Azure Services Overview

31 min readJan 5, 2023

Azure is Microsoft’s cloud platform that offers a lot of services that allow you to build, deploy and manage applications and services. In this article I present an overview of some of the main Azure Services, explaining what each of these services is and what they can be used for.

Azure Portal

The Azure Portal it’s a Web interface from which you can create and manage services and resources. You can access the Azure Portal at https://portal.azure.com/ and sign in with your Azure account. If you don’t have an Azure account yet, you can create one for free.

Azure Portal provides a range of features such as dashboards to view and monitor resources as well as a billing dashboard, a resource explorer to browse and manage your resources, a marketplace with Azure services and third-party applications, provides the Azure Cloud Shell, which is a browser-based shell (a command-line interface that you can access and use directly from a web browser), which allows you to run scripts and commands to manage Azure resources, and other features.

You can easily find the services in Azure Portal by typing the service name in the search bar:

Or you can also click on “More Services” and will be redirected to a page with a list of services:

Alternatively, you can also create services and resources by using Azure CLI or Powershell. It’s possible to run commands directly in your own environment, or you can also access Azure Portal and run commands directly in the portal, by accessing this option:

1- Azure Subscriptions

An Azure Subscription is a logical container used to provision resources in Azure. When you create an Azure account, you are automatically signed up for a subscription. The costs of this subscription will be billed based on the services and resources that you use (the costs can be viewed in Azure Portal).

You can add and remove resources from your subscription, according to your needs, and you can also cancel your subscription at any time.

2- Resource Groups

A Resource Group is a logical container that holds resources that are deployed to Azure. It allows you to manage multiple resources in a single entity (the resource group). It can be used to organize resources in your Azure subscriptions, according to your requirements, and can also be used to manage access to resources, enforce policies, and track costs for resources.

To create a Resource Group, it’s necessary to specify a name and a location for the resources, and it’s possible to create Resource Groups in Azure Portal, Azure Powershell, Azure CLI or using the Azure Resource Manager REST API.

3- App Service Plan

App Service Plan defines the physical resources (such as the number of CPU cores and amount of memory), pricing tier, and scale options (such as the maximum number of instances that can be created, and the ability to scale up or down based on demand) for your app.

The are three main categories for the Pricing Tier:

Free and Basic: recommended for development and testing
Production: recommended for production
Isolated: recommend for when you need to run your app in an isolated environment with dedicated resources (which are not shared with other customers), enhanced security (for example, virtual network and firewall rules), and high availability.

Each category can provide a different amount of resources and features available, it’s recommended to select which one fits better for your app.

A Service Plan can have one or more App Services. You will not be charged by the amount of App Service you have, you will pay only for the App Service Plan.

4- App Service

An App Service is a fully managed Platform as a Service (PaaS), and it is used for hosting Web Applications and REST APIs. With an App Service, you can host your application without needing to worry about the infrastructure that runs your app.

This service offers DevOps capabilities, such as Continous Deployment from Azure DevOps, BitBucket and other sources, as well as features such as manual scaling (for any App Service Plan) and autoscaling (for Standard or higher App Service Plan), provides different types of logs for Web Apps, and supports different types of languages such as .NET, Java, Ruby, Node.js, PHP, Python and Ruby.

In an App Service, you pay only for the resources that the App Service uses, and it is determined by the App Service Plan on which you run your app. In order to have an App Service, it’s necessary to have an App Service Plan (to which the App Service will be related).

If you want to know more about Azure App Service and its features, you can check the article “Azure App Services — Monitoring, Logging and Autoscaling”.

If you want to know more about Deployment Slots (which allows you to create separate environments for deploying and testing your Web App, before making the app available to all the end users), check the article “Azure App Services — Deployment Slots”.

If you want to know more about deploying an application to an Azure App Service, from an Azure DevOps Repository using Azure Pipelines, check the article “Deploying a .NET 6 Web API and a SQL Database with Azure Pipelines”.

5- Azure Functions

Azure Functions is a serverless solution that allows you to write small pieces of code that run in the cloud (Function as Service — FaaS), without worrying about underlying infrastructure and scaling. This allows the developers to focus on writing code without worrying about maintaining the infrastructure. It’s a powerful service for building microservices, automating processes and integrating with other Azure services and third-party APIs.

