Professional Documents
Culture Documents
q Where to start ?
q https://azure.microsoft.com/free/
q Exam Time
q 60 minutes
q Exam Cost
q $99 USD* (based on the country where exam is taken)
l i ty Sca
ta bi la ble
da p –
y, A Microsoft Azure up
i c i t o rd
a st ow
E l n
Traditional Traditional
Server Server
Database
Pay-as-you-go
Traditional Traditional
Server Server
q Questions:
q How are these different ? Which should I choose ?
q Where is the data stored ?
q Do I need my current on-premises infrastructure ?
q Where will my Apps run ?
Virtual Machine
App Service
q With SaaS you do not have to think about how the service is
maintained or how the underlying infrastructure is managed;
you only need to think about how you will use the App
Office365 Gmail
YOU LEASE THE CAR = IaaS YOU GET THE BUS = SaaS
Elasticity
Usual Traffic
Unexpected Heavy Traffic
microsoft.com
q Next: what they are & why should we care about it?
q Servers
q Networking
q Storage
q Security
q Balancers
q Etc.
q https://news.microsoft.com/en-gb/2019/04/09/microsoft-has-doubled-size-of-uk-azure-regions-
increasing-compute-capacity-by-more-than-1500-as-country-embraces-digital-transformation/
Microsoft Azure Fundamentals
Azure Cloud Global Infrastructure
Europe Regional Pair: North Europe Region <-> West Europe Region
North Europe West Europe
min. 300 miles
q https://azure.microsoft.com/en-us/global-infrastructure/government/
Microsoft Azure Fundamentals
Azure China
Azure China Overview
q Microsoft Azure operated by 21Vianet (Azure China) is a
physically separated instance of cloud services located in
China
q https://docs.microsoft.com/en-us/azure/china/overview-operations
Microsoft Azure Fundamentals
Module 2 – Azure Cloud Introduction
Subscriptions and Management Groups in Azure
Azure Subscriptions
Azure Subscription Overview
q An Azure subscription is a logical unit of Azure services that
links to an Azure account
Azure Account
Subscription
q 3. Billing purposes
q Costs are aggregated at the subscription level
q 4. Subscription limits
q Default, 10 vCPU / subscription; increase hard limits
Microsoft Azure Fundamentals
Azure Subscriptions Offers
q Multiple options exist to purchase and use Azure, starting from
free, up to Enterprise agreements
q Pay-As-You-Go
q Pay for what you use, credit card attached
Per Department
Management Group Subscription #1 Subscription #2
Resource Groups
Resources
q Azure Portal
q Azure Command Line Interface (CLI)
q Azure PowerShell module
q Azure Cloud Shell
q Azure SDKs
q Azure Mobile app
Per Department
Management Group Subscription #1 Subscription #2
Resource Groups
Resources
q Azure Portal
q Azure Command Line Interface (CLI)
q Azure PowerShell module
q Azure Cloud Shell
q Azure SDKs
q Azure Mobile app
CPU RAM
HDD NIC
Infrastructure Infrastructure
i.e. Laptop, server in DC
CPU RAM
HDD NIC
SSH
10.0.1.Y
vNET INTERNET
Public IP
10.0.1.X
10.0.1.0/24 SUBNET 1
10.0.0.0/16
Virtual Network
q Fault domains
q different racks of servers
q prevents app outage in case of unplanned maintenance
events (i.e. power or hw failure)
Rack Rack
UD #1 Availability Set UD #2
UD #3 Availability Set UD #4
https://portal.azure.com
q Communication is encrypted
SSH
SSH PUTTY
Mac OS
Linux OS
Windows OS < 10
Windows OS >= 10
SSH
INTERNET
Public IP
10.0.0.4
10.0.0.0/24 SUBNET1
10.0.0.0/16
AZ-104 vNET - Virtual Network
SSH
INTERNET
Public IP
10.0.0.4
10.0.0.0/24 SUBNET1
10.0.0.0/16
AZ-900 vNET - Virtual Network
HOME WI-FI
UDEMY.COM
GOOGLE.COM
FACEBOOK.COM
q 192.168.0.10 vs 192.168.0.20
Webserver
INTERNET
1.2.3.4
Virtual Network ?
