Azure Organization and Infrastructure

Question 1

What is Microsoft Azure ?

Answer 1

It is a Microsoft’s public cloud computing platform. Public is a key term meaning it is available to the general public.

Microsoft Azure has over 200 individual products and services which provides a wide number of management and solutions for many business use cases you can think of.

Buil, run and manage application on Microsoft’s global infrastructure (IAAS, PAAS, SAAS)

Question 2

What “managed services” refers to ?

Answer 2

PAAS and SAAS
Because they have an extra layer of management applied to them

Question 3

What is the main advantage of cloud computing (financially)

Answer 3

It is pay as you go.

• No upfront commitment for resources
• Billed for the seconds of using services.
• OPEX : Operational Expenses.

Question 4

Where are computing resources of Azure ?

Answer 4

In multiple datacenters all around the word (regions, zones)

Azure is a set of geographically distributed multiple sets of datacenters positionned all around the world to give them a global footprint.

Question 5

What is a region ?

Answer 5

A region is defined as a collection of individual datacenters deployed within a single geographic region.

Question 6

What is an availability zone ?

Answer 6

It is a division construct inside a region that refers to one of multiple physical locations within each individual Azure region.

It is made up of one or more individual datacenter buildings and each one of these individual data centers has its own self-contained construct of independent power, cooling and network capabilities.

Question 7

What is the primary purpose of these multiple availability zones inside a single region ?

Answer 7

To provide an additional layer of fault tolerance and/or resiliency by offering the ability to replicate your application or whatever business solution that you are using accross multiple availability zones inside the same regions.

Question 8

True or False: A region must only have 1 datacenter

Answer 8

False.
A region can be formed by one or multiple datacenters

Question 9

True or False: An availability zone must only be formed by 1 datacenter

Answer 9

False
An availability zone can be formed by one or multiple datacenters

Question 10

Compare the advantages of cloud computing applied to region vs availability zones

Answer 10

A region provide : High Availability and Fault Tolerance: Be closer to your end users (multiple regions - deployement). Defend against (unlikely) regional outages.

An Availability Zone provide Fault Tolerance: Deploy resources accross zones. Protect against single point of failures.

Question 11

What are the layers of the Traditional IT stack ?

Answer 11

Networking
Storage
Servers
Virtualization
Operating System
Middleware
Runtime
Data
Applications

Question 12

What is the method of interaction with the Azure services ?

Answer 12

ARM: Azure Resources Manager. That can be accessed through the Azure Web GUI console, Azure Powershell, Azure CLI, and Rest Client

Question 13

How are the azure services organized ?

Answer 13

• The foundational services: the physical data center and the physical servers racs themselves, hypervisors capabiities
• The Core Infrastructure Services: Compute or virtual machines, the storage, the Networking
• The Managed Services: Platform Services and SAAS.
• Security & Management Services: not really solutions/services. Used for various security and management functions in relation to the managed solutions, such as authentication, identity, etc.

Question 14

Which layers of the traditional IT stack are managed by the Cloud Provider in IAAS ?

Answer 14

Networking
Storage
Servers
Virtualization
Operating System (partially)

Question 15

Which layers of the traditional IT stack are managed by the customer in IAAS ?

Answer 15

Operating System
Middleware
Runtime
Data
Applications

Question 16

Which layers of the traditional IT stack are managed by the Cloud Provider in PAAS ?

Answer 16

Networking
Storage
Servers
Virtualization
Operating System
Middleware
Runtime

Question 17

Which layers of the traditional IT stack are managed by the customer in PAAS ?

Answer 17

Data
Applications

Question 18

Which layers of the traditional IT stack are managed by the Cloud Provider in SAAS ?

Answer 18

The full stack:

Networking
Storage
Servers
Virtualization
Operating System
Middleware
Runtime
Data
Applications

Question 19

Which layers of the traditional IT stack are managed by the customer in SAAS ?

Answer 19

Nothing. The customer just use the software

Question 20

Example of SaaS

Answer 20

Google Docs, Dropbox, PowerBI, Microsoft O365

Question 21

What is ARM ?

Answer 21

Azure Resource Manager

It is a centralized management layer for interacting with all azure services whether the channel of interaction is the azure web portal, the command line interface, powershell, an application access (Rest client), etc.

It is the layer where access control (authentication and authorization) is enforced.

Question 22

What are the 3 questions to answer regarding Azure Organization Considerations ?

Answer 22

• How do we organize our Azure Resources and Services ?
• How do we track who is paying for what ?
• How do we limit who has access to different sets of resources and doesn’t to other sets of resources ?

Question 23

What are the Hierarchichal layers of an Azure Organization ?

Answer 23

• The Azure Tenant, contains // Organization - Azure AD users
• Management Groups (optional), which contains // Centralized management of subscriptions
• Subscriptions, which contains, // Billing agreement
• Resource Groups, which contains, // Group related resources together
• Resources // VM, Databases, etc.

Question 24

What are the main fundamentals about Azure Resource Hierarchy ?

Answer 24

• Parent-Child Relationship
• Access/Policies granted to parent are automatically inherited by child levels
• Centralized Management
• Parent can have multiple children - But a child can only have one parent (similar to OS file structure)

Question 25

What is a Tenant ?

Answer 25

Each organization has a single tenant.

companyname.com.

It is the organization instance of Azure AD. It is where your users/identity directory exists and acts as a single bucket to manage all users who have access various parts of your azure organization.

Question 26

What is the primary purpose of a management group ?

Answer 26

To provide a centralized management component for multiple subscriptions that you want to manage all in one place.

It is optional.

Question 27

What is the primary purpose of a subscription ?

Answer 27

To act as a primary billing and access isolation boundary within Azure.

Question 28

What is the primary purpose of a Resource Group?

Answer 28

To group together resources that have the same purpose / lifecycle

Question 29

What are the 3 components of the IAM trilogy ?

Answer 29

• Who
• Can do what
• On which resources (the scope)

Question 30

Which component of Azure is responsible of the “who” of the IAM trilogy ?

Answer 30

Azure Active Directory that manages azure identities

Question 31

Which component of Azure is responsible of the “Can Do What” of the IAM trilogy ?

Answer 31

Azure Role-Based Access Control (Azure RBAC)

Provides fine-grained access management to Azure Resources

Question 32

Which component of Azure is responsible of the “on which resources” of the IAM trilogy ?

Answer 32

The scope : which level in Azure Resource Hierarchy

Question 33

What is the Azure Active Directory ?

Answer 33

It is a cloud based identity service. There is one per tenant. Then one per organization.

Question 34

How is an identity called in Azure AD ?

Answer 34

A security principal

Question 35

What is a role

Answer 35

A role is a collection of specific permissions

Question 36

Which service in Azure provides the visibility on what happens in the Azure environment ?

Answer 36

Azure Monitor

Question 37

What are the 2 separate components of Azure Monitor

Answer 37

• Logs
• Metrics

Question 38

Example of Logs

Answer 38

Activity Logs (who created the resouce and when)
OS logs : Windows events

Question 39

Example of Metrics (Telemetry based performance data)

Answer 39

• CPU Utilization
• Website Latency

Question 40

Where are logs and metrics stored ?

Answer 40

In “Stores”

Question 41

Which actions can be taken on the stores ?

Answer 41

• Insights (Application, Container, VM, Monitoring solutions)
• Visualization (Dashboards, Views, PowerBI, Workbooks)
• Analysis (Metric Analytics, Log Analytics)
• Response (Alerts, autoscale)
• Integration (Event hub, Logic Apps, Export APIs)