AZ 900 Summary

Exam Info

Exam Time: 60 minutes

Seat Time: 90 minutes

{{< alert icon=”👉” text=“Exam Time: 60 minutes. Seat Time: 90 minutes” />}}

Azure

Meaning in English : “bright blue color of the cloudless sky”

Hindi: मेघहीन नीलवर्ण आकाश

What is Cloud Computing?

Common Cloud Services

What is Microsoft?

What is Azure?

Microsoft calls their cloud provider service Microsoft Azure Commonly referred to just Azure

Azure literally means “bright blue color of the cloudless sky” Cloud Service Providers can be initialized as CSPs

Benefits of Cloud Computing

Cost-effective : You pay for what you consume, no up-front cost. Pay-as-you-go (PAYG) thousands of customers sharing the cost of the resources

Global : Launch workloads anywhere in the world, Just choose a region

Secure : Cloud provider takes care of physical security. Cloud services can by secure by default or you have the ability to configure access down to granular level.

Reliable (विश्वसनीय) : data backup, disaster recovery, and data replication, and fault tolerance (सहनशीलता)

Scalable :Increase or decrease resources and services based on demand

Elastic : Automate scaling during spikes and drop in demand

Current : The underlying hardware and managed software is patched, upgraded and replaced by the cloud provider without interruption to you.

Elastic : Elastic computing is the ability to quickly expand or decrease computer processing, memory, and storage resources to meet changing demands without worrying about capacity planning and engineering for peak usage.

https://azure.microsoft.com/en-us/overview/what-is-elastic-computing/

Scalability : Scalability is the ability of a system to handle increased load. Services covered by Azure Autoscale can scale automatically to match demand to accommodate workload. These services scale out to ensure capacity during workload peaks and return to normal automatically when the peak drops.

https://docs.microsoft.com/en-us/azure/architecture/framework/scalability/design-scale

Types of Cloud Computing

SaaS

Software as a Service For Customers A product that is run and managed by the service provider Don’t worry about how the service is maintained. It just works and remains available.

salesforce
Office 365
GMail

PaaS

Platform as a Service For Developers Focus on the deployment and management of your apps. Don’t worry about, provisioning, configuring or understanding the hardware or OS.

heroku

IaaS

Infrastructure as a Service For Admins The basic building blocks for cloud IT. Provides access to networking features, computers and data storage space. Don’t worry about IT staff, data centers and hardware.

Microsoft Azure
AWS
Oracle Cloud

Types of Cloud Computing Responsibilities

On-Premise

Customer is Responsible for
- Applications
- Data
- Runtime
- Middleware
- OS
- Virtualization
- Servers
- Storage
- Networking

Infrastructure as a Service

Customer is Responsible for
- Applications
- Data
- Runtime
- Middleware
- OS
CSP is Responsible for
- Virtualization
- Servers
- Storage
- Networking

Platform as a Service

Customer is Responsible for
- Applications
- Data
CSP is Responsible for
- Runtime
- Middleware
- OS
- Virtualization
- Servers
- Storage
- Networking

Software as a Service

CSP is Responsible for
- Applications
- Data
- Runtime
- Middleware
- OS
- Virtualization
- Servers
- Storage
- Networking

Azure’s Deployment Models

Public Cloud: Everything built on the Cloud Provider Also known as: Cloud-Native

Private Cloud: Everything built on company’s datacenters Also known as On-Premise The cloud could be OpenStack

Hybrid: Using both On-Premise and A Cloud Service Provider

Azure’s Deployment Models

Azure Cost Management

Deployment Models

Total Cost of Ownership (TCO)

Capital vs Operational Expenditure

CapEX

Capital Expenditure (CAPEX)

Spending money upfront on physical infrastructure
Deducting that expense from your tax bill over time.
Server Costs (computers)
Storage Costs (hard drives) Network Costs (Routers, Cables, Switches)
Backup and Archive Costs
Disaster Recovery Costs

OpEX

Operational Expenditure (OPEX)

The costs associated with an on-premises datacenter that has shifted the cost to the service provider. The customer only has to be concerned with non-physical costs.

Leasing Software and Customizing features
Training Employees in Cloud Services
Paying for Cloud Support
Billing based on cloud metrics eg. compute usage
Datacenter Costs (Rent, Cooling, Physical Security)
storage usage
Technical Personal With Capital Expenses you have to guess upfront what you plan to spend With Operation Expenses you can try a product or without investing in equipment

Cloud Architecture Terminologies

Availability - Your ability to ensure a service remains available Highly Available (HA)

Scalability — Your ability to grow rapidly or unimpeded (निर्विघ्न ,जिसमे रुकावट न हुआ हो )

Elasticity — Your ability to shrink and grow to meet the demand

Fault Tolerance — Your ability to prevent a failure Disaster Recovery - Your ability to recover from a failure Highly Durable (DR)

Scalability

High Scalability

Your ability to increase your capacity based on the increasing demand of traffic, memory and computing power.