Subnet
Webserver
NSG
NSG
INTERNET
Virtual Network
Subnet
Webserver
NSG
INTERNET
1.2.3.4
NSG
Virtual Network
HTTP
NSG
INTERNET
Public IP
10.0.0.4
10.0.0.0/24 SUBNET1
10.0.0.0/16
AZ-900 vNET
33
06
80
Internal LB
3306 80 HTTP 80
INTERNET
Public LB
306 80
3
Virtual Network
AZ 1
Webserver01
AZ-900 vNET
AZ 1
Webserver01
INTERNET
AZ-900 vNET
AZ 1
Webserver01
INTERNET
AZ-900 vNET
AZ 1
Webserver01
INTERNET
AZ-900 vNET
Hardware Equipment
Memory optimized • Relational DB servers • High memory-to-CPU ratio Esv3, Ev3, Easv4, Eav4, Ev4,
• Medium to large caches Esv4, Edv4, Edsv4, Mv2, M,
• In-memory analytics DSv2, Dv2
Storage optimized • Big Data, SQL, NoSQL • High disk throughput and Lsv2
• Data warehousing IO
• Large transactional DB
GPU • Heavy graphics • Single or multiple GPUs NC, NCv2, NCv3, ND, NDv2, NV,
• Deep learning (ML) NVv3, NVv4
HPC • High performance compute • Most powerful CPU HB, HBv2, HC, H
• High-throughput NICs –
RDMA
Subnet
Webserver
NSG
NSG
INTERNET
Virtual Network
Infrastructure Infrastructure
i.e. Laptop, server in DC
q 2. Container access
q 3. Compliant Deployments
q Hypervisor-level security
q Custom sizes
q Persistent storage
ACI
q vNET deployment
q Linux and Windows available
https://portal.azure.com
ACI
q Things to know:
q You are responsible for deployment, scaling,
load balancing, logging, etc.
q Kubernetes doesn’t provided DBs or storage Kubernetes
q A Kubernetes deployment is configured as a cluster:
q one master machine
q one or multiple worker machines = (agent) nodes
Cluster Master
AKS
…
Node #1 Node #2 Node #X
App Service
q 5. DevOps optimized
q Isolated
q runs dedicated VMs on dedicated vNETs App Service
Plan
q Servers but still run the code, but … everything is run behind
the scenes by Azure Cloud
q Trigger examples:
q Respond to data changes
q Run a task on schedule Azure Functions
q Run a function as response to HTTP request
*.avi
*.mp4
EVENT
Azure Functions
CUSTOMER
ACK
Azure Logic Apps
ORDER
NEW CUSTOMER
CUSTOMER
FULFILL CRM Database
q Event-based ?
q “Event” occurs -> take action, do smth. Event Grid
Event Source Event Handler
Resource Resource
Event Grid
Subscribe VM STOP Logic App
START
Event Grid
q https://docs.microsoft.com/en-us/azure/event-grid/overview
Infrastructure Infrastructure
i.e. Laptop, server in DC
q 2. Container access
q 3. Compliant Deployments
q Hypervisor-level security
q Custom sizes
q vNET deployment
ACI
q Linux and Windows available
q Things to know:
q You are responsible for deployment, scaling,
load balancing, logging, etc.
q Kubernetes doesn’t provided DBs or storage Kubernetes
q A Kubernetes deployment is configured as a cluster:
q one master machine
q one or multiple worker machines = (agent) nodes
Cluster Master
AKS
…
Node #1 Node #2 Node #X
App Service
q 5. DevOps optimized
q Trigger examples:
q Respond to data changes
q Run a task on schedule Azure Functions
q Run a function as response to HTTP request
Resource Resource
Event Grid
Subscribe VM STOP Logic App
START
Storage Account
Azure Files
Azure Files
Windows VM 01 Windows VM 02
Storage Encryption
q Data can be replicated within the same DC, across zonal DCs
within the same region or across geographically
separated regions
AZ #1
AZ #1 AZ #2 AZ #3
DATA
DATA
LRS AZ #2 LRS
AZ #1
DATA DATA
DATA DATA
DATA DATA
ZRS LRS
AZ #1
AZ #1 AZ #2 AZ #3
DATA
DATA
ZRS LRS
AZ #1
AZ #1 AZ #2 AZ #3
DATA
DATA
q Standard SSD
q Web servers, light apps, max 750 MB/s & 6000 IOPS
q Premium SSD
q Production workloads, max 900 MB/s & 20.000 IOPS
q Ultra Disks
q IO Intensive apps, 2 TB/s & 160.000 IOPS
Microsoft Azure Fundamentals
Azure Disk Roles
q In Azure, there are currently three main disk roles:
q OS disk
OS
q Temporary disk
q Data disk Temp
Data
q OS disk – pre-installed OS
q Temporary disk – short-term storage
q Data persists a VM reboot
q Power off – data is lost
q Data disk – Persistent data
Storage Account
Disks
Azure Files
OS
Temp
Azure Files
Data
Windows-VM-01 Windows-VM-02
q Automate work
q Multiple tools available for scripting
q i.e. Azure CLI, PowerShell
Storage Account
