Documenting your Azure architecture can be a tedious job. Whether you are building your diagrams by hand (which you shouldn’t) or using an automated Azure documentation generator, understanding the different layers can be difficult.
This article will help you understand each section of a global Azure architecture diagram. The diagram used as our example was generated by Cloudockit and edited in diagrams.net. Keep in mind that depending on the size of your Azure architecture, your diagram could be smaller or bigger than our example.
Azure Load Balancer enables you to disburse traffic across a group of backend resources and servers. The load balancer allows you to get high availability for your applications.
There are 2 types of load balancers, public or internal (private). The public Azure load balancer provides connections for virtual machines within your virtual network. A private load balancer is used when private IPs are needed solely at the front end.
Public IP addresses enable Internet resources to communicate inbound to Azure resources and for Azure resources to communicate to the internet. However, a resource without an assigned IP address is still able to communicate outbound.
Azure Load Balancer is connected to Azure VM to distribute traffic to the virtual machine. Lastly, Azure public IP connects to Network Interface Cards to allow access to the internet for the resources connected to the Network Interface.
Azure Virtual Network (VNet) permits different Azure resources to securely communicate with one another, the internet, and on-premises networks.
VNets are comparable to a traditional network operated in your own data center, but with additional benefits of Azure’s infrastructure such as scale, availability, and isolation.
Subnets are ranges of IP addresses within virtual networks. For organization and security, subnets enable you to divide a virtual network into multiple subnets. Each NIC (see below) in a VM is connected to one subnet in one virtual network. Additionally, the IP addresses are private and can’t be accessed from the Internet.
A network interface card (NIC) is the interconnection between a virtual machine and a virtual network. A VM must have at least one NIC but can contain several NICs depending on its size. You can add or remove NICs through the lifecycle of a VM to allow each VM to connect to different subnets.
Lastly, keep in mind that each NIC attached to a VM needs to exist in the same location and subscription as the virtual network.
Connection from Network Interface Cards to Azure VM helps distribute network access.
A network security group (NSG) contains a list of Access Control List (ACL) rules that allow or deny network traffic to subnets and NICs. NSGs contain two sets of rules, inbound and outbound and each rule has properties (Protocol, Address prefixes, Direction of traffic, priority, and more) and contains a set of default rules that cannot be deleted.
Azure Virtual Machine (VM) is an on-demand, scalable computing resource. VMs give you more control over the computing environment compared to other cloud resources.
An Azure VM replaces physical hardware that would require constant maintenance. You do, however, need to maintain your VM by performing tasks like installing the software that runs on it.
Azure Virtual Machines can be used in various ways including:
Azure VMs connect to Disks for storing data including operating systems that will run on virtual machines, files, and more.
Azure Virtual Machine scale sets enable you to create and manage a group of load-balanced VMs. Scale sets provide high availability to your applications and help you to centrally manage, configure, and update many VMs.
Use Azure scale sets to manage your applications that run across your VMs and automatically scale your resources.
Virtual machine scale sets are connected to Azure VMs to manage a number of VM instances depending on your needs.
Azure storage accounts contain your storage data objects such as blobs, file shares, queues, tables, and disks. Additionally, your Azure Storage data can be accessed from anywhere in the world over HTTP or HTTPS.
Azure offers several types of storage accounts for your company’s needs including standard general, premium block blobs, premium file shares, and premium page blobs.
There are 4 types of Azure Managed Disks, Ultra Disk Storage, Premium SSD, Standard SSD, and Standard HDD. Disks are high-performance, block storage to be used with Azure Virtual Machines and VMware.
Azure Traffic Manager is a Domain Name System (DNS) load balancer. Traffic Manager helps you to distribute traffic to your public applications to all global Azure regions.
Azure Traffic Manager uses DNS which directs client requests to the appropriate service endpoint based on a traffic-routing method.
Azure App Service Plan defines a set of computing resources for web apps (Web Apps, API Apps, and Mobile Apps) to run. When creating an App Service plan for a geographical region, a set of computing resources are automatically created within that plan. Each App Service plan defines:
Within the Azure App Service plan, you will find the App Service which permits you to build and host web apps, mobile back ends, and RESTful APIs in the programming language of your choice without managing infrastructure.
With WebJobs, you can run programs or scripts in the same instance as a web app, API app, or mobile app.
SQL Servers use the SQL Server database engine in the Azure cloud. It is a family of managed, secure, and intelligent products including Azure SQL database, Azure SQL Manages Instance and SQL Server. Furthermore, Azure SQL helps you migrate applications with ease and continues to utilize the tools, languages, and resources you already know.
Storage account copies date to Azure SQL Database, that is why they are linked.
Azure SQL Database is a fully managed platform as a service (PaaS) database engine that handles most of the database management functions such as upgrading, patching, backups, and monitoring without user involvement.
Connection from Azure SQL Database to Azure Conditional Access is to manage user access to the database.
Lastly, Azure Content Delivery Network (CDN) is a global CDN solution that delivers high-bandwidth content. The advantage of Azure CDN is that it can be hosted in Azure or any location you wish.
Azure CDN can also accelerate dynamic content, which cannot be cached, by leveraging various network and routing optimizations.
We hope this article helps you understand your Azure diagrams a little more. As mentioned above, it is much better if you do not create your diagrams by hand. Your infrastructure is continually evolving, making your diagrams steadily obsolete. Instead of wasting time, take advantage of an Azure architecture diagram tool like Cloudockit.
Cloudockit will automatically generate your diagrams by finding the elements in your infrastructure. It can document more than 75 Azure workloads, 300 types of resources, and over 2000 links between them.