All Products
Document Center


Last Updated: Jun 12, 2018

Alibaba Cloud for Azure Professionals


This article discusses the main differences and similarities between Azure and Alibaba Cloud of storage & Content Delivery Network (CDN) services. It covers the following products:

Feature Azure Alibaba Cloud
Object storage Blob Storage Object Storage Service(OSS)
Content Delivery Network Azure CDN Alibaba Cloud CDN
File Storage Azure Files Network Attached Storage (NAS)
NoSQL Database CosmosDB Table Store

1. Object storage

This section compares Azure Blob Storage and the distributed Object Storage Service (OSS) of Alibaba Cloud.

Object storage is a type of data storage where data are managed as objects, instead of blocks or files. Typically, object storage is used to store large files that are dominated by read operations. Similar to Azure Blob Storage, Alibaba Cloud OSS boasts high reliability, cost effectiveness, and scalability. OSS is designed for 11 9s of data reliability and guarantees 99,9 % of availability per month. Each object is replicated three times across three different physical machines. Users can request data of any amount, regardless of time or location.

To distinguish between scenarios requiring different data access frequencies, Alibaba Cloud OSS categorizes storage types into Standard, Infrequent Access, and Archive, which are equally reliable but have different availability, shortest storage time, and storage overhead. For details, see Introduction to Storage Types. Azure provides similar storage types which are called Hot, Cool, and Archive, respectively.

1.1 Service models

The following table compares the basic functions and terminologies of Azure Blob Storage vs Alibaba Cloud OSS:

Function Feature Azure Blob Storage Alibaba Cloud OSS
Object Storage Azure Blob Storage Alibaba Cloud OSS
Deployment Unit Account Bucket
Account / Bucket ACL Supported Supported
Max Account / Bucket Quantity 200 30
Version Control Not natively supported (Snapshots only) Not supported
Object identifier Key Key
Object Metadata Metadata Object meta
Object Version Control Not natively supported (Snapshots only) Not supported
Object Lifecycle Management Supported Supported
Storage type Hot, Cool, Archive Standard, Infrequent Access, Archive
Replication Options LRS, ZRS, GRS, RA-GRS Cross-Region Replication
Deployment Location Region Region

1.2 Storage Space & Object

1.2.1 Storage Space (Account)

Similar to an Azure Blob Storage Account from a conceptual perspective, Alibaba Cloud OSS uses so-called buckets to store data. As the place where data is stored, a bucket is configured with a region, access permission, and lifecycle to meet user requirements. An Azure Blob Storage account must be named in accordance with the DNS standard. Similarly, a bucket of Alibaba Cloud OSS must be named in line with certain standards. Account names of Azure Blob Storage and bucket names of Alibaba Cloud OSS must be globally unique, and they should not be nested.

By setting a bucket ACL, Alibaba Cloud OSS authenticates a user to see whether the user has access permission for a bucket, thereby implementing access control by storage space levels.Buckets of Alibaba Cloud OSS do not currently support version control. Azure Blob Storage provides the possibility to create snapshots of individual blobs. Snapshot dates (which are used in combination with the blob name as id) need to be managed and stored by the user, though, meaning that no native versioning feature is available but must be implemented on your own by using snapshots. Alibaba Cloud OSS will support a native versioning feature soon, please stay tuned for more information.

1.2.2 Object

Similar to Azure Blob Storage, Alibaba Cloud OSS stores file data in buckets (comparable to accounts in Azure). The file data is composed of a Key-Value and Object Meta pair. The Key is unique within a bucket, the Value stores object content, and the Object Meta is a pair of key values which describe object properties, including last modification time, size, and custom information.

Alibaba Cloud OSS does not place a limit on the quantity and total size of objects in a bucket. In Azure Blob Storage there can be at most 500TB per account with a single blob at most 4.75TB in size. For large files, Alibaba Cloud OSS supports segment-by-segment uploading. The max file size cannot exceed 48.8 TB. The single object upload limit for OSS is 5GB. For Azure Blob Storage it is 256MB.

