























Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
For AZ900 exam revision. Cover all essential topics
Typology: Lecture notes
1 / 31
This page cannot be seen from the preview
Don't miss anything!
























What is cloud computing? Compute power Each VM includes an operating system and hardware that appears to the user like a physical computer The difference is that you don't have to buy any of the hardware or install the OS. The cloud provider runs your virtual machine on a physical server in one of their datacenters - often sharing that server with other VMs (isolated and secure). Containers provide a consistent, isolated execution environment for applications. They're similar to VMs except they don't require a guest operating system. This allows the container to start up in just a few seconds, because there's no OS to boot and initialize. Multiple containers can be run on a single machine, and containers can be moved between machines. The portability of the container makes it easy for applications to be deployed in multiple environments, either on- premises or in the cloud, often with no changes to the application. Serverless computing lets you run application code without creating, configuring, or maintaining a server. This is ideal for automated tasks - for example, you can build a serverless process that automatically sends an email confirmation after a customer makes an online purchase. The serverless model differs from VMs and containers in that you only pay for the processing time used by each function as it executes. VMs are an ideal choice when you need: Total control over the operating system (OS) The ability to run custom software, or To use custom hosting configurations need to maintain the VM—that is, configure, update, and maintain the software that runs on the VM. Cloud computing is flexible and cost-efficient , which can be beneficial to every business, whether it's a small start-up or a large enterprise. Types of cloud services
When using IaaS, ensuring that a service is up and running is a shared responsibility: the cloud provider is responsible for ensuring the cloud infrastructure is functioning correctly; the cloud customer is responsible for ensuring the service they are using is configured correctly, is up to date, and is available to their customers. This is referred to as the shared responsibility model. Cost and Ownership IaaS PaaS SaaS Upfront costs There are no upfront costs. Users pay only for what they consume. There are no upfront costs. Users pay only for what they consume. Users have no upfront costs; they pay a subscription, typically on a monthly or annual basis. User ownership The user is responsible for the purchase, installation, configuration, and management of their own software, operating systems, middleware, and applications. The user is responsible for the development of their own applications. However, they are not responsible for managing the server or infrastructure. This allows the user to focus on the application or workload they want to run. Users just use the application software; they are not responsible for any maintenance or management of that software. Cloud provider ownership The cloud provider is responsible for ensuring that the underlying cloud infrastructure (such as virtual machines, storage, and networking) is available for the user. The cloud provider is responsible for operating system management, network, and service configuration. Cloud providers are typically responsible for everything apart from the application that a user wants to run. They provide a complete managed platform on which to run the application. The cloud provider is responsible for the provision, management, and maintenance of the application software.
Azure support plans Developer Standard Professional Direct Best for Non-critical workloads Production workloads Business-critical workloads Reactive technical support 1 business day response 1-hour response for critical cases 1-hour response + priority tracking of critical cases Proactive technical support Not applicable Not applicable Access to a pool of technical experts Azure community support Channel Description Azure Knowledge Center The Azure Knowledge Center is a searchable database that contains answers to common support questions. Microsoft Tech Community Get support by reading responses to Azure technical questions from Microsoft's developers and testers. Stack Overflow You can review answers to questions from the development community. Server Fault Review community responses to questions about System and Network Administration in Azure. Azure Feedback Forums Read ideas and suggestions for improving Azure made by Azure users. Twitter Tweet @AzureSupport to get answers and support from the official Microsoft Azure Twitter channel.
Azure services Here's a big-picture view of the available services and features in Azure. Let's take a closer look at the most commonly used categories: Compute Service name Service function Azure Virtual Machines Windows or Linux virtual machines (VMs) hosted in Azure Azure Virtual Machine Scale Sets Scaling for Windows or Linux VMs hosted in Azure Azure Kubernetes Service Enables management of a cluster of VMs that run containerized services Azure Service Fabric Distributed systems platform. Runs in Azure or on-premises Azure Batch Managed service for parallel and high-performance computing applications Azure Container Instances Run containerized apps on Azure without provisioning servers or VMs Azure Functions An event-driven, serverless compute service Networking Service name Service function Azure Virtual Network Connects VMs to incoming Virtual Private Network (VPN) connections Azure Load Balancer Balances inbound and outbound connections to applications or service endpoints Azure Application Gateway Optimizes app server farm delivery while increasing application security
Service name Service function Azure Synapse Analytics Fully managed data warehouse with integral security at every level of scale at no extra cost Azure Database Migration Service Migrates your databases to the cloud with no application code changes Azure Cache for Redis Caches frequently used and static data to reduce data and application latency Azure Database for MariaDB Fully managed and scalable MariaDB relational database with high availability and security Web Service Name Description Azure App Service Quickly create powerful cloud web-based apps Azure Notification Hubs Send push notifications to any platform from any back end. Azure API Management Publish APIs to developers, partners, and employees securely and at scale. Azure Cognitive Search Fully managed search as a service. Web Apps feature of Azure App Service Create and deploy mission-critical web apps at scale. Azure SignalR Service Add real-time web functionalities easily. Internet of Things Service Name Description IoT Central Fully-managed global IoT software as a service (SaaS) solution that makes it easy to connect, monitor, and manage your IoT assets at scale Azure IoT Hub Messaging hub that provides secure communications between and monitoring of millions of IoT devices IoT Edge Push your data analysis models directly onto your IoT devices, allowing them to react quickly to state changes without needing to consult cloud-based AI models.
