Cloud Architecture Terminologies Flashcards
What are the five aspects of cloud architecture terminology
A, S, E, F, D
- Availability
- Scalability
- Elasticity
- Fault Tolerance
- Disaster Recovery
_________: Your ability to ensure a service remains available.
Availability
_____: Your ability to grow or shrink rapidly or unimpeded
Scalability
The ability to automatically shrink and grow to meet demand
Elasticity
The ability to prevent a failure
Fault Tolerance
The ability to recover from a failure
Disaster Recovery
What is a fundamental aspect of high availability?
No single point of failure
Types of Scalability
V, H
- Vertical scaling
2. Horizontal scaling
What is it when you add more capacity (more or bigger processors, more or faster storage) to existing infrastucture?
Vertical Scaling (scaling up)
What is it when you add more of the same infrastructure (e.g. more servers)?
Horizontal Scaling (scaling out)
Removing more servers of the same size
Scaling in
Adding more servers of the same size
Scaling out
What is an example of horizontal scaling on Azure?
Using Azure VM Scale Sets - automatically increase or decrease in response to demand or a defined schedule
A physical server wholly used by a single customer
Dedicated server
Five considerations to having a dedicated server
GUOCS
- You have to guess your capacity
- Upgrading will be slow and expensive
- Limited by your operating system
- Multiple apps can result in conflicts in resource sharing
- You have a guarantee to security and privacy and full utilization of underlying resources.
This allows you to run multiple ____________ on one machine
Virtual Machines, or VMs
Software layer that lets you run VMs
Hypervisor
Five considerations to using a VM
MCOOA
- Physical server is used by multiple customers
- You pay for a fraction of the server
- You overpay for underutilized VM capacity
- Limited by the guest operating system you chose
- Multiple apps on a single VM can conflict with each other.
You can run multiple _____ within a VM
Containers
Software layer that allows you to run multiple containers
Docker daemon
_________ are known as Serverless Compute
Functions
Four aspects of functions
C, P, CS
- You upload a piece of code and choose the amount of memory and duration
- Only responsible for code and data, nothing else
- Only pay for when the code is running, VMs only run when there is code to be executed
- Cold Starts are a side effect
This is a grouping of multiple data centers
Region
Number of Azure regions
58 regions in 140 countries
A discreet market of two or more regions that preserves data residency and compliance boundaries
Geography
The five Azure geographies
U, G, C, B, M
- United States
- Azure Government
- Canada
- Brazil
- Mexico
Each region is _____ with another region 300 miles away
Paired
This is done with paired regions to ensure no outages
Only one region is updated at a time
Some services use paired regions for this
Disaster recovery
Some services use paired regions for this
Disaster recovery
Azure has these to meet compliance or legal reasons
Specialized regions
Name four specialized regions
D, GV, GI, T
- US DoD Central
- US Gov Virginia
- US Gov Iowa
- Three undisclosed regions
Physical location made up of one or more datacenters
Availability Zone
A region will generally have this many Availability Zones
Three
____ regions do not have support for availability zones
Alternate or other
An availabilty zone in a region has a combination of these two domains
(F, U)
