Documentation Index
Fetch the complete documentation index at: https://resources.devweekends.com/llms.txt
Use this file to discover all available pages before exploring further.
Compute Services
This chapter will teach you everything about running applications in Azure, starting from absolute basics. We’ll explain what compute actually means, why different options exist, and how to choose and use them confidently.What You’ll Learn
By the end of this chapter, you’ll understand:- What “compute” means in cloud computing (explained from scratch)
- Why you need compute resources and what they do
- The differences between VMs, App Service, Functions, and Containers
- How to create and configure each compute type step-by-step
- When to use each option (with real-world decision criteria)
- How to optimize cost and performance
- Best practices for production deployments
What is “Compute”? (Start Here if You’re Completely New)
Let’s start with the absolute basics. What does “compute” even mean?The Simple Explanation
Compute = The ability to run your code That’s it. When you write a program (a website, an app, a script), it needs to run SOMEWHERE. That “somewhere” needs:- CPU (Central Processing Unit): The brain that executes your code
- Memory (RAM): Temporary storage while your code runs
- Storage (Disk): Where your code and data are stored permanently
Real-World Analogy
Think about baking a cake:- Your recipe = Your code (the instructions)
- The kitchen = Compute resources
- Oven = CPU (does the work)
- Counter space = RAM (workspace while cooking)
- Pantry = Storage (ingredients and supplies)
Where Does Your Code Run?
Option 1: Your Laptop (Local)Why Azure Has Multiple “Compute” Services
Why not just one type of compute? Because different apps have different needs. Analogy: Transportation You wouldn’t use the same vehicle for every trip:- Going to grocery store → Walk or bike
- Commute to work → Car or bus
- Moving furniture → Truck
- International trip → Airplane
- Simple website → App Service (like a car: easy, sufficient for most)
- Custom legacy app → Virtual Machine (like a truck: heavy-duty, more control)
- Process one task → Azure Function (like an Uber: pay per ride)
- Complex microservices → Kubernetes (like a fleet of vehicles: orchestrated system)
What is “Compute”?**
In simple terms, compute is the processing power that runs your applications—the CPU, memory, and resources that execute your code. Think of it as the “brain” of your application that processes requests, runs algorithms, and serves data to users. Azure offers multiple compute options, each designed for different scenarios. Choosing the right one impacts cost, performance, and operational overhead. This chapter will teach you what each service is, why you’d choose it, and how to use it effectively—from complete beginner to production-ready deployments.
Understanding the Compute-to-Application Relationship
Let’s make this concrete with a real example: Example: Building a Blog WebsiteBreaking Down “Compute Resources”
When you rent compute in Azure, you’re actually renting these components: 1. CPU (vCPU - Virtual CPU)- What it is: Processing power. Measured in “cores.”
- What it does: Executes your code, one instruction at a time
- Analogy: Workers in a kitchen
- 1 vCPU = 1 worker (handles 1 task at a time)
- 4 vCPUs = 4 workers (handles 4 tasks simultaneously)
- Example: Blog with 10 visitors → 1 vCPU sufficient
- Example: Blog with 10,000 visitors → 8 vCPUs needed
- What it is: Temporary storage while your app runs
- What it does: Holds data currently being processed
- Analogy: Counter space in a kitchen
- More RAM = More space to work with multiple things at once
- Less RAM = Must finish one task before starting another
- Example: Blog loads 10 posts → Needs 100 MB RAM
- Example: Blog loads 1000 posts → Needs 2 GB RAM
- What it is: Permanent storage for your code and data
- What it does: Stores files even when compute is turned off
- Analogy: Pantry or closet (long-term storage)
- Example: Blog application code → 500 MB
- Example: 1,000 blog posts with images → 10 GB
- What it is: Bandwidth for sending/receiving data
- What it does: Transfers data between user and your app
- Analogy: Internet connection speed
- Example: Small blog → 1 Mbps sufficient
- Example: Video streaming site → 1 Gbps+ needed
Understanding the Compute Spectrum
Before diving into specific services, let’s understand the fundamental question: What do you need to run?The Evolution of Compute Needs
Traditional On-Premises (Before Cloud):Why Multiple Compute Options?
