Azure Fundamentals, Azure 900, Azure900, Azure 900, Azure 900, Azure - 900, Azure 900, AZ900 - Test Prep
Policy Creation Process
1. Create a policy definition 2. Assign a definition to a scope of resources. 3. View policy evaluation results
Azure Security Center Usage Scenarios
1. Incident response (detect, assess, diagnose) 2. enhanced security recommendations.
7 Kinds of Azure Storage
1. Structured Data 2. Semi-structured data 3. Unstructured data 4. Blob Storage 5. Disk Storage 6. File Storage 7. Archive Storage
Example Policy Definition
Allowed Storage Account SKUs, Allowed resrouce Type, Allowed Locations, Allowed Virtual Machine SKUs
Service Trust Portal
The Service Trust Portal (STP) hosts the Compliance Manager service, and is the Microsoft public site for publishing audit reports and other compliance-related information relevant to Microsoft's cloud services. STP users can download audit reports produced by external auditors and gain insight from Microsoft-authored reports that provide details on how Microsoft builds and operates its cloud services.
Role-Based Access Control (RBAC)
Role-based access control (RBAC) provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs. RBAC is provided at no additional cost to all Azure subscribers. Usage Scenarios Examples of when you might use RBAC include when you want to: • Allow one user to manage VMs in a subscription, and another user to manage virtual networks. • Allow a database administrator (DBA) group to manage SQL databases in a subscription. • Allow a user to manage all resources in a resource group, such as VMs, websites, and subnets. • Allow an application to access all resources in a resource group.
Semi-structured data
Semi-structured data is less organized than structured data, and is not stored in a relational format, meaning the fields do not neatly fit into tables, rows, and columns. Semi-structured data contains tags that make the organization and hierarchy of the data apparent. Semi-structured data is also referred to as non-relational or NoSQL data.
NO.4 Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP. Solution: You modify a DDoS protection plan. Does this meet the goal? A. Yes B. no
4. B. NO
VPN gateway
A VPN gateway is a specific type of virtual network gateway that is used to send encrypted traffic between an Azure Virtual Network and an on-premises location over the public internet. It provides a more secure connection from on-premises to Azure over the internet
Content Delivery Network
A content delivery network (CDN) is a distributed network of servers that can efficiently deliver web content to users. It is a way to get content to users in their local region to minimize latency. CDN can be hosted in Azure or any other location. You can cache content at strategically placed physical nodes across the world and provide better performance to end users. Typical usage scenarios include web applications containing multimedia content, a product launch event in a particular region, or any event where you expect a high bandwidth requirement in a region
Policy Definition
A policy definition expresses what to evaluate and what action to take. For example, you could prevent VMs from being deployed if they are exposed to a public IP address. You also could prevent a particular hard disk from being used when deploying VMs to control costs.
NO.5 This question requires that you evaluate the underlined text to determine if it is correct. You can create an Azure support request from support.microsoft.com. Instructions: Review the underlined text. If it makes the statement correct, select "No change is needed." If the statement is incorrect, select the answer choice that makes the statement correct. A. No change is needed. B. the Azure portal C. the Knowledge Center D. the Security & Compliance admin center
Answer: B the azure portal
NO.8 This question requires that you evaluate the underlined text to determine if it is correct. You deploy an Azure resource. The resource becomes unavailable for an extended period due to a service outage. Microsoft will automatically refund your bank account. Instructions: Review the underlined text. If it makes the statement correct, select "No change is needed". If the statement is incorrect, select the answer choice that makes the statement correct. A. No change is needed. B. automatically migrate the resource to another subscription C. automatically credit your account D. send you a coupon code that you can redeem for Azure credits
Answer: C, Automatically credit your account
Application Insights
Application Insights is a service that monitors the availability, performance, and usage of your web applications, whether they're hosted in the cloud or on-premises. It leverages the powerful data analysis platform in Log Analytics to provide you with deeper insights into your application's operations. Application Insights can diagnose errors, without waiting for a user to report them. Application Insights includes connection points to a variety of development tools, and integrates with Microsoft Visual Studio to support your DevOps processes.