1.3 Security

1.3.1 Object Permission Management

Alibaba Cloud OSS and Azure Storage use different methods to manage object permissions. Azure offers two authentication methods, namely Shared Key Authentication and Shared Access Signatures (SAS). The latter one is recommended for providing temporary access to resources without exposing the master keys. Note that Shared Access Keys and SAS, respectively, are not integrated with Azure’s Role-based Access Control which is comparable to Alibaba’s Resource Access Management.

Each Alibaba Cloud OSS object can be configured with read and write permissions for the root account or any sub-account. By default, access permissions inherit bucket ACL properties. Users can set an ACL to Private-Read-Write, Public-Read, or Public-Read-Write. You are strongly discouraged from using the Public-Read-Write permission and should use it cautiously.

In addition, in combination with Alibaba Cloud Security Token Service (STS), OSS can employ the temporary security credentials of STS to implement object access, without exposing the account AccessKey, thereby achieving highly secure access control.

1.3.2 Data Security Management

Alibaba Cloud OSS provides similar data encryption functions as Azure Blob Storage to protect data during transmission and storage. Users can protect data in transmission by encrypting it through a client.

Alibaba Cloud OSS uses AES256 algorithms to implement data encryption on a server. After data is uploaded to OSS, the server encrypts the data and stores it on OSS. If an authorized user downloads the data, OSS decrypts the data and returns original data to the user.

Event notification

Both Alibaba Cloud OSS and Azure Blob Storage provide event notification functions. On Azure, Blob Storage is currently integrated with Azure Functions and Azure EventGrid which allows to configure routing rules from Blob storage to other services on the platform.

To enable users to receive notifications in case of an event in the storage space, Alibaba Cloud OSS allows users to create event notification rules. Based on these rules, a message will be sent to a target after the corresponding event.OSS allows an event message to be sent to a specified URL over HTTP or a topic of Alibaba Cloud Message Service. Users can obtain event messages after subscribing to the topic.

1.4 OSS image processing service (Image service)

Alibaba Cloud OSS provides easy-to-use image processing functions for image files. After a user uploads images to OSS, the user can process the images through the RESTful API, for example, converting the image format, zooming, cropping, rotating, or adding watermarks. This is currently not natively supported by Azure Blob Storage.The following table compares the features and terminologies of the object function between Azure Blob Storage and Alibaba Cloud OSS:

Function Feature Azure Storage Alibaba Cloud OSS
Storage object Object Object
Object ACL Supported Supported
Max object size 4.75TB 48.8T
Data reliability Depending on redundancy level: between 11 9s and 16 9s 99.99999999%(11s 9)
Object metadata Metadata Object meta
Object lifecycle management Not Supported Supported
Object version control Not natively supported (only snapshots) Not Supported
Update event notification upported (GRS and RA-GRS redundancy level, to paired region only) Supported
Cross-region Replication upported (GRS and RA-GRS redundancy level, to paired region only) Supported
Object append write Supported by AppendBlobs Supported
Concurrent or segment upload Supported Supported
Request protocol HTTP/HTTPS HTTP/HTTPS
Image processing function Not Supported Supported

1.5 Service level agreement (SLA)

Both Azure Storage and Alibaba Cloud OSS provide service availability guarantees. For KPIs that do not reach the guarantee standard, the cloud providers will provide compensation according to the time the service is unavailable. For details about the Alibaba Cloud OSS SLA, see Alibaba Cloud OSS Service Level Agreement.

1.6 Pricing

At Azure Blob Storage users only pay for the resources they have consumed. The pricing is dependent on the storage usage by storage type and size, redundancy level, request type and quantity, storage management fees, and outbound internet traffic. Like Azure Blob Storage, Object Storage Service (OSS) fees are calculated based on the total volume of storage used, the amount of data transferred, OSS Pricing.

2. Content delivery Network

Content delivery network refers to the network of edge or proxy servers, which cache data in order to accelerate access to certain files. Azure CDN and Alibaba Cloud CDN are two global content delivery network (CDN) vendors that provide network of Edge Locations and Edge Nodes distributed globally.Note that Azure CDN currently consists of four different product offerings which differ in price and features: Azure CDN Standard from Akamai, Verizon, or Microsoft (Preview), and Azure CDN Premium from Verizon. Premium from Verizon currently offers the most features, so in our comparison we will always refer to this offering unless otherwise noted.This section compares the Azure CDN and Alibaba Cloud CDN across different dimensions.