- Fault
2. Update
Logical grouping of hardware to avoid a single point of failure in an AZ
Fault Domain
_____ domains ensure your resources do not go offline, domains are updated one at a time.
Update domain
Logical grouping of VMs that are different fault/update domains to avoid downtime
Availabilty Sets
Name six Azure compute services
V, C, K, S, F, B
- Virtual Machines
- Container Services
- Kubernetes Services
- Service Fabric
- Functions
- Azure batch
Most common type of compute service
Virtual Machine
Run ______ apps on Azure without provisioning servers or VMs
Azure Container Services
Easy to deploy, manage and scale containerized applications
Azure Kubernetes Service (AKS)
Easy to package, deploy and manage scalable and reliable microservices
Azure Service Fabric
Event-driven, serverless ______ run code with provisioning or managing servers
Azure Functions
plans, manages and schedules your ______ processes across 100+ jobs in parallel
Azure Batch Service
Name eight storage services
B, D, F, Q, T, DB, A, DL
- Blob
- Disk
- File
- Queue
- Table
- Data Box
- Archive
- Data Lake
Store very large sized and volume of unstructured files
Blob Storage
Virtual volume, you can choose SSD or HDD
Disk Storage
shared volume you can access like a file server, eg SMB
Azure File Storage
Data store for reliably delivering messages between application
Azure Queue Storage
A NOSQL data store that stores unstructured data without schema
Azure Table Store
Briefcase computer designed to move terabytes or petabytes of storage
Azure Data Box
Storage that allows you to store any volume or structured or unstructured data
Azure Data Lake
Azure Database Services
C, S, M, SV, S, DM, R, T
- Cosmos DB
- SQL Server
- MySQL/Postgres/Maria
- SQL Server on VMs
- Synapse
- Database Migration Service
- Cache Redis
- Table Service
Fully managed NOSQL database designed for scale
Cosmos DB
fully managed datawarehouse
Synapse
Migrates database to the cloud
Azure Database Migration Service
frequently used and static data for low latency
Redis
Azure Application Integration Services
N, A, SB, SA, L, AM, Q
- Azure Notifications Hub
- API Apps
- Service Bus
- Stream Analytics
- Logic Apps
- API Management
- Queue Storage
Sends push notifications to any platform from any back end
Azure Notifications Hub
Quickly build and consume APIs in the cloud. Routes APIs to Azure Services
Azure API Apps
Reliable cloud messaging as a service (MaaS) and simple hybrid integration
Azure Service Bus
Serverless, real-time analytics from the cloud to the edge
Azure Stream Analytics
Schedule, automate and orchestrate tasks, business processes and workflows. Integration with enterprise SaaS and enterprise applications
Azure Logic Apps
Hybrid, multi-cloud management platform for APIs across all environments
Azure API Management
data store for queuing and reliably delivering messages between applications
Azure Queue Storage
Developer and Mobile Tools
SS, AS, VS, X
- SignalR Service
- App Service
- Visual Studio
- Xamarin
Real-time messaging service (like Pusher)
Azure SignalR Service
Service for deploying and scaling web applications with .NET, node.js, java, python and PHP (like Heroku)
Azure App Service
IDE designed for creating apps for Azure
Visual Studio
Mobile app framework
Xamarin
Azure DevOps Services
B, P, R, TP, A, DL
- Boards
- Pipeline
- Repos
- Test Plans
- Artifacts
- DevTest Labs
Deliver value to your users using proven agile tools to plan, track and discuss work
Azure Boards
Build, test and deploy with CI/CD that works with any language, platform, and cloud. Connects to github or any other git provider
Azure Pipelines
Unlimited, cloud-hosted git repos and collaborate to build better code with pull requests and advanced file management.
Azure Repos
Test and ship too
Azure Test Plans
Create, host and share packages with team and add artifacts to CI/CD pipeline
Azure Artifacts
Dev test environments
Azure DevTest Labs
Allows you to programmatically create Azure resources via JSON template
Azure Resource Manager
library of pre-made ARM templates provided by the community and partners to launch new projects for a variety of stack scenarios
Azure Quickstart
logically isolated section of the Azure Network where you launch your Azure resources. You choose a range of IPs using CIDR Range
Virtual Network (vNet).
range of IP addresses used in a virtual network
CIDR range
subnets need to have a CIDR range ________ than the vNet to represent their portion
smaller
___ subnet can reach the Internet
Public
_____ subnet cannot reach the Internet
Private
Cloud-native Networking Services
D, VN, LB, AG, NSG
- DNS
- vNet
- Load Balancer
- Application Gateway
- Network Security Groups.
provides DNS responses and high domain availability
Azure DNS
logical isolated section of the Azure network for customers to launch Azure resources
Azure Virtual Network
OSI Level 4 load balancer
Azure Load Balancer
OSI Level 7 load balancer can apply a web application firewall
Azure Application Gateway
virtual firewall at the subnet level
Network Security Groups
Enterprise/Hybrid Networking Services
FD, ER, VW, C, VNG
- Front Door
- Express Route
- Virtual WAN
- Connection
- Virtual Network Gateway
scalable and secure entry point for fast delivery of your global applications
Azure Front Door
connection between your on-premise to Azure cloud
Azure Express Route
networking service for networking, security and routing
Virtual WAN
VPN connection securely connection two Azure local network via IPsec
Azure Connection
site-to-site VPN connection between an Azure virtual network and your local network
Virtual Network Gateway
operates at the DNS layer to direct incoming DNS requests based on the routing method of your choice
Azure Traffic Manager
allows you to host your domains names on Azure
Azure DNS
evenly distributes incoming network traffic across a group of backed resources or servers
Azure Load Balancer
Two configurations for Azure Load Balancer
Public and private
allows you to group together identical VMs and automatically increase or decrease the amount of servers
Scale sets
types of scenarios you set up scale sets
C, S
- change in CPU, memory, disk and network performance
2. predefined schedule
network of internet connected objects able to collect and exchange data
IoT Services
lot Services
C, H, E
- IoT Central
- IoT Hub
- IoT Edge
connects your IoT devices to the cloud
IoT Central
Enables secured communication between IoT application and devices it manages
IoT Hub
Allows data processing and analysis nearest the IoT devices
IoT Edge
Big Data and Analytics Services
S, H, D, DLA
- Synapse
- HDInsight
- Databricks
- Data Lakes Analytics
runs SQL queries against large databases for reporting
Azure Synapse
analytics software for running Hadoop, Kafka and Spark
HDInsights
Spark-based analytics platform
Azure Databricks
On-demand analytics job service that simplifies big data
Data Lake Analytics
AI/ML Services
- Azure Machine Learning Service
2. Machine Learning Studio
service that allows you to run pipelines to automate ML workflows
Azure Machine Learning Service
Aspects of Serverless Services
E, A, M
- Event-driven scale
- Abstraction of servers
- micro billing
Serverless Services
F, B, L, E
- Functions
- Blob storage
- Logic Apps
- Event grid
run small amounts of code as serverless functions in several languages
Azure functions
Serverless object storage.
