Azure fundementals

Question 1

Identity and Access Management

Answer 1

1. Azure active directory
   Cloud based Identity service:
   One per tenant (company )
   Provides identity - who you are
   Identity=”security principal” Manage end users or applications
2. Azure role based access Control ( Azure-RBAC)
   Control access using roles
   Assign roles to security principal
   Roles are collection of specific permissions
   General and specific role types:
   Owner: full privilege’s
   VM Contributor: only VM access
3. Scope
   Set of resources allowed to access
   On which resources
   Roles are granted to various layers of resource hierarchy
   Lower levels inherit roles from higher level: Centralized management

Question 2

Azure resource hierarchy and organization

Answer 2

Azure’s resource hierarchy gives us a mechanism to limit who in our organization
has access to different sorts of resources, and by that manner,
doesn’t have access to other sets of resources,

Azure tenant : Single bucket to manage all users.
Azure tenant can have multiple management groups
management groups: Centralized management for subscriptions can have multiple subscriptions
subscriptions: Each subscription has its own billing agreement. can have multiple resource groups
resource groups: Group resources together for same purpose/lifecycle. All azure resources are created in resource groups, can have multiple resources
resources: Anything created in Azure,can have multiple resource groups

Azure resource hierarchy fundamentals:

Parent-child relationship
Access/policies granted to parent inherited to child levels
Centralized management
Parent can have multiple child -child can have one parent
Similar to OS file system

Question 3

Azure Advisor

Answer 3

The advisor will provide recommendations about resources, save costs, increases reliability, security vulnerabilities and lot more

Question 4

Azure Resource Manager [ARM]

all interactions with azure resource goes through ARM.
it is the main azure architecture component for creating , updating and manipulating resources

Answer 4

Azure Resource Manager allows you to provision your applications using a declarative template. In a single template, you can deploy multiple services along with their dependencies. You use the same template to repeatedly deploy your application during every stage of the application lifecycle.

Benefits:

Idempotent: run the same templates once, twice, or as many times as you like. It will have the same outcome.

Source control: Keep all changes to ARM template

Reuse: use a combination of multiple partial ARM templates to achieve glory

Declarative: specific what you want done not how it is done.

No Human errors: automation

Question 5

Azure monitor

Answer 5

LOGS
Text based records for events
Activity logs: who created the resource and when 
OS logs:
METRICS:
Performance data
CPU, Website performance

Question 6

Azure CLI
Power shell
Cloud Shell

Answer 6

Logging: keep track of who ran what commands and when in various ways.

Azure CLI :
is text only entry tool or command line interface ex: “az account list” or “az vm create”

Advantages of CLI:

Stable: Text commands don’t change and the CLI is in a stable state.
Structure: CLI commands are structured very logically and all follow the same pattern.

Cross Platform: The CLI works on windows, mac, linux

Automation: It is simple to automate the CLI command for future use.

Power Shell:

Cmdlet a script that performs simple tasks
it is command line interface, cmdlet new -azvm
Azure resource manager: PowerShell also uses the resource manager, like the portal to manipulate azure resources

Cloud Shell:

Cloud shell is an interactive, browser-accessible shell for managing Azure resources.
Standalone/in-portal

Access: Access from anywhere using web/mobile app. authenticated and secure.

Shell: choose b/w azure cli/powershell
Tools: Included tools interpreters modules, azure tools. Languages for nodejs, .NET, and python.

Storage: has a dedicated storage to persist data b/w sessions.

File editor: a complete file editor

Question 7

cloud terminology
High availability
Fault tolerance
Disaster recovery
Scalability
Elasticity
Agility

Answer 7

High availability: is the capability
of several virtual machines to kick in
and help process requests when needed.
This ensures high availability of your application.
Fault tolerance: describes how Azure
will ensure you have zero downtime
for services provided by Azure.
Disaster recovery: means having a plan
to recover a complete system
in the event of a major disaster,
like a tornado or flood.
This is done using time-to-recovery
and recovery point metrics.
Scalability: is the ability to add
or remove virtual machines, scaling out,
or increase the resources
on a single virtual machine, scaling up.
Elasticity: is the ability to quickly increase
or decrease computer processing and resources.
Agility: means the ability to rapidly develop,
test, and launch software applications.

Question 8

Cloud Economics
CapEx
OpEx

Answer 8

Capital expenditure, or CapEx: is when you buy something
like a server.
It’s a one-time cost that is made up front.
Operational expenditure, or OpEx: is an ongoing cost
to run your business, such as printer toner and electricity.
This could also be your monthly cost
for cloud computing services.
Consumption-based: pricing is a pricing model within Azure
to let you only pay for the exact resources you consume.

Question 9

Cloud Service Models
IAAS
PAAS
SAAS
Serverless

Answer 9

Infrastructure-as-a-Service, or IaaS: 
gives you virtual servers
on which you can install what you like.
You're renting service,
storage, network components from Azure.
You manage everything,
except the infrastructure,
which is a service.

Platform-as-a-Service, or PaaS.:
It’s a super set of IaaS
but in addition,
includes middleware as a service.
These could be developer tools or database management.
PaaS is where a lot of the Azure benefits
come into play for businesses.

Software-as-a-Service or SaaS: 
This describes services built on top of IaaS and PaaS,
such as Office 365,
Azure SQL,
and more.
serverless :
which is becoming a bit of a buzzword,
but means you don't manage any servers
anywhere in the food chain.
A single function of code can be hosted,
deployed, run,
and managed on its own.

Question 10

Azure marketplace

The marketplace is a great shortcut for both using a service
and selling a service.

Answer 10

Solution & Services:
Large selection from microsoft and partners, apps, vm’s, templates and so much more.

Azure app store:
buy cloud services with a single click. many categories of items to accquire

Easy to integrate:
Use from portal, CLI, or power shell. some are free , some are paid

Benfits:
Certified and less maintenance:
less maintenance than creating your own solution
from scratch and all offerings are certified by Microsoft.

Efficient:
Faster to build a prototype of an idea
with ready-made components from the marketplace.

New markets:
Market your own solution to new markets and segments.
Having you SAAS application or other servers
in the marketplace exposes it to a ton of Azure users.

Support:
And if you have an application listed on the marketplace,
you get technical support and design support,
as well from Microsoft.

Question 11

Azure global infrastructure

Regions and AZs

Answer 11

Region:
A set of datacenters: each region has more than one data center
Latency defined perimeter: Datacenters are not too far (latency means time take for data to travel)
Regional low-latency n/w: A fiber connection b/w the data centers in a region

How to choose a region:
Location
Features
price

Paired Region
Each region is paired with other region
Outage failover: if the primary region has an outage you can failover to the secondary region
planned updates: only one region in a pair is update at anyone time
Replication

AZ’s

Physical location
Independent: Each zone has its own power,n/w,cooling
Zones: each region has minimum 3 AZ’s