Introduction: Understanding Azure Core Services
Microsoft Azure offers a wide range of cloud services, but four of its most foundational and widely-used services are Virtual Machines, Blob Storage, SQL Database, and Azure Functions. These services form the backbone of many Azure-based solutions, providing compute, storage, database, and serverless capabilities respectively. Understanding these core services is essential for anyone working with Azure, as they provide the building blocks for most cloud architectures, from simple web applications to complex enterprise solutions.
Azure Virtual Machines (IaaS)
Overview
Azure Virtual Machines (VMs) provide Infrastructure as a Service (IaaS) capabilities, allowing you to create and run Windows or Linux virtual machines in the cloud. Azure VMs give you the flexibility of virtualization without having to buy and maintain physical hardware.
Key Concepts
| Concept | Description |
|---|
| VM Sizes | Predefined configurations of CPU, memory, storage, and networking capacity |
| VM Series | Specialized VM types optimized for different workloads (compute, memory, storage, GPU) |
| Availability Sets | Logical grouping of VMs for high availability and redundancy |
| Scale Sets | Group of identical, load-balanced VMs that can automatically increase or decrease |
| Managed Disks | Simplified disk management with built-in reliability for Azure VMs |
| VM Extensions | Small applications for post-deployment configuration and automation |
VM Series Types
| Series | Optimized For | Use Cases |
|---|
| B-Series | Economical, burstable | Dev/test, small web servers, small databases |
| D-Series | General purpose | Web servers, small-medium databases, dev/test |
| E-Series | Memory-intensive | Medium-large databases, in-memory caches |
| F-Series | Compute-intensive | Batch processing, web servers, analytics |
| G/GS-Series | Large memory and storage | Large databases, big data analytics |
| M-Series | Largest memory | SAP HANA, large in-memory databases |
| N-Series | GPU-enabled | AI/ML, graphics rendering, visualization |
| Ls-Series | Storage-optimized | Big data, SQL and NoSQL databases, data warehousing |
Disk Types
| Disk Type | Description | Use Cases |
|---|
| Ultra Disk | Highest performance SSD | Mission-critical workloads, high-throughput databases |
| Premium SSD | High-performance SSD | Production workloads, high-performance databases |
| Standard SSD | Standard SSD disks | Web servers, dev/test, less critical workloads |
| Standard HDD | Hard disk drives | Backup, non-critical storage, infrequent access |
Deployment & Management
Azure Portal
- Visual interface for creating and managing VMs
- Step-by-step wizards for configuration
- Monitoring and troubleshooting capabilities
Azure CLI
# Create a resource group
az group create --name MyResourceGroup --location eastus
# Create a VM
az vm create \
--resource-group MyResourceGroup \
--name MyVM \
--image UbuntuLTS \
--admin-username azureuser \
--generate-ssh-keys \
--size Standard_DS2_v2
# Start/stop a VM
az vm start --resource-group MyResourceGroup --name MyVM
az vm stop --resource-group MyResourceGroup --name MyVM
# Resize a VM
az vm resize --resource-group MyResourceGroup --name MyVM --size Standard_DS3_v2
# List available VM sizes
az vm list-sizes --location eastus
PowerShell
# Create a resource group
New-AzResourceGroup -Name "MyResourceGroup" -Location "EastUS"
# Create a VM
New-AzVm `
-ResourceGroupName "MyResourceGroup" `
-Name "MyVM" `
-Location "EastUS" `
-VirtualNetworkName "MyVnet" `
-SubnetName "MySubnet" `
-SecurityGroupName "MyNSG" `
-PublicIpAddressName "MyPublicIP" `
-Image "Win2019Datacenter" `
-Size "Standard_DS2_v2" `
-Credential (Get-Credential)
High Availability Options
- Availability Sets: Group VMs across fault domains and update domains
- Availability Zones: Deploy VMs across physically separate zones in a region
- Virtual Machine Scale Sets: Deploy identical VMs with auto-scaling
- Azure Site Recovery: Replicate VMs to secondary region for disaster recovery
Networking Components
- Virtual Networks: Isolated network for VMs and other Azure resources
- Network Security Groups: Virtual firewall for controlling inbound/outbound traffic
- Load Balancers: Distribute traffic across multiple VMs
- Application Gateway: Advanced HTTP load balancing with WAF capabilities
- VPN Gateway: Connect on-premises networks to Azure virtual networks
Best Practices
- Choose the right VM size based on workload requirements
- Use managed disks for simplified management
- Implement auto-shutdown for non-production VMs to save costs
- Use VM extensions for configuration and automation
- Implement backup and disaster recovery strategies
- Use Azure Hybrid Benefit if you have existing Windows Server or SQL Server licenses
- Configure monitoring with Azure Monitor and diagnostics
- Implement proper security with NSGs, JIT access, and Microsoft Defender for Cloud
Azure Blob Storage
Overview
Azure Blob Storage is Microsoft’s object storage solution for the cloud, designed to store massive amounts of unstructured data such as text, binary files, documents, media files, and application installers. Blob Storage is optimized for storing massive amounts of unstructured data.
