Pro Azure Administration

and Automation
A Comprehensive Guide
to Successful Cloud Management

Vladimir Stefanovic
Milos Katinski
Pro Azure Administration and Automation: A Comprehensive Guide to Successful
Cloud Management
Vladimir Stefanovic Milos Katinski
Belgrade, Serbia Amsterdam, The Netherlands

ISBN-13 (pbk): 978-1-4842-7324-1 ISBN-13 (electronic): 978-1-4842-7325-8

https://doi.org/10.1007/978-1-4842-7325-8

Copyright © 2021 by Vladimir Stefanovic and Milos Katinski

This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the
material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,
broadcasting, reproduction on microfilms or in any other physical way, and transmission or information
storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now
known or hereafter developed.
Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with
every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an
editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the
trademark.
The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not
identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to
proprietary rights.
While the advice and information in this book are believed to be true and accurate at the date of publication,
neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or
omissions that may be made. The publisher makes no warranty, express or implied, with respect to the
material contained herein.
Managing Director, Apress Media LLC: Welmoed Spahr
Acquisitions Editor: Joan Murray
Development Editor: Laura Berendson
Coordinating Editor: Jill Balzano

Cover photo courtesy of Gratisography

Distributed to the book trade worldwide by Springer Science+Business Media LLC, 1 New York Plaza, Suite
4600, New York, NY 10004. Phone 1-800-SPRINGER, fax (201) 348-4505, e-mail orders-ny@springer-sbm.
com, or visit www.springeronline.com. Apress Media, LLC is a California LLC and the sole member (owner)
is Springer Science + Business Media Finance Inc (SSBM Finance Inc). SSBM Finance Inc is a Delaware
corporation.
For information on translations, please e-mail booktranslations@springernature.com; for reprint,
paperback, or audio rights, please e-mail bookpermissions@springernature.com.
Apress titles may be purchased in bulk for academic, corporate, or promotional use. eBook versions and
licenses are also available for most titles. For more information, reference our Print and eBook Bulk Sales
web page at http://www.apress.com/bulk-sales.
Any source code or other supplementary material referenced by the author in this book is available to
readers on GitHub via the book’s product page, located at www.apress.com/9781484273241. For more
detailed information, please visit http://www.apress.com/source-code.
Printed on acid-free paper
Table of Contents
About the Authors.................................................................................................... xi

About the Technical Reviewer ............................................................................... xiii

Introduction .............................................................................................................xv

Chapter 1: Foundations in Cloud Computing ............................................................ 1

The History of Cloud Computing ................................................................................................... 2
A Brief History of Microsoft Azure ........................................................................................... 2
Cloud Computing Types ................................................................................................................. 3
Private Cloud ........................................................................................................................... 4
Public Cloud............................................................................................................................. 4
Hybrid Cloud ............................................................................................................................ 6
Cloud Service Models ................................................................................................................... 6
Infrastructure-as-a-Service (IaaS)........................................................................................... 7
Platform-as-a-Service (PaaS).................................................................................................. 8
Software-as-a-Service (SaaS) ................................................................................................. 8
Public Cloud Benefits .................................................................................................................... 9
Easier Management................................................................................................................. 9
Cost Efficiency ......................................................................................................................... 9
Automation ............................................................................................................................ 10
Security ................................................................................................................................. 10
Scalability .............................................................................................................................. 11
High Availability ..................................................................................................................... 11
Geographies, Regions, and Pairing ............................................................................................. 12

iii
TABLE OF CONTENTS

Subscriptions and Accounts........................................................................................................ 14

Subscription .......................................................................................................................... 14
Tenant and Accounts ............................................................................................................. 16
Role-Based Access Control (RBAC) ............................................................................................. 17
Chapter Recap ............................................................................................................................ 17

Chapter 2: Azure Administration ............................................................................ 19

