You are on page 1of 206

M I C R O S O F T

10979A

L E A R N I N G

P R O D U C T

Microsoft Azure Fundamentals

MCT USE ONLY. STUDENT USE PROHIBITED

O F F I C I A L

Microsoft Azure Fundamentals

MCT USE ONLY. STUDENT USE PROHIBITED

ii

Information in this document, including URL and other Internet Web site references, is subject to change
without notice. Unless otherwise noted, the example companies, organizations, products, domain names,
e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with
any real company, organization, product, domain name, e-mail address, logo, person, place or event is
intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the
user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in,
or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical,
photocopying, recording, or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property
rights covering subject matter in this document. Except as expressly provided in any written license
agreement from Microsoft, the furnishing of this document does not give you any license to these
patents, trademarks, copyrights, or other intellectual property.

The names of manufacturers, products, or URLs are provided for informational purposes only and
Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding
these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a
manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links
may be provided to third-party sites. Such sites are not under the control of Microsoft, and Microsoft is
not responsible for the contents of any linked site or any link contained in a linked site, or any changes or
updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission
received from any linked site. Microsoft is providing these links to you only as a convenience, and the
inclusion of any link does not imply endorsement of Microsoft of the site or the products contained
therein.
2014 Microsoft Corporation. All rights reserved.

Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en/us/IntellectualProperty


/Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies. All other trademarks are
property of their respective owners
Product Number: 10979A
Part Number: X19-81900
Released: 11/2014

MCT USE ONLY. STUDENT USE PROHIBITED

MICROSOFT LICENSE TERMS


MICROSOFT INSTRUCTOR-LED COURSEWARE

These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its
affiliates) and you. Please read them. They apply to your use of the content accompanying this agreement which
includes the media on which you received it, if any. These license terms also apply to Trainer Content and any
updates and supplements for the Licensed Content unless other terms accompany those items. If so, those terms
apply.
BY ACCESSING, DOWNLOADING OR USING THE LICENSED CONTENT, YOU ACCEPT THESE TERMS.
IF YOU DO NOT ACCEPT THEM, DO NOT ACCESS, DOWNLOAD OR USE THE LICENSED CONTENT.
If you comply with these license terms, you have the rights below for each license you acquire.
1.

DEFINITIONS.
a. Authorized Learning Center means a Microsoft IT Academy Program Member, Microsoft Learning
Competency Member, or such other entity as Microsoft may designate from time to time.

b. Authorized Training Session means the instructor-led training class using Microsoft Instructor-Led
Courseware conducted by a Trainer at or through an Authorized Learning Center.
c.

Classroom Device means one (1) dedicated, secure computer that an Authorized Learning Center owns
or controls that is located at an Authorized Learning Centers training facilities that meets or exceeds the
hardware level specified for the particular Microsoft Instructor-Led Courseware.

d. End User means an individual who is (i) duly enrolled in and attending an Authorized Training Session
or Private Training Session, (ii) an employee of a MPN Member, or (iii) a Microsoft full-time employee.
e. Licensed Content means the content accompanying this agreement which may include the Microsoft
Instructor-Led Courseware or Trainer Content.
f.

Microsoft Certified Trainer or MCT means an individual who is (i) engaged to teach a training session
to End Users on behalf of an Authorized Learning Center or MPN Member, and (ii) currently certified as a
Microsoft Certified Trainer under the Microsoft Certification Program.

g. Microsoft Instructor-Led Courseware means the Microsoft-branded instructor-led training course that
educates IT professionals and developers on Microsoft technologies. A Microsoft Instructor-Led
Courseware title may be branded as MOC, Microsoft Dynamics or Microsoft Business Group courseware.
h. Microsoft IT Academy Program Member means an active member of the Microsoft IT Academy
Program.
i.

Microsoft Learning Competency Member means an active member of the Microsoft Partner Network
program in good standing that currently holds the Learning Competency status.

j.

MOC means the Official Microsoft Learning Product instructor-led courseware known as Microsoft
Official Course that educates IT professionals and developers on Microsoft technologies.

k. MPN Member means an active Microsoft Partner Network program member in good standing.

MCT USE ONLY. STUDENT USE PROHIBITED

l.

Personal Device means one (1) personal computer, device, workstation or other digital electronic device
that you personally own or control that meets or exceeds the hardware level specified for the particular
Microsoft Instructor-Led Courseware.

m. Private Training Session means the instructor-led training classes provided by MPN Members for
corporate customers to teach a predefined learning objective using Microsoft Instructor-Led Courseware.
These classes are not advertised or promoted to the general public and class attendance is restricted to
individuals employed by or contracted by the corporate customer.
n. Trainer means (i) an academically accredited educator engaged by a Microsoft IT Academy Program
Member to teach an Authorized Training Session, and/or (ii) a MCT.

o. Trainer Content means the trainer version of the Microsoft Instructor-Led Courseware and additional
supplemental content designated solely for Trainers use to teach a training session using the Microsoft
Instructor-Led Courseware. Trainer Content may include Microsoft PowerPoint presentations, trainer
preparation guide, train the trainer materials, Microsoft One Note packs, classroom setup guide and Prerelease course feedback form. To clarify, Trainer Content does not include any software, virtual hard
disks or virtual machines.
2.

USE RIGHTS. The Licensed Content is licensed not sold. The Licensed Content is licensed on a one copy
per user basis, such that you must acquire a license for each individual that accesses or uses the Licensed
Content.

2.1

Below are five separate sets of use rights. Only one set of rights apply to you.

a. If you are a Microsoft IT Academy Program Member:


i. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft
Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is
in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not
install the Microsoft Instructor-Led Courseware on a device you do not own or control.
ii. For each license you acquire on behalf of an End User or Trainer, you may either:
1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End
User who is enrolled in the Authorized Training Session, and only immediately prior to the
commencement of the Authorized Training Session that is the subject matter of the Microsoft
Instructor-Led Courseware being provided, or
2. provide one (1) End User with the unique redemption code and instructions on how they can
access one (1) digital version of the Microsoft Instructor-Led Courseware, or
3. provide one (1) Trainer with the unique redemption code and instructions on how they can
access one (1) Trainer Content,
provided you comply with the following:
iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid
license to the Licensed Content,
iv. you will ensure each End User attending an Authorized Training Session has their own valid licensed
copy of the Microsoft Instructor-Led Courseware that is the subject of the Authorized Training
Session,
v. you will ensure that each End User provided with the hard-copy version of the Microsoft InstructorLed Courseware will be presented with a copy of this agreement and each End User will agree that
their use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement
prior to providing them with the Microsoft Instructor-Led Courseware. Each individual will be required
to denote their acceptance of this agreement in a manner that is enforceable under local law prior to
their accessing the Microsoft Instructor-Led Courseware,
vi. you will ensure that each Trainer teaching an Authorized Training Session has their own valid
licensed copy of the Trainer Content that is the subject of the Authorized Training Session,

MCT USE ONLY. STUDENT USE PROHIBITED

vii. you will only use qualified Trainers who have in-depth knowledge of and experience with the
Microsoft technology that is the subject of the Microsoft Instructor-Led Courseware being taught for
all your Authorized Training Sessions,
viii. you will only deliver a maximum of 15 hours of training per week for each Authorized Training
Session that uses a MOC title, and
ix. you acknowledge that Trainers that are not MCTs will not have access to all of the trainer resources
for the Microsoft Instructor-Led Courseware.

b. If you are a Microsoft Learning Competency Member:


i. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft
Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is
in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not
install the Microsoft Instructor-Led Courseware on a device you do not own or control.
ii. For each license you acquire on behalf of an End User or Trainer, you may either:
1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End
User attending the Authorized Training Session and only immediately prior to the
commencement of the Authorized Training Session that is the subject matter of the Microsoft
Instructor-Led Courseware provided, or
2. provide one (1) End User attending the Authorized Training Session with the unique redemption
code and instructions on how they can access one (1) digital version of the Microsoft InstructorLed Courseware, or
3. you will provide one (1) Trainer with the unique redemption code and instructions on how they
can access one (1) Trainer Content,
provided you comply with the following:
iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid
license to the Licensed Content,
iv. you will ensure that each End User attending an Authorized Training Session has their own valid
licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the Authorized
Training Session,
v. you will ensure that each End User provided with a hard-copy version of the Microsoft Instructor-Led
Courseware will be presented with a copy of this agreement and each End User will agree that their
use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to
providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to
denote their acceptance of this agreement in a manner that is enforceable under local law prior to
their accessing the Microsoft Instructor-Led Courseware,
vi. you will ensure that each Trainer teaching an Authorized Training Session has their own valid
licensed copy of the Trainer Content that is the subject of the Authorized Training Session,
vii. you will only use qualified Trainers who hold the applicable Microsoft Certification credential that is
the subject of the Microsoft Instructor-Led Courseware being taught for your Authorized Training
Sessions,
viii. you will only use qualified MCTs who also hold the applicable Microsoft Certification credential that is
the subject of the MOC title being taught for all your Authorized Training Sessions using MOC,
ix. you will only provide access to the Microsoft Instructor-Led Courseware to End Users, and
x. you will only provide access to the Trainer Content to Trainers.

MCT USE ONLY. STUDENT USE PROHIBITED

c.

If you are a MPN Member:


i. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft
Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is
in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not
install the Microsoft Instructor-Led Courseware on a device you do not own or control.
ii. For each license you acquire on behalf of an End User or Trainer, you may either:
1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End
User attending the Private Training Session, and only immediately prior to the commencement
of the Private Training Session that is the subject matter of the Microsoft Instructor-Led
Courseware being provided, or
2. provide one (1) End User who is attending the Private Training Session with the unique
redemption code and instructions on how they can access one (1) digital version of the
Microsoft Instructor-Led Courseware, or
3. you will provide one (1) Trainer who is teaching the Private Training Session with the unique
redemption code and instructions on how they can access one (1) Trainer Content,
provided you comply with the following:
iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid
license to the Licensed Content,
iv. you will ensure that each End User attending an Private Training Session has their own valid licensed
copy of the Microsoft Instructor-Led Courseware that is the subject of the Private Training Session,
v. you will ensure that each End User provided with a hard copy version of the Microsoft Instructor-Led
Courseware will be presented with a copy of this agreement and each End User will agree that their
use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to
providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to
denote their acceptance of this agreement in a manner that is enforceable under local law prior to
their accessing the Microsoft Instructor-Led Courseware,
vi. you will ensure that each Trainer teaching an Private Training Session has their own valid licensed
copy of the Trainer Content that is the subject of the Private Training Session,
vii. you will only use qualified Trainers who hold the applicable Microsoft Certification credential that is
the subject of the Microsoft Instructor-Led Courseware being taught for all your Private Training
Sessions,
viii. you will only use qualified MCTs who hold the applicable Microsoft Certification credential that is the
subject of the MOC title being taught for all your Private Training Sessions using MOC,
ix. you will only provide access to the Microsoft Instructor-Led Courseware to End Users, and
x. you will only provide access to the Trainer Content to Trainers.

d. If you are an End User:


For each license you acquire, you may use the Microsoft Instructor-Led Courseware solely for your
personal training use. If the Microsoft Instructor-Led Courseware is in digital format, you may access the
Microsoft Instructor-Led Courseware online using the unique redemption code provided to you by the
training provider and install and use one (1) copy of the Microsoft Instructor-Led Courseware on up to
three (3) Personal Devices. You may also print one (1) copy of the Microsoft Instructor-Led Courseware.
You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control.
e. If you are a Trainer.
i.
For each license you acquire, you may install and use one (1) copy of the Trainer Content in the
form provided to you on one (1) Personal Device solely to prepare and deliver an Authorized
Training Session or Private Training Session, and install one (1) additional copy on another Personal
Device as a backup copy, which may be used only to reinstall the Trainer Content. You may not
install or use a copy of the Trainer Content on a device you do not own or control. You may also
print one (1) copy of the Trainer Content solely to prepare for and deliver an Authorized Training
Session or Private Training Session.

MCT USE ONLY. STUDENT USE PROHIBITED

ii.

You may customize the written portions of the Trainer Content that are logically associated with
instruction of a training session in accordance with the most recent version of the MCT agreement.
If you elect to exercise the foregoing rights, you agree to comply with the following: (i)
customizations may only be used for teaching Authorized Training Sessions and Private Training
Sessions, and (ii) all customizations will comply with this agreement. For clarity, any use of
customize refers only to changing the order of slides and content, and/or not using all the slides or
content, it does not mean changing or modifying any slide or content.

2.2 Separation of Components. The Licensed Content is licensed as a single unit and you may not
separate their components and install them on different devices.

2.3 Redistribution of Licensed Content. Except as expressly provided in the use rights above, you may
not distribute any Licensed Content or any portion thereof (including any permitted modifications) to any
third parties without the express written permission of Microsoft.
2.4 Third Party Notices. The Licensed Content may include third party code tent that Microsoft, not the
third party, licenses to you under this agreement. Notices, if any, for the third party code ntent are included
for your information only.
2.5 Additional Terms. Some Licensed Content may contain components with additional terms,
conditions, and licenses regarding its use. Any non-conflicting terms in those conditions and licenses also
apply to your use of that respective component and supplements the terms described in this agreement.
3.

LICENSED CONTENT BASED ON PRE-RELEASE TECHNOLOGY. If the Licensed Contents subject


matter is based on a pre-release version of Microsoft technology (Pre-release), then in addition to the
other provisions in this agreement, these terms also apply:

a. Pre-Release Licensed Content. This Licensed Content subject matter is on the Pre-release version of
the Microsoft technology. The technology may not work the way a final version of the technology will
and we may change the technology for the final version. We also may not release a final version.
Licensed Content based on the final version of the technology may not contain the same information as
the Licensed Content based on the Pre-release version. Microsoft is under no obligation to provide you
with any further content, including any Licensed Content based on the final version of the technology.
b. Feedback. If you agree to give feedback about the Licensed Content to Microsoft, either directly or
through its third party designee, you give to Microsoft without charge, the right to use, share and
commercialize your feedback in any way and for any purpose. You also give to third parties, without
charge, any patent rights needed for their products, technologies and services to use or interface with
any specific parts of a Microsoft technology, Microsoft product, or service that includes the feedback.
You will not give feedback that is subject to a license that requires Microsoft to license its technology,
technologies, or products to third parties because we include your feedback in them. These rights
survive this agreement.
c.

Pre-release Term. If you are an Microsoft IT Academy Program Member, Microsoft Learning
Competency Member, MPN Member or Trainer, you will cease using all copies of the Licensed Content on
the Pre-release technology upon (i) the date which Microsoft informs you is the end date for using the
Licensed Content on the Pre-release technology, or (ii) sixty (60) days after the commercial release of the
technology that is the subject of the Licensed Content, whichever is earliest (Pre-release term).
Upon expiration or termination of the Pre-release term, you will irretrievably delete and destroy all copies
of the Licensed Content in your possession or under your control.

MCT USE ONLY. STUDENT USE PROHIBITED

4.

SCOPE OF LICENSE. The Licensed Content is licensed, not sold. This agreement only gives you some
rights to use the Licensed Content. Microsoft reserves all other rights. Unless applicable law gives you more
rights despite this limitation, you may use the Licensed Content only as expressly permitted in this
agreement. In doing so, you must comply with any technical limitations in the Licensed Content that only
allows you to use it in certain ways. Except as expressly permitted in this agreement, you may not:

access or allow any individual to access the Licensed Content if they have not acquired a valid license
for the Licensed Content,

alter, remove or obscure any copyright or other protective notices (including watermarks), branding
or identifications contained in the Licensed Content,

modify or create a derivative work of any Licensed Content,

publicly display, or make the Licensed Content available for others to access or use,

copy, print, install, sell, publish, transmit, lend, adapt, reuse, link to or post, make available or
distribute the Licensed Content to any third party,

work around any technical limitations in the Licensed Content, or

reverse engineer, decompile, remove or otherwise thwart any protections or disassemble the
Licensed Content except and only to the extent that applicable law expressly permits, despite this
limitation.

5. RESERVATION OF RIGHTS AND OWNERSHIP. Microsoft reserves all rights not expressly granted to
you in this agreement. The Licensed Content is protected by copyright and other intellectual property laws
and treaties. Microsoft or its suppliers own the title, copyright, and other intellectual property rights in the
Licensed Content.
6.

EXPORT RESTRICTIONS. The Licensed Content is subject to United States export laws and regulations.
You must comply with all domestic and international export laws and regulations that apply to the Licensed
Content. These laws include restrictions on destinations, end users and end use. For additional information,
see www.microsoft.com/exporting.

7.

SUPPORT SERVICES. Because the Licensed Content is as is, we may not provide support services for it.

8.

TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if you fail
to comply with the terms and conditions of this agreement. Upon termination of this agreement for any
reason, you will immediately stop all use of and delete and destroy all copies of the Licensed Content in
your possession or under your control.

9.

LINKS TO THIRD PARTY SITES. You may link to third party sites through the use of the Licensed
Content. The third party sites are not under the control of Microsoft, and Microsoft is not responsible for
the contents of any third party sites, any links contained in third party sites, or any changes or updates to
third party sites. Microsoft is not responsible for webcasting or any other form of transmission received
from any third party sites. Microsoft is providing these links to third party sites to you only as a
convenience, and the inclusion of any link does not imply an endorsement by Microsoft of the third party
site.

10.

ENTIRE AGREEMENT. This agreement, and any additional terms for the Trainer Content, updates and
supplements are the entire agreement for the Licensed Content, updates and supplements.

11.

APPLICABLE LAW.
a. United States. If you acquired the Licensed Content in the United States, Washington state law governs
the interpretation of this agreement and applies to claims for breach of it, regardless of conflict of laws
principles. The laws of the state where you live govern all other claims, including claims under state
consumer protection laws, unfair competition laws, and in tort.

MCT USE ONLY. STUDENT USE PROHIBITED

b. Outside the United States. If you acquired the Licensed Content in any other country, the laws of that
country apply.
12.

LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the laws
of your country. You may also have rights with respect to the party from whom you acquired the Licensed
Content. This agreement does not change your rights under the laws of your country if the laws of your
country do not permit it to do so.

13.

DISCLAIMER OF WARRANTY. THE LICENSED CONTENT IS LICENSED "AS-IS" AND "AS


AVAILABLE." YOU BEAR THE RISK OF USING IT. MICROSOFT AND ITS RESPECTIVE
AFFILIATES GIVES NO EXPRESS WARRANTIES, GUARANTEES, OR CONDITIONS. YOU MAY
HAVE ADDITIONAL CONSUMER RIGHTS UNDER YOUR LOCAL LAWS WHICH THIS AGREEMENT
CANNOT CHANGE. TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS, MICROSOFT AND
ITS RESPECTIVE AFFILIATES EXCLUDES ANY IMPLIED WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.

14.

LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM
MICROSOFT, ITS RESPECTIVE AFFILIATES AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP
TO US$5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL,
LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES.

This limitation applies to


o
anything related to the Licensed Content, services, content (including code) on third party Internet
sites or third-party programs; and
o
claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence,
or other tort to the extent permitted by applicable law.
It also applies even if Microsoft knew or should have known about the possibility of the damages. The
above limitation or exclusion may not apply to you because your country may not allow the exclusion or
limitation of incidental, consequential or other damages.

Please note: As this Licensed Content is distributed in Quebec, Canada, some of the clauses in this
agreement are provided below in French.
Remarque : Ce le contenu sous licence tant distribu au Qubec, Canada, certaines des clauses
dans ce contrat sont fournies ci-dessous en franais.

EXONRATION DE GARANTIE. Le contenu sous licence vis par une licence est offert tel quel . Toute
utilisation de ce contenu sous licence est votre seule risque et pril. Microsoft naccorde aucune autre garantie
expresse. Vous pouvez bnficier de droits additionnels en vertu du droit local sur la protection dues
consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties
implicites de qualit marchande, dadquation un usage particulier et dabsence de contrefaon sont exclues.

LIMITATION DES DOMMAGES-INTRTS ET EXCLUSION DE RESPONSABILIT POUR LES


DOMMAGES. Vous pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de dommages
directs uniquement hauteur de 5,00 $ US. Vous ne pouvez prtendre aucune indemnisation pour les autres
dommages, y compris les dommages spciaux, indirects ou accessoires et pertes de bnfices.
Cette limitation concerne:
tout ce qui est reli au le contenu sous licence, aux services ou au contenu (y compris le code)
figurant sur des sites Internet tiers ou dans des programmes tiers; et.
les rclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilit
stricte, de ngligence ou dune autre faute dans la limite autorise par la loi en vigueur.

MCT USE ONLY. STUDENT USE PROHIBITED

Elle sapplique galement, mme si Microsoft connaissait ou devrait connatre lventualit dun tel dommage. Si
votre pays nautorise pas lexclusion ou la limitation de responsabilit pour les dommages indirects, accessoires
ou de quelque nature que ce soit, il se peut que la limitation ou lexclusion ci-dessus ne sappliquera pas votre
gard.

EFFET JURIDIQUE. Le prsent contrat dcrit certains droits juridiques. Vous pourriez avoir dautres droits
prvus par les lois de votre pays. Le prsent contrat ne modifie pas les droits que vous confrent les lois de votre
pays si celles-ci ne le permettent pas.
Revised July 2013

MCT USE ONLY. STUDENT USE PROHIBITED


Microsoft Azure Fundamentals xi

Acknowledgements

MCT USE ONLY. STUDENT USE PROHIBITED

xii Microsoft Azure Fundamentals

Microsoft Learning would like to acknowledge and thank the following for their contribution towards
developing this title. Their effort at various stages in the development has ensured that you have a good
classroom experience.

Andrew J. Warren Content Developer

Andrew J. Warren - Content Developer/Subject Matter Expert. Andrew Warren has more than 25 years of
experience in the IT industry, many of which he has spent teaching and writing. He has been involved as a
subject matter expert for many of the Windows Server 2012 courses, and the technical lead on many
Windows 8 courses. He also has been involved in developing TechNet sessions on Microsoft Exchange
Server. Based in the United Kingdom, he runs his own IT training and education consultancy.

Damir Dizdarevic Subject Matter Expert/Content Developer

Damir Dizdarevic is an MCT, Microsoft Certified Solutions Expert (MCSE), Microsoft Certified Technology
Specialist (MCTS), and a Microsoft Certified Information Technology Professional (MCITP). He is a manager
and trainer of the Learning Center at Logosoft d.o.o., in Sarajevo, Bosnia and Herzegovina. He also works
as a consultant on IT infrastructure and messaging projects. Damir has more than 18 years of experience
on Microsoft platforms, and he specializes in Windows Server, Exchange Server, security, and
virtualization. He has worked as a subject matter expert and technical reviewer on many Microsoft Official
Courses (MOC) courses on Windows Server and Exchange topics, and has published more than 400
articles in various IT magazines, such as Windows ITPro and INFO Magazine. He's also a frequent and
highly rated speaker on most of Microsoft conferences in Eastern Europe. Additionally, Damir is a
Microsoft Most Valuable Professional (MVP) for Windows Server, 7 years in a row. His technical blog is
available at http://dizdarevic.ba/ddamirblog.

Marcin Policht Subject Matter Expert

Marcin Policht obtained his Master of Computer Science degree 18 years ago and has since then worked
in the Information Technology field, focusing primarily on directory services, virtualization, system
management, and database management. Marcin authored the first book dedicated to Windows
Management Instrumentation and co-wrote several others on topics ranging from core operating system
features to high-availability solutions. His articles have been published on ServerWatch.com and
DatabaseJournal.com. Marcin has been a Microsoft MVP for the last seven years.

Magnus Mrtensson Technical Reviewer

Magnus completed his Masters in Computer Science in 1999 and has more than 15 years of development
consulting experience. From Sweden, he runs his own company, Martensson Consulting, which offers
expert Windows Azure strategic, architectural, and development advice all over northern Europe. Magnus
was the first Microsoft Azure MVP in Scandinavia and was awarded MVP of the Year in 2012. He is an
international speaker and has given multiple TechEd presentations. An avid community enthusiast, he is
one of the creators of the Global Windows Azure Bootcamp, an annual event that runs at over 130
locations worldwide on a single day. He has a great passion for learning and sharing his own knowledge.

Ronald Beekelaar Technical Reviewer

Ronald Beekelaar is a long-time Hyper-V MVP and MCT. Ronald is a well-known trainer and presenter on
the topics of security, virtualization, Hyper-V, and Microsoft Azure. He is the founder of Virsoft Solutions,
which provides access to hosted online hands-on labs and demo environments for training centers,
Microsoft events, Microsoft product groups, and other customers. The hosted lab solution runs in Hyper-V
data centers and on Microsoft Azure.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals xiii

Contents
Module 1: Getting Started with Microsoft Azure
Module Overview

1-1

Lesson 1: What Is Cloud Computing?

1-2

Lesson 2: What Is Azure?

1-7

Lesson 3: Managing Azure

1-10

Lesson 4: Subscription Management and Billing

1-16

Lab: Use the Microsoft Azure Portal

1-21

Module Review and Takeaways

1-23

Module 2: Websites and Cloud Services


Module Overview

2-1

Lesson 1: Create and Configure Websites

2-2

Lesson 2: Deploy and Monitor Websites

2-8

Lesson 3: Create and Deploy Cloud Services

2-13

Lab: Websites and Cloud Services

2-21

Module Review and Takeaways

2-25

Module 3: Virtual Machines in Microsoft Azure


Module Overview

3-1

Lesson 1: Create and Configure Virtual Machines

3-2

Lesson 2: Configure Disks

3-12

Lab: Create a Virtual Machine in Microsoft Azure

3-18

Module Review and Takeaways

3-21

Module 4: Virtual Networks


Module Overview

4-1

Lesson 1: Getting Started with Virtual Networks

4-2

Lesson 2: Creating a Virtual Network

4-5

Lesson 3: Implementing Point-to-Site Networks

4-8

Lab: Create a Virtual Network

4-12

Module Review and Takeaways

4-15

Module 5: Cloud Storage


Module Overview

5-1

Lesson 1: Understand Cloud storage

5-2

Lesson 2: Create and Manage Storage

5-12

Lab: Configure Azure Storage

5-18

Module Review and Takeaways

5-20

Module 6: Microsoft Azure Databases


Module Overview

6-1

Lesson 1: Understand Relational Database Deployment Options

6-2

Lesson 2: Create and Connect to SQL Databases

6-5

Lab: Create a SQL Database in Azure

6-11

Module Review and Takeaways

6-14

Module 7: Azure Active Directory


Module Overview

7-1

Lesson 1: Manage Azure AD Objects

7-2

Lesson 2: Manage Authentication

7-9

Lab: Create Users in Azure Active Directory

7-13

Module Review and Takeaways

7-16

Module 8: Microsoft Azure Management Tools


Module Overview

8-1

Lesson 1: Azure PowerShell

8-2

Lesson 2: The Azure SDK and the Azure Cross-Platform Command-Line


Interface

8-8

Lab: Using Microsoft Azure Management Tools

8-13

Module Review and Takeaways

8-16

Lab Answer Keys


Module 1 Lab: Use the Microsoft Azure Portal

L1-1

Module 2 Lab: Websites and Cloud Services

L2-3

Module 3 Lab: Create a Virtual Machine in Microsoft Azure

L3-7

Module 4 Lab: Create a Virtual Network

L4-11

Module 5 Lab: Configure Azure Storage

L5-17

Module 6 Lab: Create a SQL Database in Azure

L6-21

Module 7 Lab: Create Users in Azure Active Directory

L7-25

Module 8 Lab: Using Microsoft Azure Management Tools

L8-29

MCT USE ONLY. STUDENT USE PROHIBITED

xiv Microsoft Azure Fundamentals

MCT USE ONLY. STUDENT USE PROHIBITED

About This Course xv

About This Course

This section provides a brief description of the course, including audience, suggested prerequisites, and
course objectives.

Course Description
Note: This first release (A) MOC version of course 10979A has been developed by using
the features available in Microsoft Azure in October, 2014. This includes some preview features.
Microsoft Learning will release a B version of this course with enhanced Microsoft PowerPoint
slides, copy-edited content, and Course Companion content on the Microsoft Learning site. The
B version may also include new Microsoft Azure features.

This course trains students on the basics of Microsoft Azure. It provides the underlying knowledge that
students will require when they evaluate Microsoft Azure as an administrator, developer, or database
administrator. This course lays the groundwork for further role-specific training in Azure, and also
provides the prerequisite knowledge for students wishing to attend course 20532A: Microsoft Azure for
Developers, or course 20533A: Microsoft Azure for IT Professionals.

Audience

This course is intended for IT professionals who have a limited knowledge of cloud technologies and want
to learn more about Microsoft Azure. The audience will include:

Individuals who want to evaluate the deployment, configuration, and administration of services and
virtual machines using Microsoft Azure.

Developers who want to evaluate the creation of Microsoft Azure solutions.

Windows Server administrators who want to evaluate the migration of on-premises Active Directory
roles and services to the cloud.

IT professionals who want to evaluate the use of Microsoft Azure to host web sites and mobile app
back-end services.

Database administrators who want to evaluate the use of Microsoft Azure to host Microsoft SQL
Server databases.

Student Prerequisites
This course requires that students meet the following prerequisites:

Professional experience in information technology.

An understanding of websites.

A basic understanding of Active Directory concepts such as domains, users, and domain controllers.

A basic understanding of database concepts, including tables and simple queries.

Course Objectives
After completing this course, students will be able to:

Describe the various Azure services, and access these services from the Azure portal.

Describe the Azure Websites service and Azure Cloud Services.

Create and configure virtual machines in Azure.

Create and implement Azure networks.

Create and configure cloud storage in Azure.

Use databases to store data in Azure.

Use Azure Active Directory (Azure AD), integrate applications with Azure AD, and manage
authentication.

Manage an Azure subscription by using Azure PowerShell, Microsoft Visual Studio, and the Azure
command-line interface.

Course Outline
The course outline is as follows:

MCT USE ONLY. STUDENT USE PROHIBITED

xvi About This Course

Module 1, Getting Started with Microsoft Azure" introduces students to cloud services and the various
Azure services. It describes how to use the Azure portal to access and manage Azure services, and to
manage Azure subscription and billing.
Module 2, Websites and Cloud Services" explains how to create, configure, and monitor websites by
using Azure. It also describes the creation and deployment of Cloud Services on Azure.

Module 3, Virtual Machines in Microsoft Azure" describes how to use Azure to deploy virtual machines
on locally installed servers. It also explains the creation and configuration of virtual machines, and the
management of virtual machine disks by using Azure.

Module 4, Virtual Networks" describes Azure virtual networks and explains how to create them. It also
explains how to implement how to implement communications between your on-premises infrastructure
and Azure by using point-to-site networks.
Module 5, Cloud Storage" describes the use of cloud storage and its benefits. It also explains how to
create, manage, and configure cloud storage in Azure.
Module 6, Microsoft Azure Databases" describes the options available for storing relational data in
Azure. It also explains how to use Microsoft Azure SQL Database to create, configure, and manage SQL
databases in Azure.

Module 7, Azure Active Directory" explains how to use Azure AD and Azure Multi-Factor Authentication
to enhance security. It explains how to create users, domains, and directories in Azure AD, and how to use
Multi-Factor Authentication and single sign-on (SSO).
Module 8, Microsoft Azure Management Tools" introduces Azure PowerShell, and explains its use in
managing Azure subscriptions. It also describes the Azure Software Development Kit (SDK) and the Azure
cross-platform command-line interface, and explains their benefits and uses.

MCT USE ONLY. STUDENT USE PROHIBITED

About This Course xvii

Course Materials
The following materials are included with your kit:

Course Handbook: A succinct classroom learning guide that provides the critical technical
information in a crisp, tightly-focused format, which is essential for an effective in-class learning
experience.
o

Lessons: Guide you through the learning objectives and provide the key points that are critical to
the success of the in-class learning experience.

Labs: Provide a real-world, hands-on platform for you to apply the knowledge and skills learned
in the module.

Module Reviews and Takeaways: Provide on-the-job reference material to boost knowledge
and skills retention.

Lab Answer Keys: Provide step-by-step lab solution guidance, when it is needed.

Additional Reading: Course Companion Content: Searchable, easy-to-browse digital


content with integrated premium online resources that supplement the Course Handbook.

Modules: Include companion content, such as questions and answers, detailed demo steps and
additional reading links, for each lesson. Additionally, they include Lab Review questions and answers
and Module Reviews and Takeaways sections, which contain the review questions and answers, best
practices, common issues and troubleshooting tips with answers, and real-world issues and scenarios
with answers.

Resources: Include well-categorized additional resources that give you immediate access to the most
current premium content on TechNet, MSDN, or Microsoft Press.

Note: For the A version of the courseware, Companion Content is not available. However,
the Companion Content will be published when the next (B) version of this course is released,
and students who have taken this course will be able to download the Companion Content at
that time from the http://www.microsoft.com/learning/en/us/companion-moc.aspx site.
Please check with your instructor when the B version of this course is scheduled to release to
learn when you can access Companion Content for this course.
Additional Reading: Student Course files: includes the Allfiles.exe, a self-extracting
executable file that contains all required files for the labs and demonstrations.

Course evaluation: At the end of the course, you will have the opportunity to complete an online
evaluation to provide feedback on the course, training facility, and instructor.
o

To provide additional comments or feedback on the course, send an email to


support@mscourseware.com. To inquire about the Microsoft Certification Program, send an
email to mcphelp@microsoft.com.

About This Course

Virtual Machine Environment


This section provides the information for setting up the classroom environment to support the business
scenario of the course.

Virtual Machine Configuration

MCT USE ONLY. STUDENT USE PROHIBITED

xviii

To complete the labs, you will work on your computer to access Microsoft Azure. You do not require any
o virtual machines on the local computer.

Software Configuration

This course requires a computer (physical, virtual, or cloud-based) that has the following capabilities and
software:

Internet connectivity

Internet Explorer 10

Microsoft Visual Studio Express 2013 for Windows Desktop

Microsoft SQL Server Management Studio Express

Windows Web Platform Installer 5.0

Visual Studio Express 2013 for Web with Microsoft Azure software development kit (SDK)

Microsoft Azure SDK for .NET

Course Files

The files associated with the labs in this course are located in the C:\Labfiles\LabXX folder on the student
computers.

Classroom Setup
Each classroom computer will have the required software installed as part of classroom setup.

Microsoft Azure Pass


This course contains labs which require you to access Microsoft Azure. Your MCT will provide details of
how to acquire, set up, and configure your Microsoft Azure pass.

MCT USE ONLY. STUDENT USE PROHIBITED


1-1

Module 1
Getting Started with Microsoft Azure
Contents:
Module Overview

1-1

Lesson 1: What Is Cloud Computing?

1-2

Lesson 2: What Is Azure?

1-7

Lesson 3: Managing Azure

1-10

Lesson 4: Subscription Management and Billing

1-16

Lab: Use the Microsoft Azure Portal

1-21

Module Review and Takeaways

1-23

Module Overview

As organizations move their IT workloads to the cloud, IT professionals must understand the principles on
which cloud-solutions are based, and learn how to deploy and manage cloud applications, services, and
infrastructure. Specifically, IT professionals who plan to use Microsoft Azure must learn about the services
that Azure provides, and how to manage those services.
This module provides an overview of Azure, and it explains the various Azure services. It also describes
how to access these services from the Azure portal, and how to manage your Azure subscription and
billing.

Objectives
After completing this module, you will be able to:

Describe cloud computing.

Describe Azure and the various Azure services.

Manage Azure services from the Azure portal.

Manage your Azure subscription and billing.

Lesson 1

What Is Cloud Computing?

MCT USE ONLY. STUDENT USE PROHIBITED

1-2 Getting Started with Microsoft Azure

Cloud computing plays an increasingly important role in IT infrastructure. Therefore, IT professionals must
be aware of fundamental cloud principles and techniques. There are three main types of cloud computing
models: public, private, and hybrid. Each of these models provides different services based on your needs.
Before you move to a cloud-based model, you must decide which type best suits your needs.
This lesson introduces the cloud, and describes considerations for implementing cloud-based
infrastructure services.

Lesson Objectives
After completing this lesson, you will be able to:

Describe key principles of cloud computing.

Identify the common types of cloud services.

Describe public, private, and hybrid cloud solutions.

Identify suitable uses for cloud services.

Overview of Cloud Computing


Cloud computing is a term that describes the
delivery and consumption of computing and
application resources from a remote location,
often but not necessarily over the Internet. Users
subscribe to cloud computing resources. Based
on their consumption of those resources, the
cloud computing provider charges the users. The
charge might be based on a number of usage
characteristics, such as the volume of storage
used, the power of virtual machines provisioned,
or other factors.

Cloud computing applications are typically


independent of an operating system, and they are available to users across a wide variety of devices. From
an administrative perspective, cloud computing infrastructure should:

Be pooled.

Be able to deliver multitenant services.

Allow rapid scalability.

Most cloud solutions are built on virtualization technology, which abstracts physical hardware as a layer of
virtualized resources for processing, memory, storage, and networking. Many cloud solutions add further
layers of abstraction to define specific services that can be provisioned and used.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 1-3

Regardless of the specific technologies that organizations use to implement cloud computing solutions,
the National Institute of Standards and Technology has identified that the technologist exhibit the
following five characteristics:

On-demand self-service. Cloud services are generally provisioned according to requirement, and need
minimal infrastructure configuration by the consumer. This enables users of cloud services to quickly
set up the resources they want, typically without having to involve IT specialists.

Broad network access. Consumers generally access cloud services over a network connection, usually
either a corporate network or the Internet.

Resource pooling. Cloud services can use a pool of hardware resources that consumers might share. A
hardware pool might consist of hardware from multiple servers that are arranged as a single logical
entity.

Note: As your use of resources increases, you might take on a greater proportion of the
hardware hosting your services until you have exclusive use of the physical server computer
hosting your resources.

Rapid elasticity. Cloud services scale dynamically to obtain additional resources from the pool as
workloads intensify, and release resources automatically when they are no longer needed.

Measured service. Cloud services generally include some sort of metering capability. Metering makes
it possible to track relative resource usage by the users, or subscribers of the services.

The advantages of cloud computing are:

Managed datacenter. With cloud computing, your service provider can manage your datacenter. This
obviates the need for you to manage your own IT infrastructure. Cloud computing also enables you
to access computing services irrespective of your location and the hardware that you use to access
those services. Although the datacenter remains a key element in cloud computing, the emphasis is
on virtualization technologies that focus on delivering applications rather than on infrastructure.

Lower operational costs. Cloud computing provides pooled resources, elasticity, and virtualization
technology. These factors help you to alleviate issues such as low system use, inconsistent availability,
and high operational costs. It is important to remember that with cloud computing, you only pay for
the services that you use; this can mean substantial savings on operational costs for most
organizations.

Server consolidation. You can consolidate servers across the datacenter by using the cloud computing
model, because it can host multiple virtual machines on a virtualization host.

Better flexibility and speed. When you use the cloud computing model with products such as System
Center 2012, you can increase resources flexibility and the speed of access to resources.

Cloud Services
Cloud services generally fall into one of the
following three categories:

Software as a service (SaaS)

Platform as a service (PaaS)

Infrastructure as a service (IaaS)

SaaS

MCT USE ONLY. STUDENT USE PROHIBITED

1-4 Getting Started with Microsoft Azure

SaaS offerings consist of complete software


applications that are delivered as a cloud-based
service. Users can subscribe to the service and use
the application, normally through a web browser
or by installing a client-side app. Examples of Microsoft SaaS services include Microsoft Office 365, Skype,
and Microsoft Dynamics CRM Online. The primary advantage of SaaS services is that they enable users to
easily access applications without the need to install and maintain them. Typically, users do not have to
worry about issues such as updating applications and maintaining compliance, because the service
provider handles these tasks.

PaaS

PaaS offerings consist of cloud-based services that provide resources on which developers can build their
own solutions. Typically, PaaS encapsulates fundamental operating system (OS) capabilities, including
storage and compute, as well as functional services for custom applications. Usually, PaaS offerings
provide application programming interfaces (APIs), and configuration and management user interfaces.
Azure provides PaaS services that simplify the creation of solutions such as web and mobile applications.
PaaS enables developers and organizations to create highly-scalable custom applications without having
to provision and maintain hardware and OS resources. The main benefit PaaS provides to your
organization is that you can shift much, if not most of your infrastructure to the cloud, thus possibly
reducing management tasks and costs.