Vertical Scaling

Scaling Up : Upgrade to a bigger server

Horizontal Scaling

Scaling Out : Add more servers of the same size

Elasticity

High Elasticity

Your ability to automatically increase or decrease your capacity based on the current demand of traffic, memory and computing power.

Azure VM Scale Sets

Automatically increase or decrease in response to demand or a defined schedule.

SQL Server Stretch Database

Dynamically stretch warm and cold transactional data from Microsoft SQL Server 2016 to Microsoft Azure

Horizontal Scaling

Scaling Out — Add more servers of the same size

Scaling In — Removing more servers of the same size

Vertical Scaling is generally hard for traditional architecture so you’ll usually only see horizontal scaling described with Elasticity.

Highly Fault Tolerant

Your ability for your service to ensure there is no no single point of failure. Preventing the chance of failure

Fail-overs is when you have a plan to shift traffic to a redundant system in case the primary system fails

You can use Azure Traffic Manager Which is a DNS-based traffic balancer To fail-over from a failing primary system to a stand-by secondary system.

A common example is having a copy (secondary) of your database where all ongoing changes are synced. The secondary system is not in-use until a fail over occurs and it becomes the primary database.

High Durability

Your ability to recover from a disaster and to prevent the loss of data. Solutions that recover from a disaster is known as Disaster Recovery (DR)

Do you have a backup?
How fast can you restore that backup?
Does your backup still work?
How do you ensure current live data is not corrupt?

The Evolution of Computing

Global Infrastructure — Regions and Geographies

A region is a grouping of multiple datacenters (Availability Zones)

Azure has 58 Regions available across 140 Countries

A Geography is discreet market of two or more regions that preserves data residency and compliance boundaries.

Imagine you are in Canada and you want a guarantee that data will remain within Canada. You would want to use Canada Azure Geographies

Azure Geographies

United States
Azure Government (US)
Canada
Brazil
Mexico

Global Infrastructure — Regions and Geographies

Global Infrastructure — Paired Regions

Each region is paired with another region 300 miles away.

Only one region is updated at a time to ensure no outages

Some Azure Services rely on Paired Regions for Disaster Recovery

Eg. Azure Geo-redundant Storage (GRS) replicates data to a secondary region automatically, ensuring that data is durable even in the event that the primary region isn’t recoverable.

Global Infrastructure — Region Types and Service Availability

Not all Azure cloud services are available in every Region. Recommended region Alternate (other) region A region that provides the broadest range of A region that extends Azure’s footprint within a data service capabilities and is designed to support Availability Zones now, or in the future. residency boundary where a recommended region also exists. Not designed to support AZs. These Regions are label as Other in the Azure Portal General availability (GA) is when a service is considered ready to be used publicly by everyone. Azure Cloud services are grouped into three categories. Their category determines when cloud services become available:

Foundational. When GA, immediately or in 12 months in Recommended and Alternate Regions
Mainstream When GA immediately or in 12 months in Recommended Regions May become available in Alternate Regions based on customer demand
Specialized. Available in Recommended or Alternate Region based on customer demand.

Global Infrastructure — Special Regions

Azure has specialized regions to meet compliance or legal reasons ’ US DOD Central ’ US Gov Virginia US Gov Iowa *Three Azure Government secret locations undisclosed ’ China East ’ China North

Available through a unique partnership between Microsoft and 21Vianet. Microsoft does not directly maintain the datacenters. www.21 vianet.com

Global Infrastructure — AZs

An Availability Zone (AZ) is physical location made up of one or more datacenter.

A datacenter is a secured building that contains hundreds of thousands of computers.

A region will *generally contain 3 Availability Zones

Datacenters within a region will be isolate from each other (so different buildings). But they will be close enough to provide low-latency.

Its common practice to run workloads in at least 3 AZs to ensure services remain available in case one or two datacenters fail. (High Availability)

Global Infrastructure — AZ Supported Regions

Not Every Region has support for Availability Zones These regions are known as Alternate or Other Recommended Regions are suppose to have at least 3 AZs.

The following Regions have a minimum of 3 AZs

Central US
East US 2
West US 2
West Europe
France Central
North Europe
Southeast Asia

Global Infrastructure — Fault and Update Domains

An Availability Zone (AZ) in an Azure region is a combination of a fault domain and an update domain.

Fault Domain

A logical grouping of hardware to avoid a single point of failure within an AZ. group of virtual machines that share a common power source and network switch.

Update Domain

Azure may need to apply updates to the underlying hardware and software. Update domains ensure your resources do not go offline.