Archive storage
Archive storage provides a storage facility for data that is rarely accessed. It allows you to archive legacy data at low cost to what it would traditionally have cost to create and maintain archives. Archive storage is available as a tier of Blob Storage, object data in the most cost-effective manner. It is stored offline and offers the lowest storage costs. However, it also has the highest access cost, hence it is suited for archival data that is rarely accessed. Archive storage is intended for data that can tolerate several hours of retrieval latency and will remain archived for at least 180 days.
Authentication (AuthN)
Authentication is the process of establishing the identity of a person or service looking to access a resource. It involves the act of challenging a party for legitimate credentials, and provides the basis for creating a security principal for identity and access control use. It establishes if they are who they say they are
Azure AD Services
Authentication, SSO, App management, B2B identity services, B2C identity services, device management
Authorization (AuthZ)
Authorization is the process of establishing what level of access an authenticated person or service has. It specifies what data they're allowed to access and what they can do with it
Azure Active Directory
Azure Active Directory (Azure AD) is a Microsoft cloud-based identity and access management service. Azure AD helps employees of an organization sign in and access resources:
Azure Advanced Threat Protection (ATP)
Azure Advanced Threat Protection (Azure ATP) is a cloud-based security solution that identifies, detects, and helps you investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Comprised of: Azure ATP Portal, Azure ATP Sensor, Azure ATP Cloud Service. ATP is part of EMS E5
Azure Advisor
Azure Advisor is a free service built into Azure that provides recommendations on high availability, security, performance, and cost. Advisor analyzes your deployed services and looks for ways to improve your environment across those four areas.
Azure Application Gateway
Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. It is the connection through which users connect to your application. With Application Gateway you can route traffic based on source IP address and port to a destination IP address and port. You also can help protect a web application with a web application firewall, redirection, session affinity to keep a user on the same server, and many more configuration options.
Blob Storage
Azure Blob Storage is unstructured, meaning that there are no restrictions on the kinds of data it can hold. Blobs are highly scalable and apps work with blobs in much the same way as they would work with files on a disk, such as reading and writing data. Blob Storage can manage thousands of simultaneous uploads, massive amounts of video data, constantly growing log files, and can be reached from anywhere with an internet connection. Blobs aren't limited to common file formats. A blob could contain gigabytes of binary data streamed from a scientific instrument, an encrypted message for another application, or data in a custom format for an app you're developing.
Azure CLI
Azure CLI is a cross-platform command-line program that connects to Azure and executes administrative commands on Azure resources. Cross platform means that it can be run on Windows, Linux, or macOS.
Azure Cloud Shell
Azure Cloud Shell is a browser-based scripting environment in your portal. It provides the flexibility of choosing the shell experience that best suits the way you work. Linux users can opt for a Bash experience, while Windows users can opt for PowerShell.
Azure Container Instances
Azure Container Instances offers the fastest and simplest way to run a container in Azure without having to manage any virtual machines or adopt any additional services. It is a PaaS offering that allows you to upload your containers, which it will run for you
Azure Data Service Types
Azure Cosmos DB, Azure SQL Database, Azure Database Migration
Azure Data Lake Analytics
Azure Data Lake Analytics is an on-demand analytics job service that simplifies big data. Instead of deploying, configuring, and tuning hardware, you write queries to transform your data and extract valuable insights. The analytics service can handle jobs of any scale instantly by setting the dial for how much power you need. You only pay for your job when it is running, making it more cost-effective
Azure DevOps Services
Azure DevOps Services (formerly known as Visual Studio Team Services (VSTS)), provides development collaboration tools including high-performance pipelines, free private Git repositories, configurable Kanban boards, and extensive automated and cloud-based load testing
Azure DevTest Labs
Azure DevTest Labs is a service that helps developers and testers quickly create environments in Azure, while minimizing waste and controlling cost. Users can test their latest application versions by quickly provisioning Windows and Linux environments using reusable templates and artifacts. You can easily integrate your deployment pipeline with DevTest Labs to provision on-demand environments. With DevTest Labs you can scale up your load testing by provisioning multiple test agents, and create pre-provisioned environments for training and demos
Azure Event Grid
Azure Event Grid allows you to easily build applications with event-based architectures. It's a fully-managed, intelligent event routing service that uses a publish-subscribe model for uniform event consumption. Event Grid has built-in support for events coming from Azure services, such as storage blobs and resource groups.