Azure Functions offers benefits such as Pay-per-use, Automatic scaling, Integration with other Azure Services, Event-driven model. An Azure Function can be triggered by events such as HTTP Requests, Timer events, Queue events, Changes in Azure Storage data.

You can also make use of an orchestrator function that can control the flow of multiple stateful functions, which can be used to implement complex workflows and long-running processes, by using Azure Durable Functions, which is an extension of Azure Functions that allow you to write stateful functions. It allows you to write event-driven code, it can wait asynchronously for one or more external events, and after that execute a series of tasks in response to these events.

If you want to know more about Azure Functions, check the article “Azure Functions — How to Create, Debug, Monitor and Deploy using Azure Portal, Visual Studio and Visual Studio Code”.

6- Azure Monitor

Azure Monitor provides the possibility to monitor the performance and availability of your cloud resources and applications. With Azure Monitor, you can collect logs and metrics from your resources (such as logs, performance metrics and events), analyze and visualize your data in real-time with Azure Log Analytics and Azure Dashboards, set up alerts and notifications when specific conditions are met, and automate responses to certain events or conditions with Azure Automation or Azure Functions.

7- Application Insights

Application Insights is an extension of Azure Monitor, and it is a powerful service/tool that allows you to monitor the performance and usage of your cloud-based applications (Web Sites, REST APIs, etc). It collects data from your application and concentrates them in a cloud repository, providing Dashboards for analysis.

Application Insights offers features such as:

Live Metric Stream: provides a Dashboard for monitoring, with real-time performance and usage data of your app, showing CPU and memory usage, number of requests, which apps instances are available, error rate, and other metrics.
Dependencies Track: it allows you to monitor and track the dependencies of your applications. Dependencies are external resources and services that your applications rely on, such as databases, web services, or third-party APIs.
Application Map: it allows you to visualize the components and dependencies of your applications in a graphical format. It provides a visual representation of your applications, presenting how the various components and dependencies are connected and how they are interacting with each other.
Availability Tests: it allows you to monitor the availability of your applications, by simulating requests from different locations around the world.
Alerts: it allows you to configure notifications and alerts to be triggered when certain conditions occur, for example, in case some performance thresholds are exceeded, or when certain error rates are reached, or when some other conditions are met. The alerts can be sent by email, and can also be integrated with Logic Apps.
Failures: non-treated errors are automatically logged.
Querying logs: provides the possibility to query all the generated logs by using Kusto Query Language(KQL), and also provides the possibility to generate graphs based on these queries.

If you want to integrate Application Insights with your .NET application, you need to install the Application Insights SDK package. This package can then send telemetry data to Application Insights. When you configure Application Insights in your app, by default (with very low coding effort) it already provides the possibility to check the following information:

The number of requests your application is receiving
From where these requests are coming (which country, city, etc)
The response time of your app
Failures that occurred

Beyond that, you can also create your custom logs.

Application Insights also provides the possibility to send alerts (for example, by sending an email or using Logic Apps), query logs with Kusto Query Language(KQL), track dependencies, create graphs, and others.

Among many Application Insights features, I will highlight four of them:

Funnels: it can be used to check how well your application is being used, the percentage of users that are going to different parts of your app, and the number of users hitting the various web pages.
User Flows: it can be used to visualize how users navigate between the pages and features of your site. With that, you can know how the users navigate away from a page on your site, in what the users click on a page on your site, where are the places that users churn most from your site, if there are places where users repeat the same action over and over.
Impact: it can be used to check how the page load time impacts the user's navigation.
Retention: it helps you to analyze how many users return to your app, how often they perform particular tasks or achieve goals, and if they return back after completing some task.

8 — Azure Service Bus

Azure Service Bus is a fully managed enterprise message broker with message queues and publish-subscribe topics in a namespace (a container for queues and topics). It is used to decouple applications/services from each other, allowing the use of message exchange (message contains raw data, that is sent by a component, and will be consumed by another component), with asynchronous communication, and it uses the AMQP (Advanced Message Queuing Protocol) Protocol.

