• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

spythesky

  • Home
  • Blog
  • About
  • Contact
You are here: Home / Architecture / What should I know about Azure architecture

What should I know about Azure architecture

Last Updated on 10 February 2019 by Krzysztof Nojman

Architecture pilars

There are several important considerations we must take when designing solutions. There are golden principles that should drive each design in the cloud. As an architect during the design phase, you must take into account several disasters. You need a plan in every scenario. Having a plan will help you in creating systems that will be resilient, and prepared for each catastrophe.

There are four main topics you must cover when designing a solution. If you prepare yourself before by writing lots of questions. It will help you and will work as a checkpoint. During design just go through your list and tick all the boxes.  This will help you in designing a good solution.

Architecture is about planning and being prepared for any circumstances. These happen ordinarily and those that happen unexpectedly. We have to plan and design solution that will cope with critical disasters. The key is the implementation of our design, it must be smooth and allow for future improvements. Systems must be flexible to cope with constantly changing business requirements.

Building a great system is iterative work. At each iteration we need to concentrate on a specific problem. You have to evaluate various risks and be prepared to mitigate them.

Design for security

Currently, data is a business asset. Must be protected with high priority. System resources must be resilient to network vulnerabilities. It should be protected with encryption both in transit and in storage. Security is a concept that applies to the whole lifecycle of an application. Cloud provides you with additional security benefits like DDoS attached or network intrusion detection. But this is the architect responsibility to build security into the application.

I am trying to ask myself several questions to challenge myself and find the answer.

How do we prevent system from hacking?

What to do if we get hacked?

How will I know if I was hacked?

How to maintain access to data to prevent from unauthorized usage?

In every business, there is confidential data, which must be protected from malicious people. Like I said before data is an asset. And must be treated like one. Since we have strict rules to protect personal data GDPR then there is an additional aspect we need to think about. Regulatory compliance something that you don’t like but must be managed. It will apply to personal data of your staff or your customers. What about their payments, for this we have another regulatory standard that we must adhere to. We need to remember that the cloud has vulnerabilities as everything so don’t take things for granted.

Security locks

In order for the security mechanism to be effective, we need to consider several layers. Each layer works as a fence. In the real world if you put 10 fences around your home it will make very difficult for an intruder to pass. The same principle applies to the cloud. This is called “defense in depth” and covers the following items

  • Data
  • Applications
  • VM/Compute
  • Networking
  • Perimeter
  • Policies and access
  • Physical security

This creates in-depth protection. Each layer is aimed at protecting a different area. If one fails there are still other gates that protect us. By creating more layers we are increasing complexities for an attacker. Security should cover people and processes.

In depth protection

Each layer has some specific vulnerabilities that you need to tackle and be prepared.  

  • Data: Having strong encryption is a must. Both on storage and in transit.
  • Applications: What we need to protect is code injections, SQL injection and cross-site scripting (XSS).
  • VM/Compute: Protect against executing code on a compromised system.
  • Networking: Open ports are the main issues, leaving SSH or RDP open to VM may be a big problem.
  • Perimeter: Denial-of-service attacks are in this layer, this will take your servers down and other resources.
  • Policies and access: It’s all about authentication, Active Directory, Kerberos, OAuth. Protect your credentials and put monitoring in place to know what is happening and when.
  • Physical security: Protect your facilities, put locks everywhere and check who has access to them.

You have to remember that when you are in the cloud then you are sharing the security with Azure. Depending on which your model solution is in like IAAS, PAAS or SAAS. From this, you can infer what to protect. The closer to the SAAS you are the fewer worries you have. Managing IAAS is the most complex because you are responsible for the operating system and applications.

Design for performance and scalability

Our systems must be capable to scale with increased demand. A system should be able to do it automatically without human intervention. Azure cloud has a built-in mechanism that will allow scaling the application up or down depending on needs. This kind of architecture must be done at a application level and cloud resource level. You should be able to answer a question like Can we handle a spike in traffic?

Despite all this Azure automation, there is work for you to analyze systems and identify bottlenecks and apply optimization. Optimization may include testing network speeds or IO on a storage solution. There should be thought put on each system independently. Looking at the code or logs. Performance analysis is a recurring process that applies to each system component. Once you identify potential issues from the architectural standpoint it will be easier to plan for the solution.

Scaling

Scaling

Like in life everything depends on what we want to achieve. You need to make a decision if scaling up is better then scaling out. Scaling up is making your resource bigger and stronger. For example, you can add more RAM or CPU.

When you scale out then you add more instances of your resource.

Both ways will improve the performance of your systems. You have to choose which one is more efficient in your solution. There will be different costs implications that you must be aware of.

Performance patterns

You can tackle scalability and performance by following some principles.

  • Data partitioning

To improve performance when accessing data we can partition it. Which means putting data into separate pots. This kind of separation helps because when I need a particular piece I know exactly in which pot it is. It simplifies the extraction process.

  • Caching

Caching means having the most recent data handy. On an application level, you can put most often used data in memory so that retrieval time will be minimal.  It is often used in a web application, to save time when serving data to the client.