2.1 Service model

Similar to Azure CDN, Alibaba Cloud CDN publishes source content to an edge node over a transmission network that is composed of edge nodes deployed globally. In combination with a precise scheduling system, the CDN improves users’ web request speed.

2.2 Basic functions

The following table compares the basic features and terminologies of content delivery network between Azure CDN and Alibaba Cloud CDN:

Function Feature Azure CDN Alibaba Cloud CDN
Source Station Type Storage Account, Azure Cloud Service, Azure WebApp, custom domain name OSS domain name, custom domain name, and IP address
Automatic Compression Supported Supported
Cache Request Type GET GET
Transparently Transmitted Request Type The following requests are supported but not configurable: GET, POST, HEAD, PUT, DELETE, OPTIONS, PATCH The following requests are supported but not configurable: GET, POST, HEAD, PUT, DELETE, OPTIONS
Cache Refresh supported supported
Cache Failure Not supported Not supported
HTTP Jump to HTTPS Supported (Verizon Premium only) Supported
CDN Cache TTL Configuration Supported Supported
Access Log Access to core reports through supplemental Verizon portal but no access to raw logs Console
Geographic Location Limit Supported Not Supported

2.2.1 Source station type

Alibaba Cloud CDN can be configured with an origin site, including OSS domain name, custom origin domain name, and IP address.

2.2.2 Data compression

To reduce transmission content and accelerate delivery speed, both Alibaba Cloud CDN and Azure CDN provide the data compression function.

2.2.3 Cache request type

Azure CDN and Alibaba Cloud CDN caches GET requests and transmits POST/HEAD/PUT/DELETE/OPTIONS requests to the origin site transparently.

2.2.4 Cache refresh

In certain scenarios, for example, origin site updates or static content modifications, users may need to refresh the CDN cache manually. Alibaba Cloud CDN allows users to pull the latest content from the origin site manually to refresh the CDN content. Alibaba Cloud CDN supports URL refresh, directory refresh, and URL push. Azure CDN supports purging content based on a content path and allows to pre-load / URL push cached assets.

2.2.5 Cache invalidation

In certain scenarios, users may need to remove CDN cache content in advance. On Azure CDN, users either purge old content from the CDN or access objects based on a file name that carries a version of the objects using the object version management function. This is realized by using “Cache every unique URL” mode in combination with custom query parameters. Alibaba Cloud CDN does not currently support forcibly configuring cache invalidation.

2.2.6 Access log

Azure CDN does not provide access to the raw logs. It provides access to core reports through supplemental Verizon portal which can be manually downloaded.Alibaba Cloud CDN provides log download/combination tools. Alibaba Cloud CDN implements log download on the console.

2.2.7 Geographic location restriction

To specify the regions where content is delivered, Azure CDN allows users to geo-filter content-based country codes. Alibaba Cloud CDN does not support this function.

2.3 Security

The following table compares the security functions and terminologies of content delivery network between Azure CDN and Alibaba Cloud CDN:

Function Feature Azure CDN Alibaba Cloud CDN
Full Link HTTPS Supported Supported
Integrated Certificate Management Yes, through SAN certificate only. Supported
Access Authentication Supported Supported
Sub-account Access Control / RBAC Integration Supported Supported
WAF Security Defense Supported through Application Gateway + WAF Supported

2.3.1 Https

Similar to Azure CDN, Alibaba Cloud CDN supports full link HTTPS speedup. Alibaba Cloud users can select a certificate using the certificate service or upload a custom certificate/private key and query and update the certificate in online mode.

With Azure CDN, customers can only use SAN certificates published by DigiCert and cannot bring their own certificates yet. Own certificates are currently only supported by Azure CDN Verizon Premium.

The two cloud providers support redirect HTTP to HTTPS. Alibaba Cloud CDN supports HTTP and HTTPS, redirect HTTP to HTTPS, and redirect to HTTP or HTTPS.

Alibaba Cloud CDN does not currently support SNI back-to-source.

