Azure Fundamentals

Advantages of Private Cloud

Security and compliance, maintenance of specifics

Disadvantages of Public Cloud

Security and compliance, you can't manage as you wish, and specific scenarios like legacy apps

Azure AD Services

Authentication, SSO, App management, B2B identity services, B2C identity services, device management

IaaS Disadvantages

Management; shared responsibility applies

Network Security Groups

Network Security Groups (NSGs) allow you to filter network traffic to and from Azure resources in an Azure virtual network. An NSG can contain multiple inbound and outbound security rules that enable you to filter traffic to and from resources by source and destination IP address, port, and protocol.

IaaS Advantages

No CapEx, Agile, Consumption based, no deep technical skills required, most flexible as you have control to configure and manage hardware running the application.

Virtual Machines

memory, storage, and networking resources. They host an operating system, and you're able to install and run software just like a physical computer. When using a remote desktop client, you can use and control the virtual machine as if you were sitting in front it

Billing Zones

• Zone 1 - West US, East US, Canada West, West Europe, France Central and others... • Zone 2 - Australia Central, Japan West, Central India, Korea South and others... • Zone 3 - Brazil South • DE Zone 1 - Germany Central, Germany Northeast Note: To avoid confusion, be aware that a Zone for billing purposes is not the same as an Availability Zone. In Azure, the term Zone is for billing purposes only, and the full term Availability Zone refers to the failure protection that Azure provides for datacenters.

Policy Creation Process

1. Create a policy definition 2. Assign a definition to a scope of resources. 3. View policy evaluation results

Azure Security Center Usage Scenarios

1. Incident response (detect, assess, diagnose) 2. enhanced security recommendations.

Azure Compute Services

Azure compute is an on-demand computing service for running cloud-based applications. It provides computing resources such as disks, processors, memory, networking and operating systems. The resources are available on-demand and can typically be made available in minutes or even seconds. You pay only for the resources you use and only for as long as you're using them. There are two common service types for performing compute in Azure: virtual machines, and containers.

Azure Networking Services

Azure networking components offer a range of functionality and services that can help organizations design and build cloud infrastructure services that meet their requirements.

Compliance Manager

Compliance Manager is a workflow-based risk assessment dashboard within the Trust Portal that enables you to track, assign, and verify your organization's regulatory compliance activities related to Microsoft professional services and Microsoft cloud services such as Office 365, Dynamics 365, and Azure. Compliance Manager is a dashboard that provides a summary of your data protection and compliance stature, and recommendations to improve data protection and compliance. The Customer Actions provided in Compliance Manager are recommendations only; it is up to each organization to evaluate the effectiveness of these recommendations in their respective regulatory environment prior to implementation. Recommendations found in Compliance Manager should not be interpreted as a guarantee of compliance.

DDoS standard protection

DDoS standard protection can mitigate the following types of attacks: • Volumetric attacks. The attack's goal is to flood the network layer with a substantial amount of seemingly legitimate traffic. • Protocol attacks. These attacks render a target inaccessible, by exploiting a weakness in the layer 3 and layer 4 protocol stack. • Resource (application) layer attacks. These attacks target web application packets to disrupt the transmission of data between hosts.

4 Paid Azure Support Plans

Developer, Standard, Professional Direct, Premier

Common PaaS Usage

Development Framework is all set up and BI is built in

Azure DDoS Protection

Distributed Denial of Service (DDoS) attacks attempt to overwhelm and exhaust an application's resources, making the application slow or unresponsive to legitimate users. DDoS attacks can be targeted at any endpoint that is publicly reachable through the internet. Thus, any resource exposed to the internet, such as a website, is potentially at risk from a DDoS attack.Azure DDoS Protection provides the following service tiers: • Basic. The Basic service tier is automatically enabled as part of the Azure platform. Always-on traffic monitoring and real-time mitigation of common network-level attacks provide the same defenses that Microsoft's online services use. Azure's global network is used to distribute and mitigate attack traffic across regions. • Standard. The Standard service tier provides additional mitigation capabilities that are tuned specifically to Microsoft Azure Virtual Network resources. DDoS Protection Standard is simple to enable and requires no application changes. Protection policies are tuned through dedicated traffic monitoring and machine learning algorithms. Policies are applied to public IP addresses which are associated with resources deployed in virtual networks, such as Azure Load Balancer and Application Gateway.

Fault domains

Fault domains provide for the physical separation of your workload across different hardware in the datacenter. This includes power, cooling, and network hardware that supports the physical servers located in server racks. In the event the hardware that supports a server rack becomes unavailable, only that rack of servers would be affected by the outage.

Usage Meters

For example, a single virtual machine that you provision in Azure might have the following meters tracking its usage: • Compute Hours • IP Address Hours • Data Transfer In • Data Transfer Out • Standard Managed Disk • Standard Managed Disk Operations • Standard IO-Disk • Standard IO-Block Blob Read • Standard IO-Block Blob Write • Standard IO-Block Blob Delete

Infrastructure as a service (IaaS)

IaaS has no upfront costs. Users pay only for what they consume. The user is responsible for the purchase, installation, configuration, and management of their own software operating systems, middleware, and applications. The cloud provider is responsible for ensuring that the underlying cloud infrastructure is available for the user.

