Core Azure Architectural Components

Question 1

Explain the concept of regions

Answer 1

Microsoft broken up the world in 60+ regions.

When you want to deploy a virtual machine you have to choose a regions where the servers exist.

Not every regions are available to everyone because some have certain restrictions. Ex: The Chinese version of Azure is run by a Chinese company so it isn’t available for the general public. The Government regions only give access to the government members and the government members can only use the government specific ones.

Question 2

What are region pairs

Answer 2

Regions have pairs. Almost always in the same geography because of storage laws.

The data connection between regions is the highest speed available.

The most logical place to put your backups would be in the paired region because is highest speed, lowest latency, prioritization in terms of bringing them back online.
If multiple regions go down, one region of each pair is treated as a priority.

Question 3

What are Availability Zones

Answer 3

Within the regions sometimes you have the availability to deploy to individual availability zones.

Ex: Canada has 3 availability zones. You can pick the individual availability zones to deploy your resources to.

An availability zone because when you use them you are increasing the availability of your application. Each availability zone is separated from each other, running on its own power, heating, cooling and running on its own network. Typically availability zones are buildings on the same property, perhaps, but physically separated and running on their own individual.

Question 4

What is a resource group

Answer 4

Folder structure or an organizational structure for resources.

Examples of resources you can create in an Azure account: virtual machines, storage accounts, databases, …

We can put these resource in resource groups, and logical group related things, like by project, by people, basically to organize the resources.

Above resource groups we have the concept of subscription and above that, management groups. So subscriptions group resource groups and management groups group subscriptions.

Question 5

What is a subscription

Answer 5

It’s a billing unit / the level of billing. When we sign up for azure we have to give them the information of the credit card and that creates a subscription.
All the resources created under that subscription get charged to that credit card. So every resource must be associated with a subscription.
You can create multiple subscriptions and have access to more than one subscription with different roles.
The same company can create different subscription for different departments, like human resources, marketing, … And at the top of those subscription we have an account, which can be a user and they have access to all subscriptions and may be the global administrator.

Question 6

What are management groups

Answer 6

You can apply different rules to different group level instead of having to go into each individual subscription and reapply the rule.
They can force policies that are forced on all of other management groups and subscriptions beneath it.

Question 7

What is Azure Resource Manager (ARM)

Answer 7

To interact with azure we can use the portal, we can do some type of command line which will affect resources, you can use Virtual Studio, API commands.

The Azure Resource Manager API can handle all resources in Azure, and then the resources themselves are the databases the VM, the app services and tables, …

Resources – Instance of some Azure services that you create that are yours to use. My VM is my instance of an Azure service.

Azure Resource Manager API controls your groups of resources.

Question 8

What are the Core resources available in Azure

Answer 8

• Compute services (ways how azure can execute programs, applications, …)
• Networking services (ways that applications can communicate with each other and the security around that)
• Storage services (files and data stored within a storage account format)
• Database services (like an organized storage account with tables, columns, collections, …)
• Azure Marketplace (find a lot of services including some not created by Microsoft)

Question 9

Compute services

Answer 9

Virtual Machines (VM), App services (Web apps), Azure Container Instances (ACI), Azure Kubernetes Service (AKS), Windows Virtual Desktop.

Compute – “executing code” in the cloud

Question 10

Virtual Machines explanation

Answer 10

IaaS; looks and acts like a real server but is one server divided in a lot a slices and you are using one or more of those slices and the other clients the rest; supports both Linux and Windows operating systems; you have full control over ir as if it was your machine; behaves like a physical machine.

Over 200 VM to choose from, based on the number of CPU cores, speed, RAM size, temporary disk size, IOPS (Input Output Operations per seconds) – lots of combinations of this cases to choose from.

Question 11

App services explanation

Answer 11

PaaS (taking your code, packaging it up, giving it to Azure and Azure runs it); ability to choose plan types and level but not the hardware capacities; promise of performance but no access to hardware.

