Azure Concepts

Azure datacenters

Azure has 100+ datacenters around the world
Datacenters are divided in regions
The exact location of these datacenters is not revealed by Microsoft (for security reasons)
Interactive maps of Azure datacenters: https://build5nines.com/map-azure-regions/
Compliance and Security:
- Data is encrypted
- Managed and supervised by security professionals
- Follows standards i.e. ISO
- https://azure.microsoft.com/en-us/overview/trusted-cloud/compliance/
- https://docs.microsoft.com/en-us/microsoft-365/compliance/offering-home
Utilizes renewable energy (solar panel, windmill)
Project Natick - under water datacenter

A set of datacenters deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network.
Set of datacenters within a metropolitan areas
Network latency < 2 ms

An area of the world containing at least one Azure region
Geographies define a discrete market that preserve data residency and compliance boundaries
Fault-tolerant to protect from complete region failure

Hierarchy diagram of Azure Infrastructure (also see: Availability diagram of Azure Virtual Machine)

Hierarchy diagram of Azure Infrastructure

Note: Microsoft does not reveal actual location of datacenters, I assumed just for sake of explanation!

A resources is an instance of a services that you create in Azure i.e. virtual machines, storage, SQL databases etc
Resource is a managable item in Azure
Resources are instances of services that you create in Azure
A manageable item that is available through Azure
Examples
- Virtual machines, storage, SQL databases, virtual networks etc.
- Resource groups, subscriptions, management groups, and tags

A resource group is a container that holds related resources for an Azure solution (Details: Resource group)
Resource group includes those resources that you want to manage as a group
Resource groups in Azure is a approach to group a collection of assets in logical groups
A resource group is a logical container into which Azure resources (i.e. web apps, databases, and storage accounts) are deployed and managed
Resource groups allow easy or even automatic provisioning, monitoring, and access control, and for more effective management of their costs
The underlying technology that powers resource groups is the Azure Resource Manager (ARM)
Resource group itself is a resource in Azure

Important point about resource group:

All the resources in your resource group should share the same lifecycle (you deploy, update, and delete them together)
Each resource can exist in only one resource group
When you delete a resource group, all resources in the resource group are also deleted
Up to 800 instances of a resource type can be deployed in each resource group
Some resources can exist outside of a resource group (i.e. subscriptions)
To create a resource group, you can use:
- Azure portal
- PowerShell
- Azure CLI
- REST API
- Azure Resource Manager (ARM) template (ARM templates are files in JSON format)

A Tenant, as it relates to Azure, refers to a single instance of Azure Active Directory
A tenant represents an organization in Azure Active Directory
Tenant is the highest level of administration in Azure
A tenant is associated with a single identity (person, company, or organization)
A Tenant can own one or several subscriptions

A subscription refers to the logical entity that provides entitlement to deploy and consume Azure resources
A subscription fuels the Azure resources in a customer tenant
Azure subscription can be used to separate Azure environments by financial and administration logic
- a single tenant at the company level and an Azure subscription for each department
- dividing subscriptions into development, testing, and production environments and having different Azure subscriptions for each of these environments

Subscription type:

Pay as you go
Enterprise subscriptions
Sponsored subscriptions (trial, Azure pass, MSDN subscription, should not be used for commercial or production purposes)

Resource belongs to a resource group, resource group belongs to subscription, and subscription belongs to tenant

Microsoft Azure perspective: when you log in to Microsoft Azure with your account

Azure fabric determines to which tenant you have access, signs you in to your default tenant, and you have access to subscriptions that are in that tenant
From there you can manage all subscriptions, resource groups, and resources that belong to that tenant
By switching tenants, you have access to different subscriptions, resource groups, and resources that belong in that tenant
All this is handled by Azure fabric in order to separate client environments

Hierarchy in Azure

Azure App Service is a fully managed web hosting service for building web apps, mobile back ends, and RESTful APIs without managing infrastructure
Azure App Service is a fully managed “Platform as a Service” (PaaS) that integrates Microsoft Azure Websites, Mobile Services etc.

App Service Plan is the hosting model where subscription is the billing model (all resources in a subscription are billed together i.e. App Service, Resource Group, … …, Xxx feature)
Details:
- https://blog.jonstodle.com/azure-subscriptions-resource-and-app-terms-explained/
- https://samcogan.com/what-is-an-azure-app-service-plan-and-what-does-it-do/

My own explanation to understand easily

Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments.
From MS doc: Azure Advisor analyzes your configurations and usage telemetry and offers personalized, actionable recommendations to help you optimize your Azure resources for reliability, security, operational excellence, performance, and cost
Details: https://docs.microsoft.com/en-us/azure/advisor/advisor-overview

Azure Advisor UI