Availability Set

A logical grouping that you can use in Azure to ensure that the VMS you place in the Availability Set are different fault/update domains to avoid downtime.

Computing Services

Azure Virtual Machines

Windows or Linux virtual machines (VMS). The most common type of compute. You choose your OS, Memory, CPU, Storage. You share hardware with other customers

Azure Container Instances

Docker as a Service Run containerized apps on Azure without provisioning servers or VMS

Azure Kubernetes Service (AKS)

Kubernetes as a Service. Easy to deploy, manage and scale containerized applications. Uses the open source Kubernetes (K8) software.

Azure Service Fabric

Tier-I Enterprise Containers as a Service Distributed systems platform. Runs in Azure or on-premises. Easy to package, deploy, and manage scalable and reliable microservices.

Azure Functions

Event-driven, serverless compute (functions) run code without provisioning or managing servers. You pay only for the compute time you consume.

Azure Batch

Plans, schedules and executes your batch computer workloads across running 100+ jobs in parallel. Use Spot VMS to save money (previously used Low-priority VMS to save on compute)

Storage Services

Azure Blob Storage

Object Serverless Storage. Store very large files and large amounts of unstructured files. Pay for what you store, unlimited storage, no-resizing volumes, no filesystem protocols.

Azure Disk Storage

A virtual volume. Choose SSD or HDD, encryption by default, attach volume to VMS

Azure File Storage

A shared volume that you can access and manage like a file server. eg SMB

*Azure Queue Storage

Messaging Queue A data store for queuing and reliably delivering messages between applications

*Azure Table Storage

Wide-Column NoSQL Database A NoSQL store that hosts unstructured data independent of any schema

Azure Data Box / Azure Databox Heavy

A rugged briefcase computer and storage designed to move terabytes or petabytes of data

Azure Archive Storage

Long term cold storage for when you need to hold onto files for years on the cheapest storage options

Azure Data Lake Storage

A centralized repository that allows you to store all your structured and unstructured data at any scale.

Database Services

Azure Cosmos DB

A fully managed NoSQL databases. Designed for scale with guarantee of 99.999% availability

Azure SQL Database

Fully managed MS SQL database with auto-scale, integral intelligence, and robust security

Azure Database for MySQL / PSQL / MariaDB

Fully managed and scalable MySQL / PostgreSQL / MariaDB database with high availability and security

SQL Server on VMS

SQL Host enterprise SQL Server apps in the cloud. Lift-and-shift MS SQL servers from on-premise to Azure Cloud. SQL

Azure Synapse Analytics (Azure SQL Data Warehouse)

Fully managed data warehouse with integral security at every level of scale at no extra cost

Azure Database Migration Service

Migrates your databases to the cloud with no application code changes

Azure Cache for Redis

Caches frequently used and static data to reduce data and application latency

*Azure Table Storage

Wide-Column NoSQL Database A NoSQL store that hosts unstructured data independent of any schema

Application Integration Services

Azure Notifications Hub Pub/Sub Send push notifications to any platform from any back end Azure API Apps API Gateway Quickly build and consume APIs in the cloud. Route APIs to Azure Services Azure Service Bus Reliable cloud messaging as a service (MaaS) and simple hybrid integration Service Bus Azure Stream Analytics Serverless real-time analytics, from the cloud to the edge Azure Logic Apps Schedule, automate and orchestrate tasks, businesses processes and workflows. Integration with Enterprise SaaS and Enterprise applications. Azure API Management Hybrid, multi-cloud management platform for APIs across all environments. Put in-front of existing APIs to add additional functionality. *Azure Queue Storage Messaging Queue A data store for queuing and reliably delivering messages between applications

Developer and Mobile Tools

Azure SignalR Service Real-Time Messaging Easily add real-time web functionality to applications Think of it like the Pusher for Azure Azure App Service Easy to use service for deploying and scaling web-applications with .Net, Node.js Java, Python and PHP Developer focus on building their web-apps, and not worry about the underlying infrastructure Think of it like Heroku for Azure Visual Studio (Microsoft-owned) Code Editor The integrated development environment (IDE) designed for creating powerful, scalable applications for Azure Xamarin (Microsoft-owned) Mobile-App Framework Create powerful and scalable native mobile apps with .NET and Azure

Azure DevOps Services

Azure DevOps Plan smarter, collaborate , and ship faster with a set of modern dev services. Azure Boards Kanban Deliver value to your users faster using proven agile tools to plan, track, and discuss work across your teams. Azure Pipelines CI/CD Build, test, and deploy with that works with any language, platform, and cloud. Connect to GitHub or any other Git provider and deploy continuously. Azure Repos Get unlimited, cloud-hosted private Git repos and collaborate to build better code with pull requests and advanced file management. Azure Test Plans Test and ship with confidence using manual and exploratory testing tools. Azure Artifacts Create, host, and share packages with your team, and add artifacts to CI/CD pipelines with a single click. Azure DevTest Labs Fast, easy, and lean dev-test environments

