AZ-900 Flashcards

Cloud Computing

Is a model for enabling universal convenient, on-demand network access to a shared pool (e.g., networks, servers, storage, apps, and services) of configurable computing resources… that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Cloud computing expands the traditional IT offerings to include services like..

IoT, ML, AI

• Enables organizations to quickly expand their compute footprint without the need to build a datacenter.

Benefits of Cloud Computing

Cloud is a cost-effective global, secure, scalable, elastic, and always current

• Allows orgs to transfer risk, operational responsibility, and to focus on innovation.

Public Cloud

Advantages include scalability, agility, PAYG, no maintenance, and low skills.

• Used to skip building your own datacenter.

Private Cloud

A cloud environment in your own datacenter

• Advantages include legacy support, control, and compliance

• Use when you need more control

Hybrid Cloud

Combines public and private clouds, allowing you to run your apps in the right location.

• Advantages include flexibility in legacy, compliance, and scalability scenarios.

Economies of Scale

The ability to do things more efficiently or at a lower-cost per unit when operating at a larger scale.

Capital Expenditure (CapEx)

Is the spending of money on physical infrastructure up front

• Associated with legacy on-premises datacenters

Operational Expenditure (OpEx)

Is spending money on services or products now and being billed as you go

• Associated with public cloud consumption (pay-as-you-go)

• Cloud increases OpEx spending and reduces CapEx spending

Consumption-based model

Pay for what you use, typically per unit of time or capacity (per-minute, per GB, per execution)

Fixed price model

You provision resources and pay for those instances whether you use them or not

• Ensures predictable costs for your cloud services

Serverless Architecture

A cloud computing execution model where the cloud provider dynamically manages the allocation and provisioning of servers

• Hosted as a pay-as-you-go model based on use

• Resources are stateless, servers ephemeral and often capable of being triggered.

• Example: Function-as-service

How is PaaS different from Serverless

PaaS Has…

• More control over deployment environment
  Application has to be configured to auto-scale

• Application takes a while to spin up

Serverless Has

• Less control over deployment environment

• Application scales automatically

• Application code only executes when invoked

Paas and Serverless Overlap

• Devs have to write code

• No server management

Word Association: Serverless

• Logic App

• Functions

• Event Grid

Logic App (Serverless Computing Solutions)

A cloud service that helps you schedule, automate, and orchestrate tasks, business processes, and workflows.

• You can choose from a gallery of hundreds of pre-built connectors for MSFT & 3rd party services

• Is the foundation for Power Automate (MS Flow)

Functions (Serverless Computing Solutions)

An event driven, compute on demand experience that extends the existing Azure application platform with capabilities to implement code triggered by events occurring in Azure as well as on-premises systems.

• This enables billing per execution rather than by time

Event grid (Serverless Computing Solutions)

Enables you to easily manage events across many different Azure services and applications

• Once a subscription is created, Event Grid will push events to the configured destination

• Makes it easy for any developer to utilize the “push” model instead of the inefficient “pull” across their serverless architecture

• Like Azure Functions, it is ‘pay per use’

Availability (Benefits of using cloud services)

Encompasses availability of the infrastructure, applications, and services

• Generally expressed as a number of 9’s such as five nines or 99.999% availability

• Uptime and _____ are often used interchangeably. Uptime simply measures the amount of time a system is running

Scalability (Benefits of using cloud services)

The ability of a system to handle growth of users or work

• Refers to the ability of a system or service to handle more traffic (to scale)

Elasticity (Benefits of using cloud services)

The ability of a system to automatically grow and shrink based on app demand

• Focuses on the ability of a system or service to scale quickly to spikes in demand.

Rapid elasticity and scalability

Allows the customer to grow or shrink the IT footprint as necessary to meet needs without excess capacity

Elasticity vs Scalability

Elasticity. The ability of a system to automatically grow and shrink based on app demand

• Capabilities can be rapidly provisioned and de-provisioned (scale-out, scale-in)

• Additional instances quickly auto-deployed

Scalability. The ability of a system to handle growth of users or work. Ability to grow as demand increases.

