As you may know, in programming naming something is one of the hardest things. Azure is a great platform with thousands of services and it’s not immune to the problem of confusing names, especially as they add more features. There are also those services which offer nearly identical feature sets on the surface, but have some fundamental differences.

I’ve written this page as a quick reference to the differences between ten of the services I see mixed up the most often.

Azure Event Hub vs Event Grid

These two services may have a very similar name, yet actually have quite different uses.

Event grid is designed to receive and route events, with options to filter and reformat them. For example, you can receive Azure BLOB tier change events with Event Grid, route them to an Azure function for processing.

Event hub on the other hand is designed as a streaming system that receives and stores a high volume of inbound events (millions of events per second) from lots of different sources. Other Azure services such as Databricks can then process these events later.

Azure BLOB Storage vs Azure File Storage

Both Azure BLOB storage and Azure File storage store files but have different use cases.

Azure BLOB storage allows us to store a large amount of unstructured files at a low cost. We can optimise our costs in this service by altering the tiers of blobs, which balances the retrieval and storage costs. BLOBs are accessed via a range of tools or via an API rather than mounting the file store and are protected with RBAC permissions.

Azure File Storage is a cloud-based Network Attached Storage (NAS) solution where you can mount the storage via SMB or NFS. Mounting the file store allows users and applications to easily access the files with no additional tools. This service comes in standard and premium which alters the performance. Unlike blob storage however, you cannot set storage cost tiers on the files.

BLOB Static Website vs Azure Static App

BLOB storage has been around since the beginning of Azure and has had the ability to serve up HTML pages for nearly as long. BLOB static websites allow us to create a special container that will serve up the contents as a static website with a custom domain. This service feature is basic so lacks many of the features needed to run a full static web site, but it does give you direct access to the files and a very quick route to exposing content.

In 2021 Microsoft launched Azure static web apps with a range of pricing tiers starting from free. These offer first class support for static web apps including full CI/CD pipelines, preview websites, integration with Azure functions, URL re-writing, redirect support and granular authentication/authorization options.

Both services offer free SSL certificates, custom domains, CDN options and default documents. You will need to also add in Front Door if using BLOB static websites to access many of these features though.

Most of the time if you are looking to host a static website you will want to use Azure static web apps.

Azure Private Link vs Service Endpoint

There are many great blog posts comparing these two services, so I will keep this high level. Both services are designed to give better networking performance and security by routing traffic to Azures PaaS services over the Microsoft network rather than the public internet. These include PaaS services such as storage accounts, SQL DBs, Key Vault, Service Bus, Azure App Services and Azure Container Registry.

Using Service Endpoints the network traffic leaves your VNET when access PaaS services and is still sent to the public endpoint address of the PaaS service. With Service Endpoints however, the source IP becomes the private IP of you VM rather than the public IP and the traffic is routed internally in the Microsoft network for increased security and better performance. Due to this all traffic must originate from inside Azure.

Private Link is a newer service. When communicating with the PaaS services, these services are given a private IP address, and the traffic is routed internally with no data exfiltration. Using ExpressRoute and VPN tunnels you can also extend the private Azure PaaS connectivity to any on-premises network.

Service Endpoints are free to use however Private link is charged for inbound and outbound data plus a cost per hour.

This is a complex topic so to read more see these articles:

• What is the difference between service endpoints and private endpoints
• Service Endpoints vs Private Endpoints
• Azure Private Endpoint & Service Endpoint Explained

Service Principle vs Managed Identity

Both Service principals and Managed Identities are Azure security objects used to access Azure resources via RBAC so can easily be confused.

A service principle is effectively an Entra Id user (previously Active Directory) but one used for accessing resources rather than one that can actively log in. This means that it can be used beyond Azure if needed and assigned other roles, however it also means there is no automatic rotation of passwords/secrets. Unlike most Azure resources its worth noting that Service principles are not created in the portal but are created via the Azure CLI or PowerShell.

A Managed Identity on the other hand is easier to use and can be more secure. They are created as either a standalone Azure Resource and then attached to a target service (User Assigned) or can be created as part of the target service (System Assigned). The main advantage is that Managed identities remove the need for any hard coded credentials.

You can read more about these here Demystifying Service Principals Managed Identities.

Conclusion

Azure can be can complex place and the names can sometime be confusing. I hope this article has helped you to understand the differences between these services a little better.

Title Image by Arek Socha from Pixabay