In this episode I chat with fellow Microsoft MVP Tim Warner and we discuss the differences and similarities of the Azure and AWS cloud platforms.
You can listen to this episode here:
https://cloudskills.fm/036
Resources from this episode:
Timothy Warner is a Microsoft Most Valuable Professional (MVP) in Cloud and Datacenter Management who is based in Nashville, TN. His professional specialties include Microsoft Azure, cross-platform PowerShell, and all things Windows Server-related.
Full Transcript:
Mike Pfeiffer:
All right, everybody. Welcome back to another episode of CloudSkills.fm. Super excited to have you here as usual. In this episode, we’re going to be taking a look and talking about differences between the Azure platform and Amazon Web Services. I’ve got my buddy, Tim Warner, here, fellow Microsoft MVP and Azure expert. Tim, what’s up man?
Tim Warner:
Hey Mike. So happy to be here. This is bound to be a high impact discussion.
Mike Pfeiffer:
Yeah. I’ve been looking forward to it, man. We’ve been talking about doing this for a long time, and I think it’s a good opportunity for us to shine the lights. Whether somebody is an Azure expert or an AWS expert, we can kind of compare and contrast the services.
Tim Warner:
Very much so. I mean, you’ve worked for, well yeah, both Microsoft and Amazon. I, myself, have been mostly on the Microsoft side although I’ve never been a Microsoft employee. But I think both of us as generalists can approach this in a way where we’re not competing across sandboxes. I think this will be a good open minded chat.
Mike Pfeiffer:
Yeah, I agree. I think that I’ve got enough context now, over the last couple of years, to I think actually have this conversation because things have been moving so much the last couple of years. We’re getting to the point now where it’s like all right, there are some major differences. So, I’m really excited about this. Let’s start off I guess with the basics. I think that it’s no secret that the majority of the folks that listen to this show are probably Azure focused. Since you and I are both MVPs, we’ve got a lot of folks in our network that are Microsoft focused. So, it’s probably a good idea to take it from the angle of maybe know a little bit about Azure, but we want to get into AWS and hear the differences. The first thing usually people think about in the infrastructure world is virtual machines. How do we unpack that? How do we get into comparing these two?
Tim Warner:
Yeah, exactly. Actually, to take one step back from that just so I don’t forget, Microsoft in the Azure documentation has two articles that are squarely focused at that audience, an AWS professional wondering what’s similar, what’s different, how do they get started. One article is called Azure for AWS Professionals and another is a blow by blow service comparison called AWS to Azure Services Comparison. I made URLs for both of those. The Azure for AWS is timw.info/AWSAzure1, the number one. The comparison I made is timw.info/AWSAzure2.
Mike Pfeiffer:
Awesome. [crosstalk 00:02:55].
Tim Warner:
And actually-
Mike Pfeiffer:
That’s awesome. We’ll put those links in the show notes, Tim. These are actually incredibly useful topics in the documentation.
Tim Warner:
Yeah. In fact, one more thing before we get into the actual tech and the VMs. I wondered from the Amazon side, on the Microsoft’s side, you see just these two articles are a great example of Microsoft taking AWS people by the hand. But I’ve not seen myself that kind of reciprocity from AWS for existing Azure. Do you know any different about that?
Mike Pfeiffer:
Yeah, you’re right. I’ve been wondering about that as well, but I haven’t seen anything squarely aimed like this that’s in the documentation on the Amazon side or on the AWS side. They do have lots of white papers and different documentation of running Windows on the EC2 service. EC2 is the Elastic Compute Cloud service where you run virtual machines. But yeah, I haven’t seen anything that’s similar. It’s interesting because since AWS was around from the beginning, they’re the first ones to really do the public cloud thing. I think that since Azure wasn’t around, it’s just not something they ever built. So, maybe it’s time for them to notice what Azure is doing and have an equivalent to this.
Tim Warner:
That’s a good point. About the 80% scenario, just about everybody at least in operations, I would think, first thinks of virtual machines when they’re thinking of the public cloud. It should come as no surprise to anybody that in the data centers, in Microsoft’s data centers, those are Hyper-V. Your VMs do run under Hyper-V. How do you get virtual machines into the Azure cloud? Well, there’s a gallery within the Azure infrastructure where you can launch VMs from templates. These support not just Windows server, potentially Windows clients, but also several distributions of Linux. There’s a library of pre-configured network virtual appliances from different vendors like Cisco and Barracuda and all of this. Then as far as rolling your own, you can certainly generalize your own VM images and host them directly in the portal. So, there’s lots of flexibility there.
Tim Warner:
There’s also in Azure a whole suite of tools for migration. There’s Azure Migrate, which has become a one-stop shop for just about any kind of on-premises to Azure migration. Azure site recovery, for instance, will allow you to replicate your on-premises VMs into Azure. Those on-prem VMs don’t even have to be Hyper-V necessarily. Microsoft also supports VMware. You could just upload your VHDs from on-prem into the cloud. I mean, there’s lots of different options for getting your VMs in there. What I’ve found in my classes and so forth is that networking presents the biggest roadblock for most. There, there’s the concept in Azure of the virtual network on which you can place your VMs and no question of private IP addresses. Public IP addresses is there.
