Azure AZ-900 Fundamentals Architecture and Services

Understanding the core architecture and services of Microsoft Azure is not just about passing the AZ-900 exam; it's about building a foundational mental model for how modern cloud platforms operate. This knowledge enables you to make informed decisions about reliability, cost, and service selection, which are critical skills for any role in today's technology landscape. Mastering these fundamentals is your first step toward leveraging the cloud effectively.

Azure Infrastructure and Organization

Azure Global Infrastructure: Regions and Availability Zones

The physical backbone of Azure is its global infrastructure, designed for resilience and proximity to users. An Azure region is a set of datacenters deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network. Regions allow you to deploy resources close to your users for performance and to meet data residency requirements. It's a common exam trap to confuse a region with a mere data center; a region is a much larger geographical area containing multiple, isolated locations.

Within each region, Azure offers availability zones. These are physically separate locations, each with independent power, cooling, and networking. They are designed to protect your applications and data from datacenter-level failures. When you architect a solution to use zones, you are distributing your virtual machines or other services across these isolated infrastructures for high availability. For the AZ-900, you must remember that not all regions support availability zones, and services must be specifically configured to use them—it is not automatic.

Organizing Resources: Resource Groups and Subscriptions

Azure uses a hierarchical model to manage access, billing, and resources. At the top is a subscription, which is a logical container for billing and management. You might have separate subscriptions for development, testing, and production to isolate costs and administrative boundaries.

Within a subscription, you use resource groups to organize and manage related Azure resources. A resource group is a logical container that holds related resources for an Azure solution. All resources in a resource group should share the same lifecycle; you deploy, update, and delete them together. A critical point for exam scenarios is that a resource can only exist in one resource group, but it can interact with resources in other groups. Resource groups are also the scope for applying role-based access control (RBAC) policies and tags for organization.

Core Azure Services

Core Compute Services: VMs, App Service, and Azure Functions

Azure provides a spectrum of compute services, from full infrastructure control to completely abstracted, event-driven code.

Azure Virtual Machines (VMs) are Infrastructure-as-a-Service (IaaS) offerings. They provide on-demand, scalable computing resources, offering you full control over the operating system and software. You are responsible for patching, securing, and maintaining the VM, while Azure maintains the underlying hardware.

Azure App Service is a Platform-as-a-Service (PaaS) offering for hosting web applications, REST APIs, and mobile backends. It completely abstracts the infrastructure, so you only manage your application code and data. It supports automatic scaling, built-in continuous deployment, and multiple programming languages (.NET, Java, Node.js, Python, etc.).

Azure Functions is a serverless compute service. It allows you to run small pieces of code (functions) in response to events like HTTP requests, messages from a queue, or timers. With serverless, you don't provision or manage servers at all; you simply write the code, and Azure dynamically allocates resources. You are billed only for the time your code executes, making it highly efficient for sporadic workloads.

Core Data and Storage Services: Blob Storage and SQL Database

Data services in Azure range from unstructured object storage to fully managed relational databases.

Azure Blob Storage is Microsoft's object storage solution for the cloud. It is optimized for storing massive amounts of unstructured data, such as text or binary data (images, videos, backup files, logs). Blobs are stored in containers, similar to files in folders. For the exam, know that it offers different access tiers: Hot (frequent access), Cool (infrequent access), and Archive (rare access), which trade off storage cost against retrieval cost and latency.

Azure SQL Database is a fully managed Platform-as-a-Service (PaaS) relational database based on the Microsoft SQL Server engine. Azure handles all management—patching, backups, high availability, and scaling—so you can focus on your data model and application. It's a key example of how PaaS reduces administrative overhead compared to running SQL Server on an Azure VM, which would be an IaaS approach.

Core Networking: Virtual Networks

Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. It enables Azure resources like VMs to securely communicate with each other, the internet, and on-premises networks. A VNet is scoped to a single region but can be connected to VNets in other regions or to on-premises datacenters using VPN Gateway or Azure ExpressRoute. Key components you'll configure within a VNet include subnets (which segment the network), network security groups (which filter traffic), and route tables.

