Microsoft Azure Cloud - Data Center - Code Exploit Cyber Security

Microsoft Azure – Module Introduction

Microsoft Azure Data Center Architecture helps with part of objective 1.1, describing how Azure uses Global Foundation Services (GFS) data centers which is part of the design of Microsoft’s Infrastructure and Networking domain.

The first part looks at understanding Azure Data center Architecture. An overview of topics to be discussed include:

-Azure Data Centers

-Azure Regions

-Azure Speed Test

-Azure Services

-Azure Data Center Architecture

-Affinity Groups

-Physical Security

Microsoft Azure Data centers

Azure data centers are located across the globe with over 1 million blade servers installed. Bear in mind that this number may change as Microsoft pushes to deploy data centers to regions not yet covered by the cloud services.

These data centers don’t just look after Azure infrastructure but used to host other Microsoft services like Office 365, Xbox live, Bing search engine, Hotmail and over 200 other services offered by Microsoft.

Azure data centers are managed by MCIO department which used to be called GFS.

The data centers are available in 140 countries where users can create an account for the cloud service. About 10 different languages and 19 currencies are supported by the Azure platform.

Azure Regions

Microsoft Azure is available in many regions of the world including the USA, Europe and Asia. A list of regions can be found below with more regions being added as part of expansion projects.

Bear in mind Azure regions cover areas not currently listed including China, where only citizens on that region can access. The decision is yours on which data center to use depending on factors like proximity and latency, as seen in Singapore data centers.

In recent times, new data centers have been deployed in regions such as Brazil and South Africa, with a handful of undisclosed government data centers.

Azure Speed Test

Before deploying an Azure infrastructure, a few things may be considered especially if you live in a region without Azure data centers. You can run a speed test to determine the latency between your location and the nearest data center using the tool below;

http://azurespeedtest.azurewebsites.net

This test checks all the blob storage services running on all the Azure data centers and returns latency times in seconds from your location to where those data centers are located. Information like this is vital for making decisions on which nearest data centers can handle your workload.

Azure Services and Regions

It is important to note that despite Azure data centers being available in a region, does not mean it will offer all the services a project may require. Emerging technology services such as Machine Learning, Blockchain, Big Data, IoT and Artificial intelligence may not be available in your nearest Microsoft Azure data center.

To check the services available in various regions, launch a browser and access the site below;

http://azure.microsoft.com/en-us/regions#services

Access the table of services available against the data center region from ‘Products by Region’, to assess if those regions support the service you intend to deploy including storage, data management, Ai and Machine Learning and CDN services.

Generally, US West and US East offer the most services in Azure but check website before deployment.

Affinity Groups

An affinity group is a ‘group of nodes’ in the same data center. By creating an affinity group, one can group together hosting services like cloud services and storage services in the same data center, reducing network latency and increasing application performance.

Because affinity groups places services in proximity, multi-tiered applications benefit from improved performance when serving a massive user base.

Azure Server Structure

Microsoft acquires blade servers for their data centers in specialised shipping containers. The modular blade servers function either in the Compute or Storage service role, usually stacked between 40 to 50 blade servers in a rack.

On top of each rack is a switch which are then connected to aggregated switches, to ensure connectivity between a group of racks.

Fabric Controllers

Some racks host servers that function as a Fabric Controller, responsible for functions listed below;

- Provisioning virtual machines

- Healing failed virtual machines

- Rehydrating virtual machines

- Managing health and life cycles of virtual machines

Stamps / Clusters

A collection of all those servers in racks, along with switches and fabric controllers form what is known as Stamps or Clusters.

Typically, clusters are made up of 20 racks grouped together and comprise of the same processor generation, with resources bound to the same affinity group. They are sometimes described as using the same stamp.

A recommended book that improves your understanding this technology further is Mastering Microsoft Azure Infrastructure Services by John Savill.

Physical Security

Azure data centers as you can imagine are equipped with the highest level of security, and a thorough security check of individuals are carried out before access is granted to their facilities.

Physical security as you would expect comes in the form of specialized buildings, with barbed wire and security cameras monitoring and protecting the entire premises. Some government data centers are so secretive, their locations are not even disclosed in public records.

Extensive security checks are required for any person to access the servers, usually sitting behind multiple doors and bomb-proof blast doors among other physical access control mechanisms. This as you would expect is necessary from the part of Microsoft to minimize any risks to organisations’ data.

Module Summary

We hope this introductory module helps clarify some of the concepts briefly touched on our previous article Azure Cloud Development Overview.

We touched on the architecture of Azure data centers, the servers used and how they are configured into clusters, regions where these centers can be found, and security measures put in place by Microsoft to prevent unauthorized access to these data centers.

Join us again as we delve deeper into azure cloud development with an Introduction to Networking and Objective Domains.

We would like to thank you for investing your time with us.