Two common scenarios to use a Message-Oriented system, such as Azure Service bus, are in Microservices and Distributed systems and Long-term processing (when your app needs to process something that will take too much time).

The exchange of messages between applications that use the Service Bus can be done using two different structures queues and topics:

Queues are a data structure that stores messages that are sent between two or more applications/services. A message is stored in a queue until they are retrieved by a receiver. A queue is basically the implementation of the data structure FIFO (First-In-First-Out), which means that the first message that arrives in the queue, will be the first message that will be processed, that is, messages are delivered and processed in the order that they are received, ensuring that messages are handled in the order that they are sent. In a queue-based messaging system, it is common to have one or more producers that send messages to the queue, and a single consumer that receives and processes the messages.
Topics are a data structure that allows you to publish messages that will be received (subscribed) by multiple receivers (each receiver has its own subscription — not “Azure Subscription”). It is similar to a queue, but it allows multiple subscribers to receive copies of the same message. When a message is published/sent to a topic, it is delivered to all the subscribers of that topic (each subscriber will receive a copy of the message and can process it independently). With Topics, it’s also possible to create filters, for the Subscribers to define which messages they want to receive from a topic.

In summary, queues are useful when you want to deliver a message to a single receiver, while topics are useful when you want to deliver a message to multiple receivers.

If you want to know more about Azure Service Bus, check the article “Azure Service Bus — Queues & Topics: Sending and Receiving Messages with a .NET application”.

9 — Event Hubs

Azure Event Hubs is a Big Data streaming platform and event ingestion service, which can receive and process millions of events per second. It ingests, buffers, stores and processes large volumes of data in real-time.

This service is designed to be highly scalable and can ingest data from multiple sources, such as IoT devices, Web apps, mobile apps, and servers. It provides a distributed stream processing platform with low latency and seamless integration, with data and analytics services inside and outside Azure to build your complete big data pipeline. Event Hubs can also integrate with other Azure services.

10 — Event Grid

Azure Event Grid is an event broker service that can be used to integrate applications using events. It uses a publish-subscribe model, where a publisher sends an event to a topic, and subscribers can then register to receive those events.

Event Grid efficiently and reliably routes events from Azure and non-Azure resources, and can distribute the events from different sources, to registered subscriber endpoints. It supports most Azure Services as publishers or subscribers and can also be used with third-party services.

Event Grid does not guarantee order for event delivery, so subscribers may receive them out of order.

There are five important concepts that you need to know to work with Event Grid, they are:

Events: it’s about what happened in the system. An event contain information such as the source of the event, the time the event took place, a unique identifier, and each type of event also contains relevant information related to the event type.
Event sources: it’s about where the event took place — the application/entity that generated the events. For example, Azure Storage is the event source for blob created events; your application is the event source for custom events that you define.
Topics: it provides an endpoint where the source sends events — it's where publishers send events. The events are sent to a specific topic, and the subscribers to that topic will receive the events (each topic has a unique endpoint that can be used to send events to it).
Event subscriptions: a subscription tells Event Grid which events on a topic you’re interested in receiving. An event subscription defines the criteria for which events a particular event handler should receive, it’s possible to filter by event type or event subject for example.
Event handlers: it’s the place where the event is sent — the app or service reacting to the event. Event handlers are the endpoints that receive events from the Event Grid.

Choosing between Azure Message Services (Event Grid, Event Hubs and Service Bus)

In this Microsoft doc, you can see when and why you should choose each of these three services. In summary:

Event Grid: React to status changes
Event Hubs: telemetry and distributed data streaming
Service Bus: Order processing and financial transactions

11- Azure API Management

Azure API Management is a fully managed service that enables users to create, publish, and manage APIs in the cloud. With this service, you can manage all your APIs in a single place. It provides a range of tools and features for helping build, deploy/publish, monitor, manage and secure APIs. With this service, you can expose your APIs to external developers, partners or clients.

If you have an application that has multiple APIs for example, it’s possible to centralize these APIs in the API Management and have a single point of entry (similar to a Gateway API — but note that it’s not only a Gateway API, but it also provides management tools).

