Microsoft Azure vs Amazon Web Services – Battle Field

It’s been 12 years now, since Amazon Web Services or AWS was launched, almost 4 years before the actual launch of Microsoft Azure in 2010. Both the players in cloud have grown significantly in past few years. Despite a head start initially, first-quarter cloud-revenue for AWS is $5.44 billion and Microsoft as the world’s leading enterprise-cloud provider reported its commercial-cloud revenue of $6.0 billion. Though both Azure and AWS provide a lot of services under multiple category and with different names, the basic concept of cloud computing technologies remains the same. This article focuses on the service offerings from both under various categories.

To save some time you may also refer Azure vs AWS – Services Cheat-sheet.

Storage and Database Services

AWS provides Amazon Elastic Block Storage (EBS) for Block Storage, S3 for Object storage and Glacier for cold storage. Amazon Relational Database Service (RDS) is Amazon’s relational database service. DynamoDB is AWS NoSQL offering that delivers reliable performance at any scale. Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud. Amazon ElastiCache offers fully managed Redis and Memcached. AWS Storage Gateway is a hybrid storage service that enables your on-premises applications to seamlessly use AWS cloud storage.

Azure Storage Blobs and Files, under Azure Storage services is Azure’s block, object storage and cold storage with multiple options to choose storage type. Azure SQL Database is Azure relational database offering that works to create, scale and extend applications into the cloud using Microsoft SQL Server. Cosmos DB provides choice of NoSQL database services including MongoDB, Cassandra and Graph API among others. SQL Data Warehouse is a data warehousing service designed to handle computational and data intensive queries on datasets exceeding 1TB. Redis Cache in Azure is a managed implementation of Redis. StorSimple provides a complete hybrid cloud storage solution for enterprises.

Compute

AWS EC2 or Elastic Compute Cloud is Amazon’s core compute service that allow users to create and configure virtual machines using either pre-configured or custom AMIs (images). It provides option to select the size, power, memory capacity, and number of VMs and choose from among different regions and availability zones within which to launch. EC2 do comes Elastic load balancing (ELB) and auto scaling features. AWS Elastic Beanstalk is a managed service for deploying and scaling web applications and services developed in Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on web servers such as Apache, Nginx, Passenger, and IIS. Elastic Beanstalk automatically handles the deployment, provisioning, load balancing, auto-scaling and monitoring.

Virtual machines, infrastructure as a service (IaaS) offering of Azure, allow creating both general-purpose virtual machines, with support for Linux and Windows Server, as well as preconfigured machine images. It also provides all the mentioned options and features as AWS does, just some may be under different names. Web Apps is Azure’s platform as a service (PaaS) offering that let developers easily publish and manage web applications, REST APIs, and mobile back ends in language of their choice, be it .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python. Web Apps provide security, load balancing, autoscaling, and automated management features along with DevOps capabilities, such as continuous deployment (VSTS, GitHub), staging environments, custom domain, and SSL certificates. WebJobs applications can be deployed to a Web App environment to implement background processing that can be invoked on a schedule, on demand, or run continuously.

Networking

Amazon Virtual Private Cloud (VPC) allows users to create isolated networks within the cloud. Within a VPC, a user can create subnets, route tables, private IP address ranges, and network gateways. AWS Direct Connect makes it easy to establish a dedicated network connection from on premises to AWS. It helps in establishing a private connectivity between AWS and local datacenter. Amazon Route 53 is a cloud Domain Name System (DNS) web service. It is able to effectively connect user requests to infrastructure in AWS such as Amazon EC2, Elastic Load Balancers, Amazon S3 and also to infrastructure outside of AWS. Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2, containers and IP addresses. It is able to handle the varying load of application’s traffic in a single or across multiple Availability Zone(s). It has three types of load balancers to offer, which all provides high availability, automatic scaling and fault tolerance.