File storage
Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol. Azure file shares can be mounted concurrently by cloud or on-premises deployments of Windows, Linux, and MacOS. Applications running in Azure virtual machines or cloud services can mount a file storage share to access file data, just as a desktop application would mount a typical SMB share. Any number of Azure virtual machines or roles can mount and access the file storage share simultaneously. Typical usage scenarios would be to share files anywhere in the world, diagnostic data, or application data sharing
Azure Firewall
Azure Firewall is a managed, cloud-based, network security service that protects your Azure Virtual Network resources. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. Azure Firewall provides many features, including: • Built-in high availability. • Unrestricted cloud scalability. • Inbound and outbound filtering rules. • Azure Monitor logging.
Azure Functions
Azure Functions are ideal when you're only concerned with the code running your service and not the underlying platform or infrastructure. Azure Functions are commonly used when you need to perform work in response to an event—often via a REST request, timer, or message from another Azure service—and when that work can be completed quickly, within seconds or less. Azure Functions scale automatically and charges accrue only when a function is triggered, so they're a solid choice when demand is variable. For example, you may be receiving messages from an IoT solution that monitors a fleet of delivery vehicles. You'll likely have more data arriving during business hours. Azure Functions can scale out to accommodate these busier times. Furthermore, Azure Functions are stateless; they behave as if they're restarted every time they respond to an event. This is ideal for processing incoming data. And if state is required, they can be connected to an Azure storage service
Azure HDInsight
Azure HDInsight is a fully managed, open-source analytics service for enterprises. It is a cloud service that makes it easier, faster, and more cost-effective to process massive amounts of data. HDInsight allows you run popular open-source frameworks and create cluster types such as Apache Spark, Apache Hadoop, Apache Kafka, Apache HBase, Apache Storm, Machine Learning Services. HDInsight also supports a broad range of scenarios such as extraction, transformation, and loading (ETL); data warehousing; machine learning; and IoT
Azure IoT Hub
Azure IoT Hub is a managed service hosted in the cloud that acts as a central message hub for bi-directional communication between your IoT application and the devices it manages. You can use Azure IoT Hub to build IoT solutions with reliable and secure communications between millions of IoT devices and a cloud-hosted solution backend. You can connect virtually any device to your IoT Hub.
Azure Key Vault
Azure Key Vault is a centralized cloud service for storing your applications' secrets. Key Vault helps you control your applications' secrets by keeping them in a single, central location and by providing secure access, permissions control, and access logging capabilities.
Azure Kubernetes Service
Azure Kubernetes Service (AKS) is a complete orchestration service for containers with distributed architectures and large volumes of containers
Azure Load Balancer
Azure Load Balancer can provide scale for your applications and create high availability for your services. Load Balancer supports inbound and outbound scenarios, provides low latency and high throughput, and scales up to millions of flows for all Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) applications. You can use Load Balancer with incoming internet traffic, internal traffic across Azure services, port forwarding for specific traffic, or outbound connectivity for VMs in your virtual network
Azure Logic Apps
Azure Logic Apps is a cloud service that helps you automate and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations. Logic Apps simplifies how you design and build scalable solutions—whether in the cloud, on premises, or both—for app integration, data integration, system integration, enterprise application integration (EAI), and business-to-business (B2B) integration. Logic Apps are designed in a web-based designer and can execute logic triggered by Azure services without writing any code. To build enterprise integration solutions with Azure Logic Apps, you can choose from a growing gallery of over 200 connectors. These include services such as Salesforce, SAP, Oracle DB, and file shares
Azure Machine Learning Studio
Azure Machine Learning Studio is a collaborative, drag-and-drop visual workspace where you can build, test, and deploy machine learning solutions without needing to write code. It uses pre-built and pre-configured machine learning algorithms and data-handling modules
Azure Management Groups
Azure Management Groups are containers for managing access, policies, and compliance across multiple Azure subscriptions. Management groups allow you to order your Azure resources hierarchically into collections, which provides a further level of classification that is above the level of subscriptions.