It’s also possible to cache backend responses, so in case there are frequently access queries, the responses can come from the cache instead of going to the back-end API, which provides better throughput and less latency for the users.

Azure API Management offers features such as:

API Gateway: it provides a gateway that sits between API consumers and API backend services. With that, all requests from client applications will first reach the API Gateway, which then forwards them to respective backend services.
Developer portal: an automatically generated and fully customizable website with the documentation of your APIs. API consumers can use the developer portal to learn how to use your APIs and how to consume them in the applications.
Management plane: it can be used to provision and configure API Management service settings, define or import API schemas from a wide range of sources, package APIs into products, set up policies, get insights from analytics and manage users.

Policies

Azure API Management also allows you to define Policies, which are a set of rules and expressions that allow you to change the behaviour of the API through configuration. Policies are applied inside the gateway which sits between the API consumer and the managed API. Generally, the gateway receives the requests and forwards them to the API, but policies can apply changes to the request and the response.

This feature allows you to manipulate incoming and outgoing requests and responses of your API. It can be used to perform a series of tasks such as authentication, caching, transformation and rate limiting.

Policies are applied by using policy statements, which are statements written in XML that define the behaviour of the policy. The configuration is divided into inbound, backend, outbound, and on-error. Here is an explanation of these attributes in a policy:

inbound: it is applied to incoming requests to the API, before they are sent to the backend service.
backend: allows you to configure the backend service that your API will forward the request to. It can be used to set the URL of the backend service, as well as other properties such as the request timeout and retry policy.
outbound: the outbound policies are applied to the request returned by the back-end service, before sending it to the client. It is used to specify how the response from an API should be modified before being sent to the client.
on-error: in case some error occurs during the processing of a request and there are still some remaining steps in inbound, backend or outbound sections, they will be skipped and the execution will jump directly to the statements in the on-error section.

This is an example from Microsoft Documentation:

<policies>
  <inbound>
    <!-- statements to be applied to the request go here -->
  </inbound>
  <backend>
    <!-- statements to be applied before the request is forwarded to 
         the backend service go here -->
  </backend>
  <outbound>
    <!-- statements to be applied to the response go here -->
  </outbound>
  <on-error>
    <!-- statements to be applied if there is an error condition go here -->
  </on-error>
</policies>

It’s also possible to add attributes to each statement, for example, you can have many kinds of policies, such as: convert XML to JSON, convert JSON to XML, find and replace string in a body, rewrite URL, etc. In the XML below there is an example of how to use the xml-to-json policy:

<policies>
    <inbound>
        <base />
    </inbound>
    <outbound>
        <base />
        <xml-to-json kind="direct" apply="always" consider-accept-header="false" />
    </outbound>
</policies>

You can check more information about it on the following Microsoft Doc page: API Management policy reference.

12- App Configuration

image source: https://learn.microsoft.com/answers/topics/25354/icon.html?t=168390

Azure App Configuration is a fully managed service that provides a centralized place to store Application Settings and Feature Flags. With this service, you can store all the settings of your applications and secure their access in a single place, making it easy to manage configuration data across multiple environments and applications.

This service allows you to manage the configuration data of your apps, such as connection strings, API keys, and other settings. For example, if you have multiple applications and each app contains a configuration file which has the same configuration, you can centralize these files in the App Configuration service.

With App Configuration it’s also possible to update the configuration of an application without needing to restart the application.

13- Key Vault

image source: https://code.benco.io/icon-collection/azure-docs/

Azure Key Vault is a fully managed service that can be used to manage, control access and store sensitive data that is used by applications, such as keys, passwords, access tokens, connection strings, cryptographic keys, certificates, and other secrets.

With Key Vault it’s possible to centralize all the application secrets, allowing you to control their distribution and reducing the chances of a secret being accidentally leaked. When using Key Vault, the developers do not need to store security information in their application, instead, the application can consume the keys and secrets directly from the Key Vault. For example, if the application needs to have a connection string to connect to the database, instead of having the connection string in the app, it can be securely stored in Key Vault.

