AZ-900

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Paas (Customer Responsibility)

Data, Application

SaaS (Customer Responsbility)

None

● Describe the benefits and usage of Management Groups

○ Management Groups allow for creating a hierarchy. Will have the root management group and go up to 6 levels (not including the root above or subscriptions below). ○ Can apply budget, RBAC, Policy which are then inherited down ○ It is there to help you manage a group of subscriptions ○ Start with general policies at the top and get more specific as you roll down●

Reliability

○ Nodes/servers can fail but the cloud will do automatic healing. Things get redeployed to another node or rack if one fails. ○ Storage services automatically replicates (3 copies at a minimum) ○ Auto Scale - increase and decrease nodes based on load (not wasting capacity) ○ SLA (Service Level Agreement of each service) - financially backed commitment from Azure for each service ○ Design for Failure - Choice will depend on how much data you can afford to lose (recovery point objective) and how quickly you need to get back online (recovery time objective) ○ Monitor - Azure may be fine, but your application might have a problem so alerts need to be created and you need to setup action groups to automatically do something if there is an action problem

Predicability

○ SKU - VM SKU, Storage SKU ○ Behavior - I have specific ways I can interact ○ Use templates for deployments (JSON, terraform) ■ Automation - response for events (take out humans clicking buttons) so we are always doing things the same way ■ Devops - continuous deployment

● Benefits and usage of big data and analytics services (Describe benefits and usage of Azure Synapse Analytics, HDInsight, and Azure Databricks)

○ Source Data needs to go through the following steps to be usable in analytics. ■ Extracted, generally to a data lake (any amount of unstructured raw data) where it can be transformed. If we get rid of some data we may later want for a query we can always go back to it in the data lake. ■ Transform is the idea that the data is not in the right form (missing fields, duplicate data, etc.) so these are the actions we are going to perform to clean up the data. After it's cleaned, now we wrangle the data into a format we can use in the desired model. ■ Data is now LOADED into the the SINK (SQL DB, COSMO DB). This is the place where we can run the analysis on the data. ■ There is an idea of an orchestration to make this ETL happen. This is Azure Data Factory to go from Source to Sink. ○ Transforming data has a number of services in Azure ■ HDInsight - number of different open source analytic services ■ HADOOP - consent of map reduce (dividing tasks into smaller parts to distribute processing) ■ STORM - real time processing useful for real time analytics integration with machine learning ■ SPARK - mostly around batch jobs of data transformation. Can schedule a job and using many different languages you can then perform these transformations. Disk based instead of memory based so much faster. ■ KAFKA - About the idea that you have huge amounts of sensors and there's a constant stream of data coming in, so KAFKA is all about ingesting into your pipe and dealing with that huge amount of data ■ HIVE LLAP - Interactive query where you can access data live. Can query it directly from the data lake ■ HBASE - Disk node SQL storage ■ All of these are open source frameworks ○ Azure Databricks - built off Apache Spark. Managed databrick solution available within Azure. Has a full UX. Sits on top of a Delta Lake. Can store data and transaction logs for auditing. Can also integrate with a data lake. ○ Azure Synapse Analytics - builds on Data Factory and gives you a workspace where you get a certain amount of computing and processing and ondemand tools. ■ Has its own database preparation capabilities built on its own Apache Spark component ■ Has synapse links to talk in real time to things like COSMO DB ■ Integrates with data lakes ■ Complete analytics solutions

Public Cloud

(e.g. Azure) - typically the most complete offering. True OPEX (only paying for what you use). Primarily accessed over the internet. Limitless with many regions with many services.