Management Using Azure Portal ................................................................................................. 19
Azure Cloud Shell .................................................................................................................. 24
Azure PowerShell ........................................................................................................................ 25
Azure CLI ..................................................................................................................................... 28
ARM Template ............................................................................................................................. 29
ARM Template Format ........................................................................................................... 30
ARM Template Example ......................................................................................................... 31
ARM Template File ................................................................................................................. 33
ARM Template Deployment.................................................................................................... 34
Chapter Recap ............................................................................................................................ 37

Chapter 3: Virtual Networks in Azure ..................................................................... 39

Virtual Networks and Subnets .................................................................................................... 39
Virtual Network (VNet) ........................................................................................................... 40
Subnet ................................................................................................................................... 41
Creating a Virtual Network and Subnets................................................................................ 42
Network Interface Card (NIC) ...................................................................................................... 45
Creating a Network Interface Card ........................................................................................ 46
IP Addresses ............................................................................................................................... 48
Creating IPs ........................................................................................................................... 49
Network Security Groups (NSGs) ................................................................................................ 52
Creating a Network Security Group ....................................................................................... 53
Service Endpoints ....................................................................................................................... 55
Creating a Service Endpoint .................................................................................................. 55

iv
 TABLE OF CONTENTS

Private Endpoints ........................................................................................................................ 58

Creating a Private Endpoint ................................................................................................... 58
Chapter Recap ............................................................................................................................ 60

Chapter 4: Virtual Machine: Virtual Machine Scale Sets in

Azure Compute ....................................................................................................... 63
Virtual Machine: Planning and Usage.......................................................................................... 63
Planning Checklist ................................................................................................................. 64
Virtual Machine Networking .................................................................................................. 64
Naming Convention ............................................................................................................... 65
Virtual Machine Location ....................................................................................................... 65
Virtual Machine Sizing ........................................................................................................... 67
Storage for Virtual Machines ................................................................................................. 68
Supported Operating Systems ............................................................................................... 69
Virtual Machine Connectivity ................................................................................................. 71
Creating Virtual Machines ........................................................................................................... 71
Azure Portal ........................................................................................................................... 72
ARM Template, PowerShell, and Azure CLI ............................................................................ 79
Virtual Machine Availability ......................................................................................................... 79
Maintenance and Downtime .................................................................................................. 79
Availability Sets ..................................................................................................................... 80
Azure Portal ........................................................................................................................... 81
ARM Template, PowerShell, and Azure CLI ............................................................................ 82
Availability Zones................................................................................................................... 82
Azure Portal ........................................................................................................................... 83
ARM Template, PowerShell, and Azure CLI ............................................................................ 83
Virtual Machine Extensions ......................................................................................................... 84
Azure Portal ........................................................................................................................... 84
ARM Template, PowerShell, and Azure CLI ............................................................................ 85

v
TABLE OF CONTENTS

Virtual Machine Scale Sets ......................................................................................................... 85

Reference Image ................................................................................................................... 85
Load Balancing Solution ........................................................................................................ 86
Auto-scaling Plans................................................................................................................. 86
Upgrading Policy.................................................................................................................... 87
Creating a Virtual Machine Scale Set .......................................................................................... 90
Azure Portal ........................................................................................................................... 90
ARM Template, PowerShell, and Azure CLI ............................................................................ 95
Chapter Recap ............................................................................................................................ 95

Chapter 5: App Service and Containers in Azure Compute..................................... 97

App Service Overview ................................................................................................................. 99
App Service Plans.................................................................................................................. 99
Creating App Service ........................................................................................................... 101
Web Apps Deployment and Configuration ................................................................................. 102
Creating a Web App ............................................................................................................. 102
Publishing a Web Application .............................................................................................. 104
CI/CD with Web Apps ........................................................................................................... 108
Blue-Green Deployment ...................................................................................................... 111
Auto-scaling with Web Apps ................................................................................................ 113
Web Apps Monitoring........................................................................................................... 115
Docker on Azure ........................................................................................................................ 117
Azure Container Registry (ACR) ........................................................................................... 118
Creating Azure Container Registry....................................................................................... 118
Azure Container Instances................................................................................................... 121
Creating Azure Container Instances .................................................................................... 122
Azure Kubernetes Service ................................................................................................... 124
Creating Azure Kubernetes Cluster...................................................................................... 124
Chapter Recap .......................................................................................................................... 125

vi
 TABLE OF CONTENTS

Chapter 6: Azure Storage...................................................................................... 127

