AZ-900
Serverless Computing
a set of Azure services that allow you to use execute code in the cloud but don't require (or even allow) you to manage the underlying server or have any control over its performance; functions, logic apps, and app grid are examples of serverless computing in Azure
Azure Traffic Manager
Distributes network traffic across Azure regions worldwide; load-balancing solution
Azure Kubernetes Service
Kubernetes containers in Azure; Runs on virtual machine scale sets; has auto-scaling but also requires more overhead to run
Shared Security Model
Microsoft is responsible for physical security of the servers and buildings, the maintenance of the hardware in their environment, the security of their support tools, and malicious use by their employees. You are responsible for your data, your apps, the cryptographic keys that you generate, the access keys Microsoft gives you, your code, etc.
Azure Active Directory
Microsoft's preferred Identity as a Service solution Azure AD revolves around users, groups, and applications and managing the permissions between those objects; when switching from one Azure AD tenant to another AD tenant, all people with access love access, SMI are not re-enabled, if the subscription has AKS the clusters lose functionality; Pricing options: Free- With the Free edition of Azure AD you can manage user accounts, synchronize with on-premises directories, get single sign on across Azure, Office 365 and thousands of popular SaaS applications like Salesforce, Workday, Concur, DocuSign, Google Apps, Box, Service Now, Dropbox, and more. Premium- group-based access management, self-service password reset for cloud applications, Azure Active Directory application proxy (to publish on-premises web applications using Azure Active Directory), customizable environment for launching enterprise and consumer cloud applications, and an enterprise-level SLA of 99.9 percent uptime, MFA, Advances security reports and alerts, Microsoft Identity Manage (MIM), Azure Active Directory Connect Health Cannot have multiple Azure AD tenants per subscription; if subscription expires, the Azure AD directory remains in Azure. You can associate and manage the directory using a different subscription Join: Windows Register: BYOD & Mobile
Machine Learning Studio
Provides a collaborative drag and drop visual workplace to work with machine learning solutions. It allows you to create solutions without the need for coding. You can build, test and deploy predictive analytics solutions on your data
Machine Learning Service
The Azure service that provides an end-to-end machine learning service. It is also a collection of tools that help you build AI applications. It also automatically recognizes your trends and creates machine learning models that you can use. [Can use own code]
Compute Services
a category of services in Azure that provides CPU cycles for rent
Storage Services
a category of services in Azure that provides cheap, infinite file storage
Database Services
a category of services in Azure that provides fast, structured and unstructured data storage
Networking Services
a category of services in Azure that provides network connectivity, performance, and monitoring services for inter-server and Internet communication
Azure Databricks
a central dashboard for managing big data in Azure, where data scientists, data analysts, and data developers can work together to derive business intelligence from data; workspace for visualizing data
Azure Initiative
a collection of Azure Policies targeted towards reaching a single overall goal. This simplifies managing and assigning policy definitions by grouping a set of policies as a single item. The same initiative can be assigned to multiple scopes to include resources, resource groups, subscriptions, or management groups. An initiative can only contain policies that are located in the same subscription.
Command Line Interface (CLI)
a command line tool that allows you to manage your Azure subscription and resources using scripts or commands; works on Mac, Linux and Windows; supported in Azure Cloud Shell; executed commands in an interactive environment
VPN Gateway
a device that allows encrypted private communication between a single computer or a network of servers, and an Azure network; IaaS; AKA Virtual network gateway; needs to be located in a designated subnet in the Azure VNet called a gateway subnet
Resource Groups
a folder structure in Azure in which you organize resources like databases, virtual machines, virtual networks, or almost any resource; each resource can only be in one resource group; cannot have a resource group in a resource group
Azure Datacenter
a group of interconnected buildings in the same location that contain all the servers, power, wiring and internet connectivity to run Azure services
Hypervisor
a layer that runs on top of the physical server OS that allows multiple guest operating systems (VM) to run in an isolated manner on top
Azure SQL Database
a managed database solution that is compatible with SQL Server; PaaS
Hybrid Cloud
a mixture between your own private networks and servers, and using the public cloud for some things. Typically used to take advantage of the unlimited , inexpensive growth benefits of the public cloud
Azure Marketplace
a place for Microsoft and third-parties to offer their own solutions that are compatible with Azure; you'll find lots of vendors you'll recognize like Cisco, Citrix, Barracuda Networks, Oracle, etc.
