AZ-900 Domain 1, 2, 3

Cloud computing

Cloud computing is the delivery of computing services over the internet

 

Benefits of Cloud Computing

Cloud is cost-effective,global, secure, scalable, elastic, and always current

Public Cloud

Everything runs on your cloud provider's hardware. Advantages include scalability, agility, PAYG, no maintenance, and low skills

Private Cloud

A cloud environment in your  own datacenter Advantages include legacy support, control, and compliance

Hybrid Cloud

Combines public and private clouds, allowing you to run your apps in the right location Advantages include flexibility in legacy, compliance, and scalability scenarios

Economies of Scale

The ability to do things more efficiently or at a lower-cost per unit when operating at a larger scale.

Capital Expenditure

Capital Expenditure (CapEx) is the spending of money on physical infrastructure up front

Operational Expenditure

Operational Expenditure (OpEx) is spending money on services or products now and being billed as you go. The Cloud increases OPEX spending and reduces CapEx spending

 Consumption- based model

 Pay for what you use, typically per unit of time or capacity (per-minute, per-GB, per-execution)

Fixed price model

You provision resources and pay for those instances whether you use them or not

Serverless Architecture

a cloud computing execution model where the cloud provider dynamically manages the allocation and provisioning of servers hosted as pay-as-you-go model based on use. Resources are stateless, servers ephemeral and often capable of being triggered.

Logic App

A cloud service that helps you schedule, automate, and orchestrate tasks, business processes, and workflows

Functions

An event driven, compute-on-demand experience that extends the existing Azure application platform with capabilities to implement code triggered by events occurring in Azure as well as on-premises systems

Event Grid

Enables you to easily manage events across many different Azure services and applications once a subscription is created, Event Grid will push events to the configured destination

Availability

Encompasses availability of the infrastructure, applications, and services

Scalability

The ability of a system to handle growth of users or work

Elasticity

The ability of a system to automatically grow and shrink based on app demand

Agility

Focuses on the speed and ease of allocating and deallocating resources

Fault Tolerance

The ability of a system to handle faults in a service like power, network, or hardware failures Generally, refers to component-level failures

High Availability

The ability to keep services up and running for long periods of time. Generally, refers to service-level Failures

Disaster Recovery

The ability to recover from an event which has taken down a cloud service. Generally. focuses on recovery in the event of a service or site failure

Reliability

The ability of a system to recover from failures and continue to function. Reliability consists of two principles: resiliency and availability.

Predictability

Azure enables solutions with predictable cost and performance

Security

Protection of custorner (access control, encryption) Protection of cloud applications  Protection of cloud infrastructure

Azure DDoS

standard tier provides enhanced DDoS mitigation features to defend against DDoS attacks. Also includes alerting, and telemetry not included in the free Basic tier present by default.

Governance

A set of rules and policies that guide an organization's cloud operations to ensure data security, manage risk, control costs, and improve efficiency

IaaS (Infrastructure as a Service)

You rent the basic computer stuff (servers, storage, networking) online instead of owning it.

PaaS (Platform as a Service)

You get a ready-to-use environment to build and run apps without worrying about setup.

SaaS (Software as a Service)

You just use the software online, no installation or setup needed.

Azure Geography

A discrete market, typically containing two or more regions, that preserves data residency and compliance boundaries

Azure Regions

A set of datacenters deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network

Azure sovereign regions

Special regions that you might need to for compliance or legal purposes: Government (Fed govt. DOD), China

Region Pairs

A relationship between 2 Azure Regions within the same geographic region for disaster recovery purposes.

Management Groups

Management  groups provide a level of above subscriptions. Each directory is given a single top-level management group called the root

Subscriptions

Subscription is a logical container used to provision resources in Azure. Logical use cases: when subscription limits are reached,  to use different payment methods,  to isolate resources between departments, projects, etc

Resource Groups

A container that holds related resources for an Azure solution. Used to group resources that share a common resource lifecycle.

