Azure Fundamentals (AZ900) certification preparation – short notes-V

We are into our 5th post in the Azure fundamentals certification preparation notes series. If you haven’t already gone thru the previous posts, please have a look before starting here.

You can see this video to know how can you register for the Azure training and to get a certificaiton voucher without any payment.

[ Disclaimer : This is not a complete training material for the certification. This is just random (short) notes which we captured from course curricula, which will help the readers for their final revision/rewind before appearing for the exam. We do not offer any guarantee in passing the exam with this content ]

Few more things from the AZ900 curricula in continuation to the previous posts,

Monitoring and reporting
Azure Monitor : helps in monitoring how your applications are performing. This also helps in increasing the availability by identifying any failures proactively.
Data sources include Application monitoring data, guest-os monitoring data, Azure resource monitoring data, Azure subscription monitoring data, Azure tenant monitoring data.

Read more

-application insights : service for monitoring applications (availability, performance and usage)
-Azure Monitor for containers : service for monitoring the container workloads.
-Azure Monitor for VMs : A service which monitors and analyses the performance and health.
——————- advertisements ——————-

———————————————————

Azure Service Health :
– Azure status : About (service) outages in Azure.
– Azure service health : Service status and regions in Azure.
– Azure resource health : Health of the individual resources (VMs etc…)

Azure advisor :
– A dashboard giving recommendations on the subscriptions in 5 categories (HA,Security,Performance,Cost,Operational Excellence)
Account and Pricing
Azure SLA : SLA for support (uptime and Connectivity), mentioned in Percentage(%)
Service Credits : Penalty (maybe reduction in Bill) given to customers if Azure miss SLAs.
Composite SLA : A combined SLA for the service/product considering the underlying component SLAs.

——————- advertisements ——————-

———————————————————

TCO calculator : An online tool to estimate the savings in migrating to Azure. Gives detailed report.
Azure marketplace : Lists third-party apps and services available for purchase for Azure
Azure Support plans : 2:59:24 (video) or 1111 screenshot
Azure licensing : Using the existing windows/SQL purchased for on-prem in Azure. Azure HuB(Hybrid Use Benefit). BYoL – Bring your own license.
Azure subscriptions : Just your account.
– Free subscription : Free $200 credit for 30 days. Some things are free for 12 months
– Pay as you go : Charged at month-end based on usage.
– Enterprise
– Student : Free $100 credit for 12 months

Azure Pricing calculator : A tool for the pricing calculation.
Azure cost management : Gives detailed view on the spending.
That’s it from the series here. For the complete series click here .
Hope this series helped you in your certification journey. Please feel free to share your feedback/suggestions in the comments section.

Azure Fundamentals (AZ900) certification preparation – short notes-IV

Thanks for reading our first, second and third posts in this series. Let’s get into the 4th post of the series Azure Fundamentals (AZ900) certification preparation short notes.

The intention of this series is to help your preparation for the AZ900 certification, or for your revision before taking the exam.

[ Disclaimer : This is not a complete training material for the certification. This is just random (short) notes which we captured from course curricula, which will help the readers for their final revision/rewind before appearing for the exam. We do not offer any guarantee in passing the exam with this content ]

So, let’s get into the contents…

IoT Services
IoT Central – Connects your IoT devices to cloud
IoT Hub – Secure communication between the IoT apps and their managed devices
IoT Edge – allows processing and analysis of IoT devices data. A service built on Azure IoT Hub.
Windows 10 IoT Core Services – A cloud services subscription

Read more

——————- advertisements ——————-

———————————————————

Bigdata services

Azure Synapse analytics (SQL datawarehouse -formerly) : intended to run SQL queries against large DBs.
HDInsight : Run Open-sourced analytics software such as Hadoop,Kafka and Spark
Azure databricks : An apache Spark-based for Azure. Third-part databricks services within Azure.
DataLake analytics : Large storage for Raw data for bigdata. Analytics and reporting

AI/ML services
Azure Meachine learning service : Service for simplifying and running AI/ML related workflows in Azure. Python,R or Deep Learning workloads such as TensorFlow
Azure machine learning studio : Older service for AI/ML workloads
——————- advertisements ——————-