Virtual Network
a representation of a real network; all virtual machines must be connected to a virtual network subnet, and this allows them to talk to each other and to the Internet as long as it follows the rules of the network that you define; IaaS
ARM Templates
json files used to define infrastructure and configuration for azure resources; used to create identical resources quickly
Azure Archive Storage
long term cold storage for when you need to hold onto files for years on the cheapest storage options; data must be rehydrated before it can be accessed
Microsoft Cloud Adoption Framework
1. Define Strategy 2. Plan 3. Ready 4. Adopt (During 2-4) Govern & Manage
File Storage
Access is provided to other VMs, as well as on-premises, through the use of SMB protocol, REST, and native client libraries
Azure DevTest Labs
Azure DevTest Labs is a service that helps developers and testers quickly create environments in Azure, while minimizing waste and controlling cost. Users can test their latest application versions by quickly provisioning Windows and Linux environments using reusable templates and artifacts (ARM Templates). You can easily integrate your deployment pipeline with DevTest Labs to provision on-demand environments. With DevTest Labs you can scale up your load testing by provisioning multiple test agents, and create pre-provisioned environments for training and demos
Security Layers in Cloud Computing
Data: virtual network endpoint, limit SQL Server user rights Application: run API management in front of APIs Compute: limit remote desktop access, limit ssh, run Windows update Network: set up an NSG, use subnets, deny traffic by default Perimeter: DDoS protection, firewalls Identity & Access: Azure AD Physical: Door locks, fingerprint readers, and key cards
Big Data
a set of open source (Apache Hadoop) products that can do analysis on millions and billions of rows of data; current tolls like SQL Server are not good for this scale; Azure solutions include Azure HDInsight, Azure Databricks, and Azure Synapse Analytics
Regions
a set of related, interconnected datacenters which are no more than a few miles apart; you must select a region when creating most Azure services; there are currently 54 active or planned worldwide; the most of any cloud computing provider; you will not have access to all 54 because some of them are restricted
Azure DevOps
a set of tools to help companies manage development from development to deployment. Includes project management tools such as Boards and deployment tools such as Pipelines.
Azure Cognitive Services
a simplified tool to build intelligent Artificial Intelligence (AI) applications, services include computer vision, speech-to-text, text-to-speech, speaker recognition, language understanding api, sentiment analysis, translator service, bing search apis, anomaly api, content moderator, personalizer
Azure Advisor
a tool that will analyze your use of Azure and make you specific recommendations based on your usage across availability, security, performance and cost categories
Azure Information Protection (AIP)
a way to classify emails and documents; like a DRM for documents; secret, top secret, public, etc.; enforced by Outlook 365
Cloud Shell
allows access to the CLI and PowerShell consoles in the Azure Portal
Content Delivery Network
allows you to improve performance by removing the burden of serving static, unchanging files from the main server to a network o servers around the globe; a CDN can reduce traffic to a server by 50% or more, which means you can serve more users or serve the same users faster; SaaS
App Services
allows you to upload your code and configuration into Azure, and Azure will run the application as you specify; lots of integrations with Visual Studio, and other features and benefits provided on this platform; PaaS Paid options: Free = 1 GB Shared = 1 GB Basic = 10 GB Standard = 50 GB Premium = 250 GB Isolated = 1 TB
PowerShell
another type of command line tool; works on Mac, Linux and Windows; supported in Azure Cloud Shell; executed commands in an interactive environment; must have PowerShell module installed not just the PowerShell core to run on Mac, Linux, & Windows
Backup and Recovery Storage
as you'd expect, this is a specialized storage account that will manage your backups from virtual machines and perform recoveries
Benefits of cloud services
availability, scalability, elasticity, agility, fault tolerance, disaster recovery, economies of scale
Block Blob
block blobs store text and binary data, up to about 4.7 TB; block blobs are made up of blocks of data that can be managed individually.