Azure Marketplace
Azure Marketplace is a service on Azure that helps connect end users with Microsoft partners, independent software vendors (ISVs), and start-ups that are offering their solutions and services, which are optimized to run on Azure. Azure Marketplace allows customers—mostly IT professionals and cloud developers—to find, try, purchase, and provision applications and services from hundreds of leading service providers, all certified to run on Azure
Azure Monitor
Azure Monitor for VMs is a service that monitors your Azure VMs at scale, by analyzing the performance and health of your Windows and Linux VMs (including their different processes and interconnected dependencies on other resources, and external processes). Azure Monitor for VMs includes support for monitoring performance and application dependencies for VMs hosted on-premises, and for VMs hosted with other cloud providers.
Azure Monitor
Azure Monitor for containers is a service that is designed to monitor the performance of container workloads, which are deployed to managed Kubernetes clusters hosted on Azure Kubernetes Service (AKS). It gives you performance visibility by collecting memory and processor metrics from controllers, nodes, and containers, which are available in Kubernetes through the metrics API. Container logs are also collected.
Azure Monitor
Azure Monitor maximizes the availability and performance of your applications by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on
Azure Policy
Azure Policy is a service in Azure that you use to create, assign, and, manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service-level agreements (SLAs). Azure Policy does this by using policies and initiatives. It runs evaluations of your resources and scans for those not compliant with the policies you have created. For example, you can have a policy to allow only a certain stock keeping unit (SKU) size of virtual machines (VMs) in your environment. Once you implement this policy, it will evaluate resources when you create new ones or update existing ones. It will also evaluate your existing resources.
Azure Portal
Azure Portal is a website that you can access with a web browser, by going to the URL https://portal.azure.com. From here you can interact manually with all the Azure services. You can identify a service you are looking for, obtain links for help and more learning on particular topics, and deploy, manage and delete resources. It also guides you through complex administrative tasks by providing wizards and tooltips.
Azure PowerShell
Azure PowerShell is a module that you add to Windows PowerShell or PowerShell Core that enables you to connect to your Azure subscription and manage resources. Azure PowerShell requires Windows PowerShell to function. PowerShell provides services such as the shell window and command parsing. Azure PowerShell then adds the Azure-specific commands. For example, Azure PowerShell provides the New-AzureRmVM command that creates a virtual machine for you inside your Azure subscription. To use it, you would launch PowerShell, sign in to your Azure account using the command Connect-AzureRMAccount, and then issue a command such as:
Azure SQL Data Warehouse
Azure SQL Data Warehouse is a cloud-based Enterprise Data Warehouse (EDW) that leverages MPP to run complex queries quickly across petabytes of data. You can use SQL Data Warehouse as a key component of a big data solution by importing big data into SQL Data Warehouse with simple PolyBase Transact-SQL (T-SQL) queries, and then use the power of MPP to run high-performance analytics. Once data is stored in SQL Data Warehouse, you can run analytics at massive scale. Compared to traditional database systems, analysis queries finish in seconds instead of minutes, or hours instead of days
Azure SQL Database
Azure SQL Database is a relational database as a service (DaaS) based on the latest stable version of Microsoft SQL Server database engine. SQL Database is a high-performance, reliable, fully managed and secure database that you can use to build data-driven applications and websites in the programming language of your choice without needing to manage infrastructure
Azure Service Health
Azure Service Health is a suite of experiences that provide personalized guidance and support when issues with Azure services affect you. It can notify you, help you understand the impact of issues, and keep you updated as the issue is resolved. Azure Service Health can also help you prepare for planned maintenance and changes that could affect the availability of your resources.
Azure Storage
Azure Storage is a service that you can use to store files, messages, tables, and other types of information. You can use Azure Storage on its own (for example as a file share), but developers also often use it as a store for working data. Such stores can be used by websites, mobile apps, desktop applications, and many other types of custom solutions. Azure Storage is also used by IaaS virtual machines, and PaaS cloud services.
