Studied by 8 people
Looks like no one added any tags here yet for you.
Cloud computing
the ability to choose the power and software needed to run your own program and the pc is in a datacenter and not physically with you
pay only for the services you use and someone else gets to deal with the computer
all cloud services has computer power and storage
computer power
how much processing your computer can do (can add and remove compute power)
storage
volume of data you can store on the computer (can request more storage as you need it)
shared responsibility model
responsibilities for the upkeep of the servers are shared
physical security, power, cooling and network connectivity are the responsibility of the cloud provider
consumer is responsible for data and information stored in the cloud as well as security
some things depend on the situation adn responsibility is switched
IaaS
Customer is responsible for everything except physical hosts, physical network, physical datacenter
SaaS
customer is responsible for information data, devices, accounts and identities only
PaaS
Iaas and SaaS plus shared responsibility for operating system, network controls, applications and identity and directory infrastructure
Private cloud
cloud that is used by a single entity
- greater control
greater cost
hosted from own on site data center or dedicated data center offsite
Public cloud
built, controlled and maintained by a third party cloud provider
anyone that wants to purchase cloud services can access and use resources
Hybrid cloud
uses both public and private clouds in a n inter-connected environment
MultiCloud
use multiple (two or more) public cloud providers or migrate from one provider to another
Azure Arc
set of technologies that help manage your cloud environment whether it is a public, private, hybrid cloud, or multi cloud environment
Azure VMware Solution
lets you run VMware workloads in Azure with seamless integration and scalability
CapEx
a one-time, up front expenditure to purchase or secure tangible resrouces
OpEx
spending money on services or products over time like cloud computing
consumption-based model
no upfront costs, no need to purchase and manage costly infrastructure that users might no use to its fullest potential, ability to pay for more resources when they’re needed, stop paying when not needed
high availability
focuses on ensuring maximum availability, regardless of disruptions or events that may occur
Service Level Agreement(SLA)
a formal agreement between the service provider and customer that guarantees the customer a good level of service
Scalability
is the ability to adjust resources to meet demand
vertical scaling
getting more or less processing power by adding CPUs or RAM to the virtual machine
Horizontal scaling
could increase or decrease deployed resources based on demand
Reliability
ability of a system to recover from failures and continue to function (natural disasters or catastrophic events will not affect the service)
Predictability
cost and performance are predictable
Performance predictability
focuses on predicting the resources needed to deliver a positive experience for your customer
cost predictability
focused on predicting or forecasting teh cost of teh cloud spend
governance and compliance
set templates that ensure all deployed resources meet corporate standards and gov regulatory requirements
as standards change deployed resources can be updated
security
maximum control of security —> IaaS, Pass and SaaS take care of patches and maintenance automatically
well suited to handle attacks like DDoS (Distributed denial of service)
Manageability of the cloud
managing cloud resources
autoscale
deploy resources based on template
monitor the health of resources and replace failing resources
receive automatic alerts based on configured metrics
Manageability in the cloud
how you manage cloud environment and resources
through a web portal
using a command line interface
using APIs
using PowerShell
Infrastructure as a Service (IaaS)
cloud provider: is responsible to maintaining the hardware, network connectivity and physical security
customer: operating system, installation, configuration and maintenance, network configuration, database and storage configuration
**retning hardward in a cloud data center
Platform as a Service
cloud provider: maintains the physical infrastructure, physical security, and connection to the internet. They also maintain the operating systems, middleware, development tools, and business intelligence services that make up a cloud solution.
you or the cloud provider may be responsible for networking settings and connectivity within your cloud environment, network and application security, and the directory infrastructure.
Software as a Service
customer is responsible for data, devices that connect to the system and the users that have access
cloud provider is responsible for everything else
Azure
continually expanding set of cloud services that help you meet current and future business challenges
Azure free account
free access to popular azure products for 12 months
a credit to use for the first 30 days
access to more than 25 products that are always free
Azure free student account
Free access to certain Azure services for 12 months.
A credit to use in the first 12 months.
Free access to certain software developer tools.