2.3.2 Access authentication

Azure CDN and Alibaba Cloud CDN support access authentication for private content. Azure uses a token-based approach, while Alibaba Cloud CDN uses signature URLs through which a user initiates a request to the CDN. Upon receiving the request, the CDN node checks the request for its validity and rejects invalid requests.

2.3.3 Sub-account access control

Similar to Azure RBAC, Alibaba Cloud CDN authorizes sub-accounts with a policy to access CDN resources based on the Resource Access Management (RAM) service, thereby limiting or authorizing permissions on the CDN resources.

2.3.4 WAF security defense

Alibaba Cloud CDN can combine with WAF to implement security defence. Similar to that, Azure CDN can be combined with Application Gateway and its add-on WAF.

2.4 Streaming media

Alibaba Cloud CDN supports live streaming, on-demand, RTMP video scenarios, and provides video transcoding, slicing, and playback functions.

The following table compares the streaming media functions of Azure CDN and Alibaba Cloud CDN:

Function Feature Azure CDN Alibaba Cloud CDN
Live Streaming Not supported (only through Azure Media Service) Supported
On-demand Videos Supported Supported
Video Transcoding Not supported (only through Azure Media Service) Supported
Format HLS, HDS, DASH, Smooth HLS, RTMP

2.5 Pricing

Azure CDN bills outgoing (internet / region) data transfer in a tiered pay-as-you-go pricing model (the more you consume the cheaper). The exact fees depend on the CDN tier (standard vs premium), optional separate acceleration data transfers, and the node location from where the transfers are served, not the end user’s location.

The pricing of Alibaba Cloud CDN is comprised of data transfer traffic and HTTPS requests for secure acceleration. There are two billing methods for data transfer fees: Pay-By-Bandwidth and Pay-By-Traffic. You can also subscribe to one or more Traffic Packages for a year.

For the duration of the resource package, fees are deducted for your use of the traffic quota. For traffic exceeding the quota, fees are billed based on the traffic usage.

3. File storage

Azure and Alibaba Cloud both provide file storage services. In this section we are going to compare and contrast Azure Files with Alibaba Cloud Network Attached Storage (NAS).

3.1 Service model

Azure Files is accessed by Azure Virtual Machines running inside a VNET through SMB only. It allows users to create and configure file systems. You can mount an Azure Files file system on Azure virtual machines through a standard file system interface and file system access semantic.

Like Azure Files, you can access the Alibaba Cloud NAS file system through standard POSIX interfaces when using Alibaba Cloud ECS instances or other nodes such as HPC or Docker.

Function Feature Azure Files Alibaba Cloud NAS
Access Point Mount target Mount Point
Storage Capacity 5TB per share, 500TB per storage account 10 PB (Capacity-type),1 PB (Performance-type)*
Scale Up/Down Supported (size only) Supported
Performance No different performance tiers Supported
Cross Instance Access Supported Supported
Multiple Client Access Supported Supported
Access Control Supported Supported
Protocol > SMB2.0 NFSv3, NFSv4, >SMB2.0*
Compute Node Virtual Machines, AKS Node ECS, HPC, Docker

3.2 Performance

Azure Files does not offer different performance tiers but provides static performance metrics. Per Azure Files share there is hard limit at 1000 IOPS and 60MB/s throughput independent from the size of the share. The share size can seamlessly be scaled up or down in increments of 1GB.

Alibaba Cloud NAS also offers two performance modes: capacity-type and performance-type. Each model offers different performance and storage capability.

Total throughput for each performance-type file system (MB/s) = minimum [0.6MB/s * capacity of file system (GB) + 600MB/s, 20GB/s]

Total throughput for each capacity-type file system (MB/s) = minimum [0.15MB/s * capacity of file system (GB) + 150MB/s, 10GB/s]

The upper limit of the storage capacity of an SSD performance-type file system is 1 petabyte, and that of a capacity-type file system is 10 petabytes.

Performance Azure Files Alibaba Cloud NAS
Latency Millisecond level Millisecond level
Total throughput for Each File System 60MB/s 10 GB/s (Capacity-type),20 GB/s(Performance-type)
Concurrent Clients per File System 2000 10,000+

3.3 Security

Azure Files employs the same authentication concept as Azure Blob Storage, meaning it relies on Shared Access Keys, and Shared Access Signatures only. Currently, there is no integration with Azure Active Directory or RBAC.