Azure Resource Manager

What is Infrastructure as code (IaC)? The process of managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools. co Azure Resource Manager (ARM) allows you to programmatically create Azure resources via JSON template. Launch VM “$schema”: “https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#” , resources ” : “type”: “Microsoft . Compute/ virtualMachines” , “MyServer” , ” name” : properties” : ” hardwareProfileII : “vmSize”: “Standard A4”

Azure QuickStart Templates

Azure QuickStart is a library of a pre-made ARM templates provided by the community and partners to help you quickly launch new projects for a variety of stack scenarios:

Azure Virtual Network (vNet) and Subnets

Virtual Network (vNet) is a logically isolated section of the Azure Network where you launch your Azure resources. You choose a range of IPS using CIDR Range CIDR Range of 10.0.0.0/16 = 65,536 IP Addresses 1 US East 1 vNet10.O.O.O/16 Public Su bnet 10.0.0.0/24 Private Subnet 10.0.1 .0/24 1 1 Azure Network Subnets a logical partition of an IP network into multiple smaller network segments. You are breaking up your IP range for VNet into smaller networks. Subnets need to have a smaller CIDR range than to the vNet represent their portion. eg Subnet CIDR Range 10.0.0.0/24 = 256 IP Addresses A Public Subnet is one that can reach the internet A Private Subnet is one that cannot reach the internet

Cloud-Native Networking Services

Azure DNS : Provides ultra-fast DNS responses and ultra-high domain availability

Azure Virtual Network (vNET) : A logical isolated section of the Azure network for customers to launch Azure resources within.

Azure Load Balancer : OSI Level 4 (Transport) Load Balancer

Azure Application Gateway : OSI Level 7 (HTTP) Load Balancer, can apply a Web Application Firewall

Network Security Groups A virtual firewall at the subnet level

Enterprise/Hybrid Networking Services

Azure Front Door Scalable and secure entry point for fast delivery of your global applications Azure Express Route A connection between your on-premise to Azure cloud from 50 Mbps to 10 Gbps Virtual WAN a networking service that brings many networking, security, and routing functionalities together to provide a single operational interface Azure Connection A VPN connection securely connects two Azure local network via (IPsec). Virtual Network Gateway A site-to-site VPN connection between an Azure virtual network and your local network

Azure Traffic Manager

Azure Traffic Manager operates at the DNS layer to quickly and efficiently direct incoming DNS requests based on the routing method of your choice. Route traffic to servers the geographically near by to reduce latency Fail-over to redundant systems in-case primary systems become unhealthy. Route to random VM to simulate A/B testing Prod 80% exampro.co 20% Beta Name * exampro .trafficmanager.net Routing method Weighted Performance Weighted Priority Geographic MultiValue Subnet

Azure DNS

Azure DNS allows you to host your domains names on Azure. You can create DNS Zones and manage your DNS records. Azure DNS does not allow you to purchase domains. Only the ability to manage DNS records. Add record set exampro.co Name beta Type o Alias record set ONO Alias type O Zone record set o Azure resource Choose a subscription * Free Trial Azure resource exampro x .exampro.co P Search record sets Name Type NS SOA TTL 172800 3600 Value nsl -08.azure-dns.com. ns2-08.azure-dns.net. ns3-08.azure-dns.org. ns4-08.azure-dns.info. Email: azuredns-host… Host: nsl -08.azure-d… Refresh: 3600 Retry: 300 Expire: 2419200 Minimum TTL: 300 Serial number: 1

Azure Load Balancer

Azure Load Balancer is used for evenly distributing incoming network traffic across a group of backend resources or servers. OSI Layer 4 (Transport) Azure Load Balancer operates on You can create a: Public Load Balancer incoming traffic from the internet to public-facing servers (Public IPs) • Internal (Private) Load Balancer incoming internal network traffic to private-facing servers (Private IPs) US East 1 AZ 2 AZ 3

Scale Sets

Allows you group together identical Virtual Machines (VMS) and automatically increase or decrease the amount of servers based on: ’ change in CPU, memory, disk, and network performance On a predefined schedule Scale Set

IOT Services

What is Internet of Things (IoTs)? A network of Internet connected objects (usually hardware) able to collect and exchange data. Smart Bulbs Smart Fridges Smart Light Switches Narrowband vs Wideband hardware Security Cameras Voice Command Speakers Temperature, Pressure or Humidity Sensors Drones Phones Buttons

