Azure Services

Question 1

Azure Containers

Answer 1

A virtualization environment that run multiple instances, or containers.

A container is an instance that virtualize an OS, on which any software or service can run.

Azure Container Instances is a fast and simple way to run containers in Azure.

Containers are often used to create micro service architectures.

Question 2

Azure Functions

Answer 2

Event-driven serverless computation, triggered by events (API requests, timer, or message from another service) instead of constantly running in the background.

Functions scale automatically based on demand, and run code when triggered an deallocates resources when finished.

Can be stateless (default, behave as if they restart every time), or stateful (a.k.a. Durable Functions, where a context is passed through the function to track prior activity).

Question 3

Azure App Service

Answer 3

An HTTP-based service for building and hosting web apps, background jobs, mobile back-ends, and RESTful APIs, as an alternative to VMs and containers.

Question 4

Virtual Networks

Answer 4

Virtual networks and subnets are like an extensions of an on-premises network and enable resources to communicate with each other, users on the internet, and client computers.

Supports both public and private endpoints, i.e. communication between external and internal resources with other internal resources.

VN peering links VNs together directly, so the traffic is private and never enters the internet.

Question 5

Virtual Private Network (VPN)

Answer 5

Uses an encrypted tunnel within another network, and usually deployed to connect two or more trusted private networks to one another over an untrusted network (internet).

A VPN gateway is a type of virtual network gateway, and is deployed in a dedicated subnet of the VN to enable connections site-to-site (on-premise), point-to-site (devices), or network-to-network (between VNs). Only one gateway can be used in each VN, but it can connect ot multiple locations.

VPN gateways are useful for
- Connections between VNs
- Point-to-site connections
- Multisite connections
- Coexistence with an Azure ExpressRoute gateway

Question 6

Azure ExpressRoute

Answer 6

Enables on-premise networks to extend to the cloud over a private network.

Benefits:
- Connectivity to cloud services across all regions in a geopolitical region
- Global connectivity to MS services across all regions with the ExpressRoute Global Reach
- Dynamic routing between networks and MS
- Built-in redundancy in every peering location

Question 7

Azure DNS

Answer 7

A hosting service for DNS domains.

Question 8

Azure storage accounts

Answer 8

A unique namespace for storage data accessed over HTTP/S. There are 4 types:
- Standard general-purpose (blob, queue, table storage, azule files)
- Premium block blobs (blob storage)
- Premium file shares (Azure files)
- Premium page blobs (Page blobs)

Have different redundancy options:
- LRS
- GRS
- RA-GRS
- ZRS
- GZRS
- RA-GZRS

Question 9

Azure Storage Services

Answer 9

Includes the following data services:
- Blobs: can store massive amounts of different, unstructured data. Has 3 access tiers: Hot/Cool/Archive
- Files: managed file shares in the cloud, accessable via SMB and NFS, can be mounted concurrently by cloud and on-premises
- Queues: can store large number of messages via HTTP/S, can be combined with Functions to trigger message to storage or action on receive
- Disks: virtualized block-level storage for VMs

Question 10

Azure Migrate

Answer 10

A service to migrate in-premises environments to the cloud, functions as a hub fto manage the assessment and migration to Azure.

Includes tools like
- Azure Migrate: Discovery and assessment
- Azure Migrate: Server Migration
- Data Migration Assistant
- Azure Database Migration Service
- Web App Migration Assistant
- Azure Data Box

Question 11

Azure Data Box

Answer 11

A physical storage device to transfer large amount of data. Useful for:
- One-time migration
- Moving a media library from offline tapes
- Migrating a VM farm, SQL server, and applications
- Moving historical data from analysis and reporting using HDInsight
- Initial bulk transfer
- Periodic uploads

Export scenarios:
- Disaster recovery
- Security requirements
- Migrate abck to on-premises or another cloud provider

Question 12

AzCopy

Answer 12

Command-line utility to copy blobs or files to/from a storage account

Question 13

Azure Storage Explorer

Answer 13

A GUI to manage files and blobs in Azure Storage Account. Built on AzCopy

Question 14

Azure File Sync

Answer 14

Used to centralize file shares in Azure Files

Question 15

Azure Active Directory

Answer 15

A cloud-based identity and access management service to log in and access Microsoft apps and cloud apps, help and maintain on-premises AD deployment.

Used for authentication, SSO, application and device management

Question 16

Azure Active Directory Connect

Answer 16

Synchronizes changes between identity sets, e.g. Azure AD and an on-premises AD, so itäs possible to use SSo, MFA etc.

Question 17

Azure Active Directory Domain Services

Answer 17

AADDS integrates any domain services with an existing Azure AD tenant, so users can sign into services and apps connected to the domain with existing credentials (from Azure AD). Used for legacy apps that don’t support modern auth methods or when directory lookups shouldn’t go back to an on-premises ADDS environment.

