导图社区 azure fundamental
- 66
- 0
- 0
- 举报
azure fundamental
exam preparation:support Windows, Linux, patches ...containers, dockers, access application templates in Azure Marketplace。
编辑于2022-07-14 15:52:49- Microsoft
- azure
- az900
- 相似推荐
- 大纲
azure fundamental
1. concept
20-25%
1.1. cloud computing
1.1.1. understand
offload
1.1.2. benefits
economic
purchase of hardware and maintenance
4. economy of scale
scalability and elasticity
scale
add computing resources if increased demand
horizontal scaling
scale out
e.g added web servers
adjust capacity in existing resources
vertical
scale up
e.g more memory available to virtual server
e.g more processor core
e.g more cpu
can be automated?
elasticity
rule-based
one aspect of cloud agility
another aspect will be adapt to changing business requirements
agility = quickly deploy services with reduced effort and cost
high availability
system available for use without significant outage
bounded by SLA
SLA
99.9%
service can be unavailable no more than 43.2 minutes in a 30-day period to meet 99.9% SLA for that month
what if?
financial backed SLA will provide credit
not equal to performance
fault tolerance
continue to function when >=1 components of system fails
e.g add one more server in case one go down
disaster recovery
when multiple systems fail
human resources
staff reduction
staff repurposing
staff increase
1.1.3. models and responsibilitys
S
use microsoft 365 via web interface
can install on device and use locally
Azure SQL Database
only mx database
no need to manage server of SQL server application
benefit
Operational expense
Updates
Deployment and manageability
I
deploy and use infrastructure components in Azure
e.g virtualisation
deploy virtual servers in Azure
benefits
scalable
flexible
higher shared responsibility
highest
managed virtual servers, operating systems, and applications installed on vm
P
combine
s
i
micorosft
provides and manages virtualised infrastructure
provides additional software and resources to facilitate application development
Shared responsibilty
Serverless computing
Use case <-how to choose
1.2. financial models
1.2.1. Capital expenditure
acquire or maintain fixed asset
1.2.2. Operational expenditure
monthly expenditure whatever used for operation
1. no upfront cost
eg a license for each user for microsoft office now monthly per-user fee for Microsoft 365
not perpetual license but 2. spread out cost
3. tie cost to head count
Consumption-based
1.3. Types
1.3.1. Public
1.3.2. Private
1.3.3. Hybrid
service interaction between on-premises services and related service(s) in cloud
2. service
15-20%
2.1. Core Azure Architectural Components
benefits and usage
2.1.1. how it deployed geographically, how high availability works and ways to mx the services
2.1.2. Geographies and regions
data centers everywhere
meet legal, compliance, or tax requirement
enhance availability
geography aligend to
1. countries
2. specific markets
Europe
Asia
often have 2 or more regions
compliance and data residency
Azure China
physically isolated instance of Azure
located wholly in China
Operated by Shanghai Blue Cloud Tech
within China and meet strict Chinese regulatory requirements
not limited to Chinese government entities
within each geography are Azure regions
nested nature
a grouping of data centers
updates are rolled out to regions serially
that interact to provide redundancy and availability for the services hosted within that region
e.g US
West US
Central US
North Central US
region pairs
to allow for replication of resources across multiple data centers
redundancy, resiliency, and business continuity.
to reduce the effects of
natural disaster
outages
decided by microsoft
optional
not limited to choosing a single region to deploy Azure services, nor limited to a specific region pair
2.1.3. Availability zones
physically separate zone within a region
with its own power, network, and cooling
might encompass more than one data center
minimum of three availability zones per region
not all regions offer availability zones
encompasses 2 domains
fault
update
eg if you deploy VMs across 3 availability zones, they will not update simultaneously
services
Zonal
Resources are pinned to a specific zone
Ensure redundancy by
must deploy the services across multiple availability zones
e.g VM
no additional charge unless VM-to-VM data transfers between zones
Zone-redundant
eg storage
Zone Redundant Storage
SQL databases
replicates the service automatically across zones
To ensure SLA of x level
choose geography that meets compliance and regulatory requirement for data residency
choose region(s) which you will host your data, services, and application
can choose multiple
consider region pair
consider storage, services where to host
consider additional types of fault tolerance and availability
2.1.4. Resources and resource groups
resources
manageable items in Azure
VM
Databases
Virtual networks
Storage accounts
when Azure solution grow, resources grow
hard to manage, how?
resource groups
logical container
apply properties
e.g CanNotDelete lock
apply policies
control who have adm permission
perform operations
what to consider?