Question 12

Containers explanation

Answer 12

Another paradigm to run code in the cloud; they contain everything an app needs to run in a “container image”; fast and easy to deploy; you can chose from very different options, two of them are the Azure Container Instance (ACI – single instance, quickest way to deploy a container) and Azure Kubernetes Services (AKS – runs on a cluster of servers, enterprise-grade).

Question 13

Windows Virtual Desktop explanation

Answer 13

Desktop version of Windows that runs in the cloud; your software installed, your files available from anywhere; can even see your desktop on iOS and Android or any web browser; runs on azure

Question 14

Networking Services Covered

Answer 14

• Virtual Networks (it’s the most basic level of network; emulating a physical network that you might have on your environment; is basically some settings and a database; you can configurate who can communicate with who)
• VPN Gateway (used to connect to networks together securely, its encrypted and can’t be spied upon and you can get access to the resources of that remote network)
• VNet Peering
• ExpressRoute (high-speed private connection to Azure; doesn’t run on the private internet)

Question 15

Types of networking services:

Answer 15

• Connectivity services (how application connect and communicate)
• Protection services (assure that only authorized people have the ability to communicate to your server, protecting attacks and denial of services, …)
• Delivery services (help deliver the resources to the end user without another server)
• Monitoring services

Question 16

Protection in network services

Answer 16

• DDos Protection (Denial of service attack protection) – direct malicious attacks
• Azure Firewall – device that protects a network; you can set firewall rules and allow certain traffic and block certain traffic coming through
• Network security group – very basic type of firewall; its what’s called an access control list and you got the rules, but they’re just static rules based on IP address. (Ex: its like a list to a club, if your name is on the list you get in if not you don’t get in)
• Private link – it’s a form of protection for a network

Question 17

Monitoringin network services

Answer 17

It’s important from your operation point of view that you’ll be able to watch traffic traveling over your Virtual Network and make adjustments based on your log and audit stuff, …

• Network Watcher
• ExpressRoute Monitor
• Azure Monitor

Question 18

Azure Storage Resources

Answer 18

One of the foundational technologies on which much is built. Resources in which we can store data on the storage account:

• Container (Blob) storage (Azure Storage Account and on a General Purpose v2 (most common type)there are 4 types of files that can be stored: blobs, tables, queues and files. If you need to store large amounts of data you can chose the Azure Data Lake Storage Gen2. Azure Storage account is the cheapest kind of storage you are going to get and you pay per GB (1.8 cents per GB)
• Disk Storage (pay for reservation; reserve capacity in advance; optimized to virtual hard disks)
• File Storage
• Storage Tiers

Question 19

Database Services: What are the five major database technologies within Azure:

Answer 19

Cosmos DB, Azure SQL Database, Azure Database for MySQL, Azure Database for PostgreSQL, SQL Managed Instance

Question 20

Cosmos DB

Answer 20

NoSqlStorage; extremely fast storage; for modern applications like videogames, social networks, …; it’s good for small pieces of data that need to be returned extremely fast, not so good for enterprise level; multi-modal (lot of options for the way the data is stored inside the database); supports many open-source APIs and protocols.

Question 21

Azure SQL Database

Answer 21

SQL server engine that runs on the cloud managed by Azure, it’s a relational database; database as a service; easy to replicate; easy to scale; easy to migrate from an existing app

Question 22

Azure Database for MySQL and Azure Database for PostgreSQL

Answer 22

Both: open-source DB; easy migration to the cloud;

Azure Database for MySQL: very used database; managed MySQL database; used by WordPress

Azure Database for PostgreSQL: managed by PostgreSQL database; good for bigger DB that require clusters and complex server setups;

Question 23

Azure Marketplace

Answer 23

To create the resources referred in the DEMOS above you need to use Azure Marketplace.

Where Microsoft and partners list the computing services available for your use and images created by other people.~

Nota (não é relacionada com o marketplace): Azure Files service offers fully managed cloud file shares that you can access from anywhere; Use case - storing development tools needed to be accessed from many virtual machines