A one-way synchronization from Azure AD to AADDS is performed, and Connect can be added to synchronize to the managed domain.

Question 18

Azure External Identities

Answer 18

An external identity can be a person, device, or service, that is outside an organisation. The user’s identity provider manages the identity, and you manage the access to your apps with Azure AD.

External Identities is made up of
- B2B collaboration (represent users’ identites as guest users)
- B2B direct connect (a mutual, two-way trust with another Azure AD organisation)
- Azure AD B2C

These can be combined.

Question 19

Azure Conditional Access

Answer 19

A tool used by Azure AD to allow/deny access to resources based on identity signals:
- who the user is
- where the user is
- which device a request comes from

Provides a MFA experience, e.g. if a user is at a known location, no second authentication factor is needed, but if it’s unknown it’s needed.

Question 20

Azure Role-Based Access Control (RBAC)

Answer 20

Lets you give permissions by assigning roles instead of managing permissions for every single user. A role describes common access for resources.

Applies to scopes, which include
- A managed group
- A single subscription
- A resource group
- A single resource

Question 21

Pricing calculator

Answer 21

A calculator that gives estimated costs for provisioning resources, like compute, storage, and associated network costs in Azure.

Question 22

TCO calculator

Answer 22

Compares costs for running an on-premises infrastructure compared to an Azure cloud one.

Question 23

Azure Cost Management Tool

Answer 23

Gives the ability to check resource costs, create alerts based on resource spend, and create budgets used for automation of resource management.

Cost analysis is a subset of cost management, which provides different visuals for costs, like billing cycles, region, resource etc.

Cost alerts are alerts that are triggered by certain criteria, like budget, credit, or department spending quota.

A budget is a set spending limit, based on subscription, resource group, service type etc. When a budget is set, budget alerts are set as well.

Question 24

Tags

Answer 24

Used for organizing resources, and is useful for:
- Resource management: enables to locate and act on resources associated with workloads etc
- Cost management: group resources to report on costs, allocate internal cost centers, track budgets, forecast estimated cost
- Operational management: group resources according to how critical their availability is to the business
- Security: classify data by security level
- Governance and regulatory compliance: identify resources that align with compliance requirements
- Workload optimization and automation: visualize resources that participate in complex deployments

Question 25

Azure Blueprints

Answer 25

Works as a template for cloud subscriptions and environment deployments to configure settings and policies.

A blueprint component is called an artifact , and can be a role or policy assignment, an ARM template, or resource group.

Question 26

Azure Policy

Answer 26

A service for creating, assigning, and managing policies that control or audit resources.

Policies enforce different rules across the resource configurations, so they stay compliant with corporate standards.

Initiatives av groups of related policies. Azure policy evaluates resources and highlights those that aren’t compliant with the policies, and can also prevent non-compliant resources to be created.

Policies can be set at each level, i.e. specific resources, resource groups, subscription etc, and are inherited.

Storage, networking, compute, security center, and monitoring comes with built-in policy and initiative definitions.

Question 27

Resource locks

Answer 27

Prevents resources from being accidentally deleted or changed. There are two types: Delete (prevents deleting) and ReadOnly (prevents changing and deleting).

Question 28

Microsoft Service Trust Portal

Answer 28

A portal that provides access to various content, tools, and other resources about Microsoft security, privacy, and compliance practices.

Question 29

Azure Arc

Answer 29

Uses ARM to simplify governance and management by delivering a consistent multi-cloud and on-premises management platform.

Used to
- Manage entire environments together by projecting existing non-Azure into ARM
- Manage multi-cloud and hybrid VMs, Kubernetes clusters, and databases as if running in Azure
- enable Azure services and management capabilities, regardless of where they are
- Using traditional ITOps while introducing DevOps practices to support new cloud and native patterns
- Configure custom locations as an abstraction layer on top of Azure Arc-enabled Kubernetes clusters and cluster extensions

Supports the following resource types outside of Azure:
- Servers
- Kubernetes clusters
- Azure data services
- SQL Server
VMs (preview)

Question 30

ARM & Azure ARM Templates

Answer 30

ARM is the deployment and management service for Azure, used for creating, updating, and deleting resources.

Uses declarative templates rather than scripts (using JSON)

ARM Templates are so called “infrastructure as code”, where

Question 31

Azure Advisor

Answer 31

Evaluates and makes recommendations to help improve reliability, security, and performance, achieve operational excellence, and reduce costs.

Question 32

Azure Service Health

Answer 32

Keeps track of resources, both deployed and overall of Azure, by combining
- Azure Status (global status)
- Service Health (view of service and regions in use)
- Resource Health (tailored view of ones actual resources)