AZ-900 V10

" Azure PAAS Services (Platform as a Service)

" - *App Services* - *Azure SQL Databases* - *Azure Synapse Analytics* - *Azure Cache for Redis* - Azure Service Bus - Web Application Firewalls (WAF) - Content Delivery Network (CDN) - Azure Cloud Services

" VMs Backup and Recovery

" - A *snapshot* is a full copy of a virtual machine's OS or data disk. Snapshots are useful for *backup, disaster recovery*, and troubleshooting. - To store the backups and recovery points, you need to create a *Recovery Services vault*. - With the *enabled backup option*, your VM will be backed up to Recovery Services vault with default backup policy. - *Azure Site Recovery* allows organizations to meet their business continuity and disaster recovery (BCDR) requirements by having your virtual machines' data replicated to a secondary region and failover in the event of a downtime. - You can set up *disaster recovery* of Azure VMs from a primary region to a secondary region using *Azure Site Recovery*.

" Azure IAAS Services

" - Azure Virtual Machine - Azure Storage Account

" Choosing the *right Compute* service.

" - Do you need *full control*? - Virtual Machine. - Do you need *HPC workload*? - Azure Batch. - You do *not need microservices or containerization*, but simple service for running a WEB project? - Azure App Service. - You need *microservices* or *Event Driven* workload with short running time? - Azure Functions. - You need *containerization*? - Azure Container Services. - You need *orchestration*? - Azure Kubernetes Services.

" Features of Azure CloudShell

" - In the cloud shell environment you can switch between *PowerShell* and Azure *Bash* (left upper corner menu). - You can *upload / download files* to Cloud Shell. - Has *Inbuilt Editor*. - Interactive, authenticated, browser-accessible shell for managing Azure resources. - Times out after 20 minutes. - requires an Azure file share to be mounted and a storage account created. - can be accessible via shell.azure.com

" Features of China and Germany regions?

" - Require special contracts with the local provider. - You can't simply choose the China or Germany region from the drop down menu to create resource in it.

" Features of Subscriptions

" - Subscriptions *connected to payment methods*. - *Multiple Subscriptions* can be associated with a *single Azure AD Tenant*, but *NOT vice versa*. - If *Subscription expires* the associated Azure AD Tenant is deleted automatically. - You can *Change Azure AD Tenant* to which subscription is associated." *Logical Grouping of Resources* Resource groups exist to help manage and organize your Azure resources. By placing resources of similar usage, type, or location in a resource group, you can provide order and organization to resources you create in Azure. It could be grouped by Department, Environment (Dev, Text, Prod), Location, Billing.

What is *Azure Advisor*?

" Microsoft Azure service that provides *recommendations* based on your *deployed Azure services* configuration. 1) High Availability. 2) Security. 3) Performance. 4) Operational Excelence. 5) Cost.

" App Service Plans Features

"*App Service plan* is a collection of compute resources needed for a web app to run. - Each App Service plan consists of a *region, number & size of virtual machines and pricing tier*. - App Service plan pricing tier: *Shared Compute* - Free and Shared are the two base tiers. These tiers allocate CPU quotas to every app running on the shared resources, but the resources cannot scale-out. *Dedicated Compute* - It is composed of Basic, Standard, Premium, and PremiumV2 tiers. As the tier gets higher, you will have more VMs to scale-out. *Isolated* - A dedicated virtual machine that provides maximum scale-out capabilities.

" Benefits of using Azure

"*Be ready for the future*: Continuous innovation from Microsoft supports your development today and your product visions for tomorrow. *Build on your terms*: You have choices. With a commitment to open-source, and support for all languages and frameworks, build how you want and deploy where you want to. *Operate hybrid seamlessly*: On-premises, in the cloud, and at the edge--we'll meet you where you are. Integrate and manage your environments with tools and services designed for a hybrid cloud solution. *Trust your cloud*: Get security from the ground up, backed by a team of experts, and proactive compliance trusted by enterprises, governments, and startups.

" "Capital Expenditure (*CapEx*) and Operational Expenditure (*OpEx*) types of expenses"

"*CapEx* - is the up-front spending of money on physical infrastructure, and then deducting that up-front expense over time. The up-front cost from CapEx has a value that reduces *over time* (tax deduction). *OpEx* - is spending money on services or products now, and being billed for them now. You can deduct this expense (tax deduction) in *the same year* you spend it. There is no up-front cost, as you pay for a service or product as you use it.

" 3 models of ExpressRoute connectivity

"*CloudExchange colocation* - *Point-to-point Ethernet connection* - *Any-to-any connection* -

" Azure *Geographies*

"*Discrete market typically contains two or more regions*. Ensures data residency, sovereignty, resiliency, and compliance requirements are met. Fault-tolerant to protect from region-wide failures. Broken up into areas: 1) Americas 2) Europe 3) Asia Pacific 4) Middle East and Africa Each region belongs only to one Geography

" What is *Region Pair*?

