The term cloud originates from network diagrams that use a cloud shape to indicate the Internet
or networks outside of a company firewall. Of course, a platform is an infrastructure that hosts
and runs a software application and allows it to access and integrate with other software
applications. In a cloud platform, a software application is not inside your network. Instead, it is
housed in a virtual network and is maintained and managed in data centers that are operated by
vendors like Amazon and Microsoft. Users access the cloud platform through the Internet.
From your perspective as a developer or software architect, the concept of the cloud platform is
similar to a traditional on-premises platform, in which the servers and infrastructure are installed
within your organization or at your local data center. The server’s operating system provides the
infrastructure to host your application and connect it to storage and other computers and devices.
The cloud platform will also provide the operating system, storage, and network your application
requires to perform its business processes.
A cloud platform provides all the components and services required to architect, design, develop,
and run your application. It also provides the necessary infrastructure to integrate with other
applications running at private data centers.
Relevance of the Cloud Platform
Centralized cloud platforms present a similar scenario. Managing computer and network
equipment and maintaining data infrastructure software is not easy, and many small companies
lack the talent and specialization to do so. On the other end of the spectrum, there are a few
companies—like Microsoft and Amazon—for whom creating software and managing data
centers across the globe is their core business. These companies have the capacity to continually
innovate and improve data center efficiency, all while delivering services reliably and securely.
Cloud Platform Benefits
The cloud platform is an attractive choice for some due to the ability to scale, the time to market,
and the security features. Cloud platforms have made significant strides in both physical and
software security through huge investments that have outpaced those of enterprise data centers.
Amazon Web Services and Microsoft Azure are the two biggest cloud platform, vendors.
Amazon has the benefit of being the first cloud platform vendor, whereas Microsoft enjoys high
levels of trust from businesses that already use its other enterprise software products. Cloud
- Provide faster turnaround times: Ready-to-use services and related features can be accessed
- Lower IT effort: The efforts required to procure and deploy hardware and software have been
- Reduce risks: There are no up-front costs to procure hardware or licensing software; you pay
for what you use.
- Heighten agility: Solutions can be scaled up or down instantaneously in response to user
Your Application and Cloud Platform Matchup
Before we delve into the specifics of the composition of the platform, let us make sure your
the application is the right fit for a cloud platform, and that the cloud platform is ready for your
Does Your Application Belong on the Cloud Platform?
Over the past few years, there has been a surge in the use of cloud platforms due to the
deployment of mainstream and mission-critical enterprise-class applications. Scale and cost of
ownership are two key reasons these enterprise-class applications are moving to the cloud
- Scale: Zero to near-infinite resources are available. Your applications can scale up or down
depending on user load. This means you never have to worry about running out of capacity or,
more importantly, about over-provisioning.
- Cost of ownership: Paying for what you use is one obvious cost, but expenditures associated
with deploying, securing, and sustaining the deployment are lower since these are distributed to
multiple customer accounts.
As a developer, you should have conversations with business owners to ensure that the ability to
scale and the total cost of ownership are compatible with your situation. Cloud deployment
comes at a significant cost, especially if integration with existing on-premises infrastructure is
required for your application. Both Amazon and Microsoft provide cost calculators. While these
calculators give ballpark estimates of hosting an application on their cloud platforms, you will
still need to factor in the cost of integrating your cloud application with an on-premises solution.
Hardening an application will add to these costs. Simply stated, it’s important to have an
understanding of the overall cost and potential risks of the project before you embark on this
Finally, not every application is compatible with a cloud platform. Would Coca-Cola put its
secret formula on the cloud? This decision may not have anything to do with cloud platform
security or access—it could just be about retaining full control of a top asset.
Is the Cloud Platform Ready for Your Enterprise-Class Application?
In the previous section, we suggested having conversations with business owners about the
applicability of a cloud platform for your application. Next, you should verify that the cloud
platform is actually ready for your application.
Unless your business was born in the cloud, you likely have a complex and heterogeneous set of
servers and IT infrastructure with which a cloud application must integrate. These existing
servers are probably running a variety of operating systems, databases, middleware, and toolsets
from multiple vendors. Your business will also likely have a collection of security and
compliance initiatives that your application is required to follow. Finally, your customers, in
addition to having business needs, will also have expectations for availability and performance.