Different applications have different needs:| Application Type | Needs | Azure Service |
|---|---|---|
| Simple website | Just run code, don’t care about OS | App Service |
| Legacy application | Needs specific OS version, custom software | Virtual Machines |
| Microservices | Need to orchestrate many containers | Azure Kubernetes Service (AKS) |
| Event-driven | Run code only when triggered (e.g., file upload) | Azure Functions |
| Quick task | Run a container once, no orchestration | Container Instances |
- Virtual Machine = Renting an entire apartment (full control, more responsibility)
- App Service = Renting a furnished room (less control, less responsibility, easier)
- Azure Functions = Using a hotel room for one night (pay only when you use it)
[!TIP] Jargon Alert: Compute “Compute” is just a fancy word for “processing power” or “the ability to run code.” When someone says “compute resources,” they mean CPU, memory, and the servers that run your applications. Don’t let the word intimidate you—it’s just tech jargon for “the stuff that runs your code.”
[!WARNING] Gotcha: Choosing the Wrong Compute Service Many beginners choose VMs because they’re familiar, but VMs are often overkill. If you’re building a simple web app, use App Service. You’ll save time, money, and headaches. Only use VMs if you truly need full OS control.
Key Concepts You Must Understand
1. IaaS vs PaaS vs Serverless
These terms define how much Microsoft manages for you:- IaaS (Infrastructure as a Service)
- PaaS (Platform as a Service)
- Serverless (Function as a Service)
You manage: OS, runtime, applications, dataMicrosoft manages: Hardware, networking, datacenterExample: Virtual MachinesAnalogy: You rent a plot of land. You build the house, install plumbing, electricity—everything. The landlord just provides the land.When to use:
- Need specific OS version (Windows Server 2012 R2)
- Legacy applications that can’t run on PaaS
- Full control over the environment
- Compliance requirements (need to manage security patches yourself)
2. Stateless vs Stateful Applications
Stateless: Application doesn’t store session data on the server. Each request is independent. Example: A REST API that processes requests. If the server restarts, no data is lost because state is stored in a database.- Stateless apps can scale horizontally easily (add more servers, load balance)
- Stateful apps need sticky sessions or external state storage (Redis, database)
[!TIP] Jargon Alert: Stateless vs Stateful Stateless: Like ordering at a fast-food restaurant. Each order is independent—the cashier doesn’t remember your last order. The app doesn’t store session data on the server. Stateful: Like a sit-down restaurant where the waiter remembers your preferences. The app stores session data in memory. If the server restarts, that memory is lost.
[!WARNING] Gotcha: Stateful Applications Don’t Scale If your app stores user sessions in memory, you can’t easily add more servers. User A’s session is on Server 1, but the load balancer might send them to Server 2, which doesn’t have their session. Always use external storage (database, Redis) for state.
3. Horizontal vs Vertical Scaling
Vertical Scaling (Scale Up):- Make the server bigger (more CPU, more RAM)
- Example: Upgrade from 4 vCPU to 8 vCPU
- Limitation: Can only scale to maximum VM size
- Cost: More expensive per unit
- Add more servers (2 servers → 4 servers → 10 servers)
- Example: Add more VM instances to handle traffic
- Advantage: Can scale to hundreds/thousands of servers
- Cost: More cost-effective at scale
1. Compute Decision Tree
[!WARNING] Gotcha: Spot VM Eviction Spot VMs offer huge discounts (up to 90%), but Azure can take them back with only a 30-second warning. Never use them for production databases or critical APIs—only for stateless batch jobs that can fail and restart.
[!TIP] Jargon Alert: SLA (Service Level Agreement) Microsoft’s financial guarantee of uptime (e.g., 99.9%). If they miss it, you get a bill credit. Note: Single VMs often have a lower SLA than multiple VMs deployed in an Availability Set or Zone.