Azure Event Grid
build apps with event-based architectures; connects data sources and event handlers
Append Blob
can only append blocks; ideal for logs
Private Cloud
cloud services offered only to select users. This is sometimes called an "internal cloud". Looks and acts like a cloud computing, but uses resources and servers available only to your company/organization
Public Cloud
cloud services provided over the public internet to anyone who wants to sign up for them
Relationship between OpEx & CapEx with Cloud Computing
costs shift from capital expenditures to operational expenditures when you move to cloud resources
Azure Sphere
creates an end-to-end, highly secure IoT solution for customers that encompasses everything from the hardware and operating system on the device to the secure method of sending messages from the device to the message hub.
Azure SQL Data Warehouse
designed for analyzing and reporting on huge data sources; not for inserts or updates; just reports; new name: Azure Synapse Analytics; high availability with SLA of 99.9%
Azure Virtual Desktop
desktop and app virtualization service in Azure; direct access to an app running on a VM; supports multi-sessions; publish as many host pools as you need to accommodate your diverse workloads
Cosmos DB
extremely low latency (fast) storage designed for smaller pieces of data quickly; PaaS; unstructured and JSON data; multi-region support
Azure Files
fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol. Seamless integration with Windows and Windows Server;
Azure IoT Central
fully-managed global IoT SaaS solution that makes it easy to connect, monitor, and manage your IoT assets at scale
Azure Policy
implement standards for your organization across Azure Rules can be enforced by blocking the action or just reporting the action; non-compliant resources will be tagged but functionality will not stop
Azure HDInsight
includes open-source analytics tools like Apache Hadoop
Types of Computing Services
infrastructure as a service (IAAS), platform as a service (PAAS), software as a service (SAAS)
Community Cloud
infrastructure is shared between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.)
Azure Bot Service
intelligent, serverless bot service that scales on demand
Virtual Machines
looks, acts, feels, tastes like a real server in front of you; except it's running inside Azure's data center in a virtualized environment; Azure supports Windows and Linux virtual machines, with dozens of varieties of each; IaaS; in portal includes Maintenance status that could affect your VMs
Artificial Intelligence
machine learning APIs offered in Azure that can analyze voice, text, images, videos, natural language processing, and do various intelligent actions based on that; can do chatbots, real time transcription, translation, etc.; Azure Solutions include: Azure Cognitive Services and Azure Bot Service
Azure SQL Database for MySQL
managed MySQL database in Azure
Azure SQL Database for PostgreSQL
managed PostgreSQL database in Azure
Azure IoT Hub
managed service hosted in the cloud that acts as a central message hub for bi-directional communication between your IoT application and the devices it manages. You can use Azure IoT Hub to build IoT solutions with reliable and secure communications between millions of IoT devices and a cloud-hosted solution backend. You can connect virtually any device to your IoT Hub.