Azure Virtual Network (VNET) offers ability to create isolated networks as well as subnets, route tables, private IP address ranges and network gateways. It offers solutions to extend the on-premise data center into the cloud and firewall option. Azure ExpressRoute allows you to extend on-premises networks into the Microsoft cloud over a private connection, which is facilitated by a connectivity provider. Azure Traffic Manager allows to control the distribution of traffic for services in different datacenters. It supports services including Azure VMs, Web Apps and classic cloud services. I also support external, non-Azure service endpoints. Azure Load Balancer supports inbound and outbound scenarios, provides low latency and high throughput, and scales up to millions of flows for all TCP and UDP applications.

Content Delivery Network (CDN)

	Amazon CloudFront is a global content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to the viewers with low latency and high speed.
	Azure Content Delivery Network (CDN) is a global CDN solution for audio, video, applications, images, and other static files. It can be used to cache and deliver static assets of websites geographically closer to users to increase performance.

Big data and analytics

AWS provide data lake services with the help of Amazon S3, Glacier, Glue and Redshift. Amazon EMR provides a managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instances. It also supports other popular distributed frameworks such as Apache Spark, HBase, Presto and Flink and can also interact with data in other AWS data stores such as Amazon S3 and Amazon DynamoDB. Amazon Kinesis is the streaming service on AWS that helps to collect, process, and analyze real-time, streaming data enabling timely insights and react quickly to new information.

Azure Data Lake service is a scalable data lake and analytic service for big-data analytics workloads that require to run massively parallel queries for analysis. Azure HDInsight is a big data service, that deploys Hortonworks Hadoop on Microsoft Azure, and supports the processing of massive amount of data. It supports popular open-source frameworks such as Spark, Hive, LLAP, Kafka, Storm, R & more. Azure Stream Analytics is a serverless scalable event processing engine that enables users to develop and run real-time analytics on multiple streams of data from sources such as devices, sensors, web sites, social media etc. Azure Event Hubs is a Big Data streaming platform and event ingestion service that is capable of processing millions of events per second. Event Hubs can store and process events, data, telemetry produced by distributed applications and devices.

Data Migration

Amazon Snowball is a data transport service that uses physical devices to transfer very large volume, petabytes, of data in and out of the AWS Cloud, securely. It solves may challenges involved with huge volume data transfers such as high cost, transfer times and security. Moreover, It doesn’t requite to write code or even purchase any hardware to transfer your data, instead a Snowball device is shipped to you on simply creation of a job in the AWS Management Console.  That device then can be used to transfer the data from your network using the Snowball Client. The Client encrypts and transfer the files to the device at very high speed. This device on return will make the date available on AWS.

Azure Import/Export service is used to securely import large amounts of data to Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter. Data from one or more disk drives can be imported either to Azure Blob storage or Azure Files. Azure Import/Export service also allows you to supply your own disk drives or use disk drives supplied by Microsoft. In case you chose to transfer data using disk drives provided by Microsoft, you can use Azure Data Box Disk to import data into Azure. Microsoft ships up to 5 encrypted solid-state disk drives (SSDs) with a 40 TB total capacity per order, to your datacenter through a regional carrier. You can quickly configure disk drives, copy data to disk drives over a USB 3.0 connection, and ship the disk drives back to Azure.

Data Orchestration

AWS Data Pipeline is a web service to reliably process and move data between different AWS compute and storage services, as well as on-premises data sources, at specified intervals. I provide access to data, transform and process it at scale, and also transfer the results to AWS services such as S3, RDS, DynamoDB and EMR, efficiently.

Azure Data Factory is the platform that solves orchestrate and operational challenges with big data to refine enormous volume of raw data into the useful business insights. It is a cloud-based data integration service that allows you to create data-driven workflows in the cloud for data movement and data transformation. It allows to create and schedule data-driven workflows (called pipelines) that can ingest data from disparate data stores. It can process and transform the data by using compute services such as Azure HDInsight, Hadoop, Spark, Azure Data Lake Analytics, and Azure Machine Learning.

Messaging, IOT and Notification Services

Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. SQS offers two types of message queues. Standard queues offer maximum throughput, best-effort ordering, and at-least-once delivery. SQS FIFO queues are designed to guarantee that messages are processed exactly once, in the exact order that they are sent. AWS IoT provides bi-directional and secured communication between the devices such as sensors, micro-controllers, smart devices and the AWS Cloud. This enables collection of telemetry data from multiple devices and analyze the same. Amazon Simple Notification Service (SNS) is a managed push notification service for subscribed clients. Through SNS notifications can be sent to many subscribers, including distributed systems, and mobile devices.

