cloud-solution-architect

Cloud Solution Architect

Overview

Design well-architected, production-grade cloud systems following Azure Architecture Center best practices. This skill provides:

• 10 design principles for Azure applications
• 6 architecture styles with selection guidance
• 44 cloud design patterns mapped to WAF pillars
• Technology choice frameworks for compute, storage, data, messaging
• Performance antipatterns to avoid
• Architecture review workflow for systematic design validation

---

Ten Design Principles for Azure Applications

#	Principle	Key Tactics
1	Design for self-healing	Retry with backoff, circuit breaker, bulkhead isolation, health endpoint monitoring, graceful degradation
2	Make all things redundant	Eliminate single points of failure, use availability zones, deploy multi-region, replicate data
3	Minimize coordination	Decouple services, use async messaging, embrace eventual consistency, use domain events
4	Design to scale out	Horizontal scaling, autoscaling rules, stateless services, avoid session stickiness, partition workloads
5	Partition around limits	Data partitioning (shard/hash/range), respect compute & network limits, use CDNs for static content
6	Design for operations	Structured logging, distributed tracing, metrics & dashboards, runbook automation, infrastructure as code
7	Use managed services	Prefer PaaS over IaaS, reduce operational burden, leverage built-in HA/DR/scaling
8	Use an identity service	Microsoft Entra ID, managed identity, RBAC, avoid storing credentials, zero-trust principles
9	Design for evolution	Loose coupling, versioned APIs, backward compatibility, async messaging for integration, feature flags
10	Build for business needs	Define SLAs/SLOs, establish RTO/RPO targets, domain-driven design, cost modeling, composite SLAs

---

Architecture Styles

Style	Description	When to Use	Key Services
N-tier	Horizontal layers (presentation, business, data)	Traditional enterprise apps, lift-and-shift	App Service, SQL Database, VNets
Web-Queue-Worker	Web frontend → message queue → backend worker	Moderate-complexity apps with long-running tasks	App Service, Service Bus, Functions
Microservices	Small autonomous services, bounded contexts, independent deploy	Complex domains, independent team scaling	AKS, Container Apps, API Management
Event-driven	Pub/sub model, event producers/consumers	Real-time processing, IoT, reactive systems	Event Hubs, Event Grid, Functions
Big data	Batch + stream processing pipeline	Analytics, ML pipelines, large-scale data	Synapse, Data Factory, Databricks
Big compute	HPC, parallel processing	Simulations, modeling, rendering, genomics	Batch, CycleCloud, HPC VMs

Selection Criteria

• Domain complexity → Microservices (high), N-tier (low-medium)
• Team autonomy → Microservices (independent teams), N-tier (single team)
• Data volume → Big data (TB+), others (GB)
• Latency requirements → Event-driven (real-time), Web-Queue-Worker (tolerant)

---

Cloud Design Patterns

44 patterns organized by primary concern. WAF pillar mapping: R=Reliability, S=Security, CO=Cost Optimization, OE=Operational Excellence, PE=Performance Efficiency.

Messaging & Communication

Pattern	Summary	Pillars
Asynchronous Request-Reply	Decouple request/response with polling or callbacks	R, PE
Claim Check	Split large messages; store payload separately, pass reference	R, PE
Choreography	Services coordinate via events without central orchestrator	R, OE
Competing Consumers	Multiple consumers process messages from shared queue concurrently	R, PE
Messaging Bridge	Connect incompatible messaging systems	R, OE
Pipes and Filters	Decompose complex processing into reusable filter stages	R, OE
Priority Queue	Prioritize requests so higher-priority work is processed first	R, PE
Publisher/Subscriber	Decouple senders from receivers via topics/subscriptions	R, PE
Queue-Based Load Leveling	Buffer requests with a queue to smooth intermittent loads	R, PE
Sequential Convoy	Process related messages in order while allowing parallel groups	R, PE

Reliability & Resilience

Pattern	Summary	Pillars
Bulkhead	Isolate resources per workload to prevent cascading failure	R
Circuit Breaker	Stop calling a failing service; fail fast to protect resources	R
Compensating Transaction	Undo previously committed steps when a later step fails	R
Health Endpoint Monitoring	Expose health checks for load balancers and orchestrators	R, OE
Leader Election	Coordinate distributed instances by electing a leader	R
Retry	Handle transient faults by retrying with exponential backoff	R
Saga	Manage data consistency across microservices with compensating transactions	R
Scheduler Agent Supervisor	Coordinate distributed actions with retry and failure handling	R