Initiatives

Initiative definitions Initiative definitions simplify the process of managing and assigning policy definitions by grouping a set of policies as one single item. For example, you could create an initiative named Enable Monitoring in Azure Security Center, with a goal to monitor all the available security recommendations in your Azure Security Center.

IoT Central

IoT Central is a fully-managed global IoT software as a service (SaaS) solution that makes it easy to connect, monitor, and manage your IoT assets at scale. No cloud expertise is required to use IoT Central. As a result, you can bring your connected products to market faster while staying focused on your customers

Azure Information Protection (AIP)

Microsoft Azure Information Protection (MSIP) is a cloud-based solution that helps organizations classify and (optionally) protect its documents and emails by applying labels. Labels can be applied automatically (by administrators who define rules and conditions), manually (by users), or with a combination of both (where users are guided by recommendations).

Increased productivity

On-site datacenters typically require a lot of hardware setup (otherwise known as racking and stacking), software patching, and other time-consuming IT management chores. Cloud computing eliminates the need for many of these tasks, so IT teams can spend time on achieving more important business goals.

Virtual Machine

One or more logical machines created within one physical machine. A computer file (typically called an image) that behaves like an actual computer. Multiple virtual machines can run simultaneously on the same physical computer.

Private Cloud Characteristics

Ownership: owner and user are the same. Hardware: owner is responsible. Users are all from one org. Connection over private network. Deep technical knowledge to setup and maintain.

PaaS Disadvantages

Platform limitations

Role-Based Access Control (RBAC)

Role-based access control (RBAC) provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs. RBAC is provided at no additional cost to all Azure subscribers. Usage Scenarios Examples of when you might use RBAC include when you want to: • Allow one user to manage VMs in a subscription, and another user to manage virtual networks. • Allow a database administrator (DBA) group to manage SQL databases in a subscription. • Allow a user to manage all resources in a resource group, such as VMs, websites, and subnets. • Allow an application to access all resources in a resource group.

SaaS disadvantages

Software limitations

Azure Multi-Factor Authentication

Something you know, somethign you possess, something you are (password, device, fingerprint)

Advantages of Hybrid Cloud

Still flexible and agile, more cost efficient, more control, still security and compliance, still specific scnearios

High-availability computing

The ability to keep services up and running for long periods of time, with very little downtime, depending on the service in question.

Agility

The ability to react quickly. Cloud services can allocate and deallocate resources quickly. They are provided on-demand via self-service, so vast amounts of computing resources can be provisioned in minutes. There is no manual intervention in provisioning or deprovisioning services.

Fault tolerance

The ability to remain up and running even in the event of a component or service no longer functioning. Typically, redundancy is built into cloud services architecture so if one component fails, a backup component takes its place. The type of service is said to be tolerant of faults.

Options in Pricing Calculator

The options that you can configure in the pricing calculator vary between products, but basic configuration options include: • Region. Lists the regions from which you can provision a product. Southeast Asia, central Canada, the western United States, and Northern Europe are among the possible regions available for some resources. • Tier. Sets the type of tier you wish to allocate to a selected resource, such as Free Tier, Basic Tier, etc. • Billing Options. Highlights the billing options available to different types of customer and subscriptions for a chosen product. • Support Options: Allows you to pick from included or paid support pricing options for a selected product. • Programs and Offers. Allows you to choose from available price offerings according to your customer or subscription type. • Azure Dev/Test Pricing. Lists the available development and test prices for a product. Dev/Test pricing applies only when you run resources within an Azure subscription that is based on a Dev/Test offer.

3 ways to purchase Azure

Via enterprise agreement, Web direct, through CSP

Resource Group Considerations

When creating and placing resources within resource groups there are a few considerations to take into account: • Each resource must exist in one, and only one, resource group. • A resource group can contain resources that reside in different regions. • You decide how you want to allocate resources to resource groups based on what makes the most sense for your organization. • You can add or remove a resource to a resource group at any time. • You can move a resource from one resource group to another. • Resources for an application do not need to exist in the same resource group. However, it is recommended that you keep them in the same resource group for ease of management.

VPN gateway

A VPN gateway is a specific type of virtual network gateway that is used to send encrypted traffic between an Azure Virtual Network and an on-premises location over the public internet. It provides a more secure connection from on-premises to Azure over the internet

Cloud Bursting

A configuration that's set up between a private cloud and a public cloud. If 100 percent of the resource capacity in a private cloud is used, then overflow traffic is directed to the public cloud using cloud bursting.

