Simple comparison of Cloud Storage options

Azure offers 3 main options for storing files:

Azure File Store (Supports SMB, no version control)

Azure Blob Storage (No SMB, has version control via apis, tiers for archiving)

Azure Data Lake Storage -Gen2 (No SMB, no versioning), more relevant to Big data/DataLake

 

AWS also has options to consider:

Amazon Simple Storage Service (S3), similar to Azure Blob Storage with an API and tiers

Amazon FSx, similar to Azure File Store, supports SMB and NFS

Amazon Elastic Block Store (ESB) supports NFS

Office 365/SharePoint Archive option:

https://adoption.microsoft.com/en-gb/microsoft-365-archive/

Extra SPO/O365 storage costs about $0.20/GB per month, using the SP Achieve service cost 0.05$/TB per month.  Also you only get changed for what you use, no pre-provisioned size.  Security & compliance is maintained so for old data needed to be archive this is a great easy option.

WAF Options

Overview:  HTTP Traffic from users to web sites and API's need to have WAF protection.  Both Azure and AWS have good services to protect your API's and applications.  There is also the option to use a dedicated WAF Services.  When protecting large organizations with hybrid cloud providers then options like Barracuda, Imperva/Encapusla, F5 and Cloudflare are good enterprise level options.  Fundamentally, a WAF sits as an intermediary between the user and the resource they are requesting using HTTP.  I like to set my highest priority rule to DENY all HTTP & HTTPS traffic, then i specifically open the rules that i want to flow thru, a lot people do it the other way around in smaller implementations.

WAF Options:

• Azure WAF simple in 1 region for a WAF especially with APIM and if you are an Azure customer simple got for an Azure Application Gateway with WAF enabled.  DDoS is s separate service that can be integrated before Azure WAF or Azure Firewall.  Cheaper per IP SKU option for specific IP adrs.
• Azure Front Door WAF is pretty amazing, Cloudflare is historically the leader with similar functionality.  On Microsoft Azure the main two options for WAF are Front Door WAF (Best, most expensive) and Azure Application Gateway WAF.
• Competitor  options: Barracuda WAF SaaS Service or Any software firewall KEMP, F5, Check Point, Fortinet/Fortigate, Cloudflare WAF, Akamai, AWS WAF, AWS Network Firewall, Cloud Armor is GCPs WAF I believe, ....  
• Check WAF service has protection at least for DDoS, XSS, SQL injection attacks, SSL Termination if you need it, Managed RuleSets.
• AWS WAF is for web traffic (layer 7), there is a separate AWS Shield service that is used for DDos attacks.  AFS can be applied at a Application Load Balancer, Amazons API Gateway, and Amazon CloudFront.  With AWS WAF you also get Shield (standard free).  Shield adds advanced features and the standard version that is always included by default with AWS WAF has monitoring and DDoS protection.

• Barracuda WAF is a SaaS Service that has worked fairly well for me.  Has a fair amount of options and rules.  Has add-ons like anti-virus scanning.
• Imperva WAF was previously called Incapsula WAF, that provides a SaaS WAF service including Smart DDoS (block dodgy traffic and passes thru good requests), API Security, SQL injections, Xss.  Multiple data centers around the world.

• Cloudflare is a Secure access service edge (SASE).  Cloudflare provides a WAF service at hundreds of endpoints around the globe (for instance there are 5 Cloudflare endpoints in Australia).  WAF functionality like SSL, DDoS (L7), customer rule e.g. rate limiting, OWASP rules applied, "api protection", et al. is done close to the user request (nice low latency) and then if successful it is pushed to the backend.

 

Last Updated: 2022-03-15

AWS vs Azure services offering comparison for Solution Architects

Overview: Microsoft provides a useful list that allows me to know AWS services aligned to Azure Services.  This is pretty useful if you know 1 platform considerably better than another to quickly figure out your options on either AWS or Azure.

