Azure

Fundamentals

Cloud Computing

Service delivery model over the internet (cloud). This includes but is not limited to

  • compute power meaning servers such as windows, linux, hosting environments, etc.

  • storage like files and/or databases

  • networking in azure but also outside when connecting to your company network

  • analytics services for visualization and telemetry data

Key concepts

  • scalability is the ability to scale, so allocate and deallocate resources at any time

  • elasticity is the ability to scale dynamically

  • agility is the ability to react fast (scale quickly)

  • fault tolerance is the ability to maintain system uptime while physical and service component failures happen

  • disaster recovery is the process and design principle which allows a system to recovers from natural or human induced disasters

  • high availability is the agreed level of operational uptime for the system. It is a simple calculation of system uptime versus whole lifetime of the system.

  • availability = uptime/(uptime + downtime)


Azure Security Center

Azure security center provides the recommendations to azure advisor.

Azure Defender is a paid for version of security center that provides additional features.

Azure Key Vault

Azure Key Vault is a cloud service that provides a secure store for secrets. You can securely store keys, passwords, certificates, and other secrets. Azure key vaults may be created and managed through the Azure portal. In this quickstart, you create a key vault, then use it to store a secret.


Azure Advisor

supplies Microsoft best practice around all elements of azure.

-cost

-security

-reliability

-performance

-operation excellence

-gives the ability to remediate directly of the report

This is all free!


User define Routes UDR

Azure by default creates a internal routing table to allow resources within the same virtual network to connect to each other as well as connect to the internet.

To change that behaviour you can create a route table, each network needs to be associated with the UDR.


Azure Firewall

Provision firewall resource

Managed firewall service

Allow rules based on FQDNs

Integrates with Azure monitor for analytics


DDOS Protection

Create from Azure portal (DDOS protection plan) and select resource group

add resources to protection plan by adding virtual networks


Azure Identity management

-Azure AD

Identity

Authentication

Authorisation

MFA

Azure tools

Azure Portal - Web based portal for self-service management of azure platform

Azure-CLI - Automation module for terminal

Azure-Powershell - Automation module for terminal

Azure Cloud Shell - cloud based scripting environment

- Use BASH or Powershell

Example of creating resources. az group create / az vm create



CapEx vs OpEx

Differences between Capital Expenditure and Operational Expenditure


Capital Expenditure Operational Expenditure

Up front cost Significant None

Ongoing cost Low Based on usage

Tax Deduction Over time Same year

Early Termination No Anytime

Maintenance Significant Low

Value over time Lowers No change

Azure Storage Account

Azure files storage

-extension of on-prem files storage

-lift and shift storage

-smb protocol - shared drive protocol

-shares not containers

Blob storage (binary large object)

-unstructured data

-containers not shares

Storage tiers

-Hot - frequency access data

-Cool - Infrequently accessed data (lower availability, higher durability )

-Archive - rarely accessed storage

Azure Queue Storage

Storage for small pieces of data (messages)

Designed for scalable asynchronous processing

Azure Table Storage

semi structure data (NoSQL)

-no need for foreign joins, keys, relationships or strict schema

-designed for fact access

Azure Disk Storage

-Disk emulation in the cloud

-Persistent storage for VMs

-managed or unmanaged

Database services

Azure Cosmos DB

- has the ability to replicate across Geo-location and is global distributed

-low latency

-schema-less

-multiple APIs

-real-time

Azure SQL database

-Structured

-Rich Query capabilities

-Database as a service

-High performance, reliable, fully managed and secure

Azure SQL

-like on-prem but in the cloud

-Postgres or MySQL

-SQL on a VM

-managed or unmanaged

-

Azure Marketplace



Azure Locks

Azure Locks allow you to create locks on Subscriptions, Resource groups and Resources. It prevent important resources getting deleted!


