Monthly Archives: August 2018

Understanding Tenants, Subscriptions, Regions and Geographies in Azure

If you are getting started working with Azure you might come across a few key terms that it’s important to have a good understanding of. In this post I’m going to cover what I think are four of the key ones.

Tenant

A Tenant, as it relates to Azure, refers to a single instance of Azure Active Directory, or, as it is often called “Azure AD”. Azure AD is a key piece of Microsoft’s cloud platform as it provides a single place to manage users, groups and the permissions they hold in relation to applications published in Azure AD.

Key Microsoft applications that Azure AD provides access to include Office 365, Dynamics 365 and Azure. Yes, you read that right, Azure is treated as an ‘application’. You can also use Azure AD to control access to many other third-party applications such as Salesforce and even the AWS admin console. As an application developer you can register your own applications in Azure AD for the purpose of allowing users access.

Azure AD Tenants are globally unique and are scoped using a domain that ends with ‘onmicrosoft.com’ (i.e. myazuread.onmicrosoft.com) and each has a ‘Tenant ID’ in the form of an UUID/GUID. Some customers choose to connect their internal Active Directory environment to Azure AD to allow single or same sign-on for their staff and will also use a custom domain instead of the default ‘onmicrosoft.com’.

When you access the Azure Portal, or leverage one of the command-line tools to manage Azure resources in a Subscription, you will always be authenticated at some point via the Azure AD Tenant associated with the Subscription you want to access. The actions you can take will depend on the Role you have been assigned in the target Subscription.

Finally, Azure AD Tenants can be associated with multiple Subscriptions (typically in larger organisations), but a Subscription can only ever be associated with a single Azure AD Tenant at any time.

Dev Tip: if you want to develop an application that uses Azure AD but don’t have permissions to register applications in your company’s Azure AD Tenant (or you want a ‘developer’ Azure AD Tenant) you can choose to create a new Azure AD Tenant in the Azure Portal. Make sure in your application that you can easily change Azure AD Tenant details to allow you to redeploy as required. Azure AD has a free tier that should be suitable for most development purposes.

IT Pro Tip: you can change the display name for your Tenant – something I strongly recommend, particularly as Azure AD B2B will mean others will see your Directory name if they are invited and may be confused if the display name is something unclear. Note that you are *not* able to change the default onmicrosoft.com domain.

Subscription

A Subscription in Azure is a logical container into which any number of resources (Virtual Machines, Web Apps, Storage Accounts, etc) can be deployed. It can also be used for coarse-grained access control to these resources, though the correct approach these days is to leverage Role Based Access Control (RBAC) or Management Groups. All incurred costs of the resources contained in the Subscription will also roll-up at this level (see a sample below).

Subscription costs view

As noted above, a Subscription is only ever associated with a single Azure AD Tenant at any time, though it is possible to grant users outside of this Tenant access. You can also choose to change the Azure AD Tenant for a Subscription. This feature is useful if you wish to transfer, say, a Pay-As-You-Go (PAYG) Subscription into an existing Enterprise Enrolment. Subscriptions have both a display name (which you can change) and a Subscription ID (UUID/GUID) which you can’t change.

Subscriptions are not tied to an Azure Region and as a result can contain resources from any number of Regions. This doesn’t mean that you will have access to all Regions, as some Geographies and Regions are restricted from use – we’ll talk more about this next.

Resources contained in a Subscription, but deployed to different Regions will still incur cross-Region costs (where applicable) for the resource.

People sometimes use the word ‘Tenant’ instead of ‘Subscription’ or vice-versa. Hopefully you can now see what the difference is between the two.

Regions and Geographies

Azure differs from the other major cloud providers in its approach to providing services close to the customer. As a result, and at time of writing (August 2018), Azure offers 42 operational Regions with 12 more announced or under development.

A Region is a grouping of data centres that together form a deployment location for workloads. Apart from geo-deployed services like Azure AD or Azure Traffic Manager you will always be asked what Region you wish to deploy a workload to.

Regions are named based on a general geography rather than after exactly where the data centres are. So, for example, in Australia we have four Regions – Australia East, Australia Southeast, Australia Central 1 and Australia Central 2.

A Geography, as it relates to Azure, can be used to describe a specific market – typically a country (Australia), though sometimes a geographic region (Asia, Europe). Normally within a Geography you will find two Regions which will be paired to provide customers with high availability options. Can anyone spot the one Region that doesn’t have its pair in the same Geography?

There are a few special Regions that aren’t open to everyone – US Government Regions, the entire German Geography and China. In Australia, in order to access Australia Central 1 and 2 you must undergo a white listing process to gain access.

When you replicate data or services between Regions you will pay an increased charge for either data transfer between Regions and / or duplicated hosting costs in the secondary Region. Some services such as Azure Storage and Azure SQL Database provide geo-redundant options where you pay an incremental cost to have your data replicated to the secondary Region. In other cases you will need to design your own replication approach based on your application and its hosting infrastructure.

Once you have deployed a service to a Region you are unable to move it – you have to re-provision it if you need the primary location to be somewhere else.

As a final note, while there is a Regional availability model (replication of services between Regions), Microsoft has also introduced the concept of Availability Zones. Availability Zones are still being rolled out globally, and are more than just a logical overlay over Regions. Interesting times!