Azure Virtual Network
Azure Virtual Network enables many types of Azure resources such as Azure VMs to securely communicate with each other, the internet, and on-premises networks. A virtual network is scoped to a single region; however, multiple virtual networks from different regions can be connected together using virtual network peering. With Azure Virtual Network you can provide isolation, segmentation, communication with on-premises and cloud resources, routing and filtering of network traffic
Azure Networking Services
Azure networking components offer a range of functionality and services that can help organizations design and build cloud infrastructure services that meet their requirements.
NO.3 This question requires that you evaluate the underlined text to determine if it is correct. Authorization is the process of verifying a user's credentials. Instructions: Review the underlined text If it makes the statement correct, select "No change is needed." If the statement is incorrect, select the answer choice that makes the statement correct. A. No change is needed. B. Authentication C. Federation D. Ticketing
B. Authentication
Azure Compliance Offerings
CJIS, CSA Star, GDPR, EU Model Clauses, FedRAMP, DFARS, FERPA, HIPPA, ISO/IEC 27018, Multi-Tier Cloud Security, Service Organization Controls, NSIT, CSF
Compliance Manager
Compliance Manager is a workflow-based risk assessment dashboard within the Trust Portal that enables you to track, assign, and verify your organization's regulatory compliance activities related to Microsoft professional services and Microsoft cloud services such as Office 365, Dynamics 365, and Azure. Compliance Manager is a dashboard that provides a summary of your data protection and compliance stature, and recommendations to improve data protection and compliance. The Customer Actions provided in Compliance Manager are recommendations only; it is up to each organization to evaluate the effectiveness of these recommendations in their respective regulatory environment prior to implementation. Recommendations found in Compliance Manager should not be interpreted as a guarantee of compliance.
Containers
Containers are a virtualization environment. However, unlike virtual machines they do not include an operating system. Instead, they reference the operating system of the host environment that runs the container. Containers are meant to be lightweight and are designed to be created, scaled out, and stopped dynamically. This allows you to respond to changes on demand and quickly restart in case of a crash or hardware interruption. Azure supports Docker containers, and there several ways to manage both Docker and Microsoft-based containers in Azure.
Azure Cost Management
Cost Management is an Azure product that provides a set of tools for monitoring, allocating, and optimizing your Azure costs. The main features of the Azure Cost Management toolset include: • Reporting. Generate reports using historical data to forecast future usage and expenditure. • Data enrichment. Improve accountability by categorizing resources with tags that correspond to real-world business and organizational units. • Budgets. Create and manage cost and usage budgets by monitoring resource demand trends, consumption rates, and cost patterns. • Alerting. Get alerts based on your cost and usage budgets. • Recommendations. Receive recommendations to eliminate idle resources and to optimize the Azure resources you provision. • Price. Free to Azure customers.
NO.1 You need to configure an Azure solution that meets the following requirements: Secures websites from attacks Generates reports that contain details of attempted attacks What should you include in the solution? A. Azure Firewall B. a network security group (NSG) C. Azure Information Protection D. DDoS prot
D. Ddos Prot
NO.7 Your company plans to migrate all on-premises data to Azure. You need to identify whether Azure complies with the company's regional requirements. What should you use? A. the Knowledge Center B. Azure Marketplace C. the Azure portal D. the Trust Center
D. the trust center
DDoS standard protection
DDoS standard protection can mitigate the following types of attacks: • Volumetric attacks. The attack's goal is to flood the network layer with a substantial amount of seemingly legitimate traffic. • Protocol attacks. These attacks render a target inaccessible, by exploiting a weakness in the layer 3 and layer 4 protocol stack. • Resource (application) layer attacks. These attacks target web application packets to disrupt the transmission of data between hosts.
