- Different types of cloud models that are available and the considerations of using those different

models.

- Some of the key terms and concepts such as high availability, agility, elasticity, fault tolerance, and
CapEx vs. OpEx.

- The different cloud services available, the benefits of using the different types, and the management
responsibilities under each service type.

- Cloud models such as public, private and hybrid, and what the key characteristics of each model are.

- The different types of cloud service available: IaaS, PaaS, and SaaS; what the key characteristics of
each service are and when you would choose one over the other.

We have also completed the following quiz session.

1. Which term from the list below would be viewed as benefits of using cloud services?

a.Unpredictable costs

b.Elasticity

c. Local reach only

2. Suppose you have two types of applications: legacy applications that require specialized mainframe
hardware and newer applications that can run on commodity hardware. Which cloud deployment model
would be best for you?

a. Public cloud

b. Private cloud

c. Hybrid cloud

3. You're developing an application and want to focus on building, testing, and deploying. You don't
want to worry about managing the underlying hardware or software. Which cloud service type is best
for you?

a. Infrastructure as a Service (IaaS)

b. Platform as a Service (PaaS)

c. Software as a Service (SaaS)

### Microsoft Azure

Azure is Microsoft's cloud computing platform. Azure provides over 100 services that enable you to do
everything from running your existing applications on virtual machines to exploring new software
paradigms such as intelligent bots and mixed reality.

Here are just a few kinds of services that we can find on Azure:

- Compute services such as VMs and containers that can run your applications

- Database services that provide both relational and NoSQL choices

- Identity services that help you authenticate and protect your users

- Networking services that connect your datacenter to the cloud, provide high availability or host your
DNS domain

- Storage solutions that can accommodate massive amounts of both structured and unstructured data

- AI and machine-learning services can analyze data, text, images, comprehend speech, and make
predictions using data — changing the world of agriculture, healthcare, and much more.

- And many more!

Some more questions to answer (Set 2):

1. What is Azure?

a. Microsoft's cloud computing platform, which provides compute power, storage, and services over
the Internet using a pay-as-you-go pricing model.

b. A single data center located in Redmond, Washington.

c. A hosting environment specifically for virtual machines

2. Which of the following is an example of an Azure application platform?

a. Azure App Service

 b. Azure Load Balancer

c. Azure Table Storage

d. Azure Cache for Redis

3. When should you scale out your deployment?

a. When your application or service requires a more powerful CPU or more memory to run faster.

b. When you need additional virtual machines to speed up your application.

c. When you're using excess capacity that you don't need.

Azure Accounts and Subscriptions

With an Azure account and subscription, you can build, test, and deploy enterprise applications, create
custom web and mobile experiences, and gain insights from your data through machine learning and
powerful analytics.

What is an Azure account?

An Azure account is what you use to sign in to the Azure website and administer or deploy services.
Every Azure account is associated with one or more subscriptions.

An Azure account is tied to a specific identity and holds information like:

- Name, email, and contact preferences

- Billing information such as a credit card

To create and use Azure services, you will need an Azure account. It allows you to build and deploy
cloud-based applications, utilize sophisticated artificial intelligence services, and extract essential
insights from your data.
With an Azure account, you can use a variety of free and paid services to create the next-generation
architecture for your product and users.

What is an Azure Subscription?

Subscriptions are a fundamental part of every IT service, providing a link between a person or
organization, the resources used and payment. Every subscription have a time limit.

An Azure subscription is a logical container used to provision resources in Microsoft Azure. It holds the
details of all your resources like virtual machines, databases, etc.

Subscription Types

Azure offers free and paid subscription options to suit different needs and requirements. The most
commonly used subscriptions are:

- Free

- Pay-As-You-Go

- Enterprise Agreement

- Student

Azure Free Subscription

An Azure free subscription includes a Rs. 13300/- credit to spend on any service for the first 30 days,
free access to the most popular Azure products for 12 months, and access to more than 25 products
that are always free. This is an excellent way for new users to get started. To set up a free subscription,
you need a phone number, a credit card, and a Microsoft account.

Azure Pay-As-You-Go subscription

A Pay-As-You-Go (PAYG) subscription charges you monthly for the services you used in that billing
period. This subscription type is appropriate for a wide range of users, from individuals to small
businesses, and many large organizations as well.