Storage Accounts ...................................................................................................................... 127
Account Types and Performance Tiers ................................................................................ 128
Storage Account Replication ............................................................................................... 129
Creating a Storage Account ................................................................................................. 130
Blob Containers ......................................................................................................................... 131
Blob Access Tier .................................................................................................................. 132
Creating a Blob Container .................................................................................................... 133
Azure Files ................................................................................................................................ 134
Azure Files Tiers .................................................................................................................. 135
Creating Azure Files............................................................................................................. 135
Storage Account Security.......................................................................................................... 136
Storage Access Keys and Shared Access Signature ........................................................... 137
Storage Networking............................................................................................................. 138
Blob Container Access ......................................................................................................... 139
Encryption ........................................................................................................................... 140
Data Transfer ............................................................................................................................. 141
Storage Explorer .................................................................................................................. 141
AzCopy ................................................................................................................................. 142
Data Box Gateway and Azure Stack Edge............................................................................ 143
Import/Export Service.......................................................................................................... 143
Data Box .............................................................................................................................. 144
Storage Account Management .................................................................................................. 145
Changing Security Parameters ............................................................................................ 145
Lifecycle Management ........................................................................................................ 146
Managed Disks ......................................................................................................................... 147
Types of Managed Disks ...................................................................................................... 148
Performance Tiers ............................................................................................................... 150
Managed Disk Security........................................................................................................ 151
Creating a Managed Disk .................................................................................................... 152
Chapter Recap .......................................................................................................................... 153

vii
TABLE OF CONTENTS

Chapter 7: Advanced Azure Networking ............................................................... 155

Azure DNS ................................................................................................................................. 155
Public DNS ........................................................................................................................... 156
Creating a Public DNS Zone ................................................................................................. 156
Private DNS.......................................................................................................................... 158
Creating a Private DNS Zone ............................................................................................... 159
Virtual Network Peering ............................................................................................................ 160
Creating Virtual Network Peering ........................................................................................ 161
Intersite Connectivity ................................................................................................................ 164
VNet-to-VNet Connection..................................................................................................... 164
Creating a Virtual Network Gateway .................................................................................... 165
Point-to-Site VPN ................................................................................................................. 167
Site-to-Site VPN ................................................................................................................... 167
ExpressRoute....................................................................................................................... 169
Azure Firewall ........................................................................................................................... 173
Creating Azure Firewall ....................................................................................................... 174
Azure Bastion ............................................................................................................................ 176
Creating Azure Bastion ........................................................................................................ 177
Chapter Recap .......................................................................................................................... 179

Chapter 8: Monitoring and Data Protection .......................................................... 181

Azure Monitors and Alerts ......................................................................................................... 182
Collecting Data .................................................................................................................... 182
Analyzing and Processing Data ........................................................................................... 182
Creating an Alert .................................................................................................................. 186
Log Analytics ............................................................................................................................. 189
KQL (Kusto Query Language) Queries .................................................................................. 191
Application Insights................................................................................................................... 192

viii
 TABLE OF CONTENTS

Network Watcher ...................................................................................................................... 196

Monitoring ........................................................................................................................... 196
Network Diagnostic Tools .................................................................................................... 198
Logs ..................................................................................................................................... 200
Azure Backup and Disaster Recovery ....................................................................................... 201
Backup Types and Workloads .............................................................................................. 201
Backup Policies ................................................................................................................... 206
Site Recovery ...................................................................................................................... 207
Chapter Recap .......................................................................................................................... 213

Chapter 9: Network Traffic Management .............................................................. 215

