SkarpChapter 8 of 20
Azure Compute Services: From Virtual Machines to Containerized Apps
Tour the core Azure compute options and match each one to the right workload, from lift-and-shift servers to containerized microservices.
Orienting Yourself: The Azure Compute Landscape
Where Compute Fits
You already know how Azure regions, subscriptions, and resource groups work. Now you must choose what to run: virtual machines, web apps, containers, or serverless functions.
What AZ-900 Expects
For AZ-900, you should recognize the main compute options, match them to typical workloads, and compare how much control you have vs. how much Azure manages for you.
Five Core Services
We will focus on Azure Virtual Machines, Azure App Service, Azure Container Instances, Azure Kubernetes Service, and Azure Functions, and when to use each one.
Still Using the Same Foundations
No matter which compute service you choose, you still pick a region, use resource groups, and control access with role-based access control (RBAC).
Key Question
Keep asking: How much control do I need, and how much management do I want Azure to handle? This drives most compute choices and many AZ-900 exam scenarios.
Service Models Refresher: IaaS vs PaaS vs Serverless
IaaS Defined
"Infrastructure as a Service (IaaS) is a cloud service model that provides virtualized computing resources such as servers, storage, and networking on demand."
PaaS Defined
"Platform as a Service (PaaS) is a cloud service model that provides a complete development and deployment environment in the cloud, including infrastructure, middleware, and development tools."
SaaS Defined
"Software as a Service (SaaS) is a cloud service model that delivers software applications over the internet on a subscription basis."
Mapping Azure Compute
Azure VMs are IaaS. Azure App Service is PaaS. Azure Functions is serverless. ACI is serverless containers. AKS is a managed container platform between IaaS and PaaS.
Shared Responsibility
Under the shared responsibility model, Azure takes on more operational work as you move from IaaS to PaaS to serverless, letting you focus more on code and data.
Azure Virtual Machines: IaaS for Lift-and-Shift
What Is an Azure VM?
Azure Virtual Machines are cloud-based servers. Azure provides hardware and virtualization; you choose the OS image, size, and storage, just like a server in a datacenter.
Your Responsibilities
With VMs, you manage OS configuration, patching, application installs and updates, and OS-level firewalls. This is classic Infrastructure as a Service (IaaS).
Typical VM Use Cases
Use VMs for lift-and-shift of existing apps, custom software not supported by PaaS, and specialized workloads like certain databases or marketplace appliances.
Resiliency and Scale
Increase resiliency using Availability Zones or Availability Sets. Use Virtual Machine Scale Sets when you need automatic scaling of identical VM instances.
Exam Signal: Control
If a question stresses full control over the OS, custom drivers, or legacy apps that expect a full server, Azure Virtual Machines are usually the correct choice.
Example: Deciding When to Use Azure VMs
Legacy Finance System
A university needs to move a finance app that runs on Windows Server with a custom COM component and a vendor installer expecting full OS access.
Why VMs Fit
The app expects a full server. With Azure VMs you pick a Windows Server image, install the vendor software, and configure it like on-prem, with managed disks and zones.
Setup Steps (High Level)
Create a VM, pick region and size, choose Windows image, set admin credentials, open required ports, attach storage, then RDP in and install the finance app.
Exam Takeaway
When a scenario mentions legacy software, custom OS components, and no rewrite, Azure Virtual Machines are the safest and most likely exam answer.
Azure App Service: PaaS for Web Apps and APIs
What Is Azure App Service?
Azure App Service is a PaaS offering for hosting web apps, APIs, and some background jobs while Azure manages the underlying servers and OS for you.
What Azure Manages
Azure handles VM provisioning, OS patching, built-in load balancing, TLS/SSL termination, and autoscale. You avoid low-level server management.
Your Focus
You focus on your code, app settings, and scaling via the App Service plan. Supported stacks include .NET, Java, Node.js, Python, and PHP.
Typical Use Cases
Use App Service for websites, REST APIs, and backend services that do not need full OS control but benefit from easy scaling and deployment.
Identity and Exam Signal
App Service integrates with Microsoft Entra ID for sign-in. On the exam, phrases like “host a web app without managing infrastructure” point to App Service.
