According to the analyzes, Azure and AWS have the highest market share of all Cloud Service Providers. Even though most of cloud vendors follow similar assumptions and standards, still there are some differences between AWS and Azure. These differences can often be tricky during architecting or implementation of the solution. The differences are also in the portal and user experience. So, what to be cautious about?
Difference between AWS NACL and Azure NSG
Network Security Group (NSG) is popular service in the cloud which allows you to filter the traffic on the level of subnet or Network Interface (NIC). You can set rules on inbound and outbound traffic. So far the same, but devil is in the details. NSG in Azure is stateful, on the other hand in AWS Network Access Control List (NACL) is stateless. What does it mean. When you set a rule in stateful Azure NSG, as an example you open an incoming port, the outgoing port will be opened automatically to allow the traffic. On the other hand, in AWS, as it is stateless, you need to open incoming and outgoing ports separately.
Antimalware for IaaS
The next thing that is worth to know, is that Microsoft has its own solution for antimalware/ antivirus protection. This solution is called Microsoft Defender for Endpoint. There is no such service from AWS. In AWS you can purchase 3rd Party antimalware service, which is available in AWS Marketplace.
Virtual Machine (VM) Names
The one thing, which was a surprise for me while switching from Azure to AWS, was naming the VMs. In Azure, when you create a VM, you have to provide a unique name yourself. For AWS, a unique identification of a VM is generated automatically for you. However, the name of VM you can apply through tag. Otherwise, the field name of your VM will remain empty.
On the other hand, in AWS you have not problem to change the name at any moment of the time, since this is the tag, not instance ID. In Azure, once you created VM, you cannot simply change it neither for VM nor any of its components. The only way is to recreate the VM.
Listing resources
In AWS you can list resources by region, in case you want to have full inventory you can e.g. do the filtering, but there is no straightforward way to list all services as simply as in Azure.
SIEM & SOAR service
Azure has its own SIEM and SOAR service called Microsoft Sentinel. In AWS, you do not have native AWS SIEM. You can purchase a 3rd party solution. What AWS offers within their portfolio is service called Security Hub for integration with the SIEM you own.
Key and Secrets Management service
In Azure you have the service called Azure Key Vault, which offers capabilities to manage key, secrets and certificates altogether. AWS also provides the capabilities for key, secrets and certificates management. However, there are separate services to manage them.
Differences between AWS and Azure organization structure
In Azure you have following structure: Enrollment account (if you have one), where you can create department and accounts. Additionally, structure covers Management Groups, Subscriptions, Resource Groups, and resources. In AWS the structure looks different. There we do not have any similar solution to Management Group, Subscription or resource group. To simplify, the structure in AWS consist of following components: Enterprise Agreement (if you have one), Organization, Management Account, Organizational Unit, AWS Account, Resource and services.
Storage Explorer
Azure has a tool that allows you to manage your cloud storages. This covers tasks like exploring the content, as well as uploading or downloading. This works for Storage Account components like blobs, files, queues and tables. Also this solution is applicable for Azure Data Lake storage entities and even Azure managed disks. AWS does not have any equivalent tool for Azure Storage Explorer.
Spot machines
Basically the mechanism of spot machines work similar in both AWS and Azure. What are spot machines? These is a service that allows you to significantly reduce the price of your VM by benefiting from unused capacity in Cloud Service Provider datacenter. One thing to note is that in Azure Spot Machines have no SLA. Therefore, you should not use it for production workloads. There are of course exceptions like when you use spot machines for executing the tasks which can be stopped at any moment of time, and later on started without any loss. In AWS I haven’t found any information, that spot virtual machines does not have SLA.
Hybrid Benefit
This is cost optimization option available only for Azure. Hybrid benefit is a licensing solution offered by Microsoft. This allows you to reduce the costs of your Infrastructure as a Service. It gives you the possibility to use the on-premise license for Windows Server and SQL Server for your Azure workloads. Important is that you need to have Software Assurance enabled. From November 2020 this benefit is available also for Red Hat Enterprise Linux (RHEL) and from April 2021 also for SUSE Linux Enterprise Server (SLES).
Differences between AWS and Azure Availability zones
Availability Zone (AZ) is a physically separated, tolerant to failures, location within a region. The resiliency of is ensured with a minimum three separate Availability Zones.
In Azure not all regions have Availability Zones option. You need to check if Azure region of your choice has it. On the other hand every region in AWS has availability zone. However, AWS has something called edge location. This is a site, which caches copies of your content for faster delivery to users at any location.
Differences between AWS and Azure Region presence
Regional presence is quite important from the perspective of regulation or security compliance. Depending what you have to adhere to, you may need to e.g. store data in certain location due to hard requirements. In such situation, you should evaluate which regions are available at AWS and Azure. As of beginning of February 2022, Azure is present in over 60 regions. Whereas, AWS has 26 regions. These are not fixed numbers and the situation is constantly changing. Therefore, if you plan to use cloud, you need to verify the current situation.
Azure vs AWS
Each Cloud Service Provider (CSP) has certain level of uniqueness in building its cloud offering. You need to properly evaluate each CSP services’ portfolio and assess how its services work. This will help to reduce the surprises.