Azure Files
Azure Files
Windows VM 01 Windows VM 02
q Data can be replicated within the same DC, across zonal DCs
within the same region or across geographically
separated regions
Data
q OS disk – pre-installed OS
q Temporary disk – short-term storage
q Data disk – Persistent data
q Automate work
q Multiple tools available for scripting
q i.e. Azure CLI, PowerShell
q Elastic scale
q From thousands to hundreds of millions of requests/sec
around the globe
Database
Container
Azure Cosmos DB
q Elastic Pool
q Collection of single databases with a shared set of
resources
q Managed instance
q Fully managed instance of SQL Server
q Full SQL server capabilities (vs. Single) Azure SQL DB
Server
Azure PostgreSQL DB
Azure
PostgreSQL DB
q 2. Business continuity
Managed
q 3. Security and compliance Instance
q 4. Management
q https://docs.microsoft.com/en-us/azure/dms/resource-scenario-status
Azure SQL DB
q Elastic Pool
q Collection of single databases with a shared set of
resources
q Managed instance
q Fully managed instance of SQL Server
q Full SQL server capabilities (vs. Single) Azure SQL DB
q Key benefits:
q Built-it high availability
q Pay-as-you-go pricing Azure MySQL DB
q Scaling in just seconds
q Built-in security for data at-rest and in-transit
q Automatic bkp and point-in-time-restore up to 35 days
q Enterprise-grade security and compliance
Microsoft Azure Fundamentals
Azure Database for PostgreSQL
Azure Database for PostgreSQL Overview
q Azure Database for PostgreSQL is a relational database
service based on the community version of open-
source PostgreSQL database engine
Azure DMS
VM VM
VM VM
vNET Peering
VM
INTERNET
LB
Virtual Network
Tunnel
VPN GW ncr ypted
E
VM
INTERNET
Priva
te Co
Express Route nnec
tion
App Service Cosmos DB
Virtual Network
1
Alice 2
5 3
Web Server
Edge Servers
6
Other Users
q ExpressRoute vs VPN ?!
q ExpressRoute connections don't go over the public Internet
network
q Faster speeds, consistent latencies and
higher security
ExpressRoute
Primary Circuit
Router Router Router
Secondary Circuit
Traditional DC
q Metered data
q In is free, out is charged ExpressRoute
q Premium add-on
q More capabilities included: more routes allowed, global
connectivity services
Windows Virtual
Desktop
q Windows 10 multi-session
q New to IoT ? Let’s clarify the concept and the overall setup
within Microsoft Azure Cloud
Azure Sphere
q What if you are managing data from 10.000 trucks ? What about
1 million AC devices ? Or 10m smartphones?
q What do you do with all this data ? You want to analyze it, and
get FAST insights ! Outcome and Results ?
q More and more businesses are relying today on Big Data and
Analytics solutions in order to extract real insights from the
market and drive business in the right direction
q Azure Databricks
q analyze data and generate meaningful insights
It’s a CAT,
I am 80% sure
1 million
Bot Service
Azure Artifacts
q So, by using DevTest Labs, you can easily test the latest versions
of your applications and speed up the process of creating and
terminating the testing environments
Microsoft Azure Fundamentals
Module 7 – Other Azure Core Services
GitHub and GitHub Actions Fundamentals 101
What is Git ?
q Git is an open-source version control system that was started
by Linus Torvalds - who created Linux as well
Tunnel
VPN GW ncr ypted
E
VM
INTERNET
Priva
te Co
Express Route nnec
tion
App Service Cosmos DB
Virtual Network
q ExpressRoute vs VPN ?!
q ExpressRoute connections don't go over the public Internet
network
q Faster speeds, consistent latencies and
higher security
ExpressRoute
q Why ?
q Inbound data transfer to Azure is free, outbound data traffic
is charged!
Windows Virtual
Desktop
It’s a CAT,
I am 80% sure
1 million
q 5 tools to remember:
q Azure Boards, Azure Pipelines, Azure Test Plans, Azure Repos
and Azure Artifacts
Azure Artifacts
q So, by using DevTest Labs, you can easily test the latest versions
of your applications and speed up the process of creating and
terminating the testing environments
Microsoft Azure Fundamentals
Exam Hints!