IOT Services

IOT Central Connects your IOT devices to the cloud 10T Hub Enable highly secure and reliable communication between your IOT application and the devices it manage 10T Edge A fully managed service built on Azure IOT Hub. It allows data processing and analysis nearest the IOT devices. Edge computing is when you offload compute from the cloud to local computing hardware such as IOT devices, phones or home computers Windows 10 IOT Core Services A cloud services subscription that provides the essential services needed to commercialize a device on Windows 10 IOT Core. Long-term OS support and services to manage device updates and assess device health

Big Data and Analytics Services

What is BigData? A term used to describe massive volumes of structured/unstructured data that is so large it is difficult to move and process using traditional database and software techniques. Azure Synapse Analytics (formally known as SQL Data Warehouse) Enterprise data warehousing and Big Data analytics. Intended to run SQL queries against large databases for things such as reporting. HDInsight open-source analytics software such as Hadoop, Kafka and Spark Run Azure Databricks APACHE Spork An Apache Spark-based analytics platform optimized for the Microsoft Azure cloud services platform. Third-Party Databricks cloud services supported within Azure. Data Lake Analytics An on-demand analytics job service that simplifies big data. A data lake is a storage repository that holds a vast amount of raw data in its native format until it is needed.

Al/ ML Services

What is Artificial Intelligence (Al)? Machines that perform jobs that mimic human behavior What is Machine Learning (ML)? Machines that get better at a task without explicit programming What is Deep Learning (DL)? Machines that have an artificial neural network inspired by the human brain to solve complex problems. Azure Machine Learning Service Artificial Intelligence Machine Learning Deep Learning A service for that simplifies running Al/ML related workloads allowing you to build flexible Pipelines to automate workflow. Use Python an R, Run DL workloads such as Tensorflow Azure Machine Learning Studio (classic) An older service that manages Al/ML workloads. Does not have a pipeline and other limitations. Workloads are not easily transferable to from classic to the new service.

Al/ ML Services

Personalizer Deliver rich, personalised experiences for every user. Translator Add real-time, multi-language text translation to your apps, website and tools. Anomaly detector Detect anomalies in data to quickly identify and troubleshoot issues. Azure Bot Service Intelligent, serverless bot service that scales on demand Form Recogniser Automate the extraction of text, key/value pairs and tables from your documents. Computer Vision Easily customise computer vision models for your unique use case. Language Understanding Build natural language understanding into apps, bots and IOT devices.

Al/ ML Services

QnA Maker Create a conversational question-and-answer bot from your existing content. Text Analytics Extract information such as sentiment, key phrases, named entities and language from your text. Content moderator Moderate text and images to provide a safer, more positive user experience. Face Detect and identify people and emotions in images. Ink Recogniser Recognise digital ink content, such as handwriting, shapes and document layout.

Serverless Services

What is Serverless? When the underlying servers, infrastructure and OS is taken care of by the Cloud Service Provider (CSP) It will generally be highly available, scalable and cost-effective. Event-Driven Scale A serverless function can be triggered or trigger other events allowing you to compose complex applications and its just scales. Abstraction of Servers Servers are abstracted away. Your code is described as functions. These functions can be running on different compute instances. Micro-Billing Serverless compute could run for a fraction of a second. Billing into micro-seconds will save you money.

Serverless Services

Azure Functions Run small amounts of code known as serverless functions in your favorite language: C#, Java, JavaScript, Python and PowerSheII Blog Storage Serverless Object Storage. Just upload files, don’t think about the underlying file-systems, resizing Logic Apps Allows you to build serverless workflows composed of Azure Functions Building a state machines for serverless compute. Event Grid Uses Pub/Sub messaging system to allow you react to events and trigger other Azure cloud services such as Azure Functions.

Azure Portal

The Azure portal is a web-based, unified console that provides an alternative to command-line tools. You can manage your Azure subscription with the Azure portal. Build, manage, and monitor everything from simple web apps to complex cloud deployments. All services - Microsoft Azure X + portal.azure.com/#allservices P Search resources, services, and docs (G+/) Microsoft Azure All services Sea Overview Categories All General Compute Networking Storage Web Mobile Featured Virtual machines Function App App Services Virtual networks -…> Storage accounts Azure Active Directory SQL SQL databases Resource groups Azure Database for Monitor Azure Cosmos DB Advisor andrew@exampro.co DEFAULT DIRECTORY Ku bernetes services Security Center

Azure Preview Portal

You can utilize new features that are in Preview Beta Other pre-release If you want to preview features should use preview.portal.azure.com test , if you stable-release and production-ready features you should you use portal.azure.com