In order to have access to Key Vault, the user or the application requires proper authentication and authorization. The authentication is done via Azure Active Directory, and the authorization may be done via Azure role-based access control (Azure RBAC) or Key Vault access policy.

14- Load Balancers

Azure Load Balancer is a layer 4 (TCP, UDP) load balancer service that distributes incoming network traffic across multiple resources, to help ensure high availability and performance.

It offers a single point of contact for clients and distributes incoming traffic to multiple targets, such as virtual machines within a virtual network.

15- Application Gateway

Azure Application Gateway is a layer 7 (HTTP, HTTPS) load balancer service that enables you to manage traffic to your web applications. This service provides application-level load balancing and routing. With it, you can create a gateway that distributes incoming traffic to multiple servers or other resources.

Application Gateway is easy to use and offers a high degree of reliability and performance, making it a powerful and flexible choice for routing and load balancing in the cloud. It offers a number of features for traffic management, login, security and performance monitoring.

With this service, it’s possible to route traffic to specific servers based on the incoming requests URL, and it can perform functions such as SSL offloading, cookie-based affinity, and Web Application Firewall (WAF).

Load Balancer vs Application Gateway

Azure Load Balancer service allows you to distribute traffic across multiple servers in your Azure environment, and Azure Application Gateway is a solution that sits between your applications and the HTTP and HTTPS protocols.

The Application Gateway service is more robust and offers features for more complex load-balancing scenarios, while the Load Balancer service suits well for simple load-balancing scenarios.

16- Front Door

Azure Front Door is Microsoft’s modern cloud Content Delivery Network (CDN) that delivers high performance, scalability, and secure user experiences for your content and applications. It is a powerful solution for routing and managing traffic to your Web application.

Azure Front Door can create a global load balancer, which will route your client's requests to the fastest and most available back-end application (any internet-facing service that is hosted inside or outside of Azure), based on factors such as the location of your client, the health of the back-end resources, and the performance of the network (which can improve the performance of your apps), and it is also possible to customize the routing and traffic management of your apps. It also includes a number of security features to help protect your apps such as Web Application Firewall (WAF) and SSL/TLS termination.

17- Logic Apps

Azure Logic Apps is a cloud platform that provides the possibility to automate business processes and integrate systems and services, by creating and running workflows with little to no code. Each workflow starts with a single trigger.

Azure Logic Apps provides a visual designer that allows you to build integrations and workflows by dragging and dropping connections and actions. It offers many pre-built connectors (interfaces to an external service), that allow you to connect to many systems and services, for example, you can easily and quickly integrate tools such as Twitter, Slack, Microsoft Teams, etc (you can also create your own connectors). And it also provides API management tools, which allow you to expose your Logic Apps as an API and manage access to it, making it easy to build, deploy and manage integrations and workflows.

18- Azure Storage

Azure Storage is a cloud storage service, which offers a range of storage options for structured data such as tables and queues and unstructured data, such as blob, file, archive, and disk.

The storage account provides a unique namespace for your Azure Storage data which can be accessed by HTTP or HTTPS. The data in your storage account is durable and highly available, secure, and massively scalable.

18.1- Types of Storage

Blob Storage: can be used to store unstructured data, such as images, text files, videos, documents, static files (such as JavaScript and CSS), virtual machine disks.

It’s possible to organize your blob data based on how frequently it will be accessed and how long it will be retained, for that you can choose between three different tiers (this also allows you to reduce costs): the Hot tier, the Cool tier, and the Archive tier.

The Hot tier can be used for data that is frequently accessed or modified.
The Cool tier can be used for data that are stored for longer periods of time but do not need to be frequently accessed.
The Archive tier can be used for data that is rarely accessed (data in this tier should be stored for a minimum of 180 days). For blob that is in the Archive tier, it is not possible to read or modify it. If you need to read/change it, first you must rehydrate it to an online tier, which can be the Hot tier or the Cool tier (the rehydrating process can take up to 15 hours depending on the priority you specify for the rehydration operation).

It’s possible to set the access tier for a blob when you create it, and it is also possible to change the access tier of an existing blob at any time (each tier has a different cost).

