AWS Elastic Compute Cloud (EC2) VS Azure Virtual Machines VS GCP Compute Engine
In the last blog post, we have discussed and compared different object storage options in AWS, Azure, and GCP.
In this blog post, we will discuss compute (IAAS) options in AWS, Azure, and GCP. More specifically we will compare AWS Elastic Compute Cloud (EC2) VS Azure Virtual Machines VS GCP Compute Engine.
AWS Elastic Compute Cloud (EC2) VS Azure Virtual Machines VS GCP Compute Engine:
|Feature||AWS Elastic Compute Cloud (EC2)||Azure Virtual Machines||GCP Compute Engine|
|Definition||Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) Cloud.||Azure Virtual Machines is the Azure infrastructure as a service (IaaS) used to deploy persistent VMs with nearly any VM server workload that you want.||Compute Engine is a computing and hosting service that lets you create and run virtual machines on Google infrastructure.|
|Instance Type||General purpose instances: (Mac,T4g,T3,T3a,T2,M6g,M5,M5a,M5n,M5zn,M4,A1)
General purpose instances provide a balance of compute, memory, and networking resources.
|General purpose: (B, Dsv3, Dv3, Dasv4, Dav4, DSv2, Dv2, Av2, DC, DCv2, Dv4, Dsv4, Ddv4, Ddsv4)
Balanced CPU-to-memory ratio. Ideal for testing and development, small to medium databases, and low to medium traffic web servers
|General purpose: (E2, N2, N2D, N1)
General-purpose machine types offer the best price-performance ratio for a variety of workloads
|Compute optimized instances: (C6g,C6gn,C5,C5a,C5n,C4)
Compute optimized instances are ideal for compute-bound applications that benefit from high-performance processors and includes c series instances.
|Compute optimized: (F, Fs, Fsv2)
High CPU-to-memory ratio. Good for medium traffic web servers, network appliances, batch processes, and application servers
|Compute optimized: (C2)
Compute-optimized machine types offer the highest performance per core on Compute Engine and are optimized for compute-intensive workloads
|Memory optimized instances: (R6g,R5,R5a,R5b,R5n,R4,X2gd,X1e,X1,z1d,high-memory)
Memory optimized instances are designed to deliver fast performance for workloads that process large data sets in memory and includes r series instances.
|Memory optimized: (Esv3, Ev3, Easv4, Eav4, Ev4, Esv4, Edv4, Edsv4, Mv2, M, DSv2, Dv2)
High memory-to-CPU ratio. Great for relational database servers, medium to large caches, and in-memory analytics
|Memory optimized: (M1,M2)
Memory-optimized machine types are ideal for memory-intensive workloads because they offer more memory per core than other machine types, with up to 12 TB of memory
|Storage optimized instances: (I3,I3en,D2,D3,D3en,H1)
Storage optimized instances are designed for workloads that require high, sequential read and write access to very large data sets on local storage and includes d,h, and i series instances.
|Storage optimized: (Lsv2)
High disk throughput and IO ideal for Big Data, SQL, NoSQL databases, data warehousing and large transactional databases
|Accelerated Computing: (P4,P3,P2,Inf1,G4ad,G3,F1)
Accelerated computing instances use hardware accelerators, or co-processors, to perform functions, such as floating point number calculations, graphics processing, or data pattern matching, more efficiently than is possible in software running on CPUs and includes p and g series instances.
|GPU: (NC, NCv2, NCv3, NCasT4_v3, ND, NDv2, NV, NVv3, NVv4)
Specialized virtual machines targeted for heavy graphic rendering and video editing, as well as model training and inferencing (ND) with deep learning
|GCP: No dedicated instance type, you can attach GCP directly to the supported compute instances|
|High Performance Computing (HPC):
No dedicated instance type, can be achived using cluster placement group, Enhanced networking with supported instance type.