Blob Storage
build serverless workflows composed of Azure functions
Logic Apps
pub/sub messaging system to allow you to react to events and trigger other cloud services
Event Grid
interactive, authenticated, browser-accessible shell for managing Azure resources
Azure Cloud shell
command line interface for managing Azure resources
Azure CLI
Microsoft Security Development Lifecycle
the SDL is a mandatory MS policy embedding security and privacy in software and culture
Azure Security Policies
AP evalulates resources in Azure by comparing the properties of those resources to business rules (Policy Definitions - described in JSON)
Azure Role-Based Access Control (RBAC)
U, G, SP
- User - individual with a profile in Azure AD
- Group - set of users in AAD
- Service Principal - security identity used by applications or services to access specific Azure resources
RBAC - Scope
set of resources that access for the Role Assignment applies to.
Management Group
- > Subscriptions
-> Resource groups
-> resources____ allows organizations to take advantage of Microsoft’s unused capacity with significant cost saving
Spot VMs
T/F: Spot VM offers high availability guarantees.
False
Spot VMs are great for …
workloads that can handle interruptions such as batch processing jobs, dev/test environments, large compute workloads, and more.
Which of the following help you save money by committing to one-year or three-year plans for multiple products?
Azure reservations
A 99.99% VM uptime SLA is offered when ?
two or more VMs are deployed across two or more Availability Zones within an Azure region.
a tool that helps in estimating cost savings resulting from migrating workloads to Azure.
Azure Total Cost Ownership (TCO) Calculator
business metrics to measure availability as part of an SLA agreement
Mean Time to Recover (MTTR) is the average time it takes to restore a component after a failure.
Mean Time Between Failures (MTBF) is how long a component can reasonably expect to last between outages.
is the maximum acceptable time an application is unavailable after an incident.
Recovery time objective (RTO)
is the maximum duration of data loss that’s acceptable during a disaster.
Recovery point objective (RPO)
PREVIEWS ARE PROVIDED
A, F, Av, S, W
“AS-IS,” “WITH ALL FAULTS,” AND “AS AVAILABLE,” AND ARE EXCLUDED FROM THE SERVICE LEVEL AGREEMENTS AND LIMITED WARRANTY
gives the tenant (that is, consumer or customer) maximum control over cloud resources.
IaaS
Advantages of a private clouds
F, S, S
More flexibility: An organization can customize its cloud environment to meet specific business needs.
Improved security: Resources are not shared with others, so higher levels of control and security are possible.
High scalability: Private clouds afford the same scalability and efficiency as a public cloud.
Reasons for using private cloud
government agencies, financial institutions, and other midsize to large organizations with business-critical operations seeking enhanced control over their environments.
PaaS features
SL, I, A
Software Licensing - avoid the expense and complexity normally associated with buying and managing software licenses.
Infrastructure - tenants do not need to manage underlying application infrastructure, middleware, container orchestrators (such as Kubernetes), development tools, and other resources.
Application/Service management - allows developers to focus on building and managing their own applications and services, while the cloud service provider typically manages everything else.
enables systems to continue operating properly in the event of failure or when there are faults within components.
Fault tolerance
__________ application has components running in both Azure and on premises.
A hybrid cloud
Azure has three cloud deployment models
Private cloud
Public cloud
Hybrid cloud
gives you the tools to plan for, analyze and reduce your spending to maximize your cloud investment.
Cost Management
is a service that assesses your organization’s current workloads in on-premises datacenters
Azure Migrate
allows you to mix and match different combinations of Azure services to see an estimate of the costs.