Table Storage: It is a service that stores non-relational structured data (also known as structured NoSQL data), and it works with key-value store. It’s a good choice for apps that needs to store and access large amounts of data quickly.
Queue Storage: it’s a message queue mechanism provided by Azure Storage. Can be used when you need to have a message queue system between different parts of your application or even between different applications.
It is used for storing large numbers of messages that can be accessed from anywhere in the world via authenticated calls using HTTP or HTTPS. A queue message can be up to 64 KB in size. Queues can contain millions of messages, and the limitation is based only by the capacity of the storage account that owns it.
File Storage: it is a cloud storage service that allows you to access files using the Server Message Block (SMB) protocol. It can be used to store files and other data that can be accessed by multiple VMs.
Archive storage: a low-cost storage option for storing data that is infrequently accessed. It is ideal for storing data that needs to be retained for long periods of time, but is not frequently accessed.
Disk storage: it is used for storing data for virtual machines (VMs) in Azure. There are several types of disk storage available, including standard HDDs, standard SSDs, premium SSDs, and Ultra Disk.

18.2- Azure Storage Explorer

Azure Storage Explorer is an application that you can install on Windows, macOS or Linux, which allows you to upload, download and manage your Azure Storage data, without needing to log in to the Azure portal.

19- Azure Storage Account

An Azure Storage Account is a logical container for storing data in Azure Storage. It provides a unique namespace and access keys for accessing data stored in Azure Storage, as well as settings for configuring the various types of storage available in Azure Storage. In a Store Account, it’s possible to store data objects such as blobs, files, queues, tables and disks.

Azure Storage is the service that provides storage options in the cloud, and the Azure Storage Account is a specific instance of that service that you create to store and manage your data. The data stored in a Storage Account is durable, highly available, secure and scalable.

It’s possible to have multiple storage accounts within a single Azure subscription, allowing you to store and manage data for different applications and workloads in a logical and organized way.

20- Azure SQL Server

Azure SQL Server is a cloud-based service that provides a SQL Server instance that you can use to host your SQL Databases. It is similar to installing and running SQL Server on an on-premises server, but it is fully managed by Microsoft and runs on Azure infrastructure.

With a SQL Server, you can create one or more SQL Databases.

21 — Azure SQL Database

Azure SQL Database is a fully managed Platform-as-a-Service (PaaS) database engine that handles most of the database management functions such as upgrading, patching, backups, and monitoring without user involvement. It is based on the latest stable version of the Microsoft SQL Server database engine.

This service allows you to process both relation data and non-relational structures such as graphs, JSON, spatial, and XML. It also allows you to create a highly available and high-performance data storage layer for applications in the cloud.

If you want to create an Azure SQL Database, it’s necessary to first create a SQL Server. Azure SQL Server provides a SQL Server instance that you can use to host your Azure SQL Databases.

22— Azure MySQL

Azure MySQL Database is a database service built on top of the open-source MySQL database engine. It is a relational database service that is fully compatible with MySQL protocols, and it provides a fully managed database service that features stable performance, rapid deployment, high availability, and high levels of security.

23- Cosmos DB

Azure Cosmos DB is a massively scalable NoSQL database as a fully managed Platform as a Service (PaaS) on Azure. It offers very fast reads and writes operations (generally within 10 milliseconds or less), and has comprehensive service-level agreements on throughput, latency, consistency, and availability.

Cosmos DB is designed to allow developers to easily create and manage globally distributed, responsive, and highly available database applications. It can be a great choice when your app demands low latency and globally distributed data access.

Azure Cosmos DB offers multiple database APIs, which include NoSQL, MongoDB, PostgreSQL, Cassandra, Gremlin, Table and supports key-value, graph and column-family data models.

If you want to know more about Cosmos DB, check my article “Azure Cosmos DB — Getting Started and Creating a NoSQL Database”.

24- Container Apps

image source: https://branditechture.agency/brand-logos/download/azure-container-apps/

Azure Container Apps (ACA) is a fully managed environment that enables you to run microservices and containerized applications on a serverless platform, and simplifies the deployment and management of containerized applications; it is a fully managed Kubernetes-based application platform that helps you deploy apps from code or containers without orchestrating complex infrastructure. It allows you to build serverless microservices based on containers. It can be used to deploy API endpoints, host background processing applications, handle even-driven processing and run microservices.

