Azure Fundamentals
VPN Gateway(Virtual Private Network Gateway)?
A VPN gateway is a specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet. You can also use a VPN gateway to send encrypted traffic between Azure virtual networks over the Microsoft network.
What is a load balancer?
A load balancer distributes traffic evenly among each system in a pool. A load balancer can help you achieve both high availability and resiliency.
What is a region?
A region is a geographical area on the planet containing at least one, but potentially multiple datacenters that are nearby and networked together with a low-latency network. Azure intelligently assigns and controls the resources within each region to ensure workloads are appropriately balanced. When you deploy a resource in Azure, you will often need to choose the region where you want your resource deployed.
Replication for storage availability?
A replication type is set up when you create a storage account. The replication feature ensures that your data is durable and always available. Azure provides regional and geographic replications to protect your data against natural disasters and other local disasters like fire or flooding.
What's a virtual network?
A virtual network is a logically isolated network on Azure. A virtual network allows Azure resources to securely communicate with each other, the internet, and on-premises networks. A virtual network is scoped to a single region; however, multiple virtual networks from different regions can be connected together using virtual network peering. You configure virtual networks through software.
What is Azure Application Gateway?
Application Gateway is a load balancer designed for web applications. It uses Azure Load Balancer at the transport level (TCP) and applies sophisticated URL-based routing rules to support several advanced scenarios. Azure Load Balancer distributes traffic among similar systems, making your services more highly available.
Asymmetric encryption?
Asymmetric encryption uses a public key and private key pair. Either key can encrypt but a single key can't decrypt its own encrypted data. To decrypt, you need the paired key. Asymmetric encryption is used for things like Transport Layer Security (TLS) (used in HTTPS) and data signing.
What is an Availability Zone?
Availability Zones are physically separate datacenters within an Azure region. Each Availability Zone is made up of one or more datacenters equipped with independent power, cooling, and networking. It is set up to be an isolation boundary. If one zone goes down, the other continues working. Availability Zones are connected through high-speed, private fiber-optic networks.
What are availability and high availability?
Availability refers to how long your service is up and running without interruption. High availability, or highly available, refers to a service that's up and running for a long period of time.
Azure Advanced Threat Protection (Azure ATP) ?
Azure Advanced Threat Protection (Azure ATP) is a cloud-based security solution that identifies, detects, and helps you investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Azure ATP is capable of detecting known malicious attacks and techniques, security issues, and risks against your network.
Azure App Service ?
Azure App Service enables you to build and host web apps, background jobs, mobile backends, and RESTful APIs in the programming language of your choice without managing infrastructure. It offers auto-scaling and high availability, supports both Windows and Linux, and enables automated deployments from GitHub, Azure DevOps, or any Git repo to support a continuous deployment model. This platform as a service (PaaS) allows you to focus on the website and API logic while Azure takes care of the infrastructure to run and scale your web applications.
Azure Application Gateway?
Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications.
What is Azure Batch?
Azure Batch enables large-scale job scheduling and compute management with the ability to scale to tens, hundreds, or thousands of VMs. When you're ready to run a job, Batch: Starts a pool of compute VMs for you Installs applications and staging data Runs jobs with as many tasks as you have Identifies failures Requeues work Scales down the pool as work completes There may be situations in which you need raw computing power or supercomputer level compute power. Azure provides these capabilities.
Use Azure CLI( Command Line Interface)to create?
Azure CLI is a cross-platform command-line program that connects to Azure and executes administrative commands on Azure resources. Cross-platform means that it can be run on Windows, Linux, or macOS. For example, to create a VM, you would open a command prompt window, sign in to Azure using the command az login, create a resource group
Use Cloud Shell in Azure portal to ?
Azure Cloud Shell is a browser-based scripting environment for command-line administration of Azure resources. It provides support for two shell environments. Linux users can opt for a Bash experience, while Windows users can use PowerShell.
Azure Container Instances (ACI)?
Azure Container Instances (ACI) offers the fastest and simplest way to run a container in Azure. You don't have to manage any virtual machines or configure any additional services. It is a PaaS offering that allows you to upload your containers and execute them directly.