2. Virtual Machines Deep Dive
What is a Virtual Machine? A Virtual Machine (VM) is a software-based computer that runs on physical hardware. Think of it like this: Azure has massive physical servers in datacenters. They use virtualization technology to split one physical server into multiple “virtual” servers. Each VM gets its own CPU, RAM, and storage, isolated from other VMs. Why Use VMs?- Full Control: You have root/admin access. Install any software, configure anything.
- Legacy Applications: Run old applications that require specific OS versions or configurations.
- Custom Requirements: Need specific drivers, software, or configurations that PaaS doesn’t support.
- Compliance: Some regulations require you to manage the OS yourself.
Under the Hood: How Azure Compute Works
To a Principal Engineer, a “VM” isn’t just a virtual computer; it’s a slice of a massive, distributed system. Here is what’s happening behind the scenes.1. The Fabric Controller (The Brain)
Azure doesn’t have humans plugging in servers when you click “Create”. It uses the Fabric Controller.- It maintains a map of every physical server in the datacenter.
- It tracks CPU/RAM utilization and hardware health.
- When you request a VM, it finds a physical host with enough “white space” (available resources) and sends a command to create your VM.
2. The Hypervisor (The Gatekeeper)
Every physical host runs a custom version of Hyper-V.- It provides strict isolation between VMs. VM-A cannot see VM-B’s memory, even though they sit on the same physical chip.
- It manages the vCPU scheduling. If you have a 2-vCPU VM, the hypervisor ensures you get your fair share of time on the physical CPU cores.
3. Service Healing (Self-Correcting Infrastructure)
What happens if the physical server hosting your VM catches fire?- The Fabric Controller detects the heartbeats are missing.
- It immediately marks that host as “failed”.
- It finds a new, healthy physical host in the same cluster.
- It “respawns” your VM on the new host and re-attaches your Managed Disks.
- Your VM reboots automatically. This is why “Managed Disks” are critical—they live on the storage network, not the physical host, so they can be moved instantly.
[!IMPORTANT] Pro Insight: Availability Sets vs. Zones
- Availability Sets ensure your VMs are on different Racks (Power/Network) in the same building.
- Availability Zones ensure your VMs are in different Buildings (miles apart). Always use Availability Zones for production to survive a complete datacenter power failure.
When NOT to Use VMs:
- Simple web applications (use App Service instead)
- You just want to deploy code quickly (use PaaS)
- You don’t want to manage OS patches (use PaaS)
[!WARNING] Gotcha: VM Management Overhead VMs require ongoing maintenance: OS patches, security updates, monitoring, backups. If you’re not prepared to manage this, use PaaS (App Service, Azure Functions). Many teams choose VMs thinking they’ll have “more control,” but end up spending 50% of their time on maintenance instead of building features.
[!TIP] Jargon Alert: Virtual Machine (VM) A VM is a software-based computer running on physical hardware. Think of it like this: Azure has massive physical servers. They use virtualization technology to split one physical server into multiple “virtual” servers. Each VM thinks it’s a real computer with its own CPU, RAM, and storage.
Understanding VM Components
Before choosing a VM size, you need to understand what you’re buying:- vCPU (Virtual CPU)
- Memory (RAM)
- Storage (Disks)
- Network
What it is: Processing power. More vCPUs = can handle more concurrent operations.Real-World Analogy: Like having more workers. 1 worker can handle 1 task at a time. 4 workers can handle 4 tasks simultaneously.How to Choose:
- 1-2 vCPU: Small websites, dev/test environments
- 4-8 vCPU: Medium web applications, small databases
- 16+ vCPU: Large databases, high-traffic applications, data processing
[!WARNING] Gotcha: Over-Provisioning Costs Money Many beginners choose the biggest VM “to be safe.” A 16 vCPU VM costs 640/month. Start with 2-4 vCPUs, monitor for a week, then scale up if needed. Azure makes it easy to resize VMs.