Azure Service bus is a queuing service for asynchronous messaging and exchanging data among decoupled systems on cloud. Moreover, since it is a Platform as a Service (PaaS) offering from Microsoft, thus, you don’t have to manage the Infrastructure and configuration. Service Bus offers Queues, Topics and Relays for different kind of message communications. IoT Hub is again a managed service that acts as a central message hub for bi-directional communication between IoT application and the devices it communicates. Azure Notification Hubs provides a Push Notification service that allows you to send notifications to any platform (iOS, Android, Windows, Kindle, Baidu, etc.) from any backend (cloud or on-premises).

Server Less Offerings

	AWS Lambda lets you run code without provisioning or managing servers. You only need to pay for the compute time you consume i.e. no charges for standby code. Lambda enables you to can code for virtually any type of application.
	Azure Function is a serverless compute service that enables you to run code on-demand without having to explicitly provision or manage infrastructure. Use Azure Functions to run a script or piece of code in response to a variety of events such as Update Blob Storage, Message add on Service Bus and many more.

Container and orchestration Services

	Amazon Elastic Container Service (ECS) is a container orchestration service that supports Docker containers and allows you to easily run and scale containerized applications on AWS.
	Azure Container Service makes it simpler for you to create, configure, and manage a cluster of virtual machines that are preconfigured to run containerized applications. .Azure Service Fabric is a distributed systems platform that makes it easy to package, deploy, and manage scalable and reliable microservices and containers.

Identity Management.

	AWS Identity and Access Management (IAM) enables access management to AWS services and resources. It allows you to create and manage AWS users and groups and provide permissions to allow and deny access to other AWS resources.
	Azure Active Directory (Azure AD) is Microsoft’s multi-tenant, cloud-based directory, and identity management service that combines core directory services, application access management, and identity protection into a single solution.

Monitoring, Logging and Telemetry.

Amazon CloudWatch is a monitoring and management service that provides data and insights to monitor applications, performance tracking, optimize resource utilization, and operational health. It collects monitoring and operational data in the form of logs, metrics and events from applications and services that run on AWS, and on-premises data centers. It also allows you to set high resolution alarms, visualize logs and metrics side by side, take automated actions, troubleshoot issues, and discover insights to optimize your applications to ensure they are running smoothly. AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. It helps you to log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.

Application Insights is an extensible Application Performance Management (APM) service on Azure.  It includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app. It can be used to store analyze performance counters, diagnostics trace, exceptions, application logs, events, metrices and much more. It also provides multiple options to analyses and notify these useful information through smart detection, manual alerts, profiler, metrices explorer, dashboards, azure analytics, PowerBI etc, Log Analytics plays a central role in Azure management by collecting telemetry and other data from a variety of sources and providing a query language and analytics engine that gives you insights into the operation of your applications and resources. You can either interact directly with Log Analytics data through log searches and views, or you may use analysis tools in other Azure services that store their data in Log Analytics such as Application Insights or Azure Security Center.

Key Management.

	AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses FIPS 140-2 validated hardware security modules to protect the security of your keys. AWS Key Management Service is integrated with most other AWS services to help you protect the data you store with these services.
	Azure Key Vault is a cloud service that works as a secure secrets store to store and manage application secrets such as passwords, connection strings and other pieces of information that may be required by applications. Key Vault allows you to create multiple secure containers, called vaults, backed by hardware security modules (HSMs).

API Management.

	Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. It handles all the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management.
	Azure API Management (APIM) helps organizations publish APIs to external and internal developers to access data and services. It provides the core competencies to ensure a successful API program through developer engagement, business insights, analytics, security, and protection.

Email and other Services.

Amazon Simple Email Service (SES) is a cloud-based email sending service designed to help digital marketers and application developers send marketing, notification, and transactional emails.

