Studied by 10 people
Looks like no one added any tags here yet for you.
IaaS (Infrastructure as a Service):
Most flexible category of cloud service, provide maximum amount of control over resource, but Provider is responsible for hardware, physical security, and network connectivity
On-Premises
Cloud Provider manages nothing, you manage everything from (infrastructure, platform, and software)
PaaS (Platform as a Service)
Providers maintain hardware, physical security, and network connectivity. Also OS, development, and databases.
SaaS (Software as a Service)
Renting / using a full developed application. Most Responsibility on Provider, and least flexible
Public Cloud
Everything is built on the Cloud Provider. Pay-as-you-go, low control over resource/security, no capital expenditure to scale up, application can be quickly set up/removed
Private cloud
Everything is built on company’s data center. Complete control over resource/security, data no collocated with other’s data, hardware cost, responsible for maintenances/upgrade
Hybrid
Mix of On-Premises, Private Cloud, and Third Party with public cloud services (combine provider and your own data center)
Most flexibility, determine where to run their applications, control security, compliance or legal requirements
Capital Expenditure (CAPEX)
Spending Money upfront on Physical Infrastructure, deducting that expense from your tax bill over time. Gues Upfront
Operational Expenditure (OPEX)
Cost associated with an on-premises datacenter that has shifted to the cost to the service provider. Customer deal with non-physical costs
High Availability
Ability for your service to remain available by ensuring there is NO SINGLE POINT OF FAILURE
High Scalability
ability to increase your capability based on the increasing demand of traffic, memory, and computing power allocate and dallocate resource at any time)
High Elasticity
ability to automatically increase or decrease your capacity based on current demand of traffic, memory, and computing powe
Highly fault Tolerant
ability for your service to ensure there is no single point of failure. Preventing the chance of failure
Fail-overs
when you have a plan to shift traffic to a redundant system in case the primary system fails
High Durability
ability to recover from a disaster and prevent the loss of data
Disaster recovery (DR)
is the process and design principle which allows a system to recovers from natural or human induced disasters
Agility
is the ability to react fast (scale quickly)
fault tolerance
is the ability to maintain system uptime while physical and service component failures happen
Vertical scaling up
Upgrade to bigger servers. Bigger hard-drives, more CPU/RAM, etc, Better hardware
Horizontal scaling out
adding more server, adding more hardware of similar capacity
Reliability
Ability of a system to recover from failure and continue to function:
Predictability
focused on performance predictability or cost predictability
Cost
cost predictability is focused on predicting or forecasting the cost of the cloud spend
Governance
designed to support governance and compliance
Deploy resource like set template help ensure that deployed resource meet corporate standard and government requirements
Security
Security: cloud solution that matches security needs
Manageability
Management of cloud: managing cloud resources, Management in the Cloud: manage your cloud environment and resource
Consumption-Based Models
Pricing Model used in the cloud so that customer are only charged based on their resource usage (pay for what you use) Characteristic:
No associated upfront cost
No wasted resources
Pay for what you need
Stop paying when you don’t
Better cost prediction
Price monitoring and service are provided
Data Center
physical infrastructure that is a hosting for a group of networked servers
Has it own power cooling, and networking infrastructure
Availability Zone:
Regional feature which contains grouping of physically separated facilities of data centers.
Physically separate Datacenter that are grouped within the same Regions
Made up of 1 or more datacenter equipped with independent power, cooling, and networking
Designed to protect from data center failures and if one zone goes down other will keep on working (High Availability) does this with isolation boundary
Three service categories:
Regions
Geographical area on a planet, where one but usually more data centers connected with low-latency network (multiple datacenters)
The locations for your services
Sovereign Regions
specialized cloud regions that designed to meet specific data residency and compliance requirement of certain countries or regions
Geography
discreetly market of two or more regions that preserves data residency and compliance boundaries
Region Pairs
Each region is paired with another region in the same geography in order to prevent a disaster from happening
Pairs are static and based within the same geography
Each region is paired another region 300 miles away (ensure one region is always up when one region goes down)
Azure Resources:
basic building block Azure and anything you create, provision, deploy,etc is a resource
Objects used to manage service in Azure, when someone buys a service they use a resource
Azure Resource Groups
logical container for resources deployed on Azure.