VM Size Families
- General Purpose
- Compute Optimized
- Memory Optimized
- Storage Optimized
- GPU
B, D, DC, DS seriesBalanced CPU:Memory ratio (1:4)B-series (Burstable):
- Accumulate CPU credits when idle
- Burst to 100% when needed
- Cost-effective for variable workloads
- Perfect for dev/test
Step-by-Step: Creating Your First VM
Let’s create a VM from scratch, explaining every step and why we’re doing it:Prerequisites
Before creating a VM, you need:- Azure Account: Sign up at portal.azure.com (free tier works)
- Resource Group: A container for your resources (like a folder)
- Virtual Network: A network for your VM to connect to (like a LAN)
Step 1: Create Resource Group
What is a Resource Group? Think of it as a folder that contains related resources. All resources in a group can be managed together (delete the group = delete all resources).Step 2: Create Virtual Network
What is a Virtual Network (VNet)? Think of it as your private network in Azure. VMs in the same VNet can communicate with each other privately (like computers on the same WiFi network).10.0.0.0/16(10.0.0.0 - 10.0.255.255) - 65,536 IPs172.16.0.0/12(172.16.0.0 - 172.31.255.255) - 1 million IPs192.168.0.0/16(192.168.0.0 - 192.168.255.255) - 65,536 IPs
Step 3: Create Network Security Group (NSG)
What is an NSG? A firewall that controls traffic to/from your VM. By default, Azure blocks all inbound traffic. You need to explicitly allow ports (like port 22 for SSH, port 3389 for RDP).'*', use your IP:
Step 4: Create Public IP Address
What is a Public IP? An IP address accessible from the internet. Without this, you can’t connect to your VM from outside Azure.- Static: IP address never changes (good for DNS records, firewall rules)
- Dynamic: IP address can change when VM is stopped/started (cheaper, but less reliable)
Step 5: Create Network Interface (NIC)
What is a NIC? The network card that connects your VM to the network. It connects the VM to the VNet, NSG, and Public IP.Step 6: Create the Virtual Machine
Now we create the actual VM:- Azure allocates hardware in a datacenter
- Creates the VM with specified CPU/RAM
- Attaches the OS disk (contains Ubuntu)
- Connects to the network (via NIC)
- Boots the VM
- Installs your SSH public key
- VM is ready in 2-5 minutes
Step 7: Connect to Your VM
yes and press Enter.
Step 8: Verify VM is Working
Once connected, run these commands to verify everything works:Step 9: Install Software (Example: Nginx Web Server)
http://<PUBLIC_IP> in your browser. You should see the Nginx welcome page!
Step 10: Clean Up (Important!)
Always delete resources when done to avoid charges:[!WARNING] Gotcha: VM Costs Add Up Quickly A single VM might cost 300/month wasted. Always set up cost alerts and tag resources with “Owner” so you know who to contact. Use Azure Cost Management to find and delete unused resources.
[!TIP] Jargon Alert: Deallocate vs Stop Stop (in OS): Shuts down the operating system, but Azure still reserves the hardware. You’re still charged for compute! Deallocate: Releases the hardware back to Azure. No compute charges, only storage charges. Always deallocate VMs when not in use.
[!INFO] Aside: Azure Automation for Cost Savings Use Azure Automation to automatically stop (deallocate) dev/test VMs at 6 PM and start them at 8 AM. Saves 60% on compute costs (no charges during nights/weekends).
