Azure AZ-900

Study set for Azure AZ-900 test

Key Characteristics of Cloud Computing

* Resource pooling
* Elasticity
* Pay per use
* Automation

CapEx vs. OpEx

* CapEx refers to upfront investments in hardware and infrastructure
* OpEx refers to ongoing costs associated with running workloads in the cloud

IaaS

Cloud computing model where virtualized computing resources, storage, and networking services are provided over the internet, allowing users to create and manage virtual machines without having to purchase and manage physical hardware

PaaS

Cloud computing model that provides a complete development and deployment environment for building and deploying apps, allowing users to focus on app development without worrying about the underlying infrastructure, operating systems, or networking infrastructure.

SaaS

Cloud computing model that provides software applications over the internet as a service, allowing users to access and use the applications without having to install or manage any hardware or software infrastructure.

Shared Responsibility Model

* On premises: Customer responsible for everything
* IaaS: Customer responsible for OS, patches, frameworks, apps and data; Cloud responsible for physical space, power/cooling/internet, hardware
* PaaS: Customer responsible for app and data; Cloud responsible for everything in IaaS and OS, patches, frameworks and runtime
* SaaS: Customer only responsible for data associated with app; Cloud responsible for everything in PaaS and application

Public Cloud

* Cloud deployment model well-suited for organizations that want to host their apps or services on a shared infrastructure that is accessible over the internet
* Use cases: hosting web apps, running apps that require high availability and scalability, storing/processing data that doesn’t have strict compliance requirements

Private Cloud

* Cloud deployment model best-suited for organizations that need to maintain control over their data and infrastructure
* Use cases: hosting apps that have strict compliance requirements, storing/processing sensitive data, creating a dedicated environment for development and testing

Hybrid Cloud

* Cloud deployment model suitable for organizations that want to leverage benefits of both public and private cloud deployment models
* Use cases: hosting apps that need on-premises and cloud-based resources, supporting disaster recovery or business continuity, scaling up or down while maintaining control over sensitive data or apps

Consumption-based Model

Pricing model where users only pay for the amount of Azure resources that they use, with no upfront costs or long-term commitments. This allows users to scale up or down based on their needs, and provides a flexible and cost-effective way to use Azure services.

Benefits of high availability and scalability in the cloud

* increased uptime and and availability of apps and services
* reduced risk of data loss or corruption
* ability to handle sudden increases in demand without impacting performance
* cost savings by only paying for resources used

Benefits of reliability and predictability in the cloud

* improved uptime
* faster disaster recovery
* better performance
* predictable costs
* improved security

Benefits of security and governance in the cloud

* greater visibility and control over data and system access
* more efficient compliance
* enhanced protection against cyber threats
* reduced risk of data loss

Benefits of manageability in the cloud

* simplified and centralized IT management
* reduced admin burden
* better resource utilization
* enhanced automation

IaaS

* provides virtualized computing resources over the internet
* users have full control over the OS, apps, and configurations of their VMs
* IaaS providers are responsible for the underlying physical infrastructure
* users pay for IaaS on a pay-as-you-go or subscription basis
* scalable and flexible

PaaS

* provides a platform for building, deploying, and managing apps over the internet
* offers preconfigured computing environments
* providers handle underlying infrastructure, like servers, storage, and networking
* users have control over the apps they develop
* example is azure app services

SaaS

* allows users to access software apps over the internet
* benefits include lower costs, increased scalability, easier maintenance
* examples include CRM software, email services, project management tools

Fixed Price Model

* allows customers to pay a fixed, upfront cost for a specific amount of Azure service usage over a set period of time
* best suited for customers with predictable, steady usage who want to avoid the unpredictability of Pay-as-you-go

Consumption Model

* allows customers to only pay for the services they use, on a per-second basis
* best suited for customers with fluctuating or unpredictable usage patterns who want to optimize costs

Azure Regions

* physical locations around the world with Microsoft data cetners
* made of one or more data centers
* region is AZ-enabled when there are 3 or more AZs

Azure Region Pairs

* two Azure regions within the same geography that are set up for data replication and high availability
* primary and secondary region at least 300 miles apart
* secondary region is failover for the primary

Azure Sovereign Regions

* specialized regions of the Azure cloud that are designed for governments
* physically and logically isolated from the rest of the Azure cloud
* currently 2: Azure Government for the US and Azure China
* provide secure and compliant cloud services to customers with specialized needs

Availability Zones

* physically separate data centers within an Azure region
* made of one or mode data centers
* apps and services can be deployed over multiple availability zones
* provide protection against data center-level failure

Azure Data Centers

* physical locations where the cloud operates

Resources

* building blocks of Azure services
* represents a piece of infrastructure or a service
* has it’s own properties, config settings, and access control policies
* billed based on usage