Big Data Service Name Description Azure Synapse Analytics Run analytics at a massive scale using a cloud-based Enterprise Data Warehouse (EDW) that leverages massive parallel processing (MPP) to run complex queries quickly across petabytes of data Azure HDInsight Process massive amounts of data with managed clusters of Hadoop clusters in the cloud Azure Databricks Collaborative Apache Spark–based analytics service that can be integrated with other Big Data services in Azure. Artificial Intelligence Service Name Description Azure Machine Learning Service Cloud-based environment you can use to develop, train, test, deploy, manage, and track machine learning models. It can auto-generate a model and auto-tune it for you. It will let you start training on your local machine, and then scale out to the cloud Azure Machine Learning Studio Collaborative, drag-and-drop visual workspace where you can build, test, and deploy machine learning solutions using pre-built machine learning algorithms and data-handling modules A closely related set of products are the cognitive services. These are pre-built APIs you can leverage in your applications to solve complex problems. Service Name Description Vision Image-processing algorithms to smartly identify, caption, index, and moderate your pictures and videos. Speech Convert spoken audio into text, use voice for verification, or add speaker recognition to your app. Knowledge mapping Map complex information and data in order to solve tasks such as intelligent recommendations and semantic search. Bing Search Add Bing Search APIs to your apps and harness the ability to comb billions of webpages, images, videos, and news with a single API call. Natural Language processing Allow your apps to process natural language with pre-built scripts, evaluate sentiment and learn how to recognize what users want. DevOps Azure DevOps Services allows you to create build and release pipelines that provide continuous integration, delivery, and deployment for your applications.
Resiliency Resiliency is the ability of a system to recover from failures and continue to function. The goal of resiliency is to return the application to a fully functioning state following a failure. High availability and disaster recovery are two crucial components of resiliency. When designing your architecture you need to design for resiliency, and you should perform a Failure Mode Analysis (FMA). The goal of an FMA is to identify possible points of failure and to define how the application will respond to those failures. Azure management options Azure portal for interacting with Azure via a Graphical User Interface (GUI) Azure PowerShell and Azure Command-Line Interface (CLI) for command line and automation- based interactions with Azure Azure Cloud Shell for a web-based command-line interface Azure mobile app for monitoring and managing your resources from your mobile device Azure App Service - a platform-as-a-service (PaaS) offering in Azure that is designed to host enterprise- grade web-oriented applications. You can meet rigorous performance, scalability, security, and compliance requirements while using a fully managed platform to perform infrastructure maintenance. availability set , you get: Up to three fault domains that each have a server rack with dedicated power and network resources Five logical update domains which then can be increased to a maximum of 20
Azure Virtual Machine Scale Sets let you create and manage a group of identical, load balanced VMs. Scale sets allow you to centrally manage, configure, and update a large number of VMs in minutes to provide highly available applications. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule. With Virtual Machine Scale Sets, you can build large-scale services for areas such as compute, big data, and container workloads. Azure Batch enables large-scale job scheduling and compute management with the ability to scale to tens, hundreds, or thousands of VMs. Azure supports Docker containers (a standardized container model), and there are several ways to manage containers in Azure. Azure Container Instances (ACI) - fastest and simplest way to run a container in Azure. It is a PaaS offering that allows you to upload your containers and execute them directly with automatic elastic scale. Azure Kubernetes Service - The task of automating, managing, and interacting with a large number of containers is known as orchestration. Azure Kubernetes Service (AKS) is a complete orchestration service for containers with distributed architectures with multiple containers.