IaaS (Customer Responsibility)

Data, Application, Runtime, OS

On Premise (Customer Responsibility)

Data, Application, Runtime, OS, HV/VM, Compute, Network, Storage

IaaS

Infrastructure as a Service VM in the Cloud Customer responsible for OS to Data Azure responsible for Storage to H/V

Private Cloud (On Premises)

Physical servers running a H/V. There will be a management set of software to access the private cloud. As a company this is CAPEX. You are buying servers, licenses, etc. Full flexibility within the capabilities of whatever management stack you are running.(Azure stack, Azure arc)

PaaS

Platform as a Service Likely a VM, but you don't see it running Azure is responsible for Storage to Runtime Customer is responsible for Data/Application

SaaS

Software as a Service This is where the entire business function is delivered Something like Microsoft 365 Dynamics 365 Sales Force Customer is responsible for nothing Some basic admin items like enabling users, but the service is delivered for you

Hybrid Cloud

We use both a private and public cloud often seamlessly. Offering a certain service from your on premise private cloud, but during busy times or a failure it's going to burst out into the public cloud. Some services require an anchor and NEED to be on premises but other pieces you can have on the public cloud. As the user, you don't care if it's running in private or public. You get a lot of flexibility. May need to operate in a country where there isn't an Azure cloud so you run a private cloud with Azure Stack.

Describe Public and Private Endpoints

■ Public Endpoint can be accessed from the internet, not everyone can talk to it, you still have to authenticate ■ Private Endpoint - IP address within a subnet we specify. Setup a private endpoint to a specific service like a storage account. Can now communicate to the device from other VNETs or on premise networks to the VPN connecting to the service. Can turn of the public endpoint so you can ONLY communicate through the private endpoint

Describe the benefits and usage of Cosmos DB, Azure SQL Database, Azure Database for MySQL, Azure Database for PostgresSQL, and SQL Managed Instance

■ SQL server is the Microsoft relational database solution. Can define the relationship of the data to each other. There is a fixed schema with tables, columns and the format they can be. There will be rows (records) with the data and columns with attributes or the data that can be put in there. Always a key to give a unique identifier. ■ Azure SQL Database is a complete managed option as a PaaS service. ■ Azure SQL MI (Managed Instance) - PasS Service with some limitations. ● Runs in customer VNET with dedicated instances ● Great compatibility ■ CITUS (Hyperscale) - multiserver, sharding the data (Increased scale and performance) ■ COSMOS DB (not relational) - Born in the cloud. ● Multiple models (Documents with SQL DB, MONGO, Columns with Cassandra, Tables, Graphs with GREMLIN) ● Different capabilities around consistency ■ Data movement and migration ● SMB File share stored on premise. Equivalent would be Azure files. ● Have Server Endpoints (up to 100) that can connect to Azure files through a Sync Group. ● All Sync up to the cloud never with each other ● Cloud Tiering - so if you hit a threshold locally it can offload the least accessed data to the Azure File Share. Can also set time limits if a file hasn't been accessed in a set amount of time ● Storage Explorer - Useful for Ad Hoc interactions with a smaller amount of data ○ Interactive ● AZ Copy - Useful for automation processes and Copy/Sync. Cloud to Cloud so only uses Azure share so very fast. ● Azure Migrate - VM DB. Does assessment to help know what to migrate. ● All of these tools we consider online ● Offline tools would be Azure Databox or Azure Databox Disk (1-5 SSDs get shipped to you and you just copy the data). You only import the data into the disks then ship them back. ○ Azure Databox allows import/export. 50lbs, 80TB and you can put your data on it and ship it back and specify which storage accounts you want the data to go to. ○ Databox Heavy - 770TB and 500lbs, ships via freight. ○ Describe the benefits and usage of Azure Marketplace ■ Place where you can go in Azure and view various offerings from Microsoft or 3rd parties.

○ Describe the benefits and usage of Container (Blob) Storage, Disk Storage, File Storage, and storage tiers

■ Storage account lives in a specific region

○ Describe the benefits and usage of Virtual Networks, VPN Gateway, Virtual Network peering, and ExpressRoute