Resource Groups

* logical containers that hold related Azure resources

Azure Subscriptions

* logical container that holds the resources created by a user or organization in Auzre
* used to manage billing, access control, and resource limits
* each subscription is associated with a billing account

Azure Management Groups

* provide a way to manage access, policies, and compliance across multiple subscriptions
* allow users to organize subscriptions into hierarchies
* can be used to apply policies, monitor compliance, and control access at scale across multiple subscriptions

Hierarchy of Resource groups, subscriptions, and management groups

* multiple resource groups can be in a subscription
* multiple subscriptions can be in a management group

VM vs Containers vs Functions

* VM is a type of OS virtualization that runs an entire guest OS system on top of a host OS
* VMs have their own set of virtualized hardware resources
* VMs can be isolated from each other and they can run different OS and apps

\
* Containers are a type of OS virtualization that allows multiple isolated apps to run on a single host OS
* Unlike VMs, containers share the same OS kernal as the host, but they have their own file system and network stack
* Containers are lightweight

\
* functions are small pieces of code that run in response to an event or trigger
* ideal for short-lived and event-driven apps
* serverless and automatically scale to meet demand

VM Scale Sets

* allow for deployment and management of a set of identical VMs
* number of VMs can be automatically adjusted based on demand or custom metrics
* provide high availability and can be used for load balancing and autoscaling

VM Availability Sets

* logical grouping of VMs that help you ensure high availability of your apps
* distributes VMs across multiple physical hardware
* VMs in same availability set are placed in different fault domains and update domains
* fault domain: group of hardware where a single failure affects only one group
* update domain: group of hardware that can be updated or restarted at the same time

Azure Virtual Desktop

* cloud-based virtual desktop infrastructure that allows users to access remote desktops and apps from anywhere on any device
* provides a virtualized environment for desktop management and deployment

Resources Required for VMs

* Processor
* Memory
* Storage
* Network

Azure App Service

* PaaS offering that allows developers to build and deploy web and mobile apps easily
* auto scaling and load balancing
* support for multiple programming languages and frameworks

Azure Kubernetes Service (AKS)

* open-source container orchestration platform
* PaaS
* highly scalable and customizable
* designed for high scale container deployments

Virtual Network

* VNet is a foundational building block for networking
* enables secure and isolated communications between Azure resources and on-premises networks
* can be segmented into subnets
* allows you to define IP address ranges and configure routing tables and gateways
* can connect VNets together, or to on-prem networks using VNet peering or VPN gateways

VPN Gateway

* allows connecting VNets to on-prem networks using site-to-site VPN or point-to-site VPN connections
* supports active-active and active-passive modes for high availability
* supports both policy-based and route-based VPN configurations

Azure Load Balancer

* distributes incoming traffic among healthy instances of services defined in a backend pool
* for TCP, UDP or both
* both inbound and outbound traffic
* layer 4 (transport layer)

Application Gateway

* web traffic load balancer that allows you to manage and optimize the delivery of web traffic to your web apps
* SSL offloading, cookie-based session affinity, URL-based routing, and end-to-end SSL encryption
* can easily scale your apps and apply firewall and application security policies
* layer 7 (application layer)

Content Delivery Network

* network of distributed servers that caches content closer to end-uses for faster delivery
* can be used to deliver various types of content, including web pages, images, videos, and apps
* can provide real-time analytics and monitoring to help optimize content delivery

Azure ExpressRoute

* dedicated private connection between an on-premises data center azure datacenters
* provides faster speeds, lower latencies and more consistent conecction
* offers better security, reliability and privacy
* allows for hybrid cloud
* allows customers to bypass public internet

Azure DNS

* hosting service for DNS domains
* provides name resolution
* can be used to host domains and perform DNS resolution
* provides high availability and low latency

Public vs Private Endpoints

* public endpoints are used to access services over the internet and have a public IP address

\
* private endpoints are used to access services over a private network
* provide more secure way to access services by keeping traffic off the public internet
* can create a direct connection between VNet and the desired service
* useful in scenarios where you need to keep traffic in your private network for security compliance

Azure Blob Storage

* BLOB: binary large object
* unstructured data files
* 3 storage tiers
* hot - frequently accessed data
* cool - infrequently accessed data
* archive - rarely accessed data

Azure Queue Storage

* storage for small pieces of data (messages)
* designed for decoupling and asynchronous processing of applications

Azure Table Storage

* semi-structured data
* NoSQL
* designed for fast access
* many programming interfaces and SDKs

Azure File Storage

* similar to Blob
* different in the way that you access the data
* via shared drive protocols
* designed to extend on-premises file shares or implement lift-and-shift scenarios

