AAC : Technology Choices - amitbhilagude/userfullinks GitHub Wiki

  1. Technology Choices

    1. Choose Compute Technology(Compute stands for Hosting models for applications)

      1. Comparision diagram to choose between all Azure Services https://docs.microsoft.com/en-us/azure/architecture/guide/technology-choices/compute-decision-tree
      2. Microservices Choice
        1. .Net based application with more integration or with or without container choose Service Fabric
        2. Container Application then AKS
        3. Low code with serverless then choose FaaS.
      3. Web Application Choice
        1. Traditional Web-Based have most of the logic at the server-side.
        2. SPA has some logic at the Browser level and Run back end API. Front-end technology frameworks like Angular, React, Vue, and Microsoft Framework like Blazor.
        3. Blazor App allows you to write C# code for UI without any knowledge of front-end technologies
      4. Multi-party computing
        1. Especially used for Blockchain use cases when they are many organizations involved. (Need to explore more)

    2. Choose Container Options

      1. Container Options
        1. Azure App Service: Good for Web applications and Web APIs in a container or native code
        2. Azure Container Instances: Good for scheduled operation with pay as go options
        3. AKS and Service fabric: Microservices architecture
        4. Spring boot container: Good for Sprint Boot(Java-based Framework) for Microservices
      2. Kubernetes at Edge options
        1. Baremetal Kubernetes: Setup Kubernetes on their own infrastructure
        2. Kubernetes on Azure Stack Edge: Azure stack edge devices support the computing, networks on edge location.
        3. AKS on HCI(in Preview): Support of AKS Azure Stack HCI. Azure Stack HCI is a new hyper-converged infrastructure (HCI) operating system delivered as an Azure service

    3. Choose Identity Services

      1. Active Directory Services
        1. Active Directory Domain Services (AD DS): On-Prem AD to support Account login, Group policies, and Computer management E.g. OS settings disables
        2. Azure Active Directory: Support of Cloud and Mobile application. Sync with on-prem AD. Support of Open-Id and Oauth auth.
        3. Azure Active Directory Domain Services (Azure AD DS): Full features of Azure AD and support of the cloud-based applications. It also supports the NTLM\Kerbores authentication.
      2. Hybrid Identity Authentication Methods
        1. Azure AD password hash synchronization: Hashed password synced to cloud and authentication happens in cloud-only.
        2. Azure AD Passed through authentication: Request route to On-prem AD for authentication where there auth agent running on on-prem to validate it.
        3. Federated Authentication system: External system which interacts with on-Prem for authentication. Azure AD route to the Federated auth system.

    4. Choose Storage Options

      1. Disks required for VMs - Azure Managed Disk
        1. Types of Disks and ordered with Max throughput and I\O operations to low: Ultra, Premium SSD(solid-state drives), Standard SSD, Standard HDD(hard disk drives)
      2. Store Images, Documents, and Other media files - Blob Storage
      3. Store VM Logs, Application Logs, Azure Monitor Logs - Blob Storage. Then logs analytics or Azure Monitor can query these logs.
      4. Backups of Databases like SQL - Blob Storage
      5. Analytics Data - Azure Data Lake Storage Gen V2
      6. Replacement of on-Prem file share with support of SMTP or Server Message Block(SMB) or Https Protocol or Network File System(NFS)- Azure Files(Gives similar functionalities like Files explorer). There is an additional option called Azure Net App Files which is used for SAP stores with a high workload.- > AWS File system
      7. Hybrid Cloud Storage for high-performance and accessible in on-Prem: Avere vFXT for Azure
      8. Syncing large data from the on-prem cloud with archiving mechanism - Azure Data Box Gateway along with Azure Stack edge. - AWS Snowball\Snowmobile
      9. Syncing of On-Prem files to Azure Files - Azure File Sync -> AWS Data sync

    5. Choose Data Store

      1. Relational Database and normalized data -> RDs in AWS
        1. Azure SQL DB
        2. Azure Database for MySQL
        3. Azure Database for PostgreSQL
        4. Azure Database for MariaDB
      2. Key-Value Store -> Dynamo in AWS
        1. Azure Cosmos DB Table API
        2. Azure Cache for Redis
        3. Azure Table Storage
      3. Document Store( Document is collection of fields like JSON) -> Daynamo in AWS
        1. Azure Cosmos DB Table API
      4. Graph Database
        1. Azure Cosmos DB Gremlin API
        2. Azure SQL DB
      5. Data Analytics
        1. Data Lake Storage Gen V2
        2. Azure Synapse SQL -> Redshift in AWS
      6. Column-Family database (Denormilised data)
        1. Azure Cosmos DB Cassandra API
        2. HBase in HDInsight
      7. Search Engine Database
        1. Azure Cognitive Search - Elastic Search
      8. Time Series Database (Collect data real-time)
        1. Azure Time Series Insights
        2. Azure Data Explorer
      9. Database scenarios:
        1. https://docs.microsoft.com/en-us/azure/architecture/data-guide/relational-data/online-analytical-processing
      10. Data Transfer to and From Azure Options
        1. Physical Transfer
          1. Azure Import/export Service: to import\Export data to Physical Hard Disk and ship Physical Hard disk to Azure Datacenter.
          2. Azure Data box: Microsoft provided device so no additional Hard disk is required.
        2. Command-line tools
          1. Azure CLI: Upload into Azure Storage
          2. Az Copy: Windows or Linux tool to copy over Azure Storage from machine
          3. Powershell
          4. Adl copy: Blob to Data Lake
          5. Polybase: Copy to relation DB like SQL Server