Azure DDoS?
Azure DDoS Protection with application design best practices, you help provide defense against DDoS attacks. DDoS Protection leverages the scale and elasticity of Microsoft's global network to bring DDoS mitigation capacity to every Azure region. The Azure DDoS Protection service protects your Azure applications by monitoring traffic at the Azure network edge before it can impact your service's availability. Within a few minutes of attack detection, you are notified using Azure Monitor metrics.
Azure Functions?
Azure Functions is a serverless compute service that enables you to run code on-demand without having to explicitly provision or manage infrastructure. Use Azure Functions to run a script or piece of code in response to a variety of events.
Azure Information Protection (AIP)?
Azure Information Protection (sometimes referred to as AIP) is a cloud-based solution that helps organizations classify and optionally protect documents and emails by applying labels.
You want to store certificates in Azure to centrally manage them for your services. Which Azure service should you use?
Azure Key Vault
Azure Logic Apps?
Azure Logic Apps are similar to Functions - both enable you to trigger logic based on an event. Where Functions execute code, Logic Apps execute workflows built from predefined logic blocks. They are specifically designed to automate your business processes.
Use Azure Power Shell?
Azure PowerShell is a module that you can install for Windows PowerShell, or PowerShell Core, which is a cross-platform version of PowerShell that runs on Windows, Linux or macOS. Azure PowerShell enables you to connect to your Azure subscription and manage resources. Windows PowerShell and PowerShell Core provide services such as the shell window and command parsing. Azure PowerShell then adds the Azure-specific commands.
Data Storage options ( Azure)?
Azure SQL Database Azure Cosmos DB Azure Blob storage Azure Data Lake storage Azure Files Azure Queue Disk Storage
Encryption for storage services
Azure Storage Service Encryption (SSE) - for data at rest helps you secure your data to meet the organization's security and regulatory compliance. It encrypts the data before storing it and decrypts the data before retrieving it. The encryption and decryption are transparent to the user. Client-side encryption - is where the data is already encrypted by the client libraries. Azure stores the data in the encrypted state at rest, which is then decrypted during retrieval.
Serverless computing in Azure?
With serverless computing, Azure takes care of managing the server infrastructure and allocation/deallocation of resources based on demand. Infrastructure isn't your responsibility. Scaling and performance are handled automatically, and you are billed only for the exact resources you use. There's no need to even reserve capacity. You focus solely on the logic you need to execute and the trigger that is used to run your code. You configure your serverless apps to respond to events. This could be a REST endpoint, a periodic timer, or even a message received from another Azure service. The serverless app runs only when it's triggered by an event.
Hybrid Cloud
hybrid cloud combines public and private clouds, allowing you to run your applications in the most appropriate location. For example, you could host a website in the public cloud and link it to a highly secure database hosted in your private cloud (or on-premises datacenter). This is helpful when you have some things that cannot be put in the cloud, maybe for legal reasons. For example, you may have some specific pieces of data that cannot be exposed publicly (such as medical data) which needs to be held in your private datacenter. Another example is one or more applications that run on old hardware that can't be updated. In this case, you can keep the old system running locally, and connect it to the public cloud for authorization or storage.
Capital Expenditure (CapEx)
CapEx is the spending of money on physical infrastructure up front, and then deducting that expense from your tax bill over time. CapEx is an upfront cost, which has a value that reduces over time.
Functions vs. Logic Apps?
Functions and Logic Apps can both create complex orchestrations. An orchestration is a collection of functions or steps, that are executed to accomplish a complex task. With Azure Functions, you write code to complete each step, with Logic Apps, you use a GUI to define the actions and how they relate to one another.
How are Geographies broken down in Azure?
Geographies are broken up into the following areas: Americas Europe Asia Pacific Middle East and Africa
Types of Cloud Services
IaaS, PaaS & SaaS
Private Cloud
In a private cloud, you create a cloud environment in your own datacenter and provide self-service access to compute resources to users in your organization. This offers a simulation of a public cloud to your users, but you remain completely responsible for the purchase and maintenance of the hardware and software services you provide.