Data Management

Pattern	Summary	Pillars
Cache-Aside	Load data on demand into cache from data store	PE
CQRS	Separate read and write models for independent scaling	PE, R
Event Sourcing	Store state as append-only sequence of domain events	R, OE
Index Table	Create indexes over frequently queried fields in data stores	PE
Materialized View	Pre-compute views over data for efficient queries	PE
Sharding	Distribute data across partitions for scale and performance	PE, R
Static Content Hosting	Serve static content from cloud storage/CDN directly	PE, CO
Valet Key	Grant clients limited direct access to storage resources	S, PE

Design & Structure

Pattern	Summary	Pillars
Ambassador	Offload cross-cutting concerns to a helper sidecar proxy	OE
Anti-Corruption Layer	Translate between new and legacy system models	OE, R
Backends for Frontends	Create separate backends per frontend type (mobile, web, etc.)	OE, PE
Compute Resource Consolidation	Combine multiple workloads into fewer compute instances	CO
External Configuration Store	Externalize configuration from deployment packages	OE
Sidecar	Deploy helper components alongside the main service	OE
Strangler Fig	Incrementally migrate legacy systems by replacing pieces	OE, R

Security & Access

Pattern	Summary	Pillars
Federated Identity	Delegate authentication to an external identity provider	S
Gatekeeper	Protect services using a dedicated broker that validates requests	S
Quarantine	Isolate and validate external assets before allowing use	S
Rate Limiting	Control consumption rate of resources by consumers	R, S
Throttling	Control resource consumption to sustain SLAs under load	R, PE

Deployment & Scaling

Pattern	Summary	Pillars
Deployment Stamps	Deploy multiple independent copies of application components	R, PE
Edge Workload Configuration	Configure workloads differently across diverse edge devices	OE
Gateway Aggregation	Aggregate multiple backend calls into a single client request	PE
Gateway Offloading	Offload shared functionality (SSL, auth) to a gateway	OE, S
Gateway Routing	Route requests to multiple backends using a single endpoint	OE
Geode	Deploy backends to multiple regions for active-active serving	R, PE

See Design Patterns Reference for detailed implementation guidance.

---

Technology Choices

Decision Framework

For each technology area, evaluate: requirements → constraints → tradeoffs → select.

Area	Key Options	Selection Criteria
Compute	App Service, Functions, Container Apps, AKS, VMs, Batch	Hosting model, scaling, cost, team skills
Storage	Blob Storage, Data Lake, Files, Disks, Managed Lustre	Access patterns, throughput, cost tier
Data stores	SQL Database, Cosmos DB, PostgreSQL, Redis, Table Storage	Consistency model, query patterns, scale
Messaging	Service Bus, Event Hubs, Event Grid, Queue Storage	Ordering, throughput, pub/sub vs queue
Networking	Front Door, Application Gateway, Load Balancer, Traffic Manager	Global vs regional, L4 vs L7, WAF
AI services	Azure OpenAI, AI Search, AI Foundry, Document Intelligence	Model needs, data grounding, orchestration
Containers	Container Apps, AKS, Container Instances	Operational control vs simplicity

See Technology Choices Reference for detailed decision trees.

---

Best Practices

Practice	Key Guidance
API design	RESTful conventions, resource-oriented URIs, HATEOAS, versioning via URL path or header
API implementation	Async operations, pagination, idempotent PUT/DELETE, content negotiation, ETag caching
Autoscaling	Scale on metrics (CPU, queue depth, custom), cool-down periods, predictive scaling, scale-in protection
Background jobs	Use queues or scheduled triggers, idempotent processing, poison message handling, graceful shutdown
Caching	Cache-aside pattern, TTL policies, cache invalidation strategies, distributed cache for multi-instance
CDN	Static asset offloading, cache-busting with versioned URLs, geo-distribution, HTTPS enforcement
Data partitioning	Horizontal (sharding), vertical, functional partitioning; partition key selection for even distribution
Partitioning strategies	Hash-based, range-based, directory-based; rebalancing approach, cross-partition query avoidance
Host name preservation	Preserve original host header through proxies/gateways for cookies, redirects, auth flows
Message encoding	Schema evolution (Avro/Protobuf), backward/forward compatibility, schema registry
Monitoring & diagnostics	Structured logging, distributed tracing (W3C Trace Context), metrics, alerts, dashboards
Transient fault handling	Retry with exponential backoff + jitter, circuit breaker, idempotency keys, timeout budgets

See Best Practices Reference for implementation details.

