Microsoft Certified Associate: Azure

Administrator AZ-104
Deploy and Manage Azure Compute
Resources
 A Day in the Life of an Azure Architect

As an Azure Administrator responsible for managing the servers that

run all of the company’s infrastructure for web to database servers,
the accountability for deploying the new virtual machines comes into
role. The preparation tasks can embrace properly filling the machines,
choosing storage, and configuring networking.

It is often difficult to manage virtual machines at scale, particularly

once usage patterns vary and demands on applications fluctuate.
Anyone would like to be able to regulate their virtual machine
resources to match demands. At an equivalent time, a user would like
to stay the virtual machine configuration consistent to confirm
application stability.

Users will be accountable to manage the platform as a service choice,

such as Azure app service and Azure Kubernetes service.
 Learning Objectives

By the end of this lesson, you will be able to:

Create and manage virtual machines

Create and configure an app service

Create and configure Azure containers

Configure virtual machine extensions

Administer Virtual Machines
 Cloud Services Responsibilities

Virtual machines are part of the Infrastructure as a Service (IaaS) providing. IaaS is a rapid
computing infrastructure, provisioned and managed over the Internet. Quickly scale up and
down with demand and pay only for what the user employs.

IaaS Business Scenarios

On-
Responsinility SaaS PaaS IaaS prem

Information and data

Devices (Mobile and PCs)

Test and development
Accounts and identities

Identity and directory infrastructure

• Website hosting
Applications
• Storage, Backup, and Recovery
Network controls

Operating system • High-performance computing

Physical hosts

Physical network
• Big data analysis
Physical datacenter
• Extended data center
Microsoft Customer

Source: https://docs.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility
 Plan Virtual Machines

Azure Virtual Machines give an operating system, storage, and networking

capabilities and might run a very wide range of applications.

• Start with the network

• Name the virtual machine

Choose a location:
• Each region has completely different hardware and service capabilities
• Locate virtual machines as near as possible to the users to ensure
compliance and legal obligations

Consider pricing:
• Compute prices
• Storage prices (consumption-based and reserved instances)
 Determine Virtual Machine Sizing

Azure provides VM size choices with varying mixture of work out, memory, and storage,
the users may choose from.

Type Description

Balanced CPU-to-memory ratio. Ideal for testing and development,

General purpose
small to medium databases, and low to medium traffic web servers.

High CPU-to-memory ratio. Good for medium traffic web servers,

Compute optimized
network appliances, batch processes, and application servers.

High memory-to-CPU ratio. Great for relational database servers,

Memory optimized
medium to large caches, and in-memory analytics.
 Determine Virtual Machine Sizing

Type Description

High disk throughput and IO ideal for Big Data, SQL, NoSQL databases,
Storage optimized
data warehousing and large transactional databases.

Specialized virtual machines targeted for heavy graphic rendering and

GPU video editing, as well as model training and inferencing (ND)
with deep learning. Available with single or multiple GPUs.

High performance Our fastest and most powerful CPU virtual machines with optional
compute high-throughput network interfaces (RDMA).
 Determine Virtual Machine Storage

Each Azure VM has two or more disks:

Azure VM (Windows) • OS disk
• Temporary disk (contents can be lost)
• Data disks (optional)

C:\ D:\ F:\

OS and data disks reside in Azure Storage accounts:
OS disk Temporary disk Data disk
• Azure-based storage service
• Standard (HDD, SSD) or Premium (SSD), or
Ultra(SSD)

When creating an Azure VM, user would be able to

select between:
• Managed disks (recommended)
Azure blob
• Unmanaged disks
Source: https://docs.microsoft.com/en-us/azure
 Create Virtual Machines in the Portal

Basic requirements to create VM in the portal include:

Basic (required): Project details, administrator

account, inbound port rules

Disks: OS disk type, data disks

Networking: Virtual networks, load balancing

Management: Monitoring, auto-shutdown,

backup

Advanced: Add additional configuration, agents,

Scripts, or applications
Source: https://docs.microsoft.com/en-us/azure
Creating Virtual Machine from Azure Portal

Duration: 10 Min.