Alibaba Cloud NAS provides multiple security mechanisms including support for network isolation (VPC) and user isolation (classic network), file system standard access and group permissions control, and RAM master account and sub-account authorization. These features are implemented to ensure complete data security in the file system.

3.4 Migration

Azure Files provides Azure File Sync which is a multi-master sync solution that replicates and caches data between Azure File shares and on-premises Windows servers. Users need to download and deploy a File Sync agent into the source environment, configure the source and destination file systems, and start the sync.

Alibaba Cloud NAS also provides migration tool named nasimport. It supports migration to Alibaba Cloud NAS from a wide variety of source storage including:

  • Local data centers
  • Alibaba Cloud OSS
  • Third-party storage services (Amazon S3, Baidu Object Storage, Tencent Cloud COS, Jinshan Object Storage, UPYUN, Qiniu, and HTTP links)

Learn more about Nasimport Tools.

3.5 Pricing

With Azure Files, you pay only for the storage used by your file system and not the quota set. In addition, you are charged for both REST and SMB operations. These prices vary based on the redundancy option (LRS, ZRS, GRS) you select. You don’t need to provision storage in advance and there is no minimum fee or setup cost.

Like Azure Files, Alibaba Cloud NAS fees are calculated based on the total volume of storage used per month. There is no minimum fee and there are no set-up charges. There are also no charges for bandwidth or requests. Furthermore, NAS provides a storage plan for users who want to create a NAS file system. By purchasing a storage plan ahead of time, you realize significant cost savings compared to Pay-As-You-Go storage fee per GB.Learn more about Alibaba Cloud NAS pricing.

4. Nosql database

Azure CosmosDB Table and Alibaba Cloud Table Store are two similar fully managed cloud NoSQL database services. With cloud-based NoSQL database service, users do not have to care about hardware provisioning, setup and configuration, replication, partitioning, software patching, and cluster scaling.

4.1 Service model

Azure CosmosDB is a fully managed NoSQL database service whose service-side latencies are typically within a single-digit millisecond which is also covered by the SLA. Azure CosmosDB storage is constrained by disk space or by a hard limit on the maximum number of indexes, document, or other high-level resources, whichever comes first. From a storage perspective there can be at most 12 partitions each 200GB, that is in total 2.4TB per database. It automatically partitions (based on your partition key) and replicates data based on so-called request units (RUs) that you manually choose. Request units measure Azure CosmosDB throughput per second, and request unit consumption varies by operation.It supports different APIs including, MongoDB, Cassandra, Gremlin, and proprietary Table and Document.

Similarly, Alibaba Cloud Table Store is a fully managed NoSQL database service based on automatic data partitioning and load balancing technologies. Based on SSD technology, this cloud NoSQL database service enables you to store large quantities of structured and semi-structured data with real-time access. Table Store also features strong consistency and single-digit millisecond latency. You can query Table Store by RESTful API, web-based Management Console, or SDKs.

Function Feature Azure CosmosDB Table Alibaba Cloud Table Store
Latency Single-digit milliseconds (backed by SLA) Single-digit milliseconds
Scale Limited by space and/or number of indexes Any
Storage Medium SSD SSD
Data Partition Supported Supported
Data structure Key/Value, Document, Graph Structured and semi-structured
Access method SDKs, Portal, REST API RESTful API and SDKs

4.2 Data model

A table is a collection of data in Azure CosmosDB Table. Each table contains multiple entities. An entity is a group of properties and can have its own distinct attributes. All of the attributes are scalar, which means that they can have only one value.In order to determine the partition for each entity, you must specify the primary key in each table. A primary key can be either a partition key or a partition key & row key. In Azure CosmosDB Table every key is indexed by default at no additional cost.

Similar to Azure CosmosDB Table, the data model of Alibaba Cloud Table Store is described by Table, Row, Primary Key, and Attribute. A table is a set of rows, and a row consists of the Primary Key and Attribute. The Primary Key and Attribute consist of names and values.A table must define at least a Primary Key and the first primary key will be the partition key. Each Attribute column can contain multiple versions, and each version (that is, the timestamp) corresponds to a value, which is different from that of a Primary Key column.

