We have learned about EBS, EFS, and S3 in the AWS cloud, and PD, Filestore, and GCS in GCP. Azure has similar services. The following is a summary to help us review AWS/GCP storage and learn about Azure storage services.

Object storage

Here is a comparison of object storage for three clouds:

• AWS S3 offers multiple storage classes, Standard, Intelligent-Tiering, Glacier, and Glacier Deep Archive, each optimized for different use cases. S3 has object versioning and object life cycle management.
• GCP GCS provides multiple storage classes: Standard, Nearline, Coldline, and Archive. GCS offers object versioning and object life cycle management.
• Azure Blob Storage offers similar features to S3 and GCS. It includes Blob Storage, Archive Storage, and Premium Blob Storage tiers. Azure offers blob storage versioning and life cycle management as well.

File storage

The following is a comparison of file storage for three clouds:

• AWS EFS...

We discussed AWS VPC and GCP VPC previously. They are very similar except that an AWS VPC is regional and a GCP VPC is global (with regional subnets). Azure offers a similar cloud networking service called Azure Virtual Network (vNet), and it is regional. Like VPC peering in AWS and GCP, Azure vNets can be peered across different regions and different accounts. We know that AWS VPC peering can be initialized from one VPC and accepted by the other, and GCP VPC peering is implemented by creating peering from VPC1 to VPC2, and then from VPC2 to VPC1. In Azure, vNet peering is done similarly, and vNet peering is also non-transitive.

Like AWS provides SGs and NACLs to protect EC2’s and VPC/subnets, Azure offers NSGs and Azure Firewall to protect cloud network resources. NSGs provide basic network traffic filtering capabilities at the subnet and network interface level, whereas Azure Firewall offers more advanced traffic control at the network and application...

In this section, we will implement an Azure global V-WAN network using the hub-and-spoke architecture. We will build a V-WAN with two hubs, one in us-east and the other in us-west. Each hub will be connected to two spoke networks: Hub1 connects to spoke networks vNet1 and vNet2; Hub2 connects to spoke networks vNet3 and vNet4. We will create one VM in each spoke. Figure 12.2 shows a typical V-WAN architecture where all the networks are connected efficiently using a hub-and-spoke topology, including Azure cloud vNets, branch office networks, remote networks, and on-premises networks:

Figure 12.2 – Azure V-WAN infrastructure

In our lab, we will just implement the Azure V-WAN hub-and-spoke network with vNet connections. Let’s get started:

1. Create an Azure V-WAN:

Go to the Azure portal at portal.azure.com, then go to Virtual WANs. Create a V-WAN called azure-vwan in the Central US region...

In this chapter, we learned about the organization of the Azure cloud and its compute, storage, and networking services by comparing them with the AWS and GCP services. We dove deep into the Azure V-WAN infrastructure and concepts, and created a V-WAN with two hubs, connecting to four global vNets. We built an Azure V-WAN and managed all the cloud resources in a centralized manner.

In the next chapter, we will examine the Azure data analytics services, including databases and big data, using the same method of learning by comparison, but going deep and beyond the basics.

The following scenario should be referenced when answering questions 1-10:

An Azure team is implementing a network architecture, as shown in Figure 12.19.

Figure 12.19 – Azure infrastructure architecture

• The subscription is subs1.
• The resource group is azurerg.
• The Storage account is store.
• 200 VMs are in the spoke vNets. The VMs are numbered, and each VM has a public IP and a locally installed application, App-X, where X is the VM number.
• vNet1 has two subnets, sub1 and sub2. Azure Firewall is deployed in sub2.
• Azure Front Door is deployed.
• Azure Active Directory (AAD) is used for the infrastructure.
• ExpressRoute is used between on-premises and the Azure cloud.

1. store stores blob objects that need to be accessible to Azure Databricks, leveraging AAD. What should be enabled for store?

A. File shares

B. Hierarchical namespace

C. Network file shares

D. Blob access policies...

1. B

2. C

3. A

4. D

5. D

6. A

7. C

8. C

9. D

10. D

For further insights into what you’ve learned in this chapter, refer to the following links:

• https://azure.microsoft.com/en-us/products/virtual-machines
• https://azure.microsoft.com/en-us/products/category/storage/
• https://azure.microsoft.com/en-us/products/category/networking
• https://learn.microsoft.com/en-us/azure/virtual-wan/
• https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke?tabs=cli
• https://learn.microsoft.com/en-us/azure/frontdoor/front-door-overview
• https://learn.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview
• https://learn.microsoft.com/en-us/azure/application-gateway/overview
• https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
• https://learn.microsoft.com/en-us/azure/azure-monitor/autoscale/autoscale-overview