So there we have it, a quick overview of some of the key terms you should be familiar with when getting started with Azure. As always, if anything’s unclear or you have any questions feel free to drop a comment below.

😎

Tagged , , ,

DDD Sydney 2018 – Super sold-out Saturday!

Microsoft has always been a company by, of, and for developers, and the renewed Microsoft commitment to meet the Australian developer community wherever they are continued this past weekend when we were at DDD Sydney.

DDD Sydney, like Perth before it, didn’t disappoint in its slick organisation and community-selected content. The unique spice to the Sydney event though was the dedicated junior developer track – a concept to be loudly applauded and, I hope, replicated elsewhere over time.

DDD Sydney Badge

As this was my home city event I asked my oldest son if he’d like to be a paid attendee for the day – something he quickly said ‘yes’ to. As he’s only just started high school I didn’t expect him to understand all the content, but I thought it would be a good experience for him and hopefully he’d pick on some tips along the way. Well… I think he did pretty well out of the day based on the below Twitter post…

… and now I’ve had to install Python on his computer and order a Raspberry Pi for him! (A big thanks to Damian Brady from the Microsoft CDA team for spending the time with my son!)

Carrying on though…

At the Microsoft stand we had a great time discussing the Azure platform with developers and getting to understand how we can help them do more with it. Some of the discussions I had covered:

– What’s the difference between an Azure Tenant, Subscription and Region. This is a good question, and I’ll post a follow-up blog post to cover this as understanding these three items are fundamental to working with Azure, particularly if you are working with many customers who each own a Subscription.

– How about extending Visual Studio Team Services (VSTS) to do Domain Drive Design (DDD)? Good idea! VSTS has an extensibility model you can tap into if you want to add to the platform’s capabilities or customise it to suit your requirements.

– We had a bunch of people sign-up and play our Azure Cognitive Services-based game “Where’s Bit?”. We’ll eventually open this up for everyone to have access to how we built the game, but for now keep an eye out for it at the upcoming events we’ll be at.

Two lucky winners of “Where’s Bit?” will receive invites to an upcoming Xbox triple A title launch event in Sydney in September (I can’t tell you what it is.. but it’s pretty damn cool.. wish I was going!)

Overall I was really happy with how the day went, and really pleased that we were able to support the organisers in their first sell-out year! Sydney developers care deeply about their personal development and being engaged with others in their community and the buzz on the day was hard to come down from once the day was over!

I’m always happy to take feedback or questions around Azure for developers – feel free to leave a comment below or to hit me up on Twitter if you have any.

We’ll be back in Sydney for NDC in September and YOW! in November – hope to see you there then!

😎

Keynote with Damian Brady on AI and ML.

Keynote

Closing session – excess food was donated to OzHarvest.

Closing panorama

Tagged , , ,

DDD Perth 2018 – the value of a strong developer community

This past weekend I was in Perth to attend DDD Perth as part of Microsoft’s sponsorship and thought I’d write up my experience.

For those of you unfamiliar with DDD (Developer! Developer! Developer!), it is a community-organised event that started in the United Kingdom in 2005 and has run in various cities in Australia over the last few years.

If you take a look through the published agenda for Perth for 2018 you will see a fantastic variety of content and speakers – ranging from deep tech through to personal well being – all voted for by the community. This is a clear guide that developers are looking far beyond what could be considered traditional interest areas and making the most of personal growth opportunities available at events like DDD.

I didn’t get a chance to take any photographs, but I’m sure the DDD Perth blog will post a bunch when the committee has recovered from running the event for 400+ people! What I can talk a bit about here though is the types of discussions I had at the Microsoft booth.

  • Does Azure have a free tier? Yes. You can easily get started at https://azure.microsoft.com/en-us/free/.
     
  • How can I learn more about Azure? There are a bunch of different ways, but a good general platform overview is delivered at Azure Discovery Days. You can find the list of upcoming Australian events at https://www.microsoft.com/en-au/azurelearningpathways/upcoming-event.
     
  • Are Azure Functions production-ready? Yes, they are. The confusion here stemmed from the ‘v1’ (production-ready) and the ‘v2’ (in-preview) versions of the runtime. This is a reminder to me that people not close to a platform often don’t get the subtleties and simply hear “not production ready” as the message.
     
  • How do I migrate between Azure Regions? Well… I could write an entire (never ending) series on the number of ways to achieve this! I will leave it at “it depends”….
     
  • What do I need to do to get a t-shirt, book or sticker? (Hint: play one of our games, give us feedback, join our OSS4Good project)

There were a lot of other discussions on the day with the team on the booth and we had our two games up and running (I’ll keep those under wraps for now as a surprise for others) as well as launching our Open Source for Good project which you can head over to Github to learn more about (if you’d like to get involved feel free to leave a comment below and we’ll invite you).

I tweeted how amazing this day was, and the organisers need to be proud to have built such an amazing and accessible event! If you didn’t get a ticket for this year, then I’d certainly keep an eye out for next year’s event.

If you live in the following cities then you’re in luck because your 2018 DDD is yet to happen. Sydney is up next on 18 August, so make sure to get your tickets soon!

I’ll be at these events so please drop by and say hello!

😎

Tagged , ,