ACA gives you the benefits of running containers without having to worry about the concerns of managing cloud infrastructure and complex container orchestrators.

ACA doesn’t provide direct access to Kubernetes APIs, so if you require access to the Kubernetes APIs and control plane, you should use Azure Kubernetes Service. However, if you would like to build Kubernetes-style applications and don’t require direct access to all the native Kubernetes APIs and cluster management, Container Apps provides a fully managed experience based on best-practices.

25- Azure Container Registry

Azure Container Registry is a managed registry service based on the open-source Docker Registry 2.0. It allows you to manage and store private Docker container images in a secure and scalable manner.

It integrates with Azure Container Instances, which is a fast and simple way to run containerized applications in the cloud, and also integrates with Azure Kubernetes.

This service allows you to quickly and easily run containerized applications in the cloud, without the need to provision or manage any virtual machines or other infrastructure. You can use Azure Container Instances to run containerized applications in a serverless, pay-per-use model, scaling up or down as needed to meet the demands of your workload.

Together, Azure Container Registry and Azure Container Instances provide a powerful and flexible way to build, deploy, and run containerized applications in the cloud.

26- Container Instances

image source: https://learn.microsoft.com/en-us/answers/topics/25412/azure-container-instances.html

Azure Container Instances (ACI) offers the fastest and simplest way to quickly run simple containers in Azure, without having to manage any virtual machines and without having to adopt a higher-level service. This service allows you to deploy isolated containers, and you don’t need to provision virtual machines for them. In ACI, the container instances get an IP address and a fully qualified domain name. With ACI you can use an image from Azure Container Registry and run it as a container.

Concepts like scale, load balancing, and certificates are not provided with ACI containers. For example, if you need to scale to five container instances, you need to create five distinct container instances. It’s common to interface with ACI instances through other services, for example, Azure Kubernetes Service can layer orchestration and scale on top of ACI through virtual nodes.

It can be used in any scenario that can operate in isolated containers, including simple applications, task automation, build jobs, testing and development, or running short-lived processes. For scenarios where you need full container orchestration, including service discovery across multiple containers, automatic scaling, and coordinated application upgrades, Microsoft’s recommendation is to use Azure Kubernetes Service (AKS).

With Azure Container Instances, you only pay for the resources you consume (and there are no upfront costs or infrastructure to manage), it allows you to quickly deploy your apps, and is integrated with other Azure services such as Azure Virtual Networks and Azure Storage, allowing you to easily connect your containers to other resources in your Azure environment.

Difference between Azure Container Apps and Azure Container Instances

If you wonder what is the difference between ACA and ACI, and when should you use each of them, here follows a Microsoft explanation about them:

Azure Container Apps (ACA) allows you to build serverless microservices based on containers. Distinctive features of Container Apps include:

It is optimized for running general purpose containers, especially for applications that span many microservices deployed in containers.
Powered by Kubernetes and open-source technologies like Dapr, KEDA, and envoy.
Supports Kubernetes-style apps and microservices with features like service discovery and traffic splitting.
Enables event-driven application architectures by supporting scale based on traffic and pulling from event sources like queues, including scale to zero.
Support of long running processes and can run background tasks.

Azure Container Instances (ACI) provides a single pod of Hyper-V isolated containers on demand. It can be thought of as a lower-level “building block” option compared to Container Apps. Concepts like scale, load balancing, and certificates are not provided with ACI containers. For example, to scale to five container instances, you create five distinct container instances. Azure Container Apps provide many application-specific concepts on top of containers, including certificates, revisions, scale, and environments. Users often interact with Azure Container Instances through other services. For example, Azure Kubernetes Service can layer orchestration and scale on top of ACI through virtual nodes. If you need a less “opinionated” building block that doesn’t align with the scenarios Azure Container Apps is optimizing for, Azure Container Instances is an ideal option.

