Describe Azure Architecture and Services Flashcards
Describe Azure regions, regional pairs, and sovereign regions
Region: A region is a geographical area on the planet that contains at least one, but potentially multiple datacenters that are nearby and networked together with a low-latency network.
Regional pair: Pair of Azure Regions within the same geograpical area (ie US, Europe Asia) atleast 300 miles away. In the event of a region wide outage, a failover will occur to the secondary region.
Sovereign Region: instances of Azure that are isolated from the main instance of Azure. You may need to use a sovereign region for compliance or legal purposes.
Describe availability zones
Consists of physically separate datacenters within an Azure region. Each availability zone is made up of one or more datacenters equipped with independent power, cooling, and networking. If one zone goes down, the other continues working. Availability zones are connected through high-speed, private fiber-optic networks.
Describe Azure datacenters
Facilities with resources arranged in racks, with dedicated power, cooling, and networking infrastructure.
Describe Azure resources
Resources Include (VSVASF):
Virtual Machines
Storage Accounts
Virtual Networks
App Services
SQL Databases
Functions
Describe Resource Groups
A container to manage and aggregate resources in a single unit.
Resources can only exist in one resource group
Resources can exist in different regions.
Resources can be moved to different resource groups
Applications can utilize multiple resource groups
Describe subscriptions
Provides authenticated and authorized access to Azure accounts.
Describe management groups
Management groups can include multiple subscriptions. Subscriptions inherit conditions applied to the management groups.
Ie: three different subscriptions: dev, test, and production. These can be placed in the the management group level to apply the same policies to all subscriptions. Note that each account can have multiple management groups
Describe the hierarchy of resource groups, subscriptions, resources, and management groups
Management groups contain subscriptions
Subscriptions contain resource groups
Resource groups contain resources
What are the five different Azure compute services?
VACAA
Virtual machines
App Services
Container instances
Azure Kubernetes Services
Azure Virtual Desktop
Describe VM options- Azure Virtual Machines
Software emulations of physical computers. An IaaS offering. Includes: virtual processor, memory, storage, networking.
Describe resources required for virtual machines
Virtual machines required processing power, memory, and storage.
Describe the Web Apps feature of Azure App Service
Web Apps-App Service includes full support for hosting web apps by using ASP.NET, ASP.NET Core, Java, Ruby, Node.js, PHP, or Python. You can choose either Windows or Linux as the host operating system.
Describe Azure virtual subnets
A subnet is a range of IP addresses in the virtual network. You can divide a virtual network into multiple subnets for organization and security
Define public and private endpoints
Public endpoints have a public IP address and can be accessed from anywhere in the world.
Private endpoints exist within a virtual network and have a private IP address from within the address space of that virtual network.
Compare Azure storage services
CDA
Container services (blob, PaaS) - Unstructured data: photos, audio files, pdfs, etc. Used for hosting images for public website
Disk storage: IaaS. Fast and easy to use. Only tied to one virtual machine
Azure Files: Similar to file share in on premises environment. Allows sharing of files over a network. Only those who have access to encryption key can access. SMB protocol will only be associated with Azure Files
Describe storage tiers
HCA
Hot - For storing data that is accessed frequently (most expensive)
Cool - For storing data that is used infrequently and accessed and stored for at least 30 days
Archive - optimized for data that is rarely accessed and is stored for at least 180 days (least expensive)
Describe storage redundancy options
LRS - locally redundant storage - single datacenter in primary region
ZRS - zone redundant storage - Three availability zones in primary region
GRS - geo redundant storage - single datacenter in primary and secondary region
GZRS - geo redundant storage - three availability zones in primary region and single data center in secondary region
What are the storage account types?
SPPP
Standard general-purpose v2
Premium block blobs3
Premium file shares3
Premium page blobs
Identify options for moving files: AzCopy
Command line utility. Can copy blobs or files from your storage account. One direction synchonization.
Describe migration options, including Azure Migrate and Azure Data Box
Azure Migrate: A single portal to start, run, and track your migration to Azure.
Azure Data Box: A physical data storage box. Allows to send data into azure in a fast, safe, reliable way. Can import/export data into azure. Order through azure portal.
Describe directory services in Azure: Azure Active Directory (Azure AD)
Cloud-based identity and mobile device management that provides user account and authentication services for resources such as Microsoft 365, the Azure portal, or SaaS applications.
Describe authentication methods in Azure, including single sign-on (SSO), multifactor
authentication, and passwordless
SSO: Authentication method. Enables users to securely authenticate multiple applications/websites. Uses user name/pass. Allows admins to use single set of credentials
Multifactor authentication: Requres two or more elements for full authentication: Something you know (ie a password) something you possesses ( ie a cell phone or device) or something you are (ie facial recognition, like Windows Hello),
Passwordless: You can also allow your employee’s phone to become a passwordless authentication method. You may already be using the Authenticator app as a convenient multi-factor authentication option in addition to a password. You can also use the Authenticator App as a passwordless option.
Describe external identities and guest access in Azure
External B2B (business to business): Identity and access management for partners, vendors, suppliers, and other collaborators.
External B2C (Business to customer): Identity and access management for your customer-facing apps
Describe Azure AD Conditional Access
Used to bring signals together to make decisions and enforce organizational policies. Signals can include:
The user and user location
Device being used
Any Real Time Risks
The application being used.
If- then statement. Example: If Denis is in Asia, then require multifactor authentication.