IaaS

IaaS offerings provide virtualized server and network infrastructure components that users can easily
provision and decommission as required. Typically, the management of IaaS facilities is similar to that of
on-premises infrastructure. IaaS facilities provide an easy migration path for moving existing applications
to the cloud.

A key point to note is that an infrastructure service might be a single IT resourcesuch as a virtual server
with a default installation of Windows Server 2012 R2 and SQL Server 2014or it might be a completely
pre-configured infrastructure environment for a specific application or business process. For example, a
retail organization might empower departments to provision their own database servers to use as data
stores for custom applications. Alternatively, the organization might define a set of virtual machine and
network templates that it can provision as a single unit to implement a complete, pre-configured
infrastructure solution, including all the required applications and settings, for a branch or store.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 1-5

Public, Private, and Hybrid Clouds


Cloud computing uses three main deployment
models:

Public cloud. Public clouds are infrastructure,


platform, or application services that a cloud
service provider delivers for access and
consumption by multiple organizations. With
public cloud services, the organization that
signs up for the service does not have the
management overhead that the private cloud
model would require. This also means that the
organization has less control of the
infrastructure and services, because the
service provider manages this for the organization. In addition, the public cloud hosts the
infrastructure and services for multiple organizations (multitenant), so you might need to consider the
potential data sovereignty implications of this model.

Private cloud. Individual organizations privately own and manage private clouds. Private clouds offer
benefits similar to those of public clouds, but are designed and secured for a single organizations
use. The organization manages and maintains the infrastructure for the private cloud in its datacenter.
One of the key benefits of this approach is that the organization has complete control over the cloud
infrastructure and services that it provides. However, the organization also has the management
overhead and costs that are associated with this model.

Hybrid cloud. In a hybrid cloud, a technology binds two separate clouds (public and private) together
for the specific purpose of obtaining resources from both. You decide which elements of your services
and infrastructure to host privately, and which to host in the public cloud.
Many organizations use a hybrid model when extending to the cloud; that is, they begin to shift some
elements of their applications and infrastructure to the cloud. Sometimes, an application and its
supporting infrastructure are shifted to the cloud, while the underlying database is maintained within
the organizations own infrastructure. This approach might be used to address security concerns with
that particular database.

Microsoft cloud services provide technology and applications across all of these cloud computing models.
Some examples of Microsoft cloud services are:

Microsoft public cloud services:


o

Azure. Azure is a public cloud environment that offers PaaS, SaaS, and IaaS. Developers can
subscribe to Azure services and create software, which is delivered as SaaS. Microsoft cloud
services use Azure to deliver some of its own SaaS applications.

Office 365. Office 365 delivers online versions of the Microsoft Office applications and online
business collaboration tools.

Microsoft Dynamics CRM Online. Dynamics CRM Online is the version of the on-premises
Microsoft Dynamics CRM application that Microsoft hosts.

Microsoft private cloud:


o

Hyper-V in Windows Server 2012 R2 combines with System Center 2012 R2 to create the
foundation for building private clouds. By implementing these products as a combined solution,
you can deliver much of the same functionality that public clouds offer.

The Microsoft hybrid cloud approach:


o

Microsoft provides a number of solutions that support the hybrid cloud model, by enabling
you to:

MCT USE ONLY. STUDENT USE PROHIBITED

1-6 Getting Started with Microsoft Azure

Back up an on-premises cloud application to a service provider.

Manage, monitor, and move virtual machines between different clouds.

Connect and federate directory services that allow your users to access applications that are
constructed across a combination of on-premises, service provider, and public cloud types.

Discussion: How Will Your Organization Use Cloud Computing?


Consider how the various cloud computing
scenarios might benefit your organization. Be
prepared to discuss this with the class.
Question: How will your organization use
cloud computing?

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 1-7

Lesson 2

What Is Azure?

Azure is the public cloud services offering from Microsoft. Microsoft datacenters deliver Azure services
over the Internet. Customers can subscribe to a variety of the Azure services that run in these datacenters,
typically at a cost lower than they might incur if they purchased or hosted their own hardware, or built
their own services and software.
Individuals, customers, and Microsoft partners can use several methods to access Azurebased services.
Partners have access to programs such as Microsoft Azure platform Cloud Essentials for Partners and
Cloud Accelerate. Both customers and partners can access resources through MSDN and through the
Microsoft BizSpark program, each of which provides a predefined amount of resources and services to
build solutions.
This lesson provides an overview of Azure and its services.

Lesson Objectives
After completing this lesson, you will be able to:

Describe Azure.

Describe the available Azure services.

Overview of Azure
Azure is a collection of cloud services that you
can use to build and operate cloud-based
applications and IT infrastructure. A global
network of datacenters host Azure services.
Microsoft technicians manage these data centers
on a 24-hours-a-day basis. Azure offers a 99.95
percent availability service level agreement (SLA)
for computing services.
Azure services enable you to:

Create and operate cloud-based applications


by using a wide range of commonly used
tools and frameworks.

Host workloads in the cloud on Azure PaaS services and IaaS infrastructure that comprise virtual
machines and virtual networks.

Integrate cloud services with on-premises infrastructure.

To use Azure services, you require a subscription. You can sign up for a subscription as an individual or as
an organization, and then pay for the services you use on a usage-based cost basis.
Note: Microsoft Azure was formerly known as Windows Azure.
Additional Reading: To download the Microsoft Azure free trial, go to
http://go.microsoft.com/fwlink/?LinkID=517412.

Available Azure Services


There are four categories of Azure services:
compute, data services, app services, and network
services.

Compute

MCT USE ONLY. STUDENT USE PROHIBITED

1-8 Getting Started with Microsoft Azure

Websites. You can use website services to


develop and deploy more secure and scalable
websites, including integration with many
source control technologies. Microsoft Azure
supports many languages including ASP.NET
(sometimes known as classic ASP), PHP,
Node.js, and Python. You can also deploy a
choice of SQL Server databases, or deploy
MySQL. There are several open source applications, templates, and frameworks available in the Web
App Gallery. These include CakePHP, DotNetNuke, Drupal, Django, Express, WordPress, and Umbraco.

Cloud services. Provides a platform that can host web applications and web services. Cloud services
use a modular architecture that allows you to scale your application to larger sizes while minimizing
costs.

Virtual machines. You can build virtual machine instances from scratch, or by using templates. You
also can build them on your own site, and then transfer them to Azure (or the other way around).
Virtual machines can run a variety of workloads, including many Microsoft-certified workloads such as
SQL Server, SharePoint Server, and BizTalk Server.

Mobile services. You can use these services to build mobile phone apps, including storage,
authentication, and notification services for Windows apps, Android apps, and Apple iOS apps.

Data Services

SQL Database. Azure includes a SQL Database offering. SQL Database provides interoperability, which
enables customers to build applications by using most development frameworks.

Storage. You can use the storage service to create and manage storage accounts for blobs, tables, and
queues.

Microsoft Azure HDInsight. Microsoft Azure HDInsight is the Hadoop-based solution from Microsoft.
Hadoop is used to process and analyze big data.

Recovery services. You can back up directly to Azure. You can configure the cloud backups from the
backup tools in Windows Server 2012 R2, or from System Center 2012 R2.

App Services

Media Services. You can use media services to create, manage, and distribute media across a large
variety of devices such as Xbox, computers running the Windows operating system, MacOS, iOS, and
Android.

Messaging. The Microsoft Azure Service Bus provides the messaging channel for connecting cloud
applications to on-premises applications, services, and systems.

Microsoft Azure AD. This is a modern, Representational State Transfer-based (REST-based) service that
provides identity management and access control capabilities for cloud applications. It is the identity
service that is used across Microsoft Azure, Office 365, Microsoft Dynamics CRM Online, Windows
Intune, and other non-Microsoft cloud services. Microsoft Azure Active Directory (AD) also can
integrate with on-premises Active Directory deployments.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 1-9

Visual Studio Online. You can use Visual Studio online to create and manage team projects and code
repositories. Visual Studio online enables you to write and deploy a variety of different types of apps,
including those for Windows Phone and Windows Store, desktop apps, web apps, and web services.

CDN. The Azure Content Delivery Network (CDN) allows developers to deliver high-bandwidth
content by caching blobs and static content of compute instances at physical nodes throughout the
world.

Scheduler. This provides a mechanism to schedule jobs within Azure.

BizTalk service. This service provides supporting tools that allow developers to build solutions that
connect services and systems with disparate data formats and protocols.

Network Services

Microsoft Azure Virtual Network. You can use the Microsoft Azure Virtual Network (Virtual Network)
to create a logically isolated section in Microsoft Azure, and then connect it securely either to your
on-premises datacenter or to a single client machine, by using an IPsec connection.
Note: The next topic discusses Virtual Network in more depth.

Microsoft Azure Traffic Manager. You can use Microsoft Azure Traffic Manager (Traffic Manager) to
load-balance inbound traffic across multiple Azure services. This helps ensure the performance,
availability, and resiliency of applications.

Note: Azure is continually being improved and enhanced, and new services are added on a
regular basis.
Additional Reading: For a full list of services currently available in Azure, go to the
Microsoft Azure website at http://go.microsoft.com/fwlink/?LinkID=517413.

Lesson 3

Managing Azure
Azure provides web-based portals in which you can provision and manage your organizations Azure
subscriptions and services. These portals provide the initial environment in which you will work with
Azure, and it is important to know how to navigate and use the portals to manage Azure services.

Lesson Objectives
After completing this lesson, you will be able to:

Explain how to use the Azure management portal.

Explain how to use the preview Azure portal.

Use the new Azure management portal preview.

Describe the available client-based Azure management tools.

The Azure Portal


The existing Azure management portal is the
primary user interface for provisioning and
managing Azure services. It is implemented as a
web application, and it requires that you sign in
using a Microsoft account or an organizational
account that is associated with one or more Azure
subscriptions.
Additional Reading: To sign in to the Azure
management portal, go to
http://go.microsoft.com/fwlink/?LinkID=517414.

MCT USE ONLY. STUDENT USE PROHIBITED

1-10 Getting Started with Microsoft Azure

The Azure management portal consists of a page for each Azure service. It also includes an All Items page
in which you can view all provisioned services in your subscriptions, and a Settings page in which you can
configure subscription-wide settings.

Provisioning Services

You can provision a new instance of a service by clicking the New button on any page. Most services
provide a dialog box in which you can enter the user-definable settings for the service before creating it.
Service provisioning is performed asynchronously, and an indicator at the bottom of the page shows
current activity. You can expand this indicator to show a list of completed and in-process tasks.

Managing Services

Your provisioned services are listed on the All Items page and on each service-specific page. The list shows
the name, status, and service-specific settings for each service. You can click a service name in the list to
view the dashboard for that service instance, where multiple tabbed sub-pages enable you to view and
configure service-specific settings. In most cases, you make changes to a service by using the dynamic
toolbar of context-specific icons at the bottom of the sub-page.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 1-11

Adding Co-Administrators

When you provision an Azure subscription, you are automatically designated as the administrator for
that subscription, and you can manage all services and settings for the subscription. You can add coAdministrators in the Settings tab of the management portal by specifying the email address of each user
to whom you want to grant administrative privileges.
Note: The email account is the Microsoft account assigned to the user.

The Preview Azure Portal


Although the existing Azure management portal
still provides the primary user interface for
managing Azure services, a new version of the
portal is available in preview form. The Preview
Azure portal represents a significant change in the
way that developer and operations (dev/ops) tasks
are performed in Azure.
Additional Reading: To view the preview
Azure portal, go to
http://go.microsoft.com/fwlink/?LinkID=517415.
Note: You can accomplish most tasks in both the current portal and the Preview (new)
portal. However, the Preview portal does not include certain tasks, and you must perform these in
the existing portal. In addition, some new preview features are only available in the Preview
portal.

Portal Elements and Concepts


The Preview portal contains the following user interface (UI) elements:

Startboard. The home page for your Azure environment, conceptually similar to the Start screen in
Windows. You can pin commonly used items to the Startboard to make it easier to navigate to them.
By default, the Startboard includes tiles that show global Azure service health, a shortcut to the Azure
gallery of available services, and a summary of billing information for your subscriptions.

Blades. Panes in which you can view and configure details of a selected item. Each blade is displayed
as a pane in the user interface, and it often contains a list of services or other items that you can click
to open another blade. In this way, you can navigate through several blades to view details of a
specific item in your Azure environment. These navigations through blades are referred to as journeys.
You can maximize and minimize some blades to optimize screen real estate and simplify navigation.

Hub Menu. A bar on the left side of the page, which contains the following icons:
o

Home. Returns the page to the left so that the Hub Menu and Startboard are visible.

Notifications. Opens a blade on which you can view notifications about the status of tasks.

Browse. Starts a journey to view details of a service in your Azure environment.

Journeys. Lists recent blades that you have viewed, enabling you to quickly navigate back to
them.

Billing. Provides details of charges and remaining credit for your subscriptions. Billing is also
available on a resource group basis.

New. Enables you to create a new service in your Azure environment.

MCT USE ONLY. STUDENT USE PROHIBITED

1-12 Getting Started with Microsoft Azure

You can switch to the Preview portal from the existing portal by clicking your account name and then
clicking Switch to new portal. Conversely, to switch to the existing portal from the Preview portal, click
the Azure Portal tile in the Startboard.

Demonstration: Navigating the Portals


In this demonstration, you will see how to:

Use the Azure management portal.

Use the Preview Azure portal.

Demonstration Steps
Use the Azure Management Portal
1.

Ensure that you are signed in to your local host.

2.

Start Internet Explorer, browse to http://azure.microsoft.com, click Portal, and sign in using the
Microsoft account that is associated with your Azure subscription.

3.

On the left side of the page, note the pane that contains icons for each service. Then, at the bottom
of this pane, click SETTINGS (you may need to use the scroll bar for the pane).

4.

On the settings page, on the SUBSCRIPTIONS tab, note the details of your subscription; click the
ADMINISTRATORS tab and verify that your Microsoft account is listed as the service administrator;
and then click the AFFINITY GROUPS tab and note that this is where you can add affinity groups to
your subscription.

5.

In the services pane on the left, click STORAGE, and at the bottom of the page, click NEW. Then, in
the panel that appears, click QUICK CREATE, enter the following details, and click CREATE STORAGE
ACCOUNT:
o

URL: Enter a unique valid value

LOCATION / AFFINITY GROUP: Select the location that is closest to your geographic location

REPLICATION: Locally Redundant

6.

At the bottom of the page, note the Active Progress indicator, which is animated to show that an
action is in progress.

7.

On the storage page, wait for your storage account status to become Online. Then click the name of
your storage account.

8.

On the page for your storage account, note the getting started information. Then view each of the
tabs for the storage account, noting that the context-aware tool bar at the bottom of the page
changes to reflect the current tab.

9.

Click the Back icon on the left to return to the storage page. Then click ALL ITEMS and note that the
storage account is listed on this page.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 1-13

Use the Preview Azure Portal


1.

At the top right of the Microsoft Azure management portal, click your Microsoft account name, and
then click Switch to new portal. This opens a new tab in Internet Explorer.
Note: If the Welcome to Microsoft Azure dialog box appears, click Get started.

2.

When the new portal is loaded, view the tiles in the Startboard, noting the service health of the Azure
datacenters and the billing status for your subscription.

3.

Click the Service health tile, and in the resulting Service health blade, note the status for the
individual Azure services, and then click Storage.

4.

On the Storage blade, note the status for each region, and then click the region in which you
previously created a storage account.

5.

Review the status of the storage service in your selected region, and then on the Hub Menu, click
HOME. Note that the page scrolls to view the Startboard, but the blades that you opened remain
open.

6.

In the Hub Menu, click BROWSE, and then click Storage. Note that the currently open blades are
replaced with a new blade that shows your storage accounts.

7.

On the Storage blade, click your storage account, and on the blade that is opened, view the details of
your storage account, noting that it has been automatically assigned to a resource group named
Default-Storage-SelectedRegion.

8.

At the top of the blade for your storage account, click the Pin blade to Startboard icon and note
that a tile for this blade is added to the Startboard.

9.

On the Hub Menu, click JOURNEYS, and in the list of journeys, click Service health. Then close the
Journeys pane and note that the blades you opened to check the status of the storage service in
your selected region are reopened.

10. On the Hub Menu, click NEW, and in the New pane, click Website. Then in the Website blade, enter
the following settings, and click Create:
o

URL: Enter a unique, valid URL

WEB HOSTING PLAN: Use the default plan

RESOURCE GROUP: Click the default resource group name, and then click Create a new resource
group. Then on the Create resource group blade, enter the name Demo-Web-App and click OK.

SUBSCRIPTION: Your subscription

LOCATION: Click the default location, and then select the location nearest to you.

Add to Startboard: Selected

11. Wait for the website to be created, and then in the blade for the website (which opens automatically
after the website is created), note the information about the new website.

12. In Internet Explorer, switch to the tab containing the full Azure portal, and refresh the page. Note that
the website you created in the new portal is listed in the all items page.

Client Tools
The Azure portals provide a graphical user
interface for managing your Azure subscriptions
and services, and in many cases, these are
the primary management tools for service
provisioning and operations. However, it is
common to want to automate Dev/Ops tasks
by creating re-usable scripts, or to combine
management of Azure resources with
management of other network and infrastructure
services.
You can use Visual Studio, SQL Server
Management Studio, and Windows PowerShell to
manage some aspects of your Azure subscription and services.

Azure Tools for Visual Studio

MCT USE ONLY. STUDENT USE PROHIBITED

1-14 Getting Started with Microsoft Azure

Developers can use Azure Tools for Visual Studio to develop Azure projects. Examples include the
development of Azure cloud and mobile services, and ASP.NET web applications. Developers can use the
tools to run and debug projects locally before they publish them to Azure.
Additional Reading: The Azure Tools are part of the Azure SDK for .NET, which you can
download from Microsoft Azure Downloads: http://go.microsoft.com/fwlink/?LinkID=517416.

SQL Server Management Studio

You can use SQL Server Management Studio to connect to an Azure SQL Database Server and manage it
in a way similar to how you manage SQL Server instances. The ability to manage SQL Server instances and
SQL Database servers by using the same tool is useful in hybrid IT environments. However, many of the
graphical designers in SQL Server Management Studio are not compatible with SQL Database, so you
must perform most tasks by executing Transact-SQL statements.
Note: You also can use the SQLCMD command-line tool to connect to Azure SQL Database
servers and execute Transact-SQL commands.

Windows PowerShell

Windows PowerShell provides a scripting platform for managing Windows. You can extend this platform
to a wide range of other infrastructure elements, including Azure, by importing modules of encapsulated
code called cmdlets.
Azure PowerShell is the primary PowerShell library for managing Azure services, and you can install it by
using the Microsoft Web Platform Installer.
Additional Reading: You can find a link to the latest version of Azure PowerShell at
http://go.microsoft.com/fwlink/?LinkID=517416.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 1-15

Azure PowerShell includes the following modules:

Azure. A core set of cmdlets for managing Azure services.

AzureResourceManager. A set of cmdlets for managing resource groups.

AzureProfile. A set of cmdlets for managing authentication and execution context.

In many cases, you will need only the Azure PowerShell library. The Azure PowerShell module has a
dependency on the Microsoft .NET Framework 4.5, and the Web Platform Installer checks for this during
installation.
Note: If you plan to implement Active Directory (AD) in Azure, you can install the Azure AD
PowerShell library to manage users, groups, and other aspects of the directory from Windows
PowerShell. Before you can install the Azure AD module, you must install the Microsoft Online
Services Single Sign-In Assistant.

Lesson 4

Subscription Management and Billing


It is important that you understand how to manage your subscription, including the billing for it. This
lesson describes the various Azure subscription options, explains how to manage subscription features,
and provides an overview of subscription billing.

Lesson Objectives
After completing this lesson, you will be able to:

Describe the available Azure subscriptions.

Manage an Azure subscription.

Understand current Azure subscription pricing.

Explain the Azure pricing calculator.

Navigate the Azure billing workspace.

Use the Azure billing workspace.

Accounts, Subscriptions, and Administrative Roles


Your Azure subscription is related to your Azure
account and administrative roles. It is important to
understand the difference between accounts,
subscriptions, and administrative roles in Azure.

Accounts and Subscriptions


An Azure account determines how your Azure
usage is reported, and to whom it is reported.
A subscription enables you to organize your
access to your cloud services and resources. A
subscription helps you control how your resource
usage is reported, billed, and paid for.
Each of your subscriptions can have a different billing and payment setup. This enables you to have
different subscriptions and different plans by department, project, regional office, or other factor. Every
cloud service belongs to a subscription, and the subscription ID is often required for some operations.

Administrative Roles
There are three Azure administrative roles. These are:

Account administrator. There is one account administrator for each Azure account. The account
administrator is allowed to access the Account Center. This enables the account administrator to
create subscriptions, cancel subscriptions, change billing for a subscription, or change Service
Administrator, among other tasks.

Note: The Account Administrator for a subscription is the only person who has access to
the Account Center. They do not have any other access to services in that subscription.

MCT USE ONLY. STUDENT USE PROHIBITED

1-16 Getting Started with Microsoft Azure

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 1-17

Additional Reading: You can access the Azure Account Center from the Microsoft website:
http://go.microsoft.com/fwlink/?LinkID=517417.

Service administrator. There is one service administrator for each Azure subscription. The service
administrator is able to access the Azure Management Portal for all subscriptions in the account. By
default, the user account associated with this role is the same as the Account Administrator when
your subscription is created.

Co-administrator. You can have up to 200 co-administrators for each Azure subscription. This role
has the same functions as the Service Administrator, but it cannot change the association of
subscriptions to Azure directories.

Demonstration: Managing a Subscription


In this demonstration, you will see how to manage Azure subscriptions.

Demonstration Steps
1.

In Internet Explorer, in the Microsoft Azure management portal, in the navigation pane, click
SETTINGS.

2.

In the settings pane, click the ADMINISTRATORS tab.

3.

At the bottom of the screen, click ADD.

4.

In the Specify a co-administrator for subscriptions dialog box, in the EMAIL ADDRESS box, type
User1@Contoso.com.

5.

Select the check box next to your subscription in the SUBSCRIPTION list below, and then click OK
(the check box).

Azure Pricing
At the time of writing, there are three pricing
options. These are:

Pay-as-you-go. Choose this option if you


want a flexible pricing plan. You only pay for
the services you use. You may cancel this
subscription at any time. You can only make
payments by using credit or debit cards. It is
important to note that usage quotas apply to
this plan, including limits on cloud services
and virtual machines, storage, and Active
Directory.

Additional Reading: For further


information about this plan, including usage quotas, visit the Azure website:
http://go.microsoft.com/fwlink/?LinkID=517418.

Buy from a Microsoft Reseller. To work with the same resellers from whom you currently purchase
Microsoft software under the Open Volume License Program, you can select this option. You must
purchase Azure in Open credits from your vendor. You can then activate your subscription using
those credits. You can apply Azure in Open Licensing credits towards any Azure Service that is eligible
for monetary commitments, when purchased online. Services that are not eligible for use with
monetary commitments, such as Azure Rights Management Services and Azure Active Directory
Premium, cannot be procured using Azure in Open.

Additional Reading: For further information about this plan, visit the Azure website:
http://go.microsoft.com/fwlink/?LinkID=517419.

MCT USE ONLY. STUDENT USE PROHIBITED

1-18 Getting Started with Microsoft Azure

Enterprise agreements. This option is best suited to large organizations that sign an Enterprise
Agreement (EA) and make an upfront commitment to purchase Azure services. Customers who select
this option can use the Enterprise Portal to administer their subscription. Customers are also billed
annually, based on their services usage. This can make it easier to accommodate unplanned growth.

Additional Reading: For more information about licensing Azure in the Enterprise, visit the
Azure website: http://go.microsoft.com/fwlink/?LinkID=517420.
Microsoft also provides a number of benefits to members of specific programs, such as MSDN, the
Microsoft Partner network, and BizSpark:

MSDN. Members receive monthly credits toward their Azure subscription.

Partner. Partners receive monthly credits toward their Azure subscription and receive access to
resources to help expand their cloud practice.

BizSpark. Members receive monthly credits toward their Azure subscription.

Additional Reading: For more information about members benefits, visit the Microsoft
Azure website: http://go.microsoft.com/fwlink/?LinkID=517421.
Additional Reading: The Azure pricing website can be accessed at:
http://go.microsoft.com/fwlink/?LinkID=517422.

Pricing Calculator
When you plan the cost of your Azure
subscription, you can use the Microsoft Azure
pricing calculator. Within the calculator are nodes
for determining the cost of the various Azure
services. These are:

Websites

Virtual machines

Mobile services

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 1-19

Cloud services

Data management

Additional Reading: To view the pricing calculator, go to


http://go.microsoft.com/fwlink/?LinkID=517423.

To calculate your Azure subscription cost, select the appropriate node, and then adjust the parameters of
the service that you require. You can configure the following parameters for each of the nodes:

Websites. Select between Free, Shared, and Standard models, and then configure the required sites,
virtual machines, bandwidth, and support options to determine the cost.

Virtual machines. Select between Windows, Linux, SQL Server, BizTalk Server, and Oracle Software
virtual machine types, and then configure the size, bandwidth, and support options.

Mobile services. Choose between Free, Basic, and Standard mobile services, and then select the
appropriate SQL Server database size, the appropriate bandwidth, the notification hubs, and the
support options.

Cloud services. Choose the size of your Web and Worker role instances, SQL database size,
bandwidth, and support options to determine the expected cost.

Data management. Select between Locally redundant, Zone redundant, Geo redundant, and Readaccess Geo redundant options. You can then choose the appropriate level for import and export,
backup size, site recovery options, SQL database number and sizing, machine learning, cache options,
bandwidth, and support. The calculator will then determine the likely cost.

You can also use the full calculator node for more complex Azure subscriptions. This node enables you to
select individual services and their configuration options from across all available Azure services.
Once you have selected and configured your Azure subscription services, you can proceed to purchase
and provision the subscription.

Billing Workspace
You can view and manage the charges for your
Azure subscription from either the portal or the
Preview portal.
From within the portal, on the OVERVIEW tab, you
can view the following information:

Subscription status. Shows the current credit


remaining, and a summary of billing
information. It also provides links to
additional information.

Change payment method. Enables you to


change your preferred payment method for
the selected subscription.

Download usage details. You can download your usage history into a CSV file. Selecting this option
moves the focus to the BILLING HISTORY tab.

Edit subscription details. Enables you to change the subscription name and associated service
administrator email account name. We recommend that you do this.

Change subscription address. You can change the subscription billing address.

Cancel subscription. Enables you to cancel your subscription.

You can use the BILLING HISTORY tab to review previous usage and view your current status.
Note: You access the billing workspace from the main Azure portal. Click your account
name in the Azure portal window, click View my bill, and then select your subscription. To access
the billing workspace from the Preview portal, click BILLING in the navigation pane.
Additional Reading: For further information on interpreting your Azure bill, visit the Azure
website: http://go.microsoft.com/fwlink/?LinkID=517424.

Demonstration: Using the Billing Workspace


In this demonstration, you will see how to manage Azure billing.

Demonstration Steps

MCT USE ONLY. STUDENT USE PROHIBITED

1-20 Getting Started with Microsoft Azure

1.

In Internet Explorer, at the top right of the Microsoft Azure management portal, click your Microsoft
account name, and then click View my bill. This opens a new tab in Internet Explorer. If prompted,
sign in using the Microsoft account credentials associated with your Azure subscription.

2.

On the subscriptions page, click your subscription. Then review the summary of usage and billing
that is displayed.

3.

At the top right of the Microsoft Azure management portal, click your Microsoft account name, and
then click Switch to new portal. This opens a new tab in Internet Explorer.

4.

In the navigation pane, click BILLING.

5.

In the Billing list, click your subscription name. A summary screen appears. If you receive an error, try
this step again.

6.

Close Internet Explorer.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 1-21

Lab: Use the Microsoft Azure Portal


Scenario

To start investigating the use of Microsoft Azure to provide cloud-based services, you have decided to
familiarize yourself with the Azure Portal.

Objectives
After completing this lab, you will be able to:

Add a co-administrator to your Azure subscription.

Display billing data for your Azure subscription.

Estimated Time: 20 minutes


Sign in to your classroom computer by using the credentials your instructor provides.

Exercise 1: Add a Co-Administrator


Scenario
You will begin by adding a new co-administrator to your subscription.
The main tasks for this exercise are as follows:
1.

Connect to the Azure Portal.

2.

Add a co-administrator.

Task 1: Connect to the Azure Portal


1.

Sign in to your computer.

2.

If necessary, start Internet Explorer, browse to http://azure.microsoft.com, click Portal, and sign in
using the Microsoft account that is associated with your Azure subscription.

Task 2: Add a co-administrator


1.

Switch to Internet Explorer.

2.

In the Azure portal, select SETTINGS, and then select SUBSCRIPTIONS.

3.

Add a co-administrator with the following email address: admin@contoso.com.

Results: After you complete this exercise, you should have successfully added a co-administrator to your
Azure subscription.

Exercise 2: View Billing Data


Scenario
You will now view associated billing information for your subscription.
The main tasks for this exercise are as follows:
1.

View subscription usage.

2.

View billing period.

Task 1: View subscription usage

MCT USE ONLY. STUDENT USE PROHIBITED

1-22 Getting Started with Microsoft Azure

1.

In Internet Explorer, at the top right of the Microsoft Azure management portal, click your Microsoft
account name, and then click View my bill.

2.

If necessary, sign in with the Microsoft account associated with your subscription.

3.

On the subscriptions page, click your subscription. Then review the summary of usage and billing
that is displayed.

Task 2: View billing period


1.

Download the usage details for your subscription.

2.

Once you have reviewed the CSV file, close it.

3.

Close the current Internet Explorer tab.

Results: After you complete this exercise, you should have successfully viewed your Azure subscription
billing data.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 1-23

Module Review and Takeaways


Review Questions
Question: What are the three categories of cloud services?
Question: What are the four Microsoft Azure service categories?

MCT USE ONLY. STUDENT USE PROHIBITED

MCT USE ONLY. STUDENT USE PROHIBITED


2-1

Module 2
Websites and Cloud Services
Contents:
Module Overview

2-1

Lesson 1: Create and Configure Websites

2-2

Lesson 2: Deploy and Monitor Websites

2-8

Lesson 3: Create and Deploy Cloud Services

2-13

Lab: Websites and Cloud Services

2-21

Module Review and Takeaways

2-25

Module Overview

Microsoft Azure provides a specialized website service that you can use to host any website without
having to configure a virtual machine or associated platform software. If you create an Azure website, you
can choose from a wide range of common web apps, including WordPress, Drupal, and Umbraco.
Alternatively, you can upload a custom web app from Visual Studio 2013 or another web developer tool.
To host applications in Azure, you can use Platform as a service (PaaS) as an execution model. Cloud
services provide a platform that can host web apps and web services. Cloud services use a modular
architecture that enables you to scale your application to the largest desired sizes while possibly
minimizing costs. This module describes the Azure Websites service and Azure Cloud Services.

Objectives
After completing this module, you will be able to:

Create and configure websites using the Azure portal.

Deploy and monitor websites on Azure.

Create and deploy cloud services on Azure.

Lesson 1

Create and Configure Websites

MCT USE ONLY. STUDENT USE PROHIBITED

2-2 Websites and Cloud Services

In this lesson, you will learn about Azure Websites and how this differs from PaaS cloud services and web
apps hosted on Azure Virtual Machines. You also will learn how to create and configure Azure Websites.

Lesson Objectives
After completing this lesson, you will be able to:

Describe Azure Websites, and compare it with Azure Virtual Machines and Azure Cloud Services.

Explain how to create a website using the Azure portal.

Explain how to configure and scale a website using the Azure portal.

Create and configure a website.

Comparing Azure Websites, Azure Virtual Machines, and Azure Cloud


Services
If you want to host a web app in Azure, you can
choose to use Azure Virtual Machines, Azure
Websites, or Azure Cloud Services. To select the
option that best suits your needs, consider the
level of control and scaling flexibility you seek,
and the languages and frameworks that you want
to use.

Virtual Machines

Because a virtual machine in Azure can include a


web server, such as Internet Information Services
(IIS) or the Apache HTTP Server, you can use them
to host web apps. This scenario is very much like
running a traditional web farm to host your web app, except that the servers are at Azure datacenters and
not on-premises. This approach is therefore commonly used to migrate an on-premises web app into
Azure with as little modification as possible. You can host supporting servers, such as SQL Servers or host
databases on other virtual machines, in the same Infrastructure as a service (IaaS) cloud service. When
necessary, you can scale out the web app by using load balancing.
If you choose to host a web app in virtual machines, you have maximum control over the operating
system and supporting software. For example, you could install a specific version of PHP on Apache.
However, you must invest the time to update and maintain the infrastructure you create. If you want to
scale out the application, you must provision new virtual machines to host the new instances of the
application.

Azure Websites

Instead of using Virtual Machines, alternatively, you can choose to host your web app in the Azure
Websites service. Azure Websites is a fully managed PaaS cloud service that enables you to quickly build,
deploy, and scale enterprise-grade web apps.
Note: Azure Websites also supports Azure Webjobs. Webjobs enables you to schedule
regular jobs and batch jobs easily.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 2-3

Additional Reading: To read more about Webjobs, go to


http://go.microsoft.com/fwlink/?LinkID=517425.

After you create a new Azure website, you can either upload a custom web app or choose from a wide
range of popular general purpose web apps, including Drupal, Word Press, Umbraco, and others. You can
build custom web apps to host in Azure Websites by using ASP.NET, Node.js, PHP, and Python.
You can scale up an Azure website by changing tiers.
Note: Azure Websites is offered in four tiers: Free, Shared (Preview), Basic, and Standard.
Each tier provides for differing numbers of websites, supports different storage capacities, and
meets many other performance-affecting criteria.
Additional Reading: To learn more about the four tiers, go to the Microsoft Azure
Websites Pricing Details webpage: http://go.microsoft.com/fwlink/?LinkID=517426.

Scaling up increases the traffic a single instance of the site can service. Alternatively, you can scale out by
installing a website in multiple instances, and by using Azure load balancing or Azure Traffic Manager to
distribute traffic. However, you can only scale the website as a single component. You also cannot gain
Remote Desktop Protocol (RDP) access to the web server. You can use Azure SQL Database or SQL Server
on a virtual machine to host an underlying database.

Cloud Services

You also can choose to build a web app as an Azure PaaS cloud service. A PaaS cloud service consists of at
least one web role, which includes the applications user interface, and one or more worker roles, which
run background tasks. Because you can scale each role independently by specifying the number of role
instances, you have a large degree of control over scalability with PaaS cloud services. You can connect to
the web servers that host your PaaS cloud service by using RDP.
Note: The last lesson of this module discusses Azure Cloud Services.

Create a Website in the Portal


You can create your new Azure Website in several
ways. You can use either of the Azure portals to
complete the task by using a graphical wizard.
If you use the Preview portal, you must configure
the options to create your website manually. If
you are using the portal, you can select among
three options to create your website:

Quick Create. This option enables you to


configure the website options manually
during creation.

Note: This option is the one most similar to


using the Preview portal to create your website.

MCT USE ONLY. STUDENT USE PROHIBITED

2-4 Websites and Cloud Services

Custom Create. If you plan to migrate an existing site, this option enables you to create or associate a
SQL database or MySQL database. Custom Create also provides you with the ability to specify
multiple source control options for your website deployment, such as GitHub or Microsoft Team
Foundation Server.

From Gallery. This option enables you to create a new website with one of several frameworks, such
as WordPress. This is helpful, because you can quickly create your new website, which you then can
customize within the selected framework.

Creation Options
Irrespective of the option you choose to create the website, you must configure a number of options
during creation. These options are:

URL. This is the URL by which your website is known and accessed. You must specify a unique name.

Web hosting plan. If you have an existing web hosting plan, you can select it. Alternatively, you can
choose to create a new web hosting plan.
Note: In the Preview portal, you can select from predefined hosting plans within the UI.

Region. Azure has multiple global regions. When you deploy your website to any one region, it is
accessible globally on the Internet, but multiple regions provide for greater flexibility. For example,
you can deploy sites in regions that are closest to the users of that site.
Note: The Region field is referred to as Location in the Preview portal.

Configure and Scale a Website in the Portal


Once you have created your Azure Website, you
can configure and scale it by using either portal.
The exact procedure varies, depending upon the
portal you use.

Using the Portal


From within the portal, on the navigation bar on
the left, click WEB SITES. In the results pane, select
the appropriate website. From the initial view, you
can see a summary of usage. You then can select
the appropriate tab to configure and manage the
website:

Dashboard. Displays a summary of activity and options.

Monitor. Provides more detailed statistics about website usage, requests, and errors.

WebJobs. Enables you to view and configure WebJobs.


Note: You can use WebJobs to script programs to run on your website.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 2-5

Configure. Enables you to configure options for your website, including:


o

General. This includes the .NET Framework version, PHP version, Java version, Python version,
managed pipeline mode, platform, web sockets, and always on.

Certificates. Enables you to configure and manage certificates used for SSL encryption.

Domain names. You can assign your own custom website domain name. Azure initially assigns
one with the suffix azurewebsites.net. For example, if you used the name Contoso, the URL would
be Contoso.azurewebsites.net. If you want to use Contoso.com, you can configure that with the
domain names option.

SSL bindings. Enables you to configure how you use SSL with your domain names.

Application diagnostics. You can enable and configure options for application logging.

Site diagnostics. You can enable and configure options for web server logging.

Default documents. Specifies which default documents are used on your website. For example,
Default.html and Index.htm.

Virtual applications and directories. Enables you to define virtual directories and their relative
paths within your website.
Note: Some of these options only become available with certain scaling options.

Scale. Scaling your Azure websites involves two actions:


o

Changing your Web Hosting Plan mode to a higher level of service, or tier.

Configuring certain settings after you have switched to the higher level of service.

You can configure a number of website options to scale your website, including:
o

Web hosting plan mode. This option allows you to choose between the Free, Shared, Basic, and
Standard hosting plan modes. Each of the plan modes supports a different set of features and
capabilities.
Plans in the Free and Shared modes run on a shared infrastructure with sites other customers
create. These sites will have strict quotas for resource utilization.
Plans in the Basic and Standard modes run on resources that are dedicated to your sites, and
have fewer restrictions.

Capacity. This option enables you to define the instance count and size. Options available
depend upon the selected web hosting plan mode.
Plans in the Free and Shared modes support limited capacity tuning.
The Basic mode enables you to choose between three instance sizes:

Small. Supports a single core with 1.75 gigabytes (GB) of memory.

Medium. Supports two cores and 3.5 GB memory.

Large. Supports four cores and 7 GB memory.

The Standard mode enables you to choose between the same instance sized as basic, but
additionally, you can configure:

MCT USE ONLY. STUDENT USE PROHIBITED

2-6 Websites and Cloud Services

A schedule for scaling.

The scaling metric (none or CPU). If you choose CPU, you must configure the thresholds for
automatic scaling to occur and the number of resultant instances.

The instance count.

Linked Resources. You can use this option to link resources such as databases and storage to your
website.

Backups. You can only back up the website in the standard web hosting plan. You can configure an
automated backup and an associated schedule.

Using the Preview Portal

The procedure and options available for configuring your website from the Preview portal are different.
From within the Preview portal, from the navigation bar on the left, click BROWSE, and then click
Websites. Select the appropriate website from the returned list in the Websites blade on the right. In the
blade for the selected website, you can view summary, monitoring, and usage data. On the toolbar, click
More. You can change and then reset the publish profile, get the publish profile, and change the web
hosting plan.
Note: You can also create a new web hosting plan. You can choose between several pricing
tiers to select the plan that best suits your requirements.

Demonstration: Creating and Configuring a Website


In this demonstration, you will see how to:

Create a new website in Azure by using the preview portal.

Browse the new website from the Preview portal.

View scaling and configuration options in the portal.

Demonstration Steps
Create a new website in Azure by using the Preview portal
1.

Start Internet Explorer, and browse to http://azure.microsoft.com.

2.

Connect to the portal, and sign in using the Microsoft account that is associated with your Azure
subscription.

3.

Switch to new portal.

4.

Add a new website.

