Azure 900
Defense in Depth
7. Physical Security 6. Identity & Access 5. Perimeter 4. Network 3. Compute 2. Application 1. Data
Azure Container Instances
A PaaS offering that allows you to upload your containers, which it then will run for you
Virtual Private Network (VPN)
A PaaS offering to build, deploy, and scale enterprise-grade web, mobile, and API apps
Azure Cloud Shell
A browser-based scripting environment in Azure portal. It provides flexibility by allowing you to choose your preferred shell experience. Linux users can opt for a Bash experience, and Windows users can opt for PowerShell. -Azure Cloud Shell allows access to the CLI and Powershell consoles in the Azure Portal Ex. You have an Azure web app. You need to manage the settings of the web app from an iPhone.
Azure PowerShell
A browser-based scripting environment in Azure portal. It provides flexibility by allowing you to choose your preferred shell experience. Linux users can opt for a Bash experience, and Windows users can opt for PowerShell. CANNOT be used to create Azure Resource Manager templates provides a set of cmdlets that use the Azure Resource Manager model for managing your Azure resources. Azure PowerShell virtual machine (VM) management is not limited to just Windows VMs NO BENEFIT of using PowerShell over CLI Ex. support engineer plans to perform several Azure management tasks by using the Azure CLI. You install the CLI on a computer. You need to tell the support engineer which tools to use to run the CLI. - PowerShell & Command Prompt -would not run on a computer that runs Linux and has the Azure CLI tools installed -would run on the script on a machine tha thas Chrome OS installed and uses Azure Cloud Shell -Would be able to run the script on a machine that has macOS and Powershell core installed
Azure Logic Apps
A cloud service that helps you automate and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations. -provides a platform for creating workflows
Azure SQL Data Warehouse
A cloud-based Enterprise Data Warehouse (EDW) that leverages massively parallel processing (mpp) to run complex queries quickly across petabytes of data. Ex. You plan to store 20 TB of data in Azure. The data will be accessed infrequently and visualized by using Microsoft Power BI. You need to recommend a storage solution for the data. -SQL Database & Azure Database for PostgreSQL Ex. A company is planning a solution that would provide a data store that can be used to store and perform analytics on pedtabytes of data. SQL Data Warehouse would satisfy the requirement.
Azure Machine Learning Studio
A collaborative, drag-and-drop visual workspace where you can build, test, and deploy machine learning solutions without needing to write code
Azure Kubernetes Services
A container orchestrator service for managing large numbers of containers
Azure Command-Line Interface (CLI)
A cross-platform, command-line program that connects to Azure and executes administrative commands on Azure resources. Program for Windows, Linus, or MacOS Ex. You have an Azure web app. You need to manage the settings of the web app from an iPhone. Ex.
Microsoft IoT Central
A fully-managed global IoT software as a service (SaaS) solution that makes it easy to connect, monitor, and manage your IoT assets at scale makes it easy to create products that connect the physical and digital worlds.
Azure Database Migration
A fully-managed service designed to enable seamless migrations from multiple database sources to Azure data platforms with minimal downtime
Azure Event Grid
A fully-managed, intelligent event routing service that uses a publish-subscribe model for uniform event consumption
Azure HDInsight
A fully-managed, open-source analytics service for enterprises. It is a cloud service that makes it easier, faster, and more cost-effective to process massive amounts of data is a Hadoop service offering hosted in Azure that enables clusters of managed hadoop instances. Ex. A comapny is planning a solution that would provide a cloud service that makes it easy, fast, and cost-effective to analyze massive amounts of data.
Cosmos DB Service
A globally-distributed database service that enables you to elastically and independently scale throughput and storage ideal for large distributed data storage supports key-value and document data model and provides native support for NoSQL -is specifically designed to be extremely fast in responding to requests for small amounts of data (called low latency) Ex. A company wants to host a set of tables in Azure. They want absolutely zero administration of the underlying infrastructure and low latency access to data. Cosomos DB service would satisfy the requirement.