Tim Warner:
In Azure, we protect our VMs with network security groups or NSGs, basic low level access list firewall elements resources. There’s several kinds of load balancer available for Azure virtual machines. Let me see. There’s lot of configuration management built into Azure. I mean, if you do something like a site to site virtual private network to on-premises or if you use express route, which is Azure is always on MPLS WAN cloud connectivity. You can join your cloud VMs to an on-premises domain, manage them with system center. Also, there’s this whole collection of tools native in Azure formally called operation’s management suite or OMS that allow you to do patching and all your monitoring and config management kind of tasks.
Tim Warner:
I’ve mentioned a bunch of Azure specific products. I would guess, Mike, that if you’re coming from an AWS background, most of those elements are the same. Maybe it’s just a different name. Am I on the right track saying that?
Mike Pfeiffer:
You are, yeah. It’s cool because that pattern tends to be consistent across lots of different services. So when it comes to working with virtual machines, like I said, the EC2 service is where we run and build EC2 Instances. Amazon refers to virtual machines as EC2 Instances. I heard that terminology. That’s you just saying that’s a virtual machine. But just like Microsoft, there’s a marketplace. So, AWS has a marketplace where you can pick and pick your image that you want to use, whether it’s Windows or a certain flavor of Linux. Amazon actually has their own Linux distribution called Amazon Linux, which is kind of the default when you go to deploy a virtual machine.
Mike Pfeiffer:
I’ve been seeing some of the news around Azure Sphere, which is kind of a Linux distribution for IoT and things like that. So, it will be interesting to see what happens long term with the Linux distribution for Microsoft, but very similar. Yeah. You can go to the marketplace. You can deploy from pulling OS images or you can pick stuff out of the marketplace. Like you mentioned, we’ve got partner solutions like F5 Cisco appliances, they can run in a VM. Then from there, it’s very similar. You mentioned virtual networking. That’s also a sticking point that I see people struggle with all the time. But in Amazon’s world or in the AWS world, the virtual networking contrast, it’s just called virtual private cloud. It operates very similarly to virtual networks in Azure.
Mike Pfeiffer:
So, we’ve got availability zones in AWS and always have a newer thing on the Azure side, but we’ve had them in AWS for a long time. If you haven’t heard of that concept, I really messed with it. Availabilities on this, technically, especially in a AWS world, it’s a physically distinct location within a region. For example, if I put the Northern California region, us-west-1 in AWS, I could pick from multiple availability zones. Those would all be physical locations in Northern California. But from there, it’s, like you said, very similar. We’ve got network groups. We actually just call them security groups in AWS. It’s very similar to the way Azure does security groups for virtual machines. Then from there, there’s things like at the network layer, we can do ACLs, so not a state full firewall service like a security group like we have in Azure or in EC2, but more of a network ACL state list firewall rule set that you can configure. So, all those operations are there.
Mike Pfeiffer:
We’ve got virtual network peering just like we’ve got open Azure. We’ve got direct connect, which is the high speed always on, private network connectivity option that’s very similar to express route. So, a lot of the same capabilities. But one of the things you touched on is Microsoft’s adding lots of management capabilities in there. Amazon has been working on that over the last couple of years. They have some services called like the system’s manager where you can do things like patching servers and do some remote administration. But it’s looking to me like what Microsoft has been doing iterating through a lot of the management capabilities is getting pretty compelling because they’re good at management, right. It’s been their kind of sweet spot for a long time, right.
Tim Warner:
Yeah, I agree. 100%.
Mike Pfeiffer:
That’s the other thing that’s always confused me over the last, I don’t know, 12 to 18 months is Microsoft has got this amazing cloud shell. Google Cloud has a really cool cloud shell, but Amazon or Amazon Web Services hasn’t done that yet. So, that’s definitely one place in the virtual machine side where I’m starting Microsoft innovate new and different ways than Amazon Web Services in that there’s not as many management capabilities although AWS is kind of working on it. It seems like we’ve got deeper management options with virtual machines in the Azure platform.
Tim Warner:
I’m surprised about the AWS lack of a browser based command shell. I thought it did have that, but in retrospect, I may have been confusing AWS with Google Cloud that I know does have a browser based cloud shell.
Mike Pfeiffer:
Yeah. They have a thing called the session’s manager or the session manager where you can get a terminal in a browser. However, it requires that instance or that terminal session to run on a virtual machine. So, you have to have a VM deployed in order to attach a remote console in a browser, which I’d like to be able to just work at the cloud shell in Azure and that speeds up a container in the backend. I don’t have to worry about pre-provisioning of VM. So, I’m kind of waiting for Amazon to build one for themselves. But outside of that, yeah, the virtual machine configuration and setup from a high level is very, very similar. But one of the things that’s a little bit different from a virtual machine perspective is how they implement storage for virtual disks. Maybe you could explain how Azure virtualization and VMs use storage and we can talk about the difference between that and AWS.