5.

Type a valid unique website name. For example, type Contoso####, where #### is a unique number.
Note: If the name is valid and unique, a green smiley face is displayed.

6.

Specify a location near you.


Note: The website creation process can take several minutes.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 2-7

Browse the new website from the Preview portal


1.

When the website creation is complete, in the website blade, click Browse. Internet Explorer shows
the default webpage.

2.

Close the Internet Explorer tab, and then close the tab containing the new portal, keeping the portal
tab open.

View scaling and configuration options in the portal


1.

In the Portal, refresh the webpage.

2.

Select WEB SITES, and in the web sites pane, click your new website.

3.

Scroll through the available options on the CONFIGURE tab.

4.

Scroll through the available options on the SCALE tab.

5.

Under web hosting plan mode, click STANDARD.

6.

Under capacity, adjacent to SCALE BY METRIC, click CPU.

7.

In the INSTANCE SIZE list, click Large (4 cores, 7 GB memory).

8.

Click DISCARD.

9.

Click the DASHBOARD tab.

10. Leave the portal open.

Lesson 2

Deploy and Monitor Websites

MCT USE ONLY. STUDENT USE PROHIBITED

2-8 Websites and Cloud Services

Once you have created your Azure Website, you then can create and publish the content that you want to
make available in the new website. You have several options for creating and publishing content to an
Azure Website. After you have created and published the website content, you must deploy the website
to make it available to your users. This lesson describes the processes for creating, publishing, and
deploying website content to Azure websites. It also describes the options that you can use to monitor
those websites.

Lesson Objectives
After completing this lesson, you will be able to:

Describe the available options for creating Azure website content.

Explain how to publish an Azure website by using Visual Studio.

Explain the process of deploying an Azure website.

Describe how to monitor websites in Microsoft Azure.

Options for Creating and Publishing Website Content


Using the Azure portal to create a website is
the start of the process for making the website
available and useful for its users. You also must
create and publish website content to your Azure
website.
There are several ways that you can create and
publish website content. These include the
following:

Microsoft Visual Studio 2013. You can use


Visual Studio 2013 to write and deploy a
variety of different types of apps, including
those for Windows Phone and Windows
Store, desktop apps, web apps, and web services.
You can write the code using a number of programming languages, including:
o

Visual Basic

Visual C#

Visual C++

Visual F#

JavaScript

Additional Reading: Visual Studio 2013 is available in several different editions. For more
information about these editions, go to the Compare Visual Studio Offerings website:
http://go.microsoft.com/fwlink/?LinkID=517427.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 2-9

Microsoft WebMatrix. This tool is available for download from within the Azure portal. It enables you
to create, publish, and maintain your Azure websites. It supports a range of programming languages
and provides a simple interface for website deployment.
To create a website using WebMatrix, start WebMatrix, and then sign into Azure with your
subscription account. You can then click the option New, and use a range of templates to create and
deploy your website. A variety of templates is provided, including:
o

Empty site

Starter site

Bakery

Photo gallery

Personal site

Once you have created the website using WebMatrix, you can easily publish it to your production
Azure website.
Additional Reading: You can find more information about WebMatrix from the
WebMatrix website: http://go.microsoft.com/fwlink/?LinkID=517428.

The Azure website gallery. You can use the Gallery to create and publish your website content when
you create your Azure website. To do this, when you initially create your website in the Azure portal,
click the FROM GALLERY option. You then can select from a range of templates that best suit the
purpose of your website. You can select from templates are provided in a number of categories,
including:
o

App frameworks, such as Bottle, CakePHP, and Django

Blogs, including Ghost, WordPress, and Orchard CMS

Forums, such as phpBB and MonoX

Galleries, including Gallery Server Pro

Tools, like BugNET, OpenX, and Open Web Analytics.

You can also select from many other website templates, including templates that are focused on
particular businesses. There is, for example, a coffee shop website template, a bakery template, and
templates for personal websites and photo galleries. Once you select the appropriate template, Azure
presents you with a wizard interface to complete the creation process.

Publish a Website from Visual Studio


Using Visual Studio to publish your website
involves the following high level steps:

Set up the development environment. To use


Visual Studio to publish your website content,
you must firstly install the Azure SDK. When
you install the Azure SDK, it will automatically
install Microsoft Visual Studio 2013 Express
for Web edition.

Note: You can also choose to install an


appropriate edition of Visual Studio 2013
manually.

Create your app. To create the app, launch Visual Studio and choose to create a New Project. You can
then select the type of app that you wish to use on your website, for example, an ASP.NET web app.
The subsequent options that you must configure vary depending upon the type of app you initially
select, but might include:
o

.NET Framework version

Authentication options, such as:

No authentication

Individual user accounts

Organizational accounts

Windows Authentication

Host in the cloud/Create remote resources. This option varies, depending upon the edition of
Visual Studio. You can use this option to create the website during the publish process. It is
enabled by default. If you choose to create the website during publishing, you must define the
site name, region, and database options.

Note: It is not necessary for you to create your website within the Azure portal before you
create the app. Visual Studio can create your website when you publish it. Alternatively, you can
publish to an existing website.

MCT USE ONLY. STUDENT USE PROHIBITED

2-10 Websites and Cloud Services

Deploy the app to Azure. After you have created your app, you can publish it to Azure by using the
Publish Web Wizard, which appears automatically. You must specify the server name and port, site
name, user credentials to authenticate with the website, and the destination URL.

Note: You can use the Preview option to view your website app before you actually publish
the app.
After you have published your website app, you will need to maintain the content. You can use Visual
Studio to make any required changes to the website app, and then publish those changes to the
production environment.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 2-11

Additional Reading: You can read more about how to use Visual Studio to publish
ASP.NET websites on the Get started with Azure Websites and ASP.NET webpage:
http://go.microsoft.com/fwlink/?LinkID=517429.

Deploy a Website with Web Deploy


Web Deploy is a technology with client-side and
server-side components that synchronizes both
content and configuration values with web
servers. We recommend that you use this tool
to deploy web apps to Azure websites.
When developing your Azure web app, you can
use Web Deploy to publish changes for your
web roles. Web Deploy enables you to make these
changes incrementally. After you publish your app
to a deployment environment, Web Deploy lets
you deploy changes directly to the virtual
machine that is running the web role.
Note: It is not necessary to package and publish the entire Azure app every time you want
to update your web role. Consequently, you can have your web role changes available in the
cloud for testing without waiting to have your application published to a deployment
environment.
You can use Web Deploy to:

Deploy websites from development environments to staging and production web servers.

Migrate content from one web server to another.

Web Deploy is sometimes compared with other deployment tools, such as FTP, RoboCopy, and XCOPY.
Note: FTP is an older but widely used protocol for uploading web apps to web servers.
Web Deploy offers a number of benefits over these other technologies, including:

Speed. Web Deploy is faster than FTP.

Security. Web Deploy supports publishing over HTTPS. It also supports configuring permissions on
files.

Convenience. Web Deploy can publish databases to SQL Server, MySQL Server, and other databases.

Integration. Web Deploy integrates with Visual Studio and WebMatrix.

Additional Reading: Read more about Web Deploy at


http://go.microsoft.com/fwlink/?LinkID=517430.

Monitoring Websites
Running websites consume resources and incurs
costs. The websites also might generate errors, for
example, if users request webpages that do not
exist. You can use the Monitoring node within the
Azure portal to check resource consumption. By
doing this, you can better plan for increasing, or
decreasing, website usage.
From within the portal, select the appropriate
website, and then click on the MONITOR tab.
You can use the ADD METRICS option to enable
additional monitoring options. The following list
describes the metrics that you can view in the
chart on the Monitor page:

CPUTime. A measure of the website's CPU usage.

Requests. A count of client requests to the website.

Data Out. A measure of data sent by the website to clients.

Data In. A measure of data received by the website from clients.

Http Client Errors. Number of Http "4xx Client Error" messages sent.

Http Server Errors. Number of Http "5xx Server Error" messages sent.

Http Successes. Number of Http "2xx Success" messages sent.

Http Redirects. Number of Http "3xx Redirection" messages sent.

Http 401 errors. Number of Http "401 Unauthorized" messages sent.

Http 403 errors. Number of Http "403 Forbidden" messages sent.

Http 404 errors. Number of Http "404 Not Found" messages sent.

Http 406 errors. Number of Http "406 Not Acceptable" messages sent.

Receiving Alerts

MCT USE ONLY. STUDENT USE PROHIBITED

2-12 Websites and Cloud Services

In Standard website mode, you can enable and receive alerts based on the selected website monitoring
metrics. To enable alerts, you must first configure a web endpoint for monitoring. You can do this in the
Monitoring section of the CONFIGURE page. On the SETTINGS page of the portal, you then can create a
rule to trigger an alert when the metric you choose reaches a value that you specify. You can also choose
to have an email sent when the alert is triggered.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 2-13

Lesson 3

Create and Deploy Cloud Services

Azure provides three execution models for applications: Virtual Machines, Websites, and cloud services. In
this lesson, you will see how Azure Cloud Services differ from Azure Websites and Azure Virtual Machines.
You will also see how to configure Cloud Services and deploy the cloud service code your developers
create.

Lesson Objectives
After completing this lesson, you will be able to:

Describe Microsoft Azure Cloud Services.

Describe how to create a cloud service in Microsoft Azure.

Describe how to scale your Microsoft Azure Cloud Services.

Deploy cloud services within Microsoft Azure.

What Are Cloud Services?


When you create an app and run it in Microsoft
Azure, the code and its configuration together
constitute an Azure cloud service. By creating a
cloud service in Azure, you are able to deploy a
multi-tier web app. You can define multiple roles
to distribute processing and enable flexible scaling
of your application.

Components of a Cloud Service


A cloud service consists of one or more web roles
and/or worker roles, each of which has its own
application files and configuration. The following
list defines the key characteristics and
components of an Azure cloud service.

Cloud service role. Comprises application files and configuration data. A cloud service can have two
types of roles:
o

Web role. Provides a dedicated IIS webserver that hosts front-end web apps.

Worker role. Apps hosted within worker roles can run asynchronous, long-running, or perpetual
tasks that require no user input or interaction.

Role instance. A virtual machine on which your application code and role configuration run.
Note: A role can have multiple instances, defined in the service configuration file.

Guest operating system. This is the operating system installed on the role instances (virtual machines)
on which your app code runs.

Cloud service components. To deploy an app as a cloud service in Microsoft Azure, the following
three components are necessary:
o

Service definition file. This file, known as a .csdef file, defines the service model.

Service configuration file. The .cscfg file provides configuration settings for your cloud service and
individual roles.

Service package. The .cspkg file contains your app code and the service definition file.

Cloud service deployment. This is an instance of a cloud service deployed to the Azure staging or
production environment.
Note: You can maintain deployments in both staging and production.

MCT USE ONLY. STUDENT USE PROHIBITED

2-14 Websites and Cloud Services

Deployment environments. Microsoft Azure offers two deployment environments for cloud services:
o

A staging environment. Environment in which you can test your deployment before you promote
it to the production environment. In this environment, your cloud service's GUID identifies it in
URLs (GUID.cloudapp.net).

A production environment. The production environment URL is based on the domain name
system (DNS) prefix assigned to your cloud service (for example, myservice.cloudapp.net).

Note: The two environments are distinguished only by the virtual IP (VIP) addresses by
which the cloud service is accessed.

To promote a deployment in the staging environment to the production environment, you can swap
the deployments. You do this by switching the VIP addresses by which the two deployments are
accessed.

Minimal versus verbose monitoring:


o

Minimal monitoring uses performance counters gathered from the host operating systems for
role instances (virtual machines). This is enabled by default for a cloud service.

Verbose monitoring collects extra metrics from performance data in the role instances. This
enables you to perform closer analysis of activities and problems that occur during app
processing.

Azure Diagnostics. Enables you to collect diagnostic data from apps running in Azure.

Note: You must enable Azure Diagnostics for cloud service roles for verbose monitoring to
be available.

Link a resource. To show your cloud service's dependencies on other resources, such as an Azure SQL
Database instance, you can link the resource to the cloud service.

Scale a cloud service. You can scale out a cloud service out by increasing the number of role instances
(virtual machines) deployed for a role. Conversely, you can scale in a cloud service by decreasing role
instances.

Azure Service Level Agreement (SLA). This guarantees that, when you deploy two or more role
instances for every role, access to your cloud service is maintained at least 99.95 percent of the time.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 2-15

Cloud Services vs. Azure Virtual Machines

Even though your applications run in virtual machines, Azure Cloud Services provide PaaS, not IaaS. Cloud
Services are therefore different from hosting your applications in Azure Virtual Machines. With Azure
Virtual Machines, first you create and configure your applications environment, and then you deploy your
application into that environment.
With Cloud Services, the environment already exists. All you must do is deploy your application. With
Cloud Services, you provide a configuration file that tells Azure how many virtual machines you require
for your application; for example, two web role instances and three worker role instances. The Azure
platform creates those for you.
Note: You still define the size of those virtual machines; the options are the same ones
offered in Azure Virtual Machines. However, you do not explicitly create the virtual machines
yourself.

Load Balancing

If your application begins to support a higher load, you can request more virtual machines. Azure creates
those additional instances. If the load on your application reduces, you can shut down those instances.
Although both Azure Websites and Azure Virtual Machines enable you to create web apps on Azure, the
main advantage of Azure Cloud Services is its ability to support more complex multi-tier architectures.
Additional Reading: For a more detailed comparison of these components, visit the Azure
Web Sites, Cloud Services, and Virtual Machines comparison webpage:
http://go.microsoft.com/fwlink/?LinkID=517431.

Maintenance and Recovery


When you choose a cloud service, Azure maintains the underlying infrastructure. Microsoft Azure
performs the following tasks:

Performs routine maintenance.

Updates the operating systems.

Attempts recovery from service and hardware failures.

Note: If you define at least two instances of every role, the maintenance tasks, including
your own service upgrades, are performed without any interruption in service.

Create and Deploy a Cloud Service


Before you can deploy your cloud service, you
must create the cloud service package and the
cloud service configuration file. You can use tools
in the Azure SDK to help you to prepare these
deployment files.
Additional Reading: You can download the
Azure SDK, and other relevant Azure tools, from
the Microsoft Azure Downloads webpage:
http://go.microsoft.com/fwlink/?LinkID=517416.

Creating a Cloud Service

MCT USE ONLY. STUDENT USE PROHIBITED

2-16 Websites and Cloud Services

If you do not have significant experience working with Azure Cloud Services, you can download templates
that you can use to help with the creation of the deployment files.
Additional Reading: The code samples are available at the Microsoft Azure code samples
webpage: http://go.microsoft.com/fwlink/?LinkID=517432.
After you have installed the Azure SDK, use the following procedure to create a cloud service:
1.

Connect to the Azure portal.

2.

Click NEW, COMPUTE, CLOUD SERVICE, and then QUICK CREATE.

Note: You can also create a cloud service by using the CUSTOM CREATE option, so that
you can choose the option to deploy a cloud service package during creation.
3.

Enter the URL that your cloud service will use. The URL format for production deployments is
http://myURL.cloudapp.net.

4.

Enter the Region or Affinity Group. This configures the geographic region or affinity group to which
you will deploy the cloud service.

Note: You must have already created the affinity group. To create an affinity group, in the
portal, open the Networks area, click Affinity Groups, and then click Create.
5.

Finally, click Create Cloud Service.

Note: If any roles in your cloud service require a digital certificate for data encryption using
Secure Sockets Layer (SSL), and you have not uploaded the certificate, you must upload the
certificate before you can deploy your cloud service.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 2-17

Deploying a Cloud Service

After you have successfully created your cloud service, you must deploy it. Use the following procedure to
deploy your cloud service:
1.

Connect to the Azure portal.

2.

Click Cloud Services, and then select the cloud service that you want to deploy. Click Dashboard.

3.

Click either Production or Staging. If you choose to use the Staging environment, you can test your
cloud service before you deploy it to the production environment.

Note: When you are ready to promote your staged cloud service to the production
environment, use Swap to redirect client requests to that deployment.
4.

Click Upload, and then enter the following information:


a.

Enter a Deployment Label.

b.

Browse and select the service package file (.cspkg) for the cloud service.

c.

Browse and select the service configure file (.cscfg) for the cloud service.

d.

Select the Deploy even if one or more roles contain a single instance check box if your cloud
service includes any roles with only one instance.

Note: Azure only guarantees 99.95 percent access to the cloud service during maintenance
and service updates if every role has at least two instances.
5.

Click OK.

After you perform the above steps, your cloud service should be available in the either the production or
staging environment.

Scaling a Cloud Service


With the Azure portal, you can scale your cloud
service to adjust its performance. From the Scale
page of your cloud service, you can choose to
manually scale your application, or else you can
set the appropriate parameters to have Azure
automatically scale the application for you.
You can scale applications that are running:

Web Roles. Add or remove Web Role


instances to accommodate the anticipated
work load.

Worker Roles. Add or remove role Worker


Role instances to accommodate the work load.

Virtual Machines. When you scale an application running Virtual Machines, virtual machines are
turned on or off from an availability set of previously created machines.

Note: Scaling is not automatic, and you must keep the instances of the virtual machines in
sync with one another or else they will become non identical over time. Additionally, when you
must upgrade websites in this scenario, it will be challenging to apply the upgrade to all of the
machines at the same time.

Considerations for Scaling


Before you scale your application, consider the following factors:

Add virtual machines to an availability set before they are available for scaling. The virtual machines
can be on or off when you create them. When you scale up, additional virtual machines from your
availability set are turned on. Conversely, when you scale down, virtual machines are turned off.

Note: These virtual machines are not only turned off, but de-allocated. This ensures that
you do not pay for the resources that these virtual machines consume.

MCT USE ONLY. STUDENT USE PROHIBITED

2-18 Websites and Cloud Services

Core usage affects scaling. Larger role instances use more cores, but you can only scale your
application within the limit of cores for your subscription.
For example, if your subscription has a limit of 30 cores and you run an application with three
medium-sized virtual machines (a total of six cores), you can only scale up other cloud service
deployments in your subscription by 24 cores.

Note: All virtual machines in an availability set that are used in scaling your application
must be the same size.

Create a queue and associate the queue with a role or availability set. You must do this before you
can scale your application based on a message threshold.

Deploy two or more role instances to enable high availability. You must ensure that your application
is deployed with two or more role instances or virtual machines to enable high availability for your
application.

Scaling Your Cloud Service


You can perform the following scaling actions for a cloud service:

Manually scale an application running Web Roles or Worker Roles. If necessary, disable automatic
scaling, and then configure the instance count for each of the roles in your cloud service.

Note: You can only increase the number of instances used if the appropriate number of
cores are available to support those instances.

Automatically scale an application running Web Roles, Worker Roles, or Virtual Machines. You can
configure automatic scaling based on two properties:
o

CPU. If the average percentage of CPU usage goes above or below specified thresholds, Azure
creates or deletes role instances, or turns virtual machines on or off from an availability set.

Queue. If the number of messages in a queue goes above or below a specified threshold, Azure
creates or deletes role instances, or Azure turns on or off virtual machines from an availability set.
Note: Automatic scaling is disabled by default for all roles.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 2-19

Scale linked resources. Typically, when you scale a role, it can be beneficial to scale any database that
your application is using. If you link the database to your cloud service, you can change the SQL
Database edition and resize the database as required. If you do not scale linked resources, you run
the risk of causing problems with the linked resource, such as capacity in a database.

Schedule the scaling of your application. You can configure the following schedule options:
No schedule. This enables your application to be scaled automatically at all times.

Note: No Schedule is the default option.

Day and night. This option enables you to specify scaling for specific times of the day and night.

Demonstration: Creating, Deploying, and Scaling a Cloud Service


In this demonstration, you will see how to:

Create a new cloud service.

Configure the cloud service.

Scale the cloud service.

Demonstration Steps
Create a new cloud service
1.

If necessary, open Internet Explorer, and browse to http://azure.microsoft.com, click Portal, and
sign in using the Microsoft account that is associated with your Azure subscription.

2.

Create a new cloud service using QUICK CREATE:


a.

In the URL text box, type a valid unique cloud service name. For example, type
AdatumWeb####, where #### is a unique number. If the name is valid and unique, a green
check mark is displayed.

b.

In the REGION OR AFFINITY GROUP list, click your local region, and then click CREATE CLOUD
SERVICE.

Configure the cloud service


1.

Select the new cloud service, and select the CONFIGURE tab.

2.

Upload a new production deployment:


a.

In the Upload a package dialog box, in the DEPLOYMENT LABEL box, type Adatum App ####,
(where #### is the same number you typed earlier).

b.

Select a local package file. Navigate to C:\Labfiles, and double-click AdatumAds.cspkg.

c.

Select a local configuration file. Navigate to C:\Labfiles, and double-click


ServiceConfiguration.Cloud.cscfg.

Note: Deployment begins. This could take 10 to 15 minutes.

Scale the cloud service


1.

2.

Scale the cloud service:


a.

Under adatumadswebrole, adjacent to SCALE BY METRIC, click CPU.

b.

Drag the INSTANCE RANGE slider bar right so that the maximum instance(s) value is 4.

c.

Drag the TARGET CPU slider bar so that maximum is 90.

d.

Under adatumadsworkerrole, adjacent to SCALE BY METRIC, click CPU.

e.

Drag the INSTANCE RANGE slider bar right so that the maximum instance(s) value is 4.

f.

Drag the TARGET CPU slider bar so that the maximum is 90.

g.

Click SAVE.

h.

Click the MONITOR tab, and review the monitor data.

Close Internet Explorer.

MCT USE ONLY. STUDENT USE PROHIBITED

2-20 Websites and Cloud Services

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 2-21

Lab: Websites and Cloud Services


Scenario

You require a blog for the A. Datum website and have decided that this would be an ideal time to test the
functionality of Microsoft Azure Websites. You also would like to test the use of Azure Cloud Services to
contain virtual machines.

Objectives
After completing this lab, the students will have:

Created a WordPress website from the Gallery.

Created a cloud service.

Lab Setup
Estimated Time: 60 minutes
Sign in to your classroom computer by using the credentials your instructor provides.
Before you start this lab, ensure that you have a trial Azure subscription.
Note: To complete the lab in this module, you must have completed the labs in all
preceding modules in this course.

Exercise 1: Create a WordPress Website


Scenario

Your users have suggested that they would like to be able to post blog articles to a corporate website.
You have decided to host this website on Azure. In this exercise, you will create a website to host
WordPress blogs, and then test the website by posting articles to the site.
The main tasks for this exercise are as follows:
1.

Create a website.

2.

Install WordPress.

3.

Create a blog post.

Task 1: Create a website


1.

Start Internet Explorer, and browse to http://azure.microsoft.com, click Portal, and sign in using
the Microsoft account that is associated with your Azure subscription.

2.

Create a new website to host your blog:


a.

In the Azure portal, on the navigation pane, click WEBSITES.

b.

Click NEW, and then click FROM GALLERY.

c.

In the ADD WEB APP Wizard, on the Find Apps for Microsoft Azure page, click BLOGS.

d.

In the A-Z list, click WordPress, and then click Next.

e.

On the Configure Your App page, in the URL box, type AdatumBlog####, where #### is a
unique number. If your URL is unique, a green check mark displays.

f.

Leave DATABASE and WEBSCALEGROUP configured with default values.

g.

Select the appropriate REGION, and then click Next.

h.

On the New MySQL Database page, accept the default name.

i.

In the REGION list, click the appropriate region.

j.

Select the I agree to ClearDBs legal terms check box, and then click Complete.
Note: Your website is created. This may take a few minutes.

Task 2: Install WordPress

MCT USE ONLY. STUDENT USE PROHIBITED

2-22 Websites and Cloud Services

1.

In the websites list, in the URL column, click the URL for your new website. Internet Explorer opens a
new tab and navigates to your new website.

2.

On the WordPress website, in the languages list, click English (United States), and then click
Continue.

3.

On the Welcome page, complete the Information needed section with the following information:
a.

Site Title: AdatumMyBlog####


Where #### is a unique number.

4.

b.

Username: The email address associated with your Azure subscription.

c.

Password, twice: Pa$$w0rd.

d.

Your E-mail: The email address associated with your Azure subscription.

Click Install WordPress.

Task 3: Create a blog post


1.

In Internet Explorer, on the Success webpage, click Log In:


a.

In the Username box, type the email address associated with your Azure subscription.

b.

In the Password box, type Pa$$w0rd.

c.

Select the Remember Me check box, and then click Log In.

Note: If prompted by Internet Explorer to store the password for the website, click Not for
this site.
2.

Create a new post:


a.

In the Dashboard, click Write your first blog post.

b.

On the Add New Post page, in the Enter title here box, type Welcome to the Adatum Blog.

c.

In the main text box, type Welcome to the Adatum blog.

d.

Click Publish.

3.

View your new post.

4.

Close the current tab in Internet Explorer, and return to the Azure portal tab.

Results: After you complete this exercise, you will have successfully created and configured an Azure
website to support WordPress blogs.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 2-23

Exercise 2: Create a Cloud Service


Scenario
You must now create an Azure Cloud Service. You will use the Azure portal to complete this task.
The main tasks for this exercise are as follows:
1.

Create a Cloud Service.

2.

Deploy a Cloud Service.

3.

Verify a Cloud Service.

Task 1: Create a Cloud Service

Create a new cloud service using QUICK CREATE:


a.

In the URL text box, type a valid unique cloud service name. For example, type
AdatumWeb####, where #### is a unique number. If the name is valid and unique, a green
check mark is displayed.

b.

In the REGION OR AFFINITY GROUP list, click your local region and then click CREATE CLOUD
SERVICE.

Task 2: Deploy a Cloud Service


1.

Select the new cloud service and select the CONFIGURE tab.

2.

Upload a new production deployment:


a.

In the Upload a package dialog box, in the DEPLOYMENT LABEL box, type Adatum App ####,
(where #### is the same number you typed earlier).

b.

Select a local package file. Navigate to C:\Labfiles and double-click AdatumAds.cspkg.

c.

Select a local configuration file. Navigate to C:\Labfiles, and double-click


ServiceConfiguration.Cloud.cscfg.

Note: Deployment begins. This could take 10 to 15 minutes.


3.

Scale the cloud service:


a.

Under adatumadswebrole, adjacent to SCALE BY METRIC, click CPU.

b.

Drag the INSTANCE RANGE slider bar right so that the maximum instance(s) value is 4.

c.

Drag the TARGET CPU slider bar so that the maximum is 90.

d.

Under adatumadsworkerrole, adjacent to SCALE BY METRIC, click CPU.

e.

Drag the INSTANCE RANGE slider bar right so that the maximum instance(s) value is 4.

f.

Drag the TARGET CPU slider bar so that maximum is 90.

g.

Click SAVE.

Task 3: Verify a Cloud Service


Note: It might take a few minutes for your website to display.
1.

Review the list of cloud services in the Azure portal, and then click the URL for your cloud service. The
Adatum Ads webpage displays.
Note: The app is for demonstration purposes and is not completely functional.

2.

MCT USE ONLY. STUDENT USE PROHIBITED

2-24 Websites and Cloud Services

Close Internet Explorer.

Results: After you complete this exercise, you will have successfully created, deployed, and configured an
Azure Cloud Service.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 2-25

Module Review and Takeaways


Review Questions
Question: What is the key difference between using Azure Websites and an Azure virtual
machine with the IIS server role installed to host your website app?
Question: You want to create and publish your Azure Website using the Azure portal. Which
option should you select when creating the new Website?

MCT USE ONLY. STUDENT USE PROHIBITED

MCT USE ONLY. STUDENT USE PROHIBITED


3-1

Module 3
Virtual Machines in Microsoft Azure
Contents:
Module Overview

3-1

Lesson 1: Create and Configure Virtual Machines

3-2

Lesson 2: Configure Disks

3-12

Lab: Create a Virtual Machine in Microsoft Azure

3-18

Module Review and Takeaways

3-21

Module Overview

Microsoft offers several virtualization management technologies that your organization can use to resolve
problems that you may encounter when managing server computing environments. For example, server
virtualization can help reduce the number of physical servers, and provide a flexible and resilient server
solution. You can deploy virtual machines on your locally installed servers or in Microsoft Azure. In this
module, you will learn how to create and configure virtual machines, and how to manage their disks.

Objectives
After completing this module, you will be able to:

Create and configure virtual machines in Microsoft Azure.

Configure disks for virtual machines.

Lesson 1

Create and Configure Virtual Machines

MCT USE ONLY. STUDENT USE PROHIBITED

3-2 Virtual Machines in Microsoft Azure

Virtual machines (VMs) provide many benefits over traditional physical machines. You can deploy virtual
machines on physical servers in your IT environment, or you can choose to deploy virtual machines in
Microsoft Azure. In this lesson, you will learn how to create, deploy, and configure virtual machines in
Microsoft Azure.

Lesson Objectives
After completing this lesson, you will be able to:

Describe the purpose and functionality of virtual machines.

Describe Azure virtual machines.

Describe how to create virtual machines from Azure VM Gallery.

Create a virtual machine from the Azure VM Gallery.

Configure and scale virtual machines.

Configure a virtual machine from the Azure Portal.

Describe how to connect to a virtual machine.

Connect to a virtual machine.

Overview of Virtual Machines


In todays information technology (IT)
environments, a virtual machine is an emulation of
a physical computer system. A virtual machine
acts like a software-based computer that runs an
operating system and applications. Virtual
machines are based on the computer architecture
and functions of a real or hypothetical computer.
The implementation of virtual machines may
involve specialized hardware, software, or a
combination of both.

Virtual machines function as normal computers.


Virtual machines that are hosted on the same
virtualization server are independent of one another. You can run multiple virtual machines that are using
different operating systems on a virtualization server simultaneously, provided the virtualization server has
enough resources.

Implementing Virtual Machines to Maximize Hardware Usage

You use hardware more efficiently when you implement virtual machines. In most cases, a service or a
program does not consume more than a fraction of the virtualization servers resources. This means that
you can install multiple services and programs on the same virtualization server and then deploy them to
multiple virtual machines. This ensures a more effective use of that virtualization servers resources. For
example, you may have four separate services and programs, each of which consumes from 10 to 15
percent of a virtualization servers hardware resources. You can install these services and programs in
virtual machines, and then place them on the same hardware, where they consume 40 to 60 percent of
the virtualization servers hardware.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 3-3

This is a simplified example. In real-world environments, you must make adequate preparations before
collocating virtual machines. You have to ensure that the hardware-resource needs of all the virtual
machines that the virtualization server is hosting do not exceed the servers hardware resources. Yu should
also make sure that you provide high availability.

Isolating Services and Programs

It can be challenging to keep one particular service or program functioning reliably; it becomes even
more complicated when you deploy multiple services and programs on the same server. For example, you
might need to deploy two separate operating systems at a branch office, but these operating systems
conflict when running on the same computer. If you can afford only one server, you can solve this
problem by running these programs within virtual machines on the same server.

Consolidating Servers

With server virtualization, you can consolidate servers that would otherwise need to run on separate
hardware onto a single virtualization server. Because you can isolate each virtual machine on a
virtualization server from the other virtual machines on the same server, you can deploy services and
programs that are incompatible with one another on the same physical computer, provided that you host
them within virtual machines. Examples of such services and programs include Microsoft Exchange Server
2013, SQL Server 2012, and Active Directory Domain Services (AD DS). You should not install these
services on the same machine, but you can install them in separate virtual machines that are running on
the same host.

Simplifying Server Deployment


Virtualization also enables you to simplify server deployment, because:

Virtual machine templates for common server configurations are included with products such as
Microsoft System Center 2012 Virtual Machine Manager (VMM). These templates include parameters
that are preconfigured with common settings, so you do not have to configure the setting of every
parameter manually.

You can create virtual machine self-service portals that enable end users to provision approved
servers and programs automatically. This lessens the workload of the systems administration team.
You create these virtual machine self-service portals with VMM and Microsoft System Center 2012
Service Manager.

Virtual Machine Hardware

With server virtualization, you can create separate virtual machines and run them concurrently on a single
server that is running Microsoft Hyper-V. These virtual machines are guests, while the computer that is
running Hyper-V is the virtualization server or the management operating system.
Virtual machines use virtual, or emulated, hardware. The management operating system, Windows
Server 2012 with Hyper-V, uses the virtual hardware to mediate access to actual hardware. For example,
you can map a virtual network adapter to a virtual network that you map to an actual network interface.
By default, virtual machines include the following simulated hardware:

BIOS. This simulates the computers BIOS. On a stand-alone computer, you can configure various
BIOS-related parameters. On a virtual machine, you can configure some of the same parameters,
including:
o

The boot order for the virtual machines virtual hardware.

From which device the virtual machine boots, such as from a DVD drive, Integrated Drive
Electronics (IDE), a legacy network adapter, or a floppy disk.

Whether the NUM LOCK key is enabled at boot.

MCT USE ONLY. STUDENT USE PROHIBITED

3-4 Virtual Machines in Microsoft Azure

Memory. You can allocate up 1 terabyte (TB) of memory resources to an individual virtual machine.

Processor. You can allocate up to 64 virtual processors to a single virtual machine.

IDE controller 0. A virtual machine can support only two IDE controllers and, by default, two are
allocated to each virtual machine. Each IDE controller can support two devices.

You can connect virtual hard drives or virtual DVD drives to an IDE controller. You can use IDE controllers
to connect virtual hard disks and DVD drives to virtual machines that use any operating system that does
not support integration services.

IDE controller 1. Enables deployment of additional virtual hard drives and DVD drives to the virtual
machine.

SCSI controller. You can use a small computer system interface (SCSI) controller only on virtual
machines that have operating systems that support integration services.

Synthetic network adapter. Synthetic network adapters represent computer network adapters. You
can only use synthetic network adapters with supported virtual machine guest operating systems.

COM 1. Enables you to configure a connection through a named pipe.

COM 2. Enables you to configure an additional connection through a named pipe.

Disk drive. Enables you to map a virtual floppy disk image to a virtual disk drive.

You can add the following hardware to a virtual machine by editing the virtual machines properties, and
then clicking Add Hardware:

SCSI controller. You can add up to four virtual SCSI devices. Each controller supports up to 64 disks.

Network adapter. A single virtual machine can have a maximum of eight synthetic network adapters.

Legacy network adapter. You can use legacy network adapters with any operating systems that do
not support integration services. You can also use legacy network adapters to deploy operating
system images throughout the network. A single virtual machine can have up to four legacy network
adapters.

Fibre Channel adapter. If you add a Fibre Channel adapter to a virtual machine, the virtual machine
can then connect directly to a Fibre Channel SAN. You can only add a Fibre Channel adapter to a
virtual machine if the virtualization server has a Fibre Channel host bus adapter (HBA) that also has a
Windows Server 2012 driver that supports virtual Fibre Channel.

RemoteFX 3D video adapter. If you add a RemoteFX 3D video adapter to a virtual machine, the virtual
machine can then display high performance graphics by leveraging Microsoft DirectX and graphics
processing power on the host Windows Server 2012 server.

Virtual Machine Generations

Most operating systems and programs that run in virtual machines are not aware that they are virtualized.
Using emulated hardware enables operating systems that are not virtualization-aware to run in virtual
machines. In machines that can run enlightened operating systems, Integration Services allow the virtual
machines to access synthetic devices, which perform better. With the broad adoption of virtualization,
many modern operating systems now include Integration Services.
Windows Server 2012 R2 changes all of this. It fully supports the existing type of virtual machines, and
names them collectively generation 1 virtual machines. It provides support for the new type of virtual
machines, named generation 2 virtual machines. Generation 2 virtual machines function as if their
operating systems are virtualization-aware. Because of this, generation 2 virtual machines do not have the
legacy and emulated virtual hardware devices found on generation 1 virtual machines. Generation 2
virtual machines use only synthetic devices. Advanced Unified Extensible Firmware Interface (UEFI) firm,
which supports Secure Boot, replaces BIOS-based firmware. Generation 2 virtual machines start from a

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 3-5

SCSI controller or by using the Pre-Boot EXecution Environment (PXE) on a network adapter. All
remaining virtual devices use virtual machine bus (VMBus) to communicate with parent partitions.

Generation 1 and generation 2 virtual machines have similar performance, except during startup and
operating system installation. The primary advantage of generation 2 virtual machines is that startup and
deployment are considerably faster. You can run generation 1 and generation 2 virtual machines side-byside on the same Hyper-V host.
You select the virtual machine generation when you create the virtual machine. You cannot change the
generation later.

Generation 2 virtual machines currently support only Windows Server 2012, Windows 8 (64-bit), and
newer 64-bit Windows operating systems. Therefore, generation 1 virtual machines, which support almost
any operating system, will continue to be in use for the foreseeable future. Generation 2 virtual machines
do not currently support Microsoft RemoteFX.

What Are Azure Virtual Machines?


In addition to creating virtual machines on your
on-premises physical servers, you can also create
cloud-based virtual machines in the Microsoft
Azure environment.

In todays enterprise environments, cloud-based


services and especially virtual machines can be a
very attractive solution for extending a data
center and allocating some additional resources
when needed. The Azure platform provides
numerous services that can either replace or
complement existing on-premises services. Cloudbased virtual machines, programs, and services
can also be useful when you have to provide proof-of-concept solutions for proposed projects. Rather
than purchase test hardware and deploy a proof-of-concept solution to it, you can deploy a cloud-based
virtual machine quickly, and then deploy the proof-of-concept solution to the virtual machine. Then, after
you validate the proof-of-concept solution, you can discard the virtual machine, or keep it, depending on
operational concerns. This solution is not only faster but also less expensive than buying the hardware for
the proof-of-concept solution, which you may opt to discard if the project is not approved.

Apart from using the Azure environment for testing or proof-of-concept, there are several more scenarios
where you can benefit from running virtual machines in Microsoft Azure:

You can use virtual machines in Azure for development or testing. Microsoft Azure provides an
inexpensive and reliable test platform that you can deploy within minutes. You can also use additional
services from Microsoft Azure, such as SQL Databases, Storage, or ServiceBus to support your testing.

You can move your virtual machines from an on-premises Hyper-V deployment to Microsoft Azure.
For example, you can move a virtual hard drive from your local environment and run it with virtual
machines in Microsoft Azure.

You can extend your data center by using Microsoft Azure. By using this approach, you can deploy
several virtual machines in Microsoft Azure and connect them to your on-premises environment by
using Azure Virtual Networks.

Deploying Azure Virtual Machines

MCT USE ONLY. STUDENT USE PROHIBITED

3-6 Virtual Machines in Microsoft Azure

Deploying virtual machines in Microsoft Azure is somewhat different from deploying them on a local
Hyper-V environment. In the Hyper-V environment, you configure all properties of the virtual machine; in
the Microsoft Azure environment, you must choose between several preconfigured options for virtual
machine configuration. In addition, you have to decide if you are going to use your own .vhd file as an
image for the virtual machine or if you will use one of the platform images already present in Microsoft
Azure. When making this decision, you should also consider the licensing aspect.
When you create a new virtual machine instance by using the Azure management portal, you have three
options: create a virtual machine from the + NEW menu, create a virtual machine from the gallery, and
create a virtual machine based on your own image. When you create a virtual machine, the portal allows
you to specify the following options:

Host name. This is the name of the computer.

User name. This is the name of the local user account that you will use when managing the server.

Pricing tier. You can use this option to configure the pricing tier that correlates to the virtual
hardware assigned to your virtual machine.

Optional configuration. You use this option to configure some basic operating system settings such
as automatic updates, the availability set for the virtual machine, the network configuration including
static IP address and virtual network, the storage account, and whether diagnostics should be on or
off.

Resource group. The resource group is a container that groups objects together into a collection for
easier management.

Subscription. If you have multiple Azure subscriptions, you can choose which subscription the virtual
machine should be part of.

Location. You can configure the location for the virtual machine to the most appropriate locale.

After you configure these options, the portal creates the virtual machine with the settings that you have
specified. At this time, Microsoft Azure supports only generation 1 virtual machines. In the Azure portal,
you cannot manage virtual machine generation, but it is important to consider this when using the virtual
machine image create on your local Hyper-V environment.
Also, the Azure platform does not provide console access to a virtual machine, and most Azure VMs,
irrespective of size, have only one virtual network adapter, which means that they also can have only one
IP address.