Azure IoT Hub
A managed service hosted in the cloud that acts as a central message hub for bidirectional communication between your IoT application and the devices it manages Supports communications both from the device to the cloud and from the cloud to the device. Ex. A service that provides for bi-directional connections between your IoT devices and an IoT application Ex. our company plans to deploy several million sensors that will upload data to Azure. You need to identify which Azure resources must be created to support the planned solution. -IoT Hub/Queue Storage Ex. A company want to implement an IoT solution using the service available in Azure They want to "monitor and control billions of Internet of Things assets" - IoT Hub
Azure Security Center
A monitoring service that provides threat protection across all your Azure, and on-premises, services. Azure Security Center features : provides security recommendations based on your configurations, resources, and networks. monitors security settings across your on-premises and cloud workloads. automatically applies your security policies to any new services you provision. -Available on both standard & free
Business to Customer (B2C) identity services
Add services that allow you to customize and control how users of your application sign up, sign in, and manage their user profiles. Includes integrated social identity, sign in experiences.
Azure SQL Database (PaaS)
A relational database as a service (DaaS) based on the latest stable version of the Microsoft SQL Server database engine can be deployed as a single database with its own set of resources managed via a logical server. One of the benefits of Azure SQL Data Warehouse is that high availability is built into the platform. Has the ability to Scale Ex. Your company plans to migrate all its data and resources to Azure. The company's migration plan states that only platform as a service (PaaS) solutions must be used in Azure. You need to deploy an Azure environment that supports the planned migration. -Azure App Service & SQL Databases
Resource Groups
A unit of management for resources in Azure a logical container for resources deployed in Azure -If you set permissions to a resource group, all the Azure resources in that resource group inherit the permissions •Act as containers to aggregate the resources required by an application into a single, manageable unit. •Every Azure resource must exist in one (and only one) Resource Group. It serves as a container for Azure resources like VMs and web apps is a container that holds related resources for an Azure solution. A resource cannot be a part of multiple resource groups. Resources can interact with other resources in a different resource group. Cannot be nested Ex. A company needs to deploy several VMs. Each of these VMs will have the same set of permissions. to minimize the admin overhead, you would deploy the VMs in Resource Groups Ex. A set of IAM permissions have been assigned to a resource group. The resources in the resource group automatically inherit the IAM permissions assigned to the resource group A resource group can contain resources from different regions You can add a resource to or remove a resource from a resource group at any time When you need to delegate permissions to several Azure virtual machines simultaneously, you must deploy the Azure virtual machines to the same resource group Organizing principle for Resource Groups includes Organizing: lifecycle Authorization Billing
Semi-structured data
Ad hoc schema. Less organized fields and properties than structured data. Non-relational or NoSQL data, not storable in tables, rows and columns. Books, blogs, and HTML documents are examples of semi-structured data.
Structured Data
Adhere to a schema, with same data fields or properties. Storable in relational database tables, with rows and columns. Examples include, sensor or financial data.
Operational Expenditure (OpEx)
Agile spend on services or products as needed, and get billed immediately. Deduct the expense from your tax bill in the same year. No upfront cost, pay-as-you use. Ex. company is experimenting with a new solution with high risk of failure Ex. You have 1,000 virtual machines hosted on the Hyper-V hosts in a data center. You plan to migrate all the virtual machines to an Azure pay-as-you-go subscription. You need to identify which expenditure model to use for the planned Azure solution. Virtual Machines hosted in Azure, that are the same size, don't always generate the same monthly costs.
Azure DevTest Labs
Allows you to quickly create environments in Azure while minimizing waste and controlling cost Ex. A team of developers at your company plans to deploy, and then remove, 50 customized virtual machines each week. Thirty of the virtual machines run Windows Server 2016 and 20 of the virtual machines run Ubuntu Linux. You need to recommend which Azure service will minimize the administrative effort required to deploy and remove the virtual machines.