In summary, a cloud platform must have:
- Integration with existing applications and infrastructure, commonly on-premises and in
private data centers.
- Heterogeneity to continue to support multiple frameworks, languages, and operating systems.
- Security to run your applications safely and reliably.
- Manageability of the cloud platform via user interfaces (e.g., Management Portal), scripting
languages, and REST APIs.
- Services (features, functions, and interfaces) to fulfill the needs of the software application
Both Microsoft Azure and Amazon Web Services address these needs, so we will review them in
On-premises and Cloud Platform Integration
The most common project class involves the integration of the cloud platform Such as Office
365 (Office Com Setup) with your on-premises infrastructure across applications, identity, and
databases. This scenario is also called a hybrid; for example, the integration of an on-premises
ERP application with a cloud platform–based retail store. The use of a cloud environment to scale out of existing applications running on-premises or the use of a cloud platform as a disaster recovery site for an existing application running on a corporate data center can be considered implementations of the hybrid pattern.
Network connectivity options, virtualization, messaging, identity, and data and storage services
are required in order to support the on-premises application and the cloud platform. While
considering cloud platform integration, you should take into account scenarios in which there
will be integration requirements across different cloud platforms.
Heterogeneity of the Cloud Platform
Your enterprise has diverse business needs, and software applications have evolved over many
years; the bottom line is that you run a variety of workloads and will need a cloud platform to
offer similar support for elements including operating systems, databases, devices, content
management systems (CMS), applications, and supported development platforms and languages.
While Java and .NET are still the most-used frameworks, you are also likely using PHP, Python,
and other languages to build your applications and leverage open-source frameworks—such as
Hadoop, WordPress, Joomla, and Drupal—to get the job done. Being able to develop mobile
applications using third-party SDKs for both Android and iOS is likely a requirement. You can
expect that the cloud platform will do it all.
You will find that Microsoft Azure will provide you with the best experience and support for
Microsoft workloads while also offering excellent service for other vendor software, such as
Oracle and open-source technologies. This broad support from the cloud platform ensures your
cloud experience will satisfy your company’s heterogeneous needs.
A final note here is that this is not an all-or-nothing proposition. You should be able to use most
of the services independently. For example, you can use storage without using other services.
Trust and Security
The first question a manager should ask is: Is the cloud secure? We would argue emphatically
the modern cloud platforms are secure! You will read more about security in subsequent blogs,
but we will cover a few highlights here.
Security is about more than protecting your software assets. It includes transparency, relationship
management, and your own experience. Over the past few years, both Microsoft and Amazon
have made significant progress, especially on the end-to-end experience.
As with everything in life, trust is assured via transparency, especially in managing operations.
Cloud platform vendors are earning trust via myriad initiatives, including:
- Industry-standard participation via Cloud Security Alliance ISO27001 (for PCI and DSS),
ISAE3402, and SSAE16, among others.
- Annual audits conducted by professional third-party organizations, including those mandated
by Service Organization Controls (SOC 1 through 3).
- Financial warranties via service-level agreements (SLAs) offer you a service commitment and
reimburse you in the event the vendor does not meet the service commitment. Commonly, these
commitments relate to uptime.
- Real-time service status via dashboards. Platform vendors are building confidence via detailed
root-cause analysis of outages.
- Experience in running large-scale data centers successfully for decades. The availability of
data centers close to consumers, as well as following local laws, is crucial.
Trust can also result from an existing arrangement; this is especially true with Microsoft. You
can rely on your established relationship and an account team to procure Azure access and, more
importantly, to get support. The Azure cloud platform can be an offshoot of your existing
Enterprise Agreement with Microsoft or you can transfer your existing Enterprise Agreement to
Microsoft has nearly 25 years of expertise in running global-scale services in data centers they
own and operate; Azure is a commercial service they have offered since 2008.
Amazon built the Amazon Web Services (AWS) infrastructure after nearly two decades of
experience running the multi-billion-dollar supply-chain business, including global data centers.
AWS as a commercial service has been operating since 2006.
Amazon and Microsoft have made significant investments in data centers around the globe, in
several countries across five continents; there is sure to be a data center that suits your
application needs. Finally, both Microsoft and Amazon have invested in a vibrant partner
community to assist you in various aspects of designing, building, deploying, and managing your
application on their respective cloud platforms.
Cloud Platform Services
As discussed, any cloud platform is expected to be comprehensive enough to support the
development, running and managing of applications while adequately integrating with those
applications without any significant compromise of features or business needs.
In this section, we will review the services offered by Microsoft and Amazon (each vendor
provides more than 50 services).
For the sake of convenience, we have organized the service offerings into four categories:
These categories are similar to the on-premises server paradigms we are already used to. Another
the reason we have chosen these categories is to acknowledge the blurring of lines between
transactional data and analytical data.
Note You can get detailed information on these service offerings from each vendor’s website,
but some of the commonly used services and features are highlighted in subsequent sections. If
you are new to cloud platform technologies, invest time into diving deeper into the services that
are essential to your application.
Virtual machines are commonly categorized as Infrastructure as a Service (IaaS). Virtual
machines are the most basic building blocks on the cloud platform. They are identical to conventional on-premises servers and are the easiest way to move existing workloads to the
cloud platform, known in the industry as a lift and shift approach.
You can create virtual machines and keep them under your complete control via hard disks.
Virtual machines run on cloud platform data centers. Modern and legacy operating systems,
including Windows and Linux, are supported as virtual machines.
The most amazing aspect of this service is that you can buy and provision new instances in a
matter of minutes, thus allowing you to scale capacity both up and down quickly. Try comparing
this with how long it takes you to stand up a standard Windows server to build or test your
Virtual machines are a segue to the cloud, especially for developers just starting out with cloud
adoption. This also results in a challenge: if you are standing up and managing a standard
Windows server, then you, not the cloud platform vendor, are responsible for the upkeep of the
software infrastructure, including applying patches and testing your application after each
upgrade. Business owners tend to value this offering the most since it gives them the ability to
switch these machines on and off and only pay for their actual usage.
Some of the most common deployments involve:
- Provisioning your virtual machine
- Providing a public IP address to the virtual machine
- Using VPN to connect the virtual machine to your on-premises environment
You can have a collection of virtual machines with identical or different roles so as to create the
appropriate deployment for your application. Virtual machines can typically be created via the
cloud platform management portal or by using a script, starting from a template or image that
defines the OS type and software installed.
Cloud platforms also provide the ability to scale the virtual machine instances up or down in
response to load increase or decrease, or other patterns. The ability to include virtual machines in a load-balancing scenario that is set to distribute incoming traffic between the virtual machines
of a cloud service, or to add two or more virtual machines in an Availability Set (or Availability
Zone), ensures that during either a planned or unplanned maintenance event, at least one virtual
machine is available. This is essential to the great user experience. It also controls costs by reducing
unnecessary redundancy in the system.
Note Amazon offers a Virtual Desktop service identical to the Azure Virtual Machine, called
AWS WorkSpaces. It is a managed, secure desktop service in the Amazon cloud platform.
App Service (Azure Web Apps)
Azure App Service Web Apps, commonly known as Web Apps, is a cloud service that hosts
web applications and REST APIs. It also adds DevOps functions, including continuous
deployment, package management, and staging environments, as well as security, load
balancing, and automated management features, to your application. The best thing about App
Service is that you only pay for the compute resources you use. Figure 1-5 shows Azure Web
Azure App Service Web Apps offers several features, including the following:
- It supports several languages and frameworks, including The Official Microsoft ASP.NET
Site, Core, Java, Ruby, Node.js, PHP, and Python.
- It provides DevOps functions, including continuous integration and deployment through
different data sources and app management through Azure PowerShell and the cross-platform
- It allows users to scale up or down either manually or automatically.
- It allows users to host their apps anywhere in Microsoft’s global data center environment.
- The App Service SLA assures high availability.
- It provides several connectors for SaaS platforms, including enterprise systems (SAP), SaaS
services (Salesforce), and Internet services (Facebook).
- It provides hybrid connections and Azure virtual networks to access on-premises data.
- It is compliant with ISO, SOC, and PCI standards.
- It makes user authentication possible through Azure Active Directory as well as through social
login, including Google, Twitter, and Facebook.
- It allows users to impose IP address restrictions and monitor service identities.
- It provides a list of application templates in the Azure Marketplace, which a user can select from as per his or her requirements.
Mobile Apps is a feature of Azure App Service, which is a PaaS solution for developers. It
provides a scalable mobile application development platform for developers and system analysts.
This feature allows you to:
- Develop apps that can work offline and sync data when connected to any enterprise data
source or SaaS APIs are available.
- Connect to your organization’s on-premises or cloud resources
- Enable push notifications to a number of customers according to their requirements
- Develop native iOS, Android, or Windows apps as well as cross-platform Xamarin or
API Apps is a feature of Azure App Service that makes hosting and development of APIs in both
environments (on-premises and cloud) easy. There are several features of Azure API Apps.
Some of them are as follows:
- It makes the code change process simple by providing connection to any version control
system and allowing users to deploy commits automatically.
- It secures APIs through several authentication tools, including Azure
Active Directory and single sign-on.
- It provides hybrid connectivity and can be integrated with Azure
Logic Apps easily.
There are a few reasons API Apps is preferred over Web Apps:
- It provides easy integration with Swagger.
- It provides an API definition.
- It allows you to create an Azure API client from Visual Studio.
Azure WebJobs is a feature of Azure App Service. It functions similar to its other features. It
runs a script or program as a background process on your websites. The best thing about Azure
WebJobs is that you do not need to pay any extra money for using it. There are two types of
WebJobs: Continuous WebJob and Triggered WebJob.
Note For scripts or programs, Azure WebJobs supports many different file types, including .cmd,
.bat, .exe, .ps1, .sh, .php, .py, .js, and .jar.
Azure Functions is a compute service that works on a serverless architecture and allows you to
run an on-demand script for the problem at hand without managing infrastructure. Figure 1-6
shows Azure Functions.
Azure Functions offers several features. Some of them are as follows:
- It allows you to pay for what you use, which means that you will be charged only for the time
your code is running.
- It allows you to select the desired library from NuGet and NPM.
- It provides unified security, which means it can be used with OAuth providers to protect
- It allows you to choose between GitHub or Visual Studio Team Services (VSTS), for
deploying the functions coded in the portal.
- It allows you to integrate Azure services and SaaS offerings easily.
Networks provide integration between on-premises applications and applications hosted on a cloud
platforms. They also play a pivotal role in delivering payload or content hosted on the cloud
platform to the consumers of your applications. Microsoft Azure provides a wide range of
networking services, including:
- Virtual Network
- Direct Connection (ExpressRoute)
- Content Delivery Network
- Load Balancer
- Traffic Manager
- VPN Gateway
- Application Gateway
- Network Watcher
- Azure DNS
- Azure DDoS Protection
We will discuss some of these networking services in the following sections.
A virtual network enables virtual machines and services that are part of the same network to
access each other across on-premises and cloud platform deployments. Virtual networks create a
secure layer and leverage the public Internet to provide communication and integration across
services. Both platform vendors provide significant networking capabilities via Microsoft Azure
Virtual Network service and Amazon Virtual Private Cloud (VPC) service Virtual networks can
be set up in all practical combinations: just within the confines of the cloud platform, or a point-
to-site network, or a site-to-site network.
Be aware that virtual networks do extend the security boundary beyond the typical on-premises
firewall. Virtual networks are useful when other web-based integration options are unavailable or
create technical feasibility issues for implementation, and are also useful for accessing data
stored in on-premises backend systems.
Direct Connection (ExpressRoute)
Direct connection is also referred to as the ExpressRoute connection. It provides fast access to
cloud data via a secure route between on-premises and cloud platform applications that may
require the movement of massive amounts of data. This is especially useful for analytics or
synchronization in disaster recovery scenarios. For these situations, the bandwidth provided by
the public Internet may not suffice, and you may require that a direct and private network/data
connection be established between the cloud platform data center and your on-premises data
centers. Direct connections offer higher reliability, faster speeds, lower latency, and stronger
security than connections available via virtual networks.