|High Performance Computing (HPC): (HB, HBv2, HBv3, HC, H)
Fastest and most powerful CPU virtual machines with optional high-throughput network interfaces (RDMA)
|Accelerator Optimized: (A2)
Accelerator-optimized machine types are ideal for massively parallelized CUDA compute workloads, such as machine learning (ML) and high performance computing (HPC)
|Instance purchasing options||On-Demand Instances: Pay, by the second, for the instances that you launch.||Pay As You Go: Purchase Azure VM’s with pay-as-you-go pricing. Pay only for what you use each month, with no upfront commitment. Cancel anytime.||Pay As You Go: With Google Cloud’s pay-as-you-go pricing structure, you only pay for the services you use. No up-front fees. No termination charges.|
|Reserved Instances: Reduce your Amazon EC2 costs by making a commitment to a consistent instance configuration, including instance type and Region, for a term of 1 or 3 years.||Reserved Instances: Azure Reservations help you save money by committing to one-year or three-year plans||Reserved Instances: Create reservations for virtual machine (VM) instances in a specific zone, using custom or predefined machine types and purchase a commitment to get significant discount on your compute instances.|
|Spot Instances: Request unused EC2 instances, which can reduce your Amazon EC2 costs significantly.||Spot Virtual Machines: Azure Spot Virtual Machines allows you to take advantage of our unused capacity at a significant cost savings.||Preemptible VM: A preemptible VM is an instance that you can create and run at a much lower price than normal instances.|
|Dedicated Hosts: Pay for a physical host that is fully dedicated to running your instances, and bring your existing per-socket, per-core, or per-VM software licenses to reduce costs.||Dedicated Hosts: Azure Dedicated Host is a service that provides physical servers – able to host one or more virtual machines – dedicated to one Azure subscription.||Sole-tenant nodes: Sole-tenancy lets you have exclusive access to a sole-tenant node, which is a physical Compute Engine server that is dedicated to hosting only your project’s VMs.|
|Dedicated Instances: Pay, by the hour, for instances that run on single-tenant hardware.||NA||NA|
|Instance Image||Amazon Machine Images (AMI): AMI provides you template with OS and application pre-configured to reduce the deployment time.||Azure Images: Images provides you template with OS and application pre-configured to reduce the deployment time.||Images: Use operating system images to create boot disks for your instances.|
|Instance auto scaling||Amazon EC2 Auto Scaling:
Scale Compute Capacity to Meet Demand
|Virtual Machine Scale Sets:
Manage and scale up to thousands of Linux and Windows virtual machines
|Compute Engine Autoscaler:
Automatically add or delete VM instances from a managed instance group (MIG) based on increases or decreases in load.
|Instance template for auto scaling||Launch configuration:
A launch configuration is an instance configuration template that an Auto Scaling group uses to launch EC2 instances. When you create a launch configuration, you specify information for the instances. Include the ID of the Amazon Machine Image (AMI), the instance type, a key pair, one or more security groups, and a block device mapping.
A launch template is similar to a launch configuration with added feature like versioning and is recomended by AWS for auto scaling.
However, you can use ARM template to save the entire scale set configuration and reuse.
An instance template is a resource that you can use to create virtual machine (VM) instances and managed instance groups (MIGs). Instance templates define the machine type, boot disk image or container image, labels, and other instance properties.
|Run commands during instance launch||User data:
When you launch an instance in Amazon EC2, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts.
You may need to inject a script or other metadata into a Microsoft Azure virtual machine at provisioning time you can use custom data for same.
Compute Engine lets you create and run your own startup scripts on your virtual machine (VM) instances to perform automated tasks every time your instance boots up.
|Run commands during instance start/stop/reboot||NA||NA||Startup script:
Compute Engine lets you create and run your own startup scripts on your virtual machine (VM) instances to perform automated tasks every time your instance boots up.
Create and run shutdown scripts that execute commands right before a virtual machine (VM) instance is stopped or restarted.
|Instance monitoring & logging||System status checks: monitor the AWS systems required to use your instance to ensure that they are working properly.
