In this article, I would like to present a detailed comparison between the two leading players in the Public Cloud Arena: Amazon AWS and Microsoft Azure. Together, both vendors have nearly 50% market share in the IaaS market and are being considered by almost anyone interested in moving to the cloud. A comparison is quite interesting: AWS is the undisputed pioneer and came onto the market in 2006 with Elastic Compute Cloud (EC2). AWS thus has a lead of 2 years over Azure. Although the Microsoft cloud service was only launched in 2008, it has been strongly influenced by the proven Microsoft technologies and has become a very strong competitor. Now we will start with a direct comparison in six rounds:
Round 1- Standard offering of AWS and Azure
|Computing resources||EC2 (Elastic Compute Cloud)
EC2 is Amazon’s fundamental web service. As an EC2 user, you can flexibly rent virtual computing power. EC2 has a very large selection of instance types that are optimized for a wide variety of use cases. Amazon also offers a wide range of related services, e.g. AWS Lambda, Elastic Container Service (ECS), Autoscaling and much more.
|Azure Virtual Machines
Microsoft’s Virtual Machines are the counterpart to Amazon’s EC2, which also offer many pre-configured instance types. Microsoft offers the possibility to reserve VM instances on a long-term basis, which results in significant cost reductions compared to the pay-as-you-go price model. The configuration possibilities of the virtual machines are not as extensive as with AWS.
|storage services||Object Storage:
Simple Storage Service (S3) is the object storage service of AWS. S3 Standard serves as hot storage for storing objects that are frequently accessed. S3 Standard Infrequent Access serves as cool storage for objects that are only rarely accessed. The service AWS Glacier is the “cold storage” intended for archiving purposes.
Elastic File Service (EFS) is an elastic cloud NFS file system. There are two storage classes, which are intended for different access frequencies. The default storage class and an infrequent access storage class.
Amazon’s EBS (Elastic Block Storage) is the disk storage service available in combination with virtual machines in EC2. Various magnetic rotating hard disk drives and SSDs are available.
The object storage options for the Azure Storage service are also based on the frequency of access and are called Hot Blob Storage, Cool Blob Storage and Archive. With an SLA of 99.99% availability, Azure is slightly ahead of AWS that promises 99.95% availability.
Azure offers in this category the Azure File Storage Service, which is very similar to EFS. There are two storage classes: Standard and Premium. However, the file size limits are not as generous as for AWS and the service does not scale automatically.
Azure’s block storage offer is called Managed Disks and comes in a standard and a premium option. The standard option is magnetically rotating hard disks, the premium option SSDs.
|Database services||AWS offers a wide range of relational and non-relational databases to meet just about any application requirement. AWS database services are the most mature and the first choice for big data. AWS’s migration service is the leading one.||Azure also offers a wide range of services and is particularly known for its flagship services Azure SQL Database and SQL Data Warehouse.|
|Networking services||Virtual Private Cloud (VPC) is AWS’ networking service. It allows users to combine EC2 instances and other network resources under a dedicated IP range.||Azure Virtual Network (VNet) is Microsoft’s corresponding service and in many ways very similar to the Amazon service.|
In a technical comparison, I would say that AWS wins by a slight lead. In most aspects, AWS is more mature and offers more options and services than Azure. Nevertheless, Azure is doing very well and can be a more suitable solution, depending on personal needs, especially since Azure is easier to use than AWS.
Round 2 – Pricing
Costs play a major role in any cloud project, as cost savings are one of the main reasons for many companies to move to the cloud. Since for most companies, the computing resources account for about 80% of the monthly invoice amount, it makes sense to take a closer look at the prices for cloud instances. Over the past few years, both vendors have steadily reduced prices for cloud instances and billing increments. Besides, both Amazon and Microsoft now offer generous discounts on cloud instances in exchange for a minimum period of commitment (so-called reserved instances).
Comparing the pricing of the two providers on a one-to-one basis is a rather difficult undertaking since the complexity is high and the services offered differ in various aspects and are subject to constant change. However, to the benefit of customers, price transparency has improved in recent years. Both providers provide tools for forecasting the estimated cost of your requirements. Click here for the Amazon total cost of ownership calculator and here for the Microsoft Azure pricing calculator. By the way, both Amazon and Microsoft offer a free introductory subscription to familiarize yourself with the services before you decide to become a paying customer.
RightScale estimates that companies spend on average about 35% too much on their cloud services. Therefore, it makes sense not only to compare the costs of the providers but also to get the competence on board to operate a public cloud environment as efficiently as possible. For this purpose, it is a good idea to purchase a cost management solution or to engage a managed public cloud provider.
Therefore, I award a draw in the pricing category.
Round 3 – Support and Community
Amazon has a significant lead over Azure in open source cloud hosting and offers a variety of open-source tools. Although Microsoft’s initially sceptical relationship with the open-source community is changing, the open-source user is much better off with AWS. In terms of the partner network and community support, I also think Amazon is in the lead.
The Support and Community category goes to AWS.
Round 4 – Global Availability
For some international companies, the global availability of the cloud provider may also be of interest. As of today, the situation is as follows:
The AWS cloud can be reached in 69 availability zones within 22 regions worldwide. Besides, nine additional availability zones and three additional regions for Cape Town, Jakarta and Milan are planned. Click here for an overview of the current global AWS infrastructure. Each availability zone consists of at least two data centres that are connected via their fibre optic lines.