Throughput is defined as reserved read/write throughput units. It reserves the necessary capacity to meet the specified throughput requirements.

4.2.1 Version control

Unlike Azure CosmosDB, Alibaba Cloud Table Store provides version management for each attribute columns. The version is a timestamp defined by the number of milliseconds that have elapsed since 01/01/1970 00:00:00 UTC. When you read from each row, you can specify the maximum number of versions per attribute column, or the version range. The earlier versions will be discarded when the number of version exceeds the value of Max Versions.

4.2.2 Time to live (TTL)

Similar to Azure CosmosDB, Alibaba Cloud offers TTL attribute which provide a mechanism to set a specific timestamp for expiring items from your table. Table Store clears any data asynchronously that exceeds the TTL.The following table compares the data model of each service:

Data Model AAzure CosmosDB Table Alibaba Cloud Table Store
Schema Schema-less Schema-less
Data Unit Table Table
Data Record Entity Row
Unique Identifier PartitionKey + RowKey Primary Key
Primary Key Type String, Int64, Int32, Guid, Double, DateTime, Binary String, integer, or binary
Secondary Indexes Auto-Indexing Not Supported
Nested Attribute Supported Not Supported
Versioning Not Supported Supported
TTL Supported Supported

4.3 Performance

With Azure CosmosDB you specify the throughput capacity in terms of so-called request units (RUs) when creating a table. When a request gets rate-limited, the server pre-emptively ends the request with RequestRateTooLargeException (HTTP status code 429) and returns the x-ms-retry-after-ms header indicating the amount of time, in milliseconds, that the user must wait before retrying the request.

Azure CosmosDB provides two options for specifying request units: on a second level and, in addition, on a minute level, to smoothen out sudden spikes.

Similar to Azure CosmosDB, the read/write throughput of Alibaba Cloud Table Store is measured by read/write capacity units (CUs). Table Store provides two options for managing throughput:

  • Reserved throughput: Set the reserved read/write throughput to a value greater than 0, and Table Store will assign and reserve enough resources for the table according to this configuration to guarantee low resource costs.

  • Additional throughput: If the actual consumed read/write throughput exceed the reserved read/write throughput, Table Store will give an additional throughput automatically to meet user’s requests.

Performance Azure CosmosDB Table Alibaba Cloud Table Store
Read Capacity Units(per second) Depends on consistency level and operation. For session consistency:1KB / RU 4 KB/item
Write Capacity Units(per second) Depends on consistency level and operation. For session consistency:1KB / 5 RU 4 KB/item

4.4 Security

Azure CosmosDB provides two authentication schemas. One uses hash-based message authentication code (HMAC) for authorization by using shared keys.

The other one integrates with Azure Active Directory and RBAC for fine-grained access control for users within your organization. You can assign unique security credentials to each user and control each user’s access to services and resources.

Alibaba Cloud Table Store also offers user-level data isolation, access control and permission management. With Resource Access Management (RAM) and Security Token Service (STS), Table Store enable users to access the tables through subaccounts with different permissions and grant users temporary access authorization.

4.5 Backup and restore

Azure CosmosDB automates the backup process. Automated backups are taken approximately every four hours and the latest 2 backups are stored at all times. Backups are per default geo-redundantly (GRS) stored on Azure Blob Storage in the region of the current write database region (and hence also its paired region). If the data is accidentally dropped or corrupted, Azure support must be contacted within 8 hours.

Similar to Azure CosmosDB, Alibaba Cloud Table Store automates the backup and restore process. Table Store manages data with multiple cloud data backups across different servers in different racks. When any node of the backups fails, the other servers with backup copies will immediately restore to achieve virtually zero data loss.

4.6 Pricing

Azure CosmosDB offers a free 7-day trial. The pricing model works in a pay-as-you-go fashion. Azure CosmosDB fees depend on the traffic of data transfer “out”, the size of the storage, and the request units per table. Note that request units must be provisioned per table, not per database.

In contrast, Alibaba Cloud Table Store pricing is divided into four parts: data storage that exceed free quota, the reserved read/write throughput, the additional read/write throughput and the Internet downstream traffic. Learn more about