———————————————————

AI Services
Personalizer : personlized experience for every user.
Translator : real-time multi-language translator
Anomaly detector : detect anomalies in data and troubleshoot
Azure bot service : serverless bot service on-demand
Form recognizer : auto extraction of key/value, text, table etc.. from data
Computer vision : Content analysis from images
Language understanding : natural language understanding for apps,chat bots etc…
QnA maker : QnA bot. helps to create a question-answer structure over the data
Text analysis : helps in sentiment analysis. identifying names, phrases etc…
Content moderator : helps to detect potentially offensive content
Face : helps to identify the people and the emotions from images etc…
Ink recognizer : digital ink recognizer, such as handwriting, shapes etc…

Serverless services
Functions : serverless compute. No need to provision/manage any servers.
Azure blob storage : blob storage service
Logic apps : allows you to build serverless workflows composed of Azure functions, building a state machine for serverless compute
Event grid : Pub/sub type. Allowing to react to events and trigger other services like Functions

Visual studio code : code editor
——————- advertisements ——————-

———————————————————

Regulation and compliance
Azure trust center : Online portal where we can check the security and regulatory compliance info (example GDPR – General Data protection Regulation)
Azure security compliance programs (2:16:30) :
– CJIS (Criminal Justice Information Services) – has to be compliant to access FBI’s CJIS Database
– Cloud Security Alliance (Star Certification) – Third party
– GDPR – European law, against anyone (org) collects and analyzes data tied to EU residents
– EU Model clause – transfers of data outside of EU.
– HIPPA (Health insurance portability and accountability act) – patient protected health info.
– ISO 27018 – processing of personal info by cloud service providers

Azure Active Directory
AD comes in four flavors
free – MFA, SSO, and basic security settings
Office 365 Apps – company branding, two-sync between on-prem and cloud
Premium 1 – Hybrid architecture,
Premium 2 – identity protection and identity governance.

Azure security Center : Infrastructure security management system – A UI with lots of options.
Azure key vault : Stores and manages tokens/keys etc…
– Secret management – keys,tokens,certificates etc…
– Key management – Encryption key creation and management
– Certificate management – manages SSL certificates
– HSM – Keys and secrets managed by FIPS compliant Hardware-Security-Module (FIPS 140-2 compliance for multi-tenant and FIPS 140-3 for single tenant)

——————- advertisements ——————-

———————————————————

Protection
Azure DDoS Protection : basic protection is always on and is free. Advanced version is paid and has more features including reporting, Expert support, SLAs.
Azure firewall : Network protection. High availability built-in no load balancers required.
Azure information protection : in our outlook. Protects sensitive data by encryption,restricted access etc…
RBAC (role-based ac)
– Security principal : identities requesting access to an azure resource.
— User, group, Service principal (a security identity used to access azure resources),Managed identity (an identity in Azure AD managed by Azure)- Scope : Defines a scope of a role. Controls at Management,subscription or resource group level.
– Role definition : Set of roles. R/W/Delete etc..

Lock Resources : Locking to avoid unexpected deletion etc… CanNotDelete(Delete), Read-Only are types of locks.
Management groups : Adding subscriptions (accounts) to a management group will have all the permissions on it. Accounts under “Finance” group will have permissions required for that team/group/dept (example)
That’s it for part-4. You can find the next section in this series here. For the complete series click here .

Azure Fundamentals (AZ900) certification preparation – short notes-III

In continuation to our previous 2 posts, here is the third post in the Azure fundamentals certification preparation series. As mentioned in our first post, we recommend you to read the complete documentation from the Microsoft Docs page.

We recommend you to go thru the first post and the second post before starting with this post.

[ Disclaimer : This is not a complete training material for the certification. This is just random (short) notes which we captured from course curricula, which will help the readers for their final revision/rewind before appearing for the exam. We do not offer any guarantee in passing the exam with this content ]

So, here’s are the part-3 contents.