Azure has a slightly different approach and is focused on achieving very high global coverage. Microsoft CEO Satya Nadella has already made it clear that with Azure, Microsoft is pursuing the goal of building the “world computer”. Accordingly, Azure is available globally in many geographic regions. Click here for an overview of the current Azure regions.
Azure customers typically host their workloads in one region and use a data centre of another region as a backup. With AWS it is possible to ensure a fail-safe backup with very low latency within only one region through two connected data centres.
For most organizations, low-latency backup won’t be the deciding factor, but it’s a nice unique selling point for which I give AWS the point here.
Round 5 – Security
Security is, of course, an important point and one of the most relevant selection criteria for potential customers. Security concerns are still one of the biggest barriers to cloud adoption. So it’s worth taking a closer look. Both providers offer a wide range of services for a wide variety of security aspects. In recent years, many new services have been published. Here you will find a comparison of the most important security services:
|Amazon AWS||Microsoft Azure|
|Identity and access management
(= the tools and procedures used to manage access to various services and resources in the cloud)
|IAM +AWS Organisations
At AWS, the services IAM and AWS Organizations are used to manage users, groups and permission policies.
|Azure Active Directory
The Azure Active Directory is very similar to the traditional Windows Active Directory. Additionally, with RBAC (role-based access control), access to specific cloud resources can be managed very granularly.
(=Create and manage the keys used to encrypt data in the cloud)
|Amazon KMS, CloudHSM and AWS Secrets Manager
|Azure Key Vault
Key Vault is used to encrypt keys and secrets. The keys used are protected by hardware security modules (HSMs).
|Service and resource isolation
(=increased network isolation to other cloud users)
|Amazon VPC (see above)
|Azure Virtual Network (VNet) and ExpressRoute (see above)|
(=logging of events in the cloud for continuous monitoring)
With the CloudWatch service, you can capture performance and functional data from in the form of logs and metrics. With CloudTrail, you can log account activity in your AWS infrastructure.
|Azure Log Analytics
Log Analytics allows you to run log queries from Azure Monitor.
(= control and warning systems to detect misconfigurations)
|AWS Trusted Advisor, AWS Inspector
AWS Trusted Advisor and AWS Inspector help AWS implement best practices in cloud security and compliance.
|Azure Advisor, Azure Security Center
Azure Advisor is Microsoft’s personalized cloud consultant who discovers threats, vulnerabilities, and more. The Azure Security Center calculates a security score and provides recommendations for remediating vulnerabilities in Azure IaaS and PaaS resources.
(= Encryption of data in the cloud storage services)
|Data Encryption for S3
AWS Storage Service S3 allows not only server-side but also client-side data encryption.
|Storage Service Encryption
Azure Storage automatically encrypts your data as it is stored in the cloud.
|SSL Certificate Service
(=create, manage and use certificates in the cloud)
|Certificate Manager (free of charge)||App Service Certificate (paid)|
(=data traffic monitoring against Distributed Denial of Service attacks)
|AWS Shield (Standard and Advanced)
A popular service that has wide distribution among AWS customers thanks to its simplicity and free standard option.
|Azure DDoS Protection Service
The focus of this service is on virtual networks.
(=access to audit reports, compliance policies and trust documents from cloud services)
Artifact is the compliance portal of AWS that provides compliance reports and agreements.
|Service Trust Platform
Here are resources about Microsoft’s security, privacy, and compliance practices.
In this category, it is not easy for me to award the point. In my opinion, AWS is again slightly ahead. The decisive arguments are that AWS is good at configuring services securely by default and that services and accounts are very well isolated from each other. For enterprise customers, however, Azure may be the better choice, as central management is easier than with AWS.
Round 6 – Hybrid and Multi-Cloud Capabilities
For many companies, hybrid and multi-cloud capabilities of the cloud provider are important criteria. Typically, for larger enterprises with a mature IT infrastructure, there are good reasons not to migrate all data and applications to the cloud, but to take a hybrid approach instead. Besides, some companies want to pursue a multi-cloud strategy that combines cloud services from multiple cloud providers to be more flexible and independent.
Microsoft recognized early on that it would still take a long time for many companies to go all the way to the cloud and has therefore focused heavily on hybrid solutions. Also, Microsoft naturally has its roots in on-premise enterprise solutions, which is why it was very obvious to develop cloud services that enable integration with on-premise infrastructure. Azure Stack enables you to use Azure services from your own data centre. With the recently announced Azure Arc service, Microsoft wants to enable an additional extension to other public cloud providers. As a customer, you will have one central administration point for all services and applications, regardless of where they are located.
For the first time, AWS has taken AWS Outposts seriously and responded to the company’s needs for hybrid solutions. Customers get server racks delivered that are managed by AWS and then have the same hardware and software infrastructure on-premise as in the AWS cloud. This enables you to create and run modern cloud-native applications anywhere.
However, AWS Outposts supports a much smaller number of services than Azure compared to Azure. In this respect, Azure is currently the first choice for hybrid solutions. The point in this category goes to Azure.
In this comparison of AWS vs. Azure, AWS wins with 5 to 2 points. However, I would like to say at this point that your requirements and goals should come first when choosing a cloud provider, so both AWS and Azure can be the best choice for you. The good news is that both providers can meet your most important requirements with confidence. An important factor for the success of your cloud project will be the necessary cloud competence. We would, therefore, be happy to advise you on the selection of a provider and offer you our Managed Public Cloud Service.
Please note that this article is as of November 2019 and that the complex cloud offerings are constantly changing and evolving.