Content Delivery Network

A content delivery network (CDN) is a distributed network of servers that can efficiently deliver web content to users. It is a way to get content to users in their local region to minimize latency. CDN can be hosted in Azure or any other location. You can cache content at strategically placed physical nodes across the world and provide better performance to end users. Typical usage scenarios include web applications containing multimedia content, a product launch event in a particular region, or any event where you expect a high bandwidth requirement in a region

Geography

A geography is a discrete market typically containing two or more regions that preserves data residency and compliance boundaries. Geographies allow customers with specific data-residency and compliance needs to keep their data and applications close. Geographies ensure that data residency, sovereignty, compliance, and resiliency requirements are honored within geographical boundaries. Geographies are fault-tolerant to withstand complete region failure through their connection to dedicated high-capacity networking infrastructure. Geographies are broken up into Americas, Europe, Asia Pacific, Middle East and Africa.

Resource Group

A resource group is a unit of management for your resources in Azure. You can think of your resource group as a container that allows you to aggregate and manage all the resources required for your application in a single manageable unit. This allows you to manage the application collectively over its life cycle, rather than manage components individually. You can manage and apply the following resources at resource group level: • Metering and billing • Policies • Monitoring and alerts • Quotas • Access control Remember that when you delete a resource group you delete all resources contained within it.

Azure Virtual Network

Azure Virtual Network enables many types of Azure resources such as Azure VMs to securely communicate with each other, the internet, and on-premises networks. A virtual network is scoped to a single region; however, multiple virtual networks from different regions can be connected together using virtual network peering. With Azure Virtual Network you can provide isolation, segmentation, communication with on-premises and cloud resources, routing and filtering of network traffic

Disk storage

Disk storage provides disks for virtual machines, applications, and other services to access and use as they need, similar to how they would in on-premises scenarios. Disk storage allows data to be persistently stored and accessed from an attached virtual hard disk. The disks can be managed or unmanaged by Azure, and therefore managed and configured by the user. Typical scenarios for using disk storage are if you want to lift and shift applications that read and write data to persistent disks, or if you are storing data that is not required to be accessed from outside the virtual machine to which the disk is attached. Disks come in many different sizes and performance levels, from solid-state drives (SSDs) to traditional spinning hard disk drives (HDDs), with varying performance abilities

Azure Cosmos DB

Microsoft Azure Cosmos DB is a globally distributed database service that enables you to elastically and independently scale throughput and storage across any number of Azure's geographic regions. It supports schema-less data that lets you build highly responsive and Always On applications to support constantly changing data. You can use Cosmos DB to store data that is updated and maintained by users around the world. It makes it easy to build scalable, highly responsive applications at global scale

Advantages of Public Cloud

No CapEx, Agility, Consumption based, no maintenance, less skills needed.

SaaS Advantages

No CapEx, agile, pay as you go, flexible (same application data from anywhere)

Software as a Service (SaaS)

SaaS is typically licensed through a monthly or annual subscription, and Office 365 is an example of SaaS software.

Semi-structured data

Semi-structured data is less organized than structured data, and is not stored in a relational format, meaning the fields do not neatly fit into tables, rows, and columns. Semi-structured data contains tags that make the organization and hierarchy of the data apparent. Semi-structured data is also referred to as non-relational or NoSQL data.

Serverless Computing

Serverless computing is a cloud-hosted execution environment that runs your code but abstracts the underlying hosting environment. You create an instance of the service and you add your code. No infrastructure configuration or maintenance is required, or even allowed. You configure your serverless apps to respond to events. An event could be a REST endpoint, a periodic timer, or even a message received from another Azure service. The serverless app runs only when it's triggered by an event. Scaling and performance are handled automatically, and you are billed only for the exact resources you use. You don't even need to reserve resources. Some of the most common serverless service types in Azure are Azure Functions, Azure Logic Apps, and Azure Event Grid.

Elasticity

The ability to automatically or dynamically increase or decrease resources as needed. Elastic resources match the current needs, and resources are added or removed automatically to meet future needs when it's needed, and from the most advantageous geographic location. A distinction between scalability and elasticity is that elasticity is done automatically.

Orchestration

The task of automating and managing a large number of containers and how they interact

Disadvantages of Hybrid Cloud

Upfront CapEx, Costs of deploying two models, still need deep technical, ease of management

VM Scale Sets

Virtual machine scale sets are an Azure compute resource that you can use to deploy and manage a set of identical VMs. With all VMs configured the same, VM scale sets are designed to support true auto-scale—no pre-provisioning of VMs is required—and as such makes it easier to build large-scale services targeting big compute, big data, and containerized workloads. So, as demand goes up more virtual machine instances can be added, and as demand goes down virtual machines instances can be removed. The process can be manual, automated, or a combination of both

Private Cloud

serves only one customer or organization and can be located on the customer's premises or off the customer's premises

Public Cloud

promotes massive, global, and industry wide applications offered to the general public

Policy Definition

A policy definition expresses what to evaluate and what action to take. For example, you could prevent VMs from being deployed if they are exposed to a public IP address. You also could prevent a particular hard disk from being used when deploying VMs to control costs.

