Key terminology for the Azure Stamps Pattern with plain-language explanations and analogies to speed up onboarding and reduce ambiguity.
- What’s inside: Architecture, tenancy, security, ops, and compliance terms
- Best for: Newcomers, engineers/DevOps, architects, and business/IT leaders
- Outcomes: Shared vocabulary that improves collaboration and decision-making
Symbols & Conventions: External links use HTML anchors with target="_blank" to open in a new tab/window (some viewers may ignore target). Use Ctrl+Click/Cmd+Click as needed. JSON code with comments uses jsonc code fences; diagrams follow docs/mermaid-template.md.
- Newcomers: Get up to speed on Azure Stamps Pattern terminology
- Engineers/DevOps: Clarify technical terms and acronyms
- Solution Architects: Reference for design and documentation
- Business/IT Leaders: Understand key concepts for decision-making
| Section | Focus Area | Best for |
|---|---|---|
| 🏗️ Architectural Terms | Core Stamps concepts | All readers |
| 🏠 Tenancy Models | Multi-tenancy, assignment | Architects, DevOps |
| 🔒 Security Terms | Security, identity, endpoints | Security, DevOps |
| ⚡ Performance & Scaling | Caching, scaling, load balancing | DevOps |
| 📚 Data & Storage | Cosmos DB, partitioning, TTL | Architects, Devs |
| 🌐 Networking & Routing | Global vs regional routing, private connectivity | Architects, DevOps |
| 🔗 Integration & Messaging | Queues and messaging patterns | Devs, DevOps |
| 🛠️ Infrastructure & DevOps | IaC, Bicep, CI/CD | DevOps |
| 📊 Monitoring & Operations | Observability, metrics | Operations |
| Cost & Business | TCO, optimization | IT Leaders |
| 🏛️ Compliance & Governance | CAF, WAF, standards | Compliance |
| 🚀 Getting Started Tips | Learning path, resources | Newcomers |
| 📞 Need Help? | Support, troubleshooting | All readers |
What is the Glossary for?
The glossary is your quick reference for all the terms, acronyms, and concepts used in the Azure Stamps Pattern documentation. If you’re new to Azure, multi-tenancy, or cloud architecture, start here to build your foundation.
Why is this important?
- Clarity: Demystifies technical jargon and acronyms
- Onboarding: Accelerates learning for new team members
- Reference: Supports documentation, design, and troubleshooting
An Azure architectural pattern that deploys identical "stamps" of infrastructure globally for scalability and isolation.
- Analogy: Like franchise restaurants - each location (stamp) has the same setup but serves different customers (tenants)
- Benefits: Predictable performance, easier troubleshooting, horizontal scaling
- Example: Netflix uses a similar pattern to serve different regions with identical infrastructure
The four-tier architecture structure of the Azure Stamps Pattern:
- GEO: Geographic area (e.g., North America, Europe) - highest level routing
- Region: Azure region within a GEO (e.g., East US, West Europe) - regional services
- Availability Zone (AZ): Physically separate datacenters within a region, providing high availability and fault tolerance. Each CELL can be deployed in 0, 1, 2, or 3 zones depending on business and SLA requirements.
- CELL: Individual application instance within a zone - tenant hosting and logical isolation
Visual Representation:
🌍 North America GEO
├── 🏢 East US Region
│ ├── 🗂️ AZ 1
│ │ ├── 🏠 CELL-001 (Shared: 50 tenants)
│ │ └── 🏠 CELL-002 (Dedicated: 1 enterprise tenant)
│ └── 🗂️ AZ 2
│ └── 🏠 CELL-003 (Shared: 30 tenants)
└── 🏢 West US Region
├── 🗂️ AZ 1
│ └── 🏠 CELL-004 (Shared: 75 tenants)
└── 🗂️ AZ 2
└── 🏠 CELL-005 (Dedicated: 1 enterprise tenant)
Why Availability Zones Matter:
- High Availability (HA): Deploying CELLs across multiple AZs protects against datacenter failures.
- Disaster Recovery (DR): AZs enable rapid failover and business continuity.
- Flexible Cost/SLA: You can choose the number of AZs per CELL to balance cost and durability for each tenant or workload.
An isolated application instance that hosts one or more tenants.
- Shared CELL: Multi-tenant, cost-optimized (10-100 tenants per CELL)
- Dedicated CELL: Single-tenant, compliance-focused (1 tenant per CELL)
- Analogy: Shared CELL = apartment building; Dedicated CELL = private house
Serverless container hosting for microservices and background processing.
- Use Cases: Frontends, APIs, background workers in stamps
- Scale: KEDA-based scale to zero and event-driven scale out
- Docs: Azure Container Apps overview ↗
Event-driven, serverless compute for background tasks and APIs.