---

Performance Antipatterns

Avoid these common patterns that degrade performance under load:

Antipattern	Problem	Fix
Busy Database	Offloading too much processing to the database	Move logic to application tier, use caching
Busy Front End	Resource-intensive work on frontend request threads	Offload to background workers/queues
Chatty I/O	Many small I/O requests instead of fewer large ones	Batch requests, use bulk APIs, buffer writes
Extraneous Fetching	Retrieving more data than needed	Project only required fields, paginate, filter server-side
Improper Instantiation	Recreating expensive objects per request	Use singletons, connection pooling, HttpClientFactory
Monolithic Persistence	Single data store for all data types	Polyglot persistence — right store for each workload
No Caching	Repeatedly fetching unchanged data	Cache-aside pattern, CDN, output caching, Redis
Noisy Neighbor	One tenant consuming all shared resources	Bulkhead isolation, per-tenant quotas, throttling
Retry Storm	Aggressive retries overwhelming a recovering service	Exponential backoff + jitter, circuit breaker, retry budgets
Synchronous I/O	Blocking threads on I/O operations	Async/await, non-blocking I/O, reactive streams

---

Mission-Critical Design

For workloads targeting 99.99%+ SLO, address these design areas:

Design Area	Key Considerations
Application platform	Multi-region active-active, availability zones, Container Apps or AKS with zone redundancy
Application design	Stateless services, idempotent operations, graceful degradation, bulkhead isolation
Networking	Azure Front Door (global LB), DDoS Protection, private endpoints, redundant connectivity
Data platform	Multi-region Cosmos DB, zone-redundant SQL, async replication, conflict resolution
Deployment & testing	Blue-green deployments, canary releases, chaos engineering, automated rollback
Health modeling	Composite health scores, dependency health tracking, automated remediation, SLI dashboards
Security	Zero-trust, managed identity everywhere, key rotation, WAF policies, threat modeling
Operational procedures	Automated runbooks, incident response playbooks, game days, postmortems

See Mission-Critical Reference for detailed guidance.

---

Well-Architected Framework (WAF) Pillars

Every architecture decision should be evaluated against all five pillars:

Pillar	Focus	Key Questions
Reliability	Resiliency, availability, disaster recovery	What is the RTO/RPO? How does it handle failures? Is there redundancy?
Security	Threat protection, identity, data protection	Is identity managed? Is data encrypted? Are there network controls?
Cost Optimization	Cost management, efficiency, right-sizing	Is compute right-sized? Are there reserved instances? Is there waste?
Operational Excellence	Monitoring, deployment, automation	Is deployment automated? Is there observability? Are there runbooks?
Performance Efficiency	Scaling, load testing, performance targets	Can it scale horizontally? Are there performance baselines? Is caching used?

WAF Tradeoff Matrix

Optimizing for...	May impact...
Reliability (redundancy)	Cost (more resources)
Security (isolation)	Performance (added latency)
Cost (consolidation)	Reliability (shared failure domains)
Performance (caching)	Cost (cache infrastructure), Reliability (stale data)

---

Architecture Review Workflow

When reviewing or designing a system, follow this structured approach:

Step 1: Identify Requirements

Functional: What must the system do?
Non-functional:
  - Availability target (e.g., 99.9%, 99.99%)
  - Latency requirements (p50, p95, p99)
  - Throughput (requests/sec, messages/sec)
  - Data residency and compliance
  - Recovery targets (RTO, RPO)
  - Cost constraints

Step 2: Select Architecture Style

Match requirements to architecture style using the selection criteria table above.

Step 3: Choose Technology Stack

Use the technology choices decision framework. Prefer managed services (PaaS) over IaaS.

Step 4: Apply Design Patterns

Select relevant patterns from the 44 cloud design patterns based on identified concerns.

Step 5: Address Cross-Cutting Concerns

• Identity & access — Microsoft Entra ID, managed identity, RBAC
• Monitoring — Application Insights, Azure Monitor, Log Analytics
• Security — Network segmentation, encryption at rest/in transit, Key Vault
• CI/CD — GitHub Actions, Azure DevOps Pipelines, infrastructure as code

Step 6: Validate Against WAF Pillars

Review each pillar systematically. Document tradeoffs explicitly.

Step 7: Document Decisions

Use Architecture Decision Records (ADRs):

# ADR-NNN: [Decision Title]

## Status: [Proposed | Accepted | Deprecated]

## Context
[What is the issue we're addressing?]

## Decision
[What did we decide and why?]

## Consequences
[What are the positive and negative impacts?]

---

References

• Design Patterns Reference — Detailed pattern implementations
• Technology Choices Reference — Decision trees for Azure services
• Best Practices Reference — Implementation guidance
• Mission-Critical Reference — High-availability design

---

Source

Content derived from the Azure Architecture Center — Microsoft's official guidance for cloud solution architecture on Azure. Covers design principles, architecture styles, cloud design patterns, technology choices, best practices, performance antipatterns, mission-critical design, and the Well-Architected Framework.