"*Each region* is *paired* with another region making it a region pair. Region *pairs are static* and cannot be chosen. Each pair resides within the same geography* (Exception is Brazil South). *Physical isolation* with at least 300 miles distance (when possible). Some services have *platform-provided replication*. *Planned updates* across the pairs. *Data residency* maintained for disaster recovery.

" What is *Region*?

"*Geographical area* on the planet containing *at least one, but potentially multiple datacenters* connected with *low-latency network* (<2 milliseconds). 60+ Zones. Location for your services. Some services are available *only in certain regions*. Some services are *global services*, as such are not assigned/deployed in the specific region. Globally available with *50+ regions*. Special *government regions* (US DoD Central, US Gov Virginia, etc.). Special *partnered regions* (China East, China North, Azure Germany - 2 regions). Regions are *what you use to identify the location for your resources*.

" Azure Global Infrastructure

"*Geographies* *Regions* *Availability zones* *Region Pairs* *Data Centers*

" *Fault domain*

"*Logical Group* of underlying hardware that *share a common power source* and network switch. Logical representation of the PHYSICAL RACK in which a host computer is installed. By default, Azure assigns *two fault domains to an availability set*. If a problem occurs in one fault domain (one computer rack), the VMs in that fault domain will be affected, but VMs in the second fault domain will not. This protects you from unplanned maintenance events and unexpected downtime.

" *Update domain*

"*Logical group* of underlying hardware that can undergo *maintenance or be rebooted at the same time*. As you create VMs within an availability set, the Azure platform automatically distributes your VMs across these update domains. This approach ensures that at least one instance of your application always remains running as the Azure platform undergoes periodic maintenance.

" *Components of Azure Resource Management*

"*Management groups*: These groups help you manage access, policy, and compliance for multiple subscriptions. All subscriptions in a management group automatically inherit the conditions applied to the management group. *Subscriptions*: A subscription groups together user accounts and the resources that have been created by those user accounts. For each subscription, there are limits or quotas on the number of resources that you can create and use. Organizations can use subscriptions to manage costs and the resources that are created by users, teams, or projects. *Resource groups*: Resources are combined into resource groups, which act as a *logical container* into which Azure resources like web apps, databases, and storage accounts are deployed and managed. *Resources*: Resources are instances of services that you create, like virtual machines, storage, or SQL databases. An object used to manage services in Azure. Represents service lifecycle. *Saved as JSON definition*.

" Azure VM Pricing

"*Pay as you go* - pay per the second, with *no long-term commitments* or upfront payments. *Reserved* - make a low, one-time *up-front payment* for an instance, reserve it for a 1-or 3-years term. *Savings up to 72%*. *Spot* - request *unused compute capacity*, which can lower your costs significantly. *Savings up to 90%*." Key parts of VM? "*OS Disk* *Temporary Disk* (optional) *Data Disk* (optional) - Managed disks for application data. *Network Interface / NIC* - Network Interface connected to the interface.

" What is *Data Center*?

"*Physical facility*. *Hosting for* group of networked *servers*. Own *power, cooling* & *networking* infrastructure.

" What is *Availability Zone*?

"*Regional feature*. Grouping of *physically separate* facilities. *One or More datacenter* with with *independent power, cooling, and networking facilities*. Designed to *protect from data center failures*. If the zone goes down *others continue working*. Two services *categories *: *Zonal services* (Virtual Machines, Disks, etc.) *Zone-redundant* services (SQL, Storage, etc.). *Not all* regions are *supported*. *Supported* region has *three or more zones*. A *zone* is *one or more data centers*.

" *Scale sets*

"*Set of identical virtual machines* with *built-in autoscaling* features. Let you create and manage a group of load-balanced VMs. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule. Scale sets provide high availability to your applications. Features: - *High Availability*. - *Auto Scaling* (Up to 1 -1000 nodes.). - Large Scale. - No Extra Cost. Scaling rules: - Scheduled - Workload.

" Details of Azure *VMs STATUS*

"*Start* - run your virtual machines. You are *continuously billed* while your VM is running. *Restart* - some updates do require a reboot. In such cases, the VMs are shut down while Azure patches the infrastructure, and then the VMs are restarted. *Stop* - is just a normal shutdown. If the VM is in a deallocated status, you will *continue to be charged* for the storage needed for the operating system disk. - You can also directly delete the virtual machines/resources. Deleting the selected virtual machines is irreversible. - You can redeploy a VM if you're having difficulties connecting to your Linux/Windows server. When the redeployment is in progress, the VM will be unavailable because the status of the VM changes to Updating (as the VM prepares to redeploy). - If the VM is currently running, changing its size will cause it to be restarted and will result in system downtime.