Example Policy Definition

Allowed Storage Account SKUs, Allowed resrouce Type, Allowed Locations, Allowed Virtual Machine SKUs

Application Insights

Application Insights is a service that monitors the availability, performance, and usage of your web applications, whether they're hosted in the cloud or on-premises. It leverages the powerful data analysis platform in Log Analytics to provide you with deeper insights into your application's operations. Application Insights can diagnose errors, without waiting for a user to report them. Application Insights includes connection points to a variety of development tools, and integrates with Microsoft Visual Studio to support your DevOps processes.

Authentication (AuthN)

Authentication is the process of establishing the identity of a person or service looking to access a resource. It involves the act of challenging a party for legitimate credentials, and provides the basis for creating a security principal for identity and access control use. It establishes if they are who they say they are

Authorization (AuthZ)

Authorization is the process of establishing what level of access an authenticated person or service has. It specifies what data they're allowed to access and what they can do with it

Azure Active Directory

Azure Active Directory (Azure AD) is a Microsoft cloud-based identity and access management service. Azure AD helps employees of an organization sign in and access resources:

Azure Advanced Threat Protection (ATP)

Azure Advanced Threat Protection (Azure ATP) is a cloud-based security solution that identifies, detects, and helps you investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Comprised of: Azure ATP Portal, Azure ATP Sensor, Azure ATP Cloud Service. ATP is part of EMS E5

Azure Advisor

Azure Advisor is a free service built into Azure that provides recommendations on high availability, security, performance, and cost. Advisor analyzes your deployed services and looks for ways to improve your environment across those four areas.

Azure Application Gateway

Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. It is the connection through which users connect to your application. With Application Gateway you can route traffic based on source IP address and port to a destination IP address and port. You also can help protect a web application with a web application firewall, redirection, session affinity to keep a user on the same server, and many more configuration options.

Azure CLI

Azure CLI is a cross-platform command-line program that connects to Azure and executes administrative commands on Azure resources. Cross platform means that it can be run on Windows, Linux, or macOS.

Azure Cloud Shell

Azure Cloud Shell is a browser-based scripting environment in your portal. It provides the flexibility of choosing the shell experience that best suits the way you work. Linux users can opt for a Bash experience, while Windows users can opt for PowerShell.

Azure DevOps Services

Azure DevOps Services (formerly known as Visual Studio Team Services (VSTS)), provides development collaboration tools including high-performance pipelines, free private Git repositories, configurable Kanban boards, and extensive automated and cloud-based load testing

Azure Event Grid

Azure Event Grid allows you to easily build applications with event-based architectures. It's a fully-managed, intelligent event routing service that uses a publish-subscribe model for uniform event consumption. Event Grid has built-in support for events coming from Azure services, such as storage blobs and resource groups.

Azure Firewall

Azure Firewall is a managed, cloud-based, network security service that protects your Azure Virtual Network resources. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. Azure Firewall provides many features, including: • Built-in high availability. • Unrestricted cloud scalability. • Inbound and outbound filtering rules. • Azure Monitor logging.

Azure Key Vault

Azure Key Vault is a centralized cloud service for storing your applications' secrets. Key Vault helps you control your applications' secrets by keeping them in a single, central location and by providing secure access, permissions control, and access logging capabilities.

Azure Management Groups

Azure Management Groups are containers for managing access, policies, and compliance across multiple Azure subscriptions. Management groups allow you to order your Azure resources hierarchically into collections, which provides a further level of classification that is above the level of subscriptions.

Azure Monitor

Azure Monitor for VMs is a service that monitors your Azure VMs at scale, by analyzing the performance and health of your Windows and Linux VMs (including their different processes and interconnected dependencies on other resources, and external processes). Azure Monitor for VMs includes support for monitoring performance and application dependencies for VMs hosted on-premises, and for VMs hosted with other cloud providers.

Azure Monitor

Azure Monitor for containers is a service that is designed to monitor the performance of container workloads, which are deployed to managed Kubernetes clusters hosted on Azure Kubernetes Service (AKS). It gives you performance visibility by collecting memory and processor metrics from controllers, nodes, and containers, which are available in Kubernetes through the metrics API. Container logs are also collected.

Azure Monitor

Azure Monitor maximizes the availability and performance of your applications by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on

Azure Policy

Azure Policy is a service in Azure that you use to create, assign, and, manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service-level agreements (SLAs). Azure Policy does this by using policies and initiatives. It runs evaluations of your resources and scans for those not compliant with the policies you have created. For example, you can have a policy to allow only a certain stock keeping unit (SKU) size of virtual machines (VMs) in your environment. Once you implement this policy, it will evaluate resources when you create new ones or update existing ones. It will also evaluate your existing resources.

Azure Portal

Azure Portal is a website that you can access with a web browser, by going to the URL https://portal.azure.com. From here you can interact manually with all the Azure services. You can identify a service you are looking for, obtain links for help and more learning on particular topics, and deploy, manage and delete resources. It also guides you through complex administrative tasks by providing wizards and tooltips.