App integration services
Azure notifications hub : Pub/send – send push notifications to any platform from any backend
Azure API Apps : API Gateway- for building and consuming the APIs in cloud.Route APIs to Azure services
Azure Service Bus : Service Bus – A reliable MaaS (Messaging-as-a-S) and simple hybrid integration
Azure Stream analytics : Serverless Real-time analytics, from cloud to edge
Azure Logic Apps : Schedule,Automate and Orchestrate tasks, business processes and workflows. Ent Saas and Ent apps integration
Azure API Management : Hybrid, Multi-cloud. Put in front of existing APIs to add additional functionality.
Azure Queue storage : Messaging queue – data store for queuing an delivering messages between apps.

Read more

——————- advertisements ——————-

———————————————————

Dev and Mobile tools
Azure SignalR service : Easily adding real-time web functionality to apps. Kind of PUSHER for Azure
Azure App Service : Easy to use service for deploying web apps using .net,node.js, Java, Python, pHP. No need to worry about underlying infra. like HEROKU
Visual Studio : IDE designed for creating apps for Azure. Not visual studio code on laptops.
Xamarin : Mobile-App Framework – Create mobile apps with .Net and Azure.

Azure DevOps services
Azure boards : Similar to Kanban boards. Faster delivery using agile tools (to plan, track and discuss work across teams)
Azure pipelines : CI/CD (contin Integration/Cont Delivery) pipelines (build,test and deploy) with GitHub or any other Git provider
Azure Repos : Unlimited Cloud hosted Private Git Repos for developement
Azure Test plans : Extraordinary testing tools for Test and ship
Azure Artifacts :
Azure DevTest Labs : Easy way to create devtest environments for your devtest requirements

ARM (Azure Resource Manager) : Is an example of IaC (Infrastrucre as Code). Allows programmatically create Azure resources via JSON template.
Azure Quickstart Templates : A library of pre-made ARM templates. Community driven.
——————- advertisements ——————-

———————————————————

Networking services
vNet and Subnet : You have to have a vNet, a broader network CIDR range and that is divided into multiple subnets (private and public for example).
vNet can be 10.0.0.0/16 and 2 subnets can be 10.0.1.0/24 and 10.0.10.0/24 for example
Cloud-Native networking services : Azure DNS, vNet, Azure Load balancer (Transport layer), Azure application load balancer (web apps), Network security groups (firewall)
Enterprise/Hybrid networking service :
Azure Front door : Secure entry point for fast delivery of your global apps
Azure Express route : A superfast connection between on-prem and Azure (50Mbps to 10Gbps)
Virtual WAN : Single operation interface which brings many networking, security and routing functionalities together
Azure Connection : A VPN connecting 2 azure local networks
Virtual Network Gateway : Site to Site VPN between Azure and Local network

Azure Traffic Manager : routing the incoming traffic based on the parameters set.
Weighted, Performance, Priority, Geographic,Mutlivalue, Subnet etc… To which server instance the application request should go.
Azure DNS : allows to create and manage the DNS records (does not allow purchasing the domain names). We can create A record, C-name, SOA, NS record etc…
Azure Load balancer : Operates at transport layer. Can be public facing network or internal network.
Scale Set : allows a group of identical VMs to be added or removed automatically.
More details in the next post. You can find the next section in this series here. For the complete series click here .

Azure Fundamentals (AZ900) certification preparation – short notes-II

Second post from our Azure Fundamentals (AZ900) certification preparation notes. If you haven’t gone through the first post in this series, you can find it here.

This series intents to helps those who are preparing for the AZ900 certification, so that you don’t have to go through the complete documentation. This also helps in your revision if you have already prepared for your exam.

[ Disclaimer : This is not a complete training material for the certification. This is just random (short) notes which we captured from course curricula, which will help the readers for their final revision/rewind before appearing for the exam. We do not offer any guarantee in passing the exam with this content ]

So, let’s get into the contents in this section.