Azure Virtual Network (IaaS)
An IaaS service to create and use VMs in the cloud You configure virtual networks through software A virtual network is scoped to a single region Ex. The company's compliance policy states that a server named FinServer must be on a separate network segment You are evaluating which Azure services can be used to meet the compliance policy requirements. Ex. A company is planning to provide an isolated environment for hosting of Virtual Machines
Azure Data Lake Analytics
An on-demand analytics job service that simplifies big data. Instead of deploying and tuning hardware, you write queries to transform your data and extract valuable insights. Ex. A company is planning to provide a cloud service that provides valuable insights on the data itself
Azure Advisor
Analyzes your deployed Azure resources and recommends ways to improve availability, security, performance, and costs. Identifies VM with low utilization •Get proactive, actionable, and personalized best practice recommendations. •Improve the performance, security, and availability of your resources. •Identify opportunities to reduce your Azure costs. Ex. -Helps you reduce spending -detects threats and vulnerabilities -ensures fault tolerance -protects data from accidental deletion -speeds up your applications
File Storage
Azure Files offers fully-managed file shares in the cloud Azure file shares cannot be mounted concurrently by cloud or on-premises deployments of Windows, Linux, and macOS.
Azure Information Protection (AIP)
Classifies and protects documents, and emails, by applying labels. AIP labels can be applied: automatically using rules and conditions defined by administrators. manually, by users. by combining automatic and manual methods, guided by recommendations. Ex. Would be to help protect credit card information Ex. Solution lets users identify email messages that should be protected through encryption, identity and authorization policies Ex. Your company implements AIP to automatically add a watermark to Microsoft Word documents that contain credit card information.
Azure Advanced Threat Protection (ATP)
Cloud-based security solution for identifying, detecting, and investigating advanced threats, compromised identities, and malicious insider actions. Consists of Azure ATP : Portal : dedicated portal for monitoring and responding to suspicious activity. Sensors : installed directly onto your domain controllers. Cloud service : runs on Azure infrastructure. Ex. You need an Azure security solution that is able to identify and investigate suspicious user activities Ex. A company wants to make use of Azure for deploument of various solutions. They want to ensure that suspicious attacks and threats to resources in their Azure account are prevented. ATP helps prevent such attacks by using in-built sensors in Azure
Azure Functions
Concerned with the code running your service and not the underlying platform or infrastructure. Creates infrastructure based on an event. -provides serverless computing functionalities is a solution for easily running small pieces of code in the cloud Functions are designed for short pieces of code that start and end quickly -Can trigger the function based off of Azure events such as a new file being saved to a storage account blob container -can possibly cost you nothing as there is a generous free tier -can edit the code right in the azure portal using a code editor Ex. You want to execute JavaScript code that sends a maintenance email every Sunday evening Ex. A company wants to migrate scripts to Azure. They want to make use of the serverless features available in Azure. They decide to use the Azure Functions service.
Azure Management Tools
Configure and manage Azure using a broad range of tools and platforms
Azure Marketplace
Connects end users with Microsoft partners, Independent Software Vendors (ISVs), and start-ups that offer solutions and services for Azure. -Connects customers to third-party virtual machine and other offers -Azure customers, IT professionals and cloud developers can find, try, purchase, and provision Azure applications and services from certified service providers. -Includes close to 10,000 product listings. Ex. A company wants to provision a wordpress solution and host the solution on a virtual machine, Azure Marketplace could quickly deploy the required solution.
Functions
Creates infrastructure based on an event
Elasticity
Customer latency capabilities Ex. Your company hosts an accounting named App1 that is used by all the customers of the company.App1 has low usage during the first three weeks of each month and very high usage during the last week of each month.