Azure PowerShell

Azure PowerShell is a module that you add to Windows PowerShell or PowerShell Core that enables you to connect to your Azure subscription and manage resources. Azure PowerShell requires Windows PowerShell to function. PowerShell provides services such as the shell window and command parsing. Azure PowerShell then adds the Azure-specific commands. For example, Azure PowerShell provides the New-AzureRmVM command that creates a virtual machine for you inside your Azure subscription. To use it, you would launch PowerShell, sign in to your Azure account using the command Connect-AzureRMAccount, and then issue a command such as:

Azure Resource Manager

Azure Resource Manager is a management layer in which resource groups and all the resources within it are created, configured, managed, and deleted. You can deploy application resources, organize resources, and control access and resources.

Azure Service Health

Azure Service Health is a suite of experiences that provide personalized guidance and support when issues with Azure services affect you. It can notify you, help you understand the impact of issues, and keep you updated as the issue is resolved. Azure Service Health can also help you prepare for planned maintenance and changes that could affect the availability of your resources.

Azure Compliance Offerings

CJIS, CSA Star, GDPR, EU Model Clauses, FedRAMP, DFARS, FERPA, HIPPA, ISO/IEC 27018, Multi-Tier Cloud Security, Service Organization Controls, NSIT, CSF

Azure Cost Management

Cost Management is an Azure product that provides a set of tools for monitoring, allocating, and optimizing your Azure costs. The main features of the Azure Cost Management toolset include: • Reporting. Generate reports using historical data to forecast future usage and expenditure. • Data enrichment. Improve accountability by categorizing resources with tags that correspond to real-world business and organizational units. • Budgets. Create and manage cost and usage budgets by monitoring resource demand trends, consumption rates, and cost patterns. • Alerting. Get alerts based on your cost and usage budgets. • Recommendations. Receive recommendations to eliminate idle resources and to optimize the Azure resources you provision. • Price. Free to Azure customers.

PaaS Advantages

No capex, more agile than IaaS, consumption based, no deep technical required

Service Trust Portal

The Service Trust Portal (STP) hosts the Compliance Manager service, and is the Microsoft public site for publishing audit reports and other compliance-related information relevant to Microsoft's cloud services. STP users can download audit reports produced by external auditors and gain insight from Microsoft-authored reports that provide details on how Microsoft builds and operates its cloud services.

Total Cost of Ownership (TCO) Calculator

The Total Cost of Ownership (TCO) Calculator is a tool that you use to estimate cost savings you can realize by migrating to Azure. To use the TCO calculator, complete the three steps that the following sections explain. Step 1: Define your workloads Enter details about your on-premises infrastructure into the TCO calculator according to four groups: • Servers. Enter details of your current on-premises server infrastructure. • Databases. Enter details of your on-premises database infrastructure in the Source section. In the Destination section, select the corresponding Azure service you would like to use. • Storage. Enter the details of your on-premises storage infrastructure. • Networking. Enter the amount of network bandwidth you currently consume in your on-premises environment. Step 2: Adjust assumptions Adjust the values of key assumptions that the TCO calculator makes, which might vary between customers. To improve the accuracy of the TCO calculator, you should adjust the values so they match the costs of your current on-premises infrastructure. The assumption values you can adjust include: • Storage costs • IT labor costs • Hardware costs • Software costs • Electricity costs • Virtualization costs • Datacenter costs • Networking costs • Database costs Step 3: View the report The TCO calculator generates a detailed report based on the details you enter and the adjustments you make. The report allows you to compare the costs of your on-premises infrastructure with the costs using Azure products and services to host your infrastructure in the cloud.

Azure Security Center

• Provide security recommendations based on your configurations, resources, and networks. • Monitor security settings across on-premises and cloud workloads, and automatically apply required security to new services as they come online. • Continuously monitor all your services, and perform automatic security assessments to identify potential vulnerabilities before they can be exploited. • Use machine learning to detect and block malware from being installed on your virtual machines and services. You can also define a list of allowed applications to ensure that only the apps you validate are allowed to execute. • Analyze and identify potential inbound attacks, and help to investigate threats and any post-breach activity that might have occurred. • Provide just-in-time access control for ports, reducing your attack surface by ensuring the network only allows traffic that you require.

7 Kinds of Azure Storage

1. Structured Data 2. Semi-structured data 3. Unstructured data 4. Blob Storage 5. Disk Storage 6. File Storage 7. Archive Storage

Database sharding

A type of partitioning that lets you divide your large database into smaller databases, which can be managed faster more easily across servers

Archive storage

Archive storage provides a storage facility for data that is rarely accessed. It allows you to archive legacy data at low cost to what it would traditionally have cost to create and maintain archives. Archive storage is available as a tier of Blob Storage, object data in the most cost-effective manner. It is stored offline and offers the lowest storage costs. However, it also has the highest access cost, hence it is suited for archival data that is rarely accessed. Archive storage is intended for data that can tolerate several hours of retrieval latency and will remain archived for at least 180 days.

Availability Sets

Availability sets are a way for you to ensure your application remains online if a high-impact maintenance event is required, or a hardware a failure occurs. Availability sets are made up of update domains and fault domains.