Azure Regions, AZs, Geography and Datacenters

AZ – one ore more DCs. Better practice is to have workload running in 3 AZs for HA. 99.99% SLA
Availability Set : Ensures that the resources are in different racks in same DC. 99.95% SLA

Read more

Fault domain : Grouping of hardware considering to avoid single point of failure
Update domain : Grouping of hardware considering to avoid single point of failure during software update
Region – AZ – Geography (is the data residency and compliance boundary – data will be within the country boundary), a geography will have minimum 2 regions at a far physical distance
Recommended Region : broadest service capabilities. Supports AZs.
Alternate (other) Region : A region within the data residency boundary (Geography) having recommended region as well. Not designed to support AZs.
——————- advertisements ——————-

———————————————————

Special Regions : for legal and compliance requirements basically for governments. China and US are having a few special regions (US DoD Central, US Gov Virginia, US Gov Iowa, China East etc…) .
Three categories of services
Foundational : Once the service is GA, it will be immediately (or in 12 months) be available in all (recommended and Alternate) regions
Mainstream : Once the service is GA, it will be immediately (or in 12 months) be available in recommended regions. Available in Alternate regions based on customer request
Specialized : Available in any region as per customer request.
Compute services
Azure VMs : Most common type of Compute service. Choose your own OS and hardware requirements. Underlying hardware will be shared with other customers.
Azure container service : Docker as a service. Run containers without having any servers or VMs.
Azure Kubernetes Service (AKS) : K8s as a service. to deploy,manage scale cotinerized apps. Open source K8 software.
Azure Service Fabric : Tier-1 Enterprise container as a service. Distributed systems platform. On Azure or On-premises.
– Easy to package, deploy and manage scalable and reliable microservices (A Cont service or AKS instance maybe)
Azure functions : serverless compute. No need to provision/manage any servers.
Azure batch : plans,schedules and executes batch computer workloads.

——————- advertisements ——————-

———————————————————

Storage Services
Azure Blob storage : Object storage
Azure Disk storage : Block storage
Azure File storage : NAS
Azure Queue storage: Messaging queue for apps (SNS in AWS)
Azure Table storage: NoSQL database table storage
Azure databox/databox heavy : For moving TB/PBs of storage. Snowball example
Azure Archive storage: Cheap long-term cold storage. (Glacier example)
Azure datalake storage: Centralized repo for all structured/unstructured data at any scale (bigdata)

Database services
Azure Cosmos DB : Fully managed NoSQL DB
Azure SQL DB : Fully managed MS SQL DB
Azure DB for MySQL/PSQL/MariaDB : Fully managed MySQL,PostgreSQL,MariaDB scalable and high available.
SQL server on VMs : MS SQL engine on VMs. Lift-n-shift MS SQL servers from on-prem to cloud
Azure synapse analytics (Azure SQL data warehouse) : fully managed data warehouse on cloud. security and scale
Azure DB migration service : to migrate your DB to cloud without any changes.
Azure cache for Redis : (Open-source) Redis caching for your DBs for performance.
Azure table storage : Wide column NoSQL DB – A NoSQL store that hosts unstructured data independant of schemas

More details in the next section. You can find the next section in this series here. Click here for the complete series.

Azure Fundamentals (AZ900) certification preparation – short notes-I

Azure certifications are of high industry demand right now and Azure Fundamentals (AZ-900) is the right starting point for the certifications. You can see here how you can get a free Azure training and an exam voucher you can use for the certification.

In these series of posts, we are sharing a certification preparation notes for you. Instead of going thru the detailed content over internet, you can refer these short notes in your exam preparation.

[ Disclaimer : This is not a complete training material for the certification. This is just random (short) notes which we captured from course curricula, which will help the readers for their final revision/rewind before appearing for the exam. We do not offer any guarantee in passing the exam with this content ]

We recommend referring to the Microsoft Docs page for the detailed notes.

Types of compute

Read more

Virtual machines : Emulating a computer system without having dedicated hardware. It can run the guest operating system on shared hardware. Consumers can deploy multiple virtual machines on the physical hardware as they need (depending on the hardware limitation also).
——————- advertisements ——————-