When running Azure VMs, you pay for the service on an hourly or per-minute basis. The price for the
specific virtual machine is based on the size, the operating system, and the additional software installed
on the virtual machine. Because your virtual machine allocates resources on the Azure platform, you are
charged when the virtual machine status is Running or Stopped, but you are not charged when the
machine is in Stopped (Deallocated) state. When you shut down the virtual machine from its operating
system, it will go into the Stopped state, and you will be charged for it, even if it is not running. Only when
you shut down the virtual machine from the Azure portal will it go into the Stopped (Deallocated) state.
Some additional charges may appear for the storage that the virtual machine uses in addition to the
operating system disk.
Additional Reading: For more information on Azure virtual machines, go to
http://go.microsoft.com/fwlink/?LinkID=517440

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 3-7

Create a Virtual Machine from the Gallery


If you do not want to use your own image file to
build an Azure virtual machine, you can create a
virtual machine from the gallery of available
images and VMs. The gallery provides preinstalled
images of various Microsoft and Linux operating
systems and products. For example, you can select
a basic Windows Server installation or a specific
product, which will be preinstalled with the server.
Some of the available Microsoft products include:

Windows Server

Microsoft SharePoint

Microsoft SQL Server

Microsoft BizTalk Server

Microsoft Visual Studio

If you are performing a Linux installation, you can select from multiple versions of the following
distributions:

Ubuntu

CentOS

SUSE

Oracle

Puppet Labs

Finally, an installation can also be based on images or disks that you have previously uploaded to Azure.
After you have selected the operating system or image that you wish to deploy, the next step in the
gallery wizard asks for virtual machine configuration details. These details include:

Operating system version release date

Virtual machine name

Deployment tier

Virtual machine size

Username

Password

A key aspect of these configuration steps is the deployment tier and size of the instance. The Azure offer
consists of several virtual machine pricing tiers. For example, a basic deployment tier and a standard
deployment tier offer the following sizes for general purpose use:

A0 (shared core, 768 MB memory, 1 data disk)

A1 (1 core, 1.75 GB memory, 2 data disks)

A2 (2 cores, 3.5 GB memory, 4 data disks)

A3 (4 cores, 7 GB memory, 8 data disks)

A4 (8 cores, 14 GB memory, 16 data disks)

MCT USE ONLY. STUDENT USE PROHIBITED

3-8 Virtual Machines in Microsoft Azure

Besides basic tier, which has a very affordable monthly price, there are additional tiers for more
demanding services. The standard deployment tier includes the features of the basic deployment tier in
addition to autoscaling and load balancing. Both of these features are not available in the basic
deployment tier. These options are typically necessary for memory-intensive services such as database
services. Lastly, there is a compute-intensive deployment tier that offers all that the standard tier includes
with some additional features. Note that the compute-intensive deployment tier comes standard with a
40 gigabyte (GB) InfiniBand network, and Remote Direct Memory Access (RDMA) support. For example,
you can choose some of these tiers:

A8 (8 cores, 56 GB memory, 16 data disks)

A9 (16 cores, 112 GB memory, 16 data disks)

Microsoft is updating tiers regularly, so we recommend that you review the current offer on the Azure
management portal.
After you have created a virtual machine instance, you can use two primary methods to connect and
manage the virtual machine:

Windows PowerShell with the Azure module

Remote Desktop Protocol, initiated from within the Azure management portal

Additional Reading: For more information on Virtual Machine and Cloud Service Sizes for
Azure, go to http://go.microsoft.com/fwlink/?LinkID=517441

Demonstration: Create a Virtual Machine from the Gallery


In this demonstration, you will see how to create a virtual machine from the Azure Gallery.

Demonstration Steps
Create a virtual machine
1.

Sign in to your Azure account on the Azure preview portal at https://portal.azure.com.

2.

Create a new virtual machine by using the following settings:

3.

Operating system: Windows Server 2012 R2 Datacenter

VM name: server<your_initials>-10979

User name: server<your_initials>-admin

Password: Moc1500!

Location: Select the location that is closest to you

Storage account: Create new by using default values

Select to create a virtual machine with these settings and wait for a couple minutes until the virtual
machine is created.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 3-9

Configure and Scale a Virtual Machine


After you create an Azure virtual machine, you
use the Azure management portal to perform
further configuration and administration of each
virtual machine.
When you click the virtual machine in the Azure
management portal, the tab-based interface for
management opens. Notice that this interface is
significantly different than the interface of virtual
machine properties in Hyper-V Manager, in the
following ways:

On the Dashboard tab, you can see general


information about the virtual machine state
and configured options. In addition, here you can find quick links to some commonly used
configuration options.

On the Monitor tab, you can find real-time information about the performance of critical components
of your virtual machine. You can monitor central processing unit (CPU), Disk, and Network resources.

The Endpoints tab lets you configure connection endpoints for the virtual machine, as discussed
earlier in this lesson.

The Configure tab provides options for virtual machine configuration. On this tab, you can change
the virtual machine tier and size, and you can also configure the virtual machine availability options
by configuring an availability set.

Availability Sets and Scaling

By configuring an availability set, you provide redundancy for an application that is running on one or
more virtual machines. When you put two or more virtual machines into the availability set, you ensure
that, during a planned or unplanned maintenance event, at least one virtual machine will be available and
meet the 99.95% Azure service level agreement (SLA). In practice, when you place two or more virtual
machines in the availability set, you inform the Microsoft Azure fabric controller that these virtual
machines are hosting the same service, and that they should not be taken down at the same time. Besides,
virtual machines that are part of an availability set are spread across different racks in the Azure data
center, which means they have separate power supplies and switches.
The Azure platform controls these operations by using the Update Domain and Fault Domain objects.
Update Domain objects help the Azure platform to determine which virtual machines (or physical
hardware that hosts them) can or cannot be rebooted at the same time. Fault Domain objects define the
group of virtual machines that share a common power source and network switch. When you configure
up to five virtual machines in the same availability set, they will never all share the same Fault Domain
object.
Note: Do not confuse availability sets with high availability technologies such as failover
clustering or Network Load Balancing (NLB).

For an application running within virtual machines, you can also configure scaling. Before you configure
any scaling options, you must assign the virtual machines to the same availability set. You can scale your
application manually or you can set parameters to scale it automatically. Virtual machines that you assign
to the availability set are turned on in a scale-up action and turned off in a scale-down action. CPU core
usage affects application scaling. Larger virtual machines have more cores available. You can scale

applications within the core limits for your Azure subscription. For example, if you have an Azure
subscription that has a limit of 20 cores and you run an application with two medium-sized virtual
machines (which use four cores in total), you can only scale up the other cloud service deployments in
your subscription by 16 cores. All virtual machines in an availability set that you use in scaling an
application must be the same size.

Demonstration: Configure a Virtual Machine from the Portal


In this demonstration, you will see how to configure an Azure virtual machine.

Demonstration Steps
1.

Open the Azure preview portal and browse to Virtual machines.

2.

Click the virtual machine that you created in the previous demonstration. Show available options

3.

Open Azure portal from Azure preview portal. In the Azure portal, click on the virtual machine
created in previous demonstration.

4.

Browse through the DASHBOARD, MONITOR, and ENDPOINTS tabs and review the available
options.

5.

On the CONFIGURE tab, change the size of the virtual machine to A1.

6.

Save the changes.

Connect to a Virtual Machine


After you create a virtual machine on the
Microsoft Azure platform, you will probably want
to connect to it, and then perform further
administration tasks.

MCT USE ONLY. STUDENT USE PROHIBITED

3-10 Virtual Machines in Microsoft Azure

To log on to a virtual machine, you use credentials


that you specified when you created the virtual
machine. To make a connection to a virtual
machine, you can use the Remote Desktop client
software for Windows operating systems, or other
operating systems that support it. Alternatively,
you can use the Secure Shell (SSH) client for Linux
operating systems. For security reasons, you can
disable this type of communication to reduce the attack surface and instead use virtual private networks
(VPNs), which you will learn about later. You can also change the default port for connecting to Remote
Desktop.

You can connect to your Azure virtual machine directly from the Azure management portal by choosing
the Connect option after selecting a virtual machine. In case of a Windows virtual machine, you will be
prompted to download the .rdp file with settings needed to make a connection to the virtual machine. If
you want to make an SSH connection, you can find SSH information such as the host name and port
number in the Management Portal by selecting the virtual machine and looking for SSH Details in the
Quick Glance section of the dashboard.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 3-11

Besides using Remote Desktop Protocol (RDP) or SSH to connect to the virtual machine, you can also
specify a custom port and protocol to make a connection. To allow access to the virtual machine, you
need to create an endpoint. Two endpoints are created by default when you create a new virtual machine,
but you can create more by using the management portal.
Each virtual machine created by using an image from the Azure gallery comes with the local Windows
Firewall enabled. Windows Firewall is configured with inbound rules according to the default endpoints
created for the specific virtual machine. However, if you create additional endpoints later, you will also
have to create appropriate inbound rules on the local firewall on the virtual machine. In addition, if you
are using your custom image on an Azure virtual machine, you will have to set all firewall rules manually.
Note: If you forget the user name and password for the Azure virtual machine, you can
perform a password reset by using the VMAccess extension. You can enable this extension
during the wizard for creating an Azure virtual machine. Alternatively, you can also use the
Set-AzureVMaccessExtension cmdlet from Microsoft Azure PowerShell module to add this
extension after deploying the virtual machine. With this extension, you can also reset Remote
Desktop Access or Secure Shell (SSH) settings on a virtual machine.

Troubleshooting Virtual Machine Connection Issues

If you are having trouble connecting to a virtual machine in Microsoft Azure, you can try the following
troubleshooting steps:

Ensure that you are using the correct user account. If you added a machine to the Active Directory
Domain Services (AD DS) domain, ensure that you are using the correct domain to sign in.

Delete and recreate endpoint objects for RDP or SSH.

Restart the virtual machine.

If you are using a specific endpoint with custom values for port and protocol to connect, ensure that
your local firewall allows this connection.

Demonstration: Connect to a Virtual Machine


In this demonstration, you will see how to connect to an Azure virtual machine.

Demonstration Steps
Connect to a virtual machine by using Remote Desktop Connection

Switch back to the Azure preview portal, click the newly created virtual machine, and then connect to
the virtual machine.

Validate functionality of a newly created virtual machine


1.

Sign in to the virtual machine and navigate around the server configuration by viewing Server
Manager and File Explorer.

2.

Disconnect the Remote Desktop Connection session when finished.

Lesson 2

Configure Disks
Each virtual machine uses disks to store data. You must configure at least one disk on each virtual
machine to store operating system files. You can add more disks to each virtual machine deployed onpremises or in Microsoft Azure.

MCT USE ONLY. STUDENT USE PROHIBITED

3-12 Virtual Machines in Microsoft Azure

Virtual machines deployed in the Hyper-V environment use the .vhd or .vhdx virtual disk formats. In this
lesson, you will learn about virtual machine disks and how to manage them.

Lesson Objectives
After completing this lesson, you will be able to:

Describe virtual hard disks.

Upload and attach disks to virtual machines.

Describe how to configure new disks in Windows operating systems.

Configure disks.

Overview of Virtual Hard Disks

A virtual hard disk is a file that represents a


traditional hard disk drive. You can configure this
file as a virtual hard disk with partitions and an
operating system. You can use virtual hard disks
on virtual machines, and you can mount virtual
hard disks as local volumes by using the Windows
Server 2012, Windows Server 2008 R2, Windows 8,
and Windows 7 operating systems. Windows
Server 2012 supports the boot from virtual hard
disk option. This enables you to configure a
computer to boot into a Windows Server 2012
operating system that is deployed on a virtual
hard disk, or into certain editions of the Windows 8 operating system that are deployed on a virtual hard
disk. You can create a virtual hard disk by using:

The Hyper-V Manager console.

The Disk Management console.

The DiskPart (diskpart.exe) command-line tool.

The Windows PowerShell cmdlet New-VHD.

Note: Some editions of Windows 7 and Windows Server 2008 R2 also support booting
from virtual hard disk.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 3-13

Virtual Hard Disks in .vhd Format vs. Virtual Hard Disks in .vhdx Format

Virtual hard disks typically use the .vhd extension. Windows Server 2012 introduces a new type of virtual
hard disk that uses the .vhdx extension. Virtual hard disks with the .vhdx format have the following
benefits over virtual hard disks that were used in Hyper-V on Windows Server 2008 and Windows
Server 2008 R2:

Virtual hard disks with the .vhdx format can be as large as 64 TB, whereas virtual hard disks with the
.vhd format are limited to 2 TB.

Virtual hard disks with the .vhdx format are less likely to become corrupt if the virtualization server
suffers an unexpected power outage.

The .vhdx format supports better alignment when deployed to a large sector disk.

Virtual hard disks with the .vhdx format can hold larger dynamic and differencing virtual hard disks.
This provides for better performance from the dynamic and differencing virtual hard disks.

You can convert a virtual hard disk with the .vhd format to the .vhdx format by using the Edit Virtual Hard
Disk Wizard. You might want to do this if you have upgraded a Windows Server 2008 or Windows Server
2008 R2 virtualization server to Windows Server 2012 or Windows Server 2012 R2. You can also convert a
virtual hard disk with the .vhdx format to the .vhd format.

Disks in Microsoft Azure


There are three types of virtual disks in Azure:

Operating system disk. Each machine has an operating system disk attached. This disk is attached as a
serial ATA (SATA) drive and labeled with the letter C. It has a capacity of 127 GB. This disk contains
the operating system of the virtual machine. In the Azure infrastructure, each operating system disk is
created in three copies for redundancy, but this process is transparent to the user.

Temporary disk. As with the operating system disk, this disk is created automatically during the
creation of the virtual machine. It has the same size as the operating system disk, and it is labeled with
the letter D. It is important to note that you should not use this disk for storing data. It is there to
provide temporary storage for applications and processes and to store data that you do not need to
keep, such as page or swap files. The temporary storage is present on the physical machine that is
hosting your virtual machine. In some scenarios, a virtual machine can move to a different physical
host machine, such as in a power failure. When this happens, your virtual machine is recreated on the
new host machine by using the operating system disk. Any data saved on the previous temporary
drive will not be migrated, and your virtual machine will be assigned a new temporary drive. In
addition, when you resize your virtual machine or when you shut it down temporarily, storage will be
deleted.

Data disk. You should use this type of disk as data storage. Its maximum size is 1 TB, and you can
label it with the letter of your choice. Unlike the operating system disk, this disk is attached to the
SCSI interface of the virtual machine. This disk, along with an operating system disk, is stored in an
Azure Storage account as a page blob. You will discuss types of Azure storage in later modules. Each
disk type is based on the .vhd format. The number of data disks assigned to the virtual machine that
you choose from the gallery depends on the deployment and pricing tier that you choose.

You can use the Azure management portal or Windows PowerShell to attach disks to a virtual machine.
The Add-AzureDataDisk cmdlet can attach an existing data disk to a virtual machine or create a new
data disk for a virtual machine.

You must consider the following factors when using virtual disks in Azure:

MCT USE ONLY. STUDENT USE PROHIBITED

3-14 Virtual Machines in Microsoft Azure

Azure does not support the .vhdx format. All virtual disks must use the .vhd format.

Azure does not support dynamically expanding disks. All virtual disks must be fixed disks.

.vhd files remain in your storage account even if you remove them from a virtual machine or delete
the virtual machine. You must manually manage the .vhd files to minimize storage space waste.
Alternatively, you can use Windows PowerShell to manage the .vhd files automatically.

Uploading and Attaching Disks

If you want to attach a new data disk to your


virtual machine in Microsoft Azure, you can do so
by using the Azure management portal. When
creating a new disk, you must choose a storage
account and a container where your disk will be
stored, and you must specify a disk size in GB.
Azure disks that you can attach to the virtual
machines are stored as page blobs in Azure
Storage. Each storage account that you create in
your Azure subscription has specific scale targets.
If services in your virtual machine require heavy
disk I/O load through a virtual machine, it is
possible that you will reach the limits of these storage targets. A specific blob (which holds a single disk)
has a target of 60 megabytes (MB) per second.
For achieving better performance, we recommend that you use multiple disks across multiple storage
accounts. This will enable you to exceed account-specific storage scale targets.
You can also use a virtual disk from your on-premises computer, such as a server running Hyper-V in
Windows Server 2012. You can upload the .vhd file to Azure, and then attach it to a virtual machine.
Currently, Azure supports a maximum .vhd size of 999 GB. After you attach a disk to a virtual machine,
you must initialize it before use.
Many organizations use a custom operating system image for their computers. Also, in some more
complex environments, you would use a set of virtual machine images for a single service. You would
typically manage these images by using VMM in on-premises environments. For many organizations,
multiple images handle client computers and servers running different operating systems and
applications. You can upload your customized images to Azure so that you can deploy your images in
Azure. To use your images in Azure, you must meet the following prerequisites:

You must download and install the Azure Windows PowerShell module on an on-premises computer.
The module contains the Add-AzureVHD cmdlet, which you will use to upload your custom images
to Azure.

You must create a .vhd file containing your custom Windows operating system image. Note that
Azure does not support .vhdx files, but you can convert your existing .vhdx files to .vhd before you
upload them.

Azure must support the operating system in the image. Azure supports images containing Windows
Server 2008 R2 and newer versions.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 3-15

When you are ready to begin, follow these high-level steps:


1.

Launch Azure Windows PowerShell and connect to Azure.

2.

Run the upload command. For example, your system has the following parameters:
o

The URL to the storage container is https://10979astorage01bs.blob.core.windows.net


/10979a-c1

The container name is 10979a-c1

The local path to the .vhd file is D:\Images\2012-R2-General.vhd

The new .vhd file will be called "2012-R2-General.vhd"

You would run the following command to upload the image:


Add-AzureVhd -Destination "https://10979astorage01bs.blob.core.windows.net/10979ac1/Images/2012-R2-General.vhd" -LocalFilePath "D:\Images\2012-R2-General.VHD"

3.

Add the image to your custom images list. You can add the image by using the Azure management
portal or by using Windows PowerShell. When the image is in the custom images list, it is available for
deployment when you create a new virtual machine.

You also have the option of using the VM Depot instead of uploading an image. The VM Depot contains a
large number of community-developed images that you can customize and use when you are creating
new VMs. However, the depot contains only non-Windows images, most of which are based on the Linux
operating system. Many of the images are based on their intended use. For example, you can find images
configured for blogging services and web servers. Community members provide and license the virtual
machine images on this site to you. Microsoft Open Technologies does not screen these images for
security, compatibility, or performance, and does not provide any license rights or support for them.

Configuring New Disks in a Windows Virtual Machines


When you attach a disk to the Azure virtual
machine, you can manage that disk in the same
way as you would manage a disk on the physical
machine or a virtual machine deployed locally on
your Hyper-V server.
Typically, you use Disk Management for
managing disks and volumes. When you first
attach an empty disk to the Azure virtual machine,
you should initialize it, and then create volumes.
Before creating volumes, you should choose
which type of disk you want to use. When
selecting a type of disk for your use in Windows
Server 2012, you can choose between basic and dynamic disks.

Basic Disks
All versions of the Windows operating system support basic storage, which uses partition tables.

A basic disk is one that you initialize for basic storage and that contains basic partitions such as primary
partitions and extended partitions. You can subdivide extended partitions into logical volumes.

By default, when you initialize a disk in the Windows operating system, the disk is configured as a basic
disk. It is easy to convert basic disks to dynamic disks without any data loss. However, when you convert a
dynamic disk to a basic disk, all data on the disk is lost.

Dynamic Disks

MCT USE ONLY. STUDENT USE PROHIBITED

3-16 Virtual Machines in Microsoft Azure

The Microsoft Windows 2000 Server operating system introduced dynamic storage. By using dynamic
storage, you can build fault-tolerant, redundant storage systems. You can also perform disk and volume
management without having to restart computers that are running Windows operating systems.

A dynamic disk is one that you initialize for dynamic storage and that contains dynamic volumes. You can
create a dynamic volume from free space on one or more disks. You can format the volume with a file
system and assign it a drive letter or configure it with a mount point.
Dynamic disks do not perform better than basic disks, and some programs cannot address data that is
stored on dynamic disks. For these reasons, you would not normally convert basic disks to dynamic disks
unless you need to use some of the additional volume configuration options that dynamic disks provide.

ReFS
In Windows Server 2012, besides being able to format volumes with file allocation table (FAT) or New
Technology File System (NTFS), you can also use Resilient File System (ReFS). ReFS is a new feature in
Windows Server 2012 that is based on the NTFS file system. It provides the following features and
advantages:

Metadata integrity with checksums.

Expanded protection against data corruption.

Increased reliability, especially during a loss of power, over NTFS, which can experience corruption in
similar circumstances.

Larger volume, file, and directory sizes.

Redundancy for fault tolerance.

Disk scrubbing for protection against latent disk errors.

Resiliency to corruptions with recovery for maximum volume availability.

ReFS uses a subset of NTFS features, so it maintains backward compatibility with NTFS. Therefore,
programs that run on Windows Server 2012 can access files on ReFS, just as they would on NTFS.
However, an ReFS-formatted drive is not recognized when placed in computers that are running Windows
Server operating systems older than Windows Server 2012. You can use ReFS drives with Windows 8.1, but
not with Windows 8.
Windows Server 2012 also provides a new way to manage storage that is attached to the physical host or
a virtual machine, by implementing Storage Spaces technology. Storage Spaces is a storage virtualization
feature that Windows Server 2012 and the Windows 8 operating system include.
The Storage Spaces feature has two components:

Storage pools. Storage pools are a collection of physical disks that have been aggregated into a single
logical disk so that you can manage the multiple physical disks as a single disk. You can use Storage
Spaces to add physical disks that have different sizes and interfaces to a storage pool.

Storage spaces. Storage spaces are virtual disks created from free space in a storage pool. Storage
spaces have such attributes as resiliency level, storage tiers, fixed provisioning, and precise
administrative control.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 3-17

Demonstration: Configure Disks


In this demonstration, you will see how to attach a new data disk to an Azure virtual machine.

Demonstration Steps
1.

In the Azure preview portal, browse to Virtual Machines.

2.

Navigate to the virtual machine that you created in the first demonstration.

3.

Open the Disks tile.

4.

Ensure that you see only the operating system disk attached to the virtual machine.

5.

In the Disks pane of Virtual machine properties, choose to attach new disk.

6.

Select the default storage account that was created during the creation of the virtual machine.

7.

Choose the vhds container.

8.

Create a new data disk with a size of 5 GB.

9.

After the disk is attached to the virtual machine, connect to it and verify that the disk appears in the
Disk Management console.

Lab: Create a Virtual Machine in Microsoft Azure


Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

3-18 Virtual Machines in Microsoft Azure

Orders at A. Datum Corporation have increased significantly. Currently, the order systems run on a server
that provides other in-house services. You have decided to use a dedicated server for your order systems.
Furthermore, this server needs to be able to cope with increasing workloads in the event of future
changes in order volume. With this in mind, you have decided to create an Azure-based server and
evaluate this as a host for the order systems.

Objectives
After completing this lab, you will be able to:

Create a virtual machine.

Attach a data disk to the virtual machine.

Connect to a virtual machine.

Estimated Time: 40 minutes


Sign in to your classroom computer by using the credentials your instructor provides.

Exercise 1: Create a Virtual Machine from the Gallery


Scenario

As a part of your task to evaluate server hosting in Microsoft Azure, you have to create a virtual machine
from the Azure gallery.
The main tasks for this exercise are as follows:
1.

Select and create a virtual machine.

2.

Verify virtual machine creation.

Task 1: Select and create a virtual machine


1.

Sign in to your Azure account on the Azure portal available at http://azure.microsoft.com. After
signing in, switch to a new Azure preview portal.

2.

Create a new virtual machine by using the following settings:

3.

Operating system: Windows Server 2012 R2 Datacenter

VM name: server<initials>-10979

User name: server<initials>-admin

Password: Moc1500!

Location: Select the location that is closest to you

Storage account: create new by using default values

Select to create a virtual machine with these settings, and then wait for a couple of minutes until the
virtual machine is created.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 3-19

Task 2: Verify virtual machine creation

Switch back to the Azure management portal, and then verify that the virtual machine is displayed
and has the Running status.

Results: After completing this exercise, you will have created and verified a Microsoft Azure virtual
machine.

Exercise 2: Verify the Functionality of the Virtual Machine


Scenario
After creating a virtual machine, you want to make an RDP connection to it and verify its properties.
The main tasks for this exercise are as follows:
1.

View the properties of the virtual machine.

2.

Connect to a virtual machine.

Task 1: View the properties of the virtual machine


1.

Open the Azure preview portal, click the HOME tab and then click to open the Azure portal.

2.

In the Azure portal, click the virtual machine that you created in the previous demonstration.

3.

Browse through the DASHBOARD, MONITOR, ENDPOINTS, and CONFIGURE tabs and review the
available options.

Task 2: Connect to a virtual machine


1.

Switch to the Azure preview portal.

2.

Click Browse and then select virtual machine created earlier.

3.

Connect to the virtual machine from the Azure portal, sign in, and then navigate around the server
configuration by viewing Server Manager and File Explorer. Use the credentials that you defined for
the virtual machine in the previous exercise.

4.

Disconnect the Remote Desktop Connection session when finished.

Results: After completing this exercise, you will have established a connection to the virtual machine.

Exercise 3: Attach a Data Disk


Scenario
After creating a new virtual machine in Microsoft Azure, you want to add a new disk to store data.
The main tasks for this exercise are as follows:
1.

View virtual machine disks.

2.

Attach a data disk.

Task 1: View virtual machine disks


1.

In the Azure portal, browse to Virtual Machines.

2.

Navigate to the virtual machine that you created in Exercise 1.

3.

Open the Disks tile.

4.

Ensure that you see only the operating system disk attached to the virtual machine.

Task 2: Attach a data disk

MCT USE ONLY. STUDENT USE PROHIBITED

3-20 Virtual Machines in Microsoft Azure

1.

In the Disks pane of Virtual machine properties, choose to attach a new disk

2.

Select the default storage account created during virtual machine creation.

3.

Choose the vhds container.

4.

Create a new data disk with a size of 5 GB.

5.

After the disk is attached to the virtual machine, use Azure preview portal to connect to it

6.

Sign in to virtual machine with credentials defined in Exercise 1. Open Computer Management in the
virtual machine window, and verify that disk appears in the Disk Management console.

Results: After completing this exercise, you will have attached a new disk to a virtual machine.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 3-21

Module Review and Takeaways


Best Practice

Before creating Azure virtual machines, ensure that you are familiar with the pricing for the capacity
you need.

Ensure that the size of your virtual machine will meet the needs of services that it hosts.

Use availability sets when you host the same service in more than one virtual machine.

Use data disks in different storage accounts to achieve better performance.

Review Question
Question: Can you create generation two virtual machines in Microsoft Azure?

MCT USE ONLY. STUDENT USE PROHIBITED

MCT USE ONLY. STUDENT USE PROHIBITED


4-1

Module 4
Virtual Networks
Contents:
Module Overview

4-1

Lesson 1: Getting Started with Virtual Networks

4-2

Lesson 2: Creating a Virtual Network

4-5

Lesson 3: Implementing Point-to-Site Networks

4-8

Lab: Create a Virtual Network

4-12

Module Review and Takeaways

4-15

Module Overview

Microsoft Azure virtual networks are a critical component of most Azure deployments. With Azure virtual
networks, you can establish secure and reliable communication between Azure virtual machines and
between your data center and Azure. By using Azure virtual networks, you can effectively extend your
data center to Microsoft Azure.
In this module, you will learn how to create and implement Azure networks, and how to implement
communications between your on-premises infrastructure and Azure.

Objectives
After completing this module, you will be able to:

Describe the purpose and functionality of Azure virtual networks.

Create Azure virtual networks.

Implement point-to-site networks.

Lesson 1

Getting Started with Virtual Networks

MCT USE ONLY. STUDENT USE PROHIBITED

4-2 Virtual Networks

You must be familiar with virtual networks before implementing them in Azure. Also, it is important that
you determine whether your cloud deployment requires virtual networks. In this lesson, you will learn
about virtual networks and their proper implementation.

Lesson Objectives
After completing this lesson, you will be able to:

Describe virtual networks.

Determine the need for a virtual network.

Describe virtual network awareness.

What Are Virtual Networks?


When you deploy virtual machines in your onpremises environment, you must create virtual
networks to enable the virtual machines to
communicate with each other. Depending on
your communication needs for virtual machines,
you can create private, internal, or external virtual
networks switches. By using these switches and
networks, virtual machines communicate with the
rest of your network, with other virtual machines,
and with the Microsoft Hyper-V host machine.

Deploying virtual machines in Microsoft Azure is


similar to deploying them on-premises. However,
because you do not deploy Azure virtual machines in your own data center, and because they are not
physically connected to your network infrastructure, you must connect these virtual machines to your
internal infrastructure first. By running software that your companys employees use in Azure virtual
machines, you can make these applications as accessible as if they were running in your own data center.
By default, Azure virtual machines can communicate with each other, but network communication with
your on-premises infrastructure is not enabled, except for Remote Desktop Protocol (RDP) traffic.
You can address this issue is by creating a virtual private network (VPN) between your local network
infrastructure and Azure virtual machines. However, before you create a VPN connection, you must first
create an Azure virtual network, and assign virtual machines to it.
The Microsoft Azure virtual network represents a logical boundary around a group of virtual machines,
called a virtual network, in an Azure data center. After you create a virtual network in Azure, you can
establish a connection, protected with Internet Protocol security (IPsec), between this network and your
local network.

When creating Azure virtual networks, you can allocate IP addresses for the Azure virtual machines from
the same IP address space that you use in your own network. This greatly simplifies the deployment of the
Azure virtual machines (VMs) and the movement of the locally deployed virtual machines to the Microsoft
Azure platform. Because the connection between your local infrastructure and Azure virtual machines
happens on the IP level, the connection does not depend on an operating system running in the virtual
machines. After you establish this connection, the Azure virtual machines running in virtual networks look
like just another part of your organizations network. As a result, virtual machines in Azure can also access

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 4-3

resources in your local network infrastructure. For example, you can run a service in an Azure VM that
uses data stored on your locally deployed storage.
Additional Reading: For more information on virtual networks, go to
http://go.microsoft.com/fwlink/?LinkID=517442

Determine the Need for Virtual Networks


Not every deployment of Azure virtual machines
requires the deployment of Azure virtual
networks. Whether you need an Azure virtual
network depends on what you are trying to
do. Because there is no universal design for Azure
virtual networks, it is important that you carefully
plan virtual network deployments for resources in
Azure. In general, your solution for networking in
Azure will fall into one of the following categories:
no virtual networks, cloud-only virtual network,
and cross-premise virtual network.

We recommend that you evaluate your need for


virtual networks before you deploy Azure virtual machines, because virtual machines and cloud services
configure their network settings during deployment. This means you cannot move your existing Azure
virtual machines into a virtual network that is already deployed. However, you can redeploy your virtual
machines to connect them to proper virtual networks, which can cause some downtime.
Depending on your usage scenario, you can create two types of virtual networks in Microsoft Azure.

If you do not plan to connect your Azure virtual machines to your local network infrastructure, you
will use cloud-only virtual network deployments. In this case, on-premises resources can access Azure
virtual machines only through connection endpoints. The Azure virtual machines can communicate
with each other and access the Internet, but they cannot use any VPN-based connections.

To connect your internal data center to Azure virtual machines by using a secure connection, and to
provide two-way resource access between Azure VMs and an on-premises infrastructure, you create a
Cross-Premise virtual network. When creating a Cross-Premise virtual network, you must create a
gateway to your internal network. You must also consider IP addressing.

Virtual Network Awareness


Virtual machines deployed in a cloud utilize virtual
networks in Azure the most, but other Azure
services can also use them.

MCT USE ONLY. STUDENT USE PROHIBITED

4-4 Virtual Networks

Currently, virtual networks created in Azure


support cloud services only. Cloud services in
Azure that can use virtual networks include
cloud services and virtual machines. A cloud
service consists of one or more web roles or
worker roles, each with its own application files
and configuration. At the time of writing this
course, Azure websites support integration with
the Azure virtual networks, but Microsoft Azure
SQL Database does not. Integration between Azure Websites and the Azure virtual network enables your
website to access resources running your virtual network. This includes the ability to access web services
or databases running on your Azure virtual machines. If your virtual network is connected to your onpremises network, your Azure Website will be able to access the on-premises systems through this
integration.
Also, within virtual networks, you can deploy cloud services with web and worker roles such as those in
Platforms as a Service (PaaS). You do not have to change your application code for this. When you
configure your service, you should specify your virtual network name and the role/subnet mappings in
the network configuration section. However, once you deploy a service to a virtual network, you cannot
move it in and out of the virtual network. If you want to move the service, you will have to delete and
then redeploy the service.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 4-5

Lesson 2

Creating a Virtual Network

To create and use virtual networks, you should configure several configuration options. In this lesson, you
will learn about virtual network components, and how to create virtual networks. Also, you will learn
about Microsoft Azure Traffic Manager.

Lesson Objectives
After completing this lesson, you will be able to:

Describe virtual network components.

Create a virtual network.

Describe the Microsoft Azure Traffic Manager.

Virtual Network Components


When you create a virtual network in the Azure
portal, you must configure several components
and properties. For cloud-only virtual networks,
configuration steps are simpler, because you do
not have to create a gateway to your on-premises
infrastructure. If you decide to have a crosspremise virtual network, you must configure
additional elements.

When you start a wizard to create a new virtual


network, you first have to provide a network
name. You may choose any name, but it cannot
start with a number. After you select your virtual
network name, you should configure the Location parameter. You can configure the location by selecting
a region from the drop-down list. This location specifies where you want your virtual machines to reside
when you deploy them to the virtual network you are creating. For example, if you indicate that your
network is located in the South Central US region, each virtual machine that you assign to this network
will be located in this same region. It is not possible to change the region associated with your virtual
network after you create it.

After you configure your network location, you will have the option to configure Domain Name System
(DNS) servers for your network. By default, Azure provides name resolution for your virtual network.
However, if you have more advanced DNS requirements, or want to use dedicated DNS servers for your
Azure virtual machines, you have the option to configure DNS servers for each virtual network you create.
If you do not want to connect your virtual network with an on-premises infrastructure, the only thing you
should configure for the Azure virtual network is the Virtual Network Address Space. When configuring
the Virtual Network Address Space, you specify the address space that you want to use within the virtual
network you create. You can choose between 10.0.0.0, 172.16.0.0, and 192.168.0.0 with variable length
subnet masks. You can also configure additional subnets within these address spaces. IP addresses from
ranges configured here will be dynamically assigned to your virtual machines. However, you cannot use
these IPs for connection endpoints on the Internet.

MCT USE ONLY. STUDENT USE PROHIBITED

4-6 Virtual Networks

If you choose to connect your virtual network with your on-premises infrastructure, you must select pointto-site or site-to-site connectivity options on the DNS Servers and VPN Connectivity page of the wizard. If
you choose to create site-to-site connectivity, you will have to configure on-premises VPN device IP
address, and specify your local IP scope. For pointto-site connectivity, you must select the IP address
range that will be used for VPN clients.

Demonstration: Creating a Virtual Network


In this demonstration, you will see how to create an Azure virtual network.

Demonstration Steps
1.

Sign in to your Azure subscription at https://manage.windowsazure.com.

2.

Click Networks in the navigation pane.

3.

Choose to create a new virtual network.

4.

Name the network VNET1, and choose West US as the location.

5.

Do not make changes to DNS Servers and Connectivity options.

6.

Select 192.168.0.0/24 for Virtual Network Address Spaces.

7.

Add 172.16.0.0/16 subnet and name it Subnet-2.

8.

Finish the wizard and create a network.

Azure Traffic Manager


When you implement an application in Microsoft
Azure, you will want to provide efficient and fast
access to it for the end users. In situations where
you deploy an application in multiple Azure data
centers (such as when you deploy several virtual
machines in different Azure regions), you will want
to direct user request traffic across these data
centers so that users experience minimal latency.
To achieve this type of optimization, the Azure
platform provides a service called Azure Traffic
Manager. This service intelligently directs requests
from users across instances of an application
running in different Azure data centers.

When a user wants to access your application or a web site, the users machine will look up the DNS name
of your application. Queries for the IP address will go to Azure DNS servers. DNS in Azure will then search
for the Traffic Manager policy for the name that was received in a query. If it finds one, Azure Traffic
Manager calculates the most efficient connection for the specific user, based on policy, and directs the
user to the appropriate Azure data center.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 4-7

When you create an Azure Traffic Manager policy for your application, there are three options that you
can configure to determine how Azure Traffic Manager behaves:

Performance. If you choose this option, Traffic Manager sends all client requests to the data center
with the lowest latency from the user system. Usually, this will be the data center that is
geographically closest to the user.

Failover. If you choose this option, Traffic Manager directs all client requests to the data center that
you specify in the policy. If the data center is unavailable, Traffic Manager directs requests to other
data centers in the priority order defined by the policy.

Round Robin. If you choose this option, Azure Traffic Manager equally distributes client requests
across all data centers in which the application is running.

Azure Traffic Manager periodically checks all instances of the application that it manages. It periodically
pings each copy of the application via an HTTP GET and records the response. If there is no response, it
stops directing users to that instance of the application until it reestablishes the connection.

Lesson 3

Implementing Point-to-Site Networks

MCT USE ONLY. STUDENT USE PROHIBITED

4-8 Virtual Networks

In many scenarios, you might need to initiate a remote connection to the Azure virtual network. Azure
virtual networks give you the ability to initiate a secure point-to-site VPN connection from anywhere, by
using a software VPN client. In this lesson, you will learn about point-to-site VPN connections and how to
implement them.

Lesson Objectives
After completing this lesson, you will be able to:

Describe a point-to-site VPN connection.

Describe the requirements for a point-to-site VPN connection.

Set up a point-to-site VPN connection.

Overview of Point-to-Site VPN


By default, each virtual machine that you create
in Azure is accessible by an RDP or an SSH
connection. However, if you want to establish a
secure connection from your computer (or from
your local network resources) to the Azure virtual
network, you have to create a VPN connection.

By setting up a point-to-site VPN connection, you


can create individual connections from client
computers that you want to connect to the Azure
virtual network. In site-to-site VPNs, you establish
a VPN connection throughout your whole local
network infrastructure, and you use a VPN device
on your side. With point-to-site VPNs, you establish a connection by using a software VPN client that you
install on each machine from which you want to initiate a connection to the Azure virtual network. This
type of VPN connection does not require that you have a VPN device. Also, you do not need to have a
static IP address assigned to the VPN client. You can establish a point-to-site VPN connection manually by
initiating a connection from the client.
Although site-to-site VPNs will probably be the ideal solution when you want to extend your data center
to Azure, there are some scenarios where point-to-site VPNs are more appropriate. For example, if you
want to configure just a few clients from your network to connect to the Azure virtual network, a pointto-site VPN is the appropriate solution. In addition, point-to-site is best if you want to enable your clients
to connect to the Azure virtual network from remote locations, such as hotels or airports. If you do not
have an externally facing IPv4 IP address for your VPN device, you will also have to establish a point-tosite connection.
Even when you have implanted a site-to-site VPN, you might need point-to-site VPN connections for
remote clients that require a connection to Azure. Because of this, point-to-site and site-to-site
configurations can exist concurrently.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 4-9

Overview of Requirements for Point-to-Site VPN


Although creating a point-to-site VPN connection
is fairly simple, it does require that you configure
certain settings before beginning the process.
When you create a virtual network in the Azure
portal and select the option to enable point-tosite connectivity, you will be required to configure
address space for IP addresses that you want to
assign to cross-premises clients connecting
through a point-to-site connection. This address
space must be from the private range 10.0.0.0/8,
172.16.0.0/12, or 192.168.0.0/16. You must ensure
that the range you select here does not overlap
with other virtual networks or networks on your local site.

Also, you will have to configure virtual network address space that will be used within the virtual network
you are creating. This network address space also should not overlap with address space that you use in
your on-premises environment.
Each point-to-site VPN requires that you configure a dynamic routing gateway. A point-to-site VPN
requires a gateway subnet. Only the virtual network gateway uses the gateway subnet.