Azure Enterprise Agreement*

Although options such as Pay-as-you-go are great ways to purchase Azure services, there is a better
option for organizations wishing to maximize their investments in the cloud. An EA can save your
organization a considerable amount of money each year. Here are 3 reasons your should consider
switching to an EA:

- Management and Governance

- Discounts

- Enterprise Level Capabilities and Features

An Enterprise Agreement provides flexibility to buy cloud services and software licenses under one
agreement, with discounts for new licenses and Software Assurance. It’s targeted at enterprise-scale
organizations.

1. Management and Governance:

When you sign up for an EA you will receive access to the EA portal, designed to manage subscriptions in
your EA. Since all the subscriptions in your EA rolls up in your portal, you will have a enterprise overview
of all the spending and budgeting related to your organization’s Azure spend. This is a key feature and
ensures that organizational departments adhere to corporate policies around spending.

== 2. Discounts

Generally, EA’s offer considerable discounts over pay-as-you-go subscriptions. An EA will be cost
effective and way more efficient than running the same services as the pay-as-you-go option, under the
right circumstances. Services such as Azure Virtual Machines have a discount rate up to 30%! Taking this
into cons…

== 3. Enterprise Level Capabilities and Features

Azure offers exclusive enterprise only services, such as Azure Active Directory Premium (AAD Premium).
To purchase this service, you will need to have an EA in place.

Azure for Students subscription

An Azure for Students subscription includes $100 in Azure credits to be used within the first 12 months
plus select free services without requiring a credit card at sign-up. You must verify your student status
through your organizational email address.

Using multiple Azure subscriptions

You can create multiple subscriptions under a single Azure account. This is particularly useful for
businesses because access control and billing occur at the subscription level, not the account level.

Access Management

You can create separate subscriptions on your Azure account to reflect different organizational
structures. For example, you could limit engineering to lower-cost resources, while allowing the IT
department a full range. This design allows you to manage and control access to the resources that
users provision within each subscription. These kind of flexibility can be obtained through the Azure EA
Subscription.

Billing

One bill is generated for every Azure subscription on a monthly basis. The payment is charged
automatically to the associated account credit or debit card within 10 days after the billing period ends.
On your credit card statement, the line item would say MSFT Azure.

You can analyze your bill in the Azure portal – this will provide access to all your invoices, as well as a
cost analysis breakdown of what got charged each month.

You can set spending limits on each subscription to ensure you aren’t surprised at the end of the month.
Reports can be generated by subscriptions, if you have multiple internal departments and need to do
“chargeback,” a possible scenario is to create subscriptions by department or project.

Understanding the Azure Enterprise Agreement Hierarchies

Azure Enterprise portal - an online management portal that helps you manage costs for your Azure EA
services. You can:

- Create an Azure EA hierarchy with departments, accounts, and subscriptions.

- Reconcile the costs of your consumed services, download usage reports, and view price lists.

- Create API keys for your enrollment.

## Departments help you segment costs into logical groupings. Departments enable you to set a
budget or quota at the department level.

## Accounts are organizational units in the Azure Enterprise portal. You can use accounts to manage
subscriptions and access reports.
 ## Subscriptions are the smallest unit in the Azure Enterprise portal. They're containers for Azure
services managed by the service administrator.

Enterprise user roles

The following administrative user roles are part of your enterprise enrollment:

- Enterprise administrator

- Department administrator

- Account owner

- Service administrator

Enterprise administrator

Users with this role have the highest level of access. They can:

- Manage accounts and account owners.

- Manage other enterprise administrators.

- Manage department administrators.

- Manage notification contacts.

- View usage across all accounts.

- View unbilled charges across all accounts.

You can have multiple enterprise administrators in an enterprise enrollment.

You can grant read-only access to enterprise administrators.

## Department administrator

Users with this role can:

 - Create and manage departments.

- Create new account owners.

- View usage details for the departments that they manage.

- View costs, if they have the necessary permissions.

You can have multiple department administrators for each enterprise enrollment.

You can grant department administrators read-only access when you edit or create a new department
administrator.

## Account owner

Users with this role can:

- Create and manage subscriptions.

- Manage service administrators.

- View usage for subscriptions.

Each account requires a unique work, school, or Microsoft account.

