I did a lot of comparative studies in my role as a solution architect many of which involved tables, pros / cons and a lot of bullet points. It’s useful for IT SLT and business stakeholders but it might be too boring to the techies. In this study I will explore a different approach to study the differences between Azure and Heroku.
A real-life(ish) scenario
Figure 1 shows a typical multi tiers application architecture. All the components are in the cloud and hence internet facing.
One day the InfoSec manager came. She’s not happy about the database and internal apis being internet facing. It violates the principle of least privilege (POLP) and increases the risk profile of the solution. The SA needs to work out a new design to mitigate the security concerns. Imagine if we had the app hosted in Azure app service, the new design would probably look similar to Figure 2.
The changes will be much less dramatic if the app was in Heorku (Figure 2).
In the table below I summarise the difference between the two solutions:
| Azure | Heroku | |
|---|---|---|
| Todo | Create two VNets (A and B) For the database – Set access restriction to only accept traffics from VNet A For the internet Api – Set access restriction to only accept traffics from VNet A – Setup VNet integration to VNet B For the public Api – Setup VNet intergration to VNet A | Create an internal app and port the internal Apis to the internal app Add PostgresSQL add-on to the internal app and port the data to the new database |
| Skill / Knowledge required for the changes | Network configuration, VNet, Subnet, VNet integration and access restriction to VNet | Private space, internal routing |
| Note | No app or database changes VNet integration available to the premium plan of the app service | Converting an existing app to an internal one is not currently supported 😦 The PostgresSQL add-on to the internal app will be automatically set to be internal Heroku private space available as part of enterprise agreement |
| Delivery team | Likely to be the could infrastructure team | App development team |
Conclusion
Do application developers want to learn VNet and all the other networking stuffs? Probably.
Do application developers need to learn VNet and all the other networking stuffs? Heroku’s answer is ‘absolutely not’.
Heroku lets companies of all sizes embrace the value of apps, net the hassle of hardware, nor the distraction of servers – virtual or otherwise
heroku.com
What we have inside the black box of Heroku platform is probably not too different from what we have in Azure. But the main difference is Heroku can sort out the non-app development elements automatically. This makes it very attractive to the developers who are less interested in VNet or the businesses which do not have a network infrastructure team. Azure offers the ultra-flexibility. True you need to look after very aspects of the solutions (not just the apps!!) but elements in the e2e solution are loosely coupled. For example the network configuration is completely independent to the apps which means you can implement, update or remove any of the network configurations without interrupting the application development process and vice versa.
Microsoft utilises the ‘pay as you use’ model for most of its cloud products. The freedom to use what components to use and when to use them gives Azure a competitive edge over Heroku in term of cost. Between Heroku and Azure, it’s hard to say which one is better. Ultimately the differences are between configuration vs. customisation, convenience vs. flexibility, convenience vs. cost and dev team centric vs. multi-team collaboration.
Top Cloud Solutions 
One thought on “A comparative study of Azure and Heroku”