Microsoft learn sandbox
creates a temprorary subscription thats added to your Azure account and allows you to create azure resources during a learn module
datacenters - physical infrastructure of azure
facilities with resources arranged in racks, with dedicated power, cooling and networking infrastructure
grouped into azure regions or azure availability zones to help achieve resiliency and reliability
Regions
geographical area on the planet that contains at least one but potentially multiple data centers that are nearby and networked together with a low latency network
availability zones
physically separate datacenter within an azure region, one or more data centers and is set up to be an isolation boundary (if one goes down the other continue working)
min of three in each zone enabled regions but not all regions support
zonal services
can pick which availability zone the service is in
zone-redundant services
platform replicates automatically across multiple zones
non-regional services
services are always available from azure geographies and are resilient to one wide outages and region wide outages
region pairs
regions are paired with another region within the same geography at least 300 miles away (ex.west US paired with east US)
if azure outage occurs one region is prioritized so at least one is restored
planned azure updates are rolled out to paired regions one region at a time to minimize risk of application outage
data continues to reside within the same geography as its pair for tax and law enforcement justification
sovereign regions
instances of Azure that are isolated from teh main instance of azure (need for compliance or legal purposes)
Us government
China —> not microsoft different company
Azure resource
basic building block of Azure, anything you create, provision, deploy, can only be in one resource group
Azure Resource groups
simply groupings of resources, required to place a resource in this, can’t be nested, resources within can be moved
Azure subscriptions
allow you to logically organize your resource groups and facilitate billing
provides you with authenticated and authorized access to azure products and services
each account is required to have this
type depends on how azure account is billed
there is access management policies at each ___ level
can create seperate ____ subscriptions based on environments, organizational structures and billing
Azure management groups
organize subscription and can apply governance conditions, subscriptions will inherit this conditions
Azure Virtual Machines
provide IaaS in the form of a virtualized server adn can be used in many ways
take control over teh operating system, run custom software, custom hosting configurations
virtual machine scale sets
lets you create and manage a group of identical, load-balanced VM, customers can build large scale services
virtual machine availability sets
designed to ensure that VMS stagger updates and have varied power and network connectivity preventing you from losing all VMS with a single network or power failure
update domain
groups VMS that can be rebooted at teh same time and one will be updating at a time while the others are offline
fault domain
groups VMS by common power source and network switch
examples of using VM
during testing and development
when running applications in teh cloud
when extending your datacenter to teh cloud
during disaster recovery
VM size
purpose, number of processor cores, amount of RAM
VM storage disks
hard disk drives, solid stat drives
VM networking
virtual network, public IP address and port configuration
Virtual desktop
a desktop and application virtualization service that runs on the cloud
good for remote workers
keeps data safer as it separates users desktop
connect with any device
paas
scale up and scale down
data and apps are separates from local hardware
Azure containers
virtualization environment that you can run multiple of on a single physical or virtual house, dont manage the operating system, designed to be created, scaled out and stopped, respond to changes on demand, provides less control than a VM
Azure container instances
offer the fasted and simplest way to run a container in Azure,PaaS,upload your containers and the service will run it for you
Azure container apps
remove container management piece, PaaS, have extra benefits such as ability to incorporate load balance and scaling
Azure Kubernetes service
container orchestration service, manages teh lifecycle fo container, for deploying a lot of containers
Azure functions
event driven, server less compute option
good for when only concern is code running
used when need to perform work in response to an event, timer, or message from another azure service
only charged for CUP time when the function runs
serverless computing
cloud is taking care of server management tasks, hidden servers and focus on development concerns
no infrastructure management
scalability
only pay for what you use
Azure App Service
enables you to build and host web apps, background jobs, mobile back-ends, and restful APIS without managing infrastructure
automatic scaling and high availability
HTTP based service for web applications API apps, WebJobs, and Mobile Apps
App Service APIApps
you can build REST-based web APIs by using your choice of language and framework
You get full Swagger support and the ability to package and publish your API in Azure Marketplace.
App Service WebJobs
same context as web app,API app or mobile app but can be schedules
App Service Mobile Apps
Store mobile app data in a cloud-based SQL database.
