Rethinking IT, From an Azure Perspective

The IT skills you have are not the skills you will need -- working with Microsoft Azure means having to relearn ways to get the job done more efficiently in the cloud.

We live in interesting times as IT professionals and the skills we need tomorrow are not the same ones that we've honed for use in today's environment.

A case in point is public cloud computing. Some things are the same -- networks, VMs, sizing for application loads, clustering. And some things are totally different -- hybrid networks between on-premises and the cloud, no access to hardware, paying per hour instead of once every three years, infinite scalability, new privacy and security concerns. For Microsoft IT professionals taking steps into cloud computing, it means working with Azure, which is familiar but different.

In this series of articles, we'll look at the various components that make up Microsoft Azure as it applies to IT pros. We'll look at automation, cloud and mobile services, network traffic, diagnostics, and a slew of other features. First up, though, let's look at Web Sites, Virtual Machines, and autoscaling. (Note: throughout this series we're covering the version that came out of the BUILD 2014 conference.)

Azure provides compute, network, data, and app services in an elastic, self-service, and metered fashion for business across the globe. There are two interfaces to monitor, configure, and set up these services: the HTML 5 web-based console that works in all modern browsers and a PowerShell interface for automation. Azure is both an infrastructure-as-a-service (IaaS) cloud in that it offers persistent virtual machines that can run your business workloads and a platform-as-a-service (PaaS) cloud which provides a platform on which to run your own code.

Compute Services
The key to understanding public cloud computing is to see that there are many levels of service provided, from just a simple VM hosting service to a complete platform. Generally the higher up in the stack you go -- meaning the fabric is more abstracted away from you -- the less control you have but the easier your deployment is. So, if you're writing your own app to run on top of Azure's fabric as a PaaS application, you don't have control of the underlying OS in the Web Role/Worker Role VMs, as Microsoft will keep these updated with patches. On the other hand, with a VM in IaaS you're responsible for patching, antivirus and backup. Both come under the heading of compute services.

A basic building block in Azure is a cloud service which can contain one or more VMs under IaaS or one or more tiers of Web Role/Worker Role VMs. Generally PaaS requires apps that are written for the cloud, whereas IaaS VMs could simply be existing business services that you are comfortable moving to the cloud.

Web Sites
Web sites lets you build web-secure and scalable applications, using frameworks such as .DotNetNuke, DasBlog, CakePHP, Wordpress and others. Or you can use WebMatrix to create a site from scratch using APS.NET, PHP, HTML 5, CSS 3 and Node. You can use either SQL server or MySQL as the database for your site and if you're collaborating on a larger site you can use CodePlex, Github, Bitbucket or Team Foundation Services for source control.

Recently released in preview is the concept of Web hosting plans, which work well when you have different sites (with different "sizes") but you want to manage and pay for them under a single umbrella.

Creating a website is only a few clicks away, although Azure doesn't actually design the website for you.
[Click on image for larger view.]
Figure 1. Creating a website is only a few clicks away, although Azure doesn't actually design the website for you.

A sign of the new Microsoft is the open source project Kudu, also known as Site Control Management which you reach by putting .scm after your site's name ( and logging in with your deployment credentials. This is a hidden gem for web developers and gives access to a lot of troubleshooting and diagnostics tools. Another neat trick is that apart from the web console and PowerShell you can use your on-premises IIS manager to connect to your Azure Web Sites.

At BUILD, Microsoft announced support for Java 7 (both 32- and 64-bit) for Azure Web Sites, along with full support for Apache Tomcat 7.0.50 and Jetty 9.1.0. There's also a new SKU for Web Sites called Basic with some limitations on functionality. The Standard SKU now gives you free SSL connections (although you still have to supply the certificate).

One question that I hear frequently is whether to use Azure Web Sites to host sites or Cloud Services Web Role. After all, both fall under the PaaS umbrella and seem to do the same thing. It depends on what you need your site to do. Web Sites essentially provides IIS as a platform for your Web app, hiding anything underneath that layer from you. Depending on your SKU your site might be hosted with other tenants and because it's just IIS resources, Web Sites can be provisioned and scaled extremely quickly.