Lifecycle
deployment
updates
deletion
Resource assignment
a resource can erside in only one group
Location
can reside in various region
metadata
if region where resource group resides is unavailable, unable to update the resources, because metadata not available, but resources can continue to function
Scope
apply management scope to resources collectively
can assign Azure policies, Azure roles, or resource locks to the group
Resource interaction
different groups can interect
Deletion
delete group, delete resources within
Creation
Azure portal, PowerShell, Azure CLI, or Azure Resource Manager template
Tags
applies only to resource group but not the resources within
is a label you add to box, not to the content
resources can have their own tags
2.1.5. Azure Resource Manager
enable and support distributed cloud model
ARM is not a tool or interface, but a service
broker btw management tools
e.g create VM in Azure protal
portal sends properties to ARM API
ARM communicates with the resource provider to create VM
templates
for
create
manage
monitor
JSON
can automate entire Azure environment
declare what resources you want and what properties
2.2. Azure subscriptions and billing scope
2.2.1. Azure subscriptions
logical container like resource groups but at higher level
big box that contains all resource group boxes
one resource group one subscription
multiple subscriptions to simplify
resource management
biling
cost containment
legal agreement associated with specific Azure offer
payment agreement
boundaries
scale boundaries
eg limit no. of VM in each subscription
administrative boundaries
control security
resource administration
server resources in one sub, while data resources in another
policies
other method:
RBAC
resource groups with different role-based access (RBA) permissions
2.2.2. Azure biling accounts
types
Microsoft Online Service Program
Enterprise agreement
purchase software and services under
multiyear agreement
eg on-premises licenses, Office 365 licenses Azure Services through 3 year period
annual true-up reconciles the licenses that you have used and adjusts the next year's cost accordingly
Microsoft Customer Agreement (MCA)
consolidate invoices monthly
Azure
Azure Marketplace
Microsoft AppSource
some regions, MCA is created automatically when you sub to pay-as-you-go or Azure free sub
4th type not cover
Microsoft Partner Agreements
specific to cloud solution providers
2.2.3. Billing scope
node within biling account
enable manage invoices, payments, accounts, and other biling-related data
2.2.4. Azure tenants
specific instance of Azure Active Directory (AAD)
contains
accounts
groups
tenant is a group of users
tenant provides authentication services for cloud resources
multitenancy
more than one tenant share Azure srouces
single tenant for multiple Microsoft cloud offerings
eg deploy Microsoft 365, Dynamics 365, Azure resources all associated with a single AAD tenanrs
or multiple tenants in different scenarios
2.3. Core
2.3.1. Azure
SERVICES
Virtual machines
emulation of a computer system that provides functionality of a physical computer
run on host
which is a physical device
must have sufficient physical CPUs, memory, and other hardware
as a guest on that host
software called hypervisor
manage VM running on host
advantages
multiple VM can run on single host
reduce power and physical space
quick deployed by specify parameters
handle actual creation task over to hypervisor
scalable
VM can run different OS than its host
VM can be moved easily from one host to another
only to move metadata that defines the VM
eg configure site recovert at new place, then fail over from original VM to new one
Virtual Machine Scale Sets
simplifies create and manage group of load-balanced VMs
automatically scale out or in to adjust changes in demand
load balance ensure access to VMs in the set is balanced across VMs
enable high availability
VMs in a scale set are all created from the same OS image
ensure consistency
same components,applications, and configuration
can use either