Tim Warner:
Yeah, that’s a great discussion. A couple of years ago Azure began hosting VM disks. When I refer to virtual machine disks in Azure, you’ve got your OS disk, of which you have one. You have a temp disk, which is a physical storage that’s on the hardware host that your VM resides on. I don’t remember the mount on Linux, but on Windows it’s always your D drive. Microsoft always warns you do not put any persistent data on that temp disk because if for any reason Microsoft needs to live migrate your VM to another host, you’re going to detach from that original temp disk and reattach to another. Your OS VHD, your physical temp disk, and then an N number of data disks.
Tim Warner:
As I said a year or two ago, whereas we used to have to store the VM storage in a storage account in the Blob service, which presented all sorts of good and bad possibilities for accidentally exposing the data to the world, accidentally deleting disks, now we have managed storage in which the disks are stored separately as resources in Azure. You can resize them. You can add bit locker or dm-crypt encryption, whole disk encryption and even use Azure Key Vault to store the description keys. You have two performance levels to choose from, the mechanical storage, the standard HDD or if you want a more reliable IO, you can do premium solid state storage. So, it’s really, I think, a pretty intuitive experience. But I’ve always personally been confused about how these EC2 Instances in the Amazon cloud deal with storage because I hear EBS and I’m like, “What is this, all these acronyms?”
Mike Pfeiffer:
Right, yeah. It’s interesting because I think underneath the hood, I think what they’re doing is something very similar. They putting their virtual storage somewhere on their platform, but they’re doing more obstruction. So, with Azure, we’ve got managed disks now, so you don’t have to think about storage accounts. But having had storage accounts in the past, if you’ve ever built a VM and actually went into your storage account and looked at the VHD in there, then you kind of understood oh okay, that’s where the disks are going into. In AWS, you never actually see any of that depth. So, it’s always been kind of all right EBS, the Elastic Block Store, is just a service that gives you a virtual disk much like a VHD in a Microsoft virtualized environment, like Azure or Hyper-V. It’s really that’s the basics of it.
Mike Pfeiffer:
It’s interesting because underneath the hood, I think what they’re doing is something very similar. They’re putting their virtual storage somewhere on their platform, but they’re doing more obstruction. With Azure, we’ve got managed disks now, so you don’t have to think about storage accounts. But having had storage accounts in the past if you’ve ever built a VM and actually went into your storage account and looked at the VHD in there, then you kind of understood oh okay, that’s where the disks are going into. In AWS, you never actually see any of that depth. So, it’s always been kind of like all right EBS, the Elastic Block Store, is just a service that gives you a virtual disk much like a VHD in a Microsoft virtualized environment, like Azure or Hyper-V. It’s really that’s the basics of it.
Mike Pfeiffer:
All of the capabilities that you mentioned with Azure are there. So, it’s just a virtual volume. You can do encryption at Rest with either your own encryption keys or managed encryption keys by the platform, and there’s a key management service you can work with. You can change the size of the disks and expand them all the way up to their maximum. There’s a traditional magnetic base storage or SSD base storage, which you mentioned Azure has as well so you can get really good performance. Then they have different tiers within the storage system in EBS where you might need to be able to drive 10,000 IOPS on a volume or 20,000 IOPS. You can configure that individually per volume.
Mike Pfeiffer:
Obviously the costs are different depending on the type of storage you pick, but the Elastic Block Store service is really just a big obstruction. You create volumes. You attach the volumes to the virtual machines. Amazon will make sure that if you do a snapshot, for example, there’s a copy of the data. There’s durability in that copy of that data. So, it’s not just one copy. It’s right across multiple storage enclosures if you will and ultimately stored in something called a nursery bucket that’s managed for you that you don’t see. So very much managed disks in Azure. VHD is going into a storage account, but you’re just not seeing that. It’s very similar to that idea.
Tim Warner:
Well, that’s really been the theme thus far pretty much one to one between Azure in AWS in terms of VMs, in terms of infrastructure as a service. So, at this point, why would a business choose Microsoft over AWS or vice versa if their workloads were constrained to VMs?
Mike Pfeiffer:
Yeah. It’s a really good point. I get the question a lot, but I think the reality is it depends on the team, their skill sets, their existing setup. For somebody that’s already doing stuff in AWS and the whole team understands the platform, maybe they’re not as Microsoft centric, maybe AWS is a natural choice for them. But then you’ve got another team that’s been doing Microsoft stuff all along. Everybody in the team is PowerShell experts. They’ve got a very deep skill set with things like active directory on-premises and that’s a natural progression, I think, in those scenarios. It’s at least a little bit easier to pick up Azure because there’s just a better story there, I think, for a Microsoft enterprise understanding how to take on-prem resources and get them into the cloud. But yeah, it’s very similar and I think that it depends on the team, their customers, and where the customer is trying to go. That’s been my personal perspective on it.
Tim Warner:
Very cool.
Mike Pfeiffer:
Cool. So, we talked a lot about virtual machines. Of course, there’s a ton of differences that we can zoom in on, but moving on from there, a lot of people are doing more managed service these days. So, going beyond just infrastructure as a service, building your own VMs. Let’s talk about PaaS a little bit. Microsoft is really good at managed services platform as a service offerings like the Azure App Service. Maybe we can get into that a little bit.