Understanding VM Creation Options
When creating a VM, you make several important decisions:- Image (Operating System)
- Size (VM Configuration)
- Authentication
What it is: The OS and software pre-installed on the VM.Types:How to Choose:
- Marketplace Images: Pre-configured OS (Ubuntu, Windows Server, RHEL)
- Custom Images: Your own OS image (for consistent deployments)
- Shared Image Gallery: Images shared across subscriptions
- Linux: Cheaper (no Windows license), better for web servers, APIs
- Windows: Required for .NET Framework apps, Windows-specific software
VM Pricing Models
Pay-as-you-go
No commitment, highest cost
- Billed per second
- Stop VM = stop compute charges
- Storage still charged
Reserved Instances
1 or 3-year commitment
- 30-50% discount (1-year)
- 50-70% discount (3-year)
- Can exchange for different size
Spot VMs
Up to 90% discount
- Can be evicted anytime
- 30-second warning
- No SLA
Azure Hybrid Benefit
Use existing Windows licenses
- Up to 40% discount
- Requires Software Assurance
- Windows Server + SQL Server
Managed Disks
- Disk Types
- Disk Caching
- Performance Tuning
| Disk Type | IOPS | Throughput | Use Case |
|---|---|---|---|
| Standard HDD | 500 | 60 MB/s | Backup, non-critical |
| Standard SSD | 500-6,000 | 60-750 MB/s | Web servers, dev/test |
| Premium SSD | 120-20,000 | 25-900 MB/s | Production databases |
| Ultra Disk | Up to 160,000 | Up to 4,000 MB/s | SAP HANA, top-tier SQL |
VM High Availability
Availability Sets
Protect against planned maintenance and hardware failuresUse when: Regional deployment, no zone support
Availability Zones
Protect against datacenter failuresUse when: Maximum availability, region supports zones
3. VM Scale Sets
VM Scale Sets (VMSS) automatically scale identical VMs based on demand.VMSS Architecture
Create VM Scale Set
VMSS Rolling Upgrades
- Manual: You control when to upgrade
- Rolling: Upgrade in batches (recommended)
- Automatic: Upgrade immediately (risky)
[!WARNING]
Gotcha: VMSS Rolling Upgrades Can Cause Downtime
If you don’t configure health probes correctly, a rolling upgrade might terminate healthy instances before new ones are ready. Always set minAvailable in PodDisruptionBudget (for AKS) or use instance protection (for VMSS) to prevent too many instances from being down at once.
[!TIP] Jargon Alert: VM Scale Set (VMSS) A VM Scale Set is a group of identical VMs that automatically scale based on demand. Think of it like a restaurant: when it’s busy (high CPU), you hire more waiters (add VMs). When it’s slow (low CPU), you send waiters home (remove VMs). All waiters are identical (same VM image), so they can handle any table (request).
4. Azure App Service
What is App Service? App Service is Azure’s Platform-as-a-Service (PaaS) offering for hosting web applications. Think of it as a “managed web server” where you just deploy your code, and Microsoft handles everything else: OS updates, scaling, load balancing, SSL certificates, and more. Why Use App Service Instead of VMs?| Aspect | App Service | Virtual Machines |
|---|---|---|
| Setup Time | 5 minutes | 30+ minutes |
| OS Management | Microsoft handles | You manage |
| Scaling | Automatic (1-30 instances) | Manual or complex setup |
| SSL Certificates | Free (managed) | You install and renew |
| Deployment | Git push, ZIP, Docker | SSH, RDP, manual |
| Cost | 700/month | 2000+/month |
| Control | Limited (can’t install custom software) | Full control |
- VM: Like renting an empty apartment. You furnish it, maintain it, fix everything yourself.
- App Service: Like staying in a hotel. Everything is provided, you just check in and use it.
Understanding App Service Architecture
Before diving in, let’s understand how App Service works:The Pro’s View: What’s inside an App Service?
When you scale an App Service to “3 instances”, what actually happens?- The Front End (Load Balancer): This is a shared layer provided by Microsoft. It receives all traffic to
*.azurewebsites.net. It terminates SSL and routes the request to your specific worker. - The Worker (The Compute): This is your instance. This is where your code runs. If you have “3 instances”, you have 3 separate worker VMs (though you don’t manage them).
- The File Server (Shared Storage): This is the most important “secret”. Your code and files don’t live on the worker’s local disk; they live on a Managed Remote File Share.
- When you write a file to local storage in your code, it’s actually being written over the network to this share.
- All 3 instances see the exact same files. This is why you don’t have to sync files between instances!
[!WARNING] Performance Gotcha: The File System is a Network Because the file system is remote, reading/writing thousands of small files (like a massivenode_modulesfolder or a Local SQLite DB) can be slow. Solution: UseWEBSITE_RUN_FROM_PACKAGE=1. This mounts your entire app as a read-only ZIP file, which is cached locally on the worker for blazing-fast startups and file access.