Resources

An entity managed by Azure, like a virtual machine, virtual network, or storage account

Availability Zones

Unique physical locations within a region with independent power, network, and Comprised of one or more datacenters. Tolerant to datacenter failures via redundancy and isolation

Azure Datacenters

datacenters are locate  all over the world and are organized into regions. Designed to secure, reliable, and efficient, leveraging economies of scale, multi-tenant.

Azure VMS

Server virtualization (compute) on-demand without need for hardware purchase

Virtual machine scale sets

Allow you to create and manage a group of identical. load-balanced VMS. The number Of VM instances can automatically increase or decrease in response to demand or based on a schedule.

Virtual machine availability sets

Help build a more resilient, highly available environment by staggering VM updates and ensuring varied power and network connectivity

Update domains

Allows you to apply updates while only one update domain grouping will be offline at a time.

Fault domains

Groups your VMS by common power source and network switch. By default an availability set will split your VMs across up to three fault domains

Azure Virtual Desktop

A desktop and app virtualization service that runs in Microsoft Azure

Azure Container Instance (ACI)

Runs Docker containers on-demand in a serverless Azure environment. A solution for any scenario that can operate in isolated containers, without orchestration

Azure Kubernetes Services (AKS)

A hosted Kubernetes service, where Azure handles critical tasks like health monitoring and maintenance for you. You pay only for the agent nodes within your clusters, not for the masters (free tier) For a financially backed SLA, you pay a few cents per hour for cluster management

VM Resource Requirements

Virtual Disk, Virtual Network (VNET) , Network Interface (Virtual NIC) , Network Security Group, Public IP Address

App Service

An HTTP-based service for hosting web applications, REST APIs, and mobile back ends.

Virtual Network (VNET)

A logical representation of your network in Azure. VNETs provide logical isolation in Azure dedicated to your subscription. Securely extend your data center (Site-to-Site VPN) and hybrid cloud scenarios

Virtual Subnet

Segment address space of VNET to create sub-networks, allows Azure resource deployment into a specific subnet

VPN Gateway

A virtual network gateway that sends encrypted traffic between an Azure VNET and an on-premises location over the Internet

VNET Peering

Enables seamless connection of two or more Virtual Networks in Azure. The two networks function as one in terms of connectivity

ExpressRoute

Extends your on-premises networks into Azure over a private connection with the help of a connectivity provider, traffic does not traverse the public internet

Azure DNS

a hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure. Can provide internal and external DNS

Service Endpoint

Provides a way to lock down access to all instances Of a PaaS service to a VNET (accessible from public internet)

Private Endpoint

Grants access to a specific instance (resource) of a PaaS service in your VNET on a private IP address (Enables access from on prem without public endpoint)

Defense in-Depth

A layered (defense in depth) approach that does not rely on one method to completely protect an environment

Network security Group

Contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination port and protocol. Can be applied to a subnet or network adapter

Azure Firewall

A managed, cloud-based network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.

Blob Storage

Storage optimized for storing massive amounts of unstructured data

Unstructured data

Cannot be in a row-column database and does not have and associated data model

Structured data

Data contained in rows and columns such as an excel spreadsheet or relational database

File Storage

Fully managed file shares in Azure accessible via SMB (Server message block) or NFS (Network file system)

Disk Storage

Azure managed disks are block-level storage volumes that are managed by Azure and used with Azure VMS

Table Storage

A service that stores structured NoSQL data in Azure, including a schemaless key/attribute store

Queue Storage

A service for storing large numbers of messages, accessible from anywhere via authenticated HTTP or HTTPS calls

Storage tiers

Hot, cool, cold and archive

LRS (Locally redundant storage)

Copies your data synchronously three times within a single physical location in the primary region

ZRS (Zone redundant storage)

Copies your data synchronously across three Azure availability zones in the primary region

