09-PaaS Compute Options

Question 1

Azure App Service Plan

Answer 1

Define set of compute resources for web app to run

Determine performance, price, and features

One or more apps can be configure to run in the same App Service plan

Region where compute resources will be created
# of virtual machine instances
Size of virtual machine instances
Pricing tier

Question 2

App Service Plan Pricing Tiers

Answer 2

Free

Shared

Basic

Standard

Premium

Isolated

Question 3

What is Shared Compute

Answer 3

Free and Shared

Run apps on same Azure VM as other App Service apps, and the resources cannot scale out

Question 4

What is Dedicated Compute

Answer 4

Basic, Standard, Premium

Run apps in the same plan in dedicated Azure VMs

Question 5

What is Isolated

Answer 5

Runs apps on dedicated Azure VMs in dedicated Azure virtual networks

Question 6

App Service Plan Scaling

Answer 6

Scale up

Scale out

Question 7

App Service Plan Scale Out

Answer 7

Adjust available resources based on the current demand

Improve availability and fault tolerance

Scale based on a metric (CPU percentage, memory percentage, HTTP requests)

fill in

Question 8

Azure App Service

Answer 8

Fully managed environment enabling high productivity development

Platform-as-a-service (PaaS) offering for building and deploying highly available cloud apps for web and mobile

Platform handles infrastructure so developers focus on core web apps and services

Developer productivity using .NET .NET Core, Java, Python and host of others

Provide enterprise-grade security and compliance

Question 9

Creating an App Service

Answer 9

Name must be unique

Access using azurewebsites.net - can map to a custom domain

Publish code (Runtime Stack)

Publish Docker Container

Linux or Windows

Region closest to your users

App Service Plan

Question 10

Continuous Deployment

Answer 10

Work in a single source control

Whenever code updates are pushed to source control, then the website or web app will automatically pick up the updates

Continuous deployment workflow publishes the most recent updates from a project

Use portal for continuous deployments from GitHub, Bitbucket, or Azure DevOps

Question 11

Deployment Slots

Answer 11

Validate code in live environment before publishing it

Can swap from staging from production and vice versa

Question 12

Creating Deployment Slots

Answer 12

Select whether to clone an app configuration from another deployment slot

When you clone, pay attention to the settings

Not all settings are sticky (endpoints, custom domain names, SSL certificates, scaling)

Review and edit your setting before swapping

Question 13

Securing an App Service

Answer 13

Authentication

• enable authentication
• log in with 3rd party identity provider

Security

• troubleshoot with diagnostics logs - failed request, app logging
• add an SSL certificate - HTTPS
• define a priority ordered allow/deny list to control network access to the app
• store secrets in the Azure Key Vault

Question 14

Custom Domain Names

Answer 14

Redirect the default web app URL

Validate the custom domain in Azure

Use the DNS registry for your domain provider

fill in

Question 15

Backup an App Service

Answer 15

Create app backups manually or on a schedule

Backup the configuration, file content, and database connected to the app

Requires Standard or Premium plan

Backups can be up to 10 GB of app and database content

Configure partial backups and exclude items from the backup

Restore your app on-demand to a previous state, or create a new app

Question 16

Application Insights

Answer 16

Request rates, deny rates, response time and failure rates

Page view and load performance

User and session counts

Performance counters

Diagnostics and Exceptions

Question 17

Container vs Virtual Machine Features

Answer 17

Isolation

Operating System

Deployment

Persistent Storage

Fault Tolerance

Question 18

Azure Container Instance

Answer 18

Here Azure, this is my container, run it

Question 19

What are Container Groups

Answer 19

Top-level resource in Azure Container Instances

Collection of containers that get scheduled on the same host

Containers in the group share a lifecycle, resources, local network, and storage volumes

Question 20

What is Docker

Answer 20

Set of PaaS products

Enable developer to host application inside a container

Separate application from environment so it runs the same regardless of where is it hosted

Question 21

What is container

Answer 21

Standardized “unit of software” that contains everything required for an application to run.

Available on both Linux and Windows and can be hosted on Azure

Question 22

Docker Hub

Answer 22

Registry that houses the container images

Public registry

Question 23

Azure Kubernetes Service

Answer 23

You’re responsible only for managing the agent nodes

You pay only for the agent nodes

Enables nodes to be fully managed by Microsoft

Performs simple cluster scaling

Manages health monitoring and maintenance

Question 24

Pods

Answer 24

Groups of nodes with identical configuration

Question 25

Nodes

Answer 25

Individual VMs running containerized applications

Question 26

Pods

Answer 26

Single instance of an application. A pod can contain multiple containers

Question 27

Deployment

Answer 27

One or more identical pods managed by Kubernetes

Question 28

Manifest

Answer 28

YAML file describing a deployment

Question 29

Azure-managed nodes

Answer 29

Master node

Provides core Kubernetes services and orchestration

Question 30

Customer-managed nodes

Answer 30

Agent node

Run applications and supporting services

Question 31

AKS Networking

Answer 31

Pods run an instance of your application

Question 32

Three major networking services - AKS Networking

Answer 32

Cluster IP - Internal IP gets created. For internal traffic. Used by pods inside the cluster

NodePort - port mapping that allows you to access application. Use port and IP on virtual machine

Load Balancer - configure load balancer and external IP address

Question 33

AKS Storage

Answer 33

Local storage on node is fast and simple to use

Local storage might not be available after pod is deleted

Multiple pods may share data volumes

Storage could potentially be reattached to another pod

Question 34

AKS Security

Answer 34

Managed service - Limit access with authorized IP ranges, create a private cluster, use RBAD and Azure AD access

Cluster upgrades - Upgrade AKS cluster with cordon and drain

Node - Automatic OS security patches, Azure managed disks, pod security policies

Networks - Define ingress controllers with private internal IP address, filter the flow of traffic with network security groups

Data - Kubernetes secrets for credentials and keys

Question 35

AKS and Azure Active Directory

Answer 35

Use Azure AD as an integrated identity solution

User service accounts, user accounts, and role-based access control

Question 36

AKS Scaling

Answer 36

Applications might grow beyond the capacity of a single pod

Kubernetes has built-in autoscaler

Cluster autoscaler scales based on compute resources

Horizontal pod autoscaler scales based on metrics

Question 37

AKS Scaling to ACI

Answer 37

Azure Container Instance

If you need to rapidly grow your AKS cluster, you can create new pods in Azure Container instance

Question 38

Virtual Kubelet

Answer 38

Open-source Kubernetes kubelet implementation

Registers itself as a node and allows developers to deploy pods and containers with their own APIs

Supported by an ecosystem of providers