Agility (Benefits of using cloud services)

Focuses on the speed and ease of allocating and deallocating resources

• This allows for vast amounts of computing resources to be provisioned in minutes

• Example: Provisioning a scale set of 10 VMs

Fault Tolerance (Benefits of using cloud services)

The ability of a system to handle faults in a service like power network, or hardware failures.

• Generally, refers to component level failures

High Availability (Benefits of using cloud services)

The ability to keep services up and running for long periods of time.

• Generally refers to service-level failures.

Disaster Recovery (Benefits of using cloud services)

The ability to recover from an event which has taken down a cloud service

• Generally, focuses on recovery in the event of a service or site failure

Reliability (Benefits of using cloud services)

The ability of a system to recover from failures and continue to function.

• Consists of two principles: resiliency and availability.

Resiliency (Reliability principle)

Aims to return an application to a fully functioning state after a failure occurs.

Availability (Reliability principle)

Goal is to provide consistent access to your application.

Predictability (Benefits of using cloud services)

Azure enables solutions with predictable cost and performance.

• The level of service and performance and the associated cost are known in advance!

Security (Benefits of using cloud services)

• Protection of customer data (access control, encryption)

• Protection of cloud applications

• Protection of cloud infrastructure

• IaaS gives the customer more control versus PaaS and SaaS but also places more security responsibility on the customer.

• All models must have built-in DDoS protection from Azure DDoS

Azure DDoS

Standard tier provides enhanced DDoS mitigation features to defend against DDoS attacks.

• Also includes logging, alerting, and telemetry not included in the free Basic tier present by default

Governance (Benefits of using cloud services)

A set of rules and policies that guide an organizations cloud operations to ensure data security, manage risk, control costs, and improve efficiency. The guidance ad guardrails that ensure we’re as secure.

• Cloud features are designed to support governance and compliance

• Deployment templates help ensure deployed resources meet corporate standards and regulatory requirements.

• Depending on the model, software, updates may be applied by the cloud provider, which helps with governance and security.

Cloud Adoption Framework

Guidance designed to help you create and implement the business and technology strategies to succeed in Azure.

• Includes governance framework based on “Five disciples of cloud governance'“

There are two aspects of the manageability of the cloud:

WHAT and HOW

Answers WHAT (Manageability of the Cloud)

• Automatically scale resource deployment based on need.

• Deploy resources based on a preconfigured template.

• Monitor the health of resoruces and automatically replace failing resources

• Receive automatic alerts based on configured metrics.

Speaks to HOW (Manageability of the Cloud)

Speaks to how you’re able to manage your cloud environment and resources:

• Through a web portal

• Using a command line interface

• Using APIs

• Using powershell

IaaS

CSP Provides building blocks, like networking, storage and compute

• CSP Manages staff, HW, and datacenter

• Example: Azure Virtual Machines, Amazon EC2, GCP Compute Engine

During testing and development (IaaS use cases)

VMs provide a quick and easy way to create different OS and application configurations

• Test and dev teams can easily deploy and then delete the VMs when they no longer need them.

When running applications in the cloud (IaaS use cases)

Can provide technical and financial benefits, as when an application might need to handle fluctuations in demand.

• Shutting down VMs when you don’t need them or quickly starting them up to meet a sudden increase in demand means that you pay only for resources you use.

During diameter recovery (IaaS use cases)

Enables significant cost savings by using an IaaS-based approach to disaster recovery

• Enables push button, automated VM spin up and shutdown in a disaster

When extending your datacenter to the cloud (IaaS use cases)

Can extend the capabilities of its own on-premises network by creating a virtual network in Azure and adding VMs to that virtual network

• Makes it easier/less expensive to deploy than on-premises

PaaS

Customer is responsible for deployment and management of apps

• CSP manages provisioning, configuration, hardware, and OS

• Examples: Azure SQL Database, API Management, Azure App Service

Development Framework (PaaS Use cases)

Provides a framework that developers can build upon to develop or customize cloud-based applications

• Lets developers create applications using built-in software components

• Cloud features such as scalability, high-availability, and multi-tenant capability are included, reducing the amount of coding that developers must do

• BOTTOM LINE: Reduces developer effort and increases solution quality

Analytics or business intelligence (PaaS Use cases)

Tools provided as a service, with PaaS allow organizations to analyze and mine their data, finding insights and patterns and predicting outcomes

• Improves forecasting, product design decisions, investment returns, and other business decisions.