## Service administrator

The service administrator role has permissions to manage services in the Azure portal and assign users
to the co-administration role.

https://azure.microsoft.com/en-us/support/plans/

What is Azure Virtual Network ?

An Azure Virtual Network (VNet) is a representation of your own network in the cloud. It is a logical
isolation of the Azure cloud dedicated to your subscription. Each VNet you create has its own CIDR block
and can be linked to other VNets and on-premises networks as long as the CIDR blocks do not overlap.
When you create a VNet, your services and VMs within your VNet can communicate directly and
securely with each other in the cloud.
==> Managing Virtual Network in Azure

Some major Azure Virtual Network Components:-

a) Virtual Network

b) IP Address Range

c) Subnets

d) NIC

e) Network Security Group (NSG)

Virtual Network : We can consider it as a dedicated LAN created for our subscription to place the VMs

IPv4 Private IP Address Range:-

Class A : 10.0.0.0/8

Class B : 172.16.0.0/16 to 172.31.0.0/16

Class C : 192.168.0.0/24 to 192.168.255.0/24

IP Address Range : 10.0.0.0/8

You cannot add the following address ranges:

224.0.0.0/4 (Multicast)

255.255.255.255/32 (Broadcast)

127.0.0.0/8 (Loopback)

169.254.0.0/16 (Link-local)

168.63.129.16/32 (Internal DNS)

Subnet : The portion of IP Address that we allocate to our VMs from the IP Address range

Subnet : 10.0.0.0/24

Firt Allocatable IP Address will start from 10.0.0.4/24

10.0.0.0/24 Subnet Id

10.0.0.1/24 Reserved Gateway IP Address

10.0.0.2/24

10.0.0.3/24 Both are reserved for DNS

10.0.0.255/24 Broadcast

NIC : Gets automatically created when we create a VM. Helps that VM to communicate with other VMs
of the same or other subnets, even with VMs from different Virtual Networks.

Network Security Group : Control the inbound traffic for the entire virtual network. A good way for
filtering the traffic. We can further filter the traffic using Firewall.

Inbound trafic = Ingress traffic

Outbount trafic = Egress traffic

NSG Filters Internal traffics

[10:14 PM, 5/30/2020] Apratim Sir Azure: A network security group is a layer of security that acts as a
virtual firewall for controlling traffic in and out of virtual machines (via network interfaces) and subnets.
It contains a set of security rules that allow or deny inbound and outbound traffic using the following 5-
tuple: protocol, source IP address range, source port range, destination IP address range, and
destination port range. A network security group can be associated to multiple network interfaces and
subnets, but each network interface or subnet can be associated to only one network security group.

Security rules are evaluated in priority-order, starting with the lowest number rule, to determine
whether traffic is allowed in or out of the network interfaces or subnets associated with the network
security group. A network security group has separate inbound and outbound rules, and each rule can
allow or deny traffic. Each network security group has a set of default security rules, which allows all
traffic within a virtual network and outbound traffic to the internet. There is also a rule to allow traffic
originating from Azure's load balancer probe. All other traffic is automatically denied. These default
rules can be overridden by specifying rules with a lower priority number.

What is a Virtual Machine ?

A virtual machine is a computer file, typically called an image, which behaves like an actual computer. In
other words, creating a computer within a computer. It runs in a window, much like any other
programme, giving the end user the same experience on a virtual machine as they would have on the
host operating system itself. The virtual machine is sandboxed from the rest of the system, meaning that
the software inside a virtual machine cannot escape or tamper with the computer itself. This produces
an ideal environment for testing other operating systems including beta releases, accessing virus-
infected data, creating operating system backups and running software or applications on operating
systems for which they were not originally intended.

Multiple virtual machines can run simultaneously on the same physical computer. For servers, the
multiple operating systems run side-by-side with a piece of software called a hypervisor to manage
them. Each virtual machine provides its own virtual hardware, including CPUs, memory, hard drives,
network interfaces and other devices. The virtual hardware is then mapped to the real hardware on the
physical machine which saves costs by reducing the need for physical hardware systems along with the
associated maintenance costs that go with it, plus reduces power and cooling demand.

Azure Virtual Machines (VM) is one of several types of on-demand, scalable computing resources that
Azure offers. Typically, you choose a VM when you need more control over the computing environment
than the other choices offer.