Azure Load Balancer
Azure Application Gateway
to balance traffic to the VMs in the set
alternative:
use availability zones to improve availability by distributing the VMs across multiple data centers
Availability sets
2 domains
update
logical group of hardware that undergoes maintenance activities or reboot events at the same time
fault
logical group of hardware that shares power source and network switch
similar to physical rack in data center
avoid outages caused by
hardware
update
others
distributes VMs across multiple fault domains and update domains
use of availability zones affect SLA
99,99
availability zone
all VMs with >=2 instances deployed across >=2 availability zones in the same Azure region
99.95
availability set
All virtual machines with two or more instances deployed in the same availability set
99.9
any single instance VM using premium SSD or ultra disck for all OS
99.5
any single instance VM using standard SSD managed discs for allOS
95
Any single instance virtual machine using Standard HDD Managed Disks for operating system
Azure App Service
PaaS
equick dev and deploy web app
dev languages
more than just dev tools
encompasses
load balancing
autoscaling
automated mx
security features
scalability
support Windows, Linux, patches ...containers, dockers, access application templates in Azure Marketplace
Azure Container Instances
Docker
open source project for automating the deployment of containers
containers
a mean for packaging and deploying application virtually
serves as a virtual env that includes resources necessary for its hosted application to function
eg you have a web app but dont want to manage VM, you can use container
service
ability to create and deployed containerised application
both Window and Linux containers
ACI supports only single container instances for Windows
container groups for Linux
collection of containers that run on the same host machine and share the same OS, lifecycle, local network, resources and storage
single IP address and DNS name
cost saving
only paying for consumption of CPU and memory resources used by the container
scalable
support Azure Files
to share data used by the container
how if too many containers?
Azure Kubernates Service
container orchestration service
monitor container health
container scalability
enable resource sharing among containers
node
each containers in the Kubernates cluster
simplify deployment
once defined a container image, can use AKS to deploy instances of that image within a cluster or multiple clusters
large-scale management of containers
Windows Virtual Desktop
senable users to run a Windows client in the cloud
access via
Virtual Desktop client application on Windows device
HTML 5 browser
benefit
run windows everywhere
distributed work env
STORAGE
Blob storage
very large amounts of
unstructured data
text and binary data
access
HTTP or HTTPS, the Azure Storage REST API, Azure PowerShell, Azure CLI, or an Azure Storage client library
Blob storage tiers
access
Hot
frequent
Cool
infrequent
store data online
Archieve
rare
trade off
access cost
storage cost
SLA
Disk storage
azure disks
virtualised
presented as a disk
attached to a VM
similar to physical disk in a server
designed for 99.999% availability tru replicas
3
3 main disk roles
data disk
OS disk
persistent
temporary disk
are not managed and do not necessarily persist during maintenance events and reboots, but can persist during a normal, successful reboot of the VM that host it
used only for swap files, temp files and other data that could be lost
2 encryption
server side
encryption-at-rest
safeguard data and meet compliance and policy requirement
enabled by default
client-side
one-time symmetric content encryption key (CEK)
disk
Windows
Bit-Locker
Linux
DM-Crypt
File storage
available securely anywhere but not associated with a specific VM or volume letter
can be accessed by using the Server Message Block (SMB) protocol or Network File System (NFS) protocol.
can be concurrently accessed by on-premises as well as Azure services.