Example: Choosing Azure App Service for a Student Portal
Student Portal Scenario
A university builds a new ASP.NET Core student portal and API, wants CI/CD from GitHub, autoscale at peak times, and no OS patching work.
Why App Service Fits
App Service supports .NET, integrates with GitHub, autoscale rules, and hides server management, letting the team focus on features not infrastructure.
Deployment Steps
Create an App Service plan, then a Web App, connect it to GitHub, set app settings and connection strings, and configure autoscale rules.
Exam Takeaway
For web apps and APIs with CI/CD and “no server management” requirements, Azure App Service is the correct AZ-900 answer in most cases.
Containers, ACI, AKS, and Azure Functions: Modern Compute Options
Containers in Azure
Containers bundle your app and dependencies. In Azure, you can run them with Azure Container Instances, Azure Kubernetes Service, or App Service for Containers.
Azure Container Instances
ACI runs containers without servers or orchestration to manage. It is great for short-lived tasks, batch jobs, or simple containerized APIs.
Azure Kubernetes Service
AKS is a managed Kubernetes platform. Azure manages the control plane; you manage nodes and workloads. It suits large, microservices-based systems.
Azure Functions
Azure Functions is serverless compute. You write small functions that respond to triggers. Azure handles servers and scales automatically; you pay per execution.
Exam Clues
Single container, no orchestration → ACI. Many microservices containers → AKS. Event-driven code, pay per execution → Azure Functions.
Thought Exercise: Match the Workload to the Compute Service
Use this thought exercise to solidify your understanding. For each scenario, pause and decide which Azure compute service you would choose and why. Then compare with the suggested answer.
- Scenario A: Legacy HR Application
- Windows Server app from 2010.
- Requires a specific driver and registry settings.
- Vendor does not support running it on PaaS.
- Needs to be moved to Azure quickly.
Your pick?
- Suggested answer: Azure Virtual Machines. You need full OS control, custom drivers, and a quick lift-and-shift.
- Scenario B: New Marketing Website
- Simple public website with a REST API.
- Built with Node.js.
- Team wants GitHub-based deployment and autoscale.
- No desire to manage VMs.
Your pick?
- Suggested answer: Azure App Service (Web App). Perfect for web apps/APIs without server management.
- Scenario C: Image Processing Job
- A containerized Python script processes images from a storage account.
- Runs only a few times per day.
- No need for orchestration.
Your pick?
- Suggested answer: Azure Container Instances. You can spin up a container, process images, and shut it down, paying only for runtime.
- Scenario D: Event-Driven Notifications
- Send emails whenever a message appears in a queue.
- Logic is a few lines of code.
- Load is unpredictable.
Your pick?
- Suggested answer: Azure Functions. Ideal for small, event-driven pieces of code with automatic scaling.
Quick Quiz: Core Compute Options
Check your understanding of the main Azure compute services.
A company wants to host a REST API without managing the underlying servers. They want built-in load balancing, easy scaling, and integration with Microsoft Entra ID for authentication. Which Azure service is the best fit?
- Azure Virtual Machines
- Azure App Service
- Azure Kubernetes Service
- Azure Container Instances
Show Answer
Answer: B) Azure App Service
Azure App Service is a PaaS offering designed for hosting web apps and APIs without managing the underlying infrastructure. It provides built-in load balancing, autoscale, and easy integration with Microsoft Entra ID. VMs require full server management, AKS is overkill for a single API, and ACI is for running individual containers without the rich web app features.
Quick Quiz: Containers and Serverless
Test your ability to distinguish ACI, AKS, and Azure Functions.
You need to run a small piece of code whenever a message is added to an Azure Storage queue. The workload is highly variable, and you want to pay only for the execution time. Which service should you choose?
- Azure Virtual Machines
- Azure Kubernetes Service
- Azure Container Instances
- Azure Functions
Show Answer
Answer: D) Azure Functions
Azure Functions is a serverless compute service designed for event-driven code, such as reacting to queue messages. It scales automatically and charges based on executions and resource consumption. ACI and AKS run containers but do not provide the same event-driven, pay-per-execution model. VMs would be the most expensive and management-heavy option.