Note Azure ExpressRoute service and Amazon Web Services Direct Connect service both offer a
direct connection service.
Direct connections are enabled via Telcos or a network service provider such as British Telecom,
SingTel, or Verizon. If you need these services, you must coordinate with both the Telcos and
cloud platform vendors to see which vendor pair is supported in your region. These services are
relatively expensive to operate and have high setup costs.
Content Delivery Network
Content Delivery Networks (CDNs) are essential for delivering dense web content, especially
media, to users with low latencies. CDN is a system of interconnected and distributed cache
servers located across the globe in a network. Multiple copies of the content exist on these
servers. When a user makes a request to the application, the DNS will resolve to a cache server
based on location and availability.
Note Azure Content Delivery Network service and Amazon CloudFront service offer Content
Delivery Networks to users.
However, you can also consider other Telco and Internet service providers for solutions. Before
you sign up for a service, have a long conversation with the provider and verify that there are
adequate points of presence, or cache server locations, in the geographic areas that are of interest
Load balancing must be considered to improve the availability of critical business applications;
sustain agreed-to service levels for access and latency; and distribute traffic for large, complex,
and global deployments. Load balancing distributes the incoming traffic to multiple instances of
an application running on different data centers. Load balancing can typically be used to
distribute the traffic via the following three methods:
- Failover: Use this method when you want to use a primary endpoint for all traffic, but provide
backups in case the primary becomes unavailable.
- Performance: Use this method when you have endpoints in different geographic locations and
you want clients to use the “closest” endpoint in terms of the lowest latency.
- Round Robin: Use this method when you want to distribute load across a set of cloud services
in the same data center or across cloud services or websites in different data centers.
Load balancing is critical for failover scenarios—upon detecting “failed” instances, incoming
traffic is routed to healthy instances, thereby ensuring high availability of the application.
Note The load balancing services offered by Microsoft Azure and Amazon are Azure Load
Balancer service and Amazon Web Services Elastic Load Balancing service, respectively.
Traffic Manager is a networking management service that enables users to manage user traffic
sharing among service endpoints in different data centers.
Domain Name System (DNS) is used to direct client requests to their respective endpoints. The direction of client requests depends on several factors, including the traffic-routing method and
the type of service endpoints, which are required for fulfilling the application requirements and
automatic failover models.
Note The traffic management services offered by Microsoft Azure and Amazon are Azure
Traffic Manager and Amazon Route 53, respectively. Azure Traffic Manager supports several service endpoints, including Azure Virtual Machines (VMs), Web Apps, and PaaS cloud
Storage and Data Services
From providing storage and data services as virtual machines to the current sophisticated service
offerings, cloud platform vendors have come a long way. In the remainder of this section, we
will review the varied storage and data services offered by each vendor.
A database service provides the ability to manage relational data with built-in high-availability
constructs. Azure SQL Database and Amazon Relational Database Service (RDS) are considered
Software as a Service (SaaS) and are available for integration with your applications. Databases,
such as Microsoft SQL Server or Oracle Database, are also available as virtual machines.
Cloud platforms provide relational databases for use with both cloud and on-premises business
applications. Databases on cloud platforms are scalable to hundreds and thousands of databases
and can be scaled up or down depending on usage patterns.
These databases have two or more backups and will guarantee uptime. Data backup is available
for periods of up to a month, which is useful for those “oops, I deleted it” scenarios via the point-
in-time recovery option. The bottom line is that database administrators are able to accomplish
more since these databases self-manage and require little maintenance.
Some of the features of the storage service are listed as follows:
- It is designed to be massively scalable so you can process and store hundreds of terabytes of
data, which is typically required for analysis in financial, scientific, and media applications.
- It allows clients to access the service on a diverse set of operating systems, including Windows
- It supports a wide variety of programming languages, including Java and .NET.
- It exposes the data resources within it through simple REST APIs that can be transmitted
It can store different types of data, including:
- Blob: documents, photos/images, videos, backup files/databases, and large datasets
- Table: address book, device info, and other metadata/directory
- Queue: receiving or delivering business documents, buffering, and non-repudiation
- Files: storage for LOB applications or client applications
Cache service is a distributed web service that makes your application scalable and more
responsive under load by keeping data closer to the application logic. The cache service is easy
to deploy and operate and is designed for high-throughput and low-latency data access. This
the service is fully managed and secured via access control and other safeguards.