You use certificates to perform authentication for the clients that are initiating a point-to-site VPN
connection. You must first create a root certificate and upload it to the Azure management portal. Then
you create client certificates used for authentication. You create these certificates manually by using the
makecert command line utility (part of Microsoft Visual Studio tools). Currently, you cannot use an
internal certification authority (CA) to generate these certificates, so you must use self-signed certificates.

You must install a client certificate on each computer that you want to connect to the virtual network, so
you must generate a client certificate for each machine that you want to connect to the Azure virtual
network. You can generate certificates for all clients on a single machine, export them, and then import on
each client. It is important that you export certificates in .pfx format that includes the private key. The next
topic will cover the certificate generation process
Based on generated certificates and the dynamic gateway, the Azure platform will generate VPN client
software that you should install on each machine that will be connecting to the Azure virtual network.
Currently, the Azure platform supports the following operating systems as clients:

Windows 8.1 (32-bit and 64-bit)

Windows 8 (32-bit and 64-bit)

Windows 7 (32-bit and 64-bit)

Windows Server 2012 R2 (64-bit only)

Windows Server 2012 (64-bit only)

Windows Server 2008 R2 (64-bit only)

You will choose to download the 32-bit or 64-bit VPN client. You can then manually install VPN client
software on each machine, or use a software distribution mechanism, such as Microsoft System Center
Configuration Manager.

Setting Up a Point-to-Site VPN


You can use the Azure management portal to
create a point-to-site VPN. If you have already
created virtual networks, you can enable them for
point-to-site connectivity. However, you might
have to change other configuration parameters.
Because of this, we recommend that you
configure point-to-site connectivity when you
create an Azure virtual network.
You would typically use the following process to
create and configure a virtual network with pointto-site connectivity:

MCT USE ONLY. STUDENT USE PROHIBITED

4-10 Virtual Networks

1.

Create a virtual network. As the previous


lesson described, you should start the wizard for creating a new virtual network. During the wizard,
you should select the check box for enabling point-to-site VPN capability. You will see the
configuration page where you can configure address space for VPN clients, the virtual network
address space, and gateway subnet. If you enable point-to-site connectivity on an existing virtual
network, you will also have to configure these parameters.

2.

Create a dynamic routing gateway. A gateway is a mandatory component for a point-to-site VPN
connection. You must enable a dynamic routing gateway after you create your virtual network with
point-to-site connectivity. It usually takes up to 15 minutes to create the gateway.

3.

Create certificates. As described earlier, certificates are used for VPN authentication purposes. To
create a root self-signed certificate, you should issue the following command:
makecert -sky exchange -r -n "CN=RootCertificateName" -pe -a sha1 -len 2048 -ss My
"RootCertificateName.cer"

After you create the root certificate, you should upload it to Azure by using the Certificates tab in the
Network configuration pane. Then you should create client certificates. You use the same commandline utility as for the root certificate, but with different parameters. For example:
makecert.exe -n "CN=ClientCertificateName" -pe -sky exchange -m 96 -ss My -in
"RootCertificateName" -is my -a sha1

This command creates a client certificate in a users Personal store on the computer where you issue
this command. You can generate as many client certificates as needed by using this same command
and typing different values for ClientCertificateName. We recommend that you create unique client
certificates for each computer that you want to connect to the virtual network. After you create the
client certificates, you should export them in the .pfx format and import them on the client machines
that will be connecting to the network.
4.

Download and install the VPN client software. After you configure a dynamic gateway and
certificates, you will be see a link to download a VPN client for a supported operating system. You
should download the appropriate VPN client (32-bit or 64-bit) and install it on client machines that
will be initiating a VPN connection. Ensure that you also install the client certificate from step 3 before
you initiate the VPN connection.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 4-11

Demonstration: Set Up a Point-to-Site VPN


In this demonstration, you will see how to create a point-to-site VPN connection.

Demonstration Steps
1.

Open the Azure management portal and navigate to NETWORKS.

2.

Open the configuration pane for VNET1.

3.

Enable the Configure point-to-site connectivity option and save changes.

4.

Notice that you have options for ADDRESS SPACE available in the point-to-site connectivity section.
Ensure that 10.0.0.0/24 is selected.

5.

Open Developer Command Prompt for VS2013 as administrator.

6.

In the command prompt window, type makecert -sky exchange -r -n "CN=VNET1Cert" -pe -a
sha1 -len 2048 -ss My "C:\temp\VNET1Cert.cer", and then press Enter. Do not close the command
prompt window.

7.

Switch back to the Azure management portal, and click the CERTIFICATES tab on the VNET1 portal.
Upload the certificate that you just created and stored to C:\temp.

8.

Restore the command prompt window. Type makecert.exe -n "CN=VNET1Client" -pe -sky
exchange -m 96 -ss My -in "VNET1Cert" -is my -a sha1, and then press Enter.

9.

Switch back to the Azure portal and in the VNET1 configuration pane, on the DASHBOARD tab, click
to create gateway.

Lab: Create a Virtual Network


Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

4-12 Virtual Networks

A. Datum Corporation is planning to create several cloud-based virtual machines. You want to create a
configurable network to control communication between these virtual machines. Also, A. Datum wants to
evaluate ways to connect remote workers to cloud resources by using VPN. To address this requirement,
you decided to implement point-to-site VPNs.

Objectives
After completing this lab, you will be able to:

Create a virtual network.

Create a virtual machine from the Gallery.

Add point-to-site connectivity.

Lab Setup
Estimated Time: 60 minutes
Sign in to your classroom computer by using the credentials your instructor provides.
You must have successfully completed Lab 1 before you start working on this lab.

Exercise 1: Creating a Virtual Network


Scenario
As a first step in deploying virtual network infrastructure, you want to create a new virtual network.
The main task for this exercise is as follows:
1.

Create a virtual network.

Task 1: Create a virtual network


1.

Sign in to your Azure subscription on https://manage.windowsazure.com.

2.

Select NETWORKS in the navigation pane.

3.

Choose to create new virtual network.

4.

Name the network VNET1, and choose West US as location.

5.

Do not make changes to the DNS Servers and Connectivity options.

6.

Select the IP range 192.168.0.0/24 as the range for Virtual Network Address Spaces.

7.

Add the 172.16.0.0/16 subnet and name it Subnet-2.

8.

Finish the wizard and create a network.

Results: After completing this exercise, you will have created a new virtual network.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 4-13

Exercise 2: Creating Virtual Machines from the Gallery


Scenario
After creating a virtual network, you want to assign virtual machines to it. You will create two virtual
machines and assign them to the VNET1 virtual network.
The main tasks for this exercise are as follows:
1.

Create a virtual machine.

2.

Create a second virtual machine.

3.

Test virtual network connectivity.

Task 1: Create a virtual machine


1.

Open the Azure preview portal at https://portal.azure.com and sign in with the Microsoft account
associated with your Azure subscription.

2.

Create a new virtual machine in the Azure preview portal with following parameters:
o

Host name: Server1

User name: server1-admin

Password: Moc1500!

Pricing tier: Basic A1

Virtual Network: VNET1

Task 2: Create a second virtual machine

Create a new virtual machine in the Azure preview portal with following parameters:
o

Host name: Server2

User name: server2-admin

Password: Moc1500!

Pricing tier: Basic A1

Virtual Network: VNET1

Task 3: Test virtual network connectivity


1.

In the Azure preview portal, connect to the Server1 virtual machine by using an RDP connection.

2.

Note the Internal IP address assigned to Server1.

3.

In the Azure preview portal, connect to the Server2 virtual machine by using an RDP connection.

4.

Note the Internal IP address assigned to Server2. Open Network and Sharing Center on Server2 and
enable Network discovery and file sharing.

5.

On the Server1 machine, open File Explorer and in the address bar, type \\IPaddressofServer2, and
then press Enter. Ensure that the server opens, which confirms that your servers can communicate via
virtual network VNET1.

Results: After completing this exercise, you will have created two new virtual machines and assigned them
to VNET1.

Exercise 3: Add Point-to-Site Connectivity


Scenario
After creating a virtual network and virtual machines, you want to enable point-to-site functionality on
existing virtual networks, and establish a VPN connection from your computer.
The main task for this exercise is as follows:
1.

Add point-to-site connectivity.

Task 1: Add point-to-site connectivity

MCT USE ONLY. STUDENT USE PROHIBITED

4-14 Virtual Networks

1.

Open the Azure management portal and navigate to NETWORKS.

2.

Open the configuration pane for VNET1.

3.

Enable the Configure point-to-site connectivity option and save changes.

4.

Notice that you have options for ADDRESS SPACE available in the point-to-site connectivity section.
Ensure that 10.0.0.0/24 is selected.

5.

Open Developer Command Prompt for VS2012 as administrator.

6.

In the command prompt window, type: makecert -sky exchange -r -n "CN=VNET1Cert" -pe -a
sha1 -len 2048 -ss My "C:\temp\VNET1Cert.cer" and press Enter. Do not close the command
prompt window.

7.

Switch back to the Azure management portal, and click the CERTIFICATES tab on the VNET1 portal.
Upload the certificate that you just created and stored to C:\temp.

8.

Restore the command prompt window. Type the following command: makecert.exe -n
"CN=VNET1Client" -pe -sky exchange -m 96 -ss My -in "VNET1Cert" -is my -a sha1, and press
Enter.

9.

Switch back to the Azure portal and in the VNET1 configuration pane, on the DASHBOARD tab, click
to create the gateway.

10. After gateway is created, download 64-bit VPN client from DASHBOARD and install it on the
classroom machine. Unblock the file that you downloaded before starting installation
11. Initiate VPN connection by using VPN client and ensure that you can establish it.
12. Execute ipconfig command in Command prompt and ensure that you have IP address from
10.0.0.0/24 scope assigned to PPP adapter VNET1.
13. Disconnect from VNET1.

Results: After completing this exercise, you will have established a point-to-site connectivity.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 4-15

Module Review and Takeaways


Review Questions
Question: Is it mandatory to setup the Domain Name System (DNS) on your Azure virtual
network?
Question: If you have machines running Windows XP and Windows Vista, can you initiate a
point-to-site connection?

Best Practice

Before you create any virtual networks, analyze your requirements and determine what type of virtual
network you need.

Carefully plan address space for virtual networks, especially if you are going to implement cross-site
connectivity.

Use point-to-site VPNs when you want to provide access from single computers at remote locations
to your Azure virtual network.

Issue a separate client certificate for each client that will be using a point-to-site VPN.

Common Issues and Troubleshooting Tips


Common Issue
You do not see an option to download the
VPN client for a point-to-site connection.

The VPN client cannot establish a pointto-site VPN connection.

Troubleshooting Tip

MCT USE ONLY. STUDENT USE PROHIBITED

MCT USE ONLY. STUDENT USE PROHIBITED


5-1

Module 5
Cloud Storage
Contents:
Module Overview

5-1

Lesson 1: Understand Cloud storage

5-2

Lesson 2: Create and Manage Storage

5-12

Lab: Configure Azure Storage

5-18

Module Review and Takeaways

5-20

Module Overview

As a part of the Microsoft Azure platform, Microsoft also offers storage that you can use for various
purposes. Cloud-based storage, available in Microsoft Azure, can reduce the size of your storage banks
and provide you more flexibility for managing your storage requirements. You can use storage in Azure
for virtual machines, but also for databases, tables, and message queueing. In this module, you will learn
about cloud storage in Microsoft Azure.

Objectives
After completing this module, you will be able to:

Describe the features and benefits of cloud storage.

Create and manage storage in Azure.

Lesson 1

Understand Cloud storage

MCT USE ONLY. STUDENT USE PROHIBITED

5-2 Cloud Storage

Before you implement and use cloud-based storage, it is important that you have a good understanding
of the available storage options and the storage types that you can use in Azure. Typically, you do not
manage and configure storage within the Azure platform the same way that you manage your onpremises storage. Cloud-based storage is provisioned from your storage account, and you configure it
based on your needs. In this lesson, you will learn about cloud storage in Microsoft Azure.

Lesson Objectives
After completing this lesson, you will be able to:

Describe Azure storage.

Describe blobs.

Describe tables.

Describe queues.

Describe Azure File services.

Describe storage replication options.

Compare storage options.

Describe Azure storage best practices.

Azure Storage Overview


Azure Storage is cloud-based storage that can
be quickly provisioned and used across a variety
of platforms, services, and applications. You can
use Azure Storage across all of the other Azure
services that require storage services, and other
services outside of Azure, such as your
applications deployed locally.

To use Azure storage, you must have a valid Azure


subscription, and you must create your storage
account. A storage account is a mandatory
component for all tasks that involve storage in
Azure. You create your storage account from the
Azure portal, or you can create it by using the representational state transfer (REST) application program
interface (API). The following lesson covers storage accounts and their management in more detail.
The Azure storage services include Blob storage, Table storage, Queue storage, and File storage.

Blob storage can store any type of data, text or binary, such as media files, documents, installation
images, and other types.

Table storage is a NoSQL key-attribute data store, which allows for rapid development and fast access
to large quantities of data.

Queue storage provides reliable messaging between applications and workflow processing, and
communication between components of cloud services.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 5-3

File storage offers shared storage for applications that use standard SMB 2.1 protocol. With file
storage, virtual machines can share data across application components through mounted shares, and
on-premises applications can access file data in a share through the File service REST API.

Types of Azure storage will be discussed with more detail in other topics in this lesson.

Typical Usage of Azure Storage

The flexibility of Azure storage enables you to use it in a wide range of scenarios. The following core uses
will help you understand Azure storage better.

Building data-sharing applications. Social networks and applications are very popular and are
growing rapidly. These networks and applications both rely on data sharing, and they often need to
present data to people worldwide. This type of use is an excellent fit for Azure Storage because Azure
Storage is spread across worldwide datacenters.

Big data storage and analysis. With the growth of social networks and smart homes, companies and
users have been generating increasing amounts of data. In some cases, this data becomes more
valuable after it has been analyzed. In recent years, big data services such as Hadoop have tried to
provide such services. Because Azure Storage is cloud-based, it can accommodate big data and can
help facilitate analysis of that data.

Backups. Companies have to back up their data. A good practice is to back up your data to an off-site
location so that your data is safe in case of a local disaster. With Azure Storage, you can use Azure as
your off-site location. Not only can you back up your infrastructure and Azure services to Azure, but
you also can back up devices and other items to Azureincluding smartphones and personal
computers.

Note that there are many other scenarios in which Azure can be a solution, especially infrastructure-based
scenarios that involve virtualization. Some of these scenarios will be covered in later lessons, demos,
or labs.

Existing Public Use of Azure Storage

Public use of Azure Storage is increasing. Everyday services that individuals access or consume might be
built on and delivered from Azure Storage, but the users might not always realize it. The following list
describes a few examples of public use of Azure Storage:

Microsoft Xbox One. Xbox One has a feature that enables users to record in-game action as video so
that users can share game action with friends on social networks or on the Internet. This feature,
known as the Game DVR feature, uses Azure Storage. Other Xbox features also use the Azure Storage
blob storage, table storage, and queue storage features.

Microsoft OneDrive. Formerly known as Microsoft SkyDrive, OneDrive is a cloud-based storage service
for end users and organizations that want to store files in the cloud and share files with others via the
cloud easily. OneDrive is integrated into Windows 8 and newer versions, which enables users to
transfer files to the cloud storage by simply right-clicking on a file and choosing to send it to
OneDrive. OneDrive uses blob storage in Azure.

Bing. The search engine Bing uses blob storage, table storage, and queue storage in Azure. Azure
Storage is used in Bing to store Twitter and Facebook public status feeds that are sent to Bing, and to
provide Bing search results.

Skype. The Skype service uses blob storage, table storage, and queue storage for Skype video
messaging.

Azure Storage Pricing

MCT USE ONLY. STUDENT USE PROHIBITED

5-4 Cloud Storage

Azure Storage pricing varies depending on how you use and configure the storage. Azure Storage pricing
is based on three elements:

Storage capacity. Pricing varies widely based on the type of storage you use. At the time of writing
this course, prices in USD range from 2.2 cents per gigabyte per month to up to 12 cents per gigabyte
(GB) per month.

Number of read and write operations to Azure Storage. The current price for storage transactions is
.0005 cents per 100,000 transactions.

Amount of data transferred out of Azure, which is also called data egress. Note that data goes into
Azure at no charge. Data going out is charged per gigabyte, based on zones. The first 5 gigabytes
of data transferred out is free. Thereafter, data is charged at up to USD 25 cents per gigabyte for
lower use in the most expensive zone, and as low as five cents per GB for higher use in the least
expensive zone.

The region where the data is stored also affects Azure Storage pricing. Some regions are more expensive
than others. In addition, pricing is based on the type of storage. Pricing changes frequently.
Note: The prices shown above were current at the time we wrote this course.
Additional Reading: For the latest Azure Storage pricing, go to
http://go.microsoft.com/fwlink/?LinkID=517443

What Are Blobs?


A binary large object (blob) is commonly a type of
data that can be stored in a database but not in
the form defined by database. The blob data type
usually exists as plain binary data, such as an
image or media files.

Blob storage in Azure stores unstructured data,


similar to data that you would find on a file
server. It can store data such as documents, image
files, backups, and configuration data. Blobs are
organized into containers, with a capacity of up to
500 terabytes (TBs) for each storage container.
Blobs are appropriate for general storage use.
Both blobs and containers can also have associated metadata. Metadata for a container or blob resource
is stored as name-value pairs associated with the resource. Metadata names must adhere to the naming
rules for C# identifiers. Blob storage supports snapshots and can be used with the content delivery
network (CDN). There are two types of blob storage:

Block blobs. Block blobs are optimized for streaming audio and video. Also, most of the other file
types that you upload to your Azure Storage will be stored in block blobs. The maximum size of a
block is 4 megabytes (MBs) and the maximum size of a block blob is 200 GB. Each block from a single
blob is identified by a Block ID, and can also include an MD5 hash of the blob content. When you
upload a large file to a block blob, the file is divided into blocks, which can be uploaded concurrently
and then then combined together into a single file. This results in a faster upload time. Also, when it
comes to data modification, blob data can be modified on the block level. This means that individual

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 5-5

blocks can be added to an existing blob. Alternatively, existing blocks can be replaced by other
blocks, and some specific blocks within a blob can be deleted.

Page blobs. Page blobs are 512-byte pages. They are optimized for random read and write
operations. The maximum size of a page blob is 1 TB. Most commonly, this type of blob is used to
storage virtual hard drives for virtual machines. Operating system drives in Azure virtual machines use
page blobs.

Currently, it is not possible to change the type of blob storage once you create it. There are several
scenarios in which you use blob storage in Azure. For example, you can use blob storage to share files
with clients or to offload some content from your web server. Also, blob storage in Azure provides
persistent data storage for Azure Cloud services because hard drives used in Cloud service instances are
not persistent.
To use blob storage, you must create one or more containers within your storage account. Storage
containers are created by using the Azure portal. All blobs are located in storage containers. An Azure
Storage account can contain an unlimited number of containers, but total size of storage containers
cannot exceed 100TB.
Each blob can be accessed uniquely by using a URL in the following format:
http://<storage-account-name>.blob.core.windows.net/<container-name>/blob-name

Microsoft provides several Software Development Kits (SDKs) and APIs that developers can use for
programmatically working with blob storage. At the time of writing this course, the following languages
and platforms are supported:

.NET SDK / .NET API Reference

Java SDK / Java API Reference

PHP SDK

node.js SDK

Ruby SDK

Python SDK

All the Azure services, including Storage, are based on a REST API over HTTP/HTTPS which means it is
possible to make your own calls from your code to that API.

What Are Tables?


The term table, in the context of Azure, is used to
describe group of entities. Entity is a collection of
properties and values stored together in the table.
Entities that are present in the table do not
necessarily have the same structure or the same
schema.

Table storage, called Azure Tables in Azure, is


based on the NoSQL concept. NoSQL uses a
relational database without a typical relational
management database system or traditional SQLstyle tables. Instead, key/value pairs are used in
NoSQL. Table storage uses key-attribute storage,
meaning that all values in a table are stored with a property name. Table storage can accommodate any
number of tables, up to 200 TB per storage account. This type of storage is similar to a database or an

MCT USE ONLY. STUDENT USE PROHIBITED

5-6 Cloud Storage

Excel spreadsheet because all of tables have collections of rows (in this context, entities) and support
manipulating and querying the data contained in the rows. The key differences between table storage and
a database is that there is no efficient way to represent relationships between different data in table
storage. In addition, there is no database schema to handle data-rules enforcement.
Table storage has the following features:

The largest table can be 100 TB.

The largest entity can contain up to 1 MB of data.

Each entity can have up to 255 properties.

Entities in the table storage support the following data types: ByteArray, Boolean, DateTime, Double, Guid,
Int32, Int64 and String (up to 64 KB in size). Each entity created within table storage must have the
following properties defined: PartitionKey, RowKey, and TimeStamp. By using PartitionKey, you can group
entities in the table, while the RowKey is an identifier for each entity. PartitionKey and RowKey, combined,
uniquely identify an entity within a table. This type of identification is very similar to the primary key in
relational database. The TimeStamp property includes data about the last time of modification.
Storing and accessing data in Table storage is mostly be done from applications. Most applications use
the client library to store data to the tables, or call the REST API. With C# applications, you will need the
Azure Storage Library for .NET to create and manage tables. Code addresses tables in an account by using
this address format:
http://<storage account>.table.core.windows.net/<table>

What Are Queues?


Similar to Microsoft Message Queuing (MSMQ),
for instance, MSMQ Azure Queue storage
provides a mechanism for applications and
services to pass messages to each other
asynchronously. You can use Azure Queue
storage to store a large number of messages
that can be accessed from any location by
authenticated calls made by using HTTP or HTTPs.
A storage account can contain an unlimited
number of queues with up to 200 TB of storage
for each storage account. Individual messages are
limited to 64 KB, and a queue can contain millions
of messages, with the total number limited only by the total capacity of the storage account.
Queue storage often temporarily houses jobs or tasks for processing. For example, an online service to
translate documents from German to English could use queue storage so that all of the translation jobs
could be run asynchronously. The two most common uses for queue storage are:

To pass messages from an Azure Web role to an Azure Worker role. A Web role is usually a website or
web application, often one that is running on the Windows Server operating system and Internet
Information Services (IIS), or on a non-Microsoft web server. A Worker role is typically a Windows
service or process that manages background processing tasks.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 5-7

To create a bucket of tasks to process asynchronously. The tasks are usually processed by the
Worker role.

Queues can be addressed by using the following URL format:


http://<storageaccount>.queue.core.windows.net/<queue>

What Is Azure File Services?


Azure File Services is a new service that provides
shared folder services to other Azure resources.
You can access files stored with Azure File Services
over the SMB 2.1 protocol by connecting to
<storage-account>.file.core.windows.net. The
endpoint is accessible over HTTPS or by using
standard Server Message Block (SMB) connectivity
methods, as follows:

You can connect to shares by using the net


use command. For example, to connect to a
storage account named 10979 configured
with Azure File Services, and a file share
named Share1, you could run the following command:
net use s: \\10979.file.core.windows.net\Share1

You can connect to shares by using Windows PowerShell. The new Azure Files module for Windows
PowerShell has new cmdlets to support Azure File Services. It includes functionalities such as
downloading content from Azure Files shares and creating new shares. One of the new cmdlets is
Get-AzureStorageFileContent, which you can use to download content from a share.

You can connect to shares by using REST APIs. The REST API includes many operations that are
beyond the scope of this course.

Note: The Azure File Services is currently in preview, and you must manually add it to an
account from the preview portal.

Azure File Services is one of several storage services in Azure. It is important to know when you should
use Azure Files in your application, and when you should use blob storage or disk storage. Often, an
organization will use all three storage methods. The following examples show common uses for Azure
Files, disk storage, and blob storage:

Azure Files. Applications, services, and use cases that already rely on SMB are good candidates to use
Azure Files. When you migrate on-premises resources to the cloud, the transition may be smoother if
you maintain existing access methods such as SMB. Another potential use is shared administrative
tools and shared development tools. By placing shared tools into Azure Files, all administrators and
developers can quickly and easily access the tools from Azure virtual machines. Note that access to
Azure Files is restricted by region when using SMB 2.1, and that access is not restricted by region
when you use REST APIs.

Disk storage. Disk storage is most often associated with virtual machines. When storage is required for
a single virtual machine, disk storage is often used. For shared storage, disk storage is not the right
solution.

MCT USE ONLY. STUDENT USE PROHIBITED

5-8 Cloud Storage

Blob storage. You should use REST APIs with blob storage or any other supported SDK. Blob storage
provides flexibility because developers can use the APIs to develop custom solutions, and the storage
is available in any region. In addition, blob storage is the best choice when a large amount of storage
is required, because a single storage container can support up to 500 TB of data.

When you name files and directories in Azure Files, keep in mind the following restrictions:

Container names must be a valid Domain Name System (DNS) name between three and 63
characters.

Acceptable characters are letters, numbers, and dashes (-).

Container names must start and end with a number or letter, and they cannot start or end with a
dash.

SMB share names must not be more than 80 characters long, and you cannot use any of the following
characters: \ / [ ] : | < > + = ; , * ? ".

All other Unicode characters may be used in an SMB share name.

Directory and file names also have the following restrictions:


o

Names must be no more than 255 characters long.

The following characters are not allowed in directory or file names: " \ / : | < > * ?.

Azure Files also supports SMB file locking when a file is open. The following options can be used by SMB
clients:

None. Declines sharing of a file that is open. Any request to read, write, or delete the file will fail until
the file has been closed.

Shared Read. Allows additional reads, often referred to as shared reads, to an already-open file.
However, writes and deletes will fail until the open file has been closed.

Shared Write. Allows additional writes, often referred to as shared writes, to an already-open file.
However, deletes will fail until the open file has been closed.

Shared Read/Write. Allows additional reads and writes to an already-open file. However, deletes will
fail until the open file has been closed.

Shared Delete. Allows deleting of an already-open file.

Reference Links: To download the new Azure Files module for Windows PowerShell, go to
http://go.microsoft.com/fwlink/?LinkID=398183
Additional Reading: For more information about File Service REST APIs, go to
http://go.microsoft.com/fwlink/?LinkID=517444

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 5-9

Storage Replication Options


All storage accounts in Microsoft Azure are
stored on three locations that have
transactionally-consistent copies in the
primary datacenter. This approach, which
can be considered as local redundancy, already
provides an additional level of availability
for Azure storage, but you can also enable
geo-replication for your storage.

Locally redundant storage stores three copies of


the data within a single region. Geo-redundant
storage stores six copies of the data across two
regions in the same geography. This means that
the Microsoft Azure storage data that you stored within your storage account is not only stored in the
primary location that you choose, but also is replicated in triplicate to another datacenter within the
same region. For example, if you select West US as your primary location for Azure storage, enabling
geo-redundancy also replicates your storage to the East US datacenter. You cannot choose locations for
geo-redundancy, but the replication will never cross the region you select for the primary datacenter.
The following table compares the replication types currently available.
Locally redundant

Geo-redundant

Read-access geo-redundant

Redundancy

3 copies within a
single region

3 copies within a
single region, 3
additional copies in
secondary region

3 copies within a single region,


3 additional copies in
secondary region

Read access to
replicas in
secondary region

N/A

No

Yes

Availability service
level agreement
(SLA)

99.9% for all


read/write

99.9% for all


read/write

99.9% for writes, 99.95% for


reads. Data is read from
secondary source if primary
one is unavailable

Compare Storage Options


As we have explained in previous topics, Azure
storage provides different types of storage for you
to use, in various scenarios. This topic reviews the
available options for storage, and their typical
usage scenarios.
Blob storage contains unstructured data of various
types, such as documents, image or media files,
and virtual hard drives in virtual machines. You
can also use blob storage to publish your data to
external users via URL locations, or as internal
application storage. Some common usage
scenarios for blob storage are:

Providing access to images, media files, and documents by using a web browser.

Storing files for distributed access.

Streaming audio and video.

Providing backup and restore.

Storing data for analysis.

MCT USE ONLY. STUDENT USE PROHIBITED

5-10 Cloud Storage

Unlike blobs, Azure table storage works with structured, but non-relational data. It presents a NoSQL data
store that can accept calls from services inside Azure and from services outside the Azure environment.
The Azure table storage is scalable, and it can store large data sets.
Common scenarios of usage for Azure table store are:

To store large amounts of structured data capable of serving web applications.

To store data sets that do not require complex joins, foreign keys, or stored procedures, and that can
be denormalized for fast access.

To query data quickly by using a clustered index.

To access data by using the Open Data (OData) protocol and LINQ queries with WCF Data Service
.NET Libraries.

The Azure Queue storage stores messages that applications exchange. This type of storage also can be
accessed from any location by using HTTP or HTTPS protocols. Similar to Table storage, Queue storage is
very scalable and can store millions of messages.
Common usage scenarios for Queue storage include:

To create a backlog of work to process asynchronously.

To pass messages from an Azure Web role to an Azure Worker role.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 5-11

Azure Storage Best Practices and Considerations


By following the best practices for using Azure
Storage, you can manage cost. The four factors
that will influence your costs are:

Amount of storage used. Storage capacity,


which is the amount of data that is being
used by the blob, table, or queue, often is
determined by the requirements of the users
and the business systems.

Replication options. The replication type is


also an important factor in cost because using
fewer copies of data can cost less. One way to
reduce cost is to create multiple storage
accounts that are individually tuned to the SLA requirements for each data type. For example, it
might not be important for non-critical data to be replicated to multiple regions. Therefore, the more
affordable option of using only locally redundant storage might be the best option for non-critical
data. However, you can use a separate storage account for critical data that allows geographically
redundant replicas of the data to be created.

Number of storage transactions. The number of requests that are made against the storage, also
known as the number of storage transactions, is another important cost factor. Storage transactions
are typically charged for each 100,000 transactions made across all storage types, including blobs,
tables, queues, and files. Transactions are defined as both read and write operations to the Azure
Storage.

Egress data from the storage region. The egress data from the storage region is another aspect of
Azure Storage pricing. If the Azure Storage is accessed by another service that is not running in the
same region, then egress data is sent out of that particular Azure Storage region. Therefore, you
should group services together in the same region to attempt to reduce or eliminate egress data
charges. In addition to using multiple storage accounts for replication types, you should also use
multiple storage accounts for each region. This gives you maximum flexibility while ensuring that the
data being used by a service or application stays as local as possible.

You can upload multiple blobs simultaneously to maximize the upload performance of blob storage. The
Azure Storage service has specific limits for ingress traffic, per storage account, per region, and per
replication configuration. By uploading multiple blobs simultaneously, you can maximize the
performance.

To maximize the performance of table storage, use JavaScript Object Notation (JSON) to transmit data to
the table service. JSON reduces the payload size, which in turn reduces the latency of the table storage.
The Azure Storage Client Library 3.0 supports JSON for table storage, and has been optimized specifically
for Azure Storage. Another best practice when you use table storage is to avoid repeatedly scanning the
tables. Azure Storage provides a clustered index, which is a combination of the PartitionKey and RowKey
that you can use to avoid table scans, which in turn increases latency. Therefore, we recommend that you
always use PartitionKey in each query you create.

You should also monitor your logs and metrics to ensure that performance, availability, and security meet
or exceed expectations. Azure offers an Azure Storage Analytics tool that you can use to easily review your
logs and metrics.
Another best practice is to avoid using CreateIfNotExists repeatedly if you know that your queues,
containers, and tables are all created and will never be removed during the lifetime of the
application/deployment.

Lesson 2

Create and Manage Storage


Before you start to use Azure storage, you must first create your storage account and configure its
properties. Also, you must create appropriate storage containers for your data, and then choose
appropriate tools for managing data in your storage account or accounts. In this lesson, you will learn
how to create and manage storage in Azure.

Lesson Objectives
After you complete this lesson, you will be able to:

Create and manage storage accounts.

Create a blob.

Create a blob by using Azure Web Storage Explorer.

Create a table.

Create and manage blobs and tables by using Microsoft Visual Studio.

Creating and Managing Storage Accounts


A storage account is an account that is created in
Azure to gain access to Azure Storage services.
Each storage account is secured by two 512-bit
access keys, which are created when the storage
account is created. A storage account is
connected to an Azure region and configured
for specific storage replication, such as locally
redundant storage (LRS). In a single Azure
subscription, you can have multiple storage
accounts, and you can use each one for a different
purpose, and you can configure each one with
different settings. Storage accounts provide
endpoints to access the storage services. The endpoints are unique URLs for accessing the storage
services.

MCT USE ONLY. STUDENT USE PROHIBITED

5-12 Cloud Storage

You can create storage accounts by using a wizard from the Azure management portal. To quickly create
a storage account, you need to supply the following information:

The URL. This is the unique name supplied for the storage account. The URL for your storage account
must be unique worldwide, and it always ends with *.core.windows.net.

Location/Affinity Group. This is the regional datacenter or affinity group where the storage account
will be created. The following regions are location options:
o

East Asia

Southeast Asia

North Europe

West Europe

East US

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 5-13

West US

Japan East

Japan West

Brazil South

North Central US

South Central US

Subscription. This is the Azure subscription with which the storage account will be associated.

Replication. This is the setting that determines whether your storage is locally redundant or
redundant across more than one datacenter. The options are Locally Redundant, Geo-Redundant, or
Read-Access Geo-Redundant. Note that Microsoft will soon introduce zone-redundant storage (ZRS).
ZRS stores the equivalent of three copies of your data across multiple data centers.

Microsoft continues to expand and revamp its datacenters and regions. For example, two new regions
have been announced for Australia. It is important to keep informed about the available regions so that
you can align them with your organizational regions. In addition, regions play a big role in security and
compliance. They help you meet organizational data security policies that might be based on region and
that must adhere to local laws.
After a storage account has been created, it can be used by four types of storage: blob storage, table
storage, queue storage, and files storage.

Tools for managing Azure Storage

There are numerous tools and services in addition to the Azure management portal that you can use to
manage your Azure Storage. The most popular ones include:

Azure Web Storage Explorer. This tool is a web-based storage management tool that is used mainly
for uploading and downloading content via a browser.

AzCopy. This free downloadable command-line tool is designed for moving small-sized and
medium-sized amounts of data into and out of Azure. However, you should use the import/export
service for very large amounts of data that would take several days to transfer with AzCopy.

Azure Software Development Kit (SDK) for .NET. Storage also can be managed by using the Azure
SDK for .NET or by using Azure Management Libraries for .NET. Developers can create containers,
upload blobs to a container, list blobs in a container, and delete blobs from a container by using the
Azure SDK for .NET.

REST APIs for Azure. All Azure Storage can be managed by using REST APIs. Management can occur
over the Internet by using HTTP or HTTPS, and in Azure through Azure-hosted resources.

Windows PowerShell. The Azure module for Windows PowerShell has dedicated management
cmdlets for Azure. You can perform the vast majority of Azure storage management tasks with the
Azure module. The cmdlets are organized into different groups such as Azure managed cache
cmdlets, Microsoft Azure SQL database cmdlets, and Azure profile cmdlets, most of which are outside
of the scope of this course.

Import/Export service. The import service imports data from hard drives you ship to an Azure data
center into Azure Storage. The export service ships you your organizations Azure Storage data on a
hard drive that you sent, empty, to an Azure data center. This service is useful when you transfer the
data over a network would be too expensive or otherwise impractical.

When you send data by using the import service, you must encrypt the data with BitLocker before
you ship it. The external hard drives must be 3.5-inch Serial Advanced Technology Attachment (SATA)
II/III, and can be no larger than 4 TB.

When you export data, you must provide a supported hard drive. All data will be encrypted before it
ships, and a BitLocker key will be provided through the management portal.
Reference Links: To access the Azure Web Storage Explorer tool, go to
http://go.microsoft.com/fwlink/?LinkId=517528
Additional Reading: For more information on Azure Storage Explorers, go to
http://go.microsoft.com/fwlink/?LinkID=517445

Creating a Blob
To create a blob, you must first create a storage
account, and also a container within the storage
account. You can use the Azure portal to create
containers in your storage account. In the Azure
preview portal, you should select your storage
account and then in the storage account
administration pane, you should use Containers
pane to create a new container. Besides
configuring container name, you can also
configure access type for each storage container.
By default, each storage container access is set to
Private, which means that no anonymous access
will be allowed. You can also choose to enable blob list or access through anonymous requests.

MCT USE ONLY. STUDENT USE PROHIBITED

5-14 Cloud Storage

After you create a container in your storage account, you can start to upload or create blobs, tables, and
queues. You cannot use the Azure portal to upload blobs, but you can use alternative tools or code in
your application to do this.

For example, you can use the Azure Web Storage Explorer to upload files from your computer to the
storage container in your storage account. The files that you upload are saved as blobs. You can also use
this same tool to create a new container for blobs, and new tables and queues. To access your storage
account using Azure Web Storage Explorer, you need to use your storage account name and access key
for your storage account. Access keys and the storage account name are created when you first create the
storage account, and you can view them at any time by browsing to your storage account in Azure
preview portal, and then clicking on the Keys tile.

To access and manage your storage account and create blobs from Visual Studio, you should first
configure the connection string for Azure service configuration. For example, when you create a web or a
worker role that requires access to a private storage account, you should open Solution Explorer in Visual
Studio, and then in the roles folders, open the properties of your web role or worker role. You should then
choose the Settings tab and select to add new settings. For the new setting, you should choose the
Connection String type, and then type your storage account name and access key in the Create Storage
Connection String window.
If the application that you are working on is not Azure cloud service, then you can use .NET configuration
files, such as web.config and app.config, to configure a connection string for your storage account.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 5-15

You store the connection string using the <appSettings> element as follows. Replace the account name
with the name of your storage account, and account key with your account access key:
<configuration>
<appSettings>
<add key="StorageConnectionString"
value="DefaultEndpointsProtocol=https;AccountName=account-name;AccountKey=account-key" />
</appSettings>
</configuration>

To access Blob storage programmatically, you should first obtain an assembly that contains the Azure
storage management classes. You can use NuGet to get the Microsoft.WindowsAzure.Storage.dll
assembly. To do this, you should right-click your project in Visual Studio Solution Explorer, and choose
Manage NuGet Packages. Then you should search for WindowsAzure.Storage and install it. By using this
procedure, you will get all necessary Azure Storage package and dependencies. Alternatively, you can
install Azure SDK for .NET. This package also contains Microsoft.WindowsAzure.Storage.dll.
In the code that you want to use to programmatically access Azure Storage, you should first add Azure
declarations at the top of the code. These declarations are:
using Microsoft.WindowsAzure.Storage;
using Microsoft.WindowsAzure.Storage.Auth;
using Microsoft.WindowsAzure.Storage.Blob;

To represent your storage account, you can use CloudStorageAccount type. For Azure project
templates, or if you have reference to Microsoft.WindowsAzure.CloudConfigurationManager, you can
use the CloudConfigurationManager type to retrieve your storage connection string and storage
account information from the Azure service configuration. If you do not have reference to
Microsoft.WindowsAzure.CloudConfigurationManager, and you store your connection string data in
web.config or app.config files, you can use ConfigurationManager to retrieve the connection string.

To upload a file as a blob, by using code, you should get a container reference and use it to get block
blob reference. Once you have it, you can upload the data stream by using the UploadFromStream
method.
Additional Reading: For more information on how to use blob storage from the .NET
Framework, go to http://go.microsoft.com/fwlink/?LinkID=517446

Demonstration: Creating a Blob by Using Azure Web Storage Explorer


In this demonstration, you will see how to create a blob by using Azure Web Storage Explorer.

Demonstration Steps
1.

Create another new container for the 10979s<yourinitials> storage account by using the following
settings:
o

Name: 10979c<yourinitials>

Access: Blob

2.

Manage your access keys to view your primary access key, and then copy the keyto Clipboard.

3.

Create a new text file named storage-key.txt in your Documents folder.

4.

Open the storage-key.txt file, and paste your primary access key into it.

5.

Go to the Azure Web Storage Explorer page at http://azurestorage.azurewebsites.net/login.aspx.

MCT USE ONLY. STUDENT USE PROHIBITED

5-16 Cloud Storage

6.

Sign in by using 10979s<yourinitials> as the account and the access key as the key.

7.

Upload Alarm01.wav from the c:\Windows\media folder.

8.

Upload splashscreen.contrast-white_scale-180.png from the c:\Program Files


\Internet Explorer\images folder.

9.