support many file sharing scenarios
Storage accounts
to use storage you must create this first
contains Azure Storage objects and provides a unique namespace
types
General-purpose v1
legacy
blobs, files, queues, tables
General-purpose v2
extra Data Lake Gen2
BlockBlobStorage
block blobs
append blobs in high-performance scenarios
eg high storage transcation rates
or where storage consists of small objects and/or low latency
FileStorage
files-only storage
where premium performance required
BlobStorage
legacy
blob-only
2.3.2. Data services
Structured and unstructured data
semistructured
not constrained to data model
but have tags or markers
that describe and enforce hieararchy of records and fields within the data
Azure SQL Database
abstracts all the infrastructure needed to host a SQL database
PaaS
Microsoft hosts the SQL platform and manages maintenance like upgrades and patching, monitoring, and all other activities needed to ensure a 99.99 percent uptime for your SQL databases
only task
create SQL database and manage the tables, views, and other elements within the database
SQL managed instance
PaaS
additional features
audit
authentication
backups
change data capture (CDC)
common language runtime (CLR)
linked servers
OPENQUERY
key difference
integrate with Azure Data Migration Service
Cosmos DB
multimodel database
scale data out to multiple Azure regions across the wolrd
elasticity
support
SQL for querying data stored in Cosmos
also other APIs
Cassandra, MongoDB, Gremlin, Azure Table Storage
non-relational databases
key adv
Gremlin API
use Azure Cosmos DB to store and query massive graphs at any scale
Azure Database
MySQL
capability to deploy, manage, and use MySQL databases without deploying MySQL on a server or VM
LAMP
PostgreSQL
Migration service
one-time (offline)
making the app supported by the data unavailable
continuous synchronisation (online)
2.4. Microsoft marketplace
2.4.1. online store
2.4.2. billed via Azure acc
3. networking
3.1. serverless
3.1.1. abstract server
3.1.2. making services as primary focus
3.1.3. eg Azure SQL database
3.2. how to communicate
3.2.1. network addressing
unique identification
each device is assigned a network address
within network address, subnet
which further segregate parts of address space into virtual network
protocols
IPv4
IPv6
3.2.2. domain name system (DNS)
map numeric IP addresses to hostnames
DNS resolver
communicate with a DNS server
denial-of-service (DoS) attack
3.3. routing
3.3.1. wireless access points (WAP) function as router
routing data between two subnets
3.3.2. home router
handles traffic btw those WAPs and IPS's network
IPS router handles traffic to internet
3.4. virtual networks
3.4.1. how
must create VNet resources in Azure
When create a VNet, you specify private IP address space that the VNet will use
Within that address space, subnets that you define enable you to segregate network segments for various resources
3.4.2. scoped to a single
region
subscription
3.4.3. can create multiple virtual networks within a region and subscription
3.4.4. peering
to connect virtual networks
including across regions
same latency with same bandwidth
3.5. Load balancing
3.5.1. distributed network traffic
3.5.2. improve responsiveness, reliability, availability
3.5.3. 4 types of LB services
Load balancer
transport layer service
high performance, low latency
zone redundant
high availability across availability zones
non-HTTP(S) traffic
Application Gateway
application layer
application delivery controller (ADC) as a service
internet facing, or internal only,or both
HTTP(S) traffic
Front Door
global
internet facing
uses Microsoft global edge network
Traffic Manager
application layer
DNS-based
across global Azure region
3.6. VPN Gateway
3.6.1. VPN establishes encrypted tunnel
between 2 private networks
across a public network
3.7. Azure VPN gateway
3.7.1. support multiple VPN configuration
Site-to-site
Multi-site
Azure and multiple on-premises sites
Point-to-site
Single device (point) to site
VNet-to-VNet
VPN tunnel between two Azure VNets
enable georedundancy
3.8. ExpressRoute
3.8.1. extend on-premises networks into Azure
3.8.2. over private connection
3.8.3. managed by 3rd party connectivity provider
3.8.4. not traverse the Internet
3.8.5. enable high reliability, faster speed, less latency, high security
3.9. Direct
3.9.1. connect directly to Microsoft global network
3.9.2. without traverse internet
3.9.3. if require physical isolation or large amounts of data to Azure
3.10. Content Delivery Network
3.10.1. places web content across a distributed network of servers
3.10.2. make content readily available
3.10.3. point of presence (PoP)
cached copies in the CDN
3.10.4. time-to-live (TTL) properties