Availability Zones

Availability zones are physically separate locations within an Azure region. Each availability zone is made up of one or more datacenters equipped with independent power, cooling, and networking. It is set up to be an isolation boundary. If one availability zone goes down, the other continues working. The availability zones are typically connected to each other through very fast, private fiber-optic networks. Availability zones allow customers to run mission-critical applications with high availability and low-latency replication. Availability zones are offered as a service within Azure, and to ensure resiliency, there's a minimum of three separate zones in all enabled regions. Regions that support Availability Zones include Central US, North Europe, SouthEast Asia, and more.

Blob Storage

Azure Blob Storage is unstructured, meaning that there are no restrictions on the kinds of data it can hold. Blobs are highly scalable and apps work with blobs in much the same way as they would work with files on a disk, such as reading and writing data. Blob Storage can manage thousands of simultaneous uploads, massive amounts of video data, constantly growing log files, and can be reached from anywhere with an internet connection. Blobs aren't limited to common file formats. A blob could contain gigabytes of binary data streamed from a scientific instrument, an encrypted message for another application, or data in a custom format for an app you're developing.

Azure Container Instances

Azure Container Instances offers the fastest and simplest way to run a container in Azure without having to manage any virtual machines or adopt any additional services. It is a PaaS offering that allows you to upload your containers, which it will run for you

Azure Data Service Types

Azure Cosmos DB, Azure SQL Database, Azure Database Migration

Azure Data Lake Analytics

Azure Data Lake Analytics is an on-demand analytics job service that simplifies big data. Instead of deploying, configuring, and tuning hardware, you write queries to transform your data and extract valuable insights. The analytics service can handle jobs of any scale instantly by setting the dial for how much power you need. You only pay for your job when it is running, making it more cost-effective

Azure DevTest Labs

Azure DevTest Labs is a service that helps developers and testers quickly create environments in Azure, while minimizing waste and controlling cost. Users can test their latest application versions by quickly provisioning Windows and Linux environments using reusable templates and artifacts. You can easily integrate your deployment pipeline with DevTest Labs to provision on-demand environments. With DevTest Labs you can scale up your load testing by provisioning multiple test agents, and create pre-provisioned environments for training and demos

File storage

Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol. Azure file shares can be mounted concurrently by cloud or on-premises deployments of Windows, Linux, and MacOS. Applications running in Azure virtual machines or cloud services can mount a file storage share to access file data, just as a desktop application would mount a typical SMB share. Any number of Azure virtual machines or roles can mount and access the file storage share simultaneously. Typical usage scenarios would be to share files anywhere in the world, diagnostic data, or application data sharing

Azure Functions

Azure Functions are ideal when you're only concerned with the code running your service and not the underlying platform or infrastructure. Azure Functions are commonly used when you need to perform work in response to an event—often via a REST request, timer, or message from another Azure service—and when that work can be completed quickly, within seconds or less. Azure Functions scale automatically and charges accrue only when a function is triggered, so they're a solid choice when demand is variable. For example, you may be receiving messages from an IoT solution that monitors a fleet of delivery vehicles. You'll likely have more data arriving during business hours. Azure Functions can scale out to accommodate these busier times. Furthermore, Azure Functions are stateless; they behave as if they're restarted every time they respond to an event. This is ideal for processing incoming data. And if state is required, they can be connected to an Azure storage service

Azure HDInsight

Azure HDInsight is a fully managed, open-source analytics service for enterprises. It is a cloud service that makes it easier, faster, and more cost-effective to process massive amounts of data. HDInsight allows you run popular open-source frameworks and create cluster types such as Apache Spark, Apache Hadoop, Apache Kafka, Apache HBase, Apache Storm, Machine Learning Services. HDInsight also supports a broad range of scenarios such as extraction, transformation, and loading (ETL); data warehousing; machine learning; and IoT

Azure IoT Hub

Azure IoT Hub is a managed service hosted in the cloud that acts as a central message hub for bi-directional communication between your IoT application and the devices it manages. You can use Azure IoT Hub to build IoT solutions with reliable and secure communications between millions of IoT devices and a cloud-hosted solution backend. You can connect virtually any device to your IoT Hub.

Azure Kubernetes Service

Azure Kubernetes Service (AKS) is a complete orchestration service for containers with distributed architectures and large volumes of containers

Azure Load Balancer

Azure Load Balancer can provide scale for your applications and create high availability for your services. Load Balancer supports inbound and outbound scenarios, provides low latency and high throughput, and scales up to millions of flows for all Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) applications. You can use Load Balancer with incoming internet traffic, internal traffic across Azure services, port forwarding for specific traffic, or outbound connectivity for VMs in your virtual network