Tim Warner:
Yeah. I don’t have much time for actual honest to goodness industry consulting nowadays, but this is pretty much my favorite subject because it’s wonderful seeing clients’ eyes light up when they go from an original paradigm of believing that their [inaudible 00:18:44] app needs to be VMs. To seeing that not only the potential for money savings, but just the additional flexibility and scale and comfort that they get by plugging into some of the platform services in Azure.
Tim Warner:
To that point, looking at Azure App Service, it’s funny just parenthetically. There’s Azure App Service and Azure App Services. They are the same, but even in the Azure portal, you’ll see references to both. I know it’s a minor plank, but Azure App Service or Azure App Services refers to that category of hosted web application. The idea there is that under the hood, you’ve got a compute layer and it’s actually tracked in a separate Azure resource called an app service plan. That’s where you define how much compute you need for your workload. But other than that, you can schedule automatic backups for these web apps.
Tim Warner:
The idea is that Microsoft takes care of most or all of the plumbing under the hood the infrastructure and you can focus almost exclusively on your application itself and its code. There’s plugin with any source code provider you’d want to use. You’ve got plugin ability to the Azure content delivery network to put static assets closer to your customers. Azure has its own search engine service called Azure Service Search. There’s a media service. For APIs, there used to be just a template within the App Service, but now there’s a separate platform called API management for hosting and documenting APIs.
Tim Warner:
Oh boy, as far as what languages and what frameworks are supported, it’s not a Microsoft only world anymore. You might naively think well you’ve got to be a .net shop. Not at all. I don’t have the list right in front of me but it’s something like Java, Python, Node. I mean, there’s a whole language and framework list of fully supported frameworks beyond .net. So, that’s always good. Then lastly, there’s the option of deploying your web app in a container as opposed to a virtual machine. That capability and also the ability to link your deployment testing, build release process into something like a pipeline, like Azure devops or maybe outside of Azure devops too. I think there’s a pretty sweet ecosystem for hosted web applications in Azure, and that’s barely is doing more than scratching the service.
Mike Pfeiffer:
Yeah. That’s pretty compelling, man. App Service or App Services, whatever you want to call it, everything in the umbrella there is pretty compelling. I know for myself, just a few years ago, I had a web application running on a EC2 Instance. It was IS. It was a SQL server application. It was just a basic web app, but it was running in a VM. Finally, after I was ramping up on Azure, I’m like, “Why am I doing this on a virtual machine?” Getting over to App Service just made sense. It’s so much easier to not have to worry about patching and backing up VMs and thinking about that.
Mike Pfeiffer:
But the thing with AWS that’s interesting, if you look at the service comparison that you gave the link for at the beginning of the show, if you kind of look at the comparison between app service and what AWS has, they have something called Elastic Beanstalk, which is like a management service. They called it a PaaS platform service, but the truth is it’s actually more of a wrapper around things like the EC2 service and some of the other things. For example, if as a developer, I needed a load balanced fleet of web servers that were automatically scalable and all that stuff, that’s a lot of infrastructure for me to understand as a developer.
Mike Pfeiffer:
Elastic Beanstalk is there so a developer can then go and spin up a production grid environment that has virtual machines in auto-scaling group behind a load balancer, all these things. But it’s actually going to deploy IS resources for you in your account and then you manage them with this Elastic Beanstalk service. While it is a PaaS experience, you end up with infrastructure components and are spread out across multiple services. Then it’s up to you and your team to manage access to that stuff. Make sure that nobody is accidentally deleting it because they’re seeing it pop up in the EC2 console and things like that.
Mike Pfeiffer:
It’s interesting to see Microsoft have much more maturity, way more maturity, in a PaaS service in my opinion. This is one of the areas where Microsoft is really in leading in cloud computing in general I think. Google has got some good offerings there too, but in my opinion App Service is definitely more mature as a PaaS service than some of the stuff I’ve seen in Elastic Beanstalk. I think that’s one place where Microsoft is going to continue to get a lot of traction. It’s been pretty interesting to watch so far.
Tim Warner:
Yeah and you mentioned scaling. I’m glad you did. I think that’s a very important differentiator here because as you just said, if you’re running your application in one or more VMs and the traffic gets to be such that you need some horizontal scale, that’s going to be really fun to do that manually with virtual machines. But in App Service, it’s literally a slider. You can either manually break out additional instances and you don’t have to do anything with data or config synchronization. It’s all hosted. You move the slider. Instead of one instance, you went three. Hit save or run a line of PowerShell or Azure CLI whatever, and it’s a done for you. You can do auto-scaling roles based on how heavily utilized the node is.
Tim Warner:
Under the hood, similar to what you were saying with EC2 Instance and Elastic Beanstalk, these hosted web apps are virtual machines potentially containers, but Microsoft is handling all that agility for you automatically. Finally before I forget, there is one other related product in the app service family to answer the question of how can we take advantage of all this nifty agility and scale with web apps, but do so in a completely private way. Maybe a business is unwilling to put their line of business app or even internal app out on Azure App Service because by default, it is exposed to the world because the notion is it is world accessible.