determined how freq refreshed from source to cache
3.10.5. Azure CDN supports CDN caching rules, compression, geofiltering, scalability and several other features
4. security, compliance, privacy, trust
4.1. Network security
4.1.1. Defense in depth
layers
Physical security
Identity and access
access control, single sign-on, multifactor authentication, audit
Perimeter
First point at which bad actors can potentially gain access to servers/resources or execute attacks
DDoS protection
Network
Compute
Application
Azure Key Vault
to protect secrets used by app
Data
4.1.2. firewall
device/service
inspect network traffic flowing
act on the traffic based on
rules
eg create a rule in your firewall to block all traffic inbound for ports other than 80 and 443
analyse threats
worms, viruses etc
Azure
managed firewall service
stateful
inspect sessions of network traffic and act based on the context and state of the packets
by contrast, a stateless firewall inspects individual data packets and is more limited in the information it gleans and there the action it can take
traffic
filter
modify
changing source or destnation addresses to route traffic
= network address translation (NAT)
enable traffic to be routed between different network segment
3 types of rule collections
1. NAT rules
enable traffic to be forwarded btw network segments
eg Internet to Azure resources
2. Network rules
allow or deny traffic based on ,,,,
3. Application rules
allow specific application to communicate across firewall
control traffic by FQDN
eg block traffic to specific website
Web app
can be deployed with
LB
Azure Application Gateway
Azure FrontDoor
CDN
firewall service
by policies and rules
preconfigured
Azure-managed rules
customise
functions
protect
against SQL injection
cross-site scripting
4.1.3. Security Groups
Network
additional firewall service
enable filter traffic btw
Azure resources
can be scoped to a subnet or a network interface on a VM
a single NSG can apply to multiple VMs or subnets
rule
filter traffic
applies to all VMs within the subnet
often deployed using application security groups
Application
enable grouping of
servers based on applications running on them
then mx security
object reference within a network security group
create the ASG and add VMs to it, and then create the NSG and reference the ASG in it
NSG rules then apply to the VMs in the ASG.
to apply the same NSG to a dozen other servers
is to add them to the same ASG.
4.1.4. User defined routes
define a custom route to override the default route
4.1.5. Azure DDoS protection
overwhelmed
types of attacks
volumetric attacks
protocol attacks
resource layer attacks
type of protections
basic
active traffic monitoring
automatic attack mitigation
standard
extra
availability guarantee
mitigation policies
metrics and alerts
reporting
,,,
4.2. Authentication and authorisation
4.2.1. Azure Active Directory
cloud based identity and access management service
enable user to log into cloud services and access resources in Azure
options
Azure AD Free
management of users and groups
synchronization with on-premises Active Directory
basic reporting
self-service password change
single sign-on for Azure, Microsoft 365, Dynamics 365, and other app
Azure AD Premium P1
access on-premises resources as well as cloud resources,
support for dynamic groups
self-service group management,
Microsoft Identity Manager,
conditional access
cloud write-back
to allow self-service password changes for on-premises users
Azure AD Premium P2
Azure Active Directory Identity Protection
conditional access to apps and critical data
Privileged Identity Management
discover,monitor and restrict adm access to resources
Pay-as-you-go feature licenses
deploy Azure Directory Federation Services (ADFS)
integrate on-premises AD for hybrid cloud scenarios involving both
support RBAC
to manage access to cloud resources
control who has access and what action, where
security principal
who
role
what
scope
where
4.2.2. Authentication
Multifactor
authentication identifies a user and authorization determines the actions
4.2.3. Conditional access
identity signal
user’s location, the user’s device, or the application the user is trying to access
4.2.4. Single sign-on (SSO)
what if use on-premises and Azure?
Azure AD Connect,
4.3. Security tools and features
4.3.1. Azure security center
monitoring services
framework for advanced threat protection
cloud
on-premises
assess
security-based monitoring
alerts
recommmendations
Windows / Linux
Azure, on-premises, other clouds
integrate natively with Microsoft Defender
provide risk detection and assessment
threat intelligence
automated onboarding for new VM
service level
Free
limited to assessments and recommendations only for Azure resources.