■ Virtual networks can live within one subscription in one region (cannot span either). At least one IPv4 CIDR. RFC1918 is a set of IP addresses to be used on internal networks. Every network can use the same internal IP addresses then 1 or 2 public addresses through NAT. 1018, 172.16.12/12, and 192.168/16 ■ Can optionally ad IPv6 CIDR ■ Then you create virtual subnets (one or more) and attach resources to the subnet (VM with NIC which attaches to the subnet) ■ If you want to make a service available to the internet you have to add a Public IP resource and attach to a VM or more commonly create a load balancer and attach that to the public IP on the front end and the subnet on the backend ■ If you do another region with another VNET the IP cannot overlap another VNET ■ Might have an on premise network (again cannot overlap IP addresses) and you have two connectivity options to attach to your VNET. ● Over the internet you can do a site-to-site VPN (encrypted). This requires a VPN Gateway resource setup in your subnet. Can do policy based but only if your on premise is legacy and only supports policy based. ● What you want is route based which supports different routes depending on the site you're connecting to. This also supports express route. Can support active/active (2 public IP addresses) more resiliency and faster cutover. ● If you don't want to go over the internet Azure runs a huge backbone that extends at Meet Me points. Dedicated private connection not over the internet where you can use Express Route. ○ Different models of Express Route. Private Peering establishes a sharing of routes (by setting up an Express Route Gateway in your subnet) ○ Microsoft Peering ● Lots of resources that don't live in a virtual network. You might have a storage account. In the subnet you can enable service endpoint for storage and create a better route to your storage account and it makes the subnet a known resource to the storage account and allows for a firewall. These are called service endpoints. ● Maybe you have a storage account with a public facing IP and you don't want that. You can create a private endpoint (using a private IP address from the subnet) that goes to the storage account. You can now only talk to it from that subnet.

● Describe the purpose of Azure Arc

○ Azure is really the idea of this huge amount of capacity exposed over many regions throughout the world and we consume it's resources ○ Gives us lots of management and governance (Policy, RBAC, Tag, Defender) ○ All happens through the Azure Resource Manager (ARM) ○ May have capacity on premises, in other clouds so Azure ARC is going to bring your control plane of Azure to these other locations ■ Arc-enabled servers (windows, linux, VM, bare metal) run inside the OS so it goes ARM > ARC > Arc-enabled Server so that the features of Azure and the control plane are brought into your other location ○ There's more than just OS, could be kubenators (arc-enabled kubenators) services you install within your arc-enabled kubenator and now you can bring the Azure capabilities into your other clouds, on premise devices ■ Arc-enabled app services, machine learning, etc.

Describe the benefits and usage of Azure Resource Manager (ARM)

○ Azure we know today is really the v.2 ○ Built around the idea of resource providers. Think of Azure as this big cloud service which is built up of these resource providers that define all the types of resources that are available to us. ○ The management and deployment layer is the Azure Resource Manager (ARM) ■ Any interaction we do is going through the ARM (Portal, PIS, AZ CLI, REST, API) ■ When you think of features like policy or authorization these are operating at the ARM level ■ Can create a JSON file for what you want to deploy. These are declarative so you aren't telling it how to do something, you are saying what you want the end state to be. ● If you export a template it will show you the JSON file you need ■ BICEP is a more human friendly language which gets transpiled into a JSON file behind the scenes. It is still declarative.

Describe the benefits and usage of Subscriptions

○ Base unit of an agreement between a customer and Microsoft ○ Can have multiple subscriptions each with their own agreement and billing model ○ Azure Active Directory Tenant is where accounts live ■ Users ■ Groups ■ Devices ○ Every Azure subscription trusts one and only one Azure Active Directory Tenant ○ Can apply budgets, RBAC, and policies at the subscription level ■ Within each subscriptions can have one or more resource groups and roles are inherited from the subscription ○ Can have separate subscriptions for PROD vs. TEST with different restrictions in each environment ○ Can separate out for billing purposes to easily see what you are spending for different services ■ Can also use tagging for billing too ○ Can setup different subscriptions for limits ○ Some resources you can move between subscriptions, but there are limitations