Instance status checks: monitor the software and network configuration of your individual instance.
Amazon CloudWatch alarms: watch a single metric over a time period you specify, and perform one or more actions based on the value of the metric relative to a given threshold over a number of time periods.
Amazon EventBridge (CloudWatch): automate your AWS services and respond automatically to system events.
Amazon CloudWatch: You can monitor your instances using Amazon CloudWatch, which collects and processes raw data from Amazon EC2 into readable, near real-time metrics.
Amazon CloudWatch Logs: monitor, store, and access your log files from Amazon EC2 instances, AWS CloudTrail, or other sources.
CloudWatch agent: collect logs and system-level metrics from both hosts and guests on your EC2 instances and on-premises servers.
|Azure Monitor: You can use Azure Monitor to collect and analyze monitoring data from Azure virtual machines to maintain their health.
Azure Monitor platform metrics: Numerical values that are automatically collected at regular intervals and describe some aspect of a resource at a particular time.
Azure Monitor activity log: Provides insight into the operations on each Azure resource in the subscription from the outside (the management plane).
Azure Monitor Log Analytics agent: Available for virtual machines in Azure, other cloud environments, and on-premises. Collects data to Azure Monitor Logs.
Azure Monitor Dependency agent: Collects data about the processes running on the virtual machine and their dependencies.
Azure Monitor Azure Diagnostic extension: Primarily used to collect guest performance data into Azure Monitor Metrics for Windows virtual machines.
Azure Monitor Telegraf agent: Collect performance data from Linux VMs into Azure Monitor Metrics.
Azure Monitor agent (preview): The Azure Monitor agent is currently in preview and will replace the Log Analytics agent and Telegraf agent for both Windows and Linux machines.
|Cloud Monitoring: Gain visibility into the performance, availability, and health of your compute engine instance.
Cloud Monitoring Agent: The Cloud Monitoring agent is a collectd-based daemon that gathers system and application metrics from virtual machine instances and sends them to Monitoring.
Cloud Logging: Cloud Logging is part of the Google Cloud’s operations suite of products. It includes storage for logs, a user interface called the Logs Explorer, and an API to manage logs programmatically.
Cloud Logging Agent: The Logging agent sends the logs to the project associated with each VM instance.
|Instance IP Address||Private IP Address: A private IPv4 address is an IP address that’s not reachable over the Internet. You can use private IPv4 addresses for communication between instances in the same VPC. AWS private IP address space follows RFC 1918 specifications.
Public IP Address: A public IP address is an IPv4 address that’s reachable from the Internet. You can use public addresses for communication between your instances and the Internet.
Elastic IP Address: An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. An Elastic IP address is allocated to your AWS account, and is yours until you release it.
IPv6 Address: You can optionally associate an IPv6 CIDR block with your VPC, and associate IPv6 CIDR blocks with your subnets.
|Private IP addresses: Used for communication within a VNet, your on-premises network, and the Internet (with NAT). RFC 1918 is recommended for private IP address space allocation.
Public IP addresses: Used to communicate inbound and outbound (without network address translation (NAT)) with the Internet and other Azure resources not connected to a VNet.
Static IP addresses: Assign a static public IP address, rather than a dynamic address, to ensure that the address never changes.
IPv6 Address: IPv6 for Azure Virtual Network (VNet) enables you to host applications in Azure with IPv6 and IPv4 connectivity both within a virtual network and to and from the Internet.
|Primary internal IP addresses: Every VM instance can have one primary internal IP address that is unique to the VPC network. Follows RFC 1918 and other specifications.
External IP addresses: You can assign an external IP address to an instance or a forwarding rule if you need to communicate with the internet, with resources in another network, or with a resource outside of Compute Engine.
Static external IP addresses: these addresses are assigned to a project long term until they are explicitly released from that assignment, and they remain attached to a resource until they are explicitly detached.