Azure PowerShell

What is PowerShell? PowerSheIl is a task automation and configuration management framework. A command-line shell and a scripting language. Unlike most shells, which accept and return text, PowerShell is built on top of the .NET Common Language Runtime (CLR), and accepts and returns .NET objects. Azure PowerSheIl A set of cmdlets for managing Azure resources directly from the PowerShell command line IVindows PowerShell ink-local IPv6 Address . fe8Ø: : 541f:9e31 IPv4 Address… … … … 10.0.75.1 Subnet mask . 255.255.255.ø Default Gateway . (New Virtual Switch): Ethernet adapter vEthernet Connection-specific DNS Suffix Link-local IPv6 Address . fe8Ø: :2cØd : 8247%14 IPv4 Address. . lø.ø.ø.løø Subnet mask . 255.255.255.ø Default Gateway . 10.ø.ø.254 Connection : Unknown adapter Local Area media State Connection-specific DNS Suffix Ethernet adapter Ethernet 4: media State Connection-specific DNS Suffix PS media disconnected media disconnected

Visual Studio Code

Visual Studio Code is a free source-code editor made by Microsoft for Windows, Linux and macOS. EXPLORER TOAST’RE server web node_modules public src n.lock {l package.json JS api.js e JS serviceWorker.js index.css JS App.test.js JS index.js web src JS api.js getUserCount 5 JS JS JS JS views api.js App.css App.js App.test.js config.js index.css index.js logo.svg 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 // @ts-check import* as config from ./configl; import* as moment from ‘moment’;

@param {boolean} [testMode] Enable demo mode.
@return {Promise} Number of users. 1 reference export async- function getUserCount(testMode= false) { const response = await fetchC ) ; const data await if (testMode) { return data. numberServed * moment. no normalizeUnits return data. number now months @ monthsShort version duration parseZone defineLocale isDuration calendarFormat function moment. now(): number x JS serviceWorker.js JS SiteHeader.js .gitignore { } package.json O README-.md yarn.lock OUTLINE Returns unix time in milliseconds. Overwrite for profit. -J

Azure Cloud Shell

Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerSheII. Microsoft Azure Create a resource Home Dashboard — All services Ah •esources (“l Resou -ce groups App Ser, ;ces f Function Apps SQL database Azure Cosmos DB Virtual machines Requesting a Cloud Connecting termi P Search resources, services, and docs Azure services see all (100+) > Create a resource > Virtual machines App Services Storage accounts SQL databases Azure Databa for Azure Cosmos DB PostgreSQL s rs curity Center ecure your apps and I nfrastructure Useful links Technical Documentation Azure Services Kubemetes services Function App Microsoft Learn Learn Azure with free online training from Microsoft Azure Monitor Monitor your apps and infrastructure Cost Management Analyze and optimize your cloud spend for free Recent resources see all your recent resources > See all your resources > 11 -Succeeded. K)TD: Cmdlet help is available: help <cmdlet næe> VERBOSE: Authenticating to Azure VERBOSE: Building your Azure drive . Azure : / PS Azure:

Azure CLI

What is a CLI? A Command Line Interface (CLI) processes commands to a computer program in the form of lines of text. Operating systems implement a command-line interface in a shell or terminal The Azure CLI can be installed on Windows, Mac and Linux. Once installed you can type az

Azure Trust Center

A public-facing website portal providing easy access to privacy and security and regulatory compliance information. I Trust Center Security v Privacy Microsoft Compliance “If we can’t protect people, then we don’t deserve their trust.” Brad Smith, President and Chief Legal Officer Security, Privacy, and Compliance are core tenets of how we empower organizations to serve their customers. Watch video Products and services Industry Tools & Documentation v All Microsoft v p Principles for maintaining data integrity in the cloud

Azure Security — Compliance Programs

Enterprise Companies WILL NOT BUY your software solutions unless its secure.

How are you going to meet their security compliance requirements?

We’ll only do business with you if you are…

NIST 800-53
PIPEDA Compliant
HIPPA Compliant
FIPS-140-2 Compliant

Criminal Justice Information Services (CJIS)

Any US state or local agency that wants to access the FBI’s CJIS database is required to adhere to the CJIS Security Policy.

Cloud Security Alliance (CSA) STAR Certification

Independent third-party assessment of a cloud provider’s security posture

A European privacy law. Imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents.

EU Model Clauses

Contractual guarantees around transfers of personal data outside of the EU

Health Insurance Portability and Accountability Act (HIPAA).

US federal law that regulates patient Protected Health Information

International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) 27018.

Code of practice, covering the processing of personal information by cloud service providers.

Multi-Tier Cloud Security (MTCS) Singapore.

Operational Singapore security management Standard. A common standard that cloud service providers (CSPs) can apply to address customer concerns about the security and confidentiality of data in the cloud, and the impact on businesses of using cloud services.

Service Organization Controls (SOC) 1, 2, and 3.

independent third-party examination reports that demonstrate how the company achieves key compliance controls and objectives

National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)

Voluntary Framework that consists of standards, guidelines, and best practices to manage cybersecurity-related risks.

UK Government G-CIoud.

