Complete Guide to Azure Compute and Networking Services
Based on AZ-900 Curriculum
March 14, 2026
A mid-sized architectural firm faces infrastructure failures with on-premises servers. Issues include overheating, slow 3D rendering, poor remote access, and no disaster recovery plan.
| Resource Type | Resource Name | Configuration | Purpose |
|---|---|---|---|
| Networking | DigitalDesigns-VNet | Address Space: 10.0.0.0/16 | Isolated network for all resources |
| Networking | Web-Subnet | 10.0.1.0/24 | Public-facing web servers |
| Networking | App-Subnet | 10.0.2.0/24 | Application tier VMs |
| Networking | Data-Subnet | 10.0.3.0/24 | Database servers |
| Compute | App-VM-01, App-VM-02 | Standard_B2s (2 vCPUs, 4GB RAM) | Project management and wiki servers |
| Compute | Render-VM-Pool | Standard_F72s_v2 (Compute Optimized) | 3D rendering workloads |
| Networking | NSG-Web | Allow HTTP/HTTPS from Internet | Web tier firewall |
| Networking | NSG-Data | Allow only from App-Subnet | Database protection |
| Networking | App-LoadBalancer | Standard SKU, Internal | Distribute traffic across App VMs |
| Networking | Corporate-VPN-Gateway | Site-to-Site + Point-to-Site | Secure remote connectivity |
Virtual Network Subnets Virtual Machines (B-series) Virtual Machines (F-series) Network Security Groups Load Balancer VPN Gateway
A startup needs to launch a global online course platform with unpredictable traffic patterns (spikes during live classes). They want to minimize costs and focus on code, not server management.
| Resource Type | Resource Name | Configuration | Purpose |
|---|---|---|---|
| Compute | edu-app-container | ACI, Linux Container | Course application hosting |
| Compute | edu-functions-app | Consumption Plan, JavaScript | Serverless backend processing |
| Networking | edu-frontdoor | Global SKU, WAF Policy | Global load balancing & security |
| Storage | edustreamstorage | Static website enabled, Hot tier | Frontend website files |
| Networking | edu-vnet-integration | VNet integrated with Functions | Secure backend connectivity |
Container Instances Azure Functions Azure Front Door Storage Account Virtual Network Integration
A financial firm needs to migrate a sensitive, stateful application to Azure with strict compliance requirements. No code changes allowed, and zero downtime is mandatory.
| Resource Type | Resource Name | Configuration | Purpose |
|---|---|---|---|
| Compute | secure-app-vm-1,2,3 | Standard_D4s_v3, Availability Set | Stateful application hosting |
| Compute | secure-as | 3 Fault Domains, 5 Update Domains | High availability across racks |
| Networking | secure-lb | Standard SKU, Session Persistence | Load balancer with sticky sessions |
| Networking | secure-nsg-app | Allow only corporate IPs | Restrict access to known sources |
| Networking | secure-storage-endpoint | Service Endpoint enabled | Private connection to Storage |
Virtual Machines (D-series) Availability Set Load Balancer with Session Persistence Network Security Groups Service Endpoints
A media company needs to host massive video archives and stream content to millions of users worldwide, requiring inexpensive storage and fast global delivery.
| Resource Type | Resource Name | Configuration | Purpose |
|---|---|---|---|
| Storage | viralvidsstorage | BlobStorage, Hot tier, Static website | Video archive and frontend hosting |
| Networking | viralvids-cdn | Verizon Premium, Global | Content caching and delivery |
| Compute | viral-api-functions | Premium Plan, JavaScript | Backend API for dynamic features |
Blob Storage Static Website Hosting Content Delivery Network (CDN) Azure Functions
A global corporation needs to connect offices worldwide to Azure using private, high-speed connections, treating Azure as an extension of their corporate network.
| Resource Type | Resource Name | Configuration | Purpose |
|---|---|---|---|
| Networking | GlobalCorp-Hub-VNet | 10.0.0.0/16 | Central hub network |
| Networking | GlobalCorp-Spoke-EU | 10.1.0.0/16 | European workload network |
| Networking | GlobalCorp-ExpressRoute | 10 Gbps, Premium SKU | Private connection to on-premises |
| Networking | Hub-to-EU-Peering | VNet Peering, Gateway Transit | Connect hub and spoke networks |
| Networking | GlobalCorp-Firewall | Standard SKU, Forced Tunneling | Central traffic inspection |
Virtual Network ExpressRoute VNet Peering Azure Firewall
Proper documentation is critical for operational success, troubleshooting, compliance, and knowledge transfer. Below is a comprehensive guide on documenting Azure resources effectively.