Tim Warner:
There are some techniques for integrating web apps and app service into a virtual network to take advantage of some of the boundary, the connectivity boundary and security there. But Microsoft’s answer at least as of today is you need something called an app service environment. Those can be pretty expensive because Microsoft is actually reserving physical hardware for you in their data centers. But that is how you would have a web app, an Azure App Service web app in a completely air gaped environment where there’s no Internet connectivity at all. You control 100% who can interact with the app. Does Amazon have anything like that?
Mike Pfeiffer:
Yeah, they do. I’m glad you brought it up too because man this summer all of the customer engagements that I had, every single one so far has been that. It’s been how do we take these managed services and isolate them. It’s been a common theme, not even just the web apps but the SQL implementation to the database too, stuff that we can get into, but Amazon can do that. At AWS, if I was going to spin up an environment, whether it’s I’m manually building it piece by piece or automating it through a template or using a Beanstalk environment, any of that stuff, it’s all using the standard core infrastructure, EC2, virtual private cloud, all that kind of stuff. So, I can have my virtual machines isolated inside their own virtual network even though I’m using Beanstalk.
Mike Pfeiffer:
Then also, if I’m doing something like a serverless application where AWS Lambda is the equivalent of something like Azure functions, which could be considered kind of an App Service spinoff if you will but I think AWS Lambda is super mature. If you’re doing serverless development, that’s a place in AWS that they’ve been working on their service for, whatever, it’s five or six years now. So, that’s pretty solid. People are doing some ambitious stuff with serverless there, but you can put the serverless functions inside your own VPC as well. So you can isolate those and get that network isolation that you were talking about.
Mike Pfeiffer:
The same thing with database services. There’s a relational database service where you can do a managed SQL implementation. You can put that stuff inside your own VPC and kind of wall it off and have a private connectivity. Just like with Azure, if you’re going to Azure V-nets, the virtual networks, you can create service endpoints tucked to a public service without the traffic leaving your virtual network. AWS has that as well inside the VPC.
Mike Pfeiffer:
To answer your question, yes, round about sort of way we can totally do that stuff, but again, it feels a lot more like infrastructure management than it does managing a PaaS solution IT experience. So yeah. It’s a common theme though. A lot of people are wanting to be managed because it’s easier. You can offload the heavy lifting of all the stuff we mentioned backups patching, all that kind of stuff but then the security folks don’t want the isolation. It’s an interesting time because I’m spending a lot of time with teams right now doing projects where you might need over engineering things a little bit because even with the public service to solve the ability to firewall in a lot of cases. So, anyways, that’s kind of the story with that.
Tim Warner:
Data-tier is an important consideration. Again, to go back to the typical way of doing things, you’ve got your data-tier defined as a failover cluster virtual machine. Well, it’s a very different paradigm in the public cloud. As you would expect since Microsoft created SQL server, in fact if my memory servers, the first Azure product was a cloud hosted SQL server. So, we’ve got Azure SQL database as it’s called. That’s the analogy, the direct analog to SQL on premises. There’s Azure SQL Data Warehouse, which is a cloud-hosted variant of SQL data warehouse on premises. Same use case pretty much. The parity between them is remarkably close.
Tim Warner:
Again, a joy in consulting life is turning a client or customer onto the fact that they don’t have much of anything to lose by migrating their SQL server databases to Azure SQL. If anything, they have everything to gain in terms of being able to geo-replicate with a couple of mouse clicks. I mean, crazy stuff like that. The different encryption layers that you might be accustomed to in SQL server are available. So, the environment in Azure for SQL server is really rich.
Tim Warner:
There’s actually a third cloud hosted SQL server version called Azure SQL database managed instance, which is like a midway point between running SQL server in a VM where you’ve got control of the virtual server and it’s memory allocation in SQL engine and Azure SQL database, which doesn’t have SQL engine. It is more of a platform tool. Managed instance serves as a good midpoint for that. Really, all of that is just the Microsoft land. We’ve got native products in Azure for MySQL. There’s Azure database for MySQL servers. There’s Azure database for PostgreSQL servers. I believe there’s a native support for Maria, yeah, Azure database for MariaDB servers. Maria, of course, is a fork of MySQL. As far as relational, I mean a lot there in terms of hosted.
Tim Warner:
As far as non-relational platforms, the main go-to is a product that I absolutely love. It’s Cosmos DB, which is a multi-model non-relational database. So, it’s got document based API that uses a SQL syntax. It’s not actually NCSQL because it’s close enough for horseshoes. There’s a number of other APIs that hit different NoSQL paradigms like graph and wide column. The idea with Cosmos is regardless of how you’re accustomed to doing NoSQL, you should be able to migrate into the Cosmos equal system. Like I said, I’m a huge fan. Well, turn key geo redundancy. Five different data consistency level. It’s just such a Cadillac product. I’m just wondering right now, does Amazon have anything akin to Cosmos?