Describe the benefits and usage of Regions and Region Pairs

○ Data Centers are grouped into a region (e.g. E. US), defined by latency envelope the time it takes for data to travel and come back. The further I am from systems the longer it takes for a round trip. ○ The US Government, Germany, and China have sovereign separate clouds. All have their own Azure AD and Resource Manager. ○ Performance - May want to have instances of your services in different regions (e.g. E. US and W. US) if you have users in multiple regions so they are close and latency is low ○ Regulatory - Might be regulatory reasons for data to stay within a certain geographic region ○ DR (Data Resiliency) - Multiple regions help to combat natural disasters (gives you resiliency) ○ Everyone except Brazil replicates to the same geopolitical boundary (simply because Brazil only had one Region at the time) ○ When services come back up it will prioritize a particular region to bring up first. Updates will only roll out one region at a time so if there's issues it doesn't affect both pairs

Describe the benefits and usage of Availability Zones

○ Data center requires power, cooling, and networking and separate physical locations for disaster recovery ○ Every subscription gets 3 availability zones per region (most regions support 3) ■ No correlation between subscriptions and physical buildings where each availability zone is stored ■ Gives you resiliency from disasters but updates also roll out one availability zone at a time to make sure they are stable first

● Benefits and Usage of Core Compute Resources - no matter what service you use Azure will always handle Storage up to H/V

○ Describe the benefits and usage of Virtual Machine, Azure App Services, Azure Container Instances (ACI), Azure Kubernetes Services (AKS), and Azure Virtual Desktop ■ Virtual machines virtualize the hardware (cores, RAM, storage). Ratios of cores to memory depending on needs. Direct access to the OS. ■ VMSS - specify a template, config, and scale (mix, max, auto) ■ Containers are great for micro services. Behind the scenes you have a container image (repository). You have a container registry which contains a container image. Container runs on a container host (a sandbox created within an OS). Can have lots of containers sharing a container run time. Containers really are the future. Services in Azure that work with containers are ACI ■ AKS - Azure Kubernetes Services (management, data). Full, rich, orchestrated environment that is still managed. Containers run in PODS. If you want to submit deployment, declarative files, rich networking, storage integration, extensions, and policies ■ App Services - All based around web based, mobile, API. Can pick what is the runtime you want (using VMs) in which you pay for the number and SKU and config of the VM but have no access to the VM. They are fully managed. ■ Azure Virtual Desktop - Desktop as a service.

● Describe the benefits and usage of Azure DevOps, GitHub, Github Actions, and Azure DevTest Labs

○ DevOps is really a process and an approach to a project with tools that can be leveraged. ■ Azure DevOps was the original Microsoft tool. ● Repository - where we store our code ● Version Control (focus on using GIT ■ Boards - about project management tracking ■ Pipelines ● Continuous integration. People are working locally on their piece of the code and we want to bring it all back together so if there are issues we find it early and often. ● Continuous Delivery - Building it, testing it, running through certain environments, as well as continuous deployment. ■ Artifacts - Some compiled image that you want to use somewhere. Very mature solution, but not getting a lot of future investment because of GITHUB which was the solution for open source. ■ GitHub is focused around repositories. Great AI. Can translate code into data. Also has Actions which can be triggered by nearly anything. Can do CI/CD but can do much more. ● Environments. Can set a condition where something must be met before going to an environment rather than gates. This makes a lot more sense to meet conditions rather than having gates. ■ Azure DevTest Labs - means of setting up, testing, and tearing down various builds of your software. Anything you can provision with an ARM template (pretty much any Azure resource) you can then delete everything once done.

● Describe the benefits and usage of Resource Groups ( resources include VMs, Security Groups, Disks, Public IP addresses, etc.)

○ Everything has to live in one and only one Resource Group ○ Metadata has to live within a particular region, but you can have multiple resource types from multiple regions in a Resource Group ○ Cannot put a resource group inside a resource group ○ Can move resources between resource groups ○ Things in a common resource group share a lifecycle so good to group them so you can decommission them all at the same time ○ Role based access control ○ Policy (you can only create this type of resource, or you can only create resources in certain regions). These are guard rails for things you need to adhere to ○ Apply a budget to a resource group (spending limit) ○ Resource Groups allow tags (does not get inherited...gets added to the resource group but not the resources in the group. Can use policies to achieve this)

● Describe benefits and usage of Internet of Things (IoT) Hub, IoT Central, and Azure Sphere