" Differences between CapEx and OpEx

"*Upfront cost*: CapEx - Significant, OpEx - None *Ongoing cost*: CapEx - Low, OpEx - Based on usage *Tax Deduction*: CapEx - Over time, OpEx - Same year *Early Termination*: CapEx- No, OpEx - Anytime *Maintenance* : CapEx- Significant, OpEx - Low *Value over time*: CapEx - Lowers, OpEx - No change

" *Azure Logic Apps*

"*Workflow* Engine. Low-code/no-code GUI development platforms are designed to automate business scenarios and are built from predefined logic blocks. Used to *orchestrate* and *stitch together* functions and services. Key construct: *Triggers -> Actions*. Priced by: - number of executions. - type of utilized connectors.

" Availability Zone's options for Azure Resources

"*Zonal services*: Resource pinned to a specific zone (VMs, Managed Disks, IP addresses). *Zone-redundant services*: The platform replicates automatically across zones (Zone-Redundant storage, SQL Databases). *Non-regional services*: Services are always available from Azure geographies and are resilient to zone-wide outages as well as region-wide outages.

" Key features of Management Groups

"- 10,000 management groups can be supported in a single directory. - A management group tree can support up to six levels of depth (not including root level). - Each management group and subscription can support only one parent. - Each management group can have many children. - All subscriptions and management groups are within a single hierarchy in each directory.

" Azure subscriptions details

"- A subscription provides you with *authenticated and authorized access to Azure products and services*. It also allows you to provision resources. - An Azure subscription is a *logical unit of Azure services that links to an Azure account*, which is an identity in Azure Active Directory (Azure AD) or in a directory that Azure AD trusts. - An *account can have one subscription or multiple subscriptions* that have *different billing models* and to which you apply *different access-management policies*. - You can use Azure subscriptions to define boundaries around Azure products, services, and resources.

" Data Transfer Pricing in Azure

"- Data transfer *TO Azure is always FREE*. - Data transfer within the *SAME Availability Zone is FREE*. - Data transfer *Between Availability Zones is NOT FREE* (0.01$ per GB). - Data transfer *Between Azure regions* and to other continents is *NOT FREE* (0.02$ per GB).

" Features of VM's Disks

"- Disk types: Standard HDD, Standard SSD, and Premium SSD. All types could be *Locally-redundant* (rep within single DC) and zone-redundant copy to 3 zone. - Every virtual machine has one attached OS disk. - OS disk has a maximum capacity of 4,095 GiB. - Every VM contains a temporary disk that provides short-term storage only for page or swap files. - Data on the temporary disk may be lost during a maintenance event or when you redeploy a VM. - You can enable ultra disk compatibility for high throughput, high IOPS, and consistent low latency disk storage. - A VM with an enabled Ultra Disk capability will result in a reservation charge even without attaching an Ultra Disk. - An Availability zone supports managed disks. - You get lower read/write latency to the OS disk with Ephemeral OS disk, and faster reimage of VM. You incur no storage cost with ephemeral OS disks.

" *Important Features of resources*

"- Each *resource must* be in one, and *only one resource group*. - Resource *groups have their location* assigned. - *Resources* in the resource groups *can reside in different locations*. - Resources *can be moved* between the resource groups. - Resource *groups can't be nested*.

" Features of Resource Groups

"- Each resource can only *exist in a single resource group*. - You can add or remove resources to any resource group at any time. - Allows you to *move a resource* from one resource group to another. - Resources from *multiple regions can be in one resource group*. - You can give users access to a resource group. -Resources *can interact* with other resources in *different resource groups*. - A resource group has a location, or *region*, as it stores metadata about the resources. - Resources *Inherit Permissions* from resource group, but *NOT TAGS*

" Features of PAAS platform

"- Provides the capability to *automatically scale* the platform without any manual intervention. - Provides a *framework that developers* can build upon to develop or customize cloud-based applications. - *Less User Management*. - The *Operating Systems* are managed by the cloud provider, while the user is responsible for the *applications and data* they run and store. - PaaS offers *all the functionality* you need to support the entire lifecycle of *web applications*: building, testing the application, deploying the source code, managing, and updating within the same integrated environment. - Used in the following scenarios: *Development framework* - a framework for creating or customizing cloud-based applications. *Analytics or business intelligence* - find insights and patterns, and predict outcomes to improve business decisions.

" Differencies between Azure *VMs and Web App (App Service)*

"- Scaling: VMs via *scale sets*, Web App has *Autoscaling*. - Scale Limit: VMs via *600-1000 nodes*, Web App has *20 instances with 100 App Service Environment*. - Traffic distribution: VMs via *load balancer*, Web App has *integrated* Load balancing.