Distributed Denial of Service (DDos)
DDoS attacks overwhelm and exhaust network resources, making apps slow or unresponsive. Azure DDoS Protection features : sanitizes unwanted network traffic, before it impacts service availability. basic service tier is automatically enabled in Azure. standard service tier adds mitigation capabilities, tuned to protect Azure Virtual Network resources. Two types DDoS provides: -Basic -Standard Basic - Azure DDoS Standard provides protection against volumetric, protocol and application layer attacks Standard - a company wants to "protect their resources against DDoS attacks and also get real time attack metrics" Ex. Use DDoS to prevent the following: There has been an attack on your public-facing website, and the application's resources have been overwhelmed and exhausted, and are now unavailable to users Ex. You need to configure an Azure solution that meets the following requirements: Secures websites from attacks Generates reports that contain details of attempted attacks IS NOT AUTOMATICALLY SET UP WHEN YOU INSTALL MICROSOFT THREAT PROTECTION
Business to Business (B2B) identity services
Manage user credentials for guests and external partners, while retaining control over internal user accounts.
Network Security Groups (NSGs)
Filters network traffic to, and from, Azure resources on Azure Virtual Networks Network security group features : set inbound and outbound rules to filter by source and destination IP address, port, and protocol. add multiple rules, as needed, within subscription limits. Azure applies default, baseline, security rules to new NSGs. override default rules with new, higher priority, rules. -free Azure security service that checks all traffic travelling over a subnet against a set of rules before allowing it in, or out Ex. You need to filter traffic between two subnets in an Azure deployment. Filtering should be based on:1. Source IP address and port number2. Destination IP address and port number3. TCP/IP protocol in use Ex. After you create a virtual machine, you need to modify the network security group (NSG) to allow connections from TCP port 8080 to the virtual machine Ex. Your company plans to deploy several web servers and several database servers to Azure. You need to recommend an Azure solution to limit the types of connections from the web servers to the database servers. Ex. A company has a virtual machine defined as demovm. The Virtual Machine was created with the standard settings. An application is installed on demovm. It now needs to be ensured that the application can be accessed over the Internet via HTTP. You modify the Network Security Groups as a solution. Ex. A company is planning on deploying a web server and database server as shown in the architecture diagram below. You have to ensure that traffic restrictions are in place so that the database server can only communicate with the web server. Modifying NSGs would allow that.
Scalability
Global reach
Initiative definitions
Group multiple policy definitions into a single unit, to track compliance at greater/ macro-level scope. For example, one initiative can monitor all of your Azure Security Center recommendations.
Azure VMs
Infrastructure as a service (IaaS) to create and use VMs in the cloud Billed by the second
Initiative Assignments
Initiative definitions that are assigned to a specific scope. Initiative assignments reduce the need to make an initiative definition for each scope.
Availability Sets/Zones
Keep applications online during maintenance or hardware failure. Comprised of Update Domains and Fault Domains a geographical grouping of Azure regions used to determine billing based on resource deployment
Application Management
Manage cloud and on-premises apps using Azure AD's Application Proxy, SSO, SaaS apps, and My Apps portal (also referred to as Access panel).
Azure Portal
Management website accessed via a web browser tool allows you to create Azure resources without using the command line -You can create an Azure support request from Azure Portal Ex. You can create an Azure support request from Azure Portal Ex. You attempt to create several managed Microsoft SQL Server instances in an Azure environment and receive a message that you must increase your Azure subscription limits. Ex. You have an Azure environment. You need to create a new Azure virtual machine from an Android laptop.
Azure Network Services
Networking on Azure allows you to connect cloud and on-premises infrastructure and services.
Unstructured Data
No designated schema or data structure. Non-relational or blob data, with no restrictions on kinds of data blobs contain. For example, a blob can hold a PDF, JPG, JSON object, or video.
Azure Compute Services
On-demand computing service for running cloud-based applications. Azure compute services features: •provides computing resources such as disks, processors, memory, networking, and operating systems. •makes resources available in minutes or seconds. •pay-per-use. •common on-demand Azure services are : (a) Virtual Machines, and (b) Containers.
