2.1 Core architectural components of Azure Flashcards
Physical infrastructure heirarchy
Geography -> Region pair -> region -> Region -> Availability zones -> datacenters
Datacenters
Base level of azure physical infrastructure. Essentially same as large corporate datacenters with racks, cooling, and networking but aren’t directly accessible
Regions
geographical area on the planet that contains at least one datacenter (usually more than one that are nearby each other and networked together with low latency network)
ex. US West, East Asia
Availability zones
Physically separate datacenters within an azure region. Set up to be isolation boundary i.e. if one goes down the others continues working. (minimum of 3 availability zones in each availability zone enabled region)
Advantages of availability zones
- data redundancy to protect information in case of failure
- high availability since each zone can cover for each other in case of outage
Services that support availability zones (with explanation of each)
- zonal services: you pin the resource to a specific zone (ex. VMs, IP addresses, managed disks)
- zone-redundant services: the platform replicates automatically across zones (ex. zone-redundant storage, sql database)
- non-regional services: services are always available from azure geographies and are resilient to zone-wide and region-wide outages
Region pairs
Regions are paired with another region that are next to each other but at least 300 miles away.
Can replicate resources between region pairs to protect from region wide outages and provide data redundance
Advantages of region pairs
- if extensive outage occurs, one region is prioritized to make sure at least one is restored quickly
- Planned azure updates roll out to one region at a time to ensure high availability
- Data exists within the same geography as its pair for tax and law enforcement purposes
geography
A big section of the world such as US or Asia that would have regions within them
Sovereign regions
Instances of azure that are isolated from rest of azure to be used by government agencies
Ran and operated by screened government personnel
Management infrastructure heirarchy
Account -> management groups(optional) -> subscriptions -> resource groups -> resources
Resources
Building block of azure.
Any service you create/deploy is a resource
Ex. VMs, virtual networks, databases etc.
Resource group
A grouping of resources. Required to place a resource into a resource group even if its just one.
Resource can only exist in one RG at a time
Any actions applied to resource group affect all resources within it
Subscriptions
Unit of management, billing, and scale.
Subscriptions group resource groups to provide access to resources and handle billing
Subscription boundaries
- Billing boundary: determines how an account will be billed. Can create multiple subscriptions for different types of billing requirements within organization
- Access control boundary: Access management policies are applied at the subscription level so you can create separate subscriptions to reflect organizatin structure (ex. Testing subscription, Dev subscription, HR subscription)
Management group
(optional)
A way to organize subscriptions.
You can place conditions/rules on management group and it will apply to all subscriptions within management group
Important facts about management groups (3)
- 10,000 management groups can be supported in a single directory
- management group tree can support 6 levels of depth (does not include root level or subscription level)
- Each management group and subscription can have only one parent
When to use management group examples
- Create hierarchy that applies a policy. Ex. Limit VM locations to only US West Region. Cannot be altered by resource or subscription owner
- Provide user access to multiple subscriptions: if multiple subscriptions under management group, assign RBAC to management group instead of having to assign access to each subscription
Azure RBAC
Role-based access control