Cloud computing certification for services used by government entities in the United Kingdom

Federal Information Processing Standard (FIPS) 140-2

US and Canadian government standard that specifies the security requirements for cryptographic modules that protect sensitive information.

Azure Active Directory

Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which helps your employees sign in and access resources

External Resources

Microsoft Office 365
Azure Portal
SaaS applications

Internal Resources

Applications within your internal networking
Access to workstations on-premise

Use Azure AD to implement Single-Sign On (SSO)

Azure Active Directory comes in four editions

Free MFA, SSO, Basic Security and Usage Reports, User Management
Office 365 Apps Company Branding, SLA, Two-Sync between On-Premise and Cloud
Premium 1 Hybrid Architecture, Advanced Group Access, Conditional Access
Premium 2 Identity Protection, Identity Governance

Multi-Factor Authentication

What is Multi-Factor Authentication (MFA)? A security control where after you fill in your username/email and password you have to use a second device such as a phone to confirm that its you logging in. MFA protects against people who have stolen your password. MFA is an option in most cloud providers and even social media websites such as Facebook. andrew@exampro.co LOGIN One Factor Two-Factor / Multi-Factor 439 691 O

Azure Security Center

Azure Security Center is a unified infrastructure security management system It strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud.

Key Vault

Concept fully not clear how it is managed. will look into this later on.

Azure Key Vault helps you safeguard cryptographic keys and other secrets used by cloud apps and services. Secrets Management store and tightly control access to tokens, passwords, certificates, API keys, and other secrets Key Management create and control the encryption keys used to encrypt your data Certificate Management easily provision, manage, and deploy public and private SSL certificates for use with Azure and internal connected resources. Hardware Security Module secrets and keys can be protected either by software or FIPS 140-2 Level 2 validated HSMs

An HSM is a Hardware Security Module. Its a piece of hardware designed to store encryption keys. FOPS Federal Information Processing Standard (FIPS) 140-2 US and Canadian government standard that specifies the security requirements for cryptographic modules that protect sensitive information. HSM’s that are multi-tenant are FIPS 140-2 Compliant (multiple customers virtually isolated on an HSM) HSM’s that are single-tenant are FIPS 140-3 Compliant (single customer on a dedicated HSM)

Azure DDoS Protection

What is a DDoS (Distributed Denial of Service) Attack? A malicious attempt to disrupt normal traffic by flooding a website with large amounts of fake traffic.

Azure offers two tiers of DDoS Protection

DDoS Protection Basic

Free
Already turned on protect
Azure ‘s global network

DDoS Protection Standard

Starting at $2,994/month
Metrics, Alerts, Reporting
DDoS Expert Support
Application and Cost Protection SLAS

Azure Firewall

Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources.

Azure Firewall Features

Centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks.

Uses a static public IP address for your virtual network resources allowing outside firewalls to identify traffic originating from your virtual network.
High availability is built in, no additional load balancers are required
Can configure during deployment to span multiple AZs for increased availability.
There’s no additional cost for a firewall deployed in an Availability Zone (AZ)
There are additional costs for inbound and outbound data transfers associated with AZs

Azure Information Protection (AIP)

Protects sensitive information such as emails and documents with encryption, restricted access and rights, and integrated security in Office apps

Azure Application Gateway

Application Gateway is a web-traffic load balancer (Layer 7 HTTP) that re-route traffic based on a set of rules. A Web Application Firewall (WAF) can be attached for additional protection on OSI Layer 7.

Azure Advanced Threat Protection (ATP)

What is IDS/IPS?

Intrusion Detection System and Intrusion Protection System A device or software application that monitors a network or systems for malicious activity or policy violations.

Azure Advanced Threat Protection (ATP)

is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.

Microsoft Security Development Lifecycle (SDL)

Microsoft Security Development Lifecycle (SDL) is an industry-leading software security assurance process.

A Microsoft-wide initiative and a mandatory policy since 2004, the SDL has played a critical role in embedding security and privacy in Microsoft software and culture.

Building security into each SDL phase of the development lifecycle helps you catch issues early, and it helps you reduce your development costs.

Azure Security — Policies

Azure Policy is a service you can use to create, assign, and manage policies. A policy allows you to enforce or control the properties of a resource Azure Policy evaluates resources in Azure by comparing the properties of those resources to business rules. These business rules, described in JSON format, are known as Policy Definitions.

Azure Role-Based Access Control (RBAC)

Azure role-based access control (Azure RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to.

Role Assignments the way you control access to resources A Role Assignment is consist of these three elements

security principal
role definition
scope

A Security Principal represents the identities requesting access to an Azure resource such as:

User An individual who has a profile in Azure Active Directory

Group A set of users created in Azure Active Directory.

Service Principal A security identity used by applications or services to access specific Azure resources.