4 Paid Azure Support Plans
Developer, Standard, Professional Direct, Premier
Disk storage
Disk storage provides disks for virtual machines, applications, and other services to access and use as they need, similar to how they would in on-premises scenarios. Disk storage allows data to be persistently stored and accessed from an attached virtual hard disk. The disks can be managed or unmanaged by Azure, and therefore managed and configured by the user. Typical scenarios for using disk storage are if you want to lift and shift applications that read and write data to persistent disks, or if you are storing data that is not required to be accessed from outside the virtual machine to which the disk is attached. Disks come in many different sizes and performance levels, from solid-state drives (SSDs) to traditional spinning hard disk drives (HDDs), with varying performance abilities
Azure DDoS Protection
Distributed Denial of Service (DDoS) attacks attempt to overwhelm and exhaust an application's resources, making the application slow or unresponsive to legitimate users. DDoS attacks can be targeted at any endpoint that is publicly reachable through the internet. Thus, any resource exposed to the internet, such as a website, is potentially at risk from a DDoS attack.Azure DDoS Protection provides the following service tiers: • Basic. The Basic service tier is automatically enabled as part of the Azure platform. Always-on traffic monitoring and real-time mitigation of common network-level attacks provide the same defenses that Microsoft's online services use. Azure's global network is used to distribute and mitigate attack traffic across regions. • Standard. The Standard service tier provides additional mitigation capabilities that are tuned specifically to Microsoft Azure Virtual Network resources. DDoS Protection Standard is simple to enable and requires no application changes. Protection policies are tuned through dedicated traffic monitoring and machine learning algorithms. Policies are applied to public IP addresses which are associated with resources deployed in virtual networks, such as Azure Load Balancer and Application Gateway.
Usage Meters
For example, a single virtual machine that you provision in Azure might have the following meters tracking its usage: • Compute Hours • IP Address Hours • Data Transfer In • Data Transfer Out • Standard Managed Disk • Standard Managed Disk Operations • Standard IO-Disk • Standard IO-Block Blob Read • Standard IO-Block Blob Write • Standard IO-Block Blob Delete
Initiatives
Initiative definitions Initiative definitions simplify the process of managing and assigning policy definitions by grouping a set of policies as one single item. For example, you could create an initiative named Enable Monitoring in Azure Security Center, with a goal to monitor all the available security recommendations in your Azure Security Center.
IoT Central
IoT Central is a fully-managed global IoT software as a service (SaaS) solution that makes it easy to connect, monitor, and manage your IoT assets at scale. No cloud expertise is required to use IoT Central. As a result, you can bring your connected products to market faster while staying focused on your customers
Azure Cosmos DB
Microsoft Azure Cosmos DB is a globally distributed database service that enables you to elastically and independently scale throughput and storage across any number of Azure's geographic regions. It supports schema-less data that lets you build highly responsive and Always On applications to support constantly changing data. You can use Cosmos DB to store data that is updated and maintained by users around the world. It makes it easy to build scalable, highly responsive applications at global scale
Azure Information Protection (AIP)
Microsoft Azure Information Protection (MSIP) is a cloud-based solution that helps organizations classify and (optionally) protect its documents and emails by applying labels. Labels can be applied automatically (by administrators who define rules and conditions), manually (by users), or with a combination of both (where users are guided by recommendations).
Network Security Groups
Network Security Groups (NSGs) allow you to filter network traffic to and from Azure resources in an Azure virtual network. An NSG can contain multiple inbound and outbound security rules that enable you to filter traffic to and from resources by source and destination IP address, port, and protocol.
SaaS characteristics
No upfront costs; just subscription. No maintenance required.
Virtual Machine
One or more logical machines created within one physical machine. A computer file (typically called an image) that behaves like an actual computer. Multiple virtual machines can run simultaneously on the same physical computer.
Serverless Computing
Serverless computing is a cloud-hosted execution environment that runs your code but abstracts the underlying hosting environment. You create an instance of the service and you add your code. No infrastructure configuration or maintenance is required, or even allowed. You configure your serverless apps to respond to events. An event could be a REST endpoint, a periodic timer, or even a message received from another Azure service. The serverless app runs only when it's triggered by an event. Scaling and performance are handled automatically, and you are billed only for the exact resources you use. You don't even need to reserve resources. Some of the most common serverless service types in Azure are Azure Functions, Azure Logic Apps, and Azure Event Grid.
Azure Multi-Factor Authentication
Something you know, somethign you possess, something you are (password, device, fingerprint)
Structured Data
Structured data is data that adheres to a schema, so all of the data has the same fields or properties. Structured data can be stored in a database table with rows and columns. Structured data relies on keys to indicate how one row in a table relates to data in another row of another table. Structured data is also referred to as relational data, as the data's schema defines the table of data, the fields in the table, and the clear relationship between the two. Structured data is straightforward in that it's easy to enter, query, and analyze. All of the data follows the same format. Examples of structured data include, sensor data or financial data.