Private Cloud
Owned and operated by the organization that uses cloud resources. Organizations create a cloud environment in their data center. Self-service access to compute resources provided to users within the organization. Organizations responsible for operating the services they provide. Benefit - can be rolled out to specific users
Public Cloud
Owned by cloud services or hosting provider. Provides resources and services to multiple organizations and users. Accessed via secure network connection (typically over the internet). An organization that hosts its infrastructure in a Public Cloud can decommission its data center. Ex. You want to setup a website or blog quickly is a crowd-sourcing solution that provides corporations with the ability to enhance the cloud. Ex. An organization can decommission their on-premise data center when all of their servers are in the public cloud Benefits: -Metered Pricing -Self-Service Management
Software as a Service (SaaS)
Pay-as-You-Go Centrally hosted and managed software for end users. Users connect to and use cloud-based apps over the internet. For example, Microsoft Office 365, email, and calendars. the solution that requires the least amount of management from users Personally responsible for configuration of solution Ex. Udemy, Office 365 Ex. When you are implementing a software as a service (SaaS) solution, you are responsible for configuring the SaaS solution.
Availability Zones
Physically separate locations within an Azure region. Made up of one or more datacenters, equipped with independent power, cooling, and networking. -Availability Zones are not present in all regions Ex. Two datacenters located in the same region is a high-availability offering that protects your applications and data from datacenter failures. Act as an isolation boundary. If one availability zone goes down, the other continues working. Ex. You plan to deploy several Azure virtual machines. You need to ensure that the services running on the virtual machines are available if a single data center fails. You deploy the virtual machines to two or more availability zones.
Agility
Predictive cost considerations
Fault Domains (FD)
Provide a physical separation of workloads across different hardware in a data center.
Azure Machine Learning Service
Provides a cloud-based environment used to develop, train, test, deploy, manage, and track machine learning models Does support open-source technology Ex. A company is planning on setting up a solution that would meet the following requirement, "uses past training to provide predictions that have high probability."
Azure Resource Manager (ARM)
Provides a management layer in which resource groups and all the resources within it are created, configured, managed, and deleted Resource Manager provides a common platform for deploying objects to a cloud infrastructure and for implementing consistency across the Azure environment. With Azure Resource Manager, you can: •Create, configure, manage and delete resources and resource groups •Organize resources •Control access and resources •Automate using different tools and SDKs Ex. To automate resource deployments using templates Ex. Your company has several business units. Each business unit requires 20 different Azure resources for daily operation. All the business units require the same type of Azure resources. You need to recommend a solution to automate the creation of the Azure resources. Ex. provide a common platform for deploying objects to a cloud infrastructure and for implementing consistency across the Azure environment.
Multi-Factor Authentication
Provides additional security for your identities by requiring two or more elements for full authentication. -It requires the use to possess something like their phone to read an SMS or use a mobile app. These elements fall into three categories: -Something you know: -Something you possess: -Something you are: It is not required to deploy a federated solution to implement Multi-Factor authentication
Azure DevOps Services
Provides development collaboration tools including pipelines, Git repositories, Kanban boards, and extensive automated and cloud-based load testing. Ex. Your team needs to have an integrated solution in place that can be used for the deployment of code.
Disk Storage
Provides disks for virtual machines, applications, and other services -Option of SSD and HDD is an option of Disk Storage
Application Security Groups
Provides for the grouping of servers with similar port filtering requirements, and group together servers with similar functions, such as web servers Application security group features : Allows you to reuse your security policy at scale without manual maintenance of explicit IP addresses handles the complexity of explicit IP addresses and multiple rule sets, allowing you to focus on your business logic
Cloud Model Comparison
Public cloud: No CapEx. You don't have to buy a new server to scale up. Agility. Applications can be made accessible quickly, and deprovisioned whenever needed. Consumption-based model. Organizations pay only for what they use and operate under an OpEx model. Costs are lower and spread among multiple tenants Private cloud: Control. Organizations have complete control over resources. Security. Organizations have complete control over security. Hybrid cloud: Flexibility. The most flexible scenario. With a hybrid cloud setup, an organization can determine whether to run their applications in a private cloud or in a public cloud. Compliance. Organizations maintain the ability to comply with strict security, compliance, or legal requirements as needed.
