Azure Architecture and Power Platform

By | December 29, 2019

I’ve been trying to catch up on the azure architecture lately using free learning material that Microsoft provides for the related az-300 exam:

https://docs.microsoft.com/en-us/learn/certifications/exams/az-300

There is a lot to catch up on, since it’s definitely not my primary area of expertise, but now that I’m through about a quarter of that course, I can’t help but start thinking about how that relates to the Power Platform/Dynamics.

Quite frankly, it seems that, even if the concepts discussed there are still applicable, technically Power Platform is very independent from Azure. It might be running on the Azure backbone, but, from the end-user and/or administrator standpoint, there is not a lot of control over how exactly it’s running there. Which is good and bad, as usual.

On the one hand, it’s up to Microsoft to ensure that Power Platform is running smoothly, so we, Power Platform users/admins, don’t need to worry about it.

On the other hand, Power Platform architecture essentially denies access to some of the Azure concepts. For example:

  • Power Platform environments are tied to the regions. If there is any fault-tolerance embedded there, it’s not exactly clear how it works
  • There is no load-balancing, health-probing, or traffic management. More exactly, they are not within our control. Although, I’m guessing traffic management might still be possible, but it would not make a lot of sense since we can’t do CDS database replication between regions. Besides, there would be licensing implications
  • With the SLA-s, it’s not clear what is really guaranteed

 

Actually, when it comes to the SLA-s, it’s very interesting in general. I used to think SLA is sort of an uptime guarantee. And this is how it is described in the architecture courses. But, come to think of it, it’s more of a “money-back” guarantee. For a lot of Microsoft products, you will find corresponding SLA-s in this document:

https://www.microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=3&DocumentTypeId=37

As far as Power Apps go, here is what it looks like:

image

Strictly speaking, in terms of service availability there is just no guarantee. It’s simply common sense that Microsoft would want to hold on to the subscription payments rather than to reimburse its  clients for the service degradation. Although, that reimbursement would be limited either way.

In other words, there is an SLA, but, getting back to the architecture in general… let’s say we are building an application that is going to utilize CDS web api-s, and we want to guarantee 99.9% uptime for that app. We can keep adding load-balancers, availability sets, etc. But we can’t do better than the system we depend on, which is CDS in this case. Problem is, Power Platform subscription costs might not be that big of a component in the overall cost of our application downtime.

This has actually been my main “disagreement” with the whole ADX Studio architecture from the early days, and I am still not that convinced Power App Portals are much better in that sense. Although, I have to admit Power App portals are running in Azure, yet they are managed by Microsoft., and Microsoft likely has more tools and experience to maintain and operate them compared to the majority of individual clients who used to install ADX on-premise.

Either way, even though a bunch of things are out of our control in the Power Platform world, there is still quite a bit that’s on us:

  • Backups and disaster recovery. Technically, backups are supposed to be included into the disaster recovery plans… however, in case with Power Platform it’s not quite clear whether we can have any disaster recovery plan other than putting our trust in Microsoft and hoping there is a plan. There are database backups, though, so we can use those backups to restore our CDS databases if, somehow, the data gets broken there. On the other hand, Power Platform is not tied exclusively to CDS – there can be other data sources involved, so backups procedures for those other datasources can be quite different
  • Did you know you can use “Express Route” to connect your network to the Microsoft Cloud?  This is how you can get some extra security and lower latency, although, of course, it’s not a free service. Still, it might speed up(and secure) access to the Microsoft cloud in general and to the Power Platform in particular for your internal users
  • Data security in CDS. That’s never been particularly simple, but, with the introduction of canvas apps, excel online data editing, power BI, etc… it’s probably easier than ever to miss something in the security configuration and unintentionally expose data. Data security deserves a separate post, though

Well, this has not been a very coherent post – instead, it’s probably just a reflection on what I’ve been reading about lately. But there is one good topic to explore further, which is the security, and this is likely what I’ll get back to in one of the following posts.

Leave a Reply

Your email address will not be published.