Web Role on the other hand is a full VM with IIS preinstalled dedicated to you and you have full access to it, allowing you to run start-up scripts, customize IIS and open up ports in the firewall for instance, provided all of these things can be scripted or be part of your service package configuration. (Remember, this is still PaaS and Azure might take away that particular VM at any time and spin up a new one, which then will need to automatically configure itself.) You could even RDP to the server for troubleshooting purposes. Spinning up a Web Role takes a few minutes, compared to seconds for a Web Site instance.

Virtual Machines
Although late to the IaaS party (Azure was a pure PaaS play in the first few years of its life), VMs on Azure are now serious contenders for your public cloud projects. As expected there's a gallery with ready-made Windows and Linux VMs, including machines with SQL, Oracle, SharePoint and BizTalk server. You'll also need to define the size of your machine, as April 2, 2014 there are two tiers of VMs, Basic and Standard. Basic doesn't include load balancing or auto scaling and as such is suitable for single instance production machines, development boxes or test servers. The range of machines in Basic starts at A0 which has a shared core and 768 MB, up to A4 which has eight cores and 14 GB of memory. The Standard tier adds A5 to A7 with the latter providing 56 GB of memory.

Creating a VM in Azure is easy and it only takes a couple of minutes to be provisioned. VR_Azure_Create_VM.png
[Click on image for larger view.]
Figure 2. Creating a VM in Azure is easy and it only takes a couple of minutes to be provisioned.

VMs are billed per hour but a stopped VM doesn't incur charges. There's a catch: If you shut down the VM from within the OS or if you use PowerShell with ShutDownRoleOperation with the parameter PostShutdownAction set to Stopped you will still be billed. If you shut down the VM from the Azure portal or by using the above PowerShell cmdlet with the parameter set to StoppedDeallocated, you will not be billed for the stopped VM. This is shown in the portal where Status "Stopped" will still be charged, whereas "Stopped (Deallocated)" won't be.

IP address assignment for VMs can be challenging. Basically it's like DHCP in that you will get an IP address from your virtual network (more details in part 2 of this series) or by the default network in Azure automatically, but this IP address will follow your VM for its lifetime even if you restart the VM. However, if you stop the VM as per above to not be billed for it, the VM may be assigned a new IP address when you start it again.

VMs use VHD files (not VHDX yet) as their virtual storage; hence, it's possible to download VMs from Azure and run them on Hyper-V in your datacenter. Conversely, you can sysprep a standard corporate image VHD on premises and then upload it to Azure and create VMs from it.

Many users seem not to be aware of the Availability set feature (as over 90 percent of customers haven't defined them), which splits VMs across racks and ensures minimal downtime when Azure needs to perform infrastructure updates.

Recently added is an optional VM agent that adds support for management frameworks such as Puppet or Chef for automated IT. These tie in with a very important mindset that I think all IT pros should acquire -- automation. Whether it's PowerShell, SMA, Azure Automation (again, see part 2) or the above frameworks, the skill and mindset to automate repetitive tasks is going to be vital in the future.

This feature is available for Web Sites, Cloud Services and Virtual Machines as well as for the backend of Mobile Services. In the preview period it only supported scaling based on CPU load. Now that it's generally available (or GA, which is the Azure equivalent of RTM), it also supports scaling based on HTTP queue length. The ability to have a service automatically scale based on load (or manually by dragging a slider) is a great benefit of using Azure that otherwise would require a fair bit of work to automate in your own IT infrastructure.

We've covered quite a bit of ground for now. When we continue this series next time, I'll cover PowerShell, Azure Automation, Cloud Services, Mobile Services, Diagnostics, Virtual Networks, Express Route, Traffic Manager and SQL Server/Service.

About the Author

Paul Schnackenburg has been working in IT for nearly 30 years and has been teaching for over 20 years. He runs Expert IT Solutions, an IT consultancy in Australia. Paul focuses on cloud technologies such as Azure and Microsoft 365 and how to secure IT, whether in the cloud or on-premises. He's a frequent speaker at conferences and writes for several sites, including Find him at @paulschnack on Twitter or on his blog at


Subscribe on YouTube