Managed identity An identity in Azure Active Directory that is automatically managed by Azure.

Scope is the set of resources that access for the Role Assignment applies to. Scope Access Controls at the Management, Subscription or Resource Group level.

A Role Definition is a collection of permissions.

A role definition lists the operations that can be performed, such as read, write, and delete. Roles can be high-level, like owner, or specific, like virtual machine reader.

Azure has built-in roles and you can define custom roles

Actions

Read
Grant
Create, Update, Delete

Roles

Owner
Contributor
Reader
User Access Administrator

These are the four fundamental built-in role

Lock resources

As an admin, you may need to lock a subscription, resource group, or resource to prevent other users from accidentally deleting or modifying critical resources.

In the Azure Portal you can set the following lock levels. CanNotDeIete (Delete) authorized users can still read and modify a resource, but they can’t delete the resource.

ReadOnIy (Read-only) authorized users can read a resource, but they can’t delete or update the resource

Azure Management Groups

Managing multiple subscriptions (accounts) into a hierarchal structure.

Each directory is given a single top- level management group called the “Root” management group.

All subscriptions within a management group automatically inherit the conditions applied to the management group.

Azure Monitor

Azure Monitor comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments

Azure Service Health

Information about current and upcoming issues such as:

service impacting events
planned maintenance
and other changes that may affect your availability.

Azure Status informs you of service outages in Azure
Azure service health a personalized view of the health of the Azure services and regions you’re using.
Azure resource health information about the health of your individual cloud resources eg. VM

Azure Advisor

Azure Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments.

The Advisor dashboard displays personalized recommendations for all your subscriptions for the following 5 categories:

High Availability
Security
Performance
Cost
Operational Excellence

Pricing and Support — SLAS

Service Level Agreement (SLA) describes Azure’s commitments for uptime and connectivity SLA’s are individualized per Azure service Uptime and connectivity is described as Performance Targets A Performance Target is represented as a percentage %. 99% (two nines) 99.9% (three nines) 99.999% (five nines) 99.9999999% (nine nines) Azure not does provide SLAS for Free Tier or the shared tiers.

Pricing and Support — Service Credits

Service Credits customers may have a discount applied to their Azure bill, as compensation for an under-performing Azure product or service based on the SLA. Azure Virtual Machine Service Credit Calculation Monthly Uptime % < 99.9 < 99 < 95 Service Credit % 10 25 100

Pricing and Support — Composite SLA

Different services have different SLAs. A Composite SLA is when you combine SLAS across different service offerings. Web App 99.95% SQL Database 99.99% OR Queue 99.9% The real SLA for a Web-App + SQL Database would be: 99.95% x 99.99% = 99.94%. Fallback systems will improve overall SLA. Imagine SQL Database was down but you had a queue Saving transactions attempts from Web App to Queue to write to DB. Web app and (database or queue) = 99.95% x 99.99999% = ‘09.95%

Pricing and Support — TCO Calculator

Estimate the cost savings you can realize by migrating your workloads to Azure Generate out a detailed report and export as a PDF to send to decision makers. azure.microsoft.com/pricing/calculator Over 5 year(s) with Microsoft Azure, your estimated cost savings could be as $130,191 much as Total on-premises vs. Azure cost over time Savings from running workloads in Azure accrue over time. The following shows how those savings add up over years. 150K 100K 50K O On-premises cost 1 Year Microsoft Azure cost 2 Years 3 Years 4 Years 5 Years

Azure Marketplace

Azure Marketplace are apps and services made available by third-party publishers to quickly get started. The available apps and services can be Free, Free-Trial, Pay-As-You-Go, Bring-Your-Own-License (BYOL)

Azure Support Plans

Azure Licensing — Azure Hybrid Benefit

Many customers have invested in Windows Server licenses and would like to repurpose this investment on Azure.

Azure Hybrid Use Benefit (HUB) Gives customers the right to use these licenses for virtual machines on Azure.

Windows Servers
SQL Servers

HUB can be turned on and off at anytime for existing VMS HUB can be applied at deployment time for new VMS Bring your own license (BYOL)

Azure Subscriptions

An Azure Subscription is the same as saying our Azure Account.

There are 4 tiers of Azure Subscriptions: of Azure Subscriptions:

Free Subscription

Credit Card Required $200 USD credits free for 30 days Certain Azure products free for 12 months

Pay-As-You-Go (PAYG) Subscription

Credit Card Required Charged end at the of the month based on consumed cloud resources

Enterprise Agreement

An Enterprise and Azure agree on receive discounted price for licenses and cloud services

Student Subscription

No Credit Card Required $100 USD credits for 12 months Requires valid student email

Azure Pricing Calculator

Configure and estimate the costs for Azure products. No Sign-in require. Download an Excel spreadsheet and share with your boss.