GRS (Geo-redundant storage)

Copies your data synchronously three times Within a single physical location in the using LRS. it then copies it asynchronously  to a single physical LRS location in the secondary region

GZRS (Geo-zone redundant storage)

copies your synchronously three times within the primary region using ZRS it then copies it asynchronously to a single physical location in the secondary region

Azcopy

A command line utility that you can use to copy blobs or files to or from a storage account

Azure storage explorer

A standalone app that provides a graphical interface to manage files and blobs in your azure account

Azure file sync

A tool that lets you centralize your file shares in azure files and keep the flexibility, performance and compatibility of a windows file server, Once installed on a local Windows servers, it Will automatically stay bi-directionally synced with your files in Azure.

Azure Migrate

A service that provides a simplified migration, modernization. and optimization for Azure. Includes all pre-migration steps such as discovery, assessments, and right-sizing

Azure Data Box

A cloud solution that lets you send terabytes Of data into and out Of Azure in a quick, inexpensive, and reliable fashion. Customers are shipped a proprietary Data Box Storage device

Authentication (AuthN)

Is the process of proving that you are who you say you are. (Identity)

Authorization (AuthZ)

Is the act of granting an authenticated party permission to do something. (Access)

Entra ID

Entra is Microsoft's cloud-based identity and access management

Single Sign-on (SSO)

Single sign-on means a user doesn't have to sign into every application they use (Modern authentication)

MFA ( Multi-factor authentication)

MFA in Entra ID works by requiring two or more of the following authentication methods: Something you know (pin or password), Something you have (trusted device), Something you are (biometric)

Conditional Access

Used by Entra ID to bring signals together, to make decisions, and enforce organizational policies

Azure RBAC

who has access to Azure resources, what they can do with those resources, which resources/areas they have access to

Defender for Cloud

A unified infrastructure security management system that strengthens the security posture of your cloud and on-premises data centers

Cost Impacts

Factors that can affect Azure resource costs include resource types, services, locations, ingress and egress traffic

Reducing Costs

Factors that can reduce costs include reserved instances, reserved capacity, hybrid use benefit, spot pricing

Reserved Instances

Reserve  virtual machines in advance and save up to 72 percent compared to PAYG pricing with 1-yr or 3-yr commitment

Reserved Capacity

Achieve significant savings on Azure SQL Database, Azure Cosmos DB and Azure Synapse Analytics and Azure Cache for Redis, Enables you to more easily manage costs across predictable and variable workloads and help optimize budgeting and forecasting. (includes 1-3 year options)

Hybrid Use Benefit

A licensing benefit that helps you to significantly reduce the costs of running your workloads in the cloud, Let's you use your on-premises Software Assurance-enabled Windows Server and SQL Server licenses on Azure

Spot Pricing

Applies to azure VMs only, Access unused Azure compute capacity at deep discounts—up to 90 percent compared to pay-as-you-go prices ( use for workloads that can be interrupted without harm)

Pricing Calculator

Interactive calculator that allows you to estimate the expected monthly Azure costs.

TCO Calculator ( Total cost of ownership)

A tool that helps estimate cost savings you can achieve by migrating application workloads to Azure

Azure Cost Management

A suite of tools provided by Microsoft that help you analyze, manage, and optimize costs of your workloads after deployment

Tags

A name and a value pair used to logically organize Azure resources, resource groups, and subscriptions into a logical taxonomy. Tags can be the basis for applying business policies or tracking costs, you can also enforce tagging rules with azure policies

Microsoft Purview

A unified data governance service that helps organizations manage and govern their on-premises, multi-cloud, and SaaS data. Automates data discovery by providing data scanning and classification for assets across the organization's data estate

Policy

The definition of the conditions which you want to control/govern. (what is allowed or not allowed)

Initiative

A collection of Azure policy definitions that are grouped together towards a specific goal ( a group of policies put together to achieve one goal)