In the file list, click http:// 10979s<yourinitials>.blob.core.windows.net/10979c<initials>


/splashscreen.contrast-white scale-180.png and verify that you see a large Internet Explorer logo
graphic display in the browser window.

10. Close Internet Explorer.

Creating a Table
To create a table in your storage account
container, you can use methods similar to the
ones you use to create blobs. You must have a
storage account created, and one or more
containers the storage account. Then, you can
use Azure Web Storage Explorer to create a new
table, and to insert data into the table you
created. You can use this same utility to execute
a query against your existing table.
You cannot use the Azure portal to create or
manage tables, create data, or execute queries.

If you want to create, access, and manage tables


programmatically, by using a Visual Studio project, you should perform the same procedure to configure
connections strings and add declarations at the top of your code, as with blobs. Also, you must have
Microsoft.WindowsAzure.Storage.dll assembly installed.

To create a table, by using a code, you should use CloudTableClient object. It lets you get reference
objects for tables and entities within the table. The following example code shows how to create a
CloudTableClient object and use it to create a new table. For this example, we assume that the application
that we work on is Azure Cloud Service, and that it uses a storage connection that is configured in Azure
application service configuration, as described in the preceding topic about blobs.
// Retrieve the storage account from the connection string.
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(
CloudConfigurationManager.GetSetting("StorageConnectionString"));
// Create the table client.
CloudTableClient tableClient = storageAccount.CreateCloudTableClient();
// Create the table if it doesn't exist.
CloudTable table = tableClient.GetTableReference("people");
table.CreateIfNotExists();

Additional Reading: For more information on how to use Table storage from the .NET
Framework, go to http://go.microsoft.com/fwlink/?LinkID=517447

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 5-17

Demonstration: Creating and Managing Blobs and Tables from Visual


Studio
Demonstration Steps
1.

In VS Express 2013 for Web, in Solution Explorer, expand Bin folder under Website1 project. Ensure
that you can see Microsoft.WindowsAzure.Storage.dll under Bin folder in Solution Explorer.

2.

Scroll through the code of Default.aspx.cs and review parts of the code that are used for Azure
storage management.

3.

Start project debugging in Visual Studio.

4.

As a result, the Internet Explorer window will open with the application started.

5.

In the Internet Explorer window, click Create a new Azure table. Then click Add an entry to the
Azure table. Then click Add a batch to the Azure table.

6.

Click Retrieve data from the Azure table. As a result, you should get a few lines of data in the text
box.

7.

Click Create a new Azure blob container. Then click Upload data to the Azure blob container.

8.

Click List content of the Azure blob container. As a result, you should get data in the text box.

9.

Close Internet Explorer.

10. Open Azure Web Storage Explorer at http://azurestorage.azurewebsites.net/login.aspx, and connect


to your storage account.
11. Ensure that you can see the data that you uploaded by using code from Visual Studio.

Lab: Configure Azure Storage


Scenario
You have a large quantity of archive files. The disks on which these files reside are reaching the end of
their life, and you would like this data to be globally available within Adatum. To achieve that, you
decided to use Azure storage.

Objectives
After you complete this lab, you will be able to:

Create an Azure Storage account.

Create and manage a blob.

Lab Setup
Estimated Time: 30 minutes
Sign in to your classroom machine by using the credentials your instructor provides.
Students must have successfully completed the lab from Module 1 before starting this lab.

Exercise 1: Create an Azure Storage Account


Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

5-18 Cloud Storage

Before you start managing your data in Azure, you should first create a storage account and examine its
properties.
The main tasks for this exercise are as follows:
1.

Create a storage account in Azure.

2.

View the properties of your storage account.

Task 1: Create a storage account in Azure


1.

On the host computer, launch Internet Explorer, go to the Azure management portal at
https://portal.azure.com, and then sign in to your Azure account.

2.

Create a new storage account by using the following information:


o

URL: 10979s<yourinitials>

Location: Select the location that is closest to you

Pricing Tier: L1

Task 2: View the properties of your storage account


1.

On the Azure management portal, in the left pane, click BROWSE and then click Storage.

2.

In the Storage pane, click the 10979s<initials> storage account.

3.

In the 10979s<initials> pane, view the information available on the dashboard.

4.

Near the top of the 10979s<initials> pane, click PROPERTIES to view the properties of the storage
account.

Results: After you complete this exercise, you will have created your Azure storage.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 5-19

Exercise 2: Create and Manage Blobs


Scenario

Now that you have created your storage account, you need to create a container and upload some blob
data to the container.
The main tasks for this exercise are as follows:
1.

Add a container.

2.

Add data to the container using Azure Web Storage Explorer.

Task 1: Add a container

Create another new container for the 10979s<initials> storage account by using the following
settings:
o

Name: 10979c<initials>

Access: Blob

Task 2: Add data to the container using Azure Web Storage Explorer
1.

Open Manage your key pane to access and view your primary access key, and then copy it to the
Clipboard.

2.

Open File Explorer, and then create a new text file named storage-key.txt. Save the file in your
Documents folder.

3.

Open the storage-key.txt file, and paste your primary access key into it.

4.

Go to the Azure Web Storage Explorer page at


http://azurestorage.azurewebsites.net/login.aspx.

5.

Sign in by using 10979s<initials> as the account and the access key as the key.

6.

Upload Alarm01.wav from the c:\Windows\media folder.

7.

Upload splashscreen.contrast-white_scale-180.png from the c:\Program Files


\Internet Explorer\images folder.

8.

In the file list, click http://10979s<initials>.blob.core.windows.net/10979c<initials>


/splashscreen.contrast-white scale-180.png, and verify that you see a large Internet Explorer logo
graphic displayed in the browser window.

9.

Close Internet Explorer.

Results: After completing this exercise, you will have created a blob container and uploaded the data.

Module Review and Takeaways


Review Questions
Question: If you want to store installation image files to Azure storage, which type of
storage you should choose?
Question: Which service you should use to enable storage access by using SMB?
Question: If you choose geo-redundant storage to store your data, how many copies will
you have?

Best Practice

Use multiple storage accounts for data that require different redundancy options.

Use Azure File Services to facilitate data sharing.

Use Azure Storage Explorer tools to simplify storage management.

Tools

Azure portal

Azure Preview portal

Visual Studio

Azure Web Storage Explorer

MCT USE ONLY. STUDENT USE PROHIBITED

5-20 Cloud Storage

MCT USE ONLY. STUDENT USE PROHIBITED


6-1

Module 6
Microsoft Azure Databases
Contents:
Module Overview

6-1

Lesson 1: Understand Relational Database Deployment Options

6-2

Lesson 2: Create and Connect to SQL Databases

6-5

Lab: Create a SQL Database in Azure

6-11

Module Review and Takeaways

6-14

Module Overview

Microsoft Azure offers a range of services that you can use to manage data. In particular, Azure provides
relational database management services. You can use these services to implement a relational data store
for applications without having to manage a database management system (DBMS) or the operating
system that supports it.

In this module, you will learn about the options available for storing relational data in Azure. You will also
learn how to use Microsoft Azure SQL Database, which you can use to create, configure, and manage SQL
databases.

Objectives
After completing this module, you will be able to:

Describe options for relational database deployment in Azure.

Create and connect to SQL databases in Azure.

Lesson 1

Understand Relational Database Deployment Options

MCT USE ONLY. STUDENT USE PROHIBITED

6-2 Microsoft Azure Databases

Microsoft Azure provides two basic methods of deploying relational database services: platform as a
service (PaaS) and infrastructure as a service (IaaS). The method you select will depend primarily on the
requirements of the applications that consume database content. However, you should also consider
factors such as manageability, ease of provisioning, cost, and compatibility. Compatibility is especially
relevant in migration scenarios. This lesson introduces the relational database services that are available
in Azure. It also describes considerations for choosing the best solution for specific application and
business needs.

Lesson Objectives
After completing this lesson, you will be able to:

Describe relational database services in Azure.

Describe the key differences between an SQL database in Azure and a Microsoft SQL Server instance
running on an Azure IaaS virtual machine.

Review Relational Database Deployment Options


Most business applications rely on a relational
database to store their data. Data takes the form
of a collection of two-dimensional tables, which
represent real-life entities and relationships
between them. Table rows correspond to
individual instances of these entities, whereas
table columns describe their identifying
properties. By combining multiple interrelated
tables, you can express complex business
scenarios in a simple manner, and analyze their
characteristics to extract meaningful information
about them.

When you deploy relational databases to Azure, you can choose from a range of options for deployment.
All of these options pertain to distinct service and product types. Azure provides two basic types of
relational database services, each of which can support different product types:

PaaS. This service allows you to focus on database-specific tasks by eliminating the required
management of the underlying database server platform. The two primary offerings in this category
are SQL Database and MySQL Database. SQL Database is based on Microsoft SQL Server technologies,
and MySQL Database is based on the ClearDB MySQL Database cloud service, which is available from
the Azure Store.

IaaS. You can create Azure IaaS virtual machines that host an instance of a relational database
management system (RDBMS). This can include instances of SQL Server, MySQL, or, any database
server such as Oracle that is supported on operating system platforms that you can deploy within
Azure IaaS virtual machines.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 6-3

Compare SQL Database with SQL Server in a Virtual Machine


When you use Azure to implement a Microsoft
SQL Serverbased database, you can either deploy
it onto a Microsoft SQL Server instance running in
an Azure virtual machine or as an SQL database in
Azure. You can determine which of these two
solutions can best address your needs by studying
their differentiating characteristics:

Manageability, maintenance, and cost. Azure


SQL Database constitutes a PaaS solution that
removes much of the overhead associated
with deploying and maintaining relational
databases systems. It is appealing due to its
minimized operational cost and simplified management. You can provision and manage SQL Server
instances running on Azure IaaS virtual machines in the same manner as their on-premises
counterparts, and their pricing includes the cost of the dedicated virtual machine.

Feature parity with on-premises deployments of SQL Server. SQL Server instances running on Azure
IaaS virtual machines provide optimal compatibility with existing database applications. However,
Azure SQL Database does not provide support for:
o

Common language runtime (CLR) and CRL-related objects

Full-text search and related objects

SQL Server Service Broker and related objects

Extended stored procedures

Defaults and rules

Transparent data encryption and data compression

Object Linking and Imbedding Database (OLE DB) or ADO connectivity

Windows Authentication (only SQL Server Authentication is available)

Clustered indexes. Every table in an SQL database in Azure should have a clustered index. While you
can create a table without it, you cannot insert any data until this condition is satisfied.

SQL Server components. SQL Server instancelevel components, such as SQL Server Agent, SQL Server
Analysis Services, SQL Server Integration Services, SQL Server Reporting Services, or Master Data
Services, require a SQL Server instance running within an Azure IaaS virtual machine. Other Azure
services, such as HD Insight, provide some of this functionality.

The ability to make the relational database interact directly with other Azure services within the
same Azure virtual network. SQL Server instances running within an Azure IaaS virtual machine can
be located on the same Azure virtual network as IaaS or PaaS cloud services. However, with SQL
Database, network traffic always flows via its external endpoints. Depending on the intended
architectural design, this may be beneficial in providing an additional level of integration or isolation
in relation to other Azure services and public networks.

MCT USE ONLY. STUDENT USE PROHIBITED

6-4 Microsoft Azure Databases

High availability and scalability. Azure supports high availability and scalability features, such as
AlwaysOn Availability Groups, database mirroring, replication, or table partitioning, only if you use a
SQL Server instance running within an Azure IaaS virtual machine. However, you can achieve an
equivalent level of resiliency and elasticity with much less management overhead, even if you cannot
use these features. To do so, you can use the built-in characteristics of Azure SQL Database service,
such as geo-replication, point-in-time restore, service tiers (scaling up), or federations (scaling out by
partitioning data horizontally).

Additional Reading: For a comprehensive list of features that SQL databases support, go
to http://go.microsoft.com/fwlink/?LinkID=517433.
Additional Reading: For information about identifying and resolving database
compatibility issues by using SQL Server Data Tools, go to
http://go.microsoft.com/fwlink/?LinkID=517434.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 6-5

Lesson 2

Create and Connect to SQL Databases

Azure SQL Database is a cloud-based SQL service that provides subscribers with a highly scalable platform
for hosting their databases. By using Azure SQL Database, organizations can avoid the cost and
complexity of managing SQL Server installations, and quickly set up and start using database applications.
In this lesson, you will learn how to provision and connect to an Azure SQL Database.

Lesson Objectives
After completing this lesson, you will be able to:

Describe how to create and import SQL databases in Azure.

Create a new SQL database by using the preview Azure portal.

Create a new SQL database by using Copy in the Azure portal.

Describe how to connect to an SQL database in Azure.

Connect to an SQL database in Azure.

Creating and Importing SQL Databases


To understand the process of provisioning a new
SQL database in Azure, you must be familiar
with the foundations of its architectural model.
Azure SQL Database and the three Azure logical
componentsthe subscription, the resource
group, and the serverare intrinsically connected.
The following table describes these components.

Azure component

Description

Azure subscription

Azure services that you create, view, and manage from the management
portal exist within the boundaries of a subscription. These boundaries provide
the scope of access control, manageability, reporting, and billing associated
with the current subscription.

Resource group

Resource groups are logical containers that arbitrarily group Azure resources
that are associated with each other. This allows you to represent their
functional and business dependencies. One common example of such a
grouping is an Azure website and an SQL database in Azure as two tiers of a
cloud-based web application.

SQL database server

SQL database servers are logical servers that host SQL databases. Each SQL
database server has a unique Domain Name System (DNS) name, local
administrator accounts, and firewall rules restricting access to its databases.
Such servers host individual instances of Azure SQL Database, in addition to
the master database that stores server configuration data. Databases located
in this logical server are likely to be in different servers in the backend
implementation, but are all accessible through the same endpoint address.

MCT USE ONLY. STUDENT USE PROHIBITED

6-6 Microsoft Azure Databases

The most straightforward way to provision an SQL database in Azure relies on the graphical interface of
the Azure portal and the preview Azure portal. These are management portals in which you can create a
database and specify an existing or new logical server in which to host the database. Alternatively, you can
first create a new logical server and add a new database afterwards. The Azure portal also allows for
managing content of any existing instances of SQL Database, including standard create, read, update, and
delete operations.
Note: You will learn more about these operations in upcoming demonstrations in this
module.

You can also use other methods to create and manage the content of SQL databases in Azure. These
methods involve the use of traditional administrative and development tools, such as SQL Server
Management Studio, SQL Server Data Tools, Microsoft Visual Studio, or the sqlcmd command-line tool.
IT professionals can also leverage their scripting skills, because they can perform a majority of the
database management tasks by using cmdlets in the Azure PowerShell module.

Creating an SQL Database

When you create a database from the preview Azure portal, you must include the following information:

A name for the database. The name must be unique on a per-server basis.

The SQL Database pricing tier, which directly affects the cost of the database, and also determines the
following elements:
o

Performance level, which is expressed in database throughput units (DTUs). A DTU is a number
representing the overall power of the database engine resources, including processor, memory,
and input/output.

Maximum size to which the database can grow.

Supported resiliency and scalability features, such as Point In Time Restore, Geo-Restore or GeoReplication.

Support for auditing.

The collation that you want the database to apply. Collation defines the rules which determine how to
sort and compare data. You cannot change the collation after creating the database.

The server on which to create the database. You can select an existing server that you have previously
created in the same subscription, or create a new server. The server name must be unique globally.

The resource group in which to create the database and its server. If you select an existing server, the
database is automatically added to the existing resource group to which the server belongs. The
name of the resource group must be unique within the current subscription.

Creating a SQL Server Instance

You can create a server instance on its own, or as part of the process of creating a database. In scenarios
where you are provisioning new databases for applications, you typically create the server as part of the
process of creating the first database. However, in some cases, you might want to create the server
without any user databases, and then add databases to it later; for example, by migrating them from an
on-premises SQL Server instance. Each server must have a globally unique name. The fully qualified
domain name (FQDN) of the server is in the form <server_name>.database.windows.net; for example,
abcde12345.database.windows.net.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 6-7

When you create a server, you must specify the following information:

A globally unique server name (when using the Azure portal, this is generated automatically).

A login name and password for the administrative account that you will use to manage the server.

The geographical region of the Azure data center where the server should be located.

Whether or not to allow any other Azure services to connect to the server. Enabling access from any
other Azure service creates a firewall rule that permits access from the IP address 0.0.0.0.

Importing an SQL Database

A common method of creating a new SQL database in Azure or populating a newly created SQL database
is importing its content from another database, such as one that an on-premises SQL Server instance is
hosting. This might be required when migrating an on-premises application to the cloud, or because
developers created a database by using a full-fledged development instance of SQL Server in preparation
for deploying it to a production environment in SQL Database.
The import process must take into account two types of content. The first content type is the database
schema, which contains definitions of all database objects. The second content type is the actual data
stored in each of the database objects.

There are two primary techniques you can use to migrate both types of content from a SQL Serverhosted
database to Azure SQL Database:

Generate Transact-SQL scripts that capture all objects and their data in your SQL Server database, and
then run them in Azure SQL Database to create exact replicas of all objects and their data.

Export a data-tier application (DAC) from SQL Server in the form of a .bacpac file and import it into
Azure SQL Database. The .bacpac file contains both the schema and the existing data.

Of these two techniques, using a DAC is the simpler way to migrate the database. In addition, the Import
option, which is available when you create new databases by using the Azure portal, facilitates this
approach. You can export and import the DAC by using SQL Server Management Studio and the Azure
SQL Database management portal, or you can use a wizard in SQL Server Management Studio to
automate the entire process. The Export Data-Tier Application Wizard in SQL Server Management Studio
allows you to specify an Azure storage account as the destination for an exported package. The Import
Data-Tier Application Wizard enables you to specify an Azure storage account as the source for a package
that you want to import. This makes it easy to migrate a database from SQL Server to Azure SQL Database
in two stages, while using Azure Storage as an intermediary storage location for the DAC package.
Alternatively, you can use the Deploy Database Wizard to export a SQL Server database as a DAC package
and import it into an Azure SQL database server in a single operation.

Creating a SQL Database by Using Copy

You can easily copy your existing database within a SQL Server instance in Azure or between two SQL
Servers in Azure that belong to the same subscription. You can do so from the Azure portal, or by running
the corresponding T-SQL Statement. Such an approach is useful for performing an impromptu backup of
the source database prior to making changes to it, or for creating its replica for testing purposes.
You can create a copy of an existing SQL Database by running the following T-SQL statement. Note that
you must execute this command while connected to the master database of the Azure SQL server that will
host the copy.
CREATE DATABASE T-SQL statement
CREATE DATABASE destination_database_name
AS COPY OF [source_server_name.]source_database_name

MCT USE ONLY. STUDENT USE PROHIBITED

6-8 Microsoft Azure Databases

Demonstration: Creating a New SQL Database by Using the Preview Azure


Portal
In this demonstration, you will see how to:

Create a SQL database in the preview Azure portal.

Identify a SQL database and the SQL database server properties in the preview Azure portal.

Demonstration Steps
Create a SQL database in the preview Azure portal
1.

Sign in to the preview Azure portal from a classroom computer.

2.

Create a new SQL database by specifying its name, the name of a new Azure SQL Server instance in a
datacenter of your choice, a new resource group, selecting the pricing tier, and providing admin
credentials.

3.

Add the newly created SQL Database to Startboard.

Identify a SQL database and the SQL database server properties in the preview Azure
portal
1.

Examine database properties such as edition, status, maximum size, collation, creation date, and
server name.

2.

Display database connection strings that you can use to connect to the SQL database from ADO.NET,
Open Database Connectivity (ODBC), PHP, or Java Database Connectivitybased (JDBC-based)
applications.

3.

Examine the properties of SQL Server in Azure, such as server name, location, server admin login, and
resource group.

4.

Examine default firewall rules in SQL Server in Azure.

Demonstration: Creating a New SQL Database by Using Copy in the Azure


Portal
In this demonstration, you will see how to:

Identify a SQL database and the SQL database server properties in the Azure portal.

Create a new SQL database by using Copy in the Azure portal.

Demonstration Steps
Identify a SQL database and the SQL database server properties in the Azure portal
1.

Connect to SQL Database by using the Azure portal.

2.

Identify FQDN and the port number of the SQL server hosting the SQL database. View the SQL
database connection strings for ADO.NET, ODBC, PHP, and JDBC.

3.

Examine dashboard data, including information identifying the database and its status, as well as
Manage URL that you can use to connect to the database in the next demonstration.

4.

Review SQL Database statistics, such as deadlocks, storage usage, and failed and successful
connections.

5.

Examine scaling options, allowing switching between service tiers.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 6-9

6.

Review configuration options, including automated, interval-based export of the database to a


storage account, providing you with a custom backup functionality.

7.

Take note of geo-replication disaster recovery capabilities.

8.

Locate Azure SQL Server properties.

9.

Take note of the ability to create an additional firewall rule allowing access to the server and all of its
databases from your current IP address. Keep in mind that you can also accomplish this automatically
when connecting to the database from the Azure portal, which will be part of the next demonstration.

Create a new SQL database by using Copy in the Azure portal


1.

From the Azure portal, use the Copy option of SQL Database.

2.

Keep Internet Explorer open for the next demonstration.

Connecting to a SQL Database


The primary purpose of the SQL Database service
is to provide data storage for applications that
deliver specific business functionality. However,
SQL Database must also facilitate easy access to
developers who create these applications, and to
database administrators and development
operations staff who assist developers. This topic
reviews different means of providing such access.

While you typically handle the creation and


management of SQL Databases on the database
level by using the Azure portal and the preview
Azure portal or Windows PowerShell, the ability to
perform create, read, update, and delete operations on database content requires a different approach.
The approach to connecting to SQL databases in Azure is similar to the approach for working with onpremises SQL Server-hosted databases, allowing the use of the following tools:

SQL Server Management Studio. You can use SQL Server Management Studio to connect to an Azure
SQL Database server and administer it in a manner similar to the management of SQL Server
instances. In hybrid IT environments, it is convenient to use the same tool to manage on-premises or
Azure IaaS-based SQL Server instances and SQL Database servers. However, it is important to keep in
mind that the graphical designers in SQL Server Management Studio are mostly incompatible with
Azure SQL Database. Therefore, you will have to perform their respective tasks by executing TransactSQL statements that provide equivalent functionality.

sqlcmd. You can use the sqlcmd command-line tool to connect to Azure SQL Database servers and
execute Transact-SQL commands.

Visual Studio. Developers can use Visual Studio to create SQL databases and to manage and query
their content.

In addition, as mentioned earlier in this module, the Azure portal includes a link to the web-based
SQL Database management interface in which you can perform database development and management
tasks, including executing Transact-SQL commands. The new preview portal does not implement this
feature.

MCT USE ONLY. STUDENT USE PROHIBITED

6-10 Microsoft Azure Databases

It is important to remember that you must configure SQL Server firewall settings in Azure to explicitly
allow incoming connections originating from a non-Azure location. Effectively, if you intend to use the
tools listed above from an on-premises environment, you will first need to modify Azure SQL Server
firewall settings by allowing connectivity from the public IP address of the perimeter network device
through which you connect to the Internet. The Azure portal allows you to easily identify this IP address
and even automates creation of the corresponding rule if you use the web-based SQL Database
management interface. On the other hand, connections originating from any Azure subscription are
allowed by default. While you can change this setting, you should consider the impact of such an action
on connections from your Azure-hosted applications that rely on SQL Database for data store.

In order to connect to SQL Database programmatically, applications use connection strings, which you
can readily extract from either of the Azure management portals for individual instances of SQL Database,
as illustrated in the previous demonstrations in this module. Keep in mind that SQL databases are not
capable of leveraging Windows Authentication, so you will need to rely on security principals at the SQL
Server level and database level to control authentication and authorization.

Demonstration: Connecting to a SQL Database


In this demonstration, you will see how to:

Connect to a SQL database by using Azure portal that includes a web-based SQL Database
management interface.

Connect to a SQL database by using SQL Server Management Studio.

Demonstration Steps
Connect to a SQL database by using Azure portal that includes a web-based SQL
Database management interface
1.

Automatically generate a firewall rule that allows you to connect to the target SQL Database from the
public IP address of your edge device.

2.

Navigate and log on to the web-based SQL Database management interface.

3.

Examine the interface from which you can execute T-SQL scripts, define tables, views, or stored
procedures, create new databases, or even deploy data-tier applications.

4.

Log off from the Web-based SQL Database management interface.

Connect to a SQL database by using SQL Server Management Studio


1.

From your classroom computer, start SQL Server Management Studio.

2.

From SQL Server Management Studio, connect to SQL Server in Azure.

3.

Create a new table in the SQL database in Azure by running the T-SQL command from SQL Server
Management Studio.

4.

Populate the content of the newly created table by running the T-SQL command from SQL Server
Management Studio.

5.

Query the content of the newly populated table by running the T-SQL command from SQL Server
Management Studio.

6.

Close SQL Server Management Studio and Internet Explorer.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 6-11

Lab: Create a SQL Database in Azure


Scenario

A. Datum Corporation is expanding rapidly, and its Public Relations department wants to expand its
Internet-facing website and support its database, through which it publishes press releases and interfaces
with external marketing partners. You have decided that this is an ideal time to test the database
capabilities of Azure.

Objectives
After completing this lab, you will be able to:

Create an Azure SQL Database.

Create a table in an Azure SQL Database.

Query the content of a table in an Azure SQL Database

Estimated Time: 40 minutes


Sign in to your classroom computer by using the credentials your instructor provides.

Exercise 1: Create a New SQL Database in Azure and Configure SQL Server
Firewall Rules
Scenario

You start your tests by creating a test database to which you will subsequently add some test tables. You
will then populate the tables with sample data.
The main tasks for this exercise are as follows:
1.

Create a new SQL database by using the preview Azure portal.

2.

Configure a SQL Server firewall rule by using Azure portal.

Task 1: Create a new SQL database by using the preview Azure portal
1.

Sign in to the preview Azure portal from a classroom computer.

2.

Create a new SQL database by specifying its name, specifying the name of a new Azure SQL Server in
a datacenter of your choice, specifying a new resource group, selecting the pricing tier, and providing
admin credentials:

3.

DATABASE NAME:testDB

PRICING TIER: B Basic

SERVER NAME: Any valid unique name

SERVER ADMIN LOGIN: Student

PASSWORD: Pa$$w0rd

CONFIRM PASSWORD: Pa$$w0rd

LOCATION: Any available region

RESOURCE GROUP: testRG

Add the newly created SQL Database to Startboard.

Task 2: Configure a SQL Server firewall rule by using Azure portal

MCT USE ONLY. STUDENT USE PROHIBITED

6-12 Microsoft Azure Databases

1.

Switch back to the Azure portal, and verify that the testDB database is listed on the SQL DATABASES
page.

2.

On the SERVERS tab, verify that the uniquely named server you created is listed, and then configure
it to allow the current public IP address of your edge device.

Results: After completing this exercise, you should have created a Microsoft Azure SQL Database named
testDB on a new server with a name of your choice. You will have also configured Microsoft SQL Server
firewall rules in Azure, which allow connectivity from your on-premises management tools and
applications to the newly created SQL database in Azure.

Exercise 2: Add Data to a SQL Database in Azure by Using SQL Server


Management Studio
Scenario

You created a test database. Now it is time to create a test table, populate it with sample data, and verify
that data has been added by using SQL Server Management Studio.
The main tasks for this exercise are as follows:
1.

Add a table to a SQL database in Azure by using SQL Server Management Studio.

2.

Add data to a table of a SQL database in Azure by using SQL Server Management Studio.

3.

Query a table of a SQL database in Azure by using SQL Server Management Studio.

Task 1: Add a table to a SQL database in Azure by using SQL Server Management
Studio
1.

On your classroom computer, start SQL Server Management Studio.

2.

From SQL Server Management Studio, connect to SQL Server in Azure by specifying the following
information:

3.

Server type: Database Engine

Server name: server_name.database.windows.net

Authentication: SQL Server Authentication

Login: Student

Password: Pa$$w0rd

Create a new table in the SQL database in Azure by running the following T-SQL command from SQL
Server Management Studio:
CREATE TABLE dbo.testTable
(
id integer identity primary key,
dataval nvarchar(50)
);
GO

4.

Leave the SQL Server Management Studio open for the next task.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 6-13

Task 2: Add data to a table of a SQL database in Azure by using SQL Server
Management Studio
1.

Populate the content of the newly created table by running the following T-SQL command from SQL
Server Management Studio:
INSERT INTO dbo.testTable
VALUES
(newid());
GO 100

2.

Leave the SQL Server Management Studio open for the next task.

Task 3: Query a table of a SQL database in Azure by using SQL Server Management
Studio
1.

Query the content of the newly populated table by running T-SQL command from SQL Server
Management Studio. To generate the command, right-click dbo.testTable, point to Script Table as,
point to SELECT To, and then click New Query Editor Window.

2.

Close SQL Server Management Studio and Internet Explorer

Results: After completing this exercise, you should have created a test table in the SQL database in Azure
named testDB on an existing SQL Server in Azure with a name of your choice, populated it with sample
data, and queried its content.

Module Review and Takeaways


Review Question
Question: What should you consider when choosing between on-premises SQL Server, SQL
Server in an Azure virtual machine, and Azure SQL Database?

Tools

MCT USE ONLY. STUDENT USE PROHIBITED

6-14 Microsoft Azure Databases

SQL Server Management Studio. You can use SQL Server Management Studio to connect to an Azure
SQL Database Server and administer it in a manner similar to the management of SQL Server
instances. In hybrid IT environments, it is convenient to use the same tool to manage on-premises or
Azure IaaS-based SQL Server instances and SQL Database servers. However, it is important to keep in
mind that the graphical designers in SQL Server Management Studio are mostly incompatible with
SQL Database in Azure. Therefore, you will have to perform their respective tasks by executing
Transact-SQL statements that provide equivalent functionality.

sqlcmd. You can use the sqlcmd command-line tool to connect to Azure SQL Database servers and
execute Transact-SQL commands.

Visual Studio. Developers can use Visual Studio to create SQL databases and to manage and query
their content.

MCT USE ONLY. STUDENT USE PROHIBITED


7-1

Module 7
Azure Active Directory
Contents:
Module Overview

7-1

Lesson 1: Manage Azure AD Objects

7-2

Lesson 2: Manage Authentication

7-9

Lab: Create Users in Azure Active Directory

7-13

Module Review and Takeaways

7-16

Module Overview

Microsoft Azure Active Directory (Azure AD) is a cloud-based identity and access management solution.
Its primary purpose is to provide authentication and authorization when accessing cloud-based resources.
However, you can also leverage its functionality to protect on-premises applications. In both cases, you
can further streamline and enhance secure access to sensitive services and data by taking advantage of
Azure ADs single sign-on (SSO), federation, and Microsoft Azure Multi-Factor Authentication capabilities.
In this module, you will learn how to create users, domains, and directories in Azure AD, integrate
applications with Azure AD, and use Multi-Factor Authentication.

Objectives
After completing this module, you will be able to:

Manage Azure AD objects.

Manage authentication.

Lesson 1

Manage Azure AD Objects


Azure AD is a cloud-based identity and access management solution. It is also a directory services
solution. It allows you to provide secure access to both cloud-based and on-premises applications
and services.
In this module, you will learn about the basic characteristics of the identity management and directory
services of Azure AD. The module starts by introducing these characteristics in the context of Active
Directory Domain Services (AD DS) in order to compare these two technologies.

Lesson Objectives
After completing this lesson, you will be able to:

Explain how AD DS works.

Explain how to extend the scope of AD DS.

Describe Azure AD.

Create domains and users in Azure AD.

Assign users to applications.

What Is AD DS?

MCT USE ONLY. STUDENT USE PROHIBITED

7-2 Azure Active Directory

AD DS forms the foundation of enterprise


networks that run Windows operating systems.
The core component of AD DS is its database,
which provides the store for all AD DS objects,
such as user accounts, computer accounts, or
group accounts. The database schema defines
object types, typically referred to as classes, and
their individual properties, or attributes. The
database organizes objects in a customizable,
logical hierarchy consisting of containers and
organizational units. The database offers resiliency
by supporting multiple replicas hosted on servers,
which are referred to as domain controllers. The database constitutes the authoritative source of identity
data for domain objects, which means that AD DS functions as an identity provider first and foremost.

Identity Data

Identity, in the context of our course, is a set of data that uniquely identifies an entity, such as a user or a
computer. Identity describes the characteristics of the entity. It also provides information about the
entitys relationships to other entities, for example by using groups that similar or associated entities are
members of. AD DS domain controllers verify the authenticity of the identifying data in a domain through
authentication. Authentication typically requires that a user or computer attempting to authenticate
provides a set of credentials to the authenticating domain controller. As the result of this process, the
authenticating domain controller grants that user or computer a token representing its status and
privileges to other domain members. The user or computer subsequently uses the token to obtain access
to resources such as file shares, applications, or databases hosted on domain computers, through the
process of authorization. Authorization is based on the implicit trust that each domain member computer

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 7-3

maintains with domain controllers. The process of joining the domain establishes this trust, permanently
adding an account representing that computer to the AD DS database.

Directory Service

In addition, AD DS, as the name indicates, functions as a directory service, facilitating lookups of the
content of the AD DS database. AD DSaware applications, such as Microsoft Exchange, which rely on
AD DS to store their configuration and operational parameters, use this functionality extensively. A range
of Windows Server roles whose names include the Active Directory designation, such as Active Directory
Certificate Services (AD CS), Active Directory Rights Management Services (AD RMS), and Active Directory
Federation Services (AD FS) leverage the same functionality. The AD DS database also stores management
data, which is critical for administering user and computer settings through Group Policy processing.

AD DS Configuration

AD DS uses Domain Name Service for advertising its services. Effectively, each AD DS domain has a unique
DNS domain name. While it is possible to use multiple, distinct DNS namespaces within the same domain,
this is rather uncommon.
Each AD DS domain exists within an AD DS forest. A forest can contain multiple domains. All domains
in the same forest share the same schema. They implicitly trust each other, extending the scope of
authentication, authorization, and directory services lookups to all objects in the entire forest. If you
want to provide the same functionality across multiple forests, you need to create trust relationships
between them.

AD DS offers a high degree of versatility and customizability, due to its multipurpose nature and the
intended operational model as a fully managed infrastructure component. You can delegate its
permissions down to an individual attribute of a single object. Its replicated, distributed database is
capable of scaling up to host millions of objects, and scaling out to support multinational enterprises with
data centers located across multiple continents. You can extend its schema to accommodate custom
object types, although it is important to note that schema extensions are not fully reversible.

Extending the Scope of AD DS


AD DS offers significant business and
technological benefits. However, AD DS has
been designed for on-premises, independently
managed deployments, and most of its
characteristics reflect this underlying premise.
Its authentication and authorization mechanisms
rely largely on having domain member computers
permanently joined to the domain. The
communication with domain controllers involves
protocols such as Lightweight Directory Access
Protocol (LDAP) for directory services lookups,
Kerberos for authentication, and Server Message
Block (SMB) for downloading Group Policy data. None of these protocols is suitable for Internet
environments.

Multi-tenancy is very difficult to implement within a single domain. While it is possible to provide a higher
level of autonomy by deploying additional domains within the same forests, or by deploying multiple
forests with trust relationships between them, such arrangements are complex to set up and manage.
AD DS provides the ability to implement the desired mix of efficiency, control, security, and flexibility
within corporate networks, but is not well-suited for todays open, Internet-facing world, dominated by
cloud services and mobile devices.

Extending AD DS Authentication
One way to address this shortcoming is to extend the capabilities of AD DS by using an intermediary
system that handles translation of AD DS on-premises constructs and protocols (such as tokens and
Kerberos) into their Internet-ready equivalents. The Active Directory Federation Services (AD FS) server
role and Web Application Proxy server feature of Windows Server provide this functionality. As a result,
users, devices, and applications can take advantage of the authentication and authorization features of
AD DS without having to be part of the same domain or a trusted domain.

MCT USE ONLY. STUDENT USE PROHIBITED

7-4 Azure Active Directory

In regard to device authentication, one example of such capabilities is the Workplace Join feature,
introduced in Windows Server 2012 R2, which leverages AD DS, AD FS, and Web Application Proxy.
Workplace Join facilitates the registration of devices that are not domain-joined in an AD DS database.
This provides additional authentication and authorization benefits, including SSO to on-premises web
applications, and support for conditional access control policies that consider whether an access request
originated from a registered device.

Federation Support
The primary feature that AD FS and Web Application Proxy facilitate is federation support. A federation
resembles a traditional trust relationship, but relies on claims (contained within tokens) to represent
authenticated users or devices. It relies on certificates to establish trusts and to facilitate secure
communication with an identity provider. Also, it relies on web-friendly protocols such as HTTPS,
Web Services Trust (WS-Trust), Web Services Federation (WS-Federation), or OAuth to handle transport
and processing of authentication and authorization data. Effectively, AD DS, in combination with AD FS
and Web Application Proxy, can function as a claims provider, capable of authenticating requests from
web-based services and applications that are not able to, or not permitted to, access AD DS domain
controllers directly.

Azure IaaS

You can also extend AD DS into the cloud in a different mannerby deploying AD DS domain controllers
into virtual machines based on Azure infrastructure as a service (IaaS). However, it is critical to ensure that
you protect such domain controllers from unauthorized external access. You may use such deployments
to build a disaster recovery solution for an existing on-premises AD DS environment, to implement a test
environment, or to provide local authentication and authorization to Azure-hosted cloud services that are
part of the same virtual network.

Overview of Azure AD
The previous topics in this module described the
role of AD DS as an identity provider, a directory
service, and an access management solution. They
also presented several ways of accommodating
authentication and authorization requirements
of Internet-based applications and services by
extending the features included in AD DS. Cloudbased identity providers natively support the same
functionality. Azure AD is an example of such a
provider.
It might be easy to simply view Azure AD as a
cloud-based counterpart of AD DS. However,
while they share some common characteristics, there are also several significant differences between
them.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 7-5

First and foremost, Azure AD is implemented as a Microsoft-managed service that is part of the platform
as a service offering. It is not a part of core infrastructure that customers own and manage, or an IaaS
offering. While this implies that you have less control over its implementation, it also means that you do
not have to dedicate resources to its deployment or maintenance. You also do not have to develop
additional functionality natively unavailable in AD DS, such as support for Multi-Factor Authentication,
because this is a part of Azure AD functionality.

Types of Tiers

Azure AD constitutes a separate Azure service. Its most elementary form, which any new Azure
subscription automatically includes, does not incur any extra cost and is referred to as Free tier. Some
advanced identity management features require paid versions of Azure AD, offered in the form of
Basic and Premium tiers. Some of these features are also automatically included in Azure AD instances
generated as part of Office 365 subscriptions. In addition to differences in functionality, the Free tier is a
subject to the 500,000 object limit and does not carry out any service level agreement (SLA) obligations.
Both Basic and Premium tiers do not impose restrictions on the total number of directory objects and are
bundled with 99.9 percent uptime SLA.

Tenants

Unlike AD DS, Azure AD is multi-tenant by design, and is implemented specifically to ensure isolation
between its individual directories. It is the worlds largest multi-tenant directory, hosting well over a
million directory services instances, with billions of authentication requests per week. The term tenant in
this context typically represents a company or organization that signed up for a subscription to a
Microsoft cloud-based service such as Office 365, Windows Intune, or Microsoft Azure, which leverages
Azure AD but also includes individual users.

Directories

When you create your first Microsoft cloud service subscription, you will also automatically generate a
new Azure AD directory instance, also referred to simply as directory. The directory is assigned the default
DNS domain name, consisting of a unique name of your choice followed by the onmicrosoft.com suffix. It
is possible and quite common to add at least one custom domain name that utilizes the DNS domain
namespace that the tenant owns. The directory serves as the security boundary and a container of Azure
AD objects, such as users, groups and applications. It is possible for a single directory to support multiple
cloud service subscriptions.

The Azure AD schema contains fewer object types than the schema of AD DS. Most notably, it does not
include definition of the computer class, since there is no process of joining computers to Azure AD. It
does, however, facilitate device registration, similar to the Workplace Join feature of AD DS. It is also easily
extensible, and its extensions are fully reversible.
The lack of support for domain membership means that you cannot use Azure AD to manage computers
or user settings by using Group Policy objects (GPOs). Instead, its primary strength lies in providing
directory services; storing and publishing user, device, and application data; and handling the
authentication and authorization of the users, devices, and applications. These features are effective and
efficient in existing deployments of cloud services such as Office 365, which rely on Azure AD as their
identity provider and support millions of users.