Virtual Network Routing ............................................................................................................ 215
Default (System) Routes ...................................................................................................... 216
Custom Routes .................................................................................................................... 217
Creating a Route Table......................................................................................................... 217
Load Balancing ......................................................................................................................... 219
Azure Load Balancer............................................................................................................ 221
Creating Azure Load Balancer ............................................................................................. 223
Application Gateway ................................................................................................................. 226
Creating Application Gateway.............................................................................................. 226
Traffic Manager ......................................................................................................................... 235
Creating Traffic Manager ..................................................................................................... 237
Azure Front Door ....................................................................................................................... 238
Creating Azure Front Door ................................................................................................... 240
Content Delivery Network (CDN) ............................................................................................... 241
Creating Content Delivery Network ..................................................................................... 242
Chapter Recap .......................................................................................................................... 245

ix
TABLE OF CONTENTS

Chapter 10: Azure Security and Compliance ........................................................ 247

Azure AD.................................................................................................................................... 247
Role-Based Access Control (RBAC) ........................................................................................... 249
Assigning a Role to a Security Principal .............................................................................. 251
Custom Roles....................................................................................................................... 253
Multi-factor Authentication ....................................................................................................... 254
Identity Protection ..................................................................................................................... 255
Azure Security Center ............................................................................................................... 256
Azure Policy .............................................................................................................................. 260
Chapter Recap .......................................................................................................................... 263

Index ..................................................................................................................... 265

x
About the Authors
Vladimir Stefanovic is a Microsoft Azure MVP and cloud solution architect with more
than 15 years of experience in the IT industry. He has also been a Microsoft Certified
Trainer for a long time and the MCT Regional Lead for the Serbian chapter. During
his career as a solution architect, he has designed and delivered numerous projects
in Microsoft Azure and on-premises environments, helping companies from diverse
industries set their infrastructures in the best possible manner. As a technical trainer, he
has delivered hundreds of courses and was a successful mentor to many students, from
enthusiasts to IT professionals.
Vladimir is also an active conference speaker, having spoken at a number of
conferences such as MCT Summits (in the United States and Europe), Microsoft Ignite
Tours, and WinDays, KulenDayz, and Sinergija (regional conferences). He is a book
author, leader of Azure UG Serbia, Azure Saturday – Belgrade edition conference
organizer, and an active community member with a mission to share knowledge as
much as possible.

Milos Katinski is an Azure solutions engineer with more than 12 years of rich experience
in the IT industry, gained from numerous projects from on-premises to cloud-native
solutions. Over the last few years, he is focused on cloud technologies and DevOps
culture and helping companies to have a smoother transition to Microsoft Azure and
transformation to DevOps culture.
Milos is an active blogger and conference/meetup speaker, Azure UG Serbia
member, and one of the Azure Saturday – Belgrade edition conference organizers.
These community activities were the main reason for getting the Azure Hero award in
2019, which gave him additional motivation to continue with a mission of sharing his
knowledge of cloud as much as possible.

xi
About the Technical Reviewer
Nishith Pathak is India’s first and only Artificial Intelligence
(AI) Most Valuable Professional (MVP), a Microsoft Regional
Director (RD), lead architect, speaker, AI thinker, innovator,
and strategist. Nishith’s expertise lies in helping Fortune
100 companies design and architect next-generation
solutions that incorporate AI, ML, cognitive services,
Blockchain, and many more. It also lies in defining and
strategizing technology road maps for customers and
companies using emerging technologies. He sits on several
technical advisory boards across the globe. He has also
authored more than half a dozen international books for
Springer Publication, USA. His last three books have been on
Artificial Intelligence (AI). Previously, Nishith has also played the role of a PAN account
enterprise architect where he was responsible for the overall architecture design of
multiple projects. He is an internationally acclaimed speaker on technologies like AI,
IOT, and Blockchain and regularly speaks at various technical conferences. He advises
and mentors a lot of start-ups as a community initiative.
For his expertise in Artificial Intelligence, Microsoft awarded him the first Most
Valuable Professional (MVP) from India in the Artificial Intelligence category. He is
the only Artificial Intelligence MVP in India till date. Globally, he is among 19 MVPs
on AI, recognized by Microsoft for their sheer expertise in AI. He has also received the
“Microsoft Regional Director” award bestowed upon 150 of the world’s top technology
visionaries chosen specifically for their proven cross-platform expertise.
Nishith is also a gold member and sits on the advisory board of various national and
international computer science societies and organizations. He is currently working as
Global Chief Technologist of Emerging Technologies and Advanced Analytics for DXC
Technology where he is focused on using emerging technologies to help companies
architect solutions, laying out technology road maps, and curating the start-up
ecosystem. He can be contacted at nispathak@gmail.com or through LinkedIn at
www.linkedin.com/in/nishithpathak/.