Grouping of resources, when you create a resource, you need to put inside resource group
Azure Subscriptions
Units of management, billing, and scale. Allow you to logically organize resource group and facilitate billing
To use Azure require Subscription and allow for authorized access to product/services
Azure Management Groups
organize subscription into container and apply governance conditions at a level above subscription
Manages access, policies, and compliance across multiple subscription
Hierarchy
Resources -> Resources Groups -> Subscriptions -> Management Groups (on top)
Azure Virtual desktop
a type of VM that is desktop and application virtualization that run on the cloud (create virtualization environment)
Enable user to use cloud-hosted version of window from anywhere
Virtual Machines:
Virtualized servers that provide infrastructure as a service (IaaS) in the cloud (software emulation of physical computer)
Infrastructure as a Service (IaaS) (you have to configuration and maintenance it)
Total control over OS, software, and hosting configurations
Flexibility without having to buy/maintain hardware
Virtual Machine Scale Sets
Allows creation and management of a group of identical, load-balanced VMs.
Automate work such as configuring the VMs identically, network routing parameter, and monitoring utilization
Can run any application/scenario
web apps & web services,
databases,
desktop applications,
jumpboxes,
gateways, etc.
Virtual Machine Availability Set
feature that enhance the resilience and high availability of your VMs by ensuring they are not all affect by a single point of failure
Ensure that VMs are protected by distributing VMs across difference update and fault domains
Containers:
lightweight virtualization environment that involves running multiple isolated application on single physical or virtual host that does not require a OS
Major Difference: NO OS across different containers:
Key character:
host’s operation system
Azure Container Instance
Platform as a Service (PaaS) and allow you to upload your containers quickly without managing Vms (developer works on for it you)
Runs a container or pod of container in Azure
Simplest and fastest way to run a container in Azure
Azure Container Apps
Builds on Container Instance with additional features like load balancing and scaling capabilities and increased elasticity
Support multiple programming language and containers
Azure Kubernetes Services (AKS)
Container orchestration service for managing containerized application at scale such as distributed architecture and large volumes of containers
Highly scalable and customizable
Designed for high scale container deployments
Azure Functions (serverless):
a PaaS event-driven that support serverless compute option that doesn’t require maintaining virtual machine or containers
Event-based code runs when called without requiring server infrastructure during inactive period
In 2 states: stateless or stateful
Stateless: behave if they’re restarted every time they respond
Stateful: a context is passed to function to track prior activity
Serverless computing:
taking care of server manage issues and workload by the providers
STILL USE SERVER, responsibility is on Providers (abstract the way you manage server underneath)
Benefits:
No Infrastructure Management: just run your application without server issues
Scalability: application will run away due to scaling
Azure App Service
Fully managed platform that enable users to build, deploy, and scale API in any programming language without managing infrastructure
Automatic scaling and high availability
Robust hosting options
Works with .NEt, .NEt Core, Mode.js, Java, or php
Azure Virtual Networking
enable Azure Resources (Vms, web apps, databases) to communicate with each other, user on internet, and on-premises client computers
On-premises networking functionality and connect cloud and on-premises
Support Public and private endpoint communication between external or internal resource with other internal resources
Designed for isolation + segmentation, commmunication, filtering, and ruting between between resource.
VNet Peering:
Connect two virtual networks directly to each other, allowing resource in different VNets to communicate as if they were on the same network
SubNets
Subdivision/segmentation of an Azure Vnet used for allocation of addresses and network filtering through creating multiple isolated virtual networks.
Public Endpoint:
public IP address and can be accessed from anywhere in the world
Accessible from anywhere on the internet
Private endpoint:
exist within a virtual network and have private IP address from within the address space of that virtual network
Accessible only from within your network
VPN gateways
type of network gateway that are deployed to end encrypted traffic between an Azure Vnet and on-premises location over public internet
Used to connect on-premises to Azure traffic over public internet or cross-regional communication of Azure Vnets
Azure ExpressRoute
extend your on-premises networks into Microsoft cloud over a private connection, with help of a provider.