———————————————————

containers : containers serves the execution environments for applications without a guest operating system. A container will have the application and all the dependencies packaged in it. example : Docker
serverless computing : Lets you to build and run applications without worrying about the underlying server/host.Cloud provider runs the server for you.
Cloud computing benefits
Cost-effective : Consumer doesn’t have to pay for and maintain the hardware and infrastructure for their needs. Cloud provider allows a pay-as-you-go pricing.
Scalable : Lets the consumer scale their environment (both scaling up and scaling out) as per the demand
Elastic : Based on the needs, the cloud can automatically allocate more resources and can be de-allocated automatically once the requirement is completed.
Global : You can provision your resources in any region across the globe, totally redundant.
Reliable : reliability via redundancy, backups and disaster recovery solutions all inbuilt.
Secure : Physical (to the physical infrastrucure) and digital (relevent authentication for data access) security assured.
CapEx and OpEx
CapEx : all the expenditures in (initially) setting up the environment. Upfront expense.
examples include the Server, Storage, Networking, DataCenter infrastructure and Technical resources expense etc…
Benefits : Fixed expense and consumer can plan the budget.
——————- advertisements ——————-

———————————————————

OpEx : With Cloud Computing the consumers has to worry about on the operation expenses (the billing for the infra and services) which involves limited upfront payment.
Benefits : You do not have to pay full amount upfront.
Cloud deployment models
Private Cloud : Cloud environment within your data center. Complete control on the hardware/physical infrastructure and the physical security.
Public Cloud : Hardware is being managed completely by the cloud provider and the consumers use the required infra and services.
Hybrid Cloud : A combined model of private and public cloud models, adding the benefits of both the models to the consumer.
——————- advertisements ——————-

———————————————————

Types of cloud services
IaaS (Infrastructure as a Service) : A computing infrastructure for the consumer without having hardware with them. Consumer has the maximum control of the infra in this model compared to the other services.
PaaS (Platform as a Service) – For running/testing an application on the required platform without worrying about the infrastructure.
SaaS (Software as a Service) – Consumer can avail the software services from cloud without being concerned about the infra and the platform running it. Office365 is an example.

Hope this section will help you in your certification journey. You can find the next section in this series here. For the complete series click here.

Azure cloud provisioning using Ansible

                Automating the IT Infrastructure is today’s one of major focus of all organizations. This reduces the cost and human workloads. When you make a plan to automating your infrastructure, it should start with provisioning of the resources, this makes managing the resources very easy. Many businesses have adopted cloud computing in their operations in the past years because of its flexibility and high sociability features. When you integrate the cloud infrastructure with today’s open source DevOps tools available in the market, this makes your daily life easier to handling huge environments.

I would rather suggest to go with Ansible as the configuration management tool because of its simplicity and straight forward operation features. This came in market late, but gained solid footing and adopted by many DevOps professionals because of its unique features. Ansible offers huge number of modules for managing the cloud operations for all major cloud providers like Azure AWS and GCP.

The Ansible playbooks which I refer below will help you to provisioning cloud resources in Azure environment, which create a Window VM and configure the VM to connect with Ansible host for any post provision activities, The playbook will perform the following tasks.

Read more

  1. Create the resource groups and Network infrastructure
  2. Provisioning of windows VMs
  3. Adding the new host to dynamic inventory for any post provision activities
  4. Enabling the PowerShell execution policy to connect to WinRM
  5. Installing a Firefox package using ansible on the newly created VM
The playbook contains 3 roles which will create Network infrastructure, provision a windows VMs and install the Firefox package on it.
——————- advertisements ——————-
———————————————————-
Let’s go through the main playbook first which includes 3 roles First 2 will run against the localhost which creates the Network infrastructure and Virtual machine respectively. As you can see the third role which install the Firefox package is running against a host group azure_vms which will be created dynamically after provisioning the server

Now let’s go through the first role common which creates the resource group and network infrastructure.

 

- name: Create a resource group
   azure_rm_resourcegroup:      
     name: "{{ rg_name }}"      
     location: "{{ location }}"      
     state: present 