Problem Statement:

Create Virtual machine and configure these virtual machines using Azure Portal.
 Assisted Practice: Guidelines

Steps to create an Azure virtual machine:

1. Go to Azure portal
2. Locate virtual machine blade
3. Create a virtual machine
Create Virtual Machine Using Azure CLI

Duration: 10 Min.

Problem Statement:

Create Virtual machine and configure these virtual machines using Azure CLI.
 Assisted Practice: Guidelines

Steps to create a virtual machine using Azure CLI:

1. Use az login command to log in to Azure account
2. Run az vm create command to create the VM
 Connect to Virtual Machines

There are many ways to access virtual machines in Azure:

• Bastion Subnet for RDP/SSH through the Portal over SSL
• Remote Desktop Protocol for Windows-based Virtual Machines
• Secure Shell Protocol for Linux-based Virtual Machines

Source: https://docs.microsoft.com/en-us/azure/bastion/bastion-overview
 Connect to Windows Virtual Machines

Strategies users use to accomplish unit OS-specific problems, include:

Remote Desktop Protocol (RDP) creates

GUI session and accepts inbound traffic
on TCP port 3389

WinRM creates a command-line session

so can run scripts

Source: https://docs.microsoft.com/en-us/azure/bastion/bastion-overview
Connect to a Windows Virtual Machine

Duration: 10 Min.

Problem Statement:

Connect windows based virtual machine using Remote desktop protocol (RDP) on port 3389.
 Assisted Practice: Guidelines

Steps to connect to Windows virtual machine:

1. Go to Virtual machine blade
2. Select the VM
3. Click Connect
4. Download the RDP file
5. Log in using the admin username and admin password
provided during the VM creation
 Connect to Linux Virtual Machines

About nursing SSH public key:

• It is required to authenticate with an SSH public key or password.

• SSH is an encrypted connection protocol that allows secure logins over unsecured connections.

• There are public and private keys.

Connect to a Linux Virtual Machine

Duration: 10 Min.

Problem Statement:

Connect Linux-based virtual machine using Secure Shell (SSH) on port 22.
 Assisted Practice: Guidelines

Steps to connect to Linux virtual machine:

1. Log in to cloud shell
2. Create SSH key pair
3. Use the public key while creating the vm
4. Connect to VM
Explore Other VM Images

Duration: 10 Min.

Problem Statement:

Explore the images available to create a virtual machine in Azure Marketplace.

 Assisted Practice: Guidelines

Steps to explore VM images:

1. Log in to Azure cloud shell
2. Use az vm image list
 Plan for Maintenance and Downtime

Situations impacting the virtual machine in Azure include:

Unplanned Hardware Unexpected Planned

Maintenance Downtime Maintenance

When the platform Unexpected Downtime Planned Maintenance

predicts a failure, it will
issue an unplanned
hardware maintenance
event.
Action: Live migration
is when a virtual machine events are periodic
fails unexpectedly. updates made to the
Azure platform.
Action: Automatically
migrate (heal) Action: No action
 Setup Availability Sets

Availability Sets are essential to build reliable cloud solutions. General principles include:
• Configure multiple Virtual Machines in an Availability Set.
• Configure each application tier into separate Availability Sets.
• Combine a Load Balancer with Availability Sets.
• Use managed disks with the Virtual Machines.
 Update and Fault Domains

Each virtual machine in the availability set has an update domain and fault domain assigned to ensure
high availability and redundancy.

Fault Domain Fault Domain Update domains allow Azure to perform

Rack Rack incremental or rolling upgrades across a
Virtual Machine Virtual Machine deployment. During planned maintenance,
only one update domain is rebooted at a time.
IIS 1 Web Availability Set IIS 2

Virtual Machine Virtual Machine Fault Domains are a group of Virtual Machines
that share a common set of hardware and
SQL 1 SQL Availability Set SQL 2
switches, that share a single point of failure.
VMs in an availability set are placed in at least
two fault domains.