Azure Advanced Threat Protection (ATP)
monitor Azure AD and detect when users are behaving differently than they normally do; requires additional login requirements like MFA or even locks them out when they do
Local Network Gateway
object in Azure that represents your on-premise VPN device
Authorization
once we know who you are, what permissions do they have
Cloud Computing Deployment Models
public cloud, private cloud, hybrid cloud, community cloud
Page Blob
random access files up to 8 TB in size; VM disks and databases; frequent random read/write applications
Azure Logic Apps
serverless workflow orchestration to let you integrate apps, data, systems, and services across enterprises or organizations
Admin/Root Access
should be reserved for the very few trusted people
Managed Disk
slightly more expensive, but this will allow Azure to provide some additional features that reduce the burden of managing your own storage account; pay per month for a provided GB limit; IaaS
Azure Functions
small pieces of code that are designed to perform some task quickly; these are like connector code designed to do small things; serverless model; provides a solution for building highly reliable and secure serverless apps that supports multiple programming languages
AD Connect
software that can synchronize your on premises Active Directory with Azure Ad
Load Balancer
sometimes called a level-4 load balancer; allows you to improve performance by splitting work among two or more identical machines; allows for horizontal scaling of application performance by adding more servers; IaaS
Application Gateway
sometimes called a level-7 load balancer; a type of load balancer that operates at the application level and can understand HTTP syntax; it can make load balancing decisions off a domain name. or part of a URL path; IaaS
Azure Cloud Shell
supports the use of Azure CLI, Azure Powershell, and bash to manage Linux, Windows, and Mac OS VMs; accessible via mobile Android or iOS
Elasticity
the ability of a system to automatically grow when automatically grow when maximum capacity is reached and automatically shrink to minimize waste
Scalability
the ability of a system to grow it's capacity "easily" when a system reaches maximum capacity
Disaster Recovery
the ability to recover from a big failure within an acceptable period of time, with an acceptable amount of data lost
Agility
the ability to respond to change "rapidly" based on changes to market or environment
Fault Tolerance
the ability to tolerate hardware failures in your system, required to achieve high availability
Single-Sign On
the ability to use the same user id and password to log into every application that your company has; enabled by Azure AD
Multi-Factor Authentication (MFA)
the concept of having something additional to a "password" that is required to log in; passwords are findable or guessable; but having your mobile phone on you to receive a phone call, text or run an app to get a code is harder for an unknown hacker to get; required for authentication when supporting users on on-premises Active Directory (AD) only
Azure Key Vault
the modern way to store cryptographic keys, signed certificates and secrets in Azure; specifically for server applications not Azure AD; all encrypted
Economies of Scale
the more you buy something, the cheaper it is per unit to buy and the cheaper it is to maintain
Governance
the policies and procedures of your company that protect your account and your data
Azure Container Instances (ACI)
the quickest way to create a container on Azure. You can deploy an image to Azure in about a minute. It can be used in production, but is not easily scalable.
Azure Portal
the website located at http://portal.azure.com that we use to manage your Azure subscription and resources using a friendly user interface
Virtual Machine Scale Sets
these are a set of identical virtual machines that are designed to auto-scale up and down based on user demand; IaaS
Azure Resource Manager (ARM)
this is the common resource deployment model that underlies all resource creation or modification; no matter whether you use the portal, PowerShell or the SDK, the Azure Resource Manager takes those commands and executes them
Infrastructure as a Service (IAAS)
this is the computing paradigm where Azure provides you the virtual hardware (vm, load balancer, vnet), and you can have complete control over that. It replicates the exact function of equipment that you'd have in your own data center (like server, firewall, router, etc). Examples: VM, Load Balancer, Application Gateway, VNet
Internet of Things
thousands or millions of devices around the world that collect data and send them back to the cloud for processing; Azure solutions include Azure IoT Central, Azure IoT Hub, Azure Sphere
Azure Security Center
unified security management and threat protection; a security dashboard inside Azure Portal; also can be used to test whether or not an Azure environment passes regulatory standards (security score); also has JIT VM access- reduces exposure to attacks while providing easy access when you need to connect to a VM;
Availability Zones
unique physical locations within an Azure region, made up of one or more datacenters; there is a minimum of three zones in each region; you can manually place your resources in an availability zone for highest availability
Blob Storage
unstructured data like files and documents;
Availability
what percentage of time does a system respond properly to requests, expressed as a percentage over time
Azure Database Migration Service
will help you migrate your database
Custom Policies
you can create your own policies if the built-in ones don't meet your needs
Software as a Service (SAAS)
you lose even more control over the hardware and the software; generally, Azure provides you an application that they developed and you just configure it to your usage. You are a tenant using their software Examples: Azure Database, Cosmo DB, Outlook 365
Platform as a Service (PAAS)
you lose some control over the hardware; generally, you upload your code and just configure the environment in Azure to run it; no installing required Examples: App Services, Web Apps
Authentication
you provide something that proves who you are, like userid and password; multi-factor authentication falls into this category