Key Concepts:
-
App Service Plan: The “hosting environment” that defines:
- How much CPU/RAM you get
- How many apps can run on it
- What features are available (slots, VNet, etc.)
- The cost
- Web App: Your actual application running on the plan. You can have multiple web apps on one plan (to save money).
- Deployment Slot: A separate instance of your app for testing. You can swap slots for zero-downtime deployments.
Step-by-Step: Creating Your First Web App
Let’s create a complete web application from scratch:Step 1: Create App Service Plan
What is an App Service Plan? Think of it as the “hosting package” that defines the resources and features available.| SKU | Price | RAM | Always On | Slots | Autoscale | Use Case |
|---|---|---|---|---|---|---|
| FREE | $0 | 1 GB | ❌ | ❌ | ❌ | Learning only |
| B1 | $55 | 1.75 GB | ✅ | ❌ | ❌ | Dev/test |
| S1 | $100 | 1.75 GB | ✅ | ✅ (5) | ✅ (10) | Production |
| P1V2 | $400 | 3.5 GB | ✅ | ✅ (20) | ✅ (30) | High traffic |
Step 2: Create Web App
mywebapp-learn-1234567890.azurewebsites.net). It must be globally unique across all Azure customers.
[!WARNING] Gotcha: App Service Name Cannot Be Changed Once you create an App Service, the name is permanent. You can’t rename it. If you need a different name, you must create a new app and migrate. Choose your name carefully!
[!TIP] Jargon Alert: App Service Plan An App Service Plan is like a “hosting package” that defines:Think of it like a gym membership: the plan determines what equipment (features) you can use.
- How much CPU/RAM you get
- How many apps can run on it (you can host multiple apps on one plan)
- What features are available (slots, VNet, autoscaling)
- The cost
Step 3: Create a Simple Application
Let’s create a simple Node.js application:- Creates a simple Express.js web server
- Responds to GET requests at
/(homepage) - Has a health check endpoint at
/api/health - Uses
process.env.PORT(Azure sets this automatically)
Step 4: Deploy to App Service
Option A: Deploy from Local ZIP- Azure downloads your code from GitHub
- Runs
npm install(installs dependencies) - Looks for
package.json→scripts.start - Runs
npm start(starts your app) - Your app is live at
https://mywebapp-learn-<NUMBER>.azurewebsites.net
Step 5: Access Your Web App
- Homepage: “Hello from Azure App Service!”
- Health check:
https://<URL>/api/healthreturns JSON
Step 6: View Logs
Real-time logs (see what your app is doing):Step 7: Configure Environment Variables
What are environment variables? Configuration values that change between environments (dev, staging, production).Step 8: Enable Continuous Deployment
What is Continuous Deployment? Automatically deploy new code when you push to GitHub.- You push code to GitHub
- App Service detects the push
- Automatically downloads and deploys new code
- Your app updates in 1-2 minutes
Understanding App Service Features
- Deployment Slots (Zero-Downtime Deployments)
- Autoscaling
- Custom Domains & SSL
What it is: Separate instances of your app for testing before going live.How it works:Benefits:
- Deploy new version to “staging” slot
- Test it thoroughly
- Swap staging ↔ production (instant, zero downtime)
- If issues, swap back (instant rollback)
- Test in production-like environment
- Zero downtime deployments
- Instant rollback if issues
- Warm up app before swap (no cold start)
[!INFO] Aside: App Service Free Tier Limitations The FREE tier is great for learning, but has serious limitations:For production, use at least the Basic tier ($55/month). The FREE tier is only for learning/testing.
- Apps “sleep” after 20 minutes of inactivity (takes 30+ seconds to wake up)
- No custom domains
- No SSL certificates
- No deployment slots
- No autoscaling
[!TIP] Jargon Alert: Deployment Slot A deployment slot is a separate instance of your app. Think of it like having two identical apartments—you can test new furniture (code) in one apartment before moving it to your main apartment. Slots enable zero-downtime deployments: deploy to staging slot, test it, then swap it with production instantly.