Source: https://docs.microsoft.com/en-us/azure
 Availability Zones

Considerations for availability zones to protect applications and data from datacenter failures include:

• Unique physical locations in a region

• Includes datacenters with independent power,

cooling, and networking

• Protects from datacenter failures

• Combines update and fault domains

• Provides 99.99% SLA​

Source: https://docs.microsoft.com/en-us/azure
 Vertical Scaling Vs. Horizontal Scaling

• Vertical scaling (scale up and scale down) is

the process of increasing or decreasing power
to a single instance of a workload, usually
manual​.

• Horizontal scaling (scale out and scale in) is

the process of increasing or decreasing the
number of instances of a workload. It is
frequently automated.

Source: https://docs.microsoft.com/en-us/azure
 Implement Scale Sets

The benefits of the Scale set are:

• Scale sets deploy a set of identical VMs.
• No pre-provisioning of VMs is required.
• As demand goes up, VMs are added.
• As demand goes down, VMs are removed.
• The process can be manual, automated, or a combination of both.

Source: https://docs.microsoft.com/en-us/azure
Create Scale Sets

Consider the following parameters when

creating a scale set:

• Instance count: Number of VMs in the

scale set (0 to 1000)

• Instance size: The size of each virtual

machine in the scale set

• Azure Spot instance: Unused capacity

at a discounted rate

• Use managed disks

• Enable scaling beyond 100 instances

Create Scale Sets

Duration: 10 Min.

Problem Statement:

Create the Virtual machine Scale Set that will be flexible enough to adjust the instance count
based on load.
 Assisted Practice: Guidelines

Steps to create Scale Sets:

1. Locate virtual machine scale set service in the Azure portal
2. Select create
3. Provide necessary details to create the scale set
 Implement Autoscale

Autoscale benefits:
• Define rules to automatically adjust capacity
• Scale out (increase) the number of VMs in the set
• Scale in (reduce) the number of VMs in the set
• Schedule events to increase or decrease at a fixed time
• Reduces monitoring and optimizes performance

Min = 2 +/- VMs as needed Max = 5

VM VM VM VM VM

3 currently running

Source: https://docs.microsoft.com/en-us/azure
 Configure Autoscale

Autoscale can be enabled while creating a scale set, along with defining a minimum,
maximum, and default number of VM instances.

• Define a minimum, maximum, and

default number of VM instances

• Create more advanced scale sets with

scale out and scale in parameters
Configure Autoscaling

Duration: 05 Min.

Problem Statement:

Configure the autoscaling in the Virtual Machine Scale Set so that, based on this setting, the
scale set will automatically scale in and scale out.
 Assisted Practice: Guidelines

Steps to configure Autoscaling :

1. Sign in to Azure portal
2. Locate the scale set created
3. Choose scaling from the menu to enable autoscaling
Implement Custom Script Extensions

Features of Custom Script Extensions:

• Extension scripts can be simple or complex.

• Extensions have 90 minutes to run.

• Double check the dependencies to ensure

availability.

• Account for any errors that might occur.

• Protect or encrypt sensitive information.

Install Software on the VM

Duration: 20 Min.

Problem Statement:

Install the software on the virtual machine with the help of a custom script extension.
 Assisted Practice: Guidelines

Steps to install software on VM:

1. Connect to the Windows VM
2. Verify the web server feature is available
3. Create a PowerShell script to install the web server service
4. Configure extension in the portal to run the script
Query System and Runtime Information About the VM

Duration: 15 Min.

Problem Statement:

Query the system and runtime information about the VM to get information about the Virtual
Machine.
 Assisted Practice: Guidelines

Steps to query the system and runtime information about the VM:
1. Login to cloud shell
2. Use az vm list command to list the vms defined in the Azure
subscription
3. Run az vm show command to fetch the detailed vm
information
Create and Configure an App Service
 Implement Azure App Service Plans

Features of App Service plan:

• Defines a set of compute resources for a web app to run

• Determines performance, price, and features

• Configures one or more apps to run in the same App Service plan

• Segregates regions where compute resources will be created

• Decides number of virtual machine instances

• Gives the size of virtual machine instances

 Determine App Service Plan Pricing

The pricing tier of an App Service plan decides the features and payment details.