• BOTTOM LINE: Simplifies data analysis and improves business outcomes.

SaaS

Customer just configures features

• CSP is responsible for management, operation, and service availability.

• Examples; Office365, Service Now, SalesForce.

Common SaaS use cases include:

• Email and messaging

• Business productivity applications

• Finance and expense tracking

• Enables companies to securely and reliably outsource a variety of functions so they can focus on revenue generation.

• Bottom Line: These are important utility functions not core to the company’s purpose

Azure geography

A discrete market, typically containing two or more regions, that preserves data residency and compliance boundaries.

Azure Regions

A set of datacenters deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network.

Azure sovereign regions

Special regions that you might need to for compliance or legal purposes: Government (Fed govt, DoD), China

• Operating by special trustees.

• Physical and logical isolation??????

Region Pairs

A relationship between 2 Azure Regions within the same geographic region for disaster recovery purposes.

Management groups

Provide a level of scope above subscriptions

• Each directory is given a single top-level management group called the “root”

• A boundary for management and application of policy

Subscriptions

• When subscription limits are reached

• To use different payment methods

• To isolate resourced between departments, projects, etc.

Resource Groups

A container that holds related resoruces for an Azure solution

• Used to group resources that share a common resource lifecycle

Resource

An entity managed by Azure, like a virtual machine, virtual network, or storage account.

Management Group (COMPARISONS)

Can be used to aggregate policy and initative assignments via Azure Policy

• Can contain multiple subscriptions

• All new subscriptions will be placed under the root management group by default.

Subscriptions (COMPARISONS)

Are a unit of management, billing, and scale within Azure.

• Serve as a management boundary for assigning Azure policies, governance, and isolation.

Resource Groups (COMPARISON)

A container that holds for resources with a common lifecycle.

Availability Zones

Unique physical locations within a region within independent power, network, and cooling.

• Comprised of one or more datacenters

• Tolerant to datacenter failures via redundancy and isolation

Azure Datacenters

Physical buildings that contain thousands of servers and other hardware to provide cloud computing services.

• Azure datacenters are located all over the world and are organized into regions.

• Designed to be secure, reliable, and efficient, leveraging economies of scale, multi-tenant.

• Consists of multiple physical buildings, redundant power, ISPs, etc.

Azure VMs

Server virtualization (compute) on-demand without need for hardware purchase.

Virtual Machine scale sets (Compare Compute types - VM Options)

Allow you to create and manage a group of VMs identical, load-balanced VMs.

• The number of VM instances can automatically increase or decrease in response to demand or based on a schedule

• Focus = scale (scalability, capacity)

Virtual machine availability sets

Helps build a more resilient, highly available environment by staggering VM updates and ensuring varied power and network connectivity.

• Focus = resiliency (availability)

Update Domains

Allows you to apply updates while knowing that only one update domain grouping will be offline at a time.

Fault Domains

Groups your VMs by common power source and network switch

• By default, an availability set will split your VMs across up to three fault domains.

Azure Virtual Desktop

A desktop and app virtualization service that runs in Microsoft Azure.

• Enable IT Pros and MSPs to create Windows 10 & 11 virtual desktops in Azure.

• If a question mentions “Virtual Desktop Infrastructure (VDI)”, Azure Virtual desktop is quite likely the answer!

Azure Container Instance (ACI)

Runs docker containers on-demand in a managed, serverless Azure environment

• A solution for any scenario that can operate in isolated containers, without orchestration.

Azure Kubernetes Services (AKS)

A hosted Kubernetes service, where Azure handles critical tasks like health monitoring and maintenance for you.

• You pay only for the agent nodes within your clusters, not for the masters (free tier)

• For financially backed SLA, you pay a few cents per hour for cluster management

VM resource requirements

• Virtual Disk

• Virtual Network (VNET)

• Network Interface (Virtual NIC)

• Network Security Group

• Public IP Address

App Hosting Options

An HTTP-based for hosting web applications, REST APIs, and mobile back ends.