Machine Learning

  • end to end platform for creating, managing and publishing machine learning models

  • PaaS

  • Machine learning Studio is the web portal used to development



Azure Synapse Analytics

  • Big Data analytics platform

Multi components

  • Apache spark

  • Synapse SQL

  • Synapse Pipelines

  • Studio

HD Insight

  • multi technology platform

  • open source big data tools

Azure Databricks

  • Only uses Apache spark

  • collaboration platform for data engineers and data analysts



Azure Monitoring

Helps increase performance

logs telemetry data of resources

Internet of thing (IoT)

Azure IoT Hub

  • managed service for bi-direction communicate between the cloud and IoT devices

  • used to build custom application

Azure IoT central

  • Uses templates, this helps if you don't want to build things yourself

  • no deep knowledge needed

Azure Sphere

  • secure IoT solutions

  • based on linux



Networking

Azure Region (example uk west)

Availability Zones - these are Data Centers within a region (provides Data Center resiliency )

  • Availability Set -Rack level split within a DC

Virtual Network - contained within a region (ex.10.1.0.0/16)

Subnets - these must be created from within the Virtual network range (ex.10.1.50.0/24)

vNet peering - allows a connection to other vnets, these can be with the same region or another region.

Gateway Subnet - recommendation of /27 - The gateway subnet is part of the virtual network IP address range that you specify when configuring your virtual network. It contains the IP addresses that the virtual network gateway resources and services use

Site 2 Site VPN (IPsec)- a VPN gateway is deployed using IPs from the gateway subnet, this is a managed component by Azure. (use to connect on prem)

Express Route - Dedicated connection to Microsoft backbone network. For connection you then need to create a private peering to connect to the azure vnet or a Microsoft peering to connect to PaaS services.

Security Groups

Filters inbound and outbound to and from azure resources located in a virtual network

Rules are evaluated on priority

Source / Destination

Protocol

Port

Direction

Priority

Application Security Group

Group application logically instead of using just IPs


Azure Load Balancer

ALB

Azure load balancer (Layer 4) TCP/UDP / supports inbound and outbound

Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. (Layer 7) HTTP/HTTPs

  • WAF

  • Redirection

  • Session affinity

  • URL routing

  • SSL termination

Content Delivery Network (CDN)

Global content caching and distribution to offload web applications and reduce latency

  • deliver web content to users

  • minimise latency

  • POP points of presence location (120 location around the world)


Compute Services

look at the compute decision flow

IaaS

Infrastructure as a service

  • Virtualise the hardware

  • OS, Runtime/Middle-ware, App, Data .

VMs - Virtual machine

VMSS - Virtual machine scale set - Allow you to scale out virtual machine with auto scaling

**********************************************

PaaS

Platform as a service

  • Virtualise the software

  • App, Data

Containers

ACI Azure container Instances

  • containers as a service

  • max nodes 20 !! / no auto scaling

  • ACR Azure Container Repository

AKS Azure Kubernetes Service

  • You only pay for the worker nodes

  • same as ACI but can auto scale as Kubernetes exposes everything through a load balancer

  • max nodes 100

Azure App Services

  • fully managed web hosting service for building web apps, mobile back ends and RESTful APIs

  • Web Apps and Web services

  • max nodes 100 / auto scale

Serverless computing

Logic Apps

  • Azure Logic Apps is a cloud service that helps you schedule, automate, and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations.

Functions

  • Serverless coding platform (Function as a service)

  • highly scaleable

  • Azure Functions is a cloud service available on-demand that provides all the continually-updated infrastructure and resources needed to run your applications. You focus on the pieces of code that matter most to you, and Azure Functions handles the rest. You can use Azure Functions to build web APIs, respond to database changes, process IoT streams, manage message queues, and more.

  • similar to app service but just small pieces of code / nano services

Event Grid

  • Fully managed Event routing Service

  • built-in for most of Azure services



**********************************************

SaaS

Software as a service

  • you only need to worry about configuration

DaaS

  • Enable a secure, remote desktop experience from anywhere

  • Windows 10 with the new scalable multi-session experience for your end users and save costs by using the same Windows licences. Manage your end-to-end Windows Virtual Desktop deployment alongside other Azure services within the Azure portal.


What is Windows Virtual Desktop?

Windows Virtual Desktop Real-world Demos, Pricing and ROI Numbers, Experience Shares and Guidance




Payment notes

Azure is a consumption model. You pay for what you use, e.g. VMs, Storage, IPs, etc.

You all so pay for data egress ! but you don't pay for data ingress.