Azure Database Migration
The Azure Database Migration Service is a fully-managed service designed to enable seamless migrations from multiple database sources to Azure data platforms with minimal downtime (online migrations). The service uses the Microsoft Data Migration Assistant to generate assessment reports that provide recommendations to help guide you through required changes prior to performing a migration. Once you assess and perform any remediation required, you're ready to begin the migration process. The Azure Database Migration Service performs all of the required steps
Azure Machine Learning Service
The Azure Machine Learning service provides a cloud-based environment you can use to develop, train, test, deploy, manage, and track machine learning models. It fully supports open-source technologies, so you can use tens of thousands of open-source Python packages with machine learning components such as TensorFlow and scikit-learn. Rich tools, such as Jupyter notebooks or the Visual Studio Code Tools for AI, make it easy to interactively explore data, transform it, and then develop, and test models. Azure Machine Learning service also includes features that automate model generation and tuning to help you create models with ease, efficiency, and accuracy. The Azure Machine Learning service can auto-generate a model and auto-tune it for you. It will let you start training on your local machine, and then scale out to the cloud. When you have the right model, you can easily deploy it in a container such as Docker in Azure. Use Machine Learning service if you work in a Python environment, you want more control over your machine learning algorithms, or you want to use open-source machine learning libraries
Total Cost of Ownership (TCO) Calculator
The Total Cost of Ownership (TCO) Calculator is a tool that you use to estimate cost savings you can realize by migrating to Azure. To use the TCO calculator, complete the three steps that the following sections explain. Step 1: Define your workloads Enter details about your on-premises infrastructure into the TCO calculator according to four groups: • Servers. Enter details of your current on-premises server infrastructure. • Databases. Enter details of your on-premises database infrastructure in the Source section. In the Destination section, select the corresponding Azure service you would like to use. • Storage. Enter the details of your on-premises storage infrastructure. • Networking. Enter the amount of network bandwidth you currently consume in your on-premises environment. Step 2: Adjust assumptions Adjust the values of key assumptions that the TCO calculator makes, which might vary between customers. To improve the accuracy of the TCO calculator, you should adjust the values so they match the costs of your current on-premises infrastructure. The assumption values you can adjust include: • Storage costs • IT labor costs • Hardware costs • Software costs • Electricity costs • Virtualization costs • Datacenter costs • Networking costs • Database costs Step 3: View the report The TCO calculator generates a detailed report based on the details you enter and the adjustments you make. The report allows you to compare the costs of your on-premises infrastructure with the costs using Azure products and services to host your infrastructure in the cloud.
Elasticity
The ability to automatically or dynamically increase or decrease resources as needed. Elastic resources match the current needs, and resources are added or removed automatically to meet future needs when it's needed, and from the most advantageous geographic location. A distinction between scalability and elasticity is that elasticity is done automatically.
Scalability
The ability to increase or decrease resources for any given workload. You can add additional resources to service a workload (known as scaling out), or add additional capabilities to manage an increase in demand to the existing resource (known as scaling up). Scalability doesn't have to be done automatically.
High-availability computing
The ability to keep services up and running for long periods of time, with very little downtime, depending on the service in question.
Agility
The ability to react quickly. Cloud services can allocate and deallocate resources quickly. They are provided on-demand via self-service, so vast amounts of computing resources can be provisioned in minutes. There is no manual intervention in provisioning or deprovisioning services.
Disaster recovery
The ability to recover from an event which has taken down a cloud service. Cloud services disaster recovery can happen very quickly with automation and services being readily available to use.
Fault tolerance
The ability to remain up and running even in the event of a component or service no longer functioning. Typically, redundancy is built into cloud services architecture so if one component fails, a backup component takes its place. The type of service is said to be tolerant of faults.