Mike Pfeiffer:
Yeah, it actually does. On the NoSQL side of the house, they have a service called DynamoDB that’s very similar in terms of storing JSON documents in a database type of system. So, if you work with MongoDB or if you’ve worked with things like Cosmos DB in the past, it’s a very similar service to DynamoDB. In terms of the relational database stuff, there’s the Amazon Relational Database Service or RDS. You hear about that a lot because it’s been around a long time. It’s very similar to what you’re describing. There’s a bunch of different relational database engines. There’s Microsoft SQL server along with Oracle, Maria DB, MySQL, PostgreSQL. But one of the things Amazon is famous for doing is taking open source products, customizing heck out of them, using them internally. There’s a retail business, so building Amazon.com. Once they kick the tires on that thing and get it really refined, then they turn around and sell it.
Mike Pfeiffer:
So, the database in engine in RDS is called Amazon Aurora, which is based on MySQL but it’s Amazon. It’s their baby. They’ve been on it for a long time. It’s basically more performance than general MySQL. Now it does actually support PostgreSQL as well. So, hoping it’s if you’ve got an application that uses MySQL or PostgreSQL clients, you can point it at an Amazon Aurora database engine. Then go off and do things like auto-scale up to 64 terabytes of storage per database instance, all kinds of different replica options. You can go to I think 15 read replicas globally.
Mike Pfeiffer:
So, a very interesting service already as overall, but it’s very similar to Azure SQL. The big difference is you can pick how you’re going to deploy, public or private. So, if you [inaudible 00:33:25] public, it’s got a public IP address. But you can choose to deploy demand database instances inside the virtual network, which is very similar to what you’re mentioning with Microsoft’s Azure managed SQL database or whatever the client [inaudible 00:33:39] same kind of content.
Tim Warner:
Yeah, that’s cool. Unfortunately, securing of Azure SQL database and protecting it against public access, it’s certainly possible. But in my humble opinion, it’s a little bit on the cranky side working with what they call their firewall feature. So, it’s certainly possible to screen your Azure SQL databases against public attack, but it doesn’t sound as clean as what Amazon’s got going on.
Mike Pfeiffer:
Yeah. I mean, there’s more isolation capability just by virtual of you have a little bit more control there whether placing the instances running the database. But I think one of the things that, I don’t know, having been a guy that has built my own SQL always on clusters before, whether it was on machines or something else, knowing how many steps are involved, I always geek out when I go in and view redundancy in Azure SQL [inaudible 00:34:36]. You can do that in AWS’s RDS service. It’s a very similar option but I don’t want to say, I have to double check, but Microsoft has failover groups where you got a single read-write endpoint that can be basically distribute the connection across regions if you have to. That’s pretty sleek man because there’s not much to it. You click through a couple of screens and then boom, there it is.
Tim Warner:
Thanks. That’s a good example. Very few companies in the world would have the money or staff to be able to do that kind of geo presence, geo higher variability. Also, that question of CapEx versus OpEx. The fact that you can resize. If you find that your Azure SQL implementation is over or underutilized, you can resize. Same thing with VM, same thing with Azure App Service. The notion of vertical scale. How different that is from getting a purchase order and buying or leasing hardware for your data center and it’s sitting there either over or under utilized, but you paid for it. It’s not like that in the cloud, is it?
Mike Pfeiffer:
One of the things that they’re doing on both sides that I’ve noticed but I haven’t gotten into myself is they’re starting to offer serverless options for logical database, which is interesting. I think I get a lot of people that pushback on the serverless terminology, but really what they’re getting at is there’s no logical server that you’re thinking about because even with managed SQL there’s the concept of logical database server, even though I don’t have the [inaudible 00:36:09], I’m putting the database on there. Now, they’re starting to build these solutions that are serverless.
Mike Pfeiffer:
I haven’t looked at Microsoft’s Azure SQL serverless. I’m not sure what that entails, but in the Amazon side, they’re starting to do it now for the Aurora database engine. It could get interesting because it might help squeeze more cost optimization out of this stuff as well as performance. So, we’re just going to have to see how to plays out, but I haven’t played around with either of those just yet.
Tim Warner:
Well, thank you for teaching me something.
Mike Pfeiffer:
[crosstalk 00:36:36].
Tim Warner:
I didn’t even know about this product. I just bookmarked it now, so I’ll study it tonight. Azure SQL database serverless. I’ll be darned. You learn something new every day in the public cloud. Isn’t that true?
Mike Pfeiffer:
It’s true, man. Stuff is coming out every single day, and that happens to the people that work at those places. You mentioned that I worked at those places and it happened to me all the time. Something would come out. I’m like, “Should I know that or work through it?”
Tim Warner:
Right. That was very affirming for me because at Pluralsight in my day job for the last couple of years working on Azure courses exclusively, I’ve been working with product groups a lot. It is affirming when I teach them about a product that they had no idea existed and how their team was developing. It’s like okay, it’s not just me. It’s not just me. We’re all learning every day with this platform.
Mike Pfeiffer:
That’s really true, man. Everybody is trying to figure stuff out, even the people that work at these places. So, I think we’ve got time maybe to hit containers. We’ve talked a lot about some interesting stuff. We’re going to have to do another episode like this later on in the future, but let’s talk about containers because everybody is talking about Kubernetes and Docker and stuff like that. You already mentioned that we can do containers in App Service. So, we can spin out VMs around containers on there. We can push container images into Azure container registry and have those automatically deployed to things like App Service. What’s your hunt take on containers, Kubernetes, and what should people paying attention to in Azure? Then we can compare that to AWS.