App Service Plans
- Pricing Tiers
- Features by Tier
| Tier | Price | Features | Use Case |
|---|---|---|---|
| Free | $0 | 1 GB RAM, 60 min/day | Learning |
| Shared | $10/month | 1 GB RAM, custom domain | Hobby projects |
| Basic | $55/month | 1.75 GB RAM, SSD | Dev/test |
| Standard | $100/month | Autoscale, slots, VNet | Production |
| Premium | $400/month | More scale, better perf | High-traffic |
| Isolated | $700/month | Dedicated VNet (ASE) | Enterprise |
Deployment Slots
Deployment Slots enable zero-downtime deployments.App Service Best Practices
1. Use Deployment Slots
1. Use Deployment Slots
Deploy to staging, test, then swap to production. Instant rollback if issues.
2. Enable Always On
2. Enable Always On
Prevents app from unloading after idle time. Critical for production.
3. Use VNet Integration
3. Use VNet Integration
Connect to private resources (databases, storage) without public endpoints.
4. Configure Autoscale
4. Configure Autoscale
Scale based on CPU, memory, or custom metrics.
5. Use Managed Identity
5. Use Managed Identity
No secrets in code. Authenticate to Azure services automatically.
5. Azure Container Instances (ACI)
ACI runs containers without managing VMs or orchestrators.When to Use ACI
✅ Use ACI For
- Quick container execution
- CI/CD build agents
- Batch jobs
- Event-driven tasks
- Dev/test environments
❌ Don't Use ACI For
- Multi-container orchestration
- Service discovery
- Load balancing
- Health checks → Use AKS instead
Deploy Container
6. Interview Questions
Beginner
Q1: When would you choose App Service over VMs?
Q1: When would you choose App Service over VMs?
App Service (PaaS):
- Less management (Microsoft handles OS, patching)
- Built-in autoscaling, deployment slots
- Faster time-to-market
- Cost-effective for web apps
- Full control over OS and software
- Custom configurations
- Legacy applications
- Specific compliance requirements
Q2: Explain availability sets vs availability zones
Q2: Explain availability sets vs availability zones
Availability Sets:
- Protect against hardware failures within a datacenter
- Fault domains (different racks) + Update domains (staggered updates)
- SLA: 99.95%
- Protect against entire datacenter failures
- Physically separate datacenters (separate power, cooling, network)
- SLA: 99.99%
Intermediate
Q3: Design a scalable web application architecture
Q3: Design a scalable web application architecture
Q4: How do you minimize VM costs?
Q4: How do you minimize VM costs?
Strategies:
Advanced
Q5: Implement blue-green deployment with zero downtime
Q5: Implement blue-green deployment with zero downtime
Q6: Optimize VM performance for database workload
Q6: Optimize VM performance for database workload
Troubleshooting: When Compute Fails
Production environments aren’t perfect. Here is how to debug the two most common compute services.1. Virtual Machine: “VM Not Responding”
If you can’t SSH/RDP into your VM, follow this triage:- Resource Health: Check “Resource Health” in the portal. If it says “Platform Initiated”, Microsoft is currently moving your VM due to hardware failure. Wait 5 minutes.
- Serial Console: Use the Serial Console tool. This gives you a direct command-line view of the VM’s boot process, even if the network is down.
- Boot Diagnostics: Check the screenshot in “Boot Diagnostics”. See an “Update” screen or a “Blue Screen of Death” (BSOD)?
- Redeploy: As a last resort, click Redeploy. This forces the Fabric Controller to move your VM to a completely different physical host.
2. App Service: “503 Service Unavailable”
If your website is down:- Diagnose and Solve Problems: Use this built-in tool in the App Service portal. It’s surprisingly good at detecting things like “High Memory Usage” or “IP Restrictions”.
- Log Stream: Check the Live Log Stream. Are you seeing “Out of Memory” (OOM) errors?
- Kudu Console: Go to
https://<appname>.scm.azurewebsites.net. This is the “Kudu” management site. You can browse files, check processes, and run commands directly on the worker. - Restart (Advanced): Don’t just restart the App. Restart the App Service Plan. This recycles all workers and can clear “Zombie Processes” that a simple app restart misses.