Note The cache service offered by Microsoft Azure is Azure Redis Cache service and the
service provided by Amazon is Amazon ElastiCache service.
Cache service is traditionally implemented as a key-value store, where keys have data structures
like hashes, lists, sets, sorted sets, and strings. Cache service also supports master-slave
replication and limited time-to-live keys. You can use the cache service from most modern
Note Both Microsoft Azure and Amazon Web Services use Redis Cache as the underlying
technology, which is open source. It is usually referred to as a data structure server, sitting
between a traditional database and one that performs the computation task in memory. The data
structures are accessible from memory through a set of commands. Therefore, we have classified
cache service in the data tier rather than in infrastructure.
Vendors are heavily invested in providing analytics as a service in cloud platforms. Analytics are
run periodically, and better suit the subscription model of pay-per-use. Analytics, especially the
manipulation of super-large datasets, is an evolving science, and it does not make sense to invest
significant amounts of capital in acquiring them for on-premises deployments. In this section,
we will cover two styles of analytics technologies: proactive analysis of cold-stored data and
reactive analysis of hot or streaming data.
Big data, as the name indicates, is a large body of digital information or data. One of the huge
advantages of this service is its ability to process structured and semi-structured data from click
streams, logs, and sensors. Examples of data that could be analyzed include: a Twitter feed with
the hashtag #Kardashians; info from millions of seismic sensors used for oil-field exploration in
Alaska; and click-stream analysis of the users on an e-commerce site.
Cloud platform vendors deploy and provision open-source Apache Hadoop clusters to provide a
software framework that allows you to manage, analyze, and report. Big data services are
architected to handle any amount of data, scaling from terabytes to petabytes on demand. You
can spin up any number of nodes at any time using the portals.
The Hadoop Distributed File System (HDFS) is a massively scalable data-storage system
running on commodity hardware. This is a significant achievement since earlier systems
required large, scaled-up, and expensive hardware. HDFS supports programming extensions for
most modern languages, including C#, Java, and .NET, among others. The best part is that you
can use Microsoft Excel—a tool that is very familiar to business users—to visualize and analyze.
Note Microsoft Azure HDInsight and Amazon Web Services Elastic MapReduce (EMR) offer
Real-time processing of streaming data is possible through the Event-Processing Service on the
cloud platform. The service is fully managed by the cloud platform vendors and processes data
on a massive scale. This service is an event-processing engine that helps uncover insights in near
real-time from devices, sensors, infrastructure applications, and data. Many Internet-of-Things
(IoT) scenarios will light up through this valuable service.
The event-processing engine will process “ingested” events in real time and compare them to
other streams, historical values, or pre-set benchmarks. Any detected anomalies will trigger
alerts, and you may enable systems to react to these alerts. Both vendors offer event-processing
capabilities via Microsoft Azure Stream Analytics service and Amazon Web Services Kinesis
service, which are described as follows:
- Azure Stream Analytics: provides a SQL-like query language for performing computations
over the stream of events. Events from one or multiple event streams can be filtered out, joined,
and aggregated over time series windows. The query language is actually a subset of the standard
T-SQL syntax and supports the classic set of data types (bigint, float, nvarchar, and DateTime)
relevant for such processing models. This service can be managed through REST APIs.
- Amazon Kinesis: sends data to other services, such as S3 or Redshift. As a developer, you
will be amazed at how few clicks and lines of code are needed to start processing anomalies
detected by Kinesis.
The cloud platform vendors are constantly adding value to their platforms by adding to this
burgeoning list of services. Some of these services are foundational (e.g., authorization and
authentication or messaging), while other services (e.g., monitoring, scheduler, or batch) provide
users with a range of programming options to compose (not code) an application. This section
covers the following topics:
- Authorization and authentication via Active Directory
- Other services
Authorization and Authentication via Active Directory
Cloud platforms provide a comprehensive identity and access management cloud solution that
helps manage users and groups as well as their access to applications. You will use this cloud
platform Active Directory service to provide an identity and access management solution, similar
to the way, you would use Windows Active Directory or other LDAP solutions on-premises.