An Azure VM gives you the flexibility of virtualization without having to buy and maintain the physical
hardware that runs it. However, you still need to maintain the VM by performing tasks, such as
configuring, patching, and installing the software that runs on it.

### What do I need to think about before creating a VM?

- The names of your application resources

- The location where the resources are stored

- The size of the VM

- The maximum number of VMs that can be created

- The operating system that the VM runs

- The configuration of the VM after it starts

- The related resources that the VM needs

# Naming

A virtual machine has a name assigned to it and it has a computer name configured as part of the
operating system. The name of a VM can be up to 15 characters.

# Locations

All resources created in Azure are distributed across multiple geographical regions around the world.
Usually, the region is called location when you create a VM. For a VM, the location specifies where the
virtual hard disks are stored.

# VM size

The size of the VM that you use is determined by the workload that you want to run. The size that you
choose then determines factors such as processing power, memory, and storage capacity. Azure offers a
wide variety of sizes to support many types of uses.

** Azure charges an hourly price based on the VM’s size and operating system. For partial hours, Azure
charges only for the minutes used. Storage is priced and charged separately.

# VM Limits

Your subscription has default quota limits in place that could impact the deployment of many VMs for
your project. The current limit on a per subscription basis is 20 VMs per region. Limits can be raised by
filing a support ticket requesting an increase

# Operating system disks and images

- Virtual machines use virtual hard disks (VHDs) to store their operating system (OS) and data. VHDs are
also used for the images you can choose from to install an OS.

- Azure provides many marketplace images to use with various versions and types of Windows Server
operating systems and Linux based operating systems. Marketplace images are identified by image
publisher, offer, sku, and version (typically version is specified as latest).
- Only 64-bit operating systems are supported.

# Related resources

The resources in this table are used by the VM and need to exist or be created when the VM is created

Resource Required Description

Resource group Yes The VM must be contained in a resource group

Storage account Yes The VM needs the storage account to store its virtual
hard disks.

Virtual network Yes The VM must be a member of a virtual network.

Public IP address No The VM can have a public IP address assigned to it to

remotely access it

Network interface Yes The VM needs the network interface to communicate in

the network

Data disks No The VM can include data disks to expand storage capabilities

# What are the username requirements when creating a VM?

- Usernames can be a maximum of 20 characters in length and cannot end in a period (".").

- The following usernames are not allowed:

administrator

admin

admin1

admin2
adm

actuser

aspnet

backup

console

david

guest

john

owner

root

sql

sys

server

support

support_388945a0

test

test1

test2

test3

user

user1

user2

user3

user4

user5

123
# What are the password requirements when creating a VM?

- There are varying password length requirements, depending on the tool you are using:

Portal - between 12 - 72 characters

PowerShell - between 8 - 123 characters

CLI - between 12 - 123

- Have lower characters

- Have upper characters

- Have a digit

- Have a special character

- The following passwords are not allowed:

abc@123 iloveyou! P@$$w0rd P@ssw0rd P@ssword123

Pa$$word pass@word1 Password! Password1 Password22

==> Practical 1

Create a Windows Virtual Machine

Subscription : Free Trial

Resource Group : Create New

Name: VM-RG

Location : East US

Virtual Machine Name : WINVM01

Region : East US

Availability Option : None

Image : Windows Server 2019 Datacenter

Size : Standard DS1 v2

User Name : SuperAdmin

Password : C0llecti0n@123

Public Inbound Port : RDP

==> Practical 2

Create a Linux Virtual Machine

Subscription : Free Trial

Resource Group : Use Existing

Name: VM-RG

Location : East US

Virtual Machine Name : linuxvm01

Region : East US

Availability Option : None

Image : Redhat Enterprise Linux 8.1 (LVM)

Size : Standard D2 v3

Authentication Type : Password

User Name : superadmin [ all in lowercase character ]

Password : C0llecti0n@123

Public Inbound Port : SSH

==> Practical 3

- Access Windows Virtual Machine from another Windows System using RDP

- Access Linux Virtual Machine from another Windows System using Putty

- Access Windows Virtual Machine from another Linux Machine with GUI using xfreerdp

xfreerdp –g 800x600 –u superadmin 10.10.1.4

- Access Linux Virtual Machine from another Linux Machine using ssh

https://azure.microsoft.com/en-in/pricing/details/virtual-machines/series/