Key Concepts
| Concept | Description |
|---|
| Storage Account | Container for all storage services (blobs, files, queues, tables) |
| Container | Organizes blobs like a folder in a file system |
| Blob | File of any type and size stored in Azure |
| Access Tiers | Performance/cost optimization levels (Hot, Cool, Archive) |
| Replication Options | Data redundancy levels across data centers and regions |
| Shared Access Signature (SAS) | Token for delegated, time-limited access to resources |
Blob Types
| Type | Description | Use Cases |
|---|
| Block Blobs | Composed of blocks, optimized for uploading large files | Documents, images, videos, backups |
| Append Blobs | Optimized for append operations | Logging, auditing data |
| Page Blobs | Random read/write operations | Virtual machine disks (VHD files) |
Storage Account Types
| Type | Description | Use Cases |
|---|
| Standard General Purpose v2 | Standard storage account for blobs, files, queues, and tables | Most storage scenarios |
| Premium Block Blobs | Premium performance for block and append blobs | High-transaction rate, smaller objects |
| Premium Page Blobs | Premium performance for page blobs | VM disks requiring high IOPS |
| Premium File Shares | Premium performance for file shares | Enterprise applications, lift-and-shift |
Access Tiers
| Tier | Description | Use Cases |
|---|
| Hot | Frequent access, higher storage cost, lower access cost | Active data, current processing |
| Cool | Infrequent access, lower storage cost, higher access cost | Short-term backup, data not accessed often |
| Archive | Rarely accessed, lowest storage cost, highest retrieval cost | Long-term backup, compliance data |
Replication Options
| Option | Description | Recovery Point Objective (RPO) |
|---|
| LRS (Locally Redundant) | Three copies in a single facility | ~0-15 minutes |
| ZRS (Zone Redundant) | Three copies across availability zones | ~0-15 minutes |
| GRS (Geo-Redundant) | LRS + async replication to secondary region | < 15 minutes |
| GZRS (Geo-Zone Redundant) | ZRS + async replication to secondary region | < 15 minutes |
| RA-GRS (Read-Access GRS) | GRS + read access to secondary region | < 15 minutes |
| RA-GZRS (Read-Access GZRS) | GZRS + read access to secondary region | < 15 minutes |
Deployment & Management
Azure Portal
- Visual interface for creating and managing storage accounts
- Storage browser for exploring containers and blobs
- Upload/download capabilities
Azure CLI
# Create a storage account
az storage account create \
--name mystorageaccount \
--resource-group MyResourceGroup \
--location eastus \
--sku Standard_LRS
# Create a container
az storage container create \
--name mycontainer \
--account-name mystorageaccount \
--auth-mode login
# Upload a blob
az storage blob upload \
--account-name mystorageaccount \
--container-name mycontainer \
--name myblob.txt \
--file myfile.txt \
--auth-mode login
# List blobs
az storage blob list \
--account-name mystorageaccount \
--container-name mycontainer \
--output table \
--auth-mode login
# Download a blob
az storage blob download \
--account-name mystorageaccount \
--container-name mycontainer \
--name myblob.txt \
--file downloadedfile.txt \
--auth-mode login
PowerShell
# Create a storage account
New-AzStorageAccount -ResourceGroupName "MyResourceGroup" `
-Name "mystorageaccount" `
-Location "eastus" `
-SkuName "Standard_LRS"
# Get storage account key
$storageAccount = Get-AzStorageAccount -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount"
$storageKey = (Get-AzStorageAccountKey -ResourceGroupName "MyResourceGroup" -Name "mystorageaccount")[0].Value
# Create a storage context
$ctx = New-AzStorageContext -StorageAccountName "mystorageaccount" -StorageAccountKey $storageKey
# Create a container
New-AzStorageContainer -Name "mycontainer" -Context $ctx -Permission Off
# Upload a blob
Set-AzStorageBlobContent -Container "mycontainer" -File "myfile.txt" -Blob "myblob.txt" -Context $ctx
Data Security Features
- Encryption at rest: Automatic encryption of all data
- Encryption in transit: HTTPS/TLS for secure transfer
- Azure AD and RBAC: Identity-based access control
- Shared Access Signatures (SAS): Delegated, time-limited access
- Customer-managed keys: Bring your own encryption keys
- Immutable storage: WORM (Write Once, Read Many) policy enforcement
Best Practices
- Choose the right access tier for your data
- Implement lifecycle management policies
- Use appropriate replication strategy based on availability needs
- Secure access with SAS tokens instead of account keys when possible
- Use private endpoints to access storage securely from VNets
- Enable soft delete to protect against accidental deletion
- Use the correct blob type for your workload
- Implement monitoring with metrics and diagnostic logs
Azure SQL Database (PaaS)
Overview
Azure SQL Database is a fully managed relational database-as-a-service (DBaaS) based on the latest stable version of Microsoft SQL Server. It provides high availability, automated backups, and intelligent optimization with minimal administration.