" Featurse of VMs

"- Supports various configurations of CPU, memory, storage, and networking capacity, known as *virtual machine series*. - Secure login information for your virtual machines using *key pairs*. - Persistent storage volumes for your data using *Azure Disk*. - Azure VMs have *1 OS disk* and a *temporary disk* for short-term storage. - Contain the virtual machines using a *resource group*. - You can add script that will be run into the virtual machine while it is being provisioned called *custom data*. - *Supports TAGs* assignment. - Monitor Performance by *Azure Monitor*.

" Differencies between *Functions and Logic Apps*

"- With *Functions*, you write code to complete each step. - With *Logic Apps*, you use a GUI to define the actions and how they relate to one another.

" Pricing for Azure Kubernetes Services (ACR)

"- You are charged (GiB/day) for the image storage. - Users will be charged for the preceding SKU price until the point of change and will be charged for the new SKU price after the change has been made. - Standard networking fees apply to network egress. - If you replicate a registry to your desired regions, you are charged with premium registry fees for each region.

" Pricing of App Services

"- You are charged on a *per-second basis* in the App Service plan. - You are charged for the *applications* while they are *in a stopped state*. - You are charged for *data egress* when using VNet Integration. - You are charged for *each listener in a Hybrid Connection*.

" Pricing for Azure Kubernetes Services (AKS)

"- You only pay for virtual machines, associated storage, and networking resources. - There is *no charge for cluster management*.

Important facts about management groups

"1) *10,000 management groups* can be supported in a single directory. 2) A management group tree can support *up to six levels of depth*. This limit doesn't include the root level or the subscription level. 3) Each management group and subscription can *support only one parent*. 4) Each management group can have *many children*. 5) All subscriptions and management groups are within a *single hierarchy in each directory*.

" Key Features of Serverless Computing

"1) *Abstraction of servers*: Serverless computing abstracts the servers you run on. With serverless architecture, you deploy your code, which then runs with high availability. 2) *Event-driven scale*: Serverless computing is an excellent fit for workloads that respond to incoming events. Events include triggers by: - *Timers*, for example, if a function needs to run every day at 10:00 AM UTC. - *HTTP* , for example, API and webhook scenarios. - *Queues*, for example, with order processing. 3) *Micro-billing*: Traditional computing bills for a block of time like paying a monthly or annual rate for website hosting. With serverless computing, you *pay* only for the time your code *runs*.

" Differncies between Availability Zone and Set?

"1) *Availability sets* are used to protect applications from hardware failures *Within an Azure data center*. 2) *Availability zones* to protect applications From complete *Azure data center failures*.

Connectivity Options for Azure Resource Manager

"1) *Azure portal* (WEB). 2) *Azure PowerShell* (via SDKs). 3) *Azure CLI* (via SDKs). 4) *REST API Clients*. 5) *Azure Cloud Shell* 6) *Azure Mobile App*.

" 2 types of subscription boundaries?

"1) *Billing boundary*: This subscription type determines how an Azure account is billed for using Azure. You can create multiple subscriptions for different types of billing requirements. Azure generates separate billing reports and invoices for each subscription so that you can organize and manage costs. 2) *Access control boundary*: Azure applies access-management policies at the subscription level, and you can create separate subscriptions to reflect different organizational structures. An example is that within a business, you have different departments to which you apply distinct Azure subscription policies.

" *Scenarios* with decision of using VMs

"1) *Custom* software requiring system *configuration*. 2) Migration from *on-premises systems*. 3) If required *total control over OS*. 4) *Disaster recovery* for on-premises.

" Deployment of App Service

"1) *Deployment Source* - it is where the application code is stored. 2) *Build Pipeline* - reads your code and takes the application in a running state 3) *Deployment Mechanism* - enables you to put your application in the /wwwroot directory. It also supports Kudu endpoints, FTP, and WebDeploy. - *Deployment Center* lets you choose the location of your code, as well as build and deploy to the cloud. It also has built-in continuous delivery for containers.

" App Service Plans

"1) *Free* - Apps - 10, Disk - 1GB, Instances - 1, Autoscale - No, Hybrid VPN - No. 2) *Shared* - Apps - 100, Disk - 1GB, Instances - 1, Autoscale - No, Hybrid VPN - No. 2) *Basic* - Apps - Unlim, Disk - 10GB, Instances - up 3, Autoscale - No, Hybrid VPN - No. 3) *Standard* - - Apps - Unlim, Disk - 50GB, Instances - up 10, Autoscale - Yes, Hybrid VPN - Yes. 4) *Premium* - - Apps - Unlim, Disk - 250GB, Instances - up 20, Autoscale - Yes, Hybrid VPN - Yes.