IaaS
Infrastructure as a Service
What is IaaS (Infrastructure as a Service)?
Infrastructure as a Service is the most flexible category of cloud services. It aims to give you complete control over the hardware that runs your application (IT infrastructure servers and virtual machines (VMs), storage, networks, and operating systems). Instead of buying hardware, with IaaS, you rent it. It's an instant computing infrastructure, provisioned and managed over the internet. User ownership. The user is responsible for the purchase, installation, configuration, and management of their own software operating systems, middleware, and applications. Cloud provider ownership. The cloud provider is responsible for ensuring that the underlying cloud infrastructure (such as virtual machines, storage and networking) is available for the user.
Azure IOT Services
IoT Hub IoT Central IoT Edge IoT solution accelerators Digital Twins IoT Hub Device Provisioning Service, Azure Time Series Insights to explore and analyze device data Azure Maps
What is the difference between Load Balancer and Traffic Manager?
Load Balancer and Traffic Manager both help make your services more resilient, but in slightly different ways. When Load Balancer detects an unresponsive VM, it directs traffic to other VMs in the pool. Traffic Manager monitors the health of your endpoints. In contrast, when Traffic Manager finds an unresponsive endpoint, it directs traffic to the next closest endpoint that is responsive.
NSG
Manage Azure Network Security Groups (NSGs). You can control network traffic to resources in a virtual network using a network security group. A network security group contains a list of security rules that allow or deny inbound or outbound network traffic based on source or destination IP addresses, Application Security Groups, ports, and protocols.
What is a microservice?
Microservices are a popular architectural style for building applications that are resilient, highly scalable, independently deployable, and able to evolve quickly. But a successful microservices architecture requires a different approach to designing and building applications.
Multi-factor authentication( MFA)?
Multi-factor authentication (MFA) provides additional security for your identities by requiring two or more elements for full authentication. These elements fall into three categories: Something you know Something you possess Something you are Something you know would be a password or the answer to a security question. Something you possess could be a mobile app that receives a notification or a token-generating device. Something you are is typically some sort of biometric property, such as a fingerprint or face scan used on many mobile devices.
Operational Expenditure (OpEx)
OpEx is spending money on services or products now and being billed for them now. You can deduct this expense from your tax bill in the same year. There's no upfront cost. You pay for a service or product as you use it.
What is PaaS (Platform as a Service)?
PaaS provides an environment for building, testing, and deploying software applications. The goal of PaaS is to help you create an application quickly without managing the underlying infrastructure. For example, when deploying a web application using PaaS, you don't have to install an operating system, web server, or even system updates. User ownership. The user is responsible for the development of their own applications. However, they are not responsible for managing the server or infrastructure. This allows the user to focus on the application or workload they want to run. Cloud provider ownership. The cloud provider is responsible for operating system management, and network and service configuration. Cloud providers are typically responsible for everything apart from the application that a user wants to run. They provide a complete managed platform on which to run an application.
PaaS
Platform as a Service
Cloud deployment models
Public Private Hybrid
What is resiliency?
Resiliency refers to a system's ability to stay operational during abnormal conditions. These conditions include: Natural disasters System maintenance, both planned and unplanned, including software updates and security patches. Spikes in traffic to your site Threats made by malicious parties, such as distributed denial of service, or DDoS, attacks
Role-Based Access Control (RBAC)?
Roles are sets of permissions, like "Read-only" or "Contributor", that users can be granted to access an Azure service instance.
What is SaaS (Software As A Service)?
SaaS is software that is centrally hosted and managed for the end customer. It is usually based on an architecture where one version of the application is used for all customers, and licensed through a monthly or annual subscription. Office 365, Skype, and Dynamics CRM Online are perfect examples of SaaS software. User ownership. Users just use the application software; they are not responsible for any maintenance or management of that software. Cloud provider ownership. The cloud provider is responsible for the provision, management, and maintenance of the application software. Common usage scenarios: Examples of Microsoft SaaS services include Office 365, Skype, and Microsoft Dynamics CRM Online.