Azure Logic Apps

Azure Logic Apps is a cloud service that helps you automate and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations. Logic Apps simplifies how you design and build scalable solutions—whether in the cloud, on premises, or both—for app integration, data integration, system integration, enterprise application integration (EAI), and business-to-business (B2B) integration. Logic Apps are designed in a web-based designer and can execute logic triggered by Azure services without writing any code. To build enterprise integration solutions with Azure Logic Apps, you can choose from a growing gallery of over 200 connectors. These include services such as Salesforce, SAP, Oracle DB, and file shares

Azure Machine Learning Studio

Azure Machine Learning Studio is a collaborative, drag-and-drop visual workspace where you can build, test, and deploy machine learning solutions without needing to write code. It uses pre-built and pre-configured machine learning algorithms and data-handling modules

Azure Marketplace

Azure Marketplace is a service on Azure that helps connect end users with Microsoft partners, independent software vendors (ISVs), and start-ups that are offering their solutions and services, which are optimized to run on Azure. Azure Marketplace allows customers—mostly IT professionals and cloud developers—to find, try, purchase, and provision applications and services from hundreds of leading service providers, all certified to run on Azure

Azure SQL Data Warehouse

Azure SQL Data Warehouse is a cloud-based Enterprise Data Warehouse (EDW) that leverages MPP to run complex queries quickly across petabytes of data. You can use SQL Data Warehouse as a key component of a big data solution by importing big data into SQL Data Warehouse with simple PolyBase Transact-SQL (T-SQL) queries, and then use the power of MPP to run high-performance analytics. Once data is stored in SQL Data Warehouse, you can run analytics at massive scale. Compared to traditional database systems, analysis queries finish in seconds instead of minutes, or hours instead of days

Azure SQL Database

Azure SQL Database is a relational database as a service (DaaS) based on the latest stable version of Microsoft SQL Server database engine. SQL Database is a high-performance, reliable, fully managed and secure database that you can use to build data-driven applications and websites in the programming language of your choice without needing to manage infrastructure

Azure Storage

Azure Storage is a service that you can use to store files, messages, tables, and other types of information. You can use Azure Storage on its own (for example as a file share), but developers also often use it as a store for working data. Such stores can be used by websites, mobile apps, desktop applications, and many other types of custom solutions. Azure Storage is also used by IaaS virtual machines, and PaaS cloud services.

Technical skill requirements and considerations

Cloud services can provide and manage hardware and software for workloads. Therefore, getting a workload up and running with cloud services demands less technical resources than having IT teams build and maintain physical infrastructure for handling the same workload. A user can be expert in the application they want to run without having to need skills to build and maintain the underlying hardware and software infrastructure.

Common IaaS Usage

Migrating workloads, dev-test, website hosting, storage, backup, and recovery

Containers

Containers are a virtualization environment. However, unlike virtual machines they do not include an operating system. Instead, they reference the operating system of the host environment that runs the container. Containers are meant to be lightweight and are designed to be created, scaled out, and stopped dynamically. This allows you to respond to changes on demand and quickly restart in case of a crash or hardware interruption. Azure supports Docker containers, and there several ways to manage both Docker and Microsoft-based containers in Azure.

Customer latency capabilities

If customers are experiencing slowness with a particular cloud service, they are said to be experiencing some latency. Even though modern fiber optics are fast, it can still take time for services to react to customer actions if the service is not local to the customer. Cloud services have the ability deploy resources in datacenters around the globe, thus addressing customer latency issues.

SaaS characteristics

No upfront costs; just subscription. No maintenance required.

Public Cloud Characteristics

Ownership by CSP, multiple end users in multiple organizations, public access, availability, connectivity via web browser, skills; not deep technical.

Scalability

The ability to increase or decrease resources for any given workload. You can add additional resources to service a workload (known as scaling out), or add additional capabilities to manage an increase in demand to the existing resource (known as scaling up). Scalability doesn't have to be done automatically.

Disaster recovery

The ability to recover from an event which has taken down a cloud service. Cloud services disaster recovery can happen very quickly with automation and services being readily available to use.

Hybrid Cloud Characteristics

Resource location can be private or public depending on needs. Allows leverage of cost and efficiency of public while having security of private. The org retains management and control in the private clouds. Tech skills are same as the other two.

Structured Data

Structured data is data that adheres to a schema, so all of the data has the same fields or properties. Structured data can be stored in a database table with rows and columns. Structured data relies on keys to indicate how one row in a table relates to data in another row of another table. Structured data is also referred to as relational data, as the data's schema defines the table of data, the fields in the table, and the clear relationship between the two. Structured data is straightforward in that it's easy to enter, query, and analyze. All of the data follows the same format. Examples of structured data include, sensor data or financial data.

