(2) Describe the core architectural components of Azure Flashcards
(2) Describe Azure Architecture and Services
They are geographical areas on the planet that contains at least one, but potentially multiple datacenters that are nearby and networked together with a low-latency network. Azure intelligently assigns and controls the resources within each region to ensure workloads are appropriately balanced.
Azure Regions
Paired with another region within 300 miles away that allows for the replication of resources across geography that helps reduce the likelihood of interruptions.
Azure Region Pairs
T/F: All services auto replicate date or fall back from failed region.
FALSE: Not all services do this. The customer must configure these settings.
These are instances of Azure that are isolated from the main instance of Azure. You may need to use one of these for compliance or legal purposes.
Sovereign Regions
These regions are phsyical and logical network-isolated instances of Azure for U.S. Government agencies and partners. These datacenters are operated by screened U.S. personnel and include additional compliance certifications.
US DoD Central, US GOV Virginia, & US GOV Iowa
These regions are available through a unique partnership between Microsoft and 21Vianet, whereby Microsoft doesn’t directly maintain the datacenters.
China East, Chine North, & more
They are physically separate datacenters within an Azure region. It is made up of one or more datacenters equipped with independent power, cooling, and networking.
Availability Zones
T/F: An availability zone is set up to be an isolation boundary.
TRUE: If one goes down, the other continues working.
Does availability zones help you to build high-availability into your application architecture?
Yes, by co-locating your compute, storage, networking, and data resources within an availability zone and replicating in other availability zones.
What are the 3 separate availability zones that help to ensure resiliency?
Zonal Services, Zone-redundant Services, & Non-regional Services
You pin the resource to a specific zone.
Zonal Services
The platform replicates automatically across zones.
Zone-redundant Services
Services are always available from Azure geographies and are resilient to zone-wide outages as well as region-wide outages.
Non-regional Services
They’re facilities with resources arranged in racks, with dedicated power, cooling, and networking infrastructure.
Datacenter
It is the basic building block of Azure. Anything you create, provision, or deploy is labeled as this thing. Examples would be VMs, Virtual Networks, databases, cognitive services, etc.
Resources
How many resouces can be in a resource group at a time?
Just one.
T/F: Once you move a resource to a new group, it will continue to be associated with the former group.
FALSE: it will no longer be associated with the former group.
If you apply an action in a resource group, does it apply to the whole group?
YES
If you delete a resource group, all all resources within the group deleted?
YES
What is this an example of? –> If you are setting up a temporary DEV environment, grouping all the resources together means you can de-provision all of the associated resources at once by deleting the resource group. If you’re provisioning compute resources that will need (3) different access schemas, it may be best to group resources based on the access schema, and then assign access at the resource group level.
Resource Group
What is a subscription?
They are a unit of management, billing and scale. Similar to how resource group s are a way to logically organize resources, (these) allow you to logically organize your resource groups and facilitate billing.
What is a Billing Boundary?
This subscription type determines how an Azure account is billed for using Azure. You can create multiple subscriptions for different types of billing requirements. Azure generates separate billing reports and invoices for each subscription so that you can organize and manage costs.
What is an Access Control Boundary?
Azure applies access-management policies at the subscription level, and you can create separate subscriptions to reflect different organizational structures.
Withing a business, you have different departments to which you apply distinct Azure subscription policies. This billing model allows you to manage and control access to the resources that users provision with specific subscriptions.
Example of an Access Control Boundary (subscription type).
What are three adiditonal subscriptions you can choose to create?
Environments, Organziational Structures, & Billing
A subscription for development and testing, security, or to isolate data for compliance reasons. This design is particularly useful because resource access controls occurs at the subscription level
Environmental Subscription
A subscription that wold allow you to limit one team to lower-cost resources, while allowing the IT department a full range. This design allows you to manage and control access to the resources that users provision within each subscription.
Organziational Structure Subscription
Because costs are first aggregated at the subscription level, you may want to create subscriptions to manage and track costs based on your needs. For instance, you might wnat to create one subscription for your production workloads and another subscription for your development and testing workloads.
Billing Subsciption
These are containers that you organize your subscriptions into and can apply governance conditions to the management groups.
Management Groups
T/F: All subscriptions within a management group DO NOT inherit the conditions applied to the management group.
FALSE: They do inheirt the conditions applied to the management group.
How do you provide user access to multiple subscriptions?
You can create one Azure Role-Based Access control (Azure RBAC) assignment on the management group.
How many management groups can be supported in a single directory?
10,000 Management Groups
How many levels of depth can a management group tree support?
6 levels of depth (root & subscription level NOT included in this number)
How many parent groups can each management group and subscription support?
Only one parent.