Integration with on-premises Windows Active Directory will enable single sign-on to all cloud
platform applications once the user submits a network sign-in.
Note Microsoft Azure Active Directory and Amazon Web Services Identity and Access
Management (IAM) provides authorization and authentication in the cloud platform.
Azure Active Directory helps you enable single sign-on access to thousands of cloud
applications running on Windows, iOS, or Android/Chrome operating systems. Users can launch
these applications after signing in once from a personalized access web page using
organizational credentials. Azure Active Directory also offers multiple ways to integrate into
your application through several industry standards including SAML2.0, WS-Federation, and
OpenID. Finally, the service will enable you to manage federated users from partner
organizations and their permissions.
AWS Identity and Access Management (IAM) allows you to manage authentication and
authorization to access AWS resources securely.
Being able to exchange messages across services is a common request from developers.
Different cloud platforms provide a robust set of tools to connect on-premises services or those
on the cloud platform. Some of these services are integrated across trading or business partners
using specialized messaging protocols, such as EDI or SWIFT. Some other services fulfill
asynchronous broadcast scenarios, while others push notifications to mobile devices. A common
the theme for the messaging services is cloud scale since message patterns vary up and down based
on seasonal and known consumption patterns. Microsoft Azure provides the following tools to
support messaging services:
- Logic Apps
- Service Bus
- Notification Hubs or Push Notifications
- Event Hub
Amazon Web Services offers messaging solutions via:
- Simple Queue Service
- Simple Email Service
- Simple Notification Service
Microsoft Azure BizTalk Services (MABS) has been replaced by Azure Logic Apps as of May
31, 2018. Azure no longer supports new MABS service offerings. MABS was particularly useful
for building Electronic Data Interchange (EDI) and Enterprise Application Integration (EAI)
solutions to deliver businesses document-level connectivity across trading partners.
Azure Logic Apps is a cloud service that makes integration simple for apps, data, systems, and
services. It also provides scalable solutions for EAI and business-to-business (B2B)
Logic Apps can be used for the following purposes:
- Routing orders between on-premises systems and cloud services
- Transmitting uploaded files from an SFTP or FTP server to Azure
- Sending email notifications with Office 365
- Examining tweets and analyzing sentiments
- Producing alerts for items that need review
Azure Service Bus
Azure Service Bus provides a messaging infrastructure that can be used to connect cloud and
on-premises applications in a cloud or hybrid scenario. Service Bus provides the following
- Relayed messaging pattern: The relay service supports direct one-way messaging,
request/response messaging, and peer-to-peer messaging.
- Brokered messaging pattern: Provides durable, asynchronous messaging components such
as Queues, Topics, and Subscriptions, with features that support publish-subscribe and temporal
decoupling, meaning that senders and recipients do not have to be online at the same time, as the
messaging infrastructure reliably stores messages until the receiving party is ready for them.
Azure Notification Hubs
Azure Notification Hubs offer an easy-to-use infrastructure that enables you to send mobile
push notifications from any backend application (in the cloud or on-premises) to any mobile
platform (iOS, Android, Windows Phone, or Amazon).
With Notification Hubs, you can easily send cross-platform personalized push notifications,
abstracting the details of the different Platform Notification Systems (PNSs). With a single API
call, you can target individual users or entire audience segments containing millions of users
across all their devices. Azure Notification Hubs is useful for delivering notifications to millions
of subscribers within minutes.
Azure Event Hub
Azure Event Hub is a highly scalable publish-subscribe messaging infrastructure that can be
used to ingest millions of events per second so that you can process and analyze the massive
amounts of data produced by your connected devices and applications. Once collected by Event
Hub, events can be transformed, aggregated, and processed using a real-time analytics solution
like Azure Stream Analytics, Hadoop, or Storm. They can also be stored in a highly scalable and
persistent repository like Azure Blob Storage and ingested by a big data system like Azure
Event Hub can be used as the messaging infrastructure of an Internet of Things (IoT) solution to
ingest events that come from millions of heterogeneous devices located in different geographical
AWS Simple Queue Service
AWS Simple Queue Service (SQS) is useful for transmitting messages at high throughput
without loss, or even while the publisher or subscriber is offline, which is useful for providing an
the asynchronous bridge between applications. While there are many open-source queuing
technologies, with this SQS you can scale out service to AWS in a cost-effective way.
