Azure Organization and Infrastructure Flashcards
What is Microsoft Azure ?
It is a Microsoft’s public cloud computing platform. Public is a key term meaning it is available to the general public.
Microsoft Azure has over 200 individual products and services which provides a wide number of management and solutions for many business use cases you can think of.
Buil, run and manage application on Microsoft’s global infrastructure (IAAS, PAAS, SAAS)
What “managed services” refers to ?
PAAS and SAAS
Because they have an extra layer of management applied to them
What is the main advantage of cloud computing (financially)
It is pay as you go.
- No upfront commitment for resources
- Billed for the seconds of using services.
- OPEX : Operational Expenses.
Where are computing resources of Azure ?
In multiple datacenters all around the word (regions, zones)
Azure is a set of geographically distributed multiple sets of datacenters positionned all around the world to give them a global footprint.
What is a region ?
A region is defined as a collection of individual datacenters deployed within a single geographic region.
What is an availability zone ?
It is a division construct inside a region that refers to one of multiple physical locations within each individual Azure region.
It is made up of one or more individual datacenter buildings and each one of these individual data centers has its own self-contained construct of independent power, cooling and network capabilities.
What is the primary purpose of these multiple availability zones inside a single region ?
To provide an additional layer of fault tolerance and/or resiliency by offering the ability to replicate your application or whatever business solution that you are using accross multiple availability zones inside the same regions.
True or False: A region must only have 1 datacenter
False.
A region can be formed by one or multiple datacenters
True or False: An availability zone must only be formed by 1 datacenter
False
An availability zone can be formed by one or multiple datacenters
Compare the advantages of cloud computing applied to region vs availability zones
A region provide : High Availability and Fault Tolerance: Be closer to your end users (multiple regions - deployement). Defend against (unlikely) regional outages.
An Availability Zone provide Fault Tolerance: Deploy resources accross zones. Protect against single point of failures.
What are the layers of the Traditional IT stack ?
Networking
Storage
Servers
Virtualization
Operating System
Middleware
Runtime
Data
Applications
What is the method of interaction with the Azure services ?
ARM: Azure Resources Manager. That can be accessed through the Azure Web GUI console, Azure Powershell, Azure CLI, and Rest Client
How are the azure services organized ?
- The foundational services: the physical data center and the physical servers racs themselves, hypervisors capabiities
- The Core Infrastructure Services: Compute or virtual machines, the storage, the Networking
- The Managed Services: Platform Services and SAAS.
- Security & Management Services: not really solutions/services. Used for various security and management functions in relation to the managed solutions, such as authentication, identity, etc.
Which layers of the traditional IT stack are managed by the Cloud Provider in IAAS ?
Networking
Storage
Servers
Virtualization
Operating System (partially)
Which layers of the traditional IT stack are managed by the customer in IAAS ?
Operating System
Middleware
Runtime
Data
Applications
Which layers of the traditional IT stack are managed by the Cloud Provider in PAAS ?
Networking
Storage
Servers
Virtualization
Operating System
Middleware
Runtime
Which layers of the traditional IT stack are managed by the customer in PAAS ?
Data
Applications
Which layers of the traditional IT stack are managed by the Cloud Provider in SAAS ?
The full stack:
Networking
Storage
Servers
Virtualization
Operating System
Middleware
Runtime
Data
Applications
Which layers of the traditional IT stack are managed by the customer in SAAS ?
Nothing. The customer just use the software
Example of SaaS
Google Docs, Dropbox, PowerBI, Microsoft O365
What is ARM ?
Azure Resource Manager
It is a centralized management layer for interacting with all azure services whether the channel of interaction is the azure web portal, the command line interface, powershell, an application access (Rest client), etc.
It is the layer where access control (authentication and authorization) is enforced.
What are the 3 questions to answer regarding Azure Organization Considerations ?
- How do we organize our Azure Resources and Services ?
- How do we track who is paying for what ?
- How do we limit who has access to different sets of resources and doesn’t to other sets of resources ?
What are the Hierarchichal layers of an Azure Organization ?
- The Azure Tenant, contains // Organization - Azure AD users
- Management Groups (optional), which contains // Centralized management of subscriptions
- Subscriptions, which contains, // Billing agreement
- Resource Groups, which contains, // Group related resources together
- Resources // VM, Databases, etc.
What are the main fundamentals about Azure Resource Hierarchy ?
- Parent-Child Relationship
- Access/Policies granted to parent are automatically inherited by child levels
- Centralized Management
- Parent can have multiple children - But a child can only have one parent (similar to OS file structure)
What is a Tenant ?
Each organization has a single tenant.
companyname.com.
It is the organization instance of Azure AD. It is where your users/identity directory exists and acts as a single bucket to manage all users who have access various parts of your azure organization.
What is the primary purpose of a management group ?
To provide a centralized management component for multiple subscriptions that you want to manage all in one place.
It is optional.
What is the primary purpose of a subscription ?
To act as a primary billing and access isolation boundary within Azure.
What is the primary purpose of a Resource Group?
To group together resources that have the same purpose / lifecycle
What are the 3 components of the IAM trilogy ?
- Who
- Can do what
- On which resources (the scope)
Which component of Azure is responsible of the “who” of the IAM trilogy ?
Azure Active Directory that manages azure identities
Which component of Azure is responsible of the “Can Do What” of the IAM trilogy ?
Azure Role-Based Access Control (Azure RBAC)
Provides fine-grained access management to Azure Resources
Which component of Azure is responsible of the “on which resources” of the IAM trilogy ?
The scope : which level in Azure Resource Hierarchy
What is the Azure Active Directory ?
It is a cloud based identity service. There is one per tenant. Then one per organization.
How is an identity called in Azure AD ?
A security principal
What is a role
A role is a collection of specific permissions
Which service in Azure provides the visibility on what happens in the Azure environment ?
Azure Monitor
What are the 2 separate components of Azure Monitor
- Logs
- Metrics
Example of Logs
Activity Logs (who created the resouce and when)
OS logs : Windows events
Example of Metrics (Telemetry based performance data)
- CPU Utilization
- Website Latency
Where are logs and metrics stored ?
In “Stores”
Which actions can be taken on the stores ?
- Insights (Application, Container, VM, Monitoring solutions)
- Visualization (Dashboards, Views, PowerBI, Workbooks)
- Analysis (Metric Analytics, Log Analytics)
- Response (Alerts, autoscale)
- Integration (Event hub, Logic Apps, Export APIs)