  • Autoscaling

It is a great feature of many Azure services. You can automate scaling process and trigger it dynamically on a specific condition. For example, you can set a limit on CPU performance. When application will use CPU more than 75% of its capacity then service automatically will increase CPU to meet demand of the application.

  • Separate intensive tasks

Very heavy tasks that require process intensive calculations or long-running workflows can be run in the background. This creates separation from user Interface and ultimately speeds up application. Application loads faster, which is a big time saver.

  • Messaging

If two services must communicate with each other. It will be efficient to put a messaging mechanism between them. In this scenario, messages are communicated asynchronously. This has less impact on performance because the application can process tasks one by one. That way it is more resilient to more time-consuming messages.

  • Monitor performance

Applications in the cloud are using several services. This makes the solution very complex. It is very difficult to pinpoint how each component is utilizing the system. You have to put a good diagnostic mechanism in place. Constant monitoring of your systems will provide valuable insights into operations. As they say, what is measured can be managed.  

Design for availability and recoverability

These days business requires systems to be up and running 24/7. There is no justification for downtime. Each component of a solution should be prepared for a failure. There must be a plan for, how to recover? Users should not even notice if part of a system goes down. This should apply to the application and its data. The most important question comes to my mind can architecture handle the failure of one or more components?

Not a single business like downtime so it is our job to make solution unbreakable. This is part of an architectural design to be prepared for failures of various services and application components. High availability must limit the impact of failures. If they happen application must cope with it so users will not be impacted.

Recoverability means when a disaster happens can I still have access to my data? There should be no data loss. the process of data recovery after failure should be automatic. This will improve time to full recovery. You need to analyze each component and add redundancy to limit the possibility of an outage. In reality, we should allow for some data loss. This will save tons of money. There is always a tradeoff between costs and complexities of a solution.

Design for efficiency and operations

Efficient in business terms means cost-effective. A system must utilize all the resources available. You can not allow for any waste. Like in Japanese Kaizen you need to look in every part of a system and search for improvements. In Azure, you pay per second, per minute or per hour. When it is coming to Azure “time is money” if there is an unnecessary process that takes up resources you should control it. Luckily for you, Azure provides tools to measure and monitor all usage. Monitoring costs is an ongoing activity, generally, each application will have its own manager who will perform such a task.

The most often reason for increased costs is consuming more resources than is required. Or paying for resources that are idle most of the time. Fox example my development machines are working only 9:00 to 5:00. They shut down automatically to save money. There must be a process of constant monitoring resources. Any misalignment must be immediately corrected. This may include resizing virtual machines. Where you can try moving to PAAS, which is cheaper than IAAS.

There should be a huge emphasis on the automation of resource management. We, humans, are still bit slow and faulty. We make too many mistakes. 🙁 Automating common tasks we improve efficiency and reduce possible errors.

Shared responsibility

Shared responsibility is a concept that applies to the cloud environment. Depending on which service model you choose you will be responsible for managing certain parts of the system. It depends if you are on the IAAS, PAAS, or SAAS.  The closer you are to the bare metal like in IAAS then you have to manage Data, applications, OS ect. In the SAAS model, you don’t take any responsibility for the service or underlining software or hardware.

Perfect Solution

If you are looking for a perfect solution then you have to be prepared for some tradeoffs. In reality, if we plan to create systems that are always available, efficient, secure and fast then are looking into huge costs or long time to delivery. There are some tradeoffs to balance costs with reality. It’s a business decision to pick what is the highest priority. Luckily for us, good people have made some useful design patterns what we can use. They will save time and provides valuable help.

Filed Under: Architecture, Cloud

Primary Sidebar

Hi
I am Kris, I like technology that solves our problems. I would like to welcome you to my site. I hope you will find something useful and interesting. Any ideas are always welcome. Read More…

Recent Posts

  • What is Apache Spark

    What is Apache Spark

    Apache Spark is an open-source data processing engine. It contains …Read More »
  • How HDInsight can help you with Big Data?

    How HDInsight can help you with Big Data?

    Big Data Many businesses these days face a problem with …Read More »
  • Why do I need Azure Storage

    Why do I need Azure Storage

    Azure Storage Whatever your business problem that relates to data, …Read More »
  • Why Machine Learning is your business

    Why Machine Learning is your business

    Today’s world got crazy about Artificial Intelligence, which in my …Read More »
  • My secret power to data intelligence

    My secret power to data intelligence

    Azure SQL Data Warehouse I already started covering the topic …Read More »

Categories

  • Architecture
  • Artificial Intelligence
  • Big Data
  • Business
  • Cloud
  • How to
  • Project Management
  • Tools

Newsletter

Signup for news and updates

Marketing Permissions

By clicking below to submit this form, you acknowledge that the information you provide will be processed according to Privacy Policy. Don’t worry, you can opt out any time.

Thank you!

You have successfully joined our subscriber list.

Footer

Site Pages

  • About
  • Blog
  • Contact
  • Home

Boring Stuff

  • Privacy Policy
  • Terms and Conditions

Search

© 2021 · spythesky.com

Spythesky.com use cookies and other tracking technologies for performance, analytics, and marketing purposes. By using this website, you accept this use. Find out more.