Fault tolerance
Security. the ability for a system to respond to unexpected failures or system crashes as the backup system immediately and automatically takes over with no loss of service Ex. You have an on-premises network that contains several servers. You plan to migrate all the servers to Azure. You need to recommend a solution to ensure that some of the servers are available if a single Azure data center goes offline for an extended period.
Azure Firewall
Stateful, managed, Firewall as a Service (FaaS) that grants/ denies server access based on originating IP address, to protect network resources. Azure Firewall features : applies inbound and outbound traffic filtering rules. built-in high availability. unrestricted cloud scalability. uses Azure Monitor logging. Ex. You need to filter traffic between two subnets in an Azure deployment. Filtering should be based on:1. Source IP address and port number2. Destination IP address and port number3. TCP/IP protocol in use Ex. You have an Azure environment that contains 10 virtual networks and 100 virtual machines. You need to limit the amount of inbound traffic to all the Azure virtual networks. Ex. our Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP. Solution: You modify an Azure firewall.
Azure Policy
Stay compliant with your corporate standards and service level agreements (SLAs) by using policy definitions to enforce rules and effects for your Azure resources. Ex. Recommended method for enforcement - prevent certain Azure Virtual Machine instance types from being used in a resource group Ex. Your company wants to ensure that it meets its internal compliance goals and that Azure resources are compliant with company standards. This will include ongoing evaluation for compliance and identification of non-compliant resources. You need to recommend a solution. Ex. A company policy states-that administrators must only be allowed to create additional Azure resources in a region in the country where their office is located. You need to create the Azure resource that must be used to meet the policy requirement. Azure Policy features : evaluates and identifies Azure resources that do not comply with your policies. provides built-in policy and initiative definitions, under categories such as Storage, Networking, Compute, Security Center, and Monitoring. the most efficient way to ensure a naming convention is followed across your subscription
Archive Storage
Storage facility for data that is rarely accessed Ex. Data that is stored in the Archive access tier of an Azure Storage account can be access at any time by using azcopy.exe
Azure Key Vault
Stores application secrets in a centralized cloud location, to securely control access permissions, and access logging. Use Azure Key Vault for: secrets management. key management. certificate management. storing secrets backed by hardware security modules (HSMs). Ex. You want to store certificates in Azure to centrally manage them for your services Ex. You need a security solution that helps provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates. Ex. Your company plans to automate the deployment of servers to Azure. Your manager is concerned that you may expose administrative credentials during the deployment. You need to recommend an Azure solution that encrypts the administrative credentials during the deployment. Ex. Companies should store certificates on Key Vault
Internet of Things (IoT)
The internet allows any item that's online-capable to access valuable information. This ability for devices to garner and then relay information for data analysis is referred to as the Internet of Things (IoT)
Azure compute services
Virtual Machine Services
Single Sign-On (SSO)
Users only need one ID and password to access multiple applications. Ex. helps you most easily disable an account when an employee leaves your company
Consumption-based model
Users only pay for the resources they use
DevOps
allows you to create build and release pipelines that provide continuous integration, delivery, and deployment for applications
Containers
are a virtualization environment. However, unlike virtual machines, they do not include an operating system. Containers are meant to be lightweight, and are designed to be created, scaled out, and stopped dynamically. Can be accessed over the internet by IP address or domain name, Can scale out as needed, Represents a single app and its dependencies, can run on Windows or Linux
Azure Database Services
are fully-managed PaaS database services that free up valuable time you'd otherwise spend managing your database
high availability
disaster recovery - the ability to recover from a big failure within an acceptable period of time, with an acceptable amount of data loss
Azure Active Directory (AD)