27-Azure Kubernetes Service (AKS)

image source: https://learn.microsoft.com/en-us/answers/topics/azure-kubernetes-service.html

Azure Kubernetes Service (AKS) allows you to deploy and manage containerized applications using Kubernetes (an open-source orchestration system for automating the management, placement, scaling and routing of containers — you can think of “orchestration” as a kind of management or organizer tool). You can use AKS to deploy and manage containerized applications at scale, including microservices, batch jobs, and machine learning models.

Here are some benefits of AKS:

AKS is a fully managed service, which means you don’t need to worry about installing, configuring or maintaining the Kubernetes infrastructure.
AKS can automatically scale your apps up or down based on demand, helping you to optimize resources and reduce costs.
AKS is integrated with other Azure services, such as Azure Container Registry and Azure Monitor, allowing you to easily manage and monitor your applications.

28- Azure Active Directory (Azure AD)

Azure Active Directory (Azure AD) is a cloud-based identity and access management service that helps an organization manage access to resources in Azure, Office 365 and other Microsoft cloud services. It allows you to easily add and manage users, groups, and devices, and it provides a range of features to secure your organization’s resources and data. It is easy to use and integrates with other Azure services and applications.

With Azure AD it’s possible to:

Centralize the management of user identities and access to resources
Securely manage user access to your organization’s resources
Enable single sign-on (SSO) to access many cloud and on-premises applications
Protect against security threats and enforce compliance policies

Azure AD also allows you to create users and groups, assign licenses to users, manage users' access to Azure resources and grant roles to users.

29- Virtual Machines (VMs)

Virtual Machines (VMs) are a service that allows you to create and run virtual machines in the cloud. It’s useful when you need to have more control over the computing environment than the other choices offer.

It gives you the flexibility of virtualization without having to buy and maintain the physical hardware that runs it, but you are responsible for maintaining the VM. Tasks such as configuration, patching and installing software that will run in the VM are your responsibility.

About costs, you are charged when the VM is in the running state, so you can stop the VM whenever you don’t want it to run.

It’s possible to control the traffic flow by using Network Security Groups, and you can also monitor the different underlying metrics such as CPU utilization and Network Utilization.

30 — Virtual Network (VNet)

Azure Virtual Network (VNet) is a service that allows you to create a private and isolated network in the cloud. With a VNet you can create one or more virtual networks and configure them to meet your specific needs, including configuring the IP address range, subnets, and network security rules.

VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks. It is similar to a traditional network that you would operate in your own data center, but brings with it additional benefits of Azure’s infrastructure such as scale, availability, and isolation.

31- Azure Private Link

Azure Private Link is a service that enables you to securely access Platform-as-a-Service (PaaS) resources (such as Azure Storage and SQL Database) and Azure hosted customer-owned/partner services, over a private network connection.

It uses a private IP address for the connection, which means that the connection does not traverse the public internet, but instead, it is established over the Azure backbone network, this way you don’t need to expose the resources to the public internet. This helps to secure the connection and prevent attacks such as man-in-the-middle attacks.

Private Link also provides isolation, as it separates the connection between the client and the resource from the public internet. This makes it easier to comply with regulatory and compliance requirements that may require you to keep certain resources private.

Conclusion

Azure offers a lot of useful and powerful services that can ensure high availability and reliability of your applications, allowing your apps to scale up and down, combined with security and cost-effectiveness, as you can choose to pay only for the resources that you are using.

In future articles, I will explain how to use some of these services and integrate them with a .NET application. If you are interested, I invite you to follow me to receive notifications of upcoming articles.

Thanks for reading!

References

What is the Azure portal? — Microsoft Docs

Azure Subscription — Microsoft Docs

Manage Azure resource groups by using the Azure portal — Microsoft Docs

App Service overview — Microsoft Docs

Azure App Service plan overview — Microsoft Docs

Introduction to Azure Functions — Microsoft Docs

What are Durable Functions? — Microsoft Docs

Azure Monitor overview — Microsoft Docs

Application Insights overview — Microsoft Docs

Discover how customers are using your application with Application Insights funnels — Microsoft Docs
Analyze user navigation patterns with User Flows in Application Insights — Microsoft Docs