Shared compute
Dedicated compute Isolated
(Free and Shared). Run apps
(Basic, Standard, Premium). Runs apps on dedicated Azure
on the same Azure VM as other
Run apps in the same plan in VMs in dedicated Azure virtual
App Service apps, and the
dedicated Azure VMs. networks.
resources cannot scale out.
 Determine App Service Plan Pricing

Isolated
Basic Standard Premium
Shared (high-performance,
Selected Features Free (dedicated (production (enhanced scale
(dev/test) security and
dev/test) workloads) and performance)
isolation)
Web, mobile, or API
10 100 Unlimited Unlimited Unlimited Unlimited
apps
Disk space 1 GB 1 GB 10 GB 50 GB 250 GB 1 TB
Auto Scale – – – Supported Supported Supported
Deployment Slots 0 0 0 5 20 20
Max Instances – – Up to 3 Up to 10 Up to 30 Up to 100
 Scaling Up the App Service Plan

Scale up (change the App Service plan): Scale out (increase the number of VM instances):
• More hardware (CPU, memory, disk) • Manual (fixed number of instances)
• More features (dedicated virtual machines, • Auto scale (based on predefined rules and
staging slots, autoscaling) schedules)

Source: https://docs.microsoft.com/en-us/azure
 Configure App Service Plan Scaling

Autoscale has the right amount of resources running to handle the load on the
application. Below are a few features:

• Adjusts available resources based on the current demand

• Improves availability and fault tolerance
• Scale based on a metric (CPU percentage, memory percentage, HTTP requests)
• Scales according to a schedule (weekdays, weekends, times, holidays)
• Implements multiple rules: Combine metrics and schedules

Source: https://docs.microsoft.com/en-us/azure
Scale up App Service

Duration: 05 Min.

Problem Statement:

Configure the autoscaling in an App Service so that based on this setting the scale set will
automatically scale in and scale out.
 Assisted Practice: Guidelines

Steps to scale up the App Service :

1. Sign in to Azure portal
2. Navigate to app service app page
3. Select scale up option
 Implement Azure App Service

Reasons to use App Services:

• Includes web apps, API apps, mobile apps, and function apps

• Manages environment enabling high productivity development

• Platform-as-a-service (PaaS) offers for building and deploying highly available cloud
apps for web and mobile

• Handles infrastructure so developers focus on core web apps and services

• Provides developer productivity using .NET, .NET Core, Java, Python, and a host of
others

• Provides enterprise-grade security and compliance

Source: https://docs.microsoft.com/en-us/azure
Deploy code to App service

Duration: 10 Min.

Problem Statement:

Deploy the code to App Service and test the application after deployment.
 Assisted Practice: Guidelines

Steps to deploy the code to app Service :

1. Create an app service plan
2. Create an app service
3. Deploy the sample application
4. Test the web app
 Explore Continuous Integration and Deployment

About Continuous Integration and Deployment:

Continuous Deployment • It connects the web app with any of the single-
source control and the App service auto-syncs
the code into the web app.

Developer 1
• Whenever code updates are pushed to the
source control, then the website or web app
will automatically pick up the updates.
GitHub Website

Or similar single source control • A continuous deployment workflow publishes

Developer 2 the most recent updates from a project.

• Azure portal provides continuous deployments

from GitHub, Bitbucket, or Azure DevOps.

Source: https://docs.microsoft.com/en-us/azure
 Create Deployment Slots

Service Plan Slots

Free, Shared, Basic 0 Using separate staging and production slots

has several advantages:
Standard Up to 5
• Deploy to different deployment slots
Premium Up to 20 (depends on service plan).
Isolated Up to 20 • Validate changes before sending to
production.
Continuous Deployment
• Deployment slots are live apps with their
hostnames.
Developer 1 • Avoid a cold start – eliminates downtime.

• Fallback to a last known good site.