Key Concepts
| Concept | Description |
|---|
| Deployment Models | Single Database, Elastic Pool, Managed Instance |
| Service Tiers | Basic, Standard, Premium, General Purpose, Business Critical, Hyperscale |
| DTU-based Purchasing | Database Transaction Units – bundled measure of compute, storage, and I/O resources |
| vCore-based Purchasing | Virtual core model with independent scaling of compute and storage |
| Elastic Pools | Shared resource model for multiple databases with varying usage patterns |
| Geo-replication | Readable secondary databases in different regions |
| Auto-failover Groups | Automatic failover of groups of databases |
Deployment Models
| Model | Description | Use Cases |
|---|
| Single Database | Isolated database with predictable performance | Simple applications, microservices |
| Elastic Pool | Collection of databases with shared resources | SaaS applications with multiple tenants |
| Managed Instance | Full SQL Server instance compatibility | Lift-and-shift migrations from on-premises |
Service Tiers
| Tier | Description | Use Cases |
|---|
| Basic/Standard/Premium (DTU) | Traditional tiers with bundled resources | Simple applications, dev/test |
| General Purpose | Balanced performance and cost | Most business applications |
| Business Critical | Highest resilience to failures | Mission-critical applications |
| Hyperscale | Highly scalable storage and performance | Large databases, high throughput |
Deployment & Management
Azure Portal
- Visual interface for creating and managing SQL databases
- Query editor for running T-SQL queries
- Performance monitoring and recommendations
Azure CLI
# Create a SQL server
az sql server create \
--name mysqlserver \
--resource-group MyResourceGroup \
--location eastus \
--admin-user serveradmin \
--admin-password "ComplexPassword123!"
# Configure server firewall rule
az sql server firewall-rule create \
--resource-group MyResourceGroup \
--server mysqlserver \
--name AllowMyIP \
--start-ip-address 123.123.123.123 \
--end-ip-address 123.123.123.123
# Create a database
az sql db create \
--resource-group MyResourceGroup \
--server mysqlserver \
--name mydb \
--service-objective S1
# List databases
az sql db list \
--resource-group MyResourceGroup \
--server mysqlserver
PowerShell
# Create a SQL server
New-AzSqlServer -ResourceGroupName "MyResourceGroup" `
-ServerName "mysqlserver" `
-Location "eastus" `
-SqlAdministratorCredentials (Get-Credential)
# Configure server firewall rule
New-AzSqlServerFirewallRule -ResourceGroupName "MyResourceGroup" `
-ServerName "mysqlserver" `
-FirewallRuleName "AllowMyIP" `
-StartIpAddress "123.123.123.123" `
-EndIpAddress "123.123.123.123"
# Create a database
New-AzSqlDatabase -ResourceGroupName "MyResourceGroup" `
-ServerName "mysqlserver" `
-DatabaseName "mydb" `
-RequestedServiceObjectiveName "S1"
T-SQL Connection String
Server=tcp:mysqlserver.database.windows.net,1433;
Database=mydb;
User ID=serveradmin;
Password=ComplexPassword123!;
Encrypt=true;
Connection Timeout=30;
High Availability Features
- 99.99% SLA with local redundancy in all service tiers
- Zone redundancy available in Premium and Business Critical tiers
- Active geo-replication for readable secondaries in different regions
- Auto-failover groups for automatic failover of primary and secondary databases
- Automated backups with point-in-time restore up to 35 days
Security Features
- Transparent Data Encryption (TDE) for encryption at rest
- Dynamic Data Masking to limit sensitive data exposure
- Row-Level Security for fine-grained access control
- Always Encrypted for client-side encryption
- Advanced Threat Protection for security vulnerabilities detection
- SQL Audit for regulatory compliance and security investigations
- Private Link for secure connectivity from virtual networks
Monitoring & Performance
- Query Performance Insight to identify performance issues
- Automatic Tuning for index and query performance optimizations
- Query Store to track query performance over time
- Intelligent Performance features for automated monitoring
- Azure Monitor integration for metrics and alerting
Best Practices
- Choose the appropriate service tier based on performance requirements
- Enable geo-replication for business-critical databases
- Implement proper security with firewall rules and AAD authentication
- Use connection pooling in applications
- Implement retry logic in applications for transient errors
- Regularly monitor performance with Query Performance Insight
- Enable automatic tuning features
- Periodically review and implement Azure Advisor recommendations
Azure Functions (Serverless)
Overview
Azure Functions is a serverless compute service that allows you to run event-triggered code without explicitly provisioning or managing infrastructure. Functions can scale automatically based on demand, and you pay only for the compute resources you use when your functions run.