Azure Logic Apps , which are designed in a web-based designer and can execute logic triggered by Azure services without writing any code. Azure Logic Apps are similar to Functions - both enable you to trigger logic based on an event. Where Functions execute code, Logic Apps execute workflows designed to automate business scenarios and built from predefined logic blocks. Functions vs. Logic Apps
- Functions Logic Apps State Normally stateless, but Durable Functions provide state Stateful Development Code-first (imperative) Designer-first (declarative) Connectivity About a dozen built-in binding types, write code for custom bindings Large collection of connectors, Enterprise Integration Pack for B2B scenarios, build custom connectors Actions Each activity is an Azure function; write code for activity functions Large collection of ready-made actions Monitoring Azure Application Insights Azure portal, Log Analytics Management REST API, Visual Studio Azure portal, REST API, PowerShell, Visual Studio Execution context Can run locally or in the cloud Runs only in the cloud. Benefits of using Azure to store data: Automated backup and recovery : mitigates the risk of losing your data if there is any unforeseen failure or interruption. Replication across the globe : copies your data to protect it against any planned or unplanned events, such as scheduled maintenance or hardware failures. You can choose to replicate your data at multiple locations across the globe. Support for data analytics : supports performing analytics on your data consumption. Encryption capabilities : data is encrypted to make it highly secure; you also have tight control over who can access the data. Multiple data types : Azure can store almost any type of data you need. It can handle video files, text files, and even large binary files like virtual hard disks. It also has many options for your relational and NoSQL data. Data storage in virtual disks : Azure also has the capability of storing up to 32 TB of data in its virtual disks. This capability is significant when you're storing heavy data such as videos and simulations. Storage tiers : storage tiers to prioritize access to data based on frequently used versus rarely used information. Azure Data Lake Storage The Data Lake feature allows you to perform analytics on your data usage and prepare reports. Data Lake is a large repository that stores both structured and unstructured data.
Azure Data Lake Storage combines the scalability and cost benefits of object storage with the reliability and performance of the Big Data file system capabilities. The following illustration shows how Azure Data Lake stores all your business data and makes it available for analysis. Storage tiers Azure offers three storage tiers for blob object storage:
Azure Load Balancer : no infrastructure or software for you to maintain. You define the forwarding rules based on the source IP and port to a set of destination IP/ports. Azure Application Gateway is a load balancer designed for web applications. It uses Azure Load Balancer at the transport level (TCP) and applies sophisticated URL-based routing rules to support several advanced scenarios. Benefits of using Azure Application Gateway over a simple load balancer: Cookie affinity. Useful when you want to keep a user session on the same backend server. SSL termination. Application Gateway can manage your SSL certificates and pass unencrypted traffic to the backend servers to avoid encryption/decryption overhead. It also supports full end- to-end encryption for applications that require that. Web application firewall. Application gateway supports a sophisticated firewall (WAF) with detailed monitoring and logging to detect malicious attacks against your network infrastructure. URL rule-based routes. Application Gateway allows you to route traffic based on URL patterns, source IP address and port to destination IP address and port. This is helpful when setting up a content delivery network. Rewrite HTTP headers. You can add or remove information from the inbound and outbound HTTP headers of each request to enable important security scenarios, or scrub sensitive information such as server names. content delivery network (CDN) is a distributed network of servers that can efficiently deliver web content to users. Typical usage scenarios include web applications containing multimedia content, a product launch event in a particular region, or any event where you expect a high-bandwidth requirement in a region.
Application Ensure applications are secure and free of vulnerabilities. Store sensitive application secrets in a secure storage medium. Make security a design requirement for all application development. Integrating security into the application development life cycle will help reduce the number of vulnerabilities introduced in code. We encourage all development teams to ensure their applications are secure by default, and that they're making security requirements non-negotiable. Compute Secure access to virtual machines. Implement endpoint protection and keep systems patched and current. Malware, unpatched systems, and improperly secured systems open your environment to attacks. The focus in this layer is on making sure your compute resources are secure, and that you have the proper controls in place to minimize security issues. Networking Limit communication between resources. Deny by default. Restrict inbound internet access and limit outbound, where appropriate. Implement secure connectivity to on-premises networks. At this layer, the focus is on limiting the network connectivity across all your resources to allow only what is required. By limiting this communication, you reduce the risk of lateral movement throughout your network. Perimeter Use distributed denial of service (DDoS) protection to filter large-scale attacks before they can cause a denial of service for end users. Use perimeter firewalls to identify and alert on malicious attacks against your network. At the network perimeter, it's about protecting from network-based attacks against your resources. Identifying these attacks, eliminating their impact, and alerting you when they happen are important ways to keep your network secure. Identity and access Control access to infrastructure and change control. Use single sign-on and multi-factor authentication.
Audit events and changes. The identity and access layer is all about ensuring identities are secure, access granted is only what is needed, and changes are logged. Physical security Physical building security and controlling access to computing hardware within the data center is the first line of defense. With physical security, the intent is to provide physical safeguards against access to assets. These safeguards ensure that other layers can't be bypassed, and loss or theft is handled appropriately. Azure Security Center is a monitoring service that provides threat protection across all of your services both in Azure, and on-premises. Security Center can: