Service delivery model over the internet (cloud). This includes but is not limited to
compute power meaning servers such as windows, linux, hosting environments, etc.
storage like files and/or databases
networking in azure but also outside when connecting to your company network
analytics services for visualization and telemetry data
Key concepts
scalability is the ability to scale, so allocate and deallocate resources at any time
elasticity is the ability to scale dynamically
agility is the ability to react fast (scale quickly)
fault tolerance is the ability to maintain system uptime while physical and service component failures happen
disaster recovery is the process and design principle which allows a system to recovers from natural or human induced disasters
high availability is the agreed level of operational uptime for the system. It is a simple calculation of system uptime versus whole lifetime of the system.
availability = uptime/(uptime + downtime)
Azure security center provides the recommendations to azure advisor.
Azure Defender is a paid for version of security center that provides additional features.
Azure Key Vault is a cloud service that provides a secure store for secrets. You can securely store keys, passwords, certificates, and other secrets. Azure key vaults may be created and managed through the Azure portal. In this quickstart, you create a key vault, then use it to store a secret.
supplies Microsoft best practice around all elements of azure.
-cost
-security
-reliability
-performance
-operation excellence
-gives the ability to remediate directly of the report
This is all free!
Azure by default creates a internal routing table to allow resources within the same virtual network to connect to each other as well as connect to the internet.
To change that behaviour you can create a route table, each network needs to be associated with the UDR.
Provision firewall resource
Managed firewall service
Allow rules based on FQDNs
Integrates with Azure monitor for analytics
Create from Azure portal (DDOS protection plan) and select resource group
add resources to protection plan by adding virtual networks
-Azure AD
Identity
Authentication
Authorisation
MFA
Azure Portal - Web based portal for self-service management of azure platform
Azure-CLI - Automation module for terminal
Azure-Powershell - Automation module for terminal
Azure Cloud Shell - cloud based scripting environment
- Use BASH or Powershell
Example of creating resources. az group create / az vm create
Differences between Capital Expenditure and Operational Expenditure
Capital Expenditure Operational Expenditure
Up front cost Significant None
Ongoing cost Low Based on usage
Tax Deduction Over time Same year
Early Termination No Anytime
Maintenance Significant Low
Value over time Lowers No change
-extension of on-prem files storage
-lift and shift storage
-smb protocol - shared drive protocol
-shares not containers
-unstructured data
-containers not shares
-Hot - frequency access data
-Cool - Infrequently accessed data (lower availability, higher durability )
-Archive - rarely accessed storage
Storage for small pieces of data (messages)
Designed for scalable asynchronous processing
semi structure data (NoSQL)
-no need for foreign joins, keys, relationships or strict schema
-designed for fact access
-Disk emulation in the cloud
-Persistent storage for VMs
-managed or unmanaged
- has the ability to replicate across Geo-location and is global distributed
-low latency
-schema-less
-multiple APIs
-real-time
-Structured
-Rich Query capabilities
-Database as a service
-High performance, reliable, fully managed and secure
-like on-prem but in the cloud
-Postgres or MySQL
-SQL on a VM
-managed or unmanaged
-
Azure Locks allow you to create locks on Subscriptions, Resource groups and Resources. It prevent important resources getting deleted!
end to end platform for creating, managing and publishing machine learning models
PaaS
Machine learning Studio is the web portal used to development
Big Data analytics platform
Multi components
Apache spark
Synapse SQL
Synapse Pipelines
Studio
multi technology platform
open source big data tools
Only uses Apache spark
collaboration platform for data engineers and data analysts
Helps increase performance
logs telemetry data of resources
Azure IoT Hub
managed service for bi-direction communicate between the cloud and IoT devices
used to build custom application
Azure IoT central
Uses templates, this helps if you don't want to build things yourself
no deep knowledge needed
Azure Sphere
secure IoT solutions
based on linux
Azure Region (example uk west)
Availability Zones - these are Data Centers within a region (provides Data Center resiliency )
Availability Set -Rack level split within a DC
Virtual Network - contained within a region (ex.10.1.0.0/16)
Subnets - these must be created from within the Virtual network range (ex.10.1.50.0/24)
vNet peering - allows a connection to other vnets, these can be with the same region or another region.
Gateway Subnet - recommendation of /27 - The gateway subnet is part of the virtual network IP address range that you specify when configuring your virtual network. It contains the IP addresses that the virtual network gateway resources and services use
Site 2 Site VPN (IPsec)- a VPN gateway is deployed using IPs from the gateway subnet, this is a managed component by Azure. (use to connect on prem)
Express Route - Dedicated connection to Microsoft backbone network. For connection you then need to create a private peering to connect to the azure vnet or a Microsoft peering to connect to PaaS services.
Filters inbound and outbound to and from azure resources located in a virtual network
Rules are evaluated on priority
Source / Destination
Protocol
Port
Direction
Priority
Group application logically instead of using just IPs
ALB
Azure load balancer (Layer 4) TCP/UDP / supports inbound and outbound
Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. (Layer 7) HTTP/HTTPs
WAF
Redirection
Session affinity
URL routing
SSL termination
Global content caching and distribution to offload web applications and reduce latency
deliver web content to users
minimise latency
POP points of presence location (120 location around the world)
look at the compute decision flow
Infrastructure as a service
Virtualise the hardware
OS, Runtime/Middle-ware, App, Data .
VMs - Virtual machine
VMSS - Virtual machine scale set - Allow you to scale out virtual machine with auto scaling
**********************************************
Platform as a service
Virtualise the software
App, Data
ACI Azure container Instances
containers as a service
max nodes 20 !! / no auto scaling
ACR Azure Container Repository
AKS Azure Kubernetes Service
You only pay for the worker nodes
same as ACI but can auto scale as Kubernetes exposes everything through a load balancer
max nodes 100
fully managed web hosting service for building web apps, mobile back ends and RESTful APIs
Web Apps and Web services
max nodes 100 / auto scale
Logic Apps
Azure Logic Apps is a cloud service that helps you schedule, automate, and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations.
Functions
Serverless coding platform (Function as a service)
highly scaleable
Azure Functions is a cloud service available on-demand that provides all the continually-updated infrastructure and resources needed to run your applications. You focus on the pieces of code that matter most to you, and Azure Functions handles the rest. You can use Azure Functions to build web APIs, respond to database changes, process IoT streams, manage message queues, and more.
similar to app service but just small pieces of code / nano services
Event Grid
Fully managed Event routing Service
built-in for most of Azure services
**********************************************
Software as a service
you only need to worry about configuration
Enable a secure, remote desktop experience from anywhere
Windows 10 with the new scalable multi-session experience for your end users and save costs by using the same Windows licences. Manage your end-to-end Windows Virtual Desktop deployment alongside other Azure services within the Azure portal.
What is Windows Virtual Desktop?
Windows Virtual Desktop Real-world Demos, Pricing and ROI Numbers, Experience Shares and Guidance
Azure is a consumption model. You pay for what you use, e.g. VMs, Storage, IPs, etc.
You all so pay for data egress ! but you don't pay for data ingress.