q Azure DevOps – integrated solution for the deployment of code
Azure Resource
Manager
Azure Portal
Azure Powershell
Azure CLI
APIs or SDKs
Management Groups
Subscriptions
Resource Groups
Resources
q Deployment Orchestration
q Orchestrate the deployment of interdependent resources, so
that they are deployed in the correct order
"resources": [
{
"type": "Microsoft.Storage/storageAccounts", Resource provider - Resource
"apiVersion": "2016-01-01",
"name": "mystorageaccount", Name
"location": "westus", Azure Region
"sku": {
"name": "Standard_LRS" Type of Storage Account - LRS
},
"kind": "Storage", Resource Type - Storage
"properties": {}
}
]
q Example: ProjectAlpha-WebVMs-RG
q http://bit.ly/Microsoft-RG-NamingConvention
Microsoft Azure Fundamentals
Resource Groups – Organizing Principles
q We can organize resources in many ways:
q By environment: RG-Prod, RG-Dev/Ops, RG-Testing
q By resource type: RG-VMs, RG-Storage, RG-VNETs
q By department: RG-IT, RG-Marketing, RG-HR
q By admin type: RG-Owner, RG-Contributor, RG-Reader
q By lifecycle: RG-Project1, RG-Project2
q Billing reports purposes
q Examples:
q Add tag to RGs
q Add tag to resources (Department - Finance) Azure Tags
q Examples:
q Create only B1S VMs (Free Tier)
q Create resources only in “westeurope”
Azure Policy
Conditions Action
- When to enforce - - What to enforce -
Policy Assignment
Policy Applied
q Allowed Locations
q New resources to be deployed in specific locations
Azure Policy
Collection of Single Policy
Policies
q Delete
q Read and Modify a resource, can’t Delete
Azure Locks
q Read-only
q Read a resource, can’t Modify or Delete
q Deployment Orchestration
q Orchestrate the deployment of interdependent resources, so
that they are deployed in the correct order
"resources": [
{
"type": "Microsoft.Storage/storageAccounts", Resource provider - Resource
"apiVersion": "2016-01-01",
"name": "mystorageaccount", Name
"location": "westus", Azure Region
"sku": {
"name": "Standard_LRS" Type of Storage Account - LRS
},
"kind": "Storage", Resource Type - Storage
"properties": {}
}
]
q Common examples:
q Allowed Locations
q Allowed Virtual Machines SKUs
Azure Policy
q Require a tag and its value on resources
Policy Assignment
Policy Applied
Azure Policy
Collection of Single Policy
Policies
q Delete
q Read and Modify a resource, can’t Delete
Azure Locks
q Read-only
q Read a resource, can’t Modify or Delete
Govern Manage
q Azure Government
q Dedicated public cloud for federal and state agencies in USA
q http://bit.ly/Azure-Compliance
Microsoft Azure Fundamentals
Module 9 – Monitoring, Privacy & Compliance
Azure Advisor Fundamentals 101
Azure Advisor Overview
q Azure Advisor helps you follow best practices and optimize
your Azure deployments
q Security
q To detect threats and vulnerabilities
Azure Advisor
q Cost
q Optimize and reduce your overall Azure spending
q Operational Excellence
q Achieve process and workflow efficiency,
resource manageability and deployment
best practices
Azure Advisor
q With Azure Monitor you can understand how your apps are
performing and proactively identify issues affecting them and
the resources they depend on
q Monitor resources and drill into monitoring data with Azure Log
Analytics
q Azure Status
q http://bit.ly/Microsoft-OST
q DPA includes:
q Definitions, general terms related to compliance with laws,
data protection terms
q https://bit.ly/Microsoft-DPA
Customer
Customer’s
Responsibility is is
Responsibility Responsible
Responsibility
Shared !! !
