Where to begin with Microsoft Azure
By Adrian Smith
Microsoft Azure is a cloud computing platform. In order to understand the principles of Microsoft Azure it is best to develop an understanding of basic Microsoft Azure terminology and the inter-relationship of these terms.
The following information should help demystify key terms and pave the way for successful implementation.
The Microsoft Azure Account is a shell that is used to determine how Azure usage is reported and billed. It also identifies the Account Administrator.
Initialising Azure begins with a User ID, which is an email and password combination that Azure uses to authenticate users. There are two types of accounts available:
- Microsoft accounts that take the form <user>@outlook.com,<user>@hotmail.com or <user>@live.com
- Work or school accounts that take the form [email protected] or [email protected], for example. Note: "Contoso" can be any registered domain name.
Work or school accounts are different from Microsoft accounts because they are sourced from the built-in identity service Azure Active Directory. As a result, there are more options for managing them. For example, you can enable multi-factor authentication (MFA).
Microsoft's best practice is to use work or school accounts whenever you need to assign administrative access to Azure.
Subscriptions help to organise access to cloud service resources. They are also used to control how resource usage is reported, billed and paid.
One Azure Account can support multiple Azure Subscriptions with each subscription having a different billing and payment setup. This means it is possible to have different subscriptions for each department, project, regional office and so on. All your Azure Cloud Services must belong to an Azure Subscription and every Azure Subscription has a default accounts directory that can be used to create work or school accounts.
Both Accounts and Subscriptions are created at the Azure Account Center. The person who creates the account is the Account Administrator for all subscriptions created in that Account. That person is also the default Service Administrator for the subscription.
Account Administrators using a Microsoft account must log in every two years (or more frequently) to keep the account active. Inactive accounts are cancelled and the related subscriptions removed. There are no login requirements if using a work or school account.
There are three roles related to Azure Accounts and Subscriptions:
1 per Azure account
Authorised to access the Account Center (create subscriptions, cancel subscriptions, change billing for a subscription, change Service Administrator and more).
1 per Azure Subscription
Authorised to access Azure Management Portal for all subscriptions in the account. By default, same as the Account Administrator when a subscription is created.
200 per subscription
Same as Service Administrator, but can’t change the association of subscriptions to Azure directories.
The Account Administrator for a subscription is the only person with access to the Account Center. The Account Administrator does not have any other access to services in that subscription; also, they need to also be the Service Administrator or a Co-Administrator for that account.
For security reasons, the Account Administrator for a Subscription can only be changed with a call to Azure support. The Account Administrator can easily reassign the Service Administrator for a Subscription at the Account Center at any time.
The Service Administrator is the first Co-Administrator for a Subscription. Like other Co-Administrators, the Service Administrator has management access to cloud resources using the Azure Management Portal, as well as tools like Visual Studio, other SDKs, and command line tools like PowerShell.
The Service Administrator can also add and remove other Co-Administrators.
Crucial differences between the Service Administrator and Co-Administrators:
- Co-Administrators can't delete the Service Administrator from the Azure Management Portal. Only the Account Administrator can change this assignment at the Account Center.
- The Service Administrator is the only user authorised to change a Subscription's association with a directory in the Azure Management Portal.
Azure Storage Account:
An Azure Storage Account is a secure account that provides access to services in Azure Storage. Your storage account provides the unique namespace for your storage resources.
There are two types of storage accounts:
- A standard storage account includes Blob, Table, Queue, and File storage.
- A premium storage account currently supports Azure Virtual Machine disks only.
Before you can create an Azure Storage Account, you must have an Azure subscription. You can create up to 100 uniquely named storage accounts per subscription.
A standard Storage Account gives you access to Blob storage, Table storage, Queue storage, and File storage:
- Blob storage stores file data. A blob can be any type of text or binary data, such as, a document, media file or application installer.
- Table storage stores structured datasets. Table storage is a NoSQL key-attribute data store, which allows for rapid development and fast access to large quantities of data.
- Queue storage provides reliable messaging for workflow processing and for communication between components of cloud services.
- File storage offers shared storage for legacy applications using the standard SMB 2.1 protocol. Azure VMs and cloud services can share file data across application components via mounted shares, and on-premise applications can access file data in a share via the File service REST API.
Premium Storage Accounts:
Azure Premium Storage delivers high-performance, low-latency disk support for VMs with I/O -intensive workloads. VM disks that use Premium Storage store data on SSDs. To take advantage of the speed and performance of premium storage disks, migrate existing VM disks to Premium Storage.
Most of the above information was obtained from the following two Microsoft Azure Blog sites:
Note: Please be aware that due to the nature of all Cloud Services, changes are continual. The phrase that is used is “Forever Green”, that is, these notes may quickly become outdated.
Adrian Smith BSc, MCT
Adrian has worked in IT since earning a Computer Science Degree some 30 years ago and has worked, on and off, for the last 20 years as a Microsoft Certified Trainer both here in Australia and Europe. He is also an active member of the Australian Computer Society.