Provide a dedicated private connection to Azure cloud that doesn’t travel over internet (useful where you need greater bandwidth or high-level security)
DOESN’T TRAVEL OVER PUBLIC INTERNET
Azure DNS
: hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure
Azure Storage account
provide a unique namespace for Storage data that is accessible from anywhere in the world. Data in this account is secure, highly available, durable, and massively scalable
Blob Storage:
Store solution used to stores very large files/unstructured files
Ex: text or binary data
Designed for storage of files of any kind (BLOB- Binary Large OBject file)
Ideal for: serving images to browser, storing file, streaming, backup, disaster recovery, and archiving
Hot
frequently accessed data
Cool:
infrequently accessed data for last 30 days(lower availability, high durability)
Cold
infrequently accessed data for last 90 days
Archive
rarely (if-ever) accessed data
Queue Storage
service for storing large numbers of messages, and once stored access message from world-wide and used to create a backlog of work to process asynchronously.
Storage for small pieces of data (messages)
Table Storage
storage for semi-structured data (NoSQL)
No need for foreign join, foreign key, relationship, or strict schema
File Storage
managed file shares in the cloud that are accessible via industry standard server message block (SMB) or Network file system protocols (NFS)
Same as BLOB expect, we use SMB sharing, shares, and files
SMB or NFS to access
Azure Disk Storage
block-level storage volume managed by Azure for use with Azure VMs, application, and their service.
Provision the disk, and azure does that rest
Locally Redundant Storage (LRS):
Replicate data 3 times within a single data center in primary region
1 single datacenter in primary region
Provides at least 11 nines of durability (99.999999999%)
Lowest cost/least durability, protect against driver failure, but data center get destroyed rip Data
Zone-redundant Storage (ZRS)
Replicate data synchronously across 3 azure availability zone in primary region
3 availability zone in primary region
Provides at least 12 nines of durability (99.9999999999%
Geo-redundant storage (GRS)
replicate data synchronously 3 times within a single physical location in the primary region using LRS then use region pair to copy data to secondary region
Single datacenter in primary and secondary region
Provides at least 16 nines of durability
GZRS
combine ZRS with protection from regional outage provided by GRS
3 availability zone in primary and 1 single data center in secondary region
Provides at least 16 nines of durability
Replicate data 3 time in primary region + 3 availability zones + replicated to secondary geographic region
Maximum consistency, durability, and availability, etc for disaster recovery
Azure Migrate:
is a service that help you migrate from an on-premises environment to the cloud
Provides: Unified migration platform, Range of tool, and assessment & migration
Azure Data Box:
physical migration service that help transfer large amount of data in quick, inexpensive ,and reliable way
Store up to 80 terabytes of data and does physical moving
Various Cases:
Move your disaster recovery backups to Azure (disaster recovery)
Protect data in rugged case during transit via a regional carrier (Security requirements)
AzCopy:
command-line utility used to copy blobs or files to or form your storage account
Upload file, download file, copy file between storage account
One-direction synchronization (designated the source and destination into that single direction)
Azure Storage Explorer:
stand alone application that provides graphic user interface to manage files and blobs in your Azure Storage Account
Works on OS such as Window, MacOS, and Linux
Use AzCopy to handle file operations such as (upload/download Azure or move between storage accounts
Azure File Sync
tool that centralize on-premises files with Azure file in a bidirectional manner
Cloud tiering keep frequently access file local while freeing up space
Microsoft Entra ID:
directory service that enable user to sign in and access both Microsoft cloud applications and your own cloud applications (Microsoft azure’s cloud-based identity and access management service )
Use cloud-based identity to access service with full control
Help maintain on-premises Active Directory deployment
Microsoft Entra Domain Services:
service that provides managed domain services, such as domain join, group policy, and lightweight directory access protocol, and Kerberos/NTLM authentication
Eliminates the need to deploy, manage, and patch domain controllers in the cloud
Authentication
process of establishing the identity of a person, service, or device
Require the person, service, or device to provide some type of credential to prove who they are
Authorization
Determines an authenticated person’s or service level of access
Define which data they can access, what they can do with it
Single sign-on (SSO):
enable a user to sign in 1 time, and use the credential to access multiple resources and applications from different providers.