cloud-based identity and access management service. -Identity-as-a-Service -an application connects and retrieves security tokens from Azure Active Directory (Azure AD) Services provided by Azure AD include : authentication (employees sign-in to access resources) single sign-on (SSO) application management Business to Business (B2B) and Business to Customer (B2C) identity services -Identities stored in an on-premises Active Directory can be synchronized to Azure Active Directory (Azure AD) -Identity stored in Azure Ad, third-party cloud services, and on-premises AD can be used to access Azure resources -Azure has built-in authentication and authorization services that provide secure access to Azure resources -AD requires the implementation of domain controllers on azure virtual machines -AD provides authentication services for resources Ex. Your network contains an Active Directory Forest. The forest contains 5,000 user accounts. Your company plans to migrate all network resources to Azure and to decommission the on-premises data center. Sync all the AD user accounts to Azure AD. Ex. What an application connection should connect to retrieve security tokens Ex. Your network contains an Active Directory forest. The forest contains 5,000 user accounts. Your company plans to migrate all network resources to Azure and to decommission the on-premises data center. You need to recommend a solution to minimize the impact on users after the planned migration. Ex. Your Azure trial account expired last week. You can access your data stored in Azure. Ex. A company wants a way to manage identities.
Allowed Storage Account Size (Policy)
conditions and rules define acceptable sizes for new storage accounts. requests to create storage accounts outside the defined sizes are denied.
Azure compute services
container services
Allowed Locations (Policy)
defines the Azure locations where your organization can deploy resources, to enforce geographic compliance requirements. requests to deploy resources outside the defined locations are denied.
Authorization
determines an authenticated person's or service's level of access. defines which data they can access, and what they can do with it.
Content Delivery Network (PaaS)
distributed network of servers that can efficiently deliver web content to users Content includes JavaScript files, Videos, Images, PDFs, or any static file Creates infrastructure based on an event Ex. You plan to deploy a website to Azure. The website will be accessed by users worldwide and will host large video files. You need to recommend which Azure feature must be used to provide the best video playback experience. Ex. A company is planning a solution that would provide an efficient way to distribute web content to users across the world.
Load Balancer
distributes traffic evenly among each system in a pool and can help you achieve both high availability and resiliency Designed for automatic scaling of identical VMs Allows you to scale your applications and create high availability for your services. distributes traffic among similar systems, making your services more highly available. Ex. A company is looking to set up a solution that would provide the ability to distribute user traffic to a set of backed Virtual Machines.
Authentication
identifies the person or service seeking access to a resource. requests legitimate access credentials. basis for creating secure identity and access control principles. Authentication can use certificates to identify a person or service. •Adds functionalities such as: self-service user-password reset; multi-factor authentication (MFA); customized banned password lists; smart lockout services. Ex. Is the process of verifying a user's credentials.
Artificial Intelligence
in the context of cloud computing, is based around a broad range of applications, including Machine Learning, which use existing data to forecast future behaviors, outcomes, and trends. Using machine learning, computers learn without being explicitly programmed.
Serverless Computing
is a cloud-hosted execution environment that runs your code but abstracts the underlying hosting environment
Geographies
is a defined area of the world that contains at least one Azure Region. Segmentation of the market based on where people live
Azure Storage Service
is a service that you can use to store files, messages, tables, and other types of information. -Data that is copied to an Azure Storage account is maintained automatically in at least three copies -When you set up redundancy, you must choose whether it is backed up at another Azure data center
Azure Application Gateway
is a web traffic load balancer that enables you to manage traffic to your web applications Creates infrastructure based on an event Ex. A web application program interface (API) that must be load-balanced across three instances. Ex. A web application that uses path-based routing for images and videos Ex. A company deploys multiple instances of a web application across three Availability Zones. The company then configures an Azure networking product to evenly distribute service requests across the instances based on three different URLs.