My Service comparison notes:

Amazon CloudWatch - same as Azure Monitor.

Amazon Relational Database Service (RDS) – SQL Server, Oracle, MySQL, PostGress and Aurora (Amazon’s proprietary database).  

Azure SQL lines up with Amazon's RDS SQL Server Service.  Although Aurora is probably also worth the comparison as it's AWS's native DB option. AWS Aurora is more performant and allows more scale, has an amazing five nine (99.999) availability SLA.  Aurora Serverless competes directly with Azure SQL.  AWS RDS is excellent and much better than MySQL or PostgreSQL in terms of performance.

Amazon DynomoDB is the same as CosmosDB, which is the NoSQL database.

AWS API Gateway - Azure API Management

Amazon Redshift is the data warehouse.  It can be encrypted and isolated.  Support Petabytes of data.

Amazon ElastiCache run Redis cache and MemCached (simple cache).

AWS Lamda – Azure Functions. i.e. Serverless.

AWS Elastic Beanstalk – Platform for deploying and scaling web apps & Services.  Same as Azure App services.

Amazon SNS – Pub/Sub model – Azure Event Grid.

Amazon SQS – Message queue.  Same as Azure Storage Queues and Azure Service Bus.

Amazon Step Functions – Workflow. Same as logic apps

AWS Snowball – Same as Azure Box.  Physically copy and transport to data centre for upload.

Virtual Private Cloud (VPC) – Azure virtual network 

Amazon AppStream - Azure VDI (Virtual desktop) I think.

Amazon QuickSight - Power BI (Tableau Business Intelligence).

AWS CloudFormations - ARM and Bicep

Tip: I am glad that I did the AWS Certified Cloud Practitioner exam as it helped my understand of the AWS offering which has been very useful in large integration projects.  I have worked with AWS IaaS (EC2, API gateway and S3 historically).  Like Azure, there are a lot of Services and features.  Basically, there are equivilant services for Azure & AWS.  It may be a 2-to-1 service offering or it is not something offered by the cloud provider.

AWS vs Azure vs GCP Comparison

Overview:  I predominately use Azure & Microsoft for all my cloud services.  

Source: https://www.cloudhealthtech.com/blog/aws-vs-azure-vs-google

I have installed multiple SharePoint farms and setups on AWS EC2 instances and I'm currently preparing for the Cloud Practitioner AWS exam.  I have used Google for authentication, SaaS nut not as a IaaS offering.  I'm also a huge fan of Heroku which is great for PaaS and I used this to host my game built for Facebook games.  I've also seen IBM's cloud offering a few years ago.  For me it is too niche and not as feature rich.  So basically I understand Azure's offering well so I found this comparison pretty useful.

My Thoughts:  The contenders:  I really like Heroku for it's simplicity.  I feel for a small Indie developer or company, Heroku has a good free and cheap simple billing options.  GCP, I really can't comment from a good position of knowledge but from what I've used, I like GCP.  GCP is the third biggest Cloud provider.  As a large organisation, I'd only consider the big three: Microsoft Azure, AWS, and GCP to be our cloud partner.  Multi-cloud partner is a demand from some organisations, it's truely extra expensive.  Azure uses ARM templates and has many options for provisioing the IAAS, PaaS offerings.  If you are thinking multi-cloud consider Terraform by Hashicorp for IaC.  There is also the concept of Click-Ops (sic) which allows you to click thru the UI of the management of the Cloud services to get the the desired architecture, this is fine for simple small architecture but you can't do this at any scale or agility and it's super error prone.  Click-ops is more a joke term for the laziest way to build infrastructure and we need to make it sound modern.  IBM's offering, well if you are a partner, you cloud go with this option but it is aimed more a large business partners.  IBM's cloud is IaaS focused, with some PaaS offerings but once again I'm not an expert.