    6. Choose Analytical Option

      1. Analytical store and services options
        1. Azure Synapse Analytics: is upgraded version SQL DW + ML +Power BI that integrates with ADLS + Data Bricks.
        2. Azure Analysis Service: this is an upgraded version of the SQL Server Analysis Service on the cloud.
        3. Apache Spark in Azure Synapse Analytics: Support to Store spark data
        4. Azure Data Bricks : AWS Data bricks
        5. Azure Data Explorer: Used for real-time analytics
        6. Azure SQL DB or other offerings managed instance or in VM
        7. Apache HBase in Azure HDInsight: Support of Apache HBase
        8. Interactive Query In Azure HDInsight: Apache query in HD insight
        9. Cosmos DB
      2. Reporting Options
        1. Power BI
        2. Jupyter Notebooks
        3. Zeppelin Notebooks
        4. Microsoft Azure Notebooks(Online Jupyter Notebook)
      3. Batch Processing Options
        1. All mentioned in point 1
      4. Stream Processing
        1. Azure Stream Analytics
        2. HDInsight with Spark Streaming
        3. Apache Spark in Azure Databricks
        4. HDInsight with Storm
        5. Azure Function
        6. Azure App Service WebJobs
        7. Apache Kafka streams API

    7. Choose AI/ML Technologies

      1. https://docs.microsoft.com/en-us/azure/architecture/data-guide/technology-choices/cognitive-services

    8. Choose Networking Services

      1. Networking options
        1. PaaS-based service doesn't need virtual networking. Mostly we can use its advanced features like IP restriction. However, there could be below scenarios where you need to integrate virtual networking but PaaS most don't deployed in Virtual network
          1. PaaS requires reading a backend database that has networking and firewall enabled and access it through service endpoint, you may integrate it with vnet. E.g. App service will have outbound integration with vnet which has service endpoint enabled for DB.
          2. PasS have integration with on-Premises which is going to used the express route. Express route always deployed in vnet.
          3. Paas have integration with IaaS(VM) which is deployed in vnet.
        2. Scenarios
          1. Setup networking infrastructure to connect VPN and VMs - Virtual Network
          2. Managed inbound-Out bound connections and request to the Application - Azure Load Balancer
          3. Increase application security with WAF - Azure Front door and Application Gateway
          4. Securely access the internet within vnet and VPN - Azure VPN Gateway
          5. Custom DNS mapping - Azure DNS
          6. Deliver static content close to the region - CDN
          7. Protect Azure Application using DDoS attack - Azure DDoS Protection
          8. Distribute traffic in Global Region - Azure Front Door and Azure Traffic Manager
          9. Distribute traffic in Global Region with Microservices - Azure Front Door
          10. Private connectivity from Azure to on-prem - Express route
          11. Separate firewall Service - Azure Firewall
          12. Connectivity between different business offices and locations: Azure Virtual WAN
          13. HTTPS traffic with SSL Termination - Application Gateway
          14. HTTPS traffic with Geo distributed - Azure Front Door
          15. Non-Https traffic - Azure Standard Load balancer
          16. Non-Https traffic with geo-distributed - Traffic Manager
        3. Networking Architecture scenarios:
          1. Only PaaS services - Networking is not required
          2. IaaS services without on-prem connectivity - Cloud-native
          3. Cloud services with very less on-prem connectivity and considered azure traffic is untrusted - Cloud DMZ
          4. Cloud services with on-prem connectivity - Hybrid
          5. Cloud services with on-prem connectivity with complex networking - Hub and Spoke
          6. Connectivity between different business offices and locations: Azure Virtual WAN
      2. Vnet peering vs VPN Gateway
        1. Vnet peering: Virtual network peering connects two Azure virtual networks. Traffic between virtual machines in the peered virtual networks is routed through the Microsoft backbone infrastructure, through private IP addresses only.No public internet is involved. You can also peer virtual networks across Azure regions (global peering).
        2. VPN Gateway: Used to send traffic between an Azure virtual network and an on-premises location over the public internet. you can also use a VPN gateway to send traffic between Azure virtual networks without peering. Each virtual network can have at most one VPN gateway.

    9. Choose Messaging Service

      1. Service Bus: Messaging -> SNS or SQL in aws
      2. Event Grid: Reactive messaging for some action happens -> Event bridge in AWS
      3. Event Hub: Big Data events streaming can handle massive events -> Event Kinesis

    10. Choose IoT Solutions

      1. https://docs.microsoft.com/en-us/azure/architecture/example-scenario/iot/iot-central-iot-hub-cheat-sheet

    11. Choose Mobile Development Framework

      1. Native Platform development
        1. App built per OS like windows, ios and android
        2. Better performance
        3. Respective OS SDKs are used
      2. Cross-Platform development
        1. App built to support multiple OS
        2. Slightly lower Performance
        3. Programming options: Xamarin, Mavi, React Native, Unity
      3. Hybrid Platform Development
        1. Build an app to support mobile and web
        2. Programming options: Cordova