xiii
Introduction
If you are a cloud engineer, a member of a DevOps team, or a system engineer for the
on-premises systems who wants to improve skills in the cloud computing area, then this
book is for you. Prior knowledge of the Microsoft Azure platform is not truly needed for
reading this book, but experience and familiarity with IT concepts would be helpful and
make understanding cloud computing easier.
Pro Azure Administration and Automation starts with the chapter “Foundations in
Cloud Computing” as a general introduction to cloud computing, focusing primarily
on Azure, which is a must-have for all people in the modern IT world. Chapter 2,
“Azure Administration,” covers tools that we can use for deploying and managing
Azure resources, in which we will be able to see the differences between these tools.
In Chapter 3, “Virtual Networks in Azure,” real deployment and management start. We
will discuss the Azure networking concept and why some network-related services are
important. Starting from this chapter, almost all the following chapters will consist of a
lot of scripts and templates, of which the main purpose is automation. Once networking
in Azure becomes our “cup of tea,” we will move forward to the “virtual machine and
virtual machine scale sets (VMSSs)” in Chapter 4. In this chapter, we will learn why
these services are important, how to deploy and manage them, and also the important
configuration parameters.
In Chapter 5, “App Service and Containers in Azure Compute,” we are slowly moving
from IaaS to PaaS services in Azure. We will discuss services that are, most probably, the
future of the application hosting infrastructure, but also we will see how we can build
infrastructure that is based on these services. Chapter 6, “Azure Storage,” is a logical step
forward, and in this chapter, we will learn what Azure Storage is, why it is important,
and what options there are to leverage this Azure resource. Chapter 7, “Advanced Azure
Networking,” will show Azure networking from different perspectives and will teach us
what Azure resources are related to advanced networking, how we need to use them, and
in what scenarios these resources could help us.

xv
INTRODUCTION

Chapter 8, “Monitoring and Data Protection,” opens the door to monitoring

and alerting for Azure resources, which is one of the most important parts of each
infrastructure when it is deployed. In the same chapter, we will discuss data protection
options in Azure and scenarios where they could be implemented. In Chapter 9,
“Network Traffic Management,” we will learn about Azure resources we can use if we
need to have an additional traffic management layer. A couple of Azure services, which
seem at first look the same, will be explained from a feature and use case perspective.
Finally, we will discuss security in Chapter 10, “Azure Security and Compliance.” This
chapter covers the main security concepts and gives us a good starting point on how
security in Azure works.
In this book, we will learn about basic concepts and what makes Azure the way
it is today. We will explore different approaches to deploying Azure services, their
differences, and the benefits they bring. As we progress, we will reveal different types
of services, how they connect, and which type of service you should use based on
your needs, but also we will learn how to deploy each one of them and how you could
automate your future deployments.
By the end of this book, we will be more familiar with Azure resources and how
they are related and will know what is important to each of the services and how we
can deploy and maintain them. With this bigger picture of Azure, we would be able
to select appropriate services for diverse workloads easily, which could lead to easier
management and a more effective Azure environment.

xvi