Tim Warner:
Although I’ve never worked as a developer yet, there’s always time. I love development. I’m fascinated with it, so I’m definitely on board with the portability and agility of containers. The way I like to describe the hierarchy in Azure and I describe it as a hierarchy moving from the infrastructure side to the near serverless side, you can always do a Linux or Window server VM and install Docker on it, the Docker daemon and deploy containers that way. But as far as hosted containers, the options in Azure are rich, not the least reason for which that Microsoft and Docker are BFFs. They partner deeply so that Microsoft can offer Window server containers in addition to what history has just been Linux.
Tim Warner:
Anyway, we’ve got at the ground floor hosted containers in Azure, the Azure Container Instance service. This is for on-off containers where you can just through any of the APIs, the portal, PowerShell whatever, you can just ad hoc to a pole and do a run of containers. As you had mentioned Mike, you’ve got the ability in Azure to do private container registry. So, your team can populate to central registry with your images, with your custom Docker images and then deploy those through the Azure Container Instance service or just on your own. You can do a poll and start.
Tim Warner:
Then ultimately, if you have need for orchestration and higher variability and that kind of stuff, there’s Azure Kubernetes Service or AKS. This cause some confusion among some because it used to be called Azure Container Service or ACS and the idea there is that Microsoft originally wanted to do a container orchestration in a multi-model framework where you could use, what is it, an Apache, Swarm or Kubernetes. There were a few options, but they’ve seen learned customer demand skills heavily towards Kubernetes. It’s Azure Kubernetes Service. That’s a hosted Kubernetes clusters and you can use all the native tooling with Kubernetes. You don’t have to do it using a separate Azure specific set of tools. So, that’s the big picture on the Azure side.
Mike Pfeiffer:
Yeah. It’s funny that they just punted the Azure Container Service when they realized it was just Kubernetes. I like that because I like the fact that it’s really early in that ecosystem. They realized okay, nobody really cares about trying to do Docker Swarm in production. They’re going to go Kubernetes kind of cut it. So anybody that might have deployed on ACS I think they’ve been told to get off by 2020. But Amazon kind of went through something similar, like we can do all the same things you mentioned. We can spin up in EC2 instance and store the Docker daemon on there and start spinning up containers on there. But when you’re doing containers at scale in production across multiple virtual machines, we’ve got a couple of different ways to do it.
Mike Pfeiffer:
First, there is a container registry in Amazon just like there’s in Azure. I’m speaking for [inaudible 00:41:05] there. That’s nothing really new. You don’t have to use it. But when it comes to running the containers, Amazon originally built something called ECS, so the Elastic Container Service. So, that was actually a proprietary container orchestration system that was completely integrated obviously with AWS. That actually works really good. I think the big thing I think most people would say, especially people that have Kubernetes experience would be it’s just a little bit watered down than you would expect in terms of management. But it’s integrated with EC2 and auto-scaling and load balancing and all that kind of stuff, so it’s easy to get a cluster up and running. So, it operates similarly to the way AKS runs in Azure. You can cluster virtual machines. They’re all running a Docker daemon and you can spin up containers across those [inaudible 00:41:57].
Mike Pfeiffer:
Now, obviously Kubernetes has become popular. So, a couple of years back, I guess now it’s been, they created the EK service, so the Elastic Kubernetes Service, largely to run a Kubernetes cluster on EC2. It’s all managed very similar to AKS. So, those are kind of two main computes orchestration options that are available natively. But they do have something called AWS Fargate, which is very similar to what you were talking about in Azure Container Instances. The cool thing I’d like about Azure Container Instances is that you can literally just ask for a container they’re like, “Here you go.” You don’t need a virtual machine. You don’t need anything.
Mike Pfeiffer:
That’s what I always expected when I heard the terminology of a container service. I’m like, “Oh container as a service.” But when they say that, they’re usually talking about we’re going to build the fleets of VMs for you, then we’re going to run the containers on those VMs for you. Things like Azure Container Instances where there’s no VMs, there’s no clusters. It’s just here is a container for you. AWS Fargate is the option in AWS that does something similar. So, it’s a serverless compute system to run containers. You’re literally just saying, “Hey, here is my engine x container image. I want you to spin up the process or spin up that container image so I got my application.” Then you kind of go off. When it’s done, you’re done using it. You’re not paying anymore.
Mike Pfeiffer:
I think you can actually build in ECS cluster and use Fargate as the underlying compute instance. So, that means there’s no virtual machines. There’s no cluster. You just got like container orchestration system and container as a service. I think that’s really compelling. I would bet that as AKS continues to mature, a concept of doing virtual nodes and using Azure Container Instances, I think personally I’d like to see it go let’s go past just having a cluster of VMs, to just have it all be completely managed. Let me focus on the application and not worry about infrastructure.
Tim Warner:
Yeah. That’s definitely the trend.