Azure Storage Account

* group of services: blob, queue, table, and file storage
* used to store files, messages, and semi-structured ata
* highly scalable
* highly durable
* cheapest per GB storage

Azure Disk Storage

* disk emulation in the cloud
* persistent storage for VMs
* different sizes, types (HDD, SSD), performance tiers
* disks can be unmanaged or managed
* unmanaged - not managed by cloud provider
* managed - microsoft manages everything

Storage Redundancy in the Primary region

* Locally redundant storage (LRS) copies your data synchronously three times within a single physical location in the primary region
* Zone-redundant storage (ZRS) copies your data synchronously across three Azure availability zones in the primary region

Storage Redundancy in a secondary region

* Geo-redundant storage (GRS) does LRS, then copies data synchronously to the secondary region, then does LRS in the secondary region
* Geo-zone-redundant storage (GZRS) does ZRS, then copies to another region and does ZRS there
* data in the secondary region isn’t available for read or write access unless there’s a failover to the primary region
* can configure read access with read-access geo-redundant store (RA-GRS) or read-access geo-zone-redundant storage (RA-GZRS)

AzCopy

* command-line tool used for copying data to and from Azure blob storage, Azure files, and Amazon S3

Azure Storage Explorer

* free, cross-platform tool used for managing and working with Azure storage accounts
* provides a GUI for managing storage accounts
* allows for easy uploading and downloading of data to and from storage accounts

Azure File Sync

* hybrid cloud storage solution that enables organizations to synchronize on-premises file servers with Azure Files

Azure Migrate

* service used for assessing and migrating on-premises servers, databases, and apps to the cloud
* centralized hub for assessing and discovering on-premises environments for migration to azure

Azure Data Box

* a physical data transfer solution for moving large volumes of data to azure

Azure AD

* cloud-based IAM service
* provides SSO and MFA
* enables user and group management
* synchronize with on-prem AD through AD connect

Azure AD DS

* managed domain services solution build on Azure AD
* simplifies hybrid identity management with sync to Azure AD

Azure AD B2B

* facilitate collaboration with external organizations
* local authorization for local tenant resources

Azure AD B2C

* support consumers using public-facing applications at scale
* self-service for user account lifecycle management

Azure AD Conditional Access

* analyzes signals, makes a decision, performs enforcements
* various parameters are checked (user, location, group, device, app, real-time risk)
* allows access, allows after additional steps, or blocks access

Azure Role-Based Access Control

* provides smart authorization for Azure resources
* granular and fine-grained access control mechanism
* security principle, role definition, and a scope
* role assignments attach role definitions to security principles
* use built-in roles or create your own custom roles

Zero Trust Approach

* 3 guiding principles
* verify explicitly
* least privilege
* assume breach

Defence in Depth

* a layered security strategy to protect data and resources in Azure
* ensures no single point of failure and improves resilience against attacks
* follows the principle of least privilege and zero trust

Microsoft Defender for Cloud

* unified security management and advanced threat protection service for Azure resources
* formerly known as Azure Security Center
* provides continuous security assessments, monitoring, and recommendations
* offers JIT VM access, Adaptive Application Controls, and File Integrity Monitoring
* integrates with Azure Sentinel for security info and event management
* available in free and standard tiers

Factors Affecting Cost

* resource type
* service tiers
* region
* storage and data transfer
* compute resources
* reserved instances
* azure cost management

Azure Pricing Calculator vs Total Cost of Ownership Calculator

* Azure pricing calculator estimates the cost of azure services based on selected resources, tiers, and usage
* allows customization of configurations
* useful for comparing different azure services and configs

\
* TCO calculator compares the cost of running workloads on-premises vs in Azure
* considers factors like hardware, software, IT labor, and datacenter costs
* helps identify potential cost savings with Azure adoption

Azure Cost Management and Billing Tool

* suite of tools to monitor, allocate, and optimize cloud costs in Azure
* provides cost analysis, budgets, alerts, and recommendations
* granular tracking with resource tags and cost allocation

Azure Blueprints

* service for automating the creation, deployment, and updating of Azure environments
* combines Azure Resource Manager (ARM) templates, RBAC, and policies
* enforces consistent architecture, compliance, and security across resources
* allows versioning and tracking of blueprint changes
* supports both subscription and management group levels
* facilitates IaC practices

Azure Policy

* a service to enforce organizational standards and assess compliance at scale
* uses policy definitions to describes rules and effects for resources
* can audit, deny, or modify resources to comply with policies
* supports built-in and custom policy definitions
* integrates with azure blueprints for consistent infrastructure deployment
* allows policy assignments at management group, subscription, or resource group level