| Resource Type | Naming Pattern | Example | Max Length |
|---|---|---|---|
| Resource Group | rg-{app}-{env}-{region} | rg-edu-prod-eastus | 90 |
| Virtual Network | vnet-{app}-{env}-{region} | vnet-digitaldesigns-prod-eastus | 64 |
| Subnet | snet-{tier}-{env} | snet-web-prod | 80 |
| Virtual Machine | vm{app}{tier}{number} | vmeduweb01 | 15 |
| Storage Account | {app}{env}{number} | edustreamprod001 | 24 (lowercase only) |
| Load Balancer | lb-{app}-{tier}-{env} | lb-edu-web-prod | 80 |
| Network Security Group | nsg-{tier}-{env} | nsg-web-prod | 80 |
# RESOURCE DOCUMENTATION TEMPLATE
## 1. GENERAL INFORMATION
- **Resource Name:**
- **Resource Type:**
- **Resource Group:**
- **Location:**
- **Creation Date:**
- **Owner/Team:**
- **Cost Center:**
## 2. CONFIGURATION DETAILS
- **SKU/Tier:**
- **Size/Capacity:**
- **OS Version (if applicable):**
- **Network Configuration:**
- **Security Settings:**
## 3. TAGS
- Environment: (Production/Development/Test)
- Application:
- Criticality: (High/Medium/Low)
- Compliance: (PCI/HIPAA/SOX/None)
## 4. DEPENDENCIES
- Depends On:
- Dependent Resources:
## 5. ACCESS CONTROL (IAM)
- Owners:
- Contributors:
- Readers:
- Special Roles:
## 6. BACKUP & DISASTER RECOVERY
- Backup Policy:
- Retention Period:
- Recovery Services Vault:
- RPO/RTO:
## 7. MONITORING & ALERTING
- Metrics Tracked:
- Alert Rules:
- Action Groups:
- Log Analytics Workspace:
## 8. COST INFORMATION
- Estimated Monthly Cost:
- Billing Code:
- Optimization Opportunities:
## 9. NOTES
- Special Considerations:
- Known Issues:
- Maintenance Windows:
| VNet/Subnet | Address Space | Usable IPs | Purpose | Resources Deployed |
|---|---|---|---|---|
| Hub-VNet | 10.0.0.0/16 | 65,536 | Central Hub | Firewall, Gateway |
| GatewaySubnet | 10.0.0.0/27 | 32 | VPN/ExpressRoute Gateway | VPN Gateway |
| AzureFirewallSubnet | 10.0.1.0/26 | 64 | Azure Firewall | Firewall |
| Web-Subnet | 10.0.2.0/24 | 256 | Web Tier | Web VMs, Load Balancer |
| NSG Name | Priority | Name | Source | Destination | Protocol | Action | Justification |
|---|---|---|---|---|---|---|---|
| nsg-web-prod | 100 | Allow_HTTP_Internet | Internet | 10.0.2.0/24 | TCP 80 | Allow | Allow public web traffic |
| nsg-web-prod | 110 | Allow_HTTPS_Internet | Internet | 10.0.2.0/24 | TCP 443 | Allow | Allow secure web traffic |
| nsg-web-prod | 4000 | Deny_All_Other | * | * | * | Deny | Default deny all other traffic |
| Tag Name | Required | Example Values | Purpose |
|---|---|---|---|
| Environment | Yes | Prod, Dev, Test, QA, Staging | Identify deployment environment |
| Application | Yes | DigitalDesigns, EduStream, SecureSave | Group resources by application |
| CostCenter | Yes | CC-12345, Marketing-IT, R&D | Chargeback and cost allocation |
| Owner | Yes | team-web, john.doe@company.com | Point of contact for resource |
| Criticality | Yes | High, Medium, Low | Determine support and backup levels |
| Compliance | Conditional | PCI, HIPAA, SOX, GDPR | Track compliance requirements |
| MaintenanceWindow | No | Sunday-2AM-EST, Weekends | Schedule maintenance activities |
| Resource | Category | Description | Use Cases |
|---|---|---|---|
| Virtual Machines | Compute (IaaS) | Software emulation of physical computers, including OS and applications | Lift-and-shift migrations, custom software, full control requirements |
| VM Scale Sets | Compute (IaaS) | Groups of identical, load-balanced VMs that auto-scale | Stateless web tiers, auto-scaling applications |
| Container Instances | Compute (PaaS) | Simple, fast way to run containers without managing servers | Simple container deployments, development/testing |
| Azure Functions | Compute (Serverless) | Event-driven, serverless compute for small code pieces | API backends, data processing, integrations, scheduled tasks |
| Virtual Network | Networking | Private network in Azure for resources to communicate | Foundation for all Azure networking |
| Subnets | Networking | Segmentation of VNet for security and organization | Separate web, app, and data tiers |
| Network Security Groups | Networking | Software firewall filtering traffic to/from resources | Securing subnets and NICs |
| Load Balancer | Networking | Distributes traffic across resources for HA and performance | Load balancing web servers, applications |
| VPN Gateway | Networking | Connects on-premises networks to Azure over the internet | Hybrid cloud, remote access |
| ExpressRoute | Networking | Private, dedicated connection to Azure (not over internet) | Enterprise hybrid cloud, high-bandwidth needs, compliance |
| Azure DNS | Networking | Domain name system hosting and resolution | Custom domain names for Azure resources |
| Azure Firewall | Networking | Managed, cloud-based network security service | Central network security, traffic inspection |
| Front Door | Networking | Global load balancer and web application firewall | Global applications, acceleration, WAF protection |
| CDN | Networking | Content Delivery Network for caching content globally | Media streaming, static content delivery |
| VNet Peering | Networking | Connects VNets privately over Microsoft backbone | Hub-and-spoke topologies, multi-region architectures |