Azure AD Identity Models

Applications are represented in Azure AD by objects of the Application class and servicePrincipal class,
with the former containing an application definition and the latter constituting its instance in the current
Azure AD directory. Separating these two sets of characteristics allows you to define an application in one
directory and use it across multiple directories by creating a service principal object for this application in
each directory. This facilitates deploying applications to multiple tenants.

Delegation model

MCT USE ONLY. STUDENT USE PROHIBITED

7-6 Azure Active Directory

Due to its operational model as SaaS, and its lack of both management capabilities via Group Policy
settings and support for computer objects, the delegation model in Azure AD is considerably simpler than
the same model in AD DS. In all three tiers, there are several built-in roles, including Global Administrator,
Billing Administrator, Service Administrator, User Administrator, and Password Administrator. Each of
these roles provides different levels of directory-wide permissions to its objects. By default, the
administrators of the subscription hosting the Azure AD instance are its Global Administrators, with full
permissions to all objects in their directory instance. Some of the management actions are invoked from
the Azure Portal leverage groups, but their availability depends on the Azure AD tier. For example, in
Azure AD Free, users can gain access to a set of designated applications via Access Panel.
Additional Reading: The Access Panel is available at
http://go.microsoft.com/fwlink/?LinkID=517436.

With Azure AD Basic, such access can also be granted based on the group membership. The Premium tier
further extends this functionality by offering delegated and self-service group management, allowing
users to create and manage their own groups, and request membership in groups created by others.

Role-based access control

The delegation model described above applies to the graphical interface available in the full Azure Portal.
The Preview Portal offers a much more flexible and granular way of restricting management of Azure
resources by implementing role-based access control. This mechanism relies on three built-in roles: owner,
contributor, and reader. Each of these roles performs a specific set of actions on Azure resources that are
exposed via the Preview Portal, resources such as websites or SQL databases. The intended access is
granted by associating an Azure AD object (such as a user, group, or service principal) with a role and a
resource appearing in the Azure Preview Portal. Note that this approach applies only to resources that are
available via the Preview Portal.
Azure AD does not include the organizational unit class, which means that you cannot arrange its objects
into a hierarchy of custom containers, frequently used in on-premises AD DS deployments. This is not a
significant shortcoming, because organizational units in AD DS are used primarily for Group Policy
scoping and delegation. Instead, you can accomplish equivalent arrangements by organizing objects
based on their attribute values or group membership.

Azure AD Federations

In Azure AD, AD DS federations have replaced trust relationships between domains and forests. This
allows for the integration of its directories with cloud services and for interaction with directory instances
of other Azure AD tenants and other identity providers. For example, such federation trust exists between
Azure AD and the Microsoft identity provider that hosts Microsoft accounts (formerly known as Live ID
accounts). This means that an Azure AD directory user account can directly reference an existing Microsoft
account, making it possible to use the latter to sign in to Azure AD. You can also use AD FS and Web
Application Proxy to establish such federations with on-premises AD DS deployments.

The use of federations eliminates dependency on AD DS protocols, such as Kerberos, which are best suited
for on-premises, LAN-based communication that for which trust relationships were designed. Instead, the
federation traffic travels over cloud-friendly HTTPS, carrying WS-Trust, WS-Federation, SAML, or OAuth
messages. Instead of using LDAP-based lookups, Azure AD queries rely on AD Graph application
programming interface (API).

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 7-7

Azure AD Identity Support

Due to its built-in capabilities as an identity provider and support for federations, Azure AD provides
flexibility in designing an identity solution for your organizational or business needs. This gives you three
high-level design choices:

Fully delegating authentication and authorization to Azure AD. Effectively, this means that identity
data, including user credentials, resides only in the cloud. The identities can be defined directly in
Azure AD, or they can be sourced from existing Microsoft accounts, based on the federation with the
Microsoft identity provider. You may prefer this choice if you do not have an existing or significant
on-premises AD DS deployment.

Maintaining an on-premises authoritative source of the identity data in AD DS, which is synchronized
in regular intervals to Azure AD. This way, Azure AD can authenticate and authorize users, but you
retain control over their state on-premises. This approach simplifies application support of AD DS
users who are not operating on-premises. It is also suitable in scenarios where a large number of
AD DS users rely on Azure cloud services, such as Office 365, to access their applications.

Taking advantage of the AD FS capabilities which this topic covered earlier. This involves forming a
federation between your on-premises AD DS and Azure AD. Authentication requests submitted to
Azure cloud services are redirected from the cloud to your on-premises AD DS via the AD FS server.
In effect, this allows you to provide authentication and authorization to cloud-based services by using
your on-premises AD DS. This approach is similar to the second one, but its distinct advantage is
support for SSO.

Demonstration: Creating Domains and Users


In this demonstration, you will see how to:

Create a directory and a custom domain and view the verification DNS records.

Create a user account.

Additional Reading: For information on creating or editing users, go to


http://go.microsoft.com/fwlink/?LinkID=517437.

Demonstration Steps
Create a custom domain and view the verification DNS records
1.

Start Internet Explorer and sign in to the full Azure Portal by using the Microsoft account that is
associated with your Azure subscription.

2.

Add a new directory with the following settings:


o

NAME: Adatum

DOMAIN NAME: Use the same name as the NAME field + random numbers (e.g. adatum123456)

COUNTRY OR REGION: United States

3.

Add a custom domain called contoso.com.

4.

Identify DNS records that you need to create, in order to verify the newly created domain.

Create a user account


1.

Create a user in the default directory with the following settings:


o

USER NAME: adam

FIRST NAME: Adam

LAST NAME: Brooks

DISPLAY NAME: Adam Brooks

ROLE: Global Administrator

ALTERNATE EMAIL ADDRESS: an alternate email address. In this case, for example, we are using
the Microsoft account associated with the current Azure subscription

Enable Multi-Factor Authentication: Not selected

2.

Note the value for NEW PASSWORD.

3.

As a backup, in the SEND PASSWORD IN EMAIL box, type the email address of your Azure
subscription.

Demonstration: Assigning Users to Applications


In this demonstration, you will see how to:

Add a directory application.

Assign a directory application to a user.

Demonstration Steps
Add a directory application

MCT USE ONLY. STUDENT USE PROHIBITED

7-8 Azure Active Directory

Add Microsoft OneDrive application to the directory.

Assign a directory application to a user


1.

Assign the Microsoft OneDrive application to Adam Brooks with single sign-on enabled.

2.

Type your email address and password to provide SSO to the application for the user.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 7-9

Lesson 2

Manage Authentication

Azure AD enhances authentication security and simplifies user experience by supporting Multi-Factor
Authentication and SSO. In this module, you will learn how to implement and take advantage of both of
these features.

Lesson Objectives
After completing this lesson, you should be able to:

Describe benefits of Multi-Factor Authentication provided by Azure AD.

Describe benefits of SSO provided by Azure AD.

Configure Multi-Factor Authentication and SSO in Azure AD.

Access applications via Access Panel.

Multi-Factor Authentication
The purpose of Multi-Factor Authentication
is to increase security. Traditional, standard
authentication requires knowledge of logon
credentials, typically consisting of a user name
and the associated password. Multi-Factor
Authentication adds an extra verification that
relies on either having access to a device that is
assumed to be in the possession of the rightful
owner or, in the case of biometrics, having
physical characteristics of that person. This
additional requirement makes it considerably
more difficult for an unauthorized individual to
compromise the authentication process.

Microsoft Azure Multi-Factor Authentication

Microsoft Azure Multi-Factor Authentication is integrated into Azure AD. It allows the use of a phone as
the physical device providing a means of confirming the users identity. The process of implementing
Multi-Factor Authentication for an Azure AD user account starts when a user with the global administrator
role enables the account for Multi-Factor Authentication from the Azure Portal. At the next logon
attempt, the user is prompted to set up the authentication by selecting one of the following options:

Mobile phone. Requires the user to provide a mobile phone number. The verification can be in the
form of a phone call (at the end of which, the user must press the pound key) or a text message.

Office phone. Requires the specification of the OFFICE PHONE entry of the users contact info in
Azure AD. The administrator must preconfigure this entry and the user cannot modify or provide this
entry at the verification time.

Mobile app. Requires the user to have a smart phone on which he or she must install and configure
the mobile phone app.

App passwords

MCT USE ONLY. STUDENT USE PROHIBITED

7-10 Azure Active Directory

As part of the verification process, the user is also given an option to generate app passwords. This is
because the use of Multi-Factor Authentication is limited to authenticating access to applications and
services via a browser. Effectively, it does not apply to traditional desktop applications or modern apps,
such as Microsoft Outlook, Microsoft Lync, or mobile apps for email. Randomly generated app passwords
can then be assigned to individual apps by using their configuration settings.

App passwords can be a potential security vulnerability. Therefore, as an administrator, you can prevent all
directory users from creating app passwords. You also can invalidate all app passwords for an individual
user if the computer or device where the apps are installed is compromised.
Once the verification process is successfully completed, Multi-Factor Authentication status for the user
changes from enabled to enforced. The same verification process repeats during every subsequent
authentication attempt. The Additional security verification option appears in the Access Panel, reflecting
the status change. From the Access Panel, you can choose and configure a different verification
mechanism and generate app passwords. Generating app passwords is especially important, because
without app passwords assigned, desktop apps and modern apps that rely on authenticated access to
Azure AD will fail to connect to cloud services.
Additional Reading: To read more about Azure Multi-Factor Authentication, go to
http://go.microsoft.com/fwlink/?LinkID=517438.

SSO via Access Panel


SSO allows users to access software as a service
(SaaS) applications available from the Azure AD
application gallery, as well as custom, in-house
developed applications which reside on-premises
or have been published to Azure AD, without
having to provide their username and password
when they are launched. This is accomplished by
leveraging one of two distinct abilities of Azure
AD. The first facilitates secure storage of user
credentials and the second relies on support for
federated trusts with other cloud services and
identity providers.
A number of commercial applications with SSO capabilities (such as Office 365, Box, or Salesforce) are
preconfigured for integration with Azure AD and published in its application gallery.
Additional Reading: To view the Azure AD application gallery, go to
http://go.microsoft.com/fwlink/?LinkID=517439.

Once Azure AD administrators have assigned these applications to users and configured them for SSO,
they automatically appear in the Access Panel. Individual users can sign in to the Access Panel by
providing their Azure AD credentials. However, users will not be prompted for their credentials when
opening the Access Panel or launching its applications if Azure AD has already authenticated their cloud
or federated account.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 7-11

You can use the following three mechanisms to implement SSO support:

Password-based SSO with Azure AD storing credentials for each user of a password-based SSO
application. When Azure AD administrators assign a password-based SSO app to an individual user,
they have the option to enter app credentials on the user's behalf. If users change their credentials
after being assigned an app, they can update their stored credentials directly from the Access Panel.
In this scenario, when accessing a password-based SSO app, users first rely on their Azure AD
credentials to authenticate to the Access Panel. When a user launches an app, Azure AD transparently
extracts the user's app-specific stored credentials and securely relays them to its provider as part of
the browser's session.

Azure AD SSO, with Azure AD establishing a federated trust with federation-capable SSO applications.
In this case, adding an application to the Azure AD directory involves creating a federated trust with
the application. Effectively, the application provider relies on the Azure AD directory to handle the
user's authentication, and considers the user to be already authenticated when the user launches the
application.

Existing SSO with Azure AD leveraging an existing federated trust between the application and an
SSO provider, such as AD FS. This is similar to the second mechanism because there are no separate
application credentials involved. However, in this case, the application provider trusts an identity
provider other than Azure AD. The Access Panel application entry redirects the authentication request
to that provider.

Effectively, Azure AD serves as a central point of managing application authentication and authorization.

You can also use Azure AD SSO functionality to control access to on-premises applications or applications
developed in-house. The Azure Portal facilitates both of these scenarios by creating required applicationrelated objects in Azure AD. On-premises applications require additional configuration, which includes
installation of the application proxy connector on-premises and enabling application proxy in Azure AD.

Demonstration: Configuring Multi-Factor Authentication


In this demonstration, you will see how to:

Configure the Office Phone property for an Azure AD user account.

Enable Multi-Factor Authentication for an Azure AD user account.

Demonstration Steps
Configure the Office Phone property for an Azure AD user account
1.

Sign in to the Azure Portal by using your Azure subscription.

2.

Enter OFFICE PHONE number for Adam Brooks.

Configure Multi-Factor Authentication for an Azure AD user account


1.

Launch the multi-factor authentication service portal.

2.

Enable Multi-Factor Authentication for Adam Brooks.

Demonstration: Accessing Applications Through the Access Panel


In this demonstration, you will see how to:

Authenticate as a user with Multi-Factor Authentication enabled.

Access SSO applications via the Access Panel.

Demonstration Steps
Authenticate as a user with Multi-Factor Authentication enabled
1.

Sign in to the Access Panel at https://myapps.microsoft.com by using the adam user account.

2.

Change the temporary password assigned to the adam user account.

3.

Configure Multi-Factor Authentication verification options for the adam user account.

Access SSO applications via the Access Panel

MCT USE ONLY. STUDENT USE PROHIBITED

7-12 Azure Active Directory

1.

From the Access Panel, install Access Panel Extensions. This will close all Internet Explorer windows.

2.

Sign in again to the Access Panel by providing adam user account credentials.

3.

Authenticate by using Multi-Factor Authentication.

4.

Launch the Microsoft OneDrive application from the Access Panel.

5.

Sign out from Microsoft OneDrive and from the Access Panel.

6.

Close Internet Explorer.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 7-13

Lab: Create Users in Azure Active Directory


Scenario

Now that you have configured several services in Microsoft Azure, you need to create user accounts for
employees to securely access the services. In the long term, you plan to migrate existing organizational
accounts to Azure, but, initially, you want to test Azure AD with a separate Azure AD directory instance.

Objectives
After completing this lab, you will be able to:

Create an Azure AD directory.

Create users in an Azure AD directory.

Estimated Time: 30 minutes


Sign in to your classroom computer by using the credentials your instructor provides.

Exercise 1: Create an Azure AD Directory


Scenario

To prepare for testing user management in Azure AD, you first need to create a new Azure AD directory.
You will use Azure Portal to accomplish this task.
The main task for this exercise is as follows:
1.

Create an Azure AD directory.

Task 1: Create an Azure AD directory


1.

In Internet Explorer, browse to http://azure.microsoft.com and sign in to Azure Portal by using the
Microsoft account that is associated with your Azure subscription.

2.

Create a new directory within the existing subscription with the following settings:
o

DIRECTORY: Create new directory

NAME: Adatum

DOMAIN NAME: Use the same name as the NAME field + random numbers (e.g. adatum123456)

COUNTRY OR REGION: United States

Results: After completing this exercise, you will have created a new Microsoft Azure Active Directory
(Azure AD) directory by using Azure Portal.

Exercise 2: Create Users in Azure Active Directory


Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

7-14 Azure Active Directory

To test Azure AD functionality, you already created a test directory. Now it is time to create test user
accounts, add an existing Microsoft Account, and configure that account as a Global Administrator of the
directory. You will use Azure Portal to accomplish this task.
The main tasks for this exercise are as follows:
1.

Create users in an Azure AD directory.

2.

Add a Microsoft account to an Azure AD directory.

3.

Configure a user account as a Global Administrator of an Azure AD directory.

4.

View Azure AD directory users and administrators.

Task 1: Create users in an Azure AD directory


1.

Create the following user in the Adatum directory:


o

USER NAME: deanna

FIRST NAME: Deanna

LAST NAME: Ball

DISPLAY NAME: Deanna Ball

ROLE: User

Enable Multi-Factor Authentication: Not selected

2.

Note the value for NEW PASSWORD; as a backup, in the SEND PASSWORD IN EMAIL box, type the
email address of your Azure subscription.

3.

Create the following user in the Adatum directory:

4.

USER NAME: kari

FIRST NAME: Kari

LAST NAME: Tran

DISPLAY NAME: Kari Tran

ROLE: Global Administrator

Enable Multi-Factor Authentication: Not selected

Note the value for NEW PASSWORD; as a backup, in the SEND PASSWORD IN EMAIL box, type the
email address of your Azure subscription.

Task 2: Add a Microsoft account to an Azure AD directory

Add an Azure AD user with the following settings:


o

TYPE OF USER: User with an existing Microsoft account

USER NAME: type the name of an existing Microsoft account that the instructor provided

FIRST NAME: Leave blank

LAST NAME: Instructor

DISPLAY NAME: Instructor

ROLE: User

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 7-15

Task 3: Configure a user account as a Global Administrator of an Azure AD directory

Configure the Instructor account as the Global Administrator of the Adatum Azure AD directory.

Task 4: View Azure AD directory users and administrators


1.

Use the USERS tab of the Adatum Azure AD directory to view all user accounts, including Microsoft
accounts that have been added to the directory.

2.

Use the multi-factor authentication page to view members of built-in Azure AD organizational
roles.

Results: After completing this exercise, you will have used Azure Portal to create an Azure AD directory
user account, add a Microsoft Account to Azure AD directory and configure it as a Global Administrator,
and view the results of these actions.

Module Review and Takeaways


Review Question
Question: What are some benefits of using Azure AD as an identity provider?

MCT USE ONLY. STUDENT USE PROHIBITED

7-16 Azure Active Directory

MCT USE ONLY. STUDENT USE PROHIBITED


8-1

Module 8
Microsoft Azure Management Tools
Contents:
Module Overview

8-1

Lesson 1: Azure PowerShell

8-2

Lesson 2: The Azure SDK and the Azure Cross-Platform Command-Line


Interface

8-8

Lab: Using Microsoft Azure Management Tools

8-13

Module Review and Takeaways

8-16

Module Overview

The Microsoft Azure portals provide a graphical interface for managing your Azure subscriptions and
services. However, for certain management tasks and operations, the Azure portals might not be the best
management tools to use. Typically, as a developer, you might want to automate some management tasks
by creating reusable scripts, or combine management of Azure resources with management of other
network and infrastructure services. To enable you to manage Azure by using a command-line interface,
Microsoft provides Windows PowerShell and the Azure cross-platform command-line interface. In
addition to these command-line tools, you can use Microsoft Visual Studio 2013 to manage aspects of
your Azure subscription.

Objectives
After completing this module, you will be able to:

Describe and use Windows Azure PowerShell to manage your Azure subscription.

Describe and use Microsoft Visual Studio and the Azure cross-platform command-line interface to
manage your Azure subscription.

Lesson 1

Azure PowerShell
Windows PowerShell provides a scripting platform that you can use to manage Windows operating
systems. You can extend the Windows PowerShell platform to a wide range of other infrastructure
elements, including Azure, by importing modules of encapsulated code called cmdlets. This lesson
explores how you can use Windows PowerShell to connect to an Azure subscription, and provision
and manage Azure services.

Lesson Objectives
After completing this lesson, you will be able to:

Describe Windows PowerShell.

Describe how to use Azure PowerShell.

Explain how to manage Azure accounts and subscriptions by using the Azure PowerShell module.

Install the Azure PowerShell module and connect to Azure by using the account credentials.

Introduction to Windows PowerShell


Windows PowerShell is a scripting language and
command-line interface that is designed to help
you perform day-to-day administrative tasks.
Windows PowerShell constitutes cmdlets that you
execute at a Windows PowerShell command
prompt, or combine into Windows PowerShell
scripts.
An increasing number of Microsoft products
have graphical interfaces that build Windows
PowerShell commands. These products allow you
to view the generated Windows PowerShell script
so you can execute the task at a later time without
having to complete all of the steps in the GUI. The ability to automate complex tasks simplifies a server
administrators job and saves time.

MCT USE ONLY. STUDENT USE PROHIBITED

8-2 Microsoft Azure Management Tools

You can extend Windows PowerShell functionality by adding modules. For example, the Azure module
includes Windows PowerShell cmdlets that are specifically useful for performing Azurerelated
management tasks. Windows PowerShell includes features such as tab completion, which allows
administrators to complete commands by pressing the tab key rather than having to type the complete
command. You can learn about the functionality of any Windows PowerShell cmdlet by using the
Get-Help cmdlet.

Windows PowerShell cmdlets use a verb-noun syntax. Each noun has a collection of associated verbs. The
available verbs vary with each cmdlets noun.
Common Windows PowerShell cmdlet verbs include:

Get

New

Set

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 8-3

Restart

Resume

Stop

Suspend

Clear

Limit

Remove

Add

Show

Write

You can view the available verbs for a particular Windows PowerShell noun by executing the following
command:
Get-Command -Noun NounName

You can view the available Windows PowerShell nouns for a specific verb by executing the following
command:
Get-Command -Verb VerbName

Windows PowerShell parameters start with a dash. Each Windows PowerShell cmdlet has its own
associated set of parameters. You can learn what the parameters are for a particular Windows PowerShell
cmdlet by executing the following command:
Get-Help CmdletName

You can determine which Windows PowerShell cmdlets are available by executing the Get-Command
cmdlet. The Windows PowerShell cmdlets that are available depend on which modules are loaded. You
can load a module by using the Import-Module cmdlet.

Introduction to Azure PowerShell


Before you can use Windows PowerShell to
manage Azure services, you must ensure that
Windows PowerShell is installed, and then you
must add the required Windows PowerShell
modules. There are two Windows PowerShell
libraries that you can install to manage Azure.

Azure PowerShell. This is the primary


Windows PowerShell library for managing
Azure services, and you can install it using
the Microsoft Web Platform Installer.

Additional Reading: To view the link to the


latest version of Azure PowerShell, go to http://go.microsoft.com/fwlink/?LinkID=517448.

Azure PowerShell includes the following modules:


o

Azure. A core set of cmdlets for managing Azure services.

AzureResourceManager. A set of cmdlets for managing resource groups.

AzureProfile. A set of cmdlets for managing authentication and execution context.

In many cases,this is the only Azure PowerShell library that you require. The Azure PowerShell
module has a dependency on the Microsoft .NET Framework 4.5, and the Web Platform Installer
checks for this during installation.

Azure AD PowerShell. If you plan to implement Active Directory (AD) in Azure, you can install the
Azure AD PowerShell library to manage users, groups, and other aspects of the directory from
Windows PowerShell. Before you can install the Azure AD module, you must install the Microsoft
Online Services Single Sign-In Assistant. You can obtain both of these components from
http://go.microsoft.com/fwlink/?LinkID=517449.

Managing Azure Accounts and Subscriptions with Windows PowerShell


After you install the Azure PowerShell module,
you must connect it to the Azure subscriptions
that you want to manage with it. Connecting
to the Azure subscriptions requires that you
authenticate, and you can take two approaches
to accomplish this: Azure AD authentication and
certificate-based authentication.

Azure AD Authentication. You can use Azure


AD authentication to sign in to an Azure
account using one of the following types of
credential:
o

A Microsoft account associated with an


Azure subscription.

An organizational account defined in Azure Active Directory.

To connect an Azure account to the local Windows PowerShell environment, you can use the
Add-AzureAccount cmdlet. This opens a browser window through which you can interactively
sign in to Azure by entering a valid user name and password.
Azure AD authentication is token-based, and after signing in, the user remains authenticated until
the authentication token expires. The expiration time for an Azure AD token is 12 hours, although
you refresh it in the Windows PowerShell session.

MCT USE ONLY. STUDENT USE PROHIBITED

8-4 Microsoft Azure Management Tools

After you have authenticated, you can use the Get-AzureAccount cmdlet to view a list of Azure
accounts you have associated with the local Windows PowerShell environment, and you can use the
Get-AzureSubscription cmdlet to view a list of subscriptions associated with those accounts. If you
have multiple subscriptions, you can set the current subscription by using the Set-AzureSubscription
cmdlet with the name of the subscription that you want to use.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 8-5

Certificate-Based Authentication. Most tools for managing Azure support Azure AD authentication,
and we recommend that you use the authentication model. However, in some cases it might be more
appropriate to authenticate by using a management certificate. Examples of where certificate-based
authentication is appropriate include earlier versions of tools that do not support Azure AD
authentication, or Windows PowerShell scripts that will run for long periods of time during which an
authentication token might expire.

Note: An Azure management certificate is an X.509 (v3) certificate that associates a client
application or service with an Azure subscription. You can use an Azure-generated management
certificate, or you can generate your own by using your organizations public key infrastructure
(PKI) solution or a utility such as Makecert.
You can view the information and certificate for your Azure subscription by using the
Get-AzurePublishSettingFile cmdlet. This cmdlet downloads a .publishsettings file that
contains information and a certificate for your Windows Azure subscription.
Note: The downloaded file is used by the Import-AzureSubscription cmdlet and is an
XML file with a ".publishsettings" extension.

Using Azure PowerShell Cmdlets

After you have connected your Windows PowerShell environment to your Azure subscription, you can use
Azure cmdlets to view, provision, and manage Azure services. The Azure PowerShell library provides two
operational modes. In one mode, cmdlets from the Azure module are available, and in the other mode,
cmdlets from the AzureResourceManager module are available. Cmdlets from the AzureProfile module
are available in both modes.
To switch between modes, you can use the Switch-AzureMode cmdlet, which is defined in the
AzureProfile module.
Using the Switch-AzureMode cmdlet
# Switch to Resource Manager mode (activate the AzureResourceManager module)
Switch-AzureMode -Name AzureResourceManager
# Switch back to service manager mode (activate the Azure module)
Switch-AzureMode -Name AzureServiceManagement

Service Management Mode

By default, the Azure module is active and Azure PowerShell is in the Service Management mode. The
Azure module contains a comprehensive set of cmdlets, which you can use to view, create, and manage
individual Azure services in your subscription. For example, you can use the New-AzureWebsite cmdlet
to create an Azure website, or use the Get-AzureStorageAccount cmdlet to get a reference to an
existing storage account.
For a full list and summary description of the cmdlets in the Azure module, you can use the Windows
PowerShell Get-Command cmdlet. To display syntax for a specific Azure cmdlet, you can use the
Get-Help cmdlet.

Viewing information about Azure module cmdlets


# Get a list of cmdlets in the Azure module
Get-Command -Module Azure | Get-Help | Format-Table Name, Synopsis
# Get the syntax for a specific cmdlet
Get-Help New-AzureVM
# Get an example
Get-Help New-AzureVM Example

Resource Manager Mode

MCT USE ONLY. STUDENT USE PROHIBITED

8-6 Microsoft Azure Management Tools

In Resource Manager mode, you can use Windows PowerShell to create and manage Azure resources in
resource groups. This approach makes it easier to manage related sets of resources as a unit. For example,
you could use the Get-AzureResourceGroup cmdlet to get a reference to an existing resource group, or
use the Remove-AzureResourceGroup cmdlet to remove a resource group and all the resources that it
contains.
You can use the Get-Command and Get-Help cmdlets to view information about the cmdlets in the
AzureResourceManager module.
Viewing information about AzureResourceManager cmdlets
# Switch to Resource Manager mode
Switch-AzureMode -Name AzureResourceManager
# Get a list of cmdlets in the AzureResourceManager module
Get-Command -Module AzureResourceManager | Get-Help | Format-Table Name, Synopsis
# Get the syntax for a specific cmdlet
Get-Help Remove-AzureResourceGroup
# Get an example
Get-Help Remove-AzureResourceGroup -Example

Note: The AzureResourceManager module is currently in preview, and it does not


support all the functionality in the Azure module. Additionally, you cannot use the
AzureResourceManager module in a certificate-based authentication session.

Demonstration: Installing the Azure PowerShell Module and Connecting to


Azure by Using Account Credentials
In this demonstration, you will see how to:

Install the Windows PowerShell Azure module.

Connect to your Azure subscription.

Use Azure PowerShell cmdlets.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 8-7

Demonstration Steps
Install Windows PowerShell Azure Module
1.

Download and install the Windows PowerShell modules for Azure from
http://azure.microsoft.com/en-us/downloads/.

Connect to your Azure subscription


1.

Start the Windows PowerShell interactive scripting environment (ISE) as Administrator.

2.

Add your Azure account to the local PowerShell environment by using Azure AD authentication.
When prompted, sign in using the Microsoft account associated with your Azure subscription:
Add-AzureAccount

Use Azure PowerShell Cmdlets


1.

Verify that your account and subscription are connected to the local PowerShell environment:
Get-AzureAccount
Get-AzureSubscription

Note: If you have more than one subscription, you must select the Azure Pass subscription.
Run the following command:
select-azuresubscription -subscriptionName "Azure Pass"
2.

Create a new website and view its properties. Substitute the #### with a random number.
New-AzureWebsite MySite####
get-AzureWebsite MySite####

3.

When you have finished, close Windows PowerShell ISE.

Lesson 2

The Azure SDK and the Azure Cross-Platform CommandLine Interface

MCT USE ONLY. STUDENT USE PROHIBITED

8-8 Microsoft Azure Management Tools

The Azure Software Developers Kit (SDK) enables developers that are familiar with Visual Studio to use
these skills to develop apps, websites, web apps, and web services for Microsoft Azure. The Azure crossplatform command-line interface provides administrators with a scriptable command-line tool with which
they can administer their Microsoft Azure subscription and Azure services. This lesson discusses these
tools.

Lesson Objectives
After completing this lesson, you will be able to:

Describe the components of the Azure SDK.

Describe the Azure Cross-Platform Command-Line Interface.

Explain how to install and use the Azure Cross-Platform Command-Line Interface.

What Is the Azure SDK?


The Azure Software Developers Kit (SDK) for .NET
is a group of Visual Studio tools, command-line
tools, runtime binaries, and client libraries that
your development team can use to develop, test,
and deploy apps that run in Azure.
Note: Developers can use Visual Studio
2013 to create a variety of apps: Windows Store
apps, Windows Phone apps, desktop apps, web
apps, and web services. Developers can code in
Visual Basic, Visual C#, Visual C++, Visual F#, and
JavaScript, and also can develop their apps in
different languages.
Note: You can download the SDK from the Azure Downloads page.
The Azure SDK for .NET installs the following products:

Microsoft Visual Studio Express for Web. Provides you with tools to create standards-based websites
using ASP.NET. You can publish your web application directly to Azure from the IDE.

Note: If your local computer does not have Visual Studio installed, then the Azure SDK
installs Visual Studio Express for Web.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 8-9

Microsoft ASP.NET and Web Tools for Visual Studio. Enables you to work with your Azure-based
websites to:
o

Publish web projects to Azure websites.

Publish console application projects.

Create Azure websites and Windows Azure SQL Database resources.

Create Windows PowerShell deployment scripts.

Manage and troubleshoot Azure Websites.

Microsoft Azure Tools for Microsoft Visual Studio. Enables you to work with Azure Cloud Services and
Virtual Machines to:
o

Create, open, and publish cloud service projects.

Create deployment packages for cloud service projects.

Create Azure virtual machines.

Create Windows PowerShell scripts.

View and manage cloud service project settings.

View and manage cloud services, virtual machines, and Service Bus.

Microsoft Azure Authoring Tools. Includes the following:


o

The CSPack command-line tool for creating deployment packages.

The CSEncrypt command-line tool for encrypting passwords that you can use to access cloud
service role instances using a remote desktop connection.

Runtime binaries that cloud service projects require for communicating with their runtime
environment and for diagnostics.

Microsoft Azure Emulator. Simulates the cloud service environment so that you can test cloud service
projects locally on your computer before you deploy them to Azure.

Microsoft Azure Storage Emulator. Uses a SQL Server instance and the local file system to simulate
Azure Storage (queues, tables, blobs), so that you can test locally.

Microsoft Azure Storage Tools. Installs AzCopy, a command-line tool that you can use to transfer data
into and out of an Azure Storage account.

Note: AzCopy is a command-line utility designed for high-performance uploading,


downloading, and copying data to and from Microsoft Azure Blob and File storage.

Microsoft Azure Libraries for .NET. include:


o

NuGet packages for Azure Storage, Service Bus, and Caching that are stored on your computer so
that Visual Studio can create new cloud service projects while it is offline.
Note: NuGet is the package manager for the Microsoft development platform.

A Visual Studio plug-in that enables Azure In-Role Cache projects to run locally in Visual Studio.

Note: In-Role Cache allows you to host caching within your roles. This cache can be used
by any roles within the same cloud service deployment.

LightSwitch for Visual Studio publishing add-on. You can use this add-on to publish LightSwitch
projects to Azure Websites.

Note: Both the Visual Studio Updates and the Azure SDK for .NET include the LightSwitch
add-on. By installing the SDK, you can ensure that you have the latest version of the add-on.

Introduction to the Azure Cross-Platform Command-Line Interface


The Azure Cross-Platform Command-Line
Interface provides a set of cross-platform
commands you use to work with the Azure your
Azure subscription. Azure cross-platform
command-line interface provides much of the
same functionality found in the Azure portal,
such as the ability to manage websites, virtual
machines, mobile services, SQL Database, and
other services.
Additional Reading: To download the
Azure cross-platform command-line interface, go
to http://go.microsoft.com/fwlink/?LinkID=517448.
After you have installed the Azure Cross-Platform Command-Line Interface, you must sign in to your
Azure subscription. You can either sign in by using an organizational account, or by downloading and
using a publish settings file. Use the following procedure to sign in by using an organization account:
1.

Open Windows PowerShell.

2.

Run the azure login [username] [password] command.

To sign in using a publish settings file, perform the following procedure:


1.

Open Windows PowerShell.

2.

Run the azure account download command.

Note: If you are not already connected to your Azure subscription, you will be prompted to
sign in.

MCT USE ONLY. STUDENT USE PROHIBITED

8-10 Microsoft Azure Management Tools

3.

A web browser window opens. You are prompted to download the publish settings file. This file has a
.publishsettings extension.

4.

Run the azure account import [path to .publishsettings file] command.

You now can use the azure command from the Windows PowerShell command-line to manage your
Azure subscription.
Note: All commands must be preceded with the word azure.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 8-11

You can manage Azure services easily from the command prompt. For example, you can manage your
websites by using the Azure Cross-Platform Command-Line Interface.
Use the following command to create a new website:
azure site create mywebsite

Use this command to list your websites:


azure site list

The following command will delete a named website:


azure site delete mywebsite

You can also create complex scripts by using this command:


azure site list | grep 'Running' | awk '{system("azure site stop "$2)}'

The preceding code pipes a list of websites to the grep command; this inspects each line for the string
'Running'. Any lines that match are then piped to the awk command; this calls Azure site stop and uses
the second column passed to it (the running site name) as the site name to stop.

Demonstration: Installing and Using the Azure Cross-Platform CommandLine Interface


In this demonstration, you will see how to:

Install the Microsoft Azure Cross-platform command-line tools.

Use the Microsoft Azure Cross-platform command-line tools.

Demonstration Steps
Install the Microsoft Azure Cross-platform command-line tools
1.

Switch to the Web Platform Installer 5.0 window.

2.

Install the Microsoft Azure Cross-platform Command Line Tools.

Use the Microsoft Azure Cross-platform command-line tools


1.

Open Windows PowerShell ISE.

2.

Export the account information required to sign in to your Azure subscription.


Azure account download

3.

Import the account information, and then sign in to your Azure subscription.
Azure account import filename

4.

List all available websites within your subscription.


Azure site list

5.

Stop the website:


Azure site stop MySite####

6.

Sign out from your Azure subscription, and close all open applications.

MCT USE ONLY. STUDENT USE PROHIBITED

8-12 Microsoft Azure Management Tools

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 8-13

Lab: Using Microsoft Azure Management Tools


Scenario

Much of your on-premises administration is automated with Windows PowerShell scripts, and you have
decided to test the use of Windows PowerShell and the Microsoft Azure Cross-platform command-line
tools with Microsoft Azure to help to automate administrative tasks.

Objectives
After they complete this lab, the students will have:

Installed and used Azure PowerShell.

Installed and used the Azure cross-platform command-line tools.

Lab Setup
Estimated Time: 40 minutes
Sign in to your classroom computer by using the credentials your instructor provides.
Note: To complete the lab in this module, you must have completed the labs in Module 1
of this course.

Exercise 1: Use the Azure PowerShell Modules


Scenario
In this exercise, you will install and use the Windows PowerShell module for Microsoft Azure.
The main tasks for this exercise are as follows:
1.

Install the Windows PowerShell Azure module.

2.

Connect to your Azure subscription.

3.

Use Azure PowerShell cmdlets.

Task 1: Install the Windows PowerShell Azure module

Download and install the Windows PowerShell modules for Azure from
http://azure.microsoft.com/en-us/downloads/.

Task 2: Connect to your Azure subscription


1.

Start the Windows PowerShell interactive scripting environment (ISE) as Administrator.

2.

Add your Azure account to the local PowerShell environment by using Azure AD authentication.
When prompted, sign in by using the Microsoft account associated with your Azure subscription.
Add-AzureAccount

Task 3: Use Azure PowerShell cmdlets


1.

Verify that your account and subscription are connected to the local Windows PowerShell
environment:
Get-AzureAccount
Get-AzureSubscription

Note: If you have more than one subscription, you must select the Azure Pass subscription.
Run the following command:
select-azuresubscription -subscriptionName "Azure Pass"
2.

Create a new website, and view its properties. Substitute the #### with a random number. Use the
same number in both commands.
New-AzureWebsite MySite####
get-AzureWebsite MySite####

3.

When you have finished, leave Windows PowerShell ISE running.

4.

In Internet Explorer, open a new tab and browse to http://azure.microsoft.com, click Portal, and
then sign in using the Microsoft account that is associated with your Azure subscription. Verify that
your website exists.

Results: After you complete this exercise, you will have successfully installed and used the Windows
PowerShell module for Microsoft Azure.

Exercise 2: Use the Azure Cross-Platform Command-Line Interface


Scenario
In this exercise, you will install and use the Microsoft Azure cross-platform command-line tools.
The main tasks for this exercise are as follows:
1.

Install the Microsoft Azure Cross-platform command-line tools.

2.

Use the Microsoft Azure cross-platform command-line tools.

Task 1: Install the Microsoft Azure Cross-platform command-line tools


1.

Switch to the Web Platform Installer 5.0 window.

2.

Install the Microsoft Azure Cross-platform Command Line Tools.

Task 2: Use the Microsoft Azure cross-platform command-line tools


1.

Switch to Administrator: Windows PowerShell ISE.

2.

At the command prompt, type the following command, and then press Enter. This command
downloads the credentials needed to connect to your Azure subscription.
Azure account download

Note: If you are prompted, sign in to your Azure subscription.

MCT USE ONLY. STUDENT USE PROHIBITED

8-14 Microsoft Azure Management Tools

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 8-15

3.

Internet Explorer is opened and you are prompted to download a file. This is your published settings
file. Click the down arrow next to Save, and then click Save As.

4.

In the Save As dialog box, in the navigation pane, double-click Local Disk (C:), double-click
Labfiles, and then click Save.

5.

Switch to Administrator: Windows PowerShell ISE.

6.

At the command prompt, type the following command. This command imports the credentials
needed to connect to your Azure subscription.

Note: When you type C:\labfiles\, Intellisense prompts you to select a file. Click the file you
created earlier and press Tab.
Azure account import C:\labfiles\

7.

Press Enter to complete the import command.

8.

At the command prompt, type the following command, and then press Enter.
Azure site list

9.

At the command prompt, type the following command, and then press Enter. Substitute the ####
with the number you used in the last lesson to create your website.
Azure site stop MySite####

10. At the command prompt, type the following command and then press Enter. Substitute account for
the credentials you use to connect to your Azure subscription.
Azure logout account

Note: If you receive an error, continue.


11. Close all open windows and applications.

Results: After completing this exercise, you will have successfully installed and used the Microsoft Azure
cross-platform command-line tools.

Module Review and Takeaways


Review Question
Question: With Azure PowerShell, what is one advantage of using certificate authentication
over Azure AD authentication when running long Windows PowerShell scripts?

MCT USE ONLY. STUDENT USE PROHIBITED

8-16 Microsoft Azure Management Tools

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals 8-17

Course Evaluation
Your evaluation of this course will help Microsoft understand the quality of your learning experience.
Please work with your training provider to access the course evaluation form.

Microsoft will keep your answers to this survey private and confidential and will use your responses to
improve your future learning experience. Your open and honest feedback is valuable and appreciated.