7. Key Takeaways
Choose the Right Compute
VMs for control, App Service for simplicity, AKS for microservices, Functions for events.
Use Availability Zones
Deploy across zones for 99.99% SLA. Critical for production.
Autoscaling is Essential
Scale based on demand. Save money during low traffic, handle spikes automatically.
Managed Identities
No secrets in code. Every compute service supports managed identity.
Cost Optimization
Right-size, use reserved instances, stop when not needed, leverage spot VMs.
Deployment Slots
Zero-downtime deployments with instant rollback. Use for all production apps.
Interview Deep-Dive
When would you choose App Service over AKS for a production web application, and when would that choice be wrong?
When would you choose App Service over AKS for a production web application, and when would that choice be wrong?
Strong Candidate Answer:
- Choose App Service when: You have a standard web application with a team of fewer than 10 engineers, predictable traffic, and no need for sidecar containers. App Service P1v3 at $74/month gives you auto-scaling, deployment slots, managed SSL, and zero Kubernetes overhead. A team of 3 developers can deploy 10 times a day without a platform engineer.
- Choose AKS when: You have 5+ microservices scaling independently, need service mesh for inter-service communication, or require multi-cloud portability with Helm charts. AKS wins for GPU workloads, custom admission controllers, and CronJobs.
- Where App Service fails: 20+ microservices create management sprawl — each is a separate App Service plan with no built-in service discovery. At that scale, AKS with a single cluster is operationally simpler.
- Where AKS is wrong: A startup with 2 engineers choosing AKS for one REST API is over-engineering. The Kubernetes learning curve costs 2-4 weeks. Minimum viable node pool (2x Standard_D2s_v5) is $140/month plus Container Registry, monitoring, and 20% of an engineer’s time on platform work.
Your VMSS auto-scales at 70% CPU but new instances take 5 minutes to be healthy. Users see errors during scale-out. How do you fix this?
Your VMSS auto-scales at 70% CPU but new instances take 5 minutes to be healthy. Users see errors during scale-out. How do you fix this?
Strong Candidate Answer:
- Root cause: New VMs must boot OS (60-90s), run script extensions to install dependencies (2-3 min), register with load balancer, and pass health probes. During this window, existing instances are overloaded.
- Fix 1 — Lower threshold: Scale at 50% CPU instead of 70%. Triggers 3-5 minutes earlier, before saturation. Cost of 1-2 extra instances during normal traffic is negligible versus user errors.
- Fix 2 — Custom VM images: Bake all dependencies into a Packer image. Boot time drops from 5 minutes to 60-90 seconds. This is the single biggest improvement.
- Fix 3 — Predictive autoscaling: For predictable patterns (9 AM peaks), use scheduled scaling to pre-provision 15 minutes early.
- Fix 4 — Consider containers: Container startup is 2-5 seconds vs 60-300 for VMs. AKS with Horizontal Pod Autoscaler eliminates the VM boot problem entirely.
Compare IaaS, PaaS, and Serverless for a real-time pipeline ingesting 10 million events per day. Which do you choose?
Compare IaaS, PaaS, and Serverless for a real-time pipeline ingesting 10 million events per day. Which do you choose?
Strong Candidate Answer:
- IaaS (VMs + Kafka/Flink): Maximum control. 4x D8s_v5 VMs at 12K/month = $14,500/month total cost.
- PaaS (Event Hub + Stream Analytics): Event Hub at 450/month = 2,150/month.
- Serverless (Event Hub + Functions): Event Hub 5/month = $550/month total. But windowed aggregations in Functions require external state management — added complexity.
- My recommendation: PaaS for core pipeline. Stream Analytics SQL makes windowed aggregations trivial. Functions for ancillary processing (dead-letter handling, alerting). I would choose IaaS only if processing requires custom GPU models or volume exceeds 1 billion events/day where PaaS pricing becomes prohibitive.
Next Steps
Continue to Chapter 5
Master Azure Storage: Blob, Files, Disks, and data management strategies