GitHub Website
• Auto Swap when pre-swap validation is
Or similar single source control
not needed.
Developer 2

Source: https://docs.microsoft.com/en-us/azure
 Add Deployment Slots

Features and types of Deployment Slots:

• When selecting whether to clone an app configuration from another deployment slot, pay
attention to the settings
• Slot-specific app settings and connection strings
• Continuous deployment settings
• App Service authentication settings
• Not all settings are sticky (endpoints, custom domain names, SSL certificates, and scaling)
• Review and edit settings before swapping

Source: https://docs.microsoft.com/en-us/azure
Secure an App Service

Authentication

• Enable authentication: Default anonymous

• Log in with a third-party identity provider

Security

• Troubleshoot with Diagnostic Logs: Failed

requests, app logging

• Add an SSL certificate: HTTPS

• Define a priority ordered allow or deny list to

control network access to the app

• Store secrets in the Azure Key Vault

 Create Custom Domain Names

To create a web app:

• Redirect the default web app URL
• Validate the custom domain in Azure
• Use the DNS registry for the domain provider: Create a CNAME or A record with the mapping
• Ensure App Service plan supports custom domains
Backup an App Service

Tips to backup an App Service:

• Create app backups manually or on a schedule
• Backup the configuration, file content, and database connected
to the app
• Requires Standard or Premium plan
• Backups can be up to 10 GB of app and database content
• Configure partial backups and exclude items from the backup
• Restore app on-demand to a previous state,
or create a new app
 Use Application Insights

Features of Application Insights:

Web pages
Client apps
• Request rates, deny rates, response
time and failure rates
requests
HTTP

Alerts

Your Web
• Page views and load performance
Services Power BI

Visual

Dependency Calls
Studio
• User and session counts
Rest API
External Background
Services Services
SQL Continuous
Export
• Performance counters

• Diagnostics and Exceptions

Source: https://docs.microsoft.com/en-us/azure
Create and Configure Azure Containers and
Desired State Configurations
 Compare Containers to Virtual Machines

The following table depicts the differences between containers and virtual machines:

Feature Containers Virtual Machines

Provides complete isolation from the host operating system
Typically provides lightweight isolation from the
and other VMs. This is useful when a strong security
Isolation host and other containers but doesn’t provide as
boundary is critical, such as hosting apps from competing
strong a security boundary as a virtual machine
companies on the same server or cluster
Runs the user mode portion of an operating
Runs a complete operating system including the kernel,
Operating system and can be tailored to contain just the
thus requiring more system resources (CPU, memory, and
system needed services for the app, using fewer system
storage)
resources

Deploy individual containers by using Docker via Deploy individual VMs by using Windows Admin Center or
Deployment command line; deploy multiple containers by using Hyper-V Manager; deploy multiple VMs by using
an orchestrator such as Azure Kubernetes Service PowerShell or System Center Virtual Machine Manager
 Compare Containers to Virtual Machines

The following table depicts the differences between containers and virtual machines:

Feature Containers Virtual Machines

Use Azure Disks for local storage for a single Use a virtual hard disk (VHD) for local storage for a single
Persistent
node, or Azure Files (SMB shares) for storage VM, or an SMB file share for storage shared by
storage
shared by multiple nodes or servers multiple servers
Recreate the running containers in case of a
Fault Restart of the new server with operational VMs, can fail the
cluster node failure, by the orchestrator on another
tolerance VMs over to another server in a cluster
cluster node
 Explore Azure Container Instances Benefits

Port 80
(Public IP Address)
Benefits of Azure Container instances:
• PaaS service
• Fast startup times
• Public IP connectivity and DNS name
Port 80

Web • Isolation features

server
• Custom sizes
Container
• Persistent storage
• Linux and windows containers
Container Host
• Co-scheduled groups

Virtual Network
• Virtual network deployment

Source: https://docs.microsoft.com/en-us/azure
 Implement Container Groups

Features of container groups:

• Top-level resource in Azure Container Instances
• A collection of containers that get scheduled on the same host
• The containers in the group share a lifecycle, resources, local network, and storage volumes

Source: https://docs.microsoft.com/en-us/azure
 The Docker Platform

About Docker Platform:

• Developers can host applications within a container.
• A container is a standardized “unit of software“ that contains everything required for
an application to run.
• It is available on both Linux and Windows and can be hosted on Azure.