○ IoT Hub (almost a PasS solution). I want to write my own code. ■ A device with an MCU (can't connect to the internet or do updates). IoT is the idea of allowing these devices to connect to the internet and talk to each other. Can send command/controls down to the device and telemetry going up to the cloud. ■ Sensors on the MCU could be gathering any large number of things for metrics including: temperature, GPS coordinates, pictures, amount of light, presence of gasses...really anything can be enabled ■ Out of these millions of devices you want to be able to identify them very clearly so you need services around IoT to enable all these capabilities ■ IoT Hub is a hub where these devices can communicate too. Can communicate with device to cloud, device to cloud upload, and cloud to device ■ IoT Hub creates a device twin (a representation of the actual device within IoT Hub). You interact with the device twin. All done by various SDKs that IoT Hub supports. ■ You will use your own application to communicate with the SDK ○ Azure IoT Central (uses IoT Hub) - a Saas Solution. Something out of the box. ■ Dashboards/Apps ■ Device Templates and Simulated Devices ■ Common Industry Scenarios ■ Fully customizable ■ Can add rules via a wizard (Signal > Condition > Action) ● Actions are vast: send an email, SMS, call a web hook, call Azure functions or a logic app, hook into ITSM system ○ Azure Sphere is the end to end solution for security on these devices. Built out of three different components. ■ Azure Sphere MCU needs to be created ■ Linux based OS (linux kernel provided by Microsoft) and manufactures have to update it ■ Azure Sphere Security Service (AS3) ● Identity/Authentication will use certification instead of passwords

● Describe benefits and usage of Azure Machine Learning, Cognitive Services, and Azure Bot Service

○ Many scenarios today where you have data and want to emulate. Machine learning is more about training a model based on existing data and applying the model to new data to forecast future outcomes. ○ Azure Machine Learning is a platform you can use for predictions. Useful when you have data scientists who want total control over creating, writing, training, and tweaking the model. ■ How to get data ■ Training and evaluating a model ■ Pipeline for your experiments ■ Deploy the algorithm you generate and make it available as an API that is accessible by some endpoint and then using an APP to talk to the endpoint. ○ Azure Cognitive Services are pre built models that you can easily spin up and leverage within some application you are using. Can interact with very minimal coding. ■ Language. Maybe someone is communicating with natural language and you want to assess the sentiment (is it positive or negative). Need to learn and recognize what users actually want ■ Speech. There are speech services such as converting speech to text or translate from one language to another ■ Vision. Maybe you have a security camera and want to identify if someone is not wearing a safety helmet or a mask and flag a security risk. Maybe identify what the object is (a person, car, flower, etc.) ■ Decision Services. You want to get some recommendation that maybe proves over time like moderating content. ○ Azure BOT Service. Interacting with some kind of virtual agent. As part of this service we have to do a number of things based on the user who is communicating. ■ Need to understand what they are asking ■ We have a knowledge base through which the BOT can draw from to respond in a rich way with the user ● Describe benefits and usage of serverless computing solutions that include Azure Functions and Logic Apps ○ Consumption based on the actual work that is done ○ This is event driven. Something has to happen to fire off this serverless technology. ○ Azure Functions. ■ Writing code in a supported language. ■ These are stateless. There is no shared state in memory. Something gets spun up from the code and then goes away. ■ Durable Functions. Enable you to have a durable state (i.e. maintained) between events happening. Fan out and call a bunch of different things and once they finish gather all the data. By default most are stateless. ○ Azure Logic Apps. ■ No or low code ■ Authoring Experience. Taking the event, but is has a whole number of connectors that integrate with some other service to perform an action against the service.


Kaugnay na mga set ng pag-aaral

Health Assessment Test 2 (Chapters 14-19)

View Set

Unit 1 Native American Ghost Dance & the Powwow

View Set

Hawaii Laws and Rules Common to All Lines - Set 4

View Set

Cell Signaling and Signal Transduction - Handout 14

View Set

True or False Questions - Weather or Not

View Set

Principles of Management Chapter 14

View Set

Inherit the Wind Lines--Hornbeck only

View Set

Fetal Alcohol Syndrome (6005 Module 5)

View Set