @@ -5,6 +5,7 @@ author: adamglick ms.date: 08/18/2016 --- [!INCLUDE [header](../_includes/header.md)] + # Azure resiliency technical guidance: recovery from a region-wide service disruption Azure is divided physically and logically into units called regions. A region consists of one or more datacenters in close proximity. diff --git a/docs/resiliency/recovery-on-premises-azure.md b/docs/resiliency/recovery-on-premises-azure.md index 7ea38ea268b..0fe25e5ccbc 100644 --- a/docs/resiliency/recovery-on-premises-azure.md +++ b/docs/resiliency/recovery-on-premises-azure.md @@ -5,6 +5,7 @@ author: adamglick ms.date: 08/18/2016 --- [!INCLUDE [header](../_includes/header.md)] + # Azure resiliency technical guidance: Recovery from on-premises to Azure Azure provides a comprehensive set of services for enabling the extension of an on-premises datacenter to Azure for high availability and disaster recovery purposes: From a6037071a48f2cc32fe0c112e3a11be9ebdf7efd Mon Sep 17 00:00:00 2001 From: Mike Wasson Date: Thu, 5 Apr 2018 18:09:56 -0700 Subject: [PATCH 2/3] Fix link --- docs/antipatterns/extraneous-fetching/index.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/antipatterns/extraneous-fetching/index.md b/docs/antipatterns/extraneous-fetching/index.md index f2f65cd0c35..d017b8726c7 100644 --- a/docs/antipatterns/extraneous-fetching/index.md +++ b/docs/antipatterns/extraneous-fetching/index.md @@ -229,7 +229,6 @@ Here is the corresponding telemetry for the `AggregateOnDatabaseAsync` method. T [BusyDatabase]: ../busy-database/index.md -[chatty-io]: ../chatty-io.md [data-partitioning]: ../../best-practices/data-partitioning.md [new-relic]: https://newrelic.com/application-monitoring From 9f7e9183fb4bc2366287c815c7bcb957b7a07a44 Mon Sep 17 00:00:00 2001 From: Mike Wasson Date: Thu, 5 Apr 2018 18:16:00 -0700 Subject: [PATCH 3/3] Revert change in build file This is a template file, not a published markdown file --- docs/patterns/index.liquid.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/patterns/index.liquid.md b/docs/patterns/index.liquid.md index 06fa84404d1..440eddb5a2e 100644 --- a/docs/patterns/index.liquid.md +++ b/docs/patterns/index.liquid.md @@ -16,7 +16,7 @@ Each pattern describes the problem that the pattern addresses, considerations fo
                      {%- for category in categories %}
                    • - {% include 'pattern-category-card' %} + {% include 'pattern-category-card' %}
                    • {%- endfor %}
                    @@ -29,4 +29,4 @@ Each pattern describes the problem that the pattern addresses, considerations fo {%- for pattern in patterns %} | [{{ pattern.title }}](./{{ pattern.file }}) | {{ pattern.description }} | -{%- endfor %} \ No newline at end of file +{%- endfor %}