Source: https://docs.microsoft.com/en-us/azure
 AKS Terminology

The AKS terminology includes the following terms:

Term Description

Pools Groups of nodes with identical configurations

Individual VMs running containerized

Nodes
applications

Single instance of an application.

Pods
A pod can contain multiple containers

One or more identical pods managed by

Deployment
Kubernetes​

Manifest YAML file describing a deployment

Source: https://docs.microsoft.com/en-us/azure
 AKS Clusters and Nodes

About AKS Clusters and Nodes:

• Azure-managed node provides core Kubernetes services and orchestration

• Customer-managed nodes run applications and supporting services

• Each individual node is an Azure virtual machine

Source: https://docs.microsoft.com/en-us/azure/aks/concepts-network
Create AKS Cluster

Duration: 20 Min.

Problem Statement:

Configure and create the AKS cluster.

 Assisted Practice: Guidelines

Steps to create AKS Cluster:

1. Sign in to Azure portal
2. Select Kubernetes service
3. Provide necessary details to create the cluster
 Configure AKS Storage

Tips to configure AKS storage:

• Local storage on the node is fast and simple to use.

• Local storage might not be available after the pod is

deleted.

• Multiple pods may share data volumes.

• Storage could potentially be reattached to another

pod.

Source: https://docs.microsoft.com/en-us/azure/aks/concepts-storage
 Configure AKS Scaling

Tips to configure AKS scaling:

• Applications might grow beyond the capacity

of a single pod

• Kubernetes has built-in autoscalers

• Cluster auto scaler scales are based on

compute resources

• Horizontal pod autoscaler scales are based on

metrics

Source: https://docs.microsoft.com/en-us/azure/aks/concepts-scale
 Configure AKS Scaling to ACI

Users can create new pods in Azure Container Instances if there is a

need to rapidly grow the AKS cluster.

Source: https://docs.microsoft.com/en-us/azure/aks/concepts-scale
Deploy a Python App to AKS

Duration: 10 Min.

Problem Statement:

Deploy a Python app to AKS. Test the application after deployment.

 Assisted Practice: Guidelines

Steps to deploy a Python App to AKS:

1. Connect to Kubernetes cluster
2. Create the Kubernetes manifest file
3. Create deployment using the Kubectl deployment create
command
 Azure Automation State Configuration

Azure Automation State Configuration ensures that the virtual machines (VMs) in a cluster are in
a consistent state, with the same software installed and the same configurations.
 Implement Desired State Configuration

configuration IISInstall • Configuration block(s) have a name

{
Node “localhost” • Node blocks define the computers or
{
VMs that users are configuring
WindowsFeature IIS
{
Ensure = “Present” • Resource block(s) configure the resource
Name = “Web-Server” and its properties
}
}
} • There are many built-in configuration
resources
Setup DSC and Configure a Desired State

Duration: 05 Min.

Problem Statement:

Assign the task of setup DSC and configure the desired state with some custom software.
 Assisted Practice: Guidelines

Steps to setup DSC and configure desired state:

1. Create a VM
2. Create an azure automation account
3. Create DSC configuration script
4. Compile the script
5. Register the vm with azure automation account
 Key Takeaways

Azure Virtual Machines (VM) are of several types of on-

demand, scalable computing resources that Azure offers.

Availability sets, availability zones, and virtual machine scale

sets are the high availability options for virtual machines.

Azure virtual machine (VM) extensions are small applications

that provide post-deployment configuration and automation
tasks on Azure VMs.
Azure App Service is an HTTP-based service for hosting web
applications.
Creating a Virtual Machine Scale Set and Install Web Server on It
Duration: 15 Min.

Project agenda: To implement a virtual machine scale set with Arm

templates and install IIS over those.

Description: The user has been given a project to create Virtual machine
scale sets. Once the scale set has been created, we will be deploying the IIS
webserver on these virtual machines present in the scale set.

Perform the following:

Create Scale sets with the help of ARM templates and assign web server
roles to these machines.