Semi-structured data?
Semi-structured data doesn't fit neatly into tables, rows, and columns. Instead, semi-structured data uses tags or keys that organize and provide a hierarchy for the data. Semi-structured data is also referred to as non-relational or NoSQL data.
SaaS
Software as a Service
Structure Data?
Structured data is data that adheres to a schema, so all of the data has the same fields or properties. Structured data can be stored in a database table with rows and columns. Structured data relies on keys to indicate how one row in a table relates to data in another row of another table. Structured data is also referred to as relational data, as the data's schema defines the table of data, the fields in the table, and the clear relationship between the two. Structured data is straightforward in that it's easy to enter, query, and analyze. All of the data follows the same format. Examples of structured data include sensor data or financial data.
Types of data?
Structured data. Semi-structured data. Unstructured data.
Symmetric encryption ?
Symmetric encryption uses the same key to encrypt and decrypt the data. Consider a desktop password manager application. You enter your passwords and they are encrypted with your own personal key (your key is often derived from your master password). When the data needs to be retrieved, the same key is used, and the data is decrypted.
Azure Kubernetes Service (AKS)?
The task of automating and managing and interacting with a large number of containers is known as orchestration. Azure Kubernetes Service (AKS) is a complete orchestration service for containers with distributed architectures with multiple containers.
Public Cloud
This is the most common deployment model. In this case, you have no local hardware to manage or keep up-to-date - everything runs on your cloud provider's hardware. In some cases, you can save additional costs by sharing computing resources with other cloud users. Businesses can use multiple public cloud providers of varying scale. Microsoft Azure is an example of a public cloud provider.
What is the purpose of Azure Traffic Manager?
Traffic Manager uses the DNS server that's closest to the user to direct user traffic to a globally distributed endpoint.
Unstructured data?
Unstructured data encompasses data that has no designated structure to it. This also means that there are no restrictions on the kinds of data it can hold. For example, a blob can hold a PDF document, a JPG image, a JSON file, video content, etc. As such, unstructured data is becoming more prominent as businesses try to tap into new data sources.
What are Subnets?
Virtual networks can be segmented into one or more subnets. Subnets help you organize and secure your resources in discrete sections. The web, application, and data tiers each have a single VM. All three VMs are in the same virtual network but are in separate subnets.
Types of Web apps
Web Apps API Apps WebJobs Mobile Apps
Hybrid Cloud : Advantages and Disadvantages
Advantages Some advantages of a hybrid cloud are: You can keep any systems running and accessible that use out-of-date hardware or an out-of-date operating system You have flexibility with what you run locally versus in the cloud You can take advantage of economies of scale from public cloud providers for services and resources where it's cheaper, and then supplement with your own equipment when it's not You can use your own equipment to meet security, compliance, or legacy scenarios where you need to completely control the environment Disadvantages Some concerns you'll need to watch out for are: It can be more expensive than selecting one deployment model since it involves some CapEx cost up front It can be more complicated to set up and manage
Private Cloud : Advantages and Disadvantages
Advantages This approach has several advantages: You can ensure the configuration can support any scenario or legacy application You have control (and responsibility) over security Private clouds can meet strict security, compliance, or legal requirements Economies at scale and integration with Azure Security Center Disadvantages Some reasons teams move away from the private cloud are: You have some initial CapEx costs and must purchase the hardware for startup and maintenance Owning the equipment limits the agility - to scale you must buy, install, and setup new hardware Private clouds require IT skills and expertise that's hard to come by A use case scenario for a private cloud would be when an organization has data that cannot be put in the public cloud, perhaps for legal reasons. An example scenario may be where government policy requires specific data to be kept in-country or privately. A private cloud can provide cloud functionality to external customers as well, or to specific internal departments such as Accounting or Human Resources.