Key Concepts
| Concept | Description |
|---|
| Function App | Container for functions that share configuration, hosting plan, and runtime version |
| Triggers | Events that cause a function to run (HTTP, timer, blob storage, etc.) |
| Bindings | Declarative connections to data sources (input) and destinations (output) |
| Hosting Plans | Consumption, Premium, App Service Plan – different scaling and performance options |
| Durable Functions | Extension for creating stateful workflows in a serverless environment |
| Runtime | Language-specific execution environment (.NET, Node.js, Python, etc.) |
Supported Languages
| Language | Description | Use Cases |
|---|
| C# | Compiled C# (.NET) | Enterprise applications, complex logic |
| JavaScript/TypeScript | Node.js runtime | Web APIs, event processing |
| Python | Python 3.x runtime | Data science, automation scripts |
| PowerShell | PowerShell Core | Automation, administrative scripts |
| Java | Java 8/11 runtime | Enterprise applications, existing Java codebase |
| Custom Handler | Any language via HTTP interface | Legacy code, specialized languages |
Hosting Plans
| Plan | Description | Use Cases |
|---|
| Consumption | Serverless auto-scaling, pay-per-execution | Event-driven workloads, variable load |
| Premium | Enhanced performance, pre-warmed instances, VNet connectivity | High-performance needs, consistent load |
| App Service | Run on existing App Service Plan | Maximizing existing resources, predictable costs |
Common Triggers
| Trigger | Description | Example Use Cases |
|---|
| HTTP | REST API endpoint | Web APIs, webhooks |
| Timer | Scheduled execution | Batch processing, maintenance tasks |
| Blob Storage | Executes when blob is added/updated | Image processing, file validation |
| Queue Storage | Processes queue messages | Order processing, task distribution |
| Cosmos DB | Responds to changes in documents | Real-time analytics, data processing |
| Event Hub | Processes event streams | IoT data processing, analytics |
| Service Bus | Processes Service Bus messages | Enterprise messaging, reliable processing |
| Event Grid | Responds to Azure events or custom topics | Serverless event-driven architecture |
Deployment & Management
Azure Portal
- Visual interface for creating and managing function apps
- Code editor for writing functions
- Testing capabilities and monitoring features
Visual Studio Code
- Local development environment
- Azure Functions extension for deployment
- Debugging and testing capabilities
Azure CLI
# Create a function app
az functionapp create \
--resource-group MyResourceGroup \
--consumption-plan-location eastus \
--runtime dotnet \
--functions-version 4 \
--name myfunctionapp \
--storage-account mystorageaccount
# Deploy functions from a local folder
func azure functionapp publish myfunctionapp
# List function apps
az functionapp list --output table
# Get function app settings
az functionapp config appsettings list \
--name myfunctionapp \
--resource-group MyResourceGroup
PowerShell
# Create a function app
New-AzFunctionApp -ResourceGroupName "MyResourceGroup" `
-Name "myfunctionapp" `
-StorageAccountName "mystorageaccount" `
-Location "eastus" `
-Runtime "dotnet" `
-FunctionsVersion 4 `
-RuntimeVersion "6" `
-OSType "Windows" `
-FunctionAppPlanName "myappplan"
Function App Example (HTTP Trigger – JavaScript)
module.exports = async function (context, req) {
context.log('JavaScript HTTP trigger function processed a request.');
const name = (req.query.name || (req.body && req.body.name));
const responseMessage = name
? "Hello, " + name + ". This HTTP triggered function executed successfully."