- name: Create a virtual network   
  azure_rm_virtualnetwork:      
    name: "{{ vitual_network }}"      
    resource_group: "{{ rg_name }}"      
    address_prefixes_cidr:         
      - "{{ CIDR }}" 
- name: Create network windows base_security groups   
  azure_rm_securitygroup:     
    resource_group: "{{ rg_name }}"     
    name: windows_base     
    purge_rules: yes     
    rules:        
     - name: 'AllowRDP'          
       protocol: Tcp          
       source_address_prefix: 0.0.0.0/0          
       destination_port_range: 3389          
       access: Allow          
       priority: 100          
       direction: Inbound        
     - name: 'AllowWinRM'          
       protocol: Tcp          
       source_address_prefix: 0.0.0.0/0          
       destination_port_range: 5986          
       priority: 102          
       direction: Inbound        
     - name: 'DenyAll'          
       protocol: Tcp          
       source_address_prefix: 0.0.0.0/0          
       destination_port_range: 0-65535          
       priority: 103          
       direction: Inbound

- name: Create a Subnet and adding the windows_base security group in to it
  azure_rm_subnet:
    name: "{{ subnet }}"
    virtual_network_name: "{{ vitual_network }}"
    resource_group: "{{ rg_name }}"
    address_prefix_cidr: "{{ subnet_CIDR }}"
    security_group_name: windows_base 

——————- advertisements ——————-
———————————————————-

Here it’s creating a Resource group, virtual network and a security group which allow incoming RDP and WinRM traffics. You can either add the security group to the NIC card or to the subnet where we create the Virtual machine. Azure will create a NIC card and allocate to the VM in default if you are not giving any custom NIC cards while provisioning. Here I am not creating any custom NIC cards for the server instead attaching the security group with the subnet.

Let’s go through the second role which creates the Virtual machine.


- name: Create a VM    
  azure_rm_virtualmachine:      
    os_type: Windows      
    resource_group: "{{ rg_name }}"      
    virtual_network_name: "{{ virtual_network_name }}"      
    name: "{{ vm_name }}"      
    admin_username: "{{ admin_user }}"      
    admin_password: "{{ admin_passwd }}"      
    vm_size: Standard_F2s_v2      
    image:         
      offer: WindowsServer         
      publisher: MicrosoftWindowsServer         
      sku: '2016-Datacenter'         
      version: latest    
  register: output  

- name: Add new instance to the host group    
  add_host:       
    hostname: "{{ vm_name }}"       
    ansible_host: "{{ azure_vm.properties.networkProfile.networkInterfaces[0].properties.ipConfigurations[0]. properties.publicIPAddress.properties.ipAddress }}"       
    ansible_user: "{{ admin_user }}"       
    ansible_password: "{{ admin_passwd }}"       
    ansible_connection: winrm       
    ansible_port: 5986       
    ansible_winrm_server_cert_validation: ignore       
    ansible_winrm_transport: ssl 
    groupname: azure_vms    
  with_items: output.instances   

- name: create Azure vm extension to enable HTTPS WinRM listener     
  azure_rm_virtualmachine_extension:        
    name: winrm-extension        
    resource_group: "{{ rg_name }}"        
    virtual_machine_name: "{{ vm_name }}"        
    publisher: Microsoft.Compute        
    virtual_machine_extension_type: CustomScriptExtension        
    type_handler_version: 1.9        
    settings: '{"commandToExecute": "powershell.exe -ExecutionPolicy ByPass -   EncodedCommand {{winrm_enable_script}}"}'        
    auto_upgrade_minor_version: true     
  with_items: output.instances   

- name: wait for the WinRM port to come online     
  wait_for:        
    port: 5986        
    host: '{{azure_vm.properties.networkProfile.networkInterfaces[0].properties.ipConfigurations[ 0].properties.publicIPAddress.properties.ipAddress}}'        
    timeout: 600     
  with_items: output.instances
——————- advertisements ——————-
———————————————————-
As you can see in the second task in the role, the newly created server will be added to a host group azure_vms using the ansible add_host module. The third and 4 th task will enable HTTPS WinRM listener for ansible communication.

The third and final role in the playbook will install a Firefox browser in the newly provisioned VM using the ansible win_chocolatey module.

 - name: Install Firefox 
   win_chocolatey:
     name: firefox
     state: present

Here is the main playbook which calls all the 3 roles

---
- hosts: localhost
  gather_facts: yes
  roles:
   - common
   - vm

- hosts: azure_vms
  gather_facts: no
  roles:
   - install_firefox

Hope this post helped you. Please share your feedback/suggestions in the comments below.