Additional Azure Concepts

Azure Marketplace and Shared Services

The Azure Marketplace is an online store containing thousands of applications and services built by Microsoft and third-party vendors. These are pre-configured, certified solutions—like virtual machine images, software solutions, and developer services—that you can deploy directly into your Azure subscription. It accelerates deployment by providing ready-to-use templates and managed applications, which is a common theme in the cloud's "as-a-service" model.

Comparing Compute Service Models

Choosing the right compute service is a frequent exam topic. Your decision hinges on the level of control versus management responsibility you need.

• IaaS (Virtual Machines): Maximum control. You manage the OS, middleware, runtime, and data. Azure manages the virtualization, servers, storage, and networking. Use for lift-and-shift migrations or when you need specific OS or software control.
• PaaS (App Service, Azure SQL Database): Focus on development. You manage the application and data. Azure manages the OS, runtime, middleware, and infrastructure. Use for developing web apps or APIs without managing servers.
• Serverless (Azure Functions): Event-driven granularity. You manage only the code and function configuration. Azure dynamically manages all infrastructure. Use for event processing, microservices, or automating tasks.

A classic exam trap is a scenario describing a simple web app where the development team wants to avoid server management. The correct choice is PaaS (App Service), not IaaS (VMs).

Understanding Storage Redundancy

Azure Storage accounts offer several replication strategies to ensure durability and availability. Your choice balances cost against your resilience requirements.

• Locally Redundant Storage (LRS): Replicates your data three times within a single datacenter in the region. Lowest cost and durability. Protects against hardware failures but not against a datacenter-level disaster.
• Zone-Redundant Storage (ZRS): Replicates your data synchronously across three availability zones in the region. Higher durability than LRS. Protects against datacenter-level failures while keeping data within the region.
• Geo-Redundant Storage (GRS): Copies your data to a secondary region hundreds of miles away (using LRS in both regions). This is asynchronous replication, so there is a slight lag. It provides protection against regional outages.
• Read-Access Geo-Redundant Storage (RA-GRS): Offers all the benefits of GRS, but also provides read-only access to the data in the secondary region. This allows your application to read data from the secondary location if the primary becomes unavailable, enabling higher availability for read operations.

For the exam, remember the hierarchy: LRS (within one DC) < ZRS (across zones in one region) < GRS/RA-GRS (across two regions). RA-GRS is unique in allowing read access from the secondary.

Common Pitfalls

1. Confusing Availability Zones with Regions: A region is a broad geographical area, while zones are isolated locations within a single region. Deploying across two regions is for disaster recovery (geo-redundancy), while deploying across zones is for high availability within a region.
2. Misunderstanding the Shared Responsibility Model: A frequent exam trick is to ask who is responsible for patching the OS on an Azure VM (you are, in IaaS) versus an Azure SQL Database (Microsoft is, in PaaS). Always identify the service model first.
3. Overlooking the Cost Implications of Redundancy: LRS is the cheapest, while RA-GRS is the most expensive for storage. Choosing GRS/RA-GRS for all data without a business requirement for geo-redundancy is an unnecessary cost. The exam tests your ability to match the redundancy option to a scenario's requirements.
4. Selecting IaaS When PaaS is Appropriate: Given a scenario where the core requirement is to avoid infrastructure management for a standard web application, the correct answer is almost always Azure App Service (PaaS), not Virtual Machines (IaaS). Don't default to VMs out of familiarity.

Summary

• Azure's global infrastructure is composed of regions and, within many of them, isolated availability zones for high availability.
• Resource groups are logical containers for organizing and managing Azure resources that share a common lifecycle within a subscription.
• Core services include compute offerings like Virtual Machines (IaaS), App Service (PaaS), and Azure Functions (serverless), as well as data services such as Blob Storage and SQL Database.
• Azure Virtual Networks provide private, secure networking for your Azure resources.
• The Azure Marketplace offers pre-built solutions to accelerate deployment.
• Storage redundancy options—LRS, ZRS, GRS, and RA-GRS—offer a trade-off between cost, durability, and availability, from single-datacenter to cross-region protection.