Multi-Factor authentication
process of prompting a user for an extra form of identification during the sign-in process
3 Categories for providing additional identification for Multi-factor
Something the user knows (challenge question)
Something the user has (code sent to phone)
Something the user is (fingerprint or face)
Passwordless authentication
when a password is removed and replaced with something you have, something you, something you know
External identity
person,device, service that is outside your organization
Business to Business (b2) collaboration
collaborate with external users by letting them use their preferred identity to sign-in to your app.
Business to other business
B2B Direct Connect
External users have access to your resource from within their home instance.
Establish mutual two-way trust with other Microsoft Entra organization with team shared channels
Microsoft Azure Active Directory Business to Customer (B2C):
publish modern SaaS app or custom-developed app to consumer and customer, while using Azure Ad B2C for identity and access management
Conditional Access:
tool that Microsoft Entra ID uses to allow/deny access to resources based on identity signals
Used by azure active directory to bring signals together, to make decision, and enforce organization policies
Deny, challenge, or access
Azure Role-based access Control (RBAC):
Service that provides built-in roles that describe common access rules for cloud resources.
Fine grained access management (want to give user least amount of access, just enough for their roles)
Segregate duties within the team and grant only the amount of access the user that they need to perform their job
Authorization system built on Azure Resource Manager (ARM)
Zero Trust Model
security that assume the worst case scenario and protect resource with that expectation
Assume breach and verifies each request/every user if it originate from outside
Based on: verify explicitly, use least privilege access, and assume breach
Defense-in-depth-Model
strategy use a series of mechanism to slow the advance of an attack that aims at acquiring unauthorized access to data
Layered approach to securing computer system / protect central data
Each layer provide protection, so if 1 is breached, another will be ready since each layer is isolated
The layers: physical security (protect hardware), identity & access (protect control/infrastructure), perimeter(DDOS protection/firewalls), network(limit communication between resources), compute(secure access to VMs), application(apps are secure), data (protect business/customer data)
Microsoft Defender for Cloud:
monitoring service that provides threat protection across both Azure and on-premises datacenters.
Monitors cloud, on-premises, hybrid, etc environments with Native protection
Detect and block malware
Protect azure, and non azure servers.
Azure Marketplace:
allows customers to find, try, purchase, and provision application and service from hundred of leading service providers, which are all certified to run on Azure
Open-source container platforms
Application build/deployment software
VM’s, database, and developer tools
Pricing Calculator:
tool that helps you estimate the cost of Azure products. The options that you can configure in the Pricing calculator vary product, but basic configuration options include:
Region
Tier
Billing options
Support options
Program/offers
Azure dev/test pricing
Estimate the cost of any provisioned resource and account for different storage options
Total Cost of Ownership Calculator:
A tool estimate cost saving you can realize by migrating to Azure by comparing the cost of on-premises infrastructure compared to an Azure cloud infrastructure
Microsoft cost Management:
provide the ability to quickly check Azure resource cost, create alert based on resource spend, and create budget used to automate management of resources
Tags:
provide metadata for your Azure resources
Applicable for resources, resource groups and subscriptions
Logically organize resources into a taxonomy
Consist of a name-value pair
Very useful for rolling up billing information
Used for management, security, optimization, and compliance
Microsoft Purview
family of data governance, risk, and compliance solutions that help users get a single unified view into your data. Bring insight about your on-premises, multi-cloud, and software-as-a-service data together
Microsoft Policy:
service in Azure that helps enforce organizational standards and to access compliance at-scale. Provide governance and resource consistency with regulatory compliance, security, cost, and management
Resource Lock
prevent resource from being accidentally deleted or changed
can be applied to individual resources, resource group, or even an entire subscription