" Functions vs Logic Apps vs Event Grid

"1) *Functions* - Serverless Compute. Run a small piece of code. You are only charged for the *time you run* your code. 2) *Logic Apps* - Serverless Workflows. Automate your workflows with No/Low Code. You are charged for the *execution of triggers, action, and connectors*. 3) *Event Grid* - Serverless Events. Route custom events to different endpoints. You are charged for *each operation*, such as ingress *events, advanced matches, delivery attempts*, and management calls.

" Examples of OpEX

"1) *Leasing software and customized features* - responsibility to de-provision the resources when they aren't in use so that you can minimize costs. 2) *Scaling charges based on usage/demand* instead of fixed hardware or capacity - plan for backup traffic and disaster recovery traffic to determine the bandwidth needed. 3) *Billing at the user or organization level* - when using a dedicated cloud service, you could pay based on server hardware and usage.

" Reasons for choosing regions?

"1) *Location* - Latency to clients. 2) *Features*. 3) *Price*. 4) Gov Regulations or Policies.

Benefits of *Consumption-based model*

"1) *No upfront costs*. 2) *No wasted resources*. No need to purchase and manage a costly infrastructure that users might not use to its fullest. 3) *Pay for what you need*. 4) *Stop paying when you don't need*.

" Azure *Virtual Machines*

"1) *Virtual Machine* (*Guest* level) is ""virtual computer"" emulation of a physical machine that is under your exclusive management control up to OS(*IAAS*). 2) You don't buy it, pay as you go (per hour), don't control hardware (Azure responsibility). 3) Could be Linux or Windows. 3) Features: - High Availability, - On-Demand, - Rich Toolkit, - Extensions and automation, - Custom Images, - Monitoring, - Availability Sets, - Availability Zones, - Scale Sets.

" Types of *App Services*?

"1) *Web apps* - for hosting web apps by using ASP.NET, ASP.NET Core, Java, Ruby, Node.js, PHP, or Python. You can choose either Windows or Linux as the host operating system. Supports AutoScaling and Load Balancing. 2) *API apps* - you can build REST-based web APIs by using your choice of language and framework. The produced apps can be consumed from any HTTP- or HTTPS-based client. The solution has ""No graphical or user interface"" just for connection between apps. 3) *WebJobs* - to run a program (.exe, Java, PHP, Python, or Node.js) or script (.cmd, .bat, PowerShell, or Bash) in the same context as a web app, API app, or mobile app. ""They can be scheduled or run by a trigger"". WebJobs are often used to run background tasks as part of your application logic. 4) *Mobile apps* - to quickly build a back end for iOS and Android apps. In a few clicks, you can store app data into SQL base, authenticate customers, send push notifications? Execute custom backend.

Microsoft *Cloud computing* model

"1) *compute power* - computation resources: windows or Linux VMs, serverless functions. 2) *storage* - Files and/or Databases. 3) *networking* in azure and outside communications. 4) *analytics* - services for visualization and data telemetry.

" Cloud benefits / Key Concepts

"1) *scalability* - the ability to scale vertically (increase unit compute capacity - up/down) and horizontally (increase by adding instances of resources - in/out). 2) *elasticity* - ability to scale dynamically based on demand (autoscaling). 3) *agility* - ability to react fast (scale quickly or deploy application). 4) *fault tolerance* - ability to keep system uptime while physical and service component failures happen. 5) *disaster recovery* - process and design principle which allows a system to recover from natural or human-induced disasters. 6) *high availability* - agreed level of operational uptime for the system (SLA). It is a simple calculation of system uptime versus the whole lifetime of the system. availability = uptime/(uptime + downtime). 7) *Geo-distribution* - deploying apps and data to regional data centers around the globe, thereby ensuring that your customers always have the best performance in their region due to low latency.

Details of *Availability Set*

"1) A *group of discrete virtual machines spread across fault domains*. 2) Use Availability Set for *predictable workloads* or for protecting from *planned or unplanned maintenance* occurs. 3) Has *3 fault* domains and *5 update* domains by default. 4) Virtual machines are created from different images and configurations. 5) Virtual machines are automatically distributed within a data center. 6) You can only add a virtual machine to the availability set *when it is created*.

" Details of *Scale Set*

"1) A *group of identically* configured virtual machines spread across fault domains. 2) Use Scale Set for *unpredictable workloads* (autoscale). 3) Has 5 fault domains and 5 update domains by default. 4) Virtual machines are created from the same image and configuration. 5) Virtual machine scale sets can be distributed within a single datacenter or across multiple data centers. 6) Scale sets can increase the number of virtual machines based on demand.

" Types / Series of Azure VMs?

