1_1How Azure uses Global Foundation Services Datacenters

Question 1

Topics 1.1.

Answer 1

‘1)Learning about Azure’s global footprints, 2) Understanding the design of cloud-scale data centers, 3) Design for cloud

Question 2

MCIO = GFS

Answer 2

The team that manages and runs Azure infrastructure is called Microsoft Cloud Infrastructure and Operations (MCIO), formerly known as Global Foundation Service (GFS). Also Microsoft datacenters = Azure Datacenters

Question 3

Azure global footprints

Answer 3

‘+1 M servers, +3M requests per second. 17 datacenters distributed, 10 languages, 19 currencies

Question 4

17 Regions

Answer 4

‘1) USA 8, Emea 2, Asia 2, Japan 2, Brazil 1, Australia 2

Question 5

ZRS

Answer 5

Zone Redundant Storage, 3 copies of your data across 2 or 3 facilities in a single region or two regions

Question 6

Affinity Group

Answer 6

It is a way to group your cloud sevices by proximity to reduce network latency.

Question 7

STAMPS

Answer 7

Group of server racks (it’s not an official concept)

Question 8

Regional Differences

Answer 8

Not all Azure regions provide the same set of services.

Question 9

Multilanguage support

Answer 9

It’s not tied to specific regions. Full globaly. By aware! many Azure objects don�t allow non-English characters in their names or identifi ers.

Question 10

Cloud-scale datacenters

Answer 10

A single Azure datacenter can be as big as three large cruise ships placed end to end and host ten of thousands of servers.

Question 11

Embracing errors

Answer 11

Cloud-scale datacenters use commodity servers to reduce cost. The availability of these servers are low than more expensive ones used in traditional datacenters. Think about thousands! Traditional datacenters design focus on increasing Mean Time Between Failures (MTBF). In Cloud-scale datacenters when a server is failing its workloads are redirected to another healty one. So the design key is focus on Mean Time To Recover (MTTR) instead of MTBF because what customer cares is about the availability of their services, not the hardware. To achieve this AUTOMATIZATION IS THE KEY.

Question 12

Human Factors

Answer 12

Training, policy reinforcements, contuous monitoring, auditing form foundation of an error-resilent team.

Question 13

Some Polices

Answer 13

1)Just-in-time administrator accesses and just-enough administrator acceses, 2)Msft staff does not have access to customer data, special grant to access and just for a predetermined window, 3)all activities are monotored and logged

Question 14

Polices suggested for customers

Answer 14

Suggest best practices and tools such as Azure Active Directory (Azure AD), multifactor authentication, uil-in-Role-Based Access Control (RBAC) with Azure Resource Groups and Azure Rights Management

Question 15

Azure Automation Options

Answer 15

Azure Management API, Azure PowerShell, Azure Cross-Platform Command-Line Interface (xplat-cli). Azure Automatio services. Also third-party solutions such as Puppet and Chef.

Question 16

Trust-worthy computing

Answer 16

Challenge for cloud industry. Polices: 1) Pysical security and continuous surveillance, 2)Protection against virus, malware, and DdoS attacks., 3)Activity monitoring, tracing and analysis, and abnormality detection, 4)System patching, 5)Customer data isolation and protection

Question 17

Security Tools for Customers

Answer 17

1)Data encryption for Azure Storage, Key Vault service to manage security keys.

Question 18

Azure Security Certifications

Answer 18

1)ISO 27001/27002, 2)FISMA, 3)FedRAMP, 4)HIPPA,5) EU Model Clauses. Adicional info: azure.microsoft.com/en-us/support/trust-center/

Question 19

Sustainable reliability

Answer 19

1)Power redundancy: UPS, massive battery arrays and generators with on-site fuel reserves. 2)All ecosystem is consider as TCO

Question 20

Efficiency and Ecology

Answer 20

Microsoft Power Usage Effectiveness (PUE) is 1.125 below industry norm 1.8. Also datacenters are environment-friendly

Question 21

Design for the Cloud

Answer 21

Cloud bring both challenges and opportunities to design your applications. Challenge is the architecture of your application and opportunity is the Quality of Service (QoS) that Cloud offers.

Question 22

Datacenter maintenance

Answer 22

Two types of maintenances 1)planned and 2)unplanned

Question 23

Planned Maintenance

Answer 23

Some cases requires that customer VM to be shut down or rebooted. VM could be configured multi-instance or single-instance.Azure give SLA (Service Level Agreement) only for multi-instance Vms

Question 24

Multi-instance VM

Answer 24

Multi-instance Vms are joined to a same logical group called an Availability Set. When Azure updates Vms, it guarantees that not all machines in the same Availability Set will be shut down at the same time.

Question 25

Single-instance VM

Answer 25

are stand-alone Vms

Question 26

Unplanned Maintenance

Answer 26

Are triggered by unexpected physical infrastructure problems such as network failures, rack-level failures and others. When Azure detects it, automatically moves your Vms to a healty host. Azure’s autorecovery mechanism sginificantly reduces MTTR to minutes, but your application needs to be able to restart itself.

Question 27

Fault Domains

Answer 27

Fault Domains don’t share a common power source or network switch so the probability of simultanteous fault is very low. Multi-instance VMs are located to two different Fault Domain.

Question 28

Datacenter outages

Answer 28

For natural disasters or human error, it could happen. MSFT transparent policy that shares Root Cause Analysis (RCA) reports to customers. Cross-region redundancy is an effective way to deal with region-wide outages.

Question 29

Service throttling

Answer 29

Cloud is multitenant environment. Azure throttles service calls according to subscriptions limits. Criteria: stored data, number of transactions, and system throughputs. Build multi-entity support into your architecture so your application can be scaled out as needed! Other way is using cache such as application-level caching and CDN (Content Delivery Networks).

Question 30

Cache

Answer 30

Caches help not only to reduce the amount of service calls, also improves your application performance.

Question 31

Service security

Answer 31

Except few read-only operations, Azure requires proper authentication before it grants a service request.

Question 32

3 Authentication Strategies

Answer 32

1)Secret key, 2)Shared Access Signature (SAS) and 3) Federated authentication via Azure AD. Secret key is responsibility of the user (Msft offers Azure Key Vault). SAS offer detailed level access control over entities, giving grant access to specifi data with explicit rights during given time windows.