Mike Pfeiffer:
But anyways, those are some of the things that if you’re hearing, especially if you’re on side or the other, now at least you hopefully got a little bit more perspective on some of these items.
Tim Warner:
Indeed.
Mike Pfeiffer:
What do you think, Tim?
Tim Warner:
I apologize we went so long.
Mike Pfeiffer:
Yeah. It’s all right. I think we started a little bit late. I think it was a great episode. We’ll have to come back and do this again some time, man.
Tim Warner:
There’s so much to cover, for sure. I look forward to it.
Mike Pfeiffer:
Before we head out, what are you working on right now? What should people be keeping an eye from you?
Tim Warner:
I just finished a course for Pluralsight on data processing, batch data processing, which was a survey of platforms like Azure SQL data warehouse, HDN site and data bricks. So that should be out within a week of today’s recording in late August 2019. As far as my next project, I don’t have one. So, I’m in a blissful state of floating along. So, that’s what I’d like to pass on. Enjoy life.
Mike Pfeiffer:
Congratulations, man. I’ve heard that you’re speaking at Ignite that’s coming up in November, right. [crosstalk 00:45:03] the big show.
Tim Warner:
What is your session or what are sessions?
Mike Pfeiffer:
Yeah, sure. By the way, congratulations.
Tim Warner:
Thanks, same to you.
Mike Pfeiffer:
Yeah, thanks. I’m teaching a session on the AZ-103 exam. I’m going to do the m-prep guide or whatever exam prep session for that. Then I’ll be like in the, I’m not exactly sure operational wise how everything is going to be setup, but I’ll be recording two video podcasts, the devops focus. We’re doing on how do you transition from being a sys admin to a devops engineer. Then we’re doing one on serverless for devops engineers. So, how do you use Azure [inaudible 00:45:41] as a devops engineer not a developer.
Tim Warner:
Like you, I’m doing an exam prep. I’m doing AZ-900, which is Azure fundamentals. I’m really excited about that because the audience is so broad. So no matter what, if your work touches Azure, I think you belong in that session. The other one is technical. It’s a survey of Azure Bastion, which is an alternative… It’s basically a hosted jump box is what it is, which solves the problem of exposing your VMs via public IPs and solves the problem of what if you don’t know how to do a jump box and what if you don’t trust your jump box is truly secure. You can just use this hosted option as an alternative. It’s really cool.
Mike Pfeiffer:
That’s a good example of a place in their platform that they have something that AWS doesn’t actually have. They have a template where you can spin up VMs to do that [inaudible 00:46:35] and all that, but you got to manage it and stuff like that. That’s one of the things I was thinking of when I was talking about Microsoft is building some really cool management interfaces. That was what was kind of rattling around in my head. That will be cool man because I haven’t spent much time on it. I might have to [crosstalk 00:46:49].
Tim Warner:
Yeah, definitely. I need to brush up. I’ve always wanted to get deeper into Azure development. So, I belong in your session as well.
Mike Pfeiffer:
Awesome. Hey before we go, since we’re talking about upcoming stuff, I notice that our book is available for pre-order on Amazon. I wasn’t really planning on sharing it, but if anybody is out there listening and you’re somebody that likes to study through reading actual books, Tim and I and a few other folks in our circle have authored the AZ-300 for Microsoft Press.
Tim Warner:
Correct.
Mike Pfeiffer:
It was AZ-300 right, Tim? Okay, cool. That’s available for pre-order now on Amazon. I’ll put the link on the show notes, but that was pretty cool to work that project with you.
Tim Warner:
Yeah, likewise.
Mike Pfeiffer:
Congratulations on that as well, Tim.
Tim Warner:
Same to you and thanks for the heads up about the pre-order. I just see that now. I didn’t know that.
Mike Pfeiffer:
Oh yeah. Nice, man. Cool. Well it’s good, man. I really appreciate you coming on this show. As usual, I appreciate your perspective. Everybody listening, you got to go watch Tim’s stuff. Make sure you’re following him on Twitter. I’ll put all of the stuff on show notes in case you don’t know where to find him. Until next time, hope you guys have a great week and we’ll see you in the next episode.
Top comments (4)
I was disappointed in both the podcast and the additional AWS to Azure content because it didn't convey much information to help translate over AWS to Azure as suggested.
It touched on a few services and it was strongly presented from the Azure side so the translation wasn't clear.
I would look forward to this topic being covered again but with more meat to it next time.
What about GCP? IMHO they're superior to the both of them.
Lowest costs, lowest downtime, better support and so on.
Just because AWS have a lot of services doesn't make it great.
Now I can't speak for AWS, but oh boy if Azure is not the worst.
Their portal is completely useless and feels like it was created by 9 year olds.
AKS is literally the worst as they've not implemented it properly and I could literally continue for days about other stuff that's not working as intended.
I've had nothing but hours of misery working with Azure.
This episode isn't about telling people to choose only one of these platforms. Most of our customers are considering these, so we're just comparing the differences for those folks to help them make an informed decision. Not everyone gets to choose the platform, it just comes with the job sometimes.
I'm gonna do some GCP stuff at some point, just haven't had time yet. It'll happen at some point.