Azure Logic Apps helps you build solutions that integrate apps, data, systems, and services across enterprises or organizations by automating tasks and business processes as workflows. For example, here are just a few workloads that you can automate with logic apps: Move uploaded files from an SFTP or FTP server to Azure Storage, Send email notifications with Office 365, Monitor tweets for a specific subject, analyze the sentiment, and create alerts or tasks for items that need review.

Government Services.

AWS GovCloud (US) gives vetted government customers and their partners the flexibility to architect secure cloud solutions that comply with: the FedRAMP High baseline, the DOJ’s Criminal Justice Information Systems (CJIS) Security Policy, U.S. International Traffic in Arms Regulations (ITAR), Export Administration Regulations (EAR), Department of Defense (DoD) Cloud Computing Security Requirements Guide (SRG) for Impact Levels 2, 4 and 5, FIPS 140-2, IRS-1075, and other compliance regimes.From Personally Identifiable Information (PII), sensitive patient medical records, and financial data to law enforcement data, export-controlled data and other forms of CUI, AWS GovCloud (US) can help customers address compliance at every stage of their cloud journey.

Microsoft Azure Government delivers a cloud platform built upon the foundational principles of security, privacy & control, compliance, and transparency. Public Sector entities receive a physically isolated instance of Microsoft Azure that employs world-class security and compliance services critical to U.S. government for all systems and applications built on its architecture. These services include FedRAMP and DoD compliance certifications, CJIS state-level agreements, the ability to issue HIPAA Business Associate Agreements, and support for IRS 1075. Operated by screened U.S. persons, Azure Government supports multiple hybrid scenarios for building and deploying solutions on-premises or in the cloud. Public Sector entities can also take advantage of the instant scalability and guaranteed uptime of a hyper-scale cloud service.

Compliance.

	Amazon have a long relationship with government agencies and their compliance offerings include certifications in ITAR, DISA, HIPAA, CJIS, FIPS, and more. They also provide security so that only screened persons can access the cloud, which is a must for the agencies handling sensitive information.
	Azure have more than 50 compliant offerings, including but not limited to ITAR, DISA, HIPAA, CJIS, FIPS. Microsoft provides the same level of security as Amazon, setting up permissions so that only screened persons can access a government-level cloud.

User-Friendliness

	Amazon offers a bigger set of features and configurations. It offers a lot more power, flexibility, customization room for many third-party integrations. But there is a learning curve with AWS.
	Azure is much easier to use out of the box because it is a Windows platform and doesn’t require a learning curve. It’s also quite simple to integrate on-premises Windows servers with cloud instances to create a hybrid environment. Active Directory and databases are readily available in Azure.

Pricing Models

	Amazon has a pay-as-you-go model. Previously, AWS used to charge per hour, but effective October 2nd, 2017, AWS moved to per second charging with models like On demand (Pay for use with no upfront cost), Reserved (Reserved instance for 1 or 3 years with upfront cost based on use) and Spot.
	Azure’s pricing is also pay-as-you-go, but charge per minute, which provides a flexible pricing model and short term commitments with the option between pre-paid or monthly charges.

Licensing

Amazon offers multiple options for licensing in the cloud: Purchasing a new license or bring previously purchased licenses (BYOL), as part of their partnership with Microsoft. In this case, users can use Dedicated Hosts or Software Assurance to move their licenses to the cloud.

Microsoft offers license mobility for qualifying application servers, but users must determine if their servers fit the requirements for mobility to avoid paying for extra licensing. Windows Server itself is NOT eligible (eg, running on-premises Windows Server with SQL server). If you spin up a VM in the cloud running the same stack, you will pay for two Windows server licenses since that license is charged per usage and not eligible for mobility. However, a SQL license is eligible, so you can use that to run SQL server in the cloud.

Support Plans

	Support Pricing is based on a sliding scale tied to monthly usage, which can potentially bring up bill quite high on heavy use.
	Azure Bills at a monthly flat rate.

Conclusion

AWS and Azure offer many similar capabilities, so it’s not necessarily a matter of one provider being “better” or “worse” than the other. It all depends on what your business needs. If you’re debating between AWS and Azure, we can help! Contact us to learn more.