Authenticate customers against common social providers, such as MSA, Google, Twitter, and Facebook.
Send push notifications.
Execute custom back-end logic in C# or Node.js.
Virtual Network
resources communicate with each other, users on teh internet and on-premise client computers
Isolation and segmentation
create multiple isolated networks
Internet communications
-enable connections by assigning a public IP address to an azure resource or putting the resource behind a load balancer
Communicate between Azure resources
by connecting with service endpoints that connect to other resource types
Communicate with on-premises resources
Route network traffic
route s traffic between subnets or any connected networks but route tables and BGP can control this
Filter network traffic
filter traffic between subnets using network security groups adn network virtual appliances
Connect virtual networks
link virtual networks together using virtual network peering and is private
Public endpoints
have a public IP address and can be accessed adn communicated with from anywhere is the world
Private endpoints
exist within a virtual network and have a private IP address from within the address space of that virtual network
point-to-site virtual private network connections
from a computer outside organization back into corporate network, intitiates an encrypted VPN connection to connect to azure virtual network
site-to-site virtual private networks
link on-premis VPN device or gateway to Azure VPN gateway in a virtual network
Azure expressRoute
provides a dedicate private connectivity to azure that doesn’t travel over teh internet
route tables
allow you to define rules about how traffic should be directed
border gateway protocol
works with Azure VPN gateways, Azure route server of Azure ExpressRoute to propagate on preimses ____ routes to Azure virtual networks
network security groups
contain multiple inbound and outbound security rules to allow or block traffic
network virtual appliances
are specialized VMS that can be compared to a hardened network appliance, carries out a particular function
Virtual Network Peering
allows two virtual networks to connect to each other, is private, never enters public internet, resources in each virtual network communicate with each other and can even be in separate regions
User-defined routes
allow you to control routing tables between subnets within a virtual network or between virtual networks
Virtual Private network
uses an encrypted tunnel within another network, deployed to connect two or more trusted private networks to another over an untrusted(public) network
VPN gateways
a type of virtual network gateway
Connect on-premises datacenters to virtual networks through a site-to-site connection.
Connect individual devices to virtual networks through a point-to-site connection.
Connect virtual networks to other virtual networks through a network-to-network connection.
Policy based VPN gateways
specify statically teh IP address of packets that should be encryptsd through each tunnel
Route-based gateways
IPSec tunnels are modeled as a network interface or virtual tunnel interface, IP routing decides which one of these tunnel interfaces to use when sending each packet , prefferred connection method for on-premises device
Active/Standby VPN
one VPN in active and if it is under maintenance the other one takes over
Active.Active VPN
assign unique public IP address adn create separate tunnels from on-premise device to each IP address
ExpressRoute failover
if expressRoute fails there is a VPN gateway that uses teh internet as an alternative method of connectivity
Zone-redundant gateways
for regions that support availability zones, VPN gateways adn ExpressRoute gateways can be deployed in a zone redundant configuration
ExpressRoute
exten on-premises network into microsoft cloud over a private connection with the help fo a connectivity provider
global connectivity
dynamic routing
built-in redundancy
Azure DNS
hosting service from DNS domains that provides name resolution by using Microsoft Azure Infrastructure , can host you domains and manage them using the same credentials and everything as other Azure services
Reliability and performance
Security
Ease of Use
Customizable virtual networks
Alias records
Azure blob storage
can store massive amounts of unstructured data ex, images, documents
Azure file storage
fully managed file shares, just like connecting to shares on local network
Azure disk storage
store VMS and access them similarly to how they would do it on premises
Azure table storage
NoSQL storage for key value pairs for large scale data sets for semi-structured data
Azure queue storage
provides synchronized message storage and communication between separate components
Storage tier hot
greatly used data, cost a lot
Storage tier cold
moderately or rarely used data, moderate cost
Storage tier archive
never used data, cost minimal upfront but hard to bring out
Locally redundant storage
replicated your data three times within a single data center in teh primary region; lowest cost, least durability
Note
Flashcard