- Use Cases: Control-plane operations (e.g., tenant provisioning)
- Bindings: Triggers for HTTP, Timer, Queue, Service Bus, etc.
- Docs: Azure Functions overview ↗
Unified gateway for APIs with policy-based controls.
- Use Cases: Routing, auth, rate limiting, observability across stamps
- Policies: JWT validation, header transforms, CORS, caching
- Docs: API Management key concepts ↗
Secure store for secrets, keys, and certificates.
- Integration: Managed identity; reference secrets in app settings and Bicep
- Docs: Key Vault overview ↗
The Management Portal exposes a GraphQL API for control-plane data using Hot Chocolate, a .NET GraphQL server implementation.
- Use Cases: Exposes control-plane data (tenants, cells, operations) via GraphQL with role-based access patterns
- Notes: Hot Chocolate is the GraphQL backend used throughout the portal for data access and API operations.
- Docs: Hot Chocolate: https://chillicream.com/docs/hotchocolate
Architecture where multiple customers (tenants) share the same application instance and infrastructure.
- Benefits: Cost efficiency, easier maintenance, resource optimization
- Challenges: Isolation, customization, performance consistency
The ability to support different tenancy models within the same architecture.
- Business Value: Mix and match based on customer needs and budget
- Example: SMB customers → Shared CELLs; Enterprise customers → Dedicated CELLs
A customer or organization using your SaaS application.
- Examples: A company, department, or user group
- Isolation: Each tenant's data and configuration are separated from others
The process of determining which CELL will host a specific tenant.
- Factors: Compliance requirements, performance needs, cost considerations
- Automation: Intelligent algorithms can auto-assign based on predefined rules
Security model that assumes no implicit trust - everything must be verified.
- Principles: "Never trust, always verify"
- Implementation: Private endpoints, managed identities, continuous verification
- Analogy: Like airport security - everyone gets checked, regardless of who they are
Azure feature that provides secure connectivity to services over a private network.
- Benefit: Eliminates exposure to public internet
- Example: Database only accessible via private network, not public IP
- Docs: Azure Private Endpoint overview ↗
Azure feature that provides applications with an automatically managed identity in Microsoft Entra ID (formerly Azure AD).
- Benefit: No need to store credentials in code
- Types: System-assigned (tied to resource) or User-assigned (shared across resources)
- Docs: Managed identities for Azure resources ↗
A secure way to transmit information between parties as a JSON object.
- Use Case: Authentication and authorization
- Performance: Enhanced with caching (85-90% improvement in this implementation)
Cloud-based identity and access management.
- Use Cases: Workforce identities, service principals, app registrations
- Docs: What is Microsoft Entra ID? ↗
Customer identity and access management for external users.
- Use Cases: Public-facing apps with social and local accounts
- Docs: What is External ID for customers? ↗
Storing frequently accessed data in fast storage for quick retrieval.
- Types: Redis (distributed), In-memory (local)
- Benefit: Reduces database load and improves response times
- Monitoring: Cache hit ratio should be >80%
Automatic adjustment of resources based on demand.
- Horizontal: Add more instances (scale out)
- Vertical: Increase instance size (scale up)
- Triggers: CPU usage, memory usage, request count
Distributing incoming requests across multiple servers.
- Benefits: High availability, better performance, fault tolerance
- Implementation: Azure Application Gateway, Azure Load Balancer
Globally distributed, multi-model database used for the control-plane in this repo.
- Benefits: Low latency, elastic scale, multi-region replication
- Docs: Cosmos DB for NoSQL overview ↗
Global layer 7 entry point for HTTP(S) with CDN, WAF, and path-based routing.
- Use Cases: Global routing across GEOs/regions; edge caching; WAF at the edge
- Docs: Azure Front Door overview
Regional layer 7 load balancer with WAF and policy-based routing.
- Use Cases: In-region traffic, mTLS, header rewrites, per-stamp routing
- Docs: Application Gateway overview
Service endpoints mapped into your VNET with private DNS for name resolution.
- Use Cases: Private connectivity to PaaS (Cosmos, Key Vault, etc.)
- Docs: Private Link overview · Private DNS zones
The unit of scalability and distribution; holds JSON items with a partition key.
- Design: Model by access patterns; avoid cross-partition hot keys
- Docs: Data modeling best practices
Attribute used to distribute items across logical partitions.
- In This Repo: /tenantId, /cellId, or /type based on entity
- Docs: Partitioning overview
Automatic expiration for items after a configured duration.
- Use Case: Operations/logs lifecycle management
- Docs: TTL in Azure Cosmos DB
Indexes on multiple properties to optimize complex queries.
