Azure Compute Storage and Networking

Azure Compute Storage and Networking

In this blog, we will explore the core pillars of Microsoft Azure—Compute, Storage, and Networking—along with their associated services. You’ll gain an understanding of how Azure delivers scalable virtual machines, flexible data storage options, and robust networking capabilities that form the foundation of cloud-based applications and infrastructure.

Azure Virtual Machine

Azure Virtual Machines allow you to run Windows or Linux-based servers in the cloud.

  • Flexible Compute: VMs can be configured with different sizes, operating systems, and workloads, from development environments to high-performance applications.
  • Scalable & Secure: You can scale resources up/down and apply security features like firewalls, identity management, and backup.

Virtual Machine Scale Sets

VM Scale Sets let you deploy and manage a group of identical, load-balanced virtual machines.

  • Auto-Scaling: Automatically increases or decreases the number of VM instances based on demand or custom rules.
  • High Availability: Ensures consistent application performance during peak loads or hardware failures by distributing traffic.

Virtual Machine Availability Sets

Availability Sets protect your VMs from hardware or datacenter failures within an Azure region.

  • Fault Domain Separation: Ensures VMs are distributed across multiple fault domains (separate power/network hardware).
  • Update Domain Management: Prevents all VMs from being rebooted at once during planned maintenance, improving uptime.

Azure Virtual Desktops (AVD)

Azure Virtual Desktop is a cloud-based desktop and app virtualization service that allows users to securely access a full Windows desktop experience from virtually anywhere.

🔹 Key Features:

  • Remote Desktop Access: Deliver Windows 10/11 desktops and apps to users over the internet using any device (PC, tablet, or thin client).
  • Centralized Management: Manage desktops and user profiles centrally using Azure tools like Microsoft Intune and Azure Active Directory.
  • Multi-Session Windows: Run multiple user sessions on a single virtual machine to reduce infrastructure costs—only available with Windows 10/11 Enterprise multi-session.

Azure Virtual Networking

Azure Virtual Networking (VNet) is the foundation of networking in Azure, enabling secure communication between Azure resources, the internet, and on-premises networks.

🔹 Key Capabilities:

  • Isolation & Segmentation: VNets provide logical isolation of your resources, like a traditional on-premises network.
  • Subnets & IP Ranges: You can define custom IP ranges, create subnets, and control traffic flow using network security groups (NSGs).
  • Route Network Traffic: Use route tables to control how traffic flows between subnets, virtual networks, and external networks.
  • Filter Network Traffic: Apply Network Security Groups (NSGs) and Azure Firewall rules to control inbound and outbound traffic at different layers.
  • Connect Virtual Networks: Use VNet Peering to link multiple VNets across regions or subscriptions for unified communication.
  • Hybrid Connectivity: Connect your on-premises infrastructure using VPN Gateway, ExpressRoute, or VNet Peering for seamless hybrid cloud scenarios.

Azure Virtual Private Network (VPN)

Azure VPN enables secure, encrypted communication between your on-premises network and Azure, or between Azure virtual networks, over the public internet. Azure VPN Gateway

VPN Gateway is a specific Azure resource that provides secure site-to-site, point-to-site, and VNet-to-VNet connectivity.

🔹 Types of VPNs:

  • Site-to-Site (S2S): Connects an entire on-premises network to an Azure VNet.
  • Point-to-Site (P2S): Allows individual clients (like laptops) to securely connect to an Azure VNet.
  • VNet-to-VNet: Connects VNets across different regions or subscriptions.

To ensure minimal downtime and improved fault tolerance, Azure VPN Gateway supports several high availability options:

✅ Active-Standby Gateway Architecture

  • By default, a VPN Gateway is deployed in an active-standby mode within an Azure Availability Zone.
  • If the active instance fails, Azure automatically fails over to the standby gateway.

✅ Zone-Redundant Gateways

  • Deploy your VPN Gateway in a zone-redundant configuration, spreading instances across multiple Availability Zones for better resilience against datacenter outages.
  • This ensures higher SLA (99.95% for zone-redundant VPN gateways).

✅ Active-Active VPN Gateway (for Route-Based VPNs)

  • Supports two active instances of a VPN gateway to increase throughput and reliability.
  • Both instances handle traffic simultaneously, enabling load balancing and faster

Azure Express Route

Azure ExpressRoute is a dedicated, private connection between your on-premises infrastructure and Microsoft Azure—bypassing the public internet to offer higher security, reliability, and performance.