Choosing the Right Compute Service: Control, Management, Cost
Control Levels
Control is highest on Azure VMs, medium on AKS, lower on App Service and ACI, and lowest on Azure Functions, where you focus just on code and triggers.
Scalability Patterns
VMs scale via manual changes or scale sets, App Service via autoscale rules, ACI by adding containers, AKS with Kubernetes autoscaling, and Functions automatically.
Management Overhead
Managing VMs is most work; AKS still needs cluster skills. App Service, ACI, and Functions offload most infrastructure tasks to Azure.
Cost Models
VMs and AKS nodes bill per provisioned hour. App Service bills per plan instance. ACI and Functions use more granular pay-per-use pricing.
Exam Heuristics
“Minimize management” for web/API → App Service or Functions. “Full OS control” → VMs. “Many containerized microservices” → AKS.
Key Term and Service Review
Flip these cards to reinforce the core compute concepts for AZ-900.
- Infrastructure as a Service (IaaS)
- Infrastructure as a Service (IaaS) is a cloud service model that provides virtualized computing resources such as servers, storage, and networking on demand.
- Platform as a Service (PaaS)
- Platform as a Service (PaaS) is a cloud service model that provides a complete development and deployment environment in the cloud, including infrastructure, middleware, and development tools.
- Azure Virtual Machines
- An Azure compute service that provides IaaS virtual servers in the cloud. You manage the OS, runtime, and applications. Ideal for lift-and-shift and workloads needing full OS control.
- Azure App Service
- A PaaS service for hosting web apps and APIs without managing underlying infrastructure. Azure handles servers and OS; you focus on code, configuration, and scaling.
- Azure Container Instances (ACI)
- A service for running containers without managing servers or orchestration. Suitable for simple or short-lived containerized workloads; often called serverless containers.
- Azure Kubernetes Service (AKS)
- A managed Kubernetes service for orchestrating containers at scale. Azure manages the control plane; you manage nodes and containerized workloads.
- Azure Functions
- A serverless compute service for running small, event-driven pieces of code that scale automatically and are billed based on executions and resource usage.
- Microsoft Entra ID
- Microsoft Entra ID is Microsoft’s cloud-based identity and access management service that helps employees sign in and access resources such as Microsoft 365, the Azure portal, and thousands of other SaaS applications.
- shared responsibility model
- The shared responsibility model is a framework that defines how security and compliance responsibilities are divided between the cloud provider and the customer.
- Lift-and-shift
- A migration approach where you move an existing application to the cloud with minimal or no code changes, often using Azure Virtual Machines.
Key Terms
- Lift-and-shift
- Migration strategy that moves applications to the cloud with minimal changes, often by recreating servers as Azure Virtual Machines.
- Azure Functions
- Azure serverless compute service for running event-driven functions that scale automatically and are billed based on usage.
- Azure App Service
- Azure PaaS offering for hosting web apps, mobile backends, and REST APIs without managing the underlying infrastructure.
- Microsoft Entra ID
- Microsoft Entra ID is Microsoft’s cloud-based identity and access management service that helps employees sign in and access resources such as Microsoft 365, the Azure portal, and thousands of other SaaS applications.
- Azure Virtual Machines
- Azure compute service that provides IaaS virtual servers in the cloud where you manage the operating system, runtime, and applications.
- shared responsibility model
- The shared responsibility model is a framework that defines how security and compliance responsibilities are divided between the cloud provider and the customer.
- Platform as a Service (PaaS)
- Platform as a Service (PaaS) is a cloud service model that provides a complete development and deployment environment in the cloud, including infrastructure, middleware, and development tools.
- Software as a Service (SaaS)
- Software as a Service (SaaS) is a cloud service model that delivers software applications over the internet on a subscription basis.
- Azure Kubernetes Service (AKS)
- Managed Kubernetes service in Azure for deploying, scaling, and managing containerized applications using Kubernetes.
- Azure Container Instances (ACI)
- Azure service that runs containers without requiring you to manage servers or orchestration, suitable for simple or short-lived container workloads.
- Infrastructure as a Service (IaaS)
- Infrastructure as a Service (IaaS) is a cloud service model that provides virtualized computing resources such as servers, storage, and networking on demand.