Options in Pricing Calculator
The options that you can configure in the pricing calculator vary between products, but basic configuration options include: • Region. Lists the regions from which you can provision a product. Southeast Asia, central Canada, the western United States, and Northern Europe are among the possible regions available for some resources. • Tier. Sets the type of tier you wish to allocate to a selected resource, such as Free Tier, Basic Tier, etc. • Billing Options. Highlights the billing options available to different types of customer and subscriptions for a chosen product. • Support Options: Allows you to pick from included or paid support pricing options for a selected product. • Programs and Offers. Allows you to choose from available price offerings according to your customer or subscription type. • Azure Dev/Test Pricing. Lists the available development and test prices for a product. Dev/Test pricing applies only when you run resources within an Azure subscription that is based on a Dev/Test offer.
Orchestration
The task of automating and managing a large number of containers and how they interact
App services
With App services, you can quickly build, deploy, and scale enterprise-grade web, mobile, and API apps running on any platform. You can meet rigorous performance, scalability, security and compliance requirements while using a fully managed platform to perform infrastructure maintenance. App Services is a platform as a service (PaaS) offering
Operational Expenditure (OpEx)
This is spending money on services or products now and being billed for them now. You can deduct this expense from your tax bill in the same year. There is no upfront cost, you pay for a service or product as you use it.
Capital Expenditure (CapEx)
This is the spending of money on physical infrastructure up front, and then deducting that expense from your tax bill over time. CapEx is an upfront cost which has a value that reduces over time.
Scaling Up
To add additional capabilities to manage an increase in demand to the existing resource
Scaling Out
Traditionally adding more resources (such as webservers).
Unstructured data
Unstructured data encompasses data that has no designated structure to it. This also means that there are no restrictions on the kinds of data it can hold. For example, a blob can hold a PDF document, a JPG image, a JSON file, video content, etc. As such, unstructured data is becoming more prominent as businesses try to tap into new data sources.
3 ways to purchase Azure
Via enterprise agreement, Web direct, through CSP
VM Scale Sets
Virtual machine scale sets are an Azure compute resource that you can use to deploy and manage a set of identical VMs. With all VMs configured the same, VM scale sets are designed to support true auto-scale—no pre-provisioning of VMs is required—and as such makes it easier to build large-scale services targeting big compute, big data, and containerized workloads. So, as demand goes up more virtual machine instances can be added, and as demand goes down virtual machines instances can be removed. The process can be manual, automated, or a combination of both
Functions
When you're concerned only about the code running your service and not the underlying platform or infrastructure, Azure Functions are ideal. They're commonly used when you need to perform work in response to an event (often via a REST request), timer, or message from another Azure service, and when that work can be completed quickly, within seconds or less
Azure Management Tools
You can configure and manage Azure using a broad range of tools and platforms. There are tools available for the command line, language-specific Software Development Kits (SDKs), developer tools, tools for migration, and many others. Tools that are commonly used for day-to-day management and interaction include: Azure Portal, for interacting with Azure via a Graphical User Interface (GUI); Azure PowerShell, Azure Command-Line Interface (CLI), and Azure Cloud Shell, for command line and automation-based interactions with Azure.
Azure Security Center
• Provide security recommendations based on your configurations, resources, and networks. • Monitor security settings across on-premises and cloud workloads, and automatically apply required security to new services as they come online. • Continuously monitor all your services, and perform automatic security assessments to identify potential vulnerabilities before they can be exploited. • Use machine learning to detect and block malware from being installed on your virtual machines and services. You can also define a list of allowed applications to ensure that only the apps you validate are allowed to execute. • Analyze and identify potential inbound attacks, and help to investigate threats and any post-breach activity that might have occurred. • Provide just-in-time access control for ports, reducing your attack surface by ensuring the network only allows traffic that you require.
Billing Zones
• Zone 1 - West US, East US, Canada West, West Europe, France Central and others... • Zone 2 - Australia Central, Japan West, Central India, Korea South and others... • Zone 3 - Brazil South • DE Zone 1 - Germany Central, Germany Northeast Note: To avoid confusion, be aware that a Zone for billing purposes is not the same as an Availability Zone. In Azure, the term Zone is for billing purposes only, and the full term Availability Zone refers to the failure protection that Azure provides for datacenters.