"1) A, Bs, D, and DC-Series for *General Purpose* - for development and testing environments, small databases, and low traffic Web servers. 2) F-Series for *Compute Optimized* - These virtual machines are ideal for medium traffic Web servers and network appliances. They are also good for batch processing and can function as application servers. 3) E and M-Series for *Memory Optimized* - for relational database servers, large caches, and for performing in-memory analytics. 4) Ls-Series for *Storage Optimized* - perfect for big data, SQL, and NoSQL databases. 5) G-series for *memory and storage optimized* - 6) H-series for *High-Performance Computing* - high performance compute workloads, including things like molecular modeling, genomic research, and financial risk modeling. 7) N-series for *GPU Optimized*- heavy graphic rendering and video editing.

" The *benefits* of using *Resource Manager*

"1) Manage your infrastructure through declarative templates rather than scripts. A Resource Manager template is a JSON file that defines what you want to deploy to Azure. 2) Deploy, manage, and monitor all the resources for your solution as a group, rather than handling these resources individually. 3) Redeploy your solution throughout the development life cycle and have confidence your resources are deployed in a consistent state. 4) Define the dependencies between resources so they're deployed in the correct order. 5) Apply access control to all services because RBAC is natively integrated into the management platform. 6) Apply tags to resources to logically organize all the resources in your subscription. 6) Clarify your organization's billing by viewing costs for a group of resources that share the same tag.

" *Options* for selecting during VM creation

"1) Subscription. 2) Resource Group. 3) Region. 4) Availability options (Availability Zone / Set or Scale Set). 5) Image (Type of OS). 6) Size (CPU and RAM). 7) Azure Spot Instance (Y/N). 8) Authentication type (SSH key or Password). 9) User Name + Password. 10) Inbound port rules. 11) Disks (At least OS) + Encryption. 12) Networking (Vnet, Subnet, Public IP, NSG). 13) Management (Auto-shutdown, Backup) 14) Extensions (Add soft). 15) Custom data (bootstrap script). 16) Tags.

" Features of Geographies

"1. Geographies allow customers with specific data residency and compliance needs to keep their data and applications close. 2. Geographies ensure that data residency, sovereignty, compliance, and resiliency requirements are honored within geographical boundaries. 3. Geographies are fault-tolerant to withstand complete region failure through their connection to dedicated high-capacity networking infrastructure.

" VPN gateway sizes

"A *Basic VPN gateway* should only be used for Dev/Test workloads. In addition, it's unsupported to migrate from Basic to the VpnGW1/2/3/Az SKUs at a later time without having to remove the gateway and redeploy. 1) Basic - max 10 tunnels, 100 mbps, no BGP. 2) VpnGw1/Az - max 30 tunnels, 650 mbps, BGP. 3) VpnGw2/Az - max 30 tunnels, 1 Gbps, BGP. 4) VpnGw3/Az - max 30 tunnels, 1.25 Gbps, BGP.

" Azure *Virtual Desktop*

"A *desktop and application virtualization service* that runs on the cloud. It enables your users to use a cloud-hosted version of Windows from any location via a WEB browser. Azure Virtual Desktop works with devices like Windows, Mac, iOS, Android, and Linux. - Supports individual ownership through personal desktops. - You can use your licenses. - Simplified management.

" Azure *App Services*

"A fully managed platform (PaaS) for hosting web applications, REST APIs, and mobile back ends without managing the infrastructure. This HTTP-based service allows you to focus on the website and API logic while Azure handles the infrastructure to run and scale your web applications. 1) You can use your favorite language: .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python. 2) Applications run and scale with ease on both Windows and Linux-based environments. 3) Key features: - Global-scale (1 - 20/100 nodes) with high availability. - No overhead for OS maintenance, customer focuses on Business Value and Logic. - Multiple languages and frameworks. - Application templates. - Visual Studio IDE integration. - Supports Containerization and Docker. - Automated Deployment (GitHub, Azure DevOps).

" High-availability scenarios VPN scenarios

"Active/standby Active/active.

" Resources Requirements for Deploying VPN gateways

"Azure side: 1) *Virtual network* (VNet). 2) *GatewaySubnet* (create subnet called ""GatewaySubnet"" with at least /27 mask). 3) *Public IP address*. 4) *Local network gateway* (define connection from on-premises VPN device). 5) *Virtual network gateway* (gateway router). 6) *Connection* (VPN gateway & local network gateway). On-Premises: 1) A VPN device supports policy-based or route-based VPN gateways. 2) A public-facing (internet-routable) IPv4 address.

" Azure Site Recovery

"Azure's disaster recovery as a service (DRaaS). Keep applications available from on-premises to Azure or Azure to another Azure region during outages with automatic recovery." What is Bandwith "The data moving in and out of Azure data centers, as well as data moving between Azure data centers.