Type of app service styles include

• Web apps

• API apps

• Web jobs

• Mobile apps

Virtual Network (VNET)

A logical representation of your network in Azure, and provides logical isolation in Azure dedicated to your subscription.

• Create a dedicated private cloud only network

• Securely extend our data center (Site-to-Site VPN)

• Enable hybrid cloud scenarios.
  VMs in different VNETS cannot communicate by default!

• Contains one or more subnets

Virtual Subnet

• Segment adddress space of VNET to create sub-networks

• Allows Azure resource deployment into a specific subnet

• Can affect outbound access and routing between different resources.

• VMs in different subnets within a VNET can communicate by default

VPN Gateway

A virtual network gateway that sends encrypted traffic between an Azure VNET and an on-premises location over the Internet

• Site-to-site VPN traffic traverses the Internet

• Core component of “hybrid cloud”

VNET Peering

• Enables seamless connection of two or more Virtual Networks in Azure

• The two networks function as one in terms of connectivity

• Remember different VNETS cannot communicate by default!

ExpressRoute

Extends your on-premises networks into Azure over a private connection with the help of a connectivity provider

• Traffic does NOT traverse the Internet

Azure DNS

A hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure.

• Can provide internal and external DNS

Service Endpoint

Provides a way to lock down access to all instances of a PaaS service to a VNET

• Accessible from public internet

Private Endpoint

Grants access to a specific instance (resource) of a PaaS service in your VNET on a private IP address.

• Enables access from on premises without public endpoint

Defense in-depth

A layered approach that does not rely on one method to completely protect your environment.

Network Security Group

Contains security rules that allow or deny inbound network traffic to, or outbound network traffic from several types of Azure resources.

• For each rule, you can specify source, and destination port, and protocol.

• Can be applied to a subnet or network adapter.

Azure Firewall

A managed, cloud-based network security service that protects your Azure Virtual Network resources.

• It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.

Blob Storage

Storage optimized for storing massive amounts of unstructured data

Unstructured (Data Types)

Data that cannot be contained in a row-column database and does not have an associated data model

• Images, video files, social media posts.

Structured

Data contained in rows and columns such as an Excel spreadsheet or relational database

• Excel, MSSQL, MYSQL

File Storage

Fully managed file shares in Azure accessible via SMB or NFS

Disk Storage

Are block-level storage volumes that are managed by Azure and used with Azure VMs.

Table Storage

A service that stores structured NoSQL data in Azure, cinlduing a schemaless key/attribute store

Queue Storage

A service for storing large numbers of messages, accessible from anywhere via authenticated HTTP or HTTPS calls

Storage Tiers

Azure storage hot, cool, cold, and archive access tiers to store blob object data in a cost-effective manner

• Use lifecycle management policies to automate tiers.

Archive (Storage Tiers)

An offline tier optimized for storing data that is rarely accessed, and that has flexible latency requirements, on the order of hours.

• Lowest storage costs, but high access costs.

• Should be stored min of 180 days

Cold (Storage Tiers)

An online tier optimized for storing data that is rarely accessed or modified, but still requires fast retrieval.

• Lower storage costs and higher access costs compared to Cool

• Should be stored min of 90 days

Cool (Storage Tiers)

An online tier optimized for storing data that is infrequently accessed or modified.

• Lower storage costs and higher access costs compared to Hot.

• Should be stored min of 30 days

Hot (Storage Tiers)

An online tier optimized for storing data that is accessed or modified frequently.

• Highest storage costs, but the lowest access costs

Locally Redundant Storage (LRS)

Copies your data synchronously three times within a single physical location in the primary region.

Zone Redundant Storage (ZRS)

Copies your data synchronously across three Azure availabiluty zones in the primary region.

With LRS and ZRS

redundancy is limited to the primary region only!

Geo-Redundant Storage (GRS)

Copies your data synchronously three times within a single physical location in the primary region using LRS

• It then copies it as asynchronously to a single physical location in the secondary region. 3 copies using LRS.

Geo-Zone Redundant Storage (GZRS)

Copies your data synchronously three times within the primary region using ZRS.

• It then copies it asynchronously to a single physical location in the secondary region.

• Recommended by MSFT for apps requiring high availability

With GRS and GZRS

redundancy is extended to the secondary region!