MCT USE ONLY. STUDENT USE PROHIBITED

MCT USE ONLY. STUDENT USE PROHIBITED


L1-1

Module 1: Getting Started with Microsoft Azure

Lab: Use the Microsoft Azure Portal


Exercise 1: Add a Co-Administrator
Task 1: Connect to the Azure Portal
1.

Ensure that you are signed in to your local host.

2.

If necessary, start Internet Explorer, browse to http://azure.microsoft.com, click Portal, and sign in
using the Microsoft account that is associated with your Azure subscription.

Task 2: Add a co-administrator


1.

In Internet Explorer, in the Azure portal, on the left side of the page, note the pane containing icons
for each service. Then, at the bottom of this pane, click SETTINGS (you might need to use the scroll
bar for the pane).

2.

On the settings page, on the SUBSCRIPTIONS tab, note the details of your subscription.

3.

Click the ADMINISTRATORS tab and verify that your Microsoft account is listed as the service
administrator.

4.

At the bottom of the screen, click ADD.

5.

In the Specify a co-administrator for subscriptions dialog box, in the EMAIL ADDRESS box, type
Admin@Contoso.com.

6.

Select the check box next to your subscription in the SUBSCRIPTION list below, and then click OK
(the check box).

Results: After you complete this exercise, you should have successfully added a co-administrator to your
Azure subscription.

Exercise 2: View Billing Data


Task 1: View subscription usage

MCT USE ONLY. STUDENT USE PROHIBITED

L1-2 Getting Started with Microsoft Azure

1.

In Internet Explorer, at the top-right of the Microsoft Azure management portal, click your Microsoft
account name and then click View my bill. This opens a new tab in Internet Explorer.

2.

If prompted, sign in using the Microsoft account credentials associated with your Azure subscription.

3.

On the subscriptions page, click your subscription. Then review the summary of usage and billing
that is displayed.

Task 2: View billing period


1.

Click Download usage details.

2.

In the Summary screen, click Download Usage.

3.

When prompted, click Open.

4.

Depending on installed software on your local computer, the file opens in Microsoft Excel. Review the
information and then close Excel. Do not save the worksheet.

5.

Close the current Internet Explorer tab.

Results: After you complete this exercise, you should have successfully viewed your Azure subscription
billing data.

MCT USE ONLY. STUDENT USE PROHIBITED


L2-3

Module 2: Websites and Cloud Services

Lab: Websites and Cloud Services


Exercise 1: Create a WordPress Website
Task 1: Create a website
1.

Start Internet Explorer, and browse to http://azure.microsoft.com, click Portal, and sign in using
the Microsoft account that is associated with your Azure subscription.

2.

In the Azure portal, on the navigation pane, click WEBSITES.

3.

Click NEW, and then click FROM GALLERY.

4.

In the ADD WEB APP Wizard, on the Find Apps for Microsoft Azure page, click BLOGS.

5.

In the A-Z list, click WordPress, and then click Next.

6.

On the Configure Your App page, in the URL box, type AdatumBlog####, where #### is a unique
number. If your URL is unique, a green check mark displays.

7.

Leave DATABASE and WEBSCALEGROUP configured with default values.

8.

Select the appropriate REGION, and then click Next.

9.

On the New MySQL Database page, accept the default name.

10. In the REGION list, click the appropriate region.


11. Select the I agree to ClearDBs legal terms check box, and then click Complete.
Note: Your website is created. This may take a few minutes.

Task 2: Install WordPress


1.

In the websites list, in the URL column, click the URL for your new website. Internet Explorer opens a
new tab and navigates to your new website.

2.

On the WordPress website, in the languages list, click English (United States), and then click
Continue.

3.

On the Welcome page, complete the Information needed section with the following information:
a.

Site Title: AdatumMyBlog####


Where #### is a unique number.

4.

b.

Username: The email address associated with your Azure subscription.

c.

Password, twice: Pa$$w0rd.

d.

Your E-mail: The email address associated with your Azure subscription.

Click Install WordPress.

Task 3: Create a blog post


1.

In Internet Explorer, on the Success webpage, click Log In.

2.

In the Username box, type the email address associated with your Azure subscription.

3.

In the Password box, type Pa$$w0rd.

Websites and Cloud Services

4.

Select the Remember Me check box, and then click Log In.

Note: If prompted by Internet Explorer to store the password for the website, click Not for
this site.
5.

In the Dashboard, click Write your first blog post.

6.

On the Add New Post page, in the Enter title here box, type Welcome to the Adatum Blog.

7.

In the main text box, type Welcome to the Adatum blog.

8.

Click Publish.

9.

Click View Post. Your new post in displayed.

10. Close the current tab in Internet Explorer, and return to the Azure portal tab.

Results: After you complete this exercise, you will have successfully created and configured an Azure
website to support WordPress blogs.

Exercise 2: Create a Cloud Service


Task 1: Create a Cloud Service
1.

In the Azure portal, click NEW.

2.

Click COMPUTE, click CLOUD SERVICE, and then click QUICK CREATE.

3.

In the URL text box, type a valid unique cloud service name. For example, type AdatumWeb####,
where #### is a unique number. If the name is valid and unique, a green check mark is displayed.

4.

In the REGION OR AFFINITY GROUP list, click your local region, and then click CREATE CLOUD
SERVICE.

Task 2: Deploy a Cloud Service


1.

In the Azure portal, in the NAME list, click your new cloud service.

2.

In the results pane, click the CONFIGURE tab.

3.

Click UPLOAD A NEW PRODUCTION DEPLOYMENT.

4.

In the Upload a package dialog box, in the DEPLOYMENT LABEL box, type Adatum App ####,
(where #### is the same number you typed earlier).

5.

Next to the PACKAGE box, click FROM LOCAL.

6.

Navigate to C:\Labfiles, and double-click AdatumAds.cspkg.

7.

Next to the CONFIGURATION box, click FROM LOCAL.

8.

Navigate to C:\Labfiles, and double-click ServiceConfiguration.Cloud.cscfg.

9.

Select both check boxes, and then click OK.


Note: Deployment begins. This could take 10 to 15 minutes.

10. When deployment is finished, click the SCALE tab.

MCT USE ONLY. STUDENT USE PROHIBITED

L2-4

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals L2-5

11. Under adatumadswebrole, adjacent to SCALE BY METRIC, click CPU.


12. Drag the INSTANCE RANGE slider bar right so that the maximum instance(s) value is 4.
13. Drag the TARGET CPU slider bar so that the maximum is 90.
14. Under adatumadsworkerrole, adjacent to SCALE BY METRIC, click CPU.
15. Drag the INSTANCE RANGE slider bar right so that the maximum instance(s) value is 4.
16. Drag the TARGET CPU slider bar so that the maximum is 90.
17. Click SAVE.

Task 3: Verify a Cloud Service


Note: It might take a few minutes for your website to display.
1.

On the SCALE page, in the navigation pane, click CLOUD SERVICES.

2.

In the list of cloud services, in the URL column, click the URL for your cloud service.

3.

The Adatum Ads webpage displays.


Note: The app is for demonstration purposes and is not completely functional.

4.

Close the Adatum Ads Home Page tab.

5.

Close Internet Explorer.

Results: After you complete this exercise, you will have successfully created, deployed, and configured an
Azure Cloud Service.

MCT USE ONLY. STUDENT USE PROHIBITED

MCT USE ONLY. STUDENT USE PROHIBITED


L3-7

Module 3: Virtual Machines in Microsoft Azure

Lab: Create a Virtual Machine in Microsoft


Azure
Exercise 1: Create a Virtual Machine from the Gallery
Task 1: Select and create a virtual machine
1.

Sign in to the classroom computer.

2.

In Internet Explorer, browse to http://azure.microsoft.com, click Portal, and then sign in by using
the Microsoft account that is associated with your Azure subscription. Close any initial welcome
messages.

3.

At the top right, click your Microsoft account name, and then click Switch to new portal. Then, in
the new tab that is opened, close any initial welcome messages for the new portal.

4.

In the bottom left pane, click + NEW.

5.

In the NEW pane, click Windows Server 2012 R2 Datacenter.

6.

In the CREATE VM pane, type server<your_initials>-10979 in the HOST NAME field.

7.

In the USER NAME field, type server<initials>-admin.

8.

In the PASSWORD field, type Moc1500!.

9.

Click PRICING TIER, click A2 STANDARD, and then click Select.

10. Click OPTIONAL CONFIGURATION.

11. In the Optional Config pane, click STORAGE ACCOUNT, click Create a storage account, and then in
the Storage account pane, review settings and click OK.
12. In the Optional Config pane, click NETWORK, and then in the Network pane, review settings without
making changes. In the Network pane, click OK, and then in the Optional Config pane, click OK.
13. In the CREATE VM pane, click Create.

14. Wait for a couple of minutes to allow the virtual machine creation to proceed and the storage to be
written to your storage account.

Task 2: Verify virtual machine creation


1.

In the left pane, click BROWSE, and then click Virtual Machines.

2.

Ensure that the virtual machine that you created shows a status of Running. If the status is not
Running, wait a few minutes until the status changes to Running.

Results: After completing this exercise, you will have created and verified a Microsoft Azure virtual
machine.

Virtual Machines in Microsoft Azure

Exercise 2: Verify the Functionality of the Virtual Machine


Task 1: View the properties of the virtual machine
1.

In the Azure preview portal, click BROWSE in the left navigation pane.

2.

In the Browse pane, click Virtual machines.

3.

In the Virtual machines pane, click serveryour_initials-10979.

4.

In the server-yourinitials-10979 pane, review available options.

5.

Click HOME.

6.

On the HOME pane, click AZURE PORTAL.

7.

On the Microsoft Azure portal, click VIRTUAL MACHINES.

8.

Click the serveryour_initials-10979 virtual machine.

9.

Click the DASHBOARD tab and review the available information and settings.

10. Click the MONITOR tab and review the available information about virtual machine performance.
11. Click the ENDPOINTS tab. Review available options for configuring connections to the virtual
machine.

MCT USE ONLY. STUDENT USE PROHIBITED

L3-8

12. Click the CONFIGURE tab. Review the available options but do not make any changes to the virtual
machine.

Task 2: Connect to a virtual machine


1.

In the Azure portal, click your user account in top right corner, and then click Switch to new portal.
If the new portal is already open, just switch to Microsoft Azure tab in Internet Explorer.

2.

In the Azure preview portal, click BROWSE, and then click Virtual Machines.

3.

Click the server<initials>-10971 virtual machine, and then click CONNECT in the top of the right
pane.

4.

In the Internet Explorer notification popup, click Save, and then click Open.

5.

In the Remote Desktop Connection window, click Connect.

6.

In the Windows Security dialog box:


a.

In User Name, type server<initials>-admin.

b.

In Password, type Moc1500!.

c.

Click OK.

7.

In the Remote Desktop Connection window, click Yes.

8.

Navigate around the server configuration and evaluate basic functionality, such as Server Manager
and File Explorer.

9.

When finished, click the X in the upper right corner of the Remote Desktop Connection session to
disconnect.

10. In the Remote Desktop Connection window, click OK.

Results: After completing this exercise, you will have established a connection to the virtual machine.

Exercise 3: Attach a Data Disk


Task 1: View virtual machine disks
1.

In the left pane of the Azure preview portal, click BROWSE, and then click Virtual Machines.

2.

Ensure that the virtual machine that you created shows a status of Running.

3.

Click the virtual machine that you created earlier.

4.

In the server<yourinitials>-10979 pane, scroll down, and then click the Disks tile.

5.

In the Disks pane, review the available information and ensure that you see only OS DISK.

Task 2: Attach a data disk


1.

In the Disks pane, review the available information and ensure that you see only OS DISK.

2.

Click Attach New.

3.

In the Attach a new disk pane, click STORAGE CONTAINER.

4.

In the Choose a container pane, click CHOOSE STORAGE ACCOUNT.

5.

In the Storage account pane, click server<yourinitials>-10979.

6.

In the Choose a container pane, click CHOOSE CONTAINER.

7.

In the Storage container pane, click vhds.

8.

In the Choose a container pane, click OK.

9.

In the Attach a new disk pane, type 5 in the SIZE (GB) text box, and then click OK.

10. Wait for up to one minute and ensure that in the Disks pane, a new disk with capacity of 5 GB is
displayed.
11. Scroll left and in the server<yourinitials>-10979 pane, click CONNECT.
12. In the Internet Explorer notification popup, click Save, and then click Open.
13. In the Remote Desktop Connection window, click Connect.
14. In the Windows Security dialog box:
a.

In User Name, type server<initials>-admin.

b.

In Password, type Moc1500!.

c.

Click OK.

15. In the Remote Desktop Connection window, click Yes.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals

L3-9

16. After you have signed in to the virtual machine, in the Server Manager console, click Tools, and then
select Computer Management.
17. In the Computer Management console, click Disk Management.
18. In the Initialize Disk window, click OK.

19. Review the available disks in the Disk Management right pane, and ensure that you have one OS disk,
one temporary disk, and one new disk with capacity of 5 GB.
20. Close the Computer Management console.

Results: After completing this exercise, you will have attached a new disk to a virtual machine.

MCT USE ONLY. STUDENT USE PROHIBITED

MCT USE ONLY. STUDENT USE PROHIBITED


L4-11

Module 4: Virtual Networks

Lab: Create a Virtual Network


Exercise 1: Creating a Virtual Network
Task 1: Create a virtual network
1.

Sign in to the Azure management portal on https://manage.windowsazure.com.

2.

In the left navigation page, scroll down and click NETWORKS.

3.

Ensure that there are no virtual networks created.

4.

In the lower left corner of the screen, click NEW. In the navigation pane, click NETWORK SERVICES,
and then click VIRTUAL NETWORK.

5.

Click CUSTOM CREATE to begin the configuration wizard.

6.

In the CREATE A VIRTUAL NETWORK Wizard, on the Virtual Network Details page, type VNET1 in
the NAME text box.

7.

In the LOCATION drop-down list, click West US. Click the arrow in the lower right corner.

Note: If you do not have West US as available region, choose the region that is closest
to you.
8.

On the DNS Servers and VPN Connectivity page, review the available options, but do not make any
changes. Click the forward arrow in the lower-right corner.

9.

On the Virtual Network Address Spaces page, in the ADDRESS SPACE section, open the dropdown list under STARTING IP, and then click 192.168.0.0.

10. In the CIDR (ADDRESS COUNT) drop-down list, click /24 (256).
11. In the SUBNETS section, click add subnet and ensure that Subnet-2 is added.

12. Click add address space. In the second address space that is added, open the drop-down list under
STARTING IP, and then select 172.16.0.0.
13. In the CIDR (ADDRESS COUNT) drop-down list, choose /16 (65536).

14. Click the checkmark in the lower right corner to finish the wizard and create a virtual network. It will
take a few minutes for the network to be created.

Results: After completing this exercise, you will have created a new virtual network.

Virtual Networks

Exercise 2: Creating Virtual Machines from the Gallery


Task 1: Create a virtual machine

MCT USE ONLY. STUDENT USE PROHIBITED

L4-12

1.

Browse to https://portal.azure.com, click Get Started on the Welcome to Microsoft Azure page,
and sign in by using the Microsoft account that is associated with your Microsoft Azure subscription.
Close any initial welcome messages, if they appear.

2.

In the bottom left pane, click + NEW.

3.

In the NEW pane, click Windows Server 2012 R2 Datacenter.

4.

In the CREATE VM pane, type Server1 in HOST NAME.

5.

Type server1-admin in USER NAME.

6.

Type Moc1500! in the PASSWORD field.

7.

For the PRICING TIER, ensure that Basic A1 is selected.

8.

Click OPTIONAL CONFIGURATION.

9.

In the Optional Config pane, click NETWORK, and then click VIRTUAL NETWORK.

10. In the Virtual Network pane, under Use an existing virtual network, select VNET1. Click OK on the
Network pane, and then click OK on the Optional Config pane.
11. On the CREATE VM pane, click Create.
12. Wait a couple of minutes to allow the virtual machine (VM) creation to finish.

Task 2: Create a second virtual machine


1.

In the bottom left pane in the Azure preview portal, click + NEW.

2.

In the NEW pane, click Windows Server 2012 R2 Datacenter.

3.

In the CREATE VM pane, type Server2 in HOST NAME.

4.

Type server2-admin in USER NAME.

5.

Type Moc1500! in the PASSWORD field.

6.

For the PRICING TIER ensure that Basic A1 is selected.

7.

Click OPTIONAL CONFIGURATION.

8.

In the Optional Config pane, click NETWORK, and then click VIRTUAL NETWORK.

9.

In the Virtual Network pane, under Use an existing virtual network, select VNET1. Click OK on the
Network pane, and then click OK on the Optional Config pane.

10. On the CREATE VM pane, click Create.


11. Wait a couple of minutes to allow the VM creation to finish.

Task 3: Test virtual network connectivity


1.

In the left pane of the Azure preview portal, click BROWSE, and then click Virtual Machines.

2.

Ensure that the virtual machine that you created shows a status of Running. If the status is not
Running, wait a few minutes until the status changes to Running.

3.

Click the Server1 VM, and then click CONNECT in the top of the left pane.

4.

In the Internet Explorer notification popup, click Save, and then click Open.

5.

In the Remote Desktop Connection window, click Connect.

6.

In the Windows Security dialog box, click Use another account and then use following data to
connect:
o

Type server1-admin in User name.

Type Moc1500! in Password.

Click OK.

7.

In the Remote Desktop Connection window, click Yes. Minimize Server1 window.

8.

Repeat steps 1 through 7 for the Server2 machine (use server2-admin as the user name).

9.

On the Server1 machine, note the Internal IP value shown on the desktop.

10. Switch to the Server2 machine and note the Internal IP value shown on the desktop.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals

L4-13

11. On the Server2, open File Explorer, in the left pane, right click Network and then click Properties.
12. In the Network and Sharing Center window, click Change advanced sharing settings.

13. In the Advanced sharing settings window, under Guest or Public section, below File and printer
sharing section, click Turn on file and printer sharing, then click Save changes button.
14. Close Network and Sharing Center window.

15. On the Server1 machine, open File Explorer, in the address bar, type \\IPaddressofServer2, and then
press Enter.
Note: You should type IP address of Server2 after \\.

16. On the Windows Security window, enter user name: server2-admin and password: Moc1500!, then
click OK. Ensure that the server opens (it will be an empty window), which confirms that your servers
can communicate via virtual network VNET1.

Results: After completing this exercise, you will have created two new virtual machines and assigned them
to VNET1.

Exercise 3: Add Point-to-Site Connectivity


Task 1: Add point-to-site connectivity
1.

Open the Azure management portal at https://manage.windowsazure.com.

2.

In the left navigation page, click NETWORKS.

3.

In the central pane, click VNET1.

4.

Click the CONFIGURE tab.

5.

In the point-to-site connectivity section, click the option Configure point-to-site connectivity.

6.

Click SAVE in the lower part of the screen, and then click YES.

7.

Wait for a few minutes for the network to be updated.

8.

Click the VNET1 network, and then click the CONFIGURE tab.

9.

Notice that you have options for ADDRESS SPACE available in the point-to-site connectivity section.
Ensure that 10.0.0.0/24 is selected.

Virtual Networks

10. On your classroom computer machine, open the Developer Command Prompt for VS2012 as
administrator.

MCT USE ONLY. STUDENT USE PROHIBITED

L4-14

11. In the command prompt window, type: makecert -sky exchange -r -n "CN=VNET1Cert" -pe -a
sha1 -len 2048 -ss My "C:\temp\VNET1Cert.cer", and then press Enter. Do not close the command
prompt window.
12. Open File Explorer, navigate to C:\temp, and then ensure that the VNET1Cert certificate file is
created.

13. Switch back to the Azure management portal, and then click the CERTIFICATES tab on VNET1 portal.
14. Click UPLOAD A ROOT CERTIFICATE.
15. In the Upload a Certificate window, click BROWSE FOR FILE.

16. In the Choose File to Upload window, browse to C:\temp, select the VNET1Cert file, and then click
Open.
17. Click the checkmark icon to upload a certificate.
18. Ensure that the certificate appears in the Azure portal.

19. Restore the command prompt window. Type the following command: makecert.exe -n
"CN=VNET1Client" -pe -sky exchange -m 96 -ss My -in "VNET1Cert" -is my -a sha1. Press Enter.
20. Switch back to the Azure portal, and then, in the VNET1 configuration pane, click the DASHBOARD
tab.
21. Click CREATE GATEWAY and when prompted, click YES. Wait until the
gateway is created.
Note: This might take up to 15 minutes.
22. In the quick glance section, click Download the 64-bit Client VPN Package.
23. When prompted, save the file to the C:\temp location. The name of the file will be similar to
1c586c97-442b-4c85-9ea6-45a5d0c5d3a1. exe. Close the warning prompt if it appears.

24. After the file downloads, navigate to C:\temp, right-click the file that you just downloaded, and then
click Properties.
25. In the Properties window, click Unblock, and then click OK.
26. Double click the file. In the User Account Control window (if it appears), click Yes.
27. In the VNET1 window, click Yes and wait until the virtual private network (VPN) client installs.
28. On your classroom machine, click the network icon in the taskbar. In the connection pane, click
VNET1, and then click Connect.
29. In the VPN client window, click Connect, and then click Continue on the prompt window.
30. Ensure that the connection is established.
31. Open Command Prompt.

32. In the Command prompt window, type ipconfig, and then press Enter.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals

L4-15

33. Look for the Point-to-Point Protocol (PPP) adapter in the VNET1 section. Ensure that you have the IP
address from the 10.0.0.0/24 scope.
34. On your classroom machine, click the network icon in the taskbar. In the connection pane, click
VNET1, and then click Disconnect.

Results: After completing this exercise, you will have established a point-to-site connectivity.

MCT USE ONLY. STUDENT USE PROHIBITED

MCT USE ONLY. STUDENT USE PROHIBITED


L5-17

Module 5: Cloud Storage

Lab: Configure Azure Storage


Exercise 1: Create an Azure Storage Account
Task 1: Create a storage account in Azure
1.

On the host computer, click Start, and then click the Internet Explorer icon.

2.

In Internet Explorer, browse to the Azure management portal at https://portal.azure.com.

3.

Sign in to your Azure account.

4.

If a welcome window appears, click Get Started to close it.

5.

In the bottom pane, on the left side, click + NEW.

6.

In the New popup menu, scroll down, and then click Storage.

7.

In the far right pane, in STORAGE, type 10979s<yourinitials>.

Note: Replace <initials> with your own initials. For example, if your name is Margo Ayers,
then the URL would be 10979sma. If the name is already in use, add a number after your initials
until the name is accepted. For the remainder of the demonstrations, use your initials in place of
<initials>.
8.

Click PRICING TIER. In the Recommend pricing pane, click L1, and then click Select.

9.

Click LOCATION. If the selected location is not the closest location to you, or a location is not
selected, click the location closest to you.

10. At the bottom of the Storage account pane, click Create to complete the creation. It might take few
minutes for storage account to be created.

Task 2: View the properties of your storage account


1.

In the Azure portal, in the left pane, click BROWSE, and then click Storage.

2.

In the Storage pane, click the 10979s<initials> storage account.

3.

In the 10979s<initials> pane, view the information available on the dashboard.

4.

Near the top of the 10979s<initials> pane, click PROPERTIES to view the properties of the storage
account.

5.

Review the available properties of your storage account.

6.

Close the Properties pane, and leave the storage pane open.

Results: After you complete this exercise, you will have created your Azure storage.

Cloud Storage

Exercise 2: Create and Manage Blobs


Task 1: Add a container
1.

In the Storage pane, click Containers.

2.

In the Containers pane, click ADD +.

3.

In the Add a container pane, type 10979c<initials> in the NAME text box.
If the name is already in use, add a number after your initials until the name is accepted.

4.

In the Access type settings, click Blob, and then click OK to complete the creation of the new
container.

5.

Click the X icon in the upper right corner of the Containers pane to close it.

Task 2: Add data to the container using Azure Web Storage Explorer
1.

In the 10979s<initials> pane, click KEYS.

2.

In the Manage keys pane, copy the access key shown in PRIMARY ACCESS KEY to the clipboard.

3.

Click the File Explorer icon on the taskbar.

4.

In File Explorer, in the navigation pane, click Documents.

5.

In the right pane, right-click an empty area, click New, and then click Text Document.

6.

In the file name, replace New Text Document with storage-key, and then press Enter.

7.

Double-click storage-key.txt. The file will open in Notepad. In Notepad, paste the access key that
you copied to the Clipboard in step 2 into the file.

8.

Click File, and then click Save.

9.

Close Notepad.

10. In the Manage keys pane, click the X to close the pane.
11. In Internet Explorer, press Ctrl+N to open a new browser window.

MCT USE ONLY. STUDENT USE PROHIBITED

L5-18

12. In the Internet Explorer Address bar, type http://azurestorage.azurewebsites.net/login.aspx, and


then press Enter.
13. On the Azure Web Storage Explorer page, in Account, type 10979s<initials>, paste your access
key into the Key box, and then click Enter.
14. Click 10979c<initials>.
15. Click Browse.

16. In the Choose File to Upload window, double-click Computer, double-click Local Disk (C:), doubleclick Windows, scroll down, and then double-click the media folder.
17. Click Alarm01.wav, and then click Open.
18. Click the Upload button to upload Alarm01.wav.
19. Click Browse.

20. In the Choose File to Upload window, double-click Computer, double-click Local Disk (C:), doubleclick Program Files, double-click Internet Explorer, and then double-click the images folder.
21. Scroll down, click splashscreen.contrast-white_scale-180.png, and then click Open.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals L5-19

22. Click the Upload button to upload splashscreen.contrast-white_scale-180.png.

23. In the file list, click http://10979s<initials>.blob.core.windows.net/10979c<initials>


/splashscreen.contrast-white scale-180.png, and verify that you see a large Internet Explorer logo
graphic display in the browser window.
24. Close Internet Explorer.

Results: After completing this exercise, you will have created a blob container and uploaded the data.

MCT USE ONLY. STUDENT USE PROHIBITED

MCT USE ONLY. STUDENT USE PROHIBITED


L6-21

Module 6: Microsoft Azure Databases

Lab: Create a SQL Database in Azure

Exercise 1: Create a New SQL Database in Azure and Configure SQL Server
Firewall Rules
Task 1: Create a new SQL database by using the preview Azure portal
1.

Ensure that you are signed in to the classroom computer.

2.

Start Internet Explorer, browse to http://azure.microsoft.com, click Portal, and then sign in by
using the Microsoft account that is associated with your Azure subscription.

3.

At the top right, click your Microsoft account name, and then click Switch to new portal.

4.

In the Hub vertical menu on the left, click New.

5.

On the New blade, scroll down to and click the SQL Database entry.

6.

In the SQL database blade, in the NAME box, type testDB.

7.

Click the PRICING TIER section, click the B Basic pricing tier, and then click Select.

8.

Click SERVER, and then in the Server blade, click Create a new server.

9.

In the New server blade, enter the following settings, and then click OK:
o

SERVER NAME: Any valid unique name

SERVER ADMIN LOGIN: Student

PASSWORD: Pa$$w0rd

CONFIRM PASSWORD: Pa$$w0rd

LOCATION: Any available region

10. In the SQL database blade, click RESOURCE GROUP, and then in the Resource group blade, click
Create a new resource group.
11. In the Resource group blade, in the NAME box, type testRG, and then click OK.

12. In the SQL database blade, ensure that Add to Startboard is selected, and then click Create. Then
wait for the SQL Database to be created.

Task 2: Configure a SQL Server firewall rule by using Azure portal


1.

In Internet Explorer, switch to the tab containing the Azure portal.

2.

In the service pane on the left, click SQL DATABASES, and then verify that the testDB database you
created in the new portal is listed.

3.

On the sql databases page, click SERVERS, and then verify that the uniquely named server you
created in the previous task is listed.

4.

Click the server name, and then click CONFIGURE.

5.

Note the CURRENT CLIENT IP ADDRESS, and click the ADD TO THE ALLOWED IP ADDRESSES
icon. At the bottom of the page, click Save.

Microsoft Azure Databases

MCT USE ONLY. STUDENT USE PROHIBITED

L6-22

6.

Click the new allowed ip addresses entry and change it to a more descriptive name that will allow
you to identify it in the future.

7.

At the bottom of the page, click SAVE.

Results: After completing this exercise, you should have created a Microsoft Azure SQL Database named
testDB on a new server with a name of your choice. You will have also configured Microsoft SQL Server
firewall rules in Azure, which allow connectivity from your on-premises management tools and
applications to the newly created SQL database in Azure.

Exercise 2: Add Data to a SQL Database in Azure by Using SQL Server


Management Studio
Task 1: Add a table to a SQL database in Azure by using SQL Server Management
Studio
1.

On your classroom computer, start SQL Server Management Studio, and in the Connect to Server
dialog box, specify the following settings (replacing server_name with the unique name you specified
when creating your SQL Database server), and then click Connect:
o

Server type: Database Engine

Server name: server_name.database.windows.net

Authentication: SQL Server Authentication

Login: Student

Password: Pa$$w0rd

2.

In SQL Server Management Studio, in Object Explorer, under the server name, expand Databases,
and then verify that the testDB database is listed.

3.

Expand the testDB database, right-click its Tables folder and then click New Table.

Note: This opens a Transact-SQL template that you can use to create a table. SQL Server
Management Studio has no graphical tools for creating SQL database objects in Azure.
4.

Replace all Transact-SQL code in the template with the following code.
CREATE TABLE dbo.testTable
(
id integer identity primary key,
dataval nvarchar(50)
);
GO

5.

On the toolbar, in the Available Databases list, ensure that testDB is selected, and then click
Execute.

6.

In Object Explorer, expand the Tables folder and verify that dbo.testTable is listed (if not, right-click
Tables and click Refresh).

7.

Leave the SQL Server Management Studio open for the next task.

Task 2: Add data to a table of a SQL database in Azure by using SQL Server
Management Studio
1.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals

L6-23

Click New Query and enter the following Transact-SQL code in the new query pane. This code inserts
100 rows containing automatically generated globally unique identifier (GUID) values into the table.
INSERT INTO dbo.testTable
VALUES
(newid());
GO 100

2.

On the toolbar, in the Available Databases list, ensure that testDB is selected. Click Execute.

3.

Leave the SQL Server Management Studio open for the next task.

Task 3: Query a table of a SQL database in Azure by using SQL Server Management
Studio
1.

In Object Explorer, right-click dbo.testTable, point to Script Table as, point to SELECT To, and then
click New Query Editor Window. This generates a Transact-SQL query that retrieves data from the
table.

2.

On the toolbar, in the Available Databases list, ensure that testDB is selected, and then click
Execute.

3.

View the query results and verify that a table of id and dataval values is returned.

4.

Close SQL Server Management Studio and Internet Explorer.

Results: After completing this exercise, you should have created a test table in the SQL database in Azure
named testDB on an existing SQL Server in Azure with a name of your choice, populated it with sample
data, and queried its content.

MCT USE ONLY. STUDENT USE PROHIBITED

MCT USE ONLY. STUDENT USE PROHIBITED


L7-25

Module 7: Azure Active Directory

Lab: Create Users in Azure Active Directory


Exercise 1: Create an Azure AD Directory
Task 1: Create an Azure AD directory
1.

Start Internet Explorer, browse to http://azure.microsoft.com, click Portal, and sign in by using the
Microsoft account that is associated with your Azure subscription.

2.

In the navigation panel on the left, click ACTIVE DIRECTORY.

3.

Click +NEW.

4.

Click DIRECTORY.

5.

Click CUSTOM CREATE.

6.

In the Add directory dialog box, enter the following settings, and then select the Complete check
box:
o

DIRECTORY: Create new directory

NAME: Adatum

DOMAIN NAME: Use the same name as the NAME field + random numbers (e.g.
adatum123456); if you see a The domain is not unique message, change the numbers until you
see a green checkmark.

COUNTRY OR REGION: United States

Results: After completing this exercise, you will have created a new Microsoft Azure Active Directory
(Azure AD) directory by using Azure Portal.

Exercise 2: Create Users in Azure Active Directory


Task 1: Create users in an Azure AD directory
1.

Click Adatum.

2.

Click USERS.

3.

Click ADD USER.

4.

In the Tell us about this user dialog box, enter the following settings, and then click Next:

5.

TYPE OF USER: New user in your organization

USER NAME: deanna

In the user profile dialog box, enter the following settings, and then click Next:
o

FIRST NAME: Deanna

LAST NAME: Ball

DISPLAY NAME: Deanna Ball

Azure Active Directory

ROLE: User

Enable Multi-Factor Authentication: Not selected

6.

Click create.

7.

On the Get temporary password page, note the value for NEW PASSWORD; as a backup, in the
SEND PASSWORD IN EMAIL box, type the email address of your Azure subscription.

8.

Select the Complete check box.

9.

Click ADD USER.

10. In the Tell us about this user dialog box, enter the following settings, and then click Next:
o

TYPE OF USER: New user in your organization

USER NAME: kari

11. In the user profile dialog box, enter the following settings, and then click Next:
o

FIRST NAME: Kari

LAST NAME: Tran

DISPLAY NAME: Kari Tran

ROLE: Global Administrator

ALTERNATE EMAIL ADDRESS: type the email address of your Azure subscription

Enable Multi-Factor Authentication: Not selected

12. Click create.


13. On the Get temporary password page, note the value for NEW PASSWORD; as a backup, in the
SEND PASSWORD IN EMAIL box, type the email address of your Azure subscription.
14. Click Complete (check mark).

Task 2: Add a Microsoft account to an Azure AD directory


1.

Click ADD USER.

2.

In the Tell us about this user dialog box, enter the following settings, and then click Next:

3.

4.

TYPE OF USER: User with an existing Microsoft account

USER NAME: type the name of an existing Microsoft account that the instructor provided

In the user profile dialog box, enter the following settings, and then click Next:
o

FIRST NAME: Leave blank

LAST NAME: Instructor

DISPLAY NAME: Instructor

ROLE: User

Click the checkmark in the lower right corner of the user profile dialog box.

MCT USE ONLY. STUDENT USE PROHIBITED

L7-26

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals

L7-27

Task 3: Configure a user account as a Global Administrator of an Azure AD directory


1.

In the Adatum directory, on the USERS tab, in the DISPLAY NAME column, click the Instructor
entry.

2.

Make sure that the content of the PROFILE tab is displayed. Scroll down to the role section.

3.

In the ORGANIZATIONAL ROLE list box, select Global Administrator.

4.

Click SAVE.

5.

Click the left arrow in the navigation pane to return to the main page of the Adatum Azure AD
directory.

Task 4: View Azure AD directory users and administrators


1.

Ensure that the USERS tab of the Adatum Azure AD page is selected.

2.

Note that this allows you to view the list of user display names, user names, and the account type,
which in our case, should include Windows Azure Active Directory or Microsoft Account.

3.

To view all members of built-in Azure AD organizational roles, click MANAGE MULTI-FACTOR
AUTH.

4.

If prompted to sign-in, on the Sign-in page, sign in by using the Microsoft account that is associated
with your Azure subscription.

5.

On the multi-factor authentication page, note that, by default, you can see all Sign-in allowed
users.

6.

In the View drop-down list, select Global Administrators.

7.

Verify that you can see all users that have been assigned the Global Administrator role.

8.

Close Internet Explorer.

Results: After completing this exercise, you will have used Azure Portal to create an Azure AD directory
user account, add a Microsoft Account to Azure AD directory and configure it as a Global Administrator,
and view the results of these actions.

MCT USE ONLY. STUDENT USE PROHIBITED

MCT USE ONLY. STUDENT USE PROHIBITED


L8-29

Module 8: Microsoft Azure Management Tools

Lab: Using Microsoft Azure Management


Tools
Exercise 1: Use the Azure PowerShell Modules
Task 1: Install the Windows PowerShell Azure module
1.

If necessary, sign in to your local computer.

2.

Open Internet Explorer and navigate to http://azure.microsoft.com/en-us/downloads/.

3.

On the Downloads webpage, under Command-line tools, locate Windows PowerShell.

4.

Beneath Windows PowerShell, click Install.

5.

When prompted Do you want to run or save WindowsAzurePowerShell.3f.3f.3fnew.exe, click


Run.
Note: The actual filename might vary.

6.

If prompted by User Account Control, click Yes.

7.

In the Web Platform Installer 5.0 Wizard, click Install.

8.

In the Web Platform Installer 5.0 dialog box, click I Accept.

9.

When the installation is complete, click Finish. Leave the Web Platform Installer 5.0 window open.

Task 2: Connect to your Azure subscription


1.

On the task bar, right-click Windows PowerShell and click Run ISE as Administrator. Click Yes
when prompted.

2.

In the PowerShell ISE, in the command prompt pane, enter the following command to add an Azure
account to the local PowerShell environment.
Add-AzureAccount

3.

When prompted, sign in by using the Microsoft account associated with your Azure subscription.

Task 3: Use Azure PowerShell Cmdlets


1.

In the Windows PowerShell ISE, in the command prompt pane, enter the following command to view
the Azure accounts in your local Windows PowerShell environment, and verify that your account is
listed:
Get-AzureAccount

2.

Enter the following command to view the subscriptions that are connected to the local PowerShell
session, and verify that your subscription is listed.
Get-AzureSubscription

Microsoft Azure Management Tools

Note: If you have more than one subscription, you must select the Azure Pass subscription.
Run the following command:
select-azuresubscription -subscriptionName "Azure Pass"
3.

Enter the following command to create a new website. Substitute the #### with a random number.
New-AzureWebsite MySite####

4.

MCT USE ONLY. STUDENT USE PROHIBITED

L8-30

Enter the following command to view your new website. Substitute the #### with the number you
used in step 3.
get-AzureWebsite MySite####

5.

Do not close the Windows PowerShell ISE.

6.

In Internet Explorer, open a new tab and browse to http://azure.microsoft.com, click Portal, and
then sign in using the Microsoft account that is associated with your Azure subscription.

7.

In the navigation pane on the left, click WEBSITES, and verify that your new website has been created.

8.

Close the portal tab, but leave Internet Explorer open.

Results: After you complete this exercise, you will have successfully installed and used the Windows
PowerShell module for Microsoft Azure.

Exercise 2: Use the Azure Cross-Platform Command-Line Interface


Task 1: Install the Microsoft Azure Cross-platform command-line tools
1.

Switch to the Web Platform Installer 5.0 window.

Note: If you accidentally closed the Web Platform Installer 5.0 window, switch to Start, and
then click Web Platform Installer 5.0.
2.

In the list, next to Microsoft Azure Cross-platform Command Line Tools, click Add, and then click
Install.

3.

In the Web Platform Installer 5.0 dialog box, click I Accept.

4.

When the installation has completed, click Finish.

5.

In the Web Platform Installer 5.0 window, click Exit.

Task 2: Use the Microsoft Azure cross-platform command-line tools


1.

Switch to Administrator: Windows PowerShell ISE.

2.

At the command prompt, type the following command, and then press Enter. This command
downloads the credentials needed to connect to your Azure subscription.
Azure account download

Note: If you are prompted, sign in to your Azure subscription.

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft Azure Fundamentals

L8-31

3.

Internet Explorer is opened and you are prompted to download a file. This is your published settings
file. Click the down arrow next to Save, and then click Save As.

4.

In the Save As dialog box, in the navigation pane, double-click Local Disk (C:), double-click
Labfiles, and then click Save.

5.

Switch to Administrator: Windows PowerShell ISE.

6.

At the command prompt, type the following command. This command imports the credentials
needed to connect to your Azure subscription.

Note: When you type C:\labfiles\, Intellisense prompts you to select a file. Click the file you
created earlier and press Tab.
Azure account import C:\labfiles\

7.

Press Enter to complete the import command.

8.

At the command prompt, type the following command, and then press Enter.
Azure site list

9.

At the command prompt, type the following command, and then press Enter. Substitute the ####
with the number you used in the last lesson to create your website.
Azure site stop MySite####

10. At the command prompt, type the following command and then press Enter. Substitute account for
the credentials you use to connect to your Azure subscription.
Azure logout account

Note: If you receive an error, continue.


11. Close all open windows and applications.

Results: After completing this exercise, you will have successfully installed and used the Microsoft Azure
cross-platform command-line tools.

MCT USE ONLY. STUDENT USE PROHIBITED