" Subnet

"Benefits of subnetting: - *effective address allocation*. - *network filtering via NSG* and ASG. (network and application security groups).

" Content Delivery Network

"CDN - content accelerator, Global Cache for data/media (web) from Origin Servers. Benefits: - Better Performance / Low Latency - Large Scaling - Distribution of user requests.

" Types of Azure Services

"Compute Networking Storage Mobile Databases Web IoT Big Data AI DevOps Security and Management

" *Azure Kubernetes Services* (AKS)

"Container orchestration platform (*PAAS*) for automating, managing, and interacting with a large number of containers. - Highly scalable and customizable container management system. - Autoscaling from 3 to 100 nodes. - Requires extra knowledge. You should use AKS if you need *full container orchestration*, such as service discovery across multiple containers, *automatic scaling*, and coordinated application upgrades.

" What is *shared responsibility model*?

"Determines the security tasks that are handled by the cloud provider and handled by the customer. 1) *Microsoft / Azure team* - is responsible for protecting the infrastructure such as hosts, network, and data center. 2) *The customer* is responsible for protecting their data, endpoints, account, and access management.

" Monitoring of App Service

"Diagnostics logging helps you access the information logged by Azure. 1) *Application logging* - messages from applications. 2) *WEB server logging* - http method, resource URI, client IP and response code. 3) *Detailed Error Messages*. 4) *Failed request tracing*. 5) *Deployment logging*.

" Application Gateway

"High-level *Regional layer 7* load balancer which routes HTTP traffic. Benefits: - Scaling. - End-to-end Encryption. - Zone Redundancy. - Multi-site Hosting. - SSL/TSL offloading.

" Azure *Functions*

"Platform as a Service for *running small pieces of code (function) for a limited amount of time*. - Fully managed Serverless service. - Supports almost any modern language: C#, F#, Javascript, Java. - Designed for micro/nano services, event-driven workloads, and short-lived processes. - High Flexible to scale automatically based on demand. - *Pay-As-You-Use*. Pricing models: 1) Consumption Plan. 2) App Service Plan.

" *Azure Express Route*

"Private *Dedicated connection from On-Premises to Azure* (not goes via Public Internet). Features and benefits: 1) Layer 3 connectivity between your on-premises network and the Microsoft Cloud through a connectivity provider. Connectivity can be from an any-to-any (IPVPN) network, a point-to-point Ethernet connection, or through a virtual cross-connection via an Ethernet exchange. 2) Connectivity to Microsoft cloud services across all regions in the geopolitical region. 3) Global connectivity to Microsoft services across all regions with the ExpressRoute premium add-on. 4) Dynamic routing between your network and Microsoft via BGP. 5) *Built-in redundancy* in every peering location for higher reliability (Primary and Secondary connections). 6) Connection uptime SLA. 7) QoS support for Skype for Business.

*Azure Container Registry* (ACR)

"Private registry for hosting container images. Service allows you to *build, store, and manage Docker-formatted container images and artifacts in a private registry* for all types of container deployments. Use Azure container registries with your existing container development and deployment pipelines. Features: - Regional service. - Keep track of current valid images. - Manage files and artifacts for containers. - Feeds container images to ACI and AKS. - Use Azure identity and security features.

Virtual Private Network Gateway / VPN Gateway

"Secure encrypted connection between External network (on-premises) and Azure VNet over the Public Internet. 2 types of VPNs: 1) *Policy-based VPNs* - specify statically the IP address of packets that should be encrypted through each tunnel. Only IKEv1 + Static Routing + Used with legacy VPN devices. 2) *Route-based VPNs* - IPSec tunnels are modeled as a network interface or virtual tunnel interface. This is the preferred connection method for on-premises devices, supports: IKEv2 + any-to-any (wildcard) traffic selectors + dynamic routing protocols.

" Azure Batch

"Service for *large-scale parallel and high-performance computing (HPC) batch jobs* with the ability to scale to tens, hundreds, or thousands of VMs. When you're ready to run a job, *Batch does the following*: 1) Starts a pool of compute VMs for you. 2) Installs applications and staging data. 3) Runs jobs with as many tasks as you have. 4) Identifies failures. 5) Requires work. 6) Scales down the pool as work completes. Features: - *Task* represents a unit of computation and a *job* is a collection of tasks. - *Scheduled jobs* allow you to create recurring jobs.

" Load Balancer

"Service for Distribution traffic *between VMs across availability zones*, *Network Layer (L4) load balancer*. Reasons and Benefits: - *Scalability*. - *High Availability*. - Supports Inbound and Outbound scenarios. - External / Public and Internal traffic. - Both TCP and UDP.