AWS Simple Email Service
AWS Simple Email Service (SES) offers a similar value proposition as the Queue Service — it
takes over the burden of operating the service cost-effectively. The value is further enhanced by
verifying “spam” compliance protocols and providing a feedback loop on the email campaign in
terms of a bounce-back list, successful delivery attempts, and spam complaints — all of which
can enhance future campaigns.
AWS Simple Notification Service
AWS Simple Notification Service (SNS) is a push-based messaging system for mobile and
Internet-connected smart devices. The service can deliver notifications via SMS, email, and
queue, and to any HTTP/S endpoint. AWS infrastructure ensures messages are not lost by storing
Cloud platforms are exposing users to many of the internal tools used to manage the platform so
that users can better understand the operational aspects of their application. These services can
be used for several purposes, including the following:
- Debugging and troubleshooting
- Measuring performance
- Monitoring resource usage
- Traffic analysis
- Capacity planning
These services include visual experiences that enhance users’ ability to manage and monitor
multiple cloud platforms with relative ease. Monitoring is enabled by Microsoft’s Azure
Application Insights and Azure Operational Insights services and Amazon Web Services’
CloudTrail and CloudWatch services.
Azure Operational Insights Service
Azure Operational Insights service is a management tool used by IT administrators to gain
insights into their environment, both in real time and via historical data, which is especially
useful for conducting the root-cause analysis. Little to no instrumentation is required within the
application to gather these insights. Key benefits of this service include:
- Reduced time to analyze failure, which is essential for application hardening and avoiding
- Ability to monitor both on-premises and cloud platform services in a holistic manner
Azure Application Insights Service
Azure Application Insights service is very similar to Azure Operational Insights service, but it
monitors at a higher tier—at the application level. Azure Application Insights service allows
system administrators to create alerts based on key performance indicators like CPU usage, and
then to define rules to receive notifications whenever a specific value goes beyond a certain
This mechanism guarantees that a cloud application is healthy and provides expected service-
level agreements. Users can debug and diagnose problems with a search of events, trace, and
exception logs via the same user interface/screen. This service also provides usage analytics,
used to verify the efficacy of services and features.
AWS CloudTrail Service
AWS CloudTrail service tracks all API calls to your subscription and follows up with a delivery
of log files. The CloudTrail service enables security analysis, resource-change tracking, and data
required for non-repudiation and audit.
The following are some benefits of the AWS CloudTrail service:
- It simplifies compliance audits through recording event logs for actions automatically.
- It records AWS Management Console actions to enhance the resource and user activity
- It helps to identify and troubleshoot issues related to security.
AWS CloudWatch Service
- AWS CloudWatch service provides monitoring for your resources running on the cloud
platform. The service performs the following tasks:
- Collects and tracks metrics
- Gains insights into failures
- Generates alerts
- Provides system-wide utilization
- Provides performance characteristics
- Provides operational and application health
There are a few other services that have not been described in detail in preceding sections. Most
of the service names are self-explanatory. If your project warrants using these, please review the
material provided on their respective websites. Some of these services are as follows:
- Artificial Intelligence
- Machine learning
- Azure Kubernetes Service (AKS)
- Service Fabric
- Site recovery
- Media services/elastic transcoder
- Mobile services
- Network Watcher
- Automation/simple workflow service
- Azure Database Migration Service
- Remote app
In this blog, we started off with an overview of the cloud platform and discussed the top two
vendors—Amazon and Microsoft. You surely noticed the similarities between these vendors. For
the sake of keeping the content concise, we used the Microsoft Azure platform for elaboration.
However, the concepts discussed for hardening your application hold true for Amazon’s cloud
platform as well.
In subsequent blogs, we will build on this foundation and discuss the steps needed to harden our
application and take on the rigors of a true enterprise-class workload.