Describe Azure Architecture & Services Flashcards
Region Definition
Multiple availability zones in close proximity geographically with low latency between them
Region Pairs
(def & 3 advantages)
region pairing within the same geography: replication of resources and fault tolerance redundancy
- outage backup
- minimizing downtime during updates
- same geography (tax & regulatory concerns)
- lowest latency between regions
Soverign Region
Exclusive public region region not available to everyone
ex. China, US gov, DoD
Availability Zones
physically seperate data centers within a region, designed for hardware fault tolerance
(independant power, cooling, networking)
Resource Group
(def & 3 rules)
- container to manage the reasources needed for an application to run
- rules:
- resource can only be aligned to one group
- can be moved across different regions
- application can have more than one resource group
- example resources:
- metering & billing
- policies
- monitoring & alerts
- quotas
- access control
Subscription
- whom the resources and resource group is billed to
- how you manage resource groups for billing
Management Groups
- organization of subscriptions
- set governance (access, policies, and compliance) and this level
Computing Services (6)
- Virtual Machine
- VM Scale Sets
- App Services (web app)
- Container Instances
- Kubernetes Services
- Windows Virtual Desktops
Virtual Machine Definition
Virtual Machine: emulation of a computer, running on a server in one or more datacenters.
VM Scale Sets Definition
availability set note as well
- 2+ virtual machines running exact same code
- autoscaling
- load balancer: manages traffic
availability set: stagger updates, varied network and power to prevent single point of failure
App Services Definition
- code without access to the hardware or compute (OS)
- application hosting
Azure Containers
2 types
- Container Instances: single instance
- Kubernetes: cluster of containers, needs a cluster of machines
for development, testing apps (PaaS)
Windows Virtual Desktop
- MS 365: windows in the cloud
Azure Functions
event driven, serverless computing
Azure Networking Services
(4)
- Virtual Networks
- VPN Gateway
- VNet Peering
- ExpressRoute
Virtual Private Network
- connect two networks as-if its the same network (home to office network)
- network gateway
ExpressRoute
connect your private network to azure (no data over public internet)
Subnet
subdivision of a virutal network with its own security rules
Azure DNS
Azure Domain System Name is hosting service for websites
Azure Storage Options
4 types
- Blob
- Disk
- File
- Queues
Blob Storage Types
2
- General Purpose: hanlde all types of data
- Data Lake Gen2 (block blob): data analytics
Blob Storage Tiers
3 types - 2 rules
- hot: frequent access
- cold: infequenty, but last at least 30 days
- archive: rarely accessed sotred for at least 180 days
rules:
1. only hot and cold can be set at account level
2. archive is set at the blob level
File Storage Definition
think share drive
Queue Storage
storage a large number of messages
Redundancy Options
5 types
- Local
- Geo
- Zone
- Geo-Zone
- Read Access Geo/Geo Zone
Local & Geo Redundancy
local: single datacenter (availability zone)
geo: single data center multiple regions
Zone and Geo-Zone Redundancy
zone: multiple datacenters (availability zones) within region
geo-zone: zone storage + single datacenter in 2nd region
read-access redundancies
(2 types)
read-access geo: read-access in 2nd region
read-access geo-zone: read-access version of geo-zone
standard vs. premium redendancy
standard: get all 4 types of storage redundancy
premium: only get local and zone, becuase premium is designed for low latency (data lake gen2, page, file,
Azure Migrate Tools
6 types
- discovery & assement: assess on prem
- server migration: VM migration
- migration assistane: used for SQL server
- database servies: on-prem databases (more general)
- web app assistant: website migration
- data box: large data migration, pyhsical devices (max 80 terabytes)
AzCopy Definition
command line utility to copy files from storage account
File Sync Definition
bi-directional syncing of local server data to Azure
definition of identity within Azure
what 3 things can identity refer to
- person
- applications
- devices
Azure Active Directory (AAD) Model
what are the authentication steps
- credentials to aad (identity provider in the visual)
- signed token back to user
- signed token then goes to server
- aad sends a tust, key to server for verification
Azure Activite Directory Domain Services
(AAD DS)
stores centralized directory information and lets users and domains communicate
Azure External Identities
- allows you to securely interact with users outside of your organizations
- examples: consumer facing apps, corporate identity on social media
Azure Conditional Access
defintion and conditions
only allow access to resources based on conditions (signals)
1. user location
2. device being used
3. who is the user
Zero Trust Model
what does it require - 3 principles
requires authentication to each resource or from any device
three principals:
1. verify explicitly
2. least privilege access
3. assume breach