🔹 Key Features:

  • Private Connectivity: Data travels over a dedicated private circuit rather than the public internet, reducing exposure to threats.
  • High Bandwidth & Low Latency: Ideal for enterprise-grade workloads, with bandwidth options ranging from 50 Mbps to 100 Gbps.
  • Consistent Performance: Better predictability and uptime than VPN over public networks, making it suitable for latency-sensitive applications.

Azure DNS

Azure DNS is a hosting service for Domain Name System (DNS) domains that allows you to manage and resolve domain names using Microsoft Azure’s global infrastructure.

🔹 Key Features:

  • High Availability & Performance: Hosted on Azure’s globally distributed network of DNS name servers, ensuring fast and reliable DNS resolution.
  • Custom DNS Zones: You can host your own DNS domains and manage records (A, AAAA, CNAME, MX, TXT, etc.) directly in Azure.
  • Integration with Azure Resources: Seamlessly manage DNS for Azure services, enabling automatic updates and tight security.

Azure Storage

Azure Storage is Microsoft’s cloud-based storage solution that provides highly scalable, durable, and secure storage for a wide range of data types. It supports everything from unstructured files to structured NoSQL data.

Azure Storage Account

An Azure Storage Account is a container that holds all your Azure Storage services, such as Blobs, Files, Queues, Tables, and Disks. It provides a unique namespace for your data accessible via HTTP or HTTPS.

There are different types of storage accounts depends on the storage services and redundancy options and has an impact on the use cases.

Storage Account Types

  • General-purpose v2 (recommended) – Supports all modern features and data types with tiered pricing.
  • Blob Storage accounts – Optimized specifically for blob workloads with access tier settings.
  • Premium Storage accounts – High-performance SSD-backed storage for latency-sensitive workloads like databases and VMs.

Redundancy in Azure Storage ensures your data is protected and available even in the event of hardware or datacenter failures.

🔹 Locally Redundant Storage (LRS)

  • Stores 3 copies of your data within a single datacenter in one region.
  • Cost-effective but not resilient to regional outages.

🔹 Geo-Redundant Storage (GRS)

  • Replicates data to a secondary region, hundreds of miles away.
  • Maintains 6 copies total (3 in primary, 3 in secondary region).
  • Secondary region is not accessible for read unless upgraded to RA-GRS.

🔹 Read-Access Geo-Redundant Storage (RA-GRS)

  • Same as GRS but adds read access to the secondary region.
  • Enables high availability for read-heavy applications during regional outages.

🔹 Zone-Redundant Storage (ZRS)

  • Replicates data across 3 availability zones in the same region.
  • Protects against datacenter-level failures and offers high availability.

🔹 Geo-Zone-Redundant Storage (GZRS)

  • Combines ZRS + GRS: Data is replicated across zones in one region and to another region.
  • Offers both zonal and regional protection.

🔹 Read-Access Geo-Zone-Redundant Storage (RA-GZRS)

  • Same as GZRS but with read access to the geo-replicated region.
  • Ideal for mission-critical workloads needing maximum durability and availability.

Azure Storage Account Endpoints

Endpoints in an Azure Storage Account are unique URLs that allow you to access each storage service (Blob, File, Queue, Table) over the internet or via private network connections.

Azure offers several storage services to meet a wide range of data and application needs:

🔹 Azure Blobs

  • Designed for unstructured data like images, videos, backups, or logs.
  • Supports hot, cool, and archive tiers for cost optimization based on access frequency.
  • Commonly used for: content delivery, backup, data lakes.

🔹 Azure Files

  • Fully managed file shares accessible via SMB or NFS protocols.
  • Ideal for lift-and-shift scenarios and shared storage across multiple VMs.
  • Can be mounted on Windows, Linux, and macOS systems.

🔹 Azure Queues

  • Provides message queueing for communication between application components.
  • Ensures decoupled and reliable service-to-service messaging.
  • Useful in distributed or microservices architectures.

🔹 Azure Disks

  • High-performance block storage for use with Azure Virtual Machines.
  • Available in Standard HDD, Standard SSD, and Premium SSD tiers.
  • Supports OS disks, data disks, and snapshot backups.

🔹 Azure Tables

  • A NoSQL key-value store for large-scale, structured datasets.
  • Ideal for storing semi-structured data like user profiles or IoT telemetry.
  • Offers high availability and fast access at low cost.

In upcoming blogs, we will discuss more on Azure Cloud. To make this series more understandable, I am splitting this into multiple blogs

Part 1 - What is Cloud Computing and Services

Part 2 - What is Microsoft Azure

Part 3 - Azure Compute Storage and Networking

Part 4 - Azure Identity & Access Management

Part 5 - Azure Cloud Adoption Framework & Well Architected Framework

Part 6 - Azure Landing Zone

Thanks, 😊

If you have any comments, please drop me a line