IPv6 Address: NA for compute engine.
|Instance DNS (private/public) resolution||Yes||Yes||Yes|
|Instance Network Interface Card (NIC)||Elatic Network Interface: An elastic network interface is a logical networking component in a VPC that represents a virtual network card.||Network Interface: A network interface enables an Azure Virtual Machine to communicate with internet, Azure, and on-premises resources.||Google Virtual NIC (gVNIC): Google Virtual NIC (gVNIC) is a virtual network interface designed specifically for Compute Engine.|
|Multiple NIC support||Yes||Yes||Yes|
|Multiple IP support||Yes||Yes||Yes|
|Enhanced Networking||Enhance Networking: Enhanced networking uses single root I/O virtualization (SR-IOV) to provide high-performance networking capabilities on supported instance types. SR-IOV is a method of device virtualization that provides higher I/O performance and lower CPU utilization when compared to traditional virtualized network interfaces.||Accelerated networking: Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its networking performance. This high-performance path bypasses the host from the datapath, reducing latency, jitter, and CPU utilization, for use with the most demanding network workloads on supported VM types.||NA|
|VPC||Amazon Virtual Private Cloud (VPC): Lets you launch AWS resources in a logically isolated virtual network that you define.||Virtual Network (Vnet): Provision private networks, optionally connect to on-premises datacenters||Virtual Private Cloud (VPC): Scale and control how workloads connect regionally and globally.|
|Subnet||Subnet: A subnet is a range of IP addresses in your VPC. A VPC spans all of the Availability Zones in the Region. In AWS the scope of a subnet is Availability Zones||Subnets: Subnets enable you to segment the virtual network into one or more sub-networks and allocate a portion of the virtual network’s address space to each subnet. In Azure the scope of a subnet is region||Subnet: Each VPC network consists of one or more useful IP range partitions called subnets. Each subnet is associated with a region.|
|Route Table||Route Table: A route table contains a set of rules, called routes, that are used to determine where network traffic from your subnet or gateway is directed. When you create a VPC, a default route table is autometically created. You can also add a custom route table.||Route table: Azure routes traffic between subnets, connected virtual networks, on-premises networks, and the Internet, by default. You can create custom route tables with routes that control where traffic is routed to for each subnet.||Routes: Google Cloud routes define the paths that network traffic takes from a virtual machine (VM) instance to other destinations. When you create a VPC, GCP autometically creates the default route. You can also create a custom route.|
|Outbound only Internet Access||NAT Gateway: Enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances.||Virtual Network NAT: Virtual Network NAT (network address translation) provides outbound NAT translations for internet connectivity for virtual networks.||Cloud NAT: Provision application instances without public IP addresses while allowing them to access the internet.|
|Inbound/Outbound Internet Access||For internet access you need to host the EC2 in a public subnet having Internet gateway and routes to internet gateway and public IP address||All resources (including VM) in a VNet can communicate outbound to the internet, by default. You can communicate inbound to a resource by assigning a public IP address to the VM||For internet access you need to add a route to default intrenet gateway (next-hop-gateway) and assign a public IP address to your compute instance|
|Firewall||Security Group: A security group acts as a virtual firewall for your instance to control inbound and outbound traffic.
Network ACLs: A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets.
|Network security groups: You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network.
Application security groups: Application security groups enable you to configure network security as a natural extension of an application’s structure, allowing you to group virtual machines and define network security policies based on those groups.