Shared
https://docs.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility
Security Layers
Sensitive Data
Secure Score
Resource security
hygiene
q Free Tier
q Tier limited to assessments and recommendations
q Azure Secure Score
q Standard
q Continuous monitoring, threat detection, etc. Azure
Security Center
https://azure.microsoft.com/en-us/pricing/details/security-center/
q Single-Sign-On (SSO)
q Users can use a single identity (username and password) for
authentication on all company apps
q User management
q Customize and control how your users sign up,
sign in; manage guest users and external
Azure AD
partners, when using your apps
Microsoft Azure Fundamentals
Azure AD Capabilities
q Conditional access to your apps
q Device management
q Manage how your cloud and on-premises devices access
your corporate data
q Examples:
q Assign time-bound access to resources
q Role activation upon approval Azure PIM
q Enforce MFA to activate any role
q Get notifications when privileged roles are activated
Microsoft Azure Fundamentals
Module 10 – Security in Azure Cloud
Multi-factor Authentication Fundamentals 101
MFA Overview
q The main feature of an identity platform is to verify,
or authenticate credentials when a user signs in to a device,
application or service
q Block access
q Grant (allow) access
q May require the user to perform an action; i.e. request
user to perform MFA
Contributor Role
HR RG
User Access
Administrator
RBAC Roles
INTERNET
Azure Firewall
EXAMPLE:
10.0.0.0/16
Virtual Network
q Standard
q Advanced mitigation capabilities over Basic tier
q Can mitigate volumetric attacks, protocol attacks and
application layer attacks
q Price is based on usage, on a monthly basis
Microsoft Azure Fundamentals
DDoS Attack Types
q Volumetric attacks
q The victim is flooded (at the network layer – IP) with a huge
amount of traffic, that seems to be legit
q Protocol attacks
q Attacks target layer 3 and layer 4 protocol stack
q Common example: SYN flood attacks (TCP, layer 4)
q Respond to incidents
q Rapidly and automated protection
Microsoft Azure Fundamentals
Module 10 – Security in Azure Cloud
Azure Dedicated Hosts Fundamentals 101
Dedicated Hosts Overview
q Azure Dedicated Hosts allow you to provision and manage a
physical server within Azure, that is dedicated to your Azure
subscription
q BYOL – Licensing
q Windows and SQL licenses
q Asymmetric encryption
q Public key and private key pair used; both can encrypt, but
you can only decrypt with the “paired key”
q More secure
q Used in HTTPS environments (PKI and certificates)
q Encryption in transit
q Data in transit is the data actively moving from one location
to another; to on-prem DC, through the internet
q Protects the data from outside observers and provides a
mechanism to transmit data securely
Microsoft Azure Fundamentals
Encryption in Azure
q Azure Storage Service Encryption
q Protect data at rest
q Data is automatically encrypted before storing it to Azure
Storage and decrypted before retrieval
q Azure Key Vault – encrypt the actual keys Azure Key Vault
q Free Tier
q Tier limited to assessments and recommendations
q Azure Secure Score
q Standard
q Continuous monitoring, threat detection, etc. Azure
Security Center
https://azure.microsoft.com/en-us/pricing/details/security-center/
q Single-Sign-On (SSO)
q Users can use a single identity (username and password) for
authentication on all company apps
q User management
q Customize and control how your users sign up,
sign in; manage guest users and external
Azure AD
partners, when using your apps
Microsoft Azure Fundamentals
Azure AD Capabilities
q Conditional access to your apps
q Device management
q Manage how your cloud and on-premises devices access
your corporate data
q How many Azure Firewalls would you use to protect 100 VMs
deployed in 10 virtual network? => only one J
q Great advantages on Azure pricing => you get the best value at
every stage of your cloud journey
q Resource type
q Costs are resource-specific
q Resource usage
q Pay for what you use
q Billing zone
q Costs associated to data moving out of Azure DCs
q Data going into Azure DCs is free, outbound data (data
going out) is charged
q Spot Pricing
q Purchase unused compute capacity
q Up to 90% discount vs pay-as-you-go pricing
Microsoft Azure Fundamentals
Cost Reduction Best Practices - Infrastructure
q Run the VM only when needed
q If the VMs are only used during normal office hours (9-18),
schedule automatic shutdown
q https://azure.microsoft.com/en-us/pricing/tco/
Cost M anagement
q Resource type
q Costs are resource-specific
q Resource usage
q Pay for what you use
q Billing zone
q Costs associated to data moving out of Azure DCs
q Data going into Azure DCs is free, outbound data (data
going out) is charged
q Spot Pricing
q Purchase unused compute capacity
q Up to 90% discount vs pay-as-you-go pricing
q Data transfers:
q from on-prem to Azure, over a VPN, is free (inbound)
q from Azure to on-prem, over a VPN is charged (outbound)
q Stopped VMs still generate costs – storage; pay less for VMs
using Azure Reservations
q Two VMs of the same size (i.e. B2S) may generate different
costs in a month period – think storage, data transfer, etc.
Microsoft Azure Fundamentals
Exam Tips !
q Azure Advisor - tool that provides guidance and
recommendations to improve an Azure environment
q SLA includes:
q Introduction – what to expect
q General terms – vocabulary and agreement details
q SLA details – performance commitments
q Example:
q >=2 instances deployed >=2 AZs in the same Azure region,
VM connectivity to min. 1 instance, at least 99.99%
q >=2 instances deployed in same AZ, VM connectivity to min.
1 instance, at least 99.95%
q Single VM with Premium SSD, min. 99.9%
q SLAs also specify what happens when terms are not met
q i.e. run 2 VMs in two different AZs; if uptime <95% then
Service Credit is 100% - No Cost for customer
Composite SLA
q Public preview
q Feature available to all Azure customers
q Public preview
q Feature available to all Azure customers