" *Azure Event Grid*

"Service for event-based applications, a single service for managing routing of all events from any source to any destination. Designed for high availability, consistent performance, and dynamic scale, Event Grid lets you focus on your app logic rather than infrastructure. Features: - No upfront cost. - No termination fees. - Pay only for what you use. Examples of use: - Baseline trigger for a serverless function in microservices apps. - Operations Automation. - Applications Integration.

" *Azure Container Instances* (ACI)

"Service for running applications in Docker containers, ""sandboxes"" with run-time environments (software packages and dependencies), but without own OS, just emulating OS features using Host OS (*PAAS*). - Lightweight (fewer resources, smaller size). - Fast deployment and startup. - Dependencies included into container image. - Containers run from *Container Repository* or *Public Repository*. - Used for the development of Microservices and event-driven applications. - Good for Horizontal scaling.

" Basic settings for creation of VNets

"Settings during creation: 1) Network Name. 2) Address space. 3) Subscription. 4) Resource group. 5) Location. 6) Subnet. 7) DDOS Protection. 8) Service Endpoints. Post-Configuration: 1) Network Security Group. 2) Route Table.

" Management Groups

"The top-level element in the hierarchy management model of Azure Resource provides a *level of scope above Subscriptions*. You organize subscriptions into containers called management groups and apply your governance conditions to the management groups. 1) Used for *organizing and grouping Subscriptions* at enterprise-grade management. 2) Can *nested*. One Management Group can contain others. 3) All subscriptions within a management group automatically inherit the conditions applied to the management group. 4) All subscriptions within a single management group must trust the same Azure AD tenant.

" Azure Virtual Network (VNet)

"VNets enable Azure resources, such as VMs, web apps, and databases, to *communicate with each other*, with users on the internet, and with your on-premises client computers. - A VNet belongs to a *single region*. - A VNet belongs to *one subscription*, but subscriptions can have *multiple VNets*. Azure virtual networks provide the following key networking capabilities: - Isolation and segmentation (VNet). - Internet communications (VNet). - Communicate between Azure resources (VNet and Service Endpoints). - Communicate with on-premises resources (Point-to-Site & Site-to-Site VPNs or Azure ExpressRoute). - Route network traffic (Route Tables and BGP routing). - Filter network traffic (Network security groups and Network virtual appliances). - Connect virtual networks.

" *Cloud Service Models*

"• *Infrastructure as a service (IaaS)* - client's responsibilities up to Guest OS. • *Platform as a service (PaaS)* - client's responsibilities up to Data and Code. • *Software as a service (SaaS)* - client uses ready software application.

" *Deployment Cloud Models*

"• *Public Cloud* (Cloud-based deployment) - No capital expenditures to scale up. Applications can be quickly provisioned and de-provisioned. Organizations pay only for what they use. Examples: AWS, Azure, GCP • *Hybrid Cloud* - a mixture of public and private clouds (connected). Provides the most flexibility. Organizations determine where to run their applications. Organizations control security, compliance, or legal requirements. • *Private Cloud / On-Premises* - managed in company's own data center(Hyper-V, OpenStack, Vmware). Hardware must be purchased for start-up and maintenance. Organizations have complete control over resources and security. Organizations are responsible for hardware maintenance and updates.

Life Cycle of Resource group

*If you delete a resource group, all resources contained within it are also deleted*. Organizing resources by life cycle can be useful in nonproduction environments, where you might try an experiment and then dispose of it. Resource groups make it easy to remove a set of resources all at once.

" Invoice Section

*Logical group for One or more subscriptions* organized for billing purposes.

Azure Kubernetes Services (AKS) Cluster

A set of machines called Nodes that run containerized applications managed by Kubernetes.

" What are *Availability Sets*?

Azure Resources distributed across *Different Racks* in the computer Room / Datacenter for arranging protection from *one unexpected Rack Failure* and *planned or unplanned maintenance*.

*Cloud computing* definition

Cloud computing is *on-demand*network access to a *shared pool* of configurable computer resources (e.g., networks, servers, storage, applications, and services) that can be *rapidly provisioned* and released with minimal management effort or service provider interaction, and *as pay as you go* prices

" *Economies of Scale*

Cost advantages that enterprises obtain due to their scale of operations. *As much Cloud provider grows as much discount customers will obtain*.

*Azure Resource Manager*

Deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features like access control, locks, and tags to secure and organize your resources after deployment.

*Consumption-based model*

End users only *pay for* the resources that they *use*. Pay As You Go.

" *Pod*

Group of one or more containers with shared storage network and a specification how to run the containers.

" What are *ARM Templates*?

JSON-based templates that define the infrastructure and configuration for your project. IAAC for operating resources via Azure Resource Manager.

Management Groups

Logical grouping and organizing of Subscriptions for further implementation of policy or billing logic.

" VNet Peering

Private and low latency connection between 2 Azure VNets.