Azure Database Migration

The Azure Database Migration Service is a fully-managed service designed to enable seamless migrations from multiple database sources to Azure data platforms with minimal downtime (online migrations). The service uses the Microsoft Data Migration Assistant to generate assessment reports that provide recommendations to help guide you through required changes prior to performing a migration. Once you assess and perform any remediation required, you're ready to begin the migration process. The Azure Database Migration Service performs all of the required steps

Azure Machine Learning Service

The Azure Machine Learning service provides a cloud-based environment you can use to develop, train, test, deploy, manage, and track machine learning models. It fully supports open-source technologies, so you can use tens of thousands of open-source Python packages with machine learning components such as TensorFlow and scikit-learn. Rich tools, such as Jupyter notebooks or the Visual Studio Code Tools for AI, make it easy to interactively explore data, transform it, and then develop, and test models. Azure Machine Learning service also includes features that automate model generation and tuning to help you create models with ease, efficiency, and accuracy. The Azure Machine Learning service can auto-generate a model and auto-tune it for you. It will let you start training on your local machine, and then scale out to the cloud. When you have the right model, you can easily deploy it in a container such as Docker in Azure. Use Machine Learning service if you work in a Python environment, you want more control over your machine learning algorithms, or you want to use open-source machine learning libraries

Platform as a Service (PaaS)

The goal of PaaS is to help create an application as quickly as possible without having to worry about managing the underlying infrastructure. For example, when deploying a web application using PaaS, you don't have to install an operating system, web server, or even system updates. • Upfront costs. There are no upfront costs, and users pay only for what they consume. The user is responsible for the development of their own applications. However, they are not responsible for managing the server or infrastructure. This allows the user to focus on the application or workload they want to run. Cloud provider ownership. The cloud provider is responsible for operating system management, and network and service configuration. Cloud providers are typically responsible for everything apart from the application that a user wants to run. They provide a complete managed platform on which to run an application.

DevOps

The union of people, process, and technology to enable continuous delivery of value to customers. The practice of DevOps brings development and operations teams together to speed software delivery and make products more secure and reliable.

Operational Expenditure (OpEx)

This is spending money on services or products now and being billed for them now. You can deduct this expense from your tax bill in the same year. There is no upfront cost, you pay for a service or product as you use it.

Capital Expenditure (CapEx)

This is the spending of money on physical infrastructure up front, and then deducting that expense from your tax bill over time. CapEx is an upfront cost which has a value that reduces over time.

Scaling Up

To add additional capabilities to manage an increase in demand to the existing resource

Business analytics tools

Tools that extract data from business systems and integrate it into a repository, such as a data warehouse, where it can be analyzed. Analytics tools range from spreadsheets with statistical functions to sophisticated data mining and predictive modeling tools.

BI Tools

Tools that process large amounts of unstructured data in books, journals, documents, health records, images, files, email, video, and so forth, to help you discover meaningful trends and identify new business opportunities.

Scaling Out

Traditionally adding more resources (such as webservers).

Unstructured data

Unstructured data encompasses data that has no designated structure to it. This also means that there are no restrictions on the kinds of data it can hold. For example, a blob can hold a PDF document, a JPG image, a JSON file, video content, etc. As such, unstructured data is becoming more prominent as businesses try to tap into new data sources.

Disadvantages of Private Cloud

Upfront CapEx, deep skills needed, maintenance required, not as agile

Update domains

When a maintenance event occurs (such as a performance update or critical security patch applied to the host), the update is sequenced through update domains. Sequencing updates using update domains ensures that the entire datacenter isn't unavailable during platform updates and patching. Update domains are a logical section of the datacenter, and they are implemented with software and logic.

Shared Responsibility Model

When using IaaS, ensuring that a service is up and running is a shared responsibility: the cloud provider is responsible for ensuring the cloud infrastructure is functioning correctly; the cloud customer is responsible for ensuring the service they are using is configured correctly, is up to date, and is available to their customers.

Functions

When you're concerned only about the code running your service and not the underlying platform or infrastructure, Azure Functions are ideal. They're commonly used when you need to perform work in response to an event (often via a REST request), timer, or message from another Azure service, and when that work can be completed quickly, within seconds or less

App services

With App services, you can quickly build, deploy, and scale enterprise-grade web, mobile, and API apps running on any platform. You can meet rigorous performance, scalability, security and compliance requirements while using a fully managed platform to perform infrastructure maintenance. App Services is a platform as a service (PaaS) offering

Azure Management Tools

You can configure and manage Azure using a broad range of tools and platforms. There are tools available for the command line, language-specific Software Development Kits (SDKs), developer tools, tools for migration, and many others. Tools that are commonly used for day-to-day management and interaction include: Azure Portal, for interacting with Azure via a Graphical User Interface (GUI); Azure PowerShell, Azure Command-Line Interface (CLI), and Azure Cloud Shell, for command line and automation-based interactions with Azure.

Azure Regions (special)

• US DoD Central, US Gov Virginia, US Gov Iowa and more: These are physical and logical network-isolated instances of Azure for US government agencies and partners. They are operated by screened US persons. Includes additional compliance certifications. • China East, China North and more: These regions are available through a unique partnership between Microsoft and 21Vianet, whereby Microsoft does not directly maintain the datacenters. • Germany Central and Germany Northeast: These regions are available through a data trustee model whereby customer data remains in Germany under control of T-Systems, a Deutsche Telekom company, acting as the German data trustee. Any user or enterprise who needs their data to reside in Germany can use this service.