Standard
Just-in-time access control for port
specified period
secure scoe
diplayed in Security Center portal
4.3.2. Azure Key Vault
securely store secrets
provide centralised, cloud based service for
creating
storing
and managing keys and certificates
4.3.3. Azure information Protection
classify and protect doc and emails
by applying labels
labels identify information type and can be used to optionally protect the information with Azure Rights Management Service
apply policies for encryption, identity, and authorization to the data
eg prevent email from being forwarded
4.3.4. Azure Advanced Threat Protection
leverage on-premises AD to detect and identify threats
investigate threats and identify compromised identities
functions
protect identities and credentials stored in Active Directory,
monitor users and suspicious activities,
report on incidents to help drive protection
remediation measures, and more.
threats
reconnaisance attacks
probing accounts using an alphabetical list of usernames.
compromised credentials
brute-force attack testing multiple passwords against a username.
lateral account movement
steal user data on one computer in order to gain access to other computers
domain dominance
honeytoken accounts
decoy accounts
4.3.5. Azure Sentinel
Microsoft's Azure-based SIEM solution
security information and event management system
collect data for analysis
create custom rules to search for specific threat criteria.
orchestration and automation capabilities in Azure Sentinel and through integration with other services
Azure Monitor Workbooks
Azure Logic Apps
supports over 200 connectors to allow you to integrate with ticketing sys- tems, messaging alerts, email alerts, and other systems and services to build automated response strategies for each threat.
proactively hunt for threats across your entire environ- ment and surface the results for follow-up and further investigation.
4.3.6. Azure Dedicated Hosts
Azure resource mapped to a physical server in Azure that you provision in an Azure region and optionally in an availability zone and fault domain.
isolate your VM workloads on dedicated hardware
4.4. Azure governance methodologies
4.4.1. Azure policies
define business rules that you can use to assess and ensure compliance with organizational standards in Azure, controlling how Azure resources are deployed and used.
mechanism to create, manage, and apply those policies
Each policy applies a single effect, such as deny.
eg create a policy for the resource group that restricts the types of VMs that can be added to the resource group.
JSON
alias enables restrict values and conditions for a property of a given resource
resource group or management group
do not apply permissions with Azure policies.
specify what actions people can take within a particular management scope using the permissions they already have.
a user might be granted permission to create resources in a resource group (using role- based access control). A policy applied to the resource group could then limit the types of VMs that the user could create in that group.
4.4.2. Azure Initiatives
group of azure policies
simply serve as a container for policies
achieve a collective set of governance goals
eg an initiative to secure all SQL services in the organization. You would create an initiative for that goal, and then assign policies to that initiative. As with policies, you assign initiatives to specific scopes, so the policies in an initiative then apply to the resources that fall within the specified scope(s).
If you need to have a policy evaluated by itself without other policies, either apply the policy outside of an initiative or create an initiative that contains only that policy.
can contain only policies in a single subscription
for multiple subscription
create the same initiative within each subscription and apply each initiative as needed within each subscription.
4.4.3. Role-based Access Control
primary authorisation mechanism
enable define who has access and what they can do
role assigment
who
what
where
Classic subscription administrator roles
Account Administrator:
Service adm
Co-adm
4 roles
owner
contributor
create and manage all types of Azure resources and create new tenants
cannot grant access to others
reader
can view
user access adm
mx access to Azure resources
using RBAC with management scopes
additive model
resource group is contained in the subscription and inherits permissions as a child
4.4.4. Resource Locks
lock down resources to prevent them from being modified or deleted.
ReadOnly
no delete or update
CanNotDelete
If you need to delete a resource, you must first remove the lock
inherit
all users
apply only at the resource management level, not at their functional levels.
You cannot modify or delete one of those database instances without removing the lock, but you can create new databases, as well as update and delete data within databases that exist in that resource group.
4.4.5. Azure Blueprints
define a repeatable group of Azure resources and associated role assignments and policies to meet your organization’s standards and practices, and then quickly and easily deploy those resources where needed
what is artifacts within a blueprint
Resource groups, role assignments, policies, and ARM templates
ARM templates retain no connection to the resources they deploy.
retain connection
can tract and audit what was deployed against what the blueprint specified should be deployed
updating, publishing, and applying a new version of a blueprint
Blueprints do not replace ARM templates. Instead, blueprints can make extensive use of ARM templates to deploy resources.
