Concepts Flashcards
All service interaction goes through this centralized management layer
Azure Resource Manager (ARM)
A single organization instance of Azure AD is associated with this level of the Azure resource hierarcy
Tenant
These optional group components of the Azure hierarchy can be used to group multiple subscriptions
Management Groups
This billing an access isolation boundary also has it’s own billing agreement
Subscription
This component of the Azure management hierarchy is used to collate resources that have the same purpose or lifecycle
Resource Groups
This manages the “who” of Azure IAM, managing Azure identities
Azure Active Directory
This controls the “can do what” in Azure, providing fine grained access control to Azure resources
Azure Role-Based Access Control
The general term referring to a user, service, or other authenticated identity in Azure
Security Principle
These are a collection of permissions that can be assigned to security principles to grant or deny access
Roles
Two components of logs in Azure Monitor
Activity: who created what when?
OS Logs
Two components (stores) of Azure Monitor
Logs
Metrics
Azure VM capability that consistent replicates a VM in one AZ to another
Availability Set
Azure Compute configuration that cna scale up and down copies of a virtual machine
Scale aet
Azure equivalent of VPC
Virtual Network (VNET)
Can VNETS span regions?
No
Azure’s all purpose storage solution providing 5 main types of options
Storage Accounts
The level in the hierarchy where Storage Accounts live
Within Resource Groups
Object store in Azure
Blob storage
Network file share in Azure
Files
EBS in Azure
Disks
Messaging Services in Storage Accounts
Queues
Temporary NoSQL service available in Storage Accounts
Tables…gradually moving this to Cosmos DB
Command line interface with persistent storage available in Azure mobile app, Azure console, and web browser
Azure Cloud Shell
Similar to AWS Cli, enables easier automation
Azure CLI
Enable Azure management through familiar Powershell interface
Azure Powershell
The two runtimes available within cloud shell
Bash
Powershell
Two or more data centers fiber connected but independently powered
Region
Newer regions are likely to have fewer of these
Available services
Paired Region
Each region in Azure is paired with another in the same geographical region, except Brazil South
Benefits of a paired region
Outage failover - you can failover to a region pair of yours is down
Planned updated - only one region in a pair is upgraded at a time
Replication - Certain services provide automatic data replication
Minimum number of AZs in a region
3
Zonal vs Zone Redunant services
Azure availability zones-enabled services are designed to provide the right level of resiliency and flexibility. They can be configured in two ways. They can be either zone redundant, with automatic replication across zones, or zonal, with instances pinned to a specific zone. You can also combine these approaches.
How many resource groups can an Azure resource be in at a time?
1
Can resources from different regions be in the same resource group?
Yes
Why do you have to select a region for a resource group?
The resource group has metadata and management stuff that needs to live somewhere.
Resource group deletion
When a resource group is removed or deleted, all of the resources within it are deleted with it. You can remove resource groups at any time. To delete a resource group, you need access to the delete action. You also need delete for all resources in the resource group. If you have the required access, but the delete request fails, it may be because there’s a lock on the resources or resource group. Even if you didn’t manually lock a resource group, it may have been automatically locked by a related service. Or, the deletion can fail if the resources are connected to resources in other resource groups that aren’t being deleted. For example, you can’t delete a virtual network with subnets that are still in use by a virtual machine.