: "This HTTP triggered function executed successfully. Pass a name in the query string or in the request body for a personalized response.";
context.res = {
// status: 200, /* Defaults to 200 */
body: responseMessage
};
}
Function App Example (HTTP Trigger – C#)
using System;
using System.IO;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Azure.WebJobs;
using Microsoft.Azure.WebJobs.Extensions.Http;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Logging;
using Newtonsoft.Json;
public static class Function1
{
[FunctionName("Function1")]
public static async Task<IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req,
ILogger log)
{
log.LogInformation("C# HTTP trigger function processed a request.");
string name = req.Query["name"];
string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
dynamic data = JsonConvert.DeserializeObject(requestBody);
name = name ?? data?.name;
return name != null
? (ActionResult)new OkObjectResult($"Hello, {name}")
: new BadRequestObjectResult("Please pass a name on the query string or in the request body");
}
}
Durable Functions
- Orchestrator Functions: Control the flow of function execution
- Activity Functions: The basic units of work in a durable function orchestration
- Entity Functions: Manage the state of an entity
- Pattern: Function Chaining: Sequence of functions executed in order
- Pattern: Fan-out/Fan-in: Execute multiple functions in parallel, then aggregate results
- Pattern: Async HTTP API: Long-running operations with polling or webhook callbacks
- Pattern: Monitor: Recurring process in a workflow
- Pattern: Human Interaction: Incorporate human approval into workflows
Integration Points
- Azure Storage: Blobs, tables, queues for data storage and messaging
- Azure Service Bus: Enterprise messaging integration
- Azure Event Grid: Event distribution
- Azure Event Hubs: Big data streaming
- Azure Cosmos DB: NoSQL database integration
- Azure SQL Database: Relational database access
- Azure Key Vault: Secret management
- Azure Monitor: Logging and monitoring
- Azure Logic Apps: Complex workflow integration
Best Practices
- Keep functions focused on a single responsibility
- Design for statelessness where possible
- Use Durable Functions for complex orchestrations
- Implement proper error handling and retry policies
- Optimize function execution time to reduce costs
- Leverage input/output bindings for simpler code
- Use application settings for configuration values
- Implement proper security with function access keys
- Monitor performance with Application Insights
- Test functions locally before deployment
- Consider Premium plan for VNet integration and no cold starts
Integration Scenarios & Architecture Patterns
Web Application with Backend Storage
- Architecture: Web App → Azure Functions → Blob Storage
- Benefits: Serverless backend, auto-scaling, cost-effective
- Example Use Case: Image upload and processing application
Microservices Architecture
- Architecture: API Management → Multiple Function Apps → SQL Database/Cosmos DB
- Benefits: Independent scaling, isolation, language flexibility
- Example Use Case: E-commerce platform with separate services for orders, catalog, etc.
Data Processing Pipeline
- Architecture: Event Hub → Functions → Blob Storage → Functions → SQL Database
- Benefits: Scalable ingestion, decoupled processing
- Example Use Case: IoT telemetry processing and analytics
Hybrid Web Application
- Architecture: App Service/VMs → Azure SQL → Blob Storage
- Benefits: Lift and shift existing applications with cloud storage
- Example Use Case: Traditional .NET application migrated to Azure
Serverless API Backend
- Architecture: API Management → Functions → Cosmos DB
- Benefits: No infrastructure management, auto-scaling
- Example Use Case: Mobile app backend or SaaS API
Comparison of Core Services
| Aspect | Virtual Machines | Blob Storage | SQL Database | Functions |
|---|
| Service Type | IaaS | Storage | PaaS | Serverless |
| Primary Use | Compute | Unstructured data storage | Relational data | Event-driven processing |
| Management Effort | High (OS, updates) | Low | Low | Very Low |
| Scalability | Manual/Scale Sets | Automatic | Vertical/Horizontal | Automatic |
| Pricing Model | Per VM hour | Pay per GB + transactions | DTU/vCore + storage | Pay per execution + resources |
| Control Level | Full control | Limited to storage features | Limited to DB features | Limited to function code |
| Startup Time | Minutes | N/A | N/A | Seconds/milliseconds |
| Use When | Need OS control | Need raw storage | Need relational data | Need event processing |
Resources for Further Learning
Official Documentation
Training & Certification
- AZ-104: Microsoft Azure Administrator
- AZ-204: Developing Solutions for Microsoft Azure
- AZ-900: Microsoft Azure Fundamentals
Community Resources
- Azure Architecture Center
- Microsoft Learn
- Azure Friday videos
- Azure blog
This cheatsheet provides a comprehensive overview of four core Azure services: Virtual Machines, Blob Storage, SQL Database, and Functions. Each of these services is essential to understand for anyone working with Azure, as they provide the fundamental building blocks for most cloud architectures. Remember to refer to the latest Microsoft documentation for the most current information, as Azure services are regularly updated with new features.