Public Cloud : Advantages and Disadvantages
Advantages: High scalability/agility - you don't have to buy a new server in order to scale Pay-as-you-go pricing - you pay only for what you use, no CapEx costs You're not responsible for maintenance or updates of the hardware Minimal technical knowledge to set up and use - you can leverage the skills and expertise of the cloud provider to ensure workloads are secure, safe, and highly available A common use case scenario is deploying a web application or a blog site on hardware and resources that are owned by a cloud provider. Using a public cloud in this scenario allows cloud users to get their website or blog up quickly, and then focus on maintaining the site without having to worry about purchasing, managing or maintaining the hardware on which it runs. Disadvantages: Not all scenarios fit the public cloud. Here are some disadvantages to think about: There may be specific security requirements that cannot be met by using public cloud There may be government policies, industry standards, or legal requirements which public clouds cannot meet You don't own the hardware or services and cannot manage them as you may want to Unique business requirements, such as having to maintain a legacy application might be hard to meet
What are virtual machine scale sets?
Azure Virtual Machine Scale Sets let you create and manage a group of identical, load balanced VMs. Imagine you're running a website that enables scientists to upload astronomy images that need to be processed. If you duplicated the VM, you'd normally need to configure an additional service to route requests between multiple instances of the website. VM Scale Sets could do that work for you. Scale sets allow you to centrally manage, configure, and update a large number of VMs in minutes to provide highly available applications. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule. With VM Scale Sets, you can build large-scale services for areas such as compute, big data, and container workloads.
What are Geographies in Azure?
Azure divides the world into geographies that are defined by geopolitical boundaries or country borders. An Azure geography is a discrete market typically containing two or more regions that preserve data residency and compliance boundaries. This division has several benefits. Geographies allow customers with specific data residency and compliance needs to keep their data and applications close. Geographies ensure that data residency, sovereignty, compliance, and resiliency requirements are honored within geographical boundaries. Geographies are fault-tolerant to withstand complete region failure through their connection to dedicated high-capacity networking infrastructure.
What is Special Azure regions?
Azure has specialized regions that you might want to use when building out your applications for compliance or legal purposes. These include: US DoD Central, US Gov Virginia, US Gov Iowa and more: These are physical and logical network-isolated instances of Azure for US government agencies and partners. These datacenters are operated by screened US persons and include additional compliance certifications. China East, China North and more: These regions are available through a unique partnership between Microsoft and 21Vianet, whereby Microsoft does not directly maintain the datacenters.
Azure Storage tiers?
Azure offers three storage tiers for blob object storage: Hot storage tier: optimized for storing data that is accessed frequently. Cool storage tier: optimized for data that is infrequently accessed and stored for at least 30 days. Archive storage tier: for data that is rarely accessed and stored for at least 180 days with flexible latency requirements.
What about DNS?
DNS, or Domain Name System, is a way to map user-friendly names to their IP addresses. You can think of DNS as the phonebook of the internet. For example, your domain name, contoso.com, might map to the IP address of the load balancer at the web tier, 40.65.106.192.
Paid Azure support plans
Developer Standard Professional Direct Premier Some support - Developer Most Support - Premier
What is a region pair?
Each Azure region is always paired with another region within the same geography (such as US, Europe, or Asia) at least 300 miles away. This approach allows for the replication of resources (such as virtual machine storage) across a geography that helps reduce the likelihood of interruptions due to events such as natural disasters, civil unrest, power outages, or physical network outages affecting both regions at once. Examples of region pairs in Azure are West US paired with East US, and SouthEast Asia paired with East Asia.
Economies of scale
Economies of scale is the ability to do things more efficiently or at a lower-cost per unit when operating at a larger scale. This cost advantage is an important benefit in cloud computing. ex: Microsoft, Google, and Amazon are large businesses leveraging the benefits of economies of scale, and then pass the savings onto their customers.
Which of these is the strongest way to protect sensitive customer data?
Encrypting your data as it travels over the network (encryption in transit) is important, your data may be vulnerable as it sits in your database.
What is encryption?
Encryption is the process of making data unreadable and unusable to unauthorized viewers. To use or read the encrypted data, it must be decrypted, which requires the use of a secret key. There are two top-level types of encryption: symmetric and asymmetric.