Lifecycle
draft until published for assignment
need explicit assign
A published version of a blueprint cannot be altered
delete if not assigned
so must remove assignment first
wont delete resources
delete core blueprint = delete all versions of the blueprint
When assigning a blueprint, you can choose to use a system-assigned managed identity, which then is granted an Owner role and is used to deploy resources defined by the blueprint.
roles
Owner
Contributor
cannot assign
blueprint contributor
manage blueprint definitions but no assign
blueprint operator
assign published blueprint
cannot create new bp
custom
4.4.6. Microsoft Cloud Adoptation Framework for Azure
includes guidance on strategies, governance, migration, innovation, and all other aspects of a successful Azure implementation.
Templates
Assessments
FastTrack for Azure
Microsoft engineers
The Azure Migration Program
best practice and other guidance, access to training, Azure engineering support, migration tools, and access to migration partners to help you move your workloads to Azure.
4.5. Azure monitoring and reporting options
4.5.1. Azure Monitor
to collect and analyze telemetry
cloud
on-premise
data
metrics
numerical values at a given time
log
event
stored in tables within a Log Analytics workspace.
services
Application Insights
Azure Monitor for VMs
Azure Monitor for Containers:
Log Analytics
Smart Alerts
Automated Actions
Dashboards
Workbooks
tips
Monitoring begins automatically as soon as you add a resource to a subscription.
Metrics and logs are created for you automatically.
Application Insights enables developers to send telemetry data about the applications they develop to Azure
Metrics are numeric values that describe how a resource is performing and/or what it is consuming.
Logs contain detailed information about events that happen within your Azure environment.
Log Analytics enables you to view data from multiple sources through queries that you create or that are created by services for you, such as On-Demand Assessments (avail- able through Microsoft’s Unified Support offering).
4.5.2. Azure Service Health
Azure Status:
globally
what services affected and in what region
Service Health
tracks the state of your Azure services by region
access to information about service issues, planned maintenance, health advisories, and security advisories
customisable dashboard
Resource Health
tracks the state of the resources you have deployed to Azure to give you visibility to any ongoing or historical issues with those resources.
4.5.3. Azure Advisor
web-based report intended to help you optimize your Azure environment
evaluating performance criteria, cost-effectiveness, reliability, security, and operational excellence.
4.6. Compliance and data protection
4.6.1. Standards
Industry Compliance Standards and Terms
Microsoft Privacy Statement
Online Service Terms
Data Protection Addendum
Trust Center
website that provides information about how Microsoft imple- ments and supports compliance, security, privacy, and transparency across its cloud products and services.
does not provide any type of risk assessment for your Azure resources and ser- vices
Service Trust Portal
public site
audit reports and other compliance-related info
Compliance Manager
dashboard
view compliance information and track compliance-related activities
workflow-based risk assessment
enables you to build a compliance framework where you can create and assign compliance- related tasks to individuals in your organization and track progress toward completion of those activities.
Azure Government
Azure China
within china
ExpressRoute
outside china
site-to-site VPN
Azure Sovereign Regions
5. solutions
5.1. Iot
5.1.1. Azure IoT Hub
supports multiple communication and control function
Device-to-cloud telemetry to collect data
Device-to-cloud file upload to collect and transfer data
Request/reply methods for controlling devices from the cloud
Monitoring
does not provide analysis services or dashboards for viewing device state or analyzing data.
5.1.2. Azure IoT Central
visualization, control, and management features for IoT devices.
device templates
creates the dash- boards, alerts, and other visualization and management elements based on the template
5.1.3. Azure Sphere
integrated IoT solution
3 key parts
Azure Sphere micro-controller units (MCUs)
Mx software
Azure Sphere Security Service (AS3)
ability to create a custom, highly secure IoT solution.
5.2. AI
5.2.1. Azure ML
Azure Machine Learning Studio
can create no-code and code-first solutions using a selection of tools, including drag-and-drop model design
to manage assets and resources, publish your models as web services, and more.
5.2.2. Azure Cognitive Services
Language
Speech
Vision
Decision
5.2.3. Azure Bot Service
create and use virtual agents to interact with users by answering questions, gathering information, and potentially initiating activities through other Azure services.