The Azure pricing calculator
is a service that, among other things, identifies virtual machines with low utilization from a CPU or network usage standpoint.
Azure Advisor
allow you to prepay for one-year or three-years of virtual machine or SQL Database compute capacity. Pre-paying will allow you to get a discount on the resources you use.
Azure Reservations
an analytical service that encompasses enterprise data warehousing and big data analytics.
Synapse
Azure Synapse has four components
T, Sp, P, St
Synapse SQL: Complete T-SQL–based analytics
SQL Pool
SQL On-demand
Spark: Deeply integrated Apache Spark
Synapse Pipelines: Hybrid data integration
Studio: Unified user experience
set of data centers deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network
Region
personalized cloud consultant that helps organizations follow best practices to optimize Azure deployments
Azure Advisor
used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet
VPN gateway
VPN gateways can be deployed in __________ for resiliency, scalability, and higher availability in virtual network gateways.
Azure Availability Zones
allows developers/administrators to run and test small pieces of code (called functions) without the worry of managing infrastructure.
Azure functions environment
solution for any scenario that can operate in isolated containers, including simple applications, task automation, and build jobs.
Azure Container Instances
scenarios where full container orchestration is needed, (such as service discovery across multiple containers, automatic scaling, and coordinated application upgrades),
Azure Kubernetes
container that holds related resources for an Azure solution. A resource group can include all the resources for a solution or only the resources to be managed as a group.
Resource group
makes it possible to extend on-premises networks to connect to Azure over a private connection with the help of a connectivity provider
ExpressRoute
enables teams of developers to proactively self-manage virtual machines (VMs) and PaaS resources without waiting for approvals.
Azure DevTest Labs
personalized cloud consultant that helps organizations follow best practices in optimizing their Azure deployments.
Azure Advisor
is an interactive, authenticated, browser-accessible shell for managing Azure resources.
Azure Cloud Shell
is a cloud service that helps schedule, automate, and orchestrate tasks, business processes, and workflows to integrate apps, data, systems, and services across enterprises or organizations.
Azure Logic Apps
simplifies how organizations design and build scalable solutions for app integration, data integration, system integration, enterprise application integration (EAI), and business-to-business (B2B) communication, whether in the cloud, on premises, or both.
Logic Apps
provides a management layer that enables the creation, updating, and deletion of resources in an Azure subscription, which helps to maintain consistency across environments and allows various level of security on groups as well as individual resources in the groups.
Azure Resource Manager (ARM)
Azure managed disks are currently available in four disk types:
Ultra Disk
Premium Solid-State Drive (SSD)
Standard SSD
Standard Hard Disk Drive (HDD)
service tier is a paid service and provides additional mitigation capabilities over the Basic service tier (which is free) that are tuned specifically to Azure virtual network resources.
The Azure Standard DDoS
is a collection of documentation, implementation guidance, best practices, and tools that from Microsoft that is designed to accelerate customer cloud adoption journeys.
The Cloud Adoption Framework
is a managed, full-spectrum, open-source analytics service in the cloud for enterprises.
Azure HDInsight
has several built-in roles that can be assigned to users, groups, service principals, and managed identities. Role assignments can be used to control access to Azure resources.
Azure role-based access control (Azure RBAC)
______________is a cloud platform built on the foundational principles of security, privacy and control, compliance, and transparency. ___________delivers a dedicated cloud that enables government agencies and their partners to transform mission-critical workloads to the cloud.
Azure Government
———- makes it is possible to designate limited administration roles for the purpose of managing identity tasks in less-privileged roles. Administrators can be assigned to manage users, assign administrative roles, reset user passwords, manage user licenses, and manage domain names.
Azure Active Directory (Azure AD),
enables Microsoft Azure applications and users to store and use several types of secret/key data,
Azure Key Vault
enables a cloud architect or a central information technology group to define a repeatable set of Azure resources that implements and adheres to the organization’s standards, patterns, and requirements.
Azure Blueprints
Provides customers and partners with easier access to regulatory compliance information.
Azure Trust Center
is a tool for bringing together signals, making decisions, and enforcing organizational policies.
Azure Conditional Access
is a managed, cloud-based network security service that protects Azure virtual network resources
Azure Firewall
are used to filter network traffic to and from Azure resources in an Azure virtual network (VNet). ________contains security rules that allow or deny inbound network traffic to or outbound network traffic from several types of Azure resources.
Azure network security groups (NSGs)
provides an integrated environment that is especially built for bot development.
Azure Bot Service
is the process of validating that someone is who he or she claims to be.
Authentication