Economies of Scale
is the ability to do things less expensively and more efficiently when operating at a larger scale in comparison to operating at a smaller scale. Ex. The more you buy of something, the cheaper it is. Ex. A cloud service provider's costs per subscriber are reduced as the number of subscribers to a public cloud increases.
Initiatives
is the process of managing and assigning policy definitions by grouping a set of policies into a single item Initiatives work alongside policies in Azure Policy. Is a collection of Azure policies targeted toward reaching a single overall goal
VM scale sets
let you create and manage a group of identical, load balanced VMs Designed for automatic scaling of identical VMs A virtual machine scale set automatically creates and integrates with Azure load balancer or Application Gateway A virtual machine scale set can rapidly create hundreds of identical VMs from a central configuration Ex. 1 to 1000 instances, and also provides load balancing services built in Ex. A company is planning to provide a solutoin to host and manage a group of identical Virtual Machines
Networking Layer
only permitted traffic should pass between networked resources with Network Security Group (NSG) inbound and outbound rules.
Perimeter layer
protect your networks' boundaries with Azure DDoS Protection and Azure Firewall.
Big Data
refers to large volumes of data that become increasingly hard to make sense of, or consequently make decisions about Ex. An extremely large set of data that you want to ingest and do analysis on; traditional software like SQL Server cannot handle Big Data as efficiently as specialized products
Capital Expenditure (CapEx)
spend on physical infrastructure up front, deduct the expense from your tax bill. High upfront cost, value of investment reduces over time. Con - you must wait over a period of years to depreciate that investment on your taxes
Regions
•Azure is made up of datacenters located around the globe. These datacenters are organized and made available to end users by country/region is a set of datacenters deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network. Are always paired with other regions, contain one or more data centers, specify the location of resources Transferring data between Azure Storage acocunts in different Azure regions is not free •In reference to datacenters, a region is a geographical area on the planet containing at least one—but potentially multiple —datacenters that are in close proximity and networked together with a low-latency network
Infrastructure as a Service (IaaS)
•Flexibility Build pay-as-you-go IT infrastructure by renting servers, virtual machines, storage, networks, and operating systems from a cloud provider. -cloud computing models requires the highest level of involvement in maintaining the operating system and file system by the customer -IaaS you hold the most technical responsibility -Iaas has the maximum responsibility of the customer IaaS is the category of cloud services that requires the greatest security effort on your part •Instant computing infrastructure, provisioned and managed over the internet. An Azure Virtual Machine is an example of an IaaS Exs - SQL Server in a VM, Virtual Network, Virtual Machine Scale Sets
Blob Storage
•No restrictions on the kinds of data it can hold. Blobs are highly scalable blob is in Archive storage, it is offline and cannot be read, copied, overwritten, or modified. is optimized for storing massive amounts of unstructured data Storing 1 TB of data in Blob Storage will not always cost the same. Ex. You need to create a virtual machine in Azure. Blob is used to store the data disks for the virtual machine
App services
•Platform as a service (PaaS) offering to build, deploy, and scale enterprise-grade web, mobile, and API apps -You give Azure the code and configuration, and you have no access to the underlying hardware -You cannot select the specific datacenter you want to deploy your app into. -Application availability refers to the overall time that a system is functional and working
Platform as a Service (PaaS)
•Productivity is a complete development and deployment environment in the cloud, with resources that enable organizations to deliver everything from simple cloud-based apps to sophisticated cloud-enabled enterprise applications Microsoft Excel macro is an example Provides environment for building, testing, and deploying software applications. •Helps create applications quickly, without focusing on managing underlying infrastructure. Support is provided for geographically distributed development teams. The service provider is responsible for providing business analysis tools Ex. You want to deploy your own web application quickly without taking any responsibility of Operating System, Web server or system updates. Ex. You plan to migrate a web application to Azure. The web application is accessed by external users. You need to recommend a cloud deployment solution to minimize the amount of administrative effort used to manage the web application.
Updated Domains (UD)
•Scheduled maintenance, performance or security updates are sequenced through update domains.