- In This Repo: Used for common filters/sorts in the portal
- Docs: Composite indexes
Provisioned request units per second for predictable performance.
- Modes: Standard, Autoscale
- Docs: Set throughput on containers and databases
Managing infrastructure through machine-readable definition files.
- Tools: Bicep, ARM Templates, Terraform
- Benefits: Version control, repeatability, consistency
Azure's domain-specific language for deploying Azure resources.
- Advantage: Simpler than ARM templates, compiles to JSON
- Example: Declarative syntax for defining Azure resources
- Docs: Bicep overview
Automated practices for building, testing, and deploying code.
- CI: Automatically test code changes
- CD: Automatically deploy tested changes
- Tools: GitHub Actions, Azure DevOps
- Docs: What is DevOps?
Azure's deployment and management service.
- Function: Provides management layer for creating, updating, deleting resources
- Templates: JSON files that define infrastructure
- Docs: ARM overview
Private registry for container images and OCI artifacts.
- Use Cases: Supply chain for ACA/Functions containers; content trust, scanning
- Docs: Azure Container Registry overview
Governance and security posture management.
- Use Cases: Compliance, drift detection, secure scores, recommendations
- Docs: Azure Policy · Defender for Cloud
Event-driven autoscaling for containers and serverless workloads.
- Use Cases: Scale on queue length, HTTP RPS, CPU, custom metrics
- Docs: Scale rules in ACA (KEDA)
The ability to measure system's internal state by examining its outputs.
- Three Pillars: Logs, Metrics, Traces
- Tools: Application Insights, Log Analytics, Azure Monitor
- Docs: Azure Monitor overview
Azure's application performance monitoring service.
- Capabilities: Request tracking, dependency monitoring, exception tracking
- Integration: SDKs for various programming languages
- Docs: Application Insights overview
Azure service for collecting and analyzing log data.
- Query Language: KQL (Kusto Query Language)
- Use Cases: Troubleshooting, performance analysis, security monitoring
- Docs: Log Analytics workspace
- SLA: Service Level Agreement (what you promise customers)
- SLO: Service Level Objective (what you aim to achieve)
- SLI: Service Level Indicator (what you actually measure)
Enterprise messaging with queues and topics (pub/sub).
- Use Cases: Decoupling services, retry/poison handling, FIFO with sessions
- Docs: Service Bus overview
Simple queueing service built on Azure Storage.
- Use Cases: Lightweight background processing; cost-effective queues
- Docs: Storage Queues introduction
Complete cost of owning and operating a solution over its lifetime.
- Includes: Infrastructure, operations, maintenance, support
- Optimization: Right-sizing, reserved instances, automation
Pre-purchased compute capacity for significant discounts.
- Discount: Up to 72% compared to pay-as-you-go pricing
- Terms: 1-year or 3-year commitments
Practices to reduce expenses while maintaining performance and functionality.
- Strategies: Auto-scaling, reserved instances, right-sizing, lifecycle management
Microsoft's guidance for cloud adoption journey.
- Areas: Strategy, Plan, Ready, Adopt, Govern, Manage
See also: CAF/WAF Compliance Analysis
Related: To implement CAF-aligned platform landing zones, see the Azure Landing Zones Guide.
Azure's framework for building reliable, secure, efficient applications.
- Pillars: Reliability, Security, Cost Optimization, Operational Excellence, Performance Efficiency
- Assessment: Regular reviews to identify improvements
See also: CAF/WAF Compliance Analysis
Related: Pair WAF reviews with enterprise landing zones for durable enforcement. Start with the Azure Landing Zones Guide.
Compliance standards for data protection and security.
- GDPR: EU data protection regulation
- HIPAA: US healthcare data protection
- SOC 2: Security, availability, processing integrity standards
- Business Users: Read README.md for overview and business value
- Architects: Start with ARCHITECTURE_GUIDE.md for technical details
- Developers: Begin with DEPLOYMENT_GUIDE.md for hands-on implementation
- Operations: Focus on OPERATIONS_GUIDE.md and KNOWN_ISSUES.md
Overview → Architecture → Deployment → Security → Operations → Troubleshooting
↓ ↓ ↓ ↓ ↓ ↓
README → ARCHITECTURE → DEPLOYMENT → SECURITY → OPERATIONS → KNOWN_ISSUES
- General Questions: Start with DOCS.md sitemap
- Technical Issues: Check KNOWN_ISSUES.md troubleshooting guide
- Architecture Understanding: Review ARCHITECTURE_GUIDE.md
📝 Document Version Information
- Version: 1.6.4
- Last Updated: 2025-09-08 11:45:17 UTC
- Status: Current
- Next Review: 2025-12