5.3. Serveless computing
5.3.1. Azure functions
enables you to host a single method or function
runs in response to an event such as a queued message, HTTP request, or timer event
function can be created by
several programming languages
scales automatically, enabling your function to scale to meet changes in demand
serverless
stateless
does not store its state from execution to execution
how to know state
You can configure a function to maintain state by connecting an Azure storage account to the function, enabling it to store its state between executions.
extension
Durable Functions to chain together functions and maintain their state while the functions are executing.
building small blocks of code that run for a very short period in response to a triggering event
priced based on the number of function executions and running time for each.
5.3.2. Azure Logic Apps
like a workflow or a process
create no-code and low-code solutions hosted in Azure to automate and orchestrate tasks, business processes, and workflows.
serverless
web-based design environment
by connecting triggers to actions with various con- nections.
Azure Functions and Azure Logic Apps can integrate
priced based on the number of executions and the type of connectors that the app uses.
5.4. DevOps
5.4.1. Azure DevOps Services
Azure Artifacts
Azure Boards
Azure Pipelines
Azure Repos
Azure Test Plans
5.4.2. GitHub and GitHub actions
5.4.3. Azure DevTest Labs
for code testing
automates the deployment, configuration, and decommissioning of virtual machines and other Azure resources.
pay only for resources you need for testing
does not provide monitoring, alerting, or telemetry services to mon- itor those resources.
6. pricing, service levels, lifecycle
6.1. purchasing azure services
6.1.1. Azure subscriptions
Free trial
Pay-as-you-go
Member offers
6.1.2. Purchasing Services
Microsoft Customer Success Account Manager
Enterprise Agreement
Web Direct
billed monthly
Cloud Solution Provider (CSP)
6.1.3. Factors affecting cost
6.1.4. biling zones
geographical grouping of Azure regions for billing Azure resources.
6.2. planning and managing azure cost
6.2.1. TCO calculator
6.2.2. Pricing calculator
more refined cost estimate for specific workloads
6.2.3. managing and minimising azure cost
6.2.4. azure cost management and biling
6.3. service level agreements
6.3.1. composite SLAs
6.3.2. Availability Zones
6.4. service lifecycles
6.4.1. Preview
6.4.2. General availability
7. create & mx resources
7.1. Azure Management Tools
7.1.1. Azure Portal
to perform relatively simple, one-off management tasks
simplest choice
web interface
many blades
eg what to use for managing specific Azure resources or access specific services s.a security center
7.1.2. Azure PowerShell
Azure REST API.
Windows, Linux, Mac, and ARM.
install to use, available as open-source
7.1.3. Azure CLI
experienced in Linux
Windows, Linux, and Mac
differences
syntax
scripting environment
native
anything requiring complex actions
Azure Cloud Shell
7.1.4. Azure Cloud Shell
web-based
7.1.5. Azure Mobile App
some management capabilities on Android and iOS mobile
one-off tasks
monitor health and status of resources, check alerts, restart web apps or vm, run Azure CLI or Azure PowerShell commands
7.1.6. Using ARM templates
build out repeatable processes for deploying and managing resources with related resources
7.2. Creating and managing resources
7.2.1. Creating a free subscription
first thing first
7.2.2. Creating Resource Groups
before you create some Azure resources, you should create a resource group to contain them
7.2.3. Creating Azure Resources and Services
create VM
create storage acc
Name must be unique
can use only lowercase letters and numbers.
decide on the networking options
must download and install the Azure Storage Explorer.
create VM
resources count against the subscription limits
Clear up any validation issues and then click Create to create the VM.
stopping the VM will pause most consumption charges associated with the VM
Create SQL database
7.2.4. Deleting Resources and Services
8. Exam
8.1. cloud concepts
8.1.1. 20-25%
8.2. core Azure services
8.2.1. 15-20%
8.3. core solutions and management tools on Azure
8.3.1. 10-15%
8.4. general security and network security features
8.4.1. 10-15%
8.5. identity, governance, privacy, and compliance features
8.5.1. 20-25%
8.6. Azure cost management and service level agreements
8.6.1. 10-15%