GCP & Azure Fundamentals for Multi-Cloud
Azure Core Services: Compute, Storage & Networking
Microsoft Azure dominates in enterprise environments due to Microsoft 365, Active Directory, and hybrid cloud integration. Understanding Azure is essential for enterprise-focused architect roles.
Azure Compute Services
Azure Virtual Machines
VM Series & Use Cases:
| Series | Use Case | Example |
|---|---|---|
| B-series | Burstable, dev/test | B2ms |
| D-series | General purpose | D4s_v5 |
| E-series | Memory-optimized | E16s_v5 |
| F-series | Compute-optimized | F8s_v2 |
| N-series | GPU workloads | NC24ads_A100_v4 |
| L-series | Storage-optimized | L8s_v3 |
Azure-Specific VM Features:
- Availability Sets: Fault domain + update domain isolation
- Availability Zones: Physical datacenter isolation (like AWS AZs)
- Scale Sets: Auto-scaling VM groups (like AWS ASG)
- Spot VMs: Up to 90% discount (similar to AWS Spot)
Azure Kubernetes Service (AKS)
AKS Characteristics:
- Free control plane (unlike EKS $0.10/hour)
- Integrated with Azure Active Directory
- Virtual nodes (Azure Container Instances integration)
- Automatic node OS patching
Interview Question: AKS vs EKS vs GKE
Q: "Compare the managed Kubernetes offerings across the three major clouds."
A:
| Feature | AKS | EKS | GKE |
|---|---|---|---|
| Control Plane Cost | Free | $0.10/hour (~$73/mo) | $0.10/hour (~$73/mo) |
| Node Management | Scale Sets | Managed/Self-managed | Node Pools/Autopilot |
| IAM Integration | Azure AD native | IAM Roles for Service Accounts | Workload Identity |
| Networking | Azure CNI, kubenet | VPC CNI, Calico | VPC-native, Calico |
| Service Mesh | Open Service Mesh | App Mesh | Anthos Service Mesh |
| Best For | Microsoft shops | AWS-heavy orgs | Multi-cloud, GCP data |
Azure Functions & Container Apps
Azure Functions:
- Similar to Lambda, up to 230 seconds (consumption plan)
- Premium plan: No cold start, VNET integration
- Durable Functions: Stateful orchestration (unique feature)
Azure Container Apps:
- Similar to Cloud Run
- Built on Kubernetes (KEDA, Dapr)
- Scale to zero capability
- Integrated with Dapr for microservices
Azure Storage Services
Azure Storage Account Types
| Type | Use Case | Redundancy Options |
|---|---|---|
| Standard general-purpose v2 | Blobs, files, queues, tables | LRS, ZRS, GRS, GZRS |
| Premium block blobs | High-performance blobs | LRS, ZRS |
| Premium file shares | Enterprise file shares | LRS, ZRS |
| Premium page blobs | VM disks | LRS |
Blob Storage Tiers
| Tier | Access Latency | Min Storage | Use Case |
|---|---|---|---|
| Hot | Milliseconds | None | Frequently accessed |
| Cool | Milliseconds | 30 days | Infrequent (monthly) |
| Cold | Milliseconds | 90 days | Rarely accessed |
| Archive | Hours | 180 days | Long-term archive |
Azure Managed Disks
| Type | Max IOPS | Max Throughput | Use Case |
|---|---|---|---|
| Standard HDD | 2,000 | 500 MB/s | Backup, dev/test |
| Standard SSD | 6,000 | 750 MB/s | Web servers |
| Premium SSD | 20,000 | 900 MB/s | Production databases |
| Premium SSD v2 | 80,000 | 1,200 MB/s | High-performance DBs |
| Ultra Disk | 400,000 | 4,000 MB/s | SAP HANA, analytics |
Interview Question: Azure Storage Redundancy
Q: "Explain Azure's storage redundancy options and when to use each."
A:
| Option | Copies | Scope | Use Case |
|---|---|---|---|
| LRS | 3 | Single datacenter | Dev/test, non-critical |
| ZRS | 3 | 3 availability zones | Production, zone resilience |
| GRS | 6 | 2 regions (primary + secondary) | DR, compliance |
| GZRS | 6 | 3 zones + secondary region | Maximum durability |
| RA-GRS/RA-GZRS | Same | Same + read access to secondary | Read during outage |
Recommendation: Use ZRS for production, GZRS for critical data requiring regional DR.
Azure Networking
Virtual Network (VNet) Concepts
Azure VNet vs AWS VPC:
| Aspect | Azure VNet | AWS VPC |
|---|---|---|
| Scope | Regional | Regional |
| Subnets | Regional (span all zones) | AZ-specific |
| Security | NSG (subnet/NIC level) | Security Groups + NACLs |
| Peering | Global (cross-region) | Regional (cross-region separate) |
| NAT | NAT Gateway | NAT Gateway |
| DNS | Azure DNS (168.63.129.16) | VPC DNS (.2 address) |
Azure Load Balancing Options
| Service | Scope | Layer | Use Case |
|---|---|---|---|
| Azure Load Balancer | Regional | Layer 4 | VM load balancing |
| Application Gateway | Regional | Layer 7 | Web app load balancing, WAF |
| Azure Front Door | Global | Layer 7 | Global web apps, CDN |
| Traffic Manager | Global | DNS | DNS-based traffic routing |
Interview Question: Azure Front Door vs Application Gateway
Q: "When would you use Azure Front Door instead of Application Gateway?"
A:
| Factor | Front Door | Application Gateway |
|---|---|---|
| Scope | Global (anycast) | Regional |
| Best For | Multi-region apps | Single-region apps |
| CDN | Built-in | Separate (Azure CDN) |
| WAF | Premium tier | Built-in |
| SSL Offload | Yes | Yes |
| Routing | URL, header, geo | URL, cookie |
| Cost | Higher | Lower |
Use Front Door when:
- Multi-region deployment
- Global user base
- Need integrated CDN
- Want global WAF protection
Azure Private Link & Service Endpoints
Service Endpoints:
- Traffic stays on Azure backbone
- Service still has public IP
- Simple to configure
Private Link:
- Private IP in your VNet
- Works across VNet peering
- Supports cross-region access
Recommendation: Use Private Link for production; Service Endpoints for simplicity.
Hybrid Cloud: Azure's Strength
Azure Arc
Extend Azure management to any infrastructure:
- Arc-enabled servers (any VM)
- Arc-enabled Kubernetes (any K8s cluster)
- Arc-enabled data services (SQL, PostgreSQL)
Azure Stack
Run Azure services on-premises:
- Azure Stack Hub: Full Azure in your datacenter
- Azure Stack HCI: Hyperconverged infrastructure
- Azure Stack Edge: Edge computing appliances
Interview Tip: Azure's enterprise strength is hybrid cloud and Active Directory integration. Emphasize Azure Arc, Azure AD, and Microsoft 365 integration when discussing enterprise scenarios.
Next, we'll explore multi-cloud comparison and decision frameworks. :::