Resource Locks

* a feature to prevent accidental modification or deletion of critical resources
* two lock levels
* ReadOnly: allows read actions but prevents write and delete actions
* CanNotDelete: allows read and write actions but prevents delete actions
* applies to individual resources or entire resource groups
* bypassable only by users with specific access (Owner or User Access Administrator)

Azure Service Trust Portal

* a one-stop resource for Azure security, privacy, and compliance information
* provides access to reports, whitepapers, and assessments
* offers information on:
* compliance certifications and attestations
* security best practices and resources
* data protection and privacy policies
* auditing and monitoring tools
* helps customers understand and manage risk in the cloud

Azure Portal

* a web-based, unified console for managing and monitoring Azure resources
* provides a user-friendly, customizable interface with a dashboard and various blades
* offers tools for creating, configuring, and deploying resources
* supports RBAC for granular permissions management
* includes features like Cloud Shell, Cost Management, and Azure Advisor

Azure Cloud Shell

* a browser-based, interactive shell for managing Azure resources
* provides a pre-configured environment with common tools
* accessible directly from Azure Portal or standalone
* supports both Bash and PowerShell environments
* includes a persistent, per-user storage mounted as Azure Files share
* enables scripting, automation, and IaC

Azure CLI

* a cross-platform command-line tool for managing Azure resources
* supports Windows, macOS, and Linux environments
* simplifies complex tasks with concise, easy-to-read commands
* organized in groups and subgroups based on resource types (e.g., `az vm, az storage)`
* integrates with Azure Cloud Shell for browser-based access
* can be used in scripts, automation, and IaC

Azure PowerShell

* a set of PowerShell cmdlets for managing and automating Azure resources
* supports Windows, macOS, and Linux environments
* enables scripting, automation, and IaC with PowerShell syntax
* organized in modules based on resource types (e.g., AzCompute, AzStorage)
* integrates with Azure Cloud Shell for browser-based access
* complements Azure CLI for users familiar with PowerShell scripting

Azure Arc

* a service for extending Azure management and governance to multi-cloud, on-premises, and edge environments
* simplifies hybrid and multi-cloud management with a single control plane
* enables deployment of Azure data services and Kubernetes clusters on any infrastructure
* offers Azure Policy and Azure Security Center integration for consistent policies and security
* supports Azure Arc-enabled servers, Kubernetes, and data services
* Facilitates application modernization and cloud-native deployment outside of Azure

Azure Resource Manager

* a service for deploying, managing, and monitoring resources in Azure
* organizes resources into resource groups
* provides ARM templates for IaC
* supports RBAC
* enables tagging

Azure advisor

* a personalized guidance service for optimizing Azure resources
* analyzes resource configs and usage to provide best practice recommendations
* covers four areas: cost, security, reliability, and operational excellence
* helps improve performance, reduce costs, and strengthen security posture
* offers actionable, context-aware suggestions based on Azure usage patterns
* integrated within Azure Portal for easy access

Azure Service Health

* a monitoring service for the health and status of Azure resources
* provides personalized alerts and guidance for issues impacting your resources
* offers 3 types of health info
* Azure Status: global view of service incidents
* Service Health: personalized view of incidents and maintenance events
* Resource Health: detailed status of individual resources
* supports customizable alerts and integration with IT Service Management tools
* accessible through Azure Portal, REST API, and PowerShell

Azure Monitor

* a comprehensive monitoring service for Azure resources and apps
* collects and analyzes performance and diagnostic data from various sources
* application logs, platform logs, metrics, and activity logs
* offers insights into app performance, infrastructure health, and user behavior
* provides features like Log Analysics, Application Insights, and Alerts
* supports integration with third-party tools and Azure Sentinel for SIEM
* enables proactive issue detection, troubleshooting, and resolution

Azure Log Analytics

* feature of Azure monitor for collecting, storing, and analyzing log data
* supports log data from Azure resources, on-prem systems, and other clouds
* offers powerful querying and visualization capabilities with Kusto Query Language (KQL)
* integrates with Azure Monitor Workbooks for custom dashboards and reports
* provides pre-built solutions for specific services
* enables long-term retention and advanced analytics for troubleshooting and trend analysis

Azure Monitor Alerts

* feature of Azure Monitor for creating and managing alert rules based on metrics or logs
* proactively notifies when specified conditions are met or thresholds are breached
* supports various actions like sending emails, invoking Azure Functions, or creating incidents in ITSM tools
* enables faster detection and resolution of performance, availability, or security issues
* offers customizable severity levels, alert suppression, and auto-mitigation

Application Insights

* feature of Azure Monitor for monitoring and diagnosing app performance and issues
* supports web apps, services, and background components on various platforms
* collects telemetry data, including custom events, exceptions, requests, and dependencies
* offers powerful analytics, diagnostics, and visualization tools for app insights
* integrates with Azure DevOps, Visual Studio, and GitHub