|Firewall Rules: VPC firewall rules let you allow or deny connections to or from your virtual machine (VM) instances based on a configuration that you specify.|
|Access to other cloud services||EC2 Instance Profile: Amazon EC2 uses an instance profile as a container for an IAM role. When you create an IAM role using the IAM console, the console creates an instance profile automatically and gives it the same name as the role to which it corresponds.||Azure managed identities: Managed identities provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication. Applications may use the managed identity to obtain Azure AD tokens.||Service Account: Applications running on the VM use the service account to call Google Cloud APIs. Use Permissions on the console menu to create a service account or use the default service account if available.|
|Linux Instance SSH access||Key Pair: A key pair, consisting of a private key and a public key, is a set of security credentials that you use to prove your identity when connecting to an instance.||SSH key pair: With a secure shell (SSH) key pair, you can create virtual machines (VMs) in Azure that use SSH keys for authentication.||SSH-Keys: You can upload the public key while creating your compute instance using API or console. GCP does not keep your private key.|
|Windows Access:||For windows you can create a username and password to RDP the instance||For windows you can create a username and password to RDP the instance||For windows you can create a username and password to RDP the instance|
|Password/SSH less access||Using AWS SSM Session Manager||NA||NA|
|Instance OS Patching||AWS Systems Manager Patch Manager: You can use AWS Systems Manager Patch Manager to automate the process of installing security-related updates for both the operating system and applications.||Automatic VM guest patching: Enabling automatic VM guest patching for your Azure VMs helps ease update management by safely and automatically patching virtual machines to maintain security compliance.
Azure update management: You can use Update Management in Azure Automation to manage operating system updates for your Windows and Linux virtual machines in Azure, in on-premises environments, and in other cloud environments.
|VM Manager OS Patch Management: \Use OS patch management to apply operating system patches across a set of Compute Engine VM instances (VMs). Long running VMs require periodic system updates to protect against defects and vulnerabilities.|
|Instance Storage||Elastic Block Store (EBS): Amazon Elastic Block Store (Amazon EBS) provides block level storage volumes for use with EC2 instances. EBS volumes behave like raw, unformatted block devices. You can mount these volumes as devices on your instances.
EC2 Instance Store: An instance store provides temporary block-level storage for your instance. This storage is located on disks that are physically attached to the host computer.
Elastic File System (EFS): Amazon EFS provides scalable file storage for use with Amazon EC2. You can use an EFS file system as a common data source for workloads and applications running on multiple instances.
FSx: Amazon FSx for Windows File Server provides fully managed Windows file servers, backed by a fully–native Windows file system with the features, performance, and compatibility to easily lift and shift enterprise applications to AWS.
|Azure Managed Disk: Azure managed disks are block-level storage volumes that are managed by Azure and used with Azure Virtual Machines. Managed disks are like a physical disk in an on-premises server but, virtualized.
Ephemeral OS disks: Ephemeral OS disks are created on the local virtual machine (VM) storage and serve as a temporary storage for your Azure VM’s.
Azure Managed Shared Disk: Azure shared disks is a new feature for Azure managed disks that allows you to attach a managed disk to multiple virtual machines (VMs) simultaneously.
Azure Files: Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol or Network File System (NFS) protocol. Azure file shares can be mounted concurrently by cloud or on-premises deployments.
|Persistent Disks: Persistent disks are durable network storage devices that your instances can access like physical disks in a desktop or a server.
Local SSD: Local SSDs are physically attached to the server that hosts your VM instance. Local SSDs have higher throughput and lower latency than standard persistent disks or SSD persistent disks. The data that you store on a local SSD persists only until the instance is stopped or deleted.
Cloud Filestore: High-performance, fully managed file storage for your compute engine instances.
|Instance Termination Protection||Termination Protection: By default, you can terminate your instance using the Amazon EC2 console, command line interface, or API. To prevent your instance from being accidentally terminated using Amazon EC2, you can enable termination protection for the instance.||CanNotDelete Lock: As an administrator, you can lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources.||Delete protection: By setting the deletionProtection flag, a VM instance can be protected from accidental deletion. If a user attempts to delete a VM instance for which you have set the deletionProtection flag, the request fails.|
Note: I have tried to compare the services to the best of my knowledge and ability. Hence, I would encourage a peer review from my cloud community. If you think any comparison is factually not correct or any feature may be included in this list. Feel free to comment with a reference and I will update this blog accordingly.