AWS, has always been really easy to use.  It is big and complex like Azure with many offerings.  Basically, I'd choose AWS if the organisation was already using it and the people in the org know have experience with AWS.  AWS originally was aimed at the B2C/startup market but was first to market at scale.

Azure, so in my world Azure and O365 feel like the dominant player but the diagram below provides a great insight into the relative size of the Cloud infrastructure market.  Azure SaaS offering O365/M365 is also huge and hosted on Azure.   Azure security is well thought out and their thinking on BYOK and geo-location appear to be important.  Microsoft offer Arm templates and DSC for configuring environments, they are also adding Bicep which is an abstract layer that will run ARM templates into Azure.

Source: https://www.statista.com/chart/18819/worldwide-market-share-of-leading-cloud-infrastructure-service-providers/

There is good resource CloudWars.co that goes into looking at the various cloud providers.  My current take away is Amazon is the biggest player in the IaaS field.  Azure has IaaS, a large PaaS offering and a massive SaaS (including Dynamics and O365) offering (Amazon has no equivalent).  I am focused on PaaS solutions for my customers so as to remove the infrastructure and process overheads of IaaS.

Off the top of my head reasons for moving and objections I hear for the cloud regardless of platform:

Why Cloud:

1. Save Money
2. More Secure
3. Fast Delivery/More Agile/Easy to scale/Increase business resilience
4. Eco-friendly

Challenges:

1. Lack budget
2. Spiraling costs
3. CAPEX model vs OPEX is business common norm that some business find difficult to switch
4. Resources/Skills
5. Believe security is an issue/Don't trust the Cloud
6. Migrate legacy apps (for me don't move to the cloud unless you get significant advantage)

Common Azure Services

Azure Key Vault - Secure config storage and retrieval

There are SDK's for working with Azure Key Vault such as the "Azure Key Vault secret client library for .NET (SDK v4)".  Extremely easy to get secrets from the secure vault using C#.

Azure Storage

Create a Service SAS for a Blob storage container

Microsoft Azure Storage Explorer is a great tool for reviewing your Azure Storage and in the case below I used it to add some Azure table storage for a demo customer list.

There is also a web edition of Storage explorer that is in preview as of 18 Nov 2020.

App Service - Host Web sites or WebAPI

Azure Artefacts - Code and share your packages via NuGet and npm packages with Azure Artefacts for more reliable and scalable builds

Azure Data Factory (ADF) - Basically, PaaS, fully managed Azure ETL/SSIS.  Many connectors are used to ingest data.  Send to Azure Synapse Analytics. Same as AWS Glue.  GCP has two ETL tools that are decent: Cloud Data Fusion (Main ETL Tool) and Cloud Dataflow.  They have other options at GCP.  Update 2025: Fabrics Data Factory is even better than ADF.

Azure Big Data

Azure Synapse Analytics  - is a managed PaaS solution that brings together ADF, Data Lakes (both Storage and Analyse) and Azure Data Warehouse under single managed solution.  Easier than the individual pieces and scales as you need with almost unlimited capability.  Azure Purview - discover and analyses all your data, integrates with AIP.  Azure Synapses simplified analytics, sold as a PaaS (Serverless) or dedicated.  Easiest way to draw data out of Azure Synapse is Power BI.  Easy to bring data into Azure Synapse from CosmosDB and SQL databases (no affect on performance) can automatically push the data into Synapse, no need for ADF. And the data is in live time.

Azure Application Configuration - Feature Toggles/Feature flags are extremely useful in code.  This service is great for turning on experimental features, operation feature, environment/release features, and security features.  Feature Toggles (aka Feature Flags) (martinfowler.com)  Use for feature flags whereas KeyVault is for secrets.

Azure Resource Explorer - Documentation on Azure API's and ability to call the APIs.

Azure Policy - Azure Policy Templates can be custom created that apply rules to your subscription.  There are a lot out of pre-canned policies.  You can enforce naming conventions, tagging standards, enforce deployment of resources into specific regions, ....