Describe Core Azure Services Flashcards
On demand computing service for running cloud-based applications. It provides disks, processors, memory, networking, and operating systems.
Examples include: • Azure Virtual Machines • Azure Container Instances • Azure App Service Azure Functions (or serverless computing)
Azure Compute
Azure Virtual Machines
Software emulations of physical computers. They include a virtual processor, memory, storage, and networking resources.
They host an operating system and allow you to run software just like a physical computer.
Total control over the operating system (OS).
The ability to run custom software.
To use custom hosting configurations.
You can select preconfigured images for Azure VM’s.
IAAS
An Azure compute resource that you can use to deploy and manage a set of identical VMs. As demand goes up, more VM instances can be added. As demand goes down, VM instances can be removed. The process can be manual, automated, or a combination of both.
Virtual Machine Scale Sets
Lightweight, virtualized application environments. They’re designed to be quickly created, scaled out, and stopped dynamically. You can run multiple instances of an application on a single host machine.
Containers
Quickly build, deploy, and scale enterprise-grade web, mobile, and API apps running on any platform.
An HTTP-based service for hosting web applications, REST APIs, and mobile back ends.
PaaS
Azure App Service
An event driver, compute-on-demand experience that extends the existing Azure application platform.. TRIGGERED BY EVENTS.
They’re commonly used when you need to perform work in response to an event (often via a REST request), timer, or message from another Azure service, and when that work can be completed quickly, within seconds or less.
Azure Functions
Enable large-scale parallel and high-performance computing (HPC) batch jobs with the ability to scale to tens, hundreds, or thousands of VMs.
When you’re ready to run a job, Batch does the following:
Starts a pool of compute VMs for you. Installs applications and staging data. Runs jobs with as many tasks as you have. Identifies failures. Requeues work. Scales down the pool as work completes.
Azure Batch
App Service that includes full support for hosting web apps by using ASP.NET, ASP.NET Core, Java, Ruby, Node.js, PHP, or Python. You can choose either Windows or Linux as the host operating system.
App Services: Web apps
Much like hosting a website, you can build REST-based web APIs by using your choice of language and framework. You get full Swagger support and the ability to package and publish your API in Azure Marketplace. The produced apps can be consumed from any HTTP- or HTTPS-based client.
App Services: API Apps
You can use this feature to run a program (.exe, Java, PHP, Python, or Node.js) or script (.cmd, .bat, PowerShell, or Bash) in the same context as a web app, API app, or mobile app. They can be scheduled or run by a trigger. Often used to run background jobs as part of the application logic.
App Services: WebJobs
Use this App Service to quickly build a back end for iOS and Android apps. With just a few clicks in the Azure portal, you can:
Store mobile app data in a cloud-based SQL database.
Authenticate customers against common social providers, such as MSA, Google, Twitter, and Facebook.
Send push notifications.
Execute custom back-end logic in C# or Node.js.
App Services: Mobile apps
Virtualize the operating system.
Docker is the most popular azure container.
Containerized apps are smaller in size.
Container cluster orchestration
Containers
Runs Docker containers on-demand in a managed, serverless Azure environment.
The fastest and simplest way to run a container in Azure without having to manage any virtual machines or adopt any additional services. Allows you to upload your containers, and runs them for you.
PAAS
Azure Container Instances
Azure handles critical tasks like health monitoring and maintenance for you. A complete orchestration service for containers with distributed architectures and large volumes of containers.
Combines container management automation with an API to create cloud native application management.
It is made up of “cluster nodes” and can move work between the nodes.
It also can manage networking across plugins.
Azure Kubernetes Service
Break solutions into smaller, independent pieces. I.e. split a website into a container hosting your front end, another hosting your back end, and a third for storage. This split allows you to separate portions of your app into logical sections that can be maintained, scaled, or updated independently.
Microservice Architecture
Simplify an application architecture by focusing on creating smaller, more manageable, autonomous, and independently deployed web services that address a single business domain or capability.
Microservices
The platform manages the reservation of servers. You deploy your code and it runs with high availability.
High Availability
Scalable
Only Pay for what you use
Azure Functions and Azure Logic Apps are two examples
Abstraction of servers/
Serverless Computing
Payment structure for serverless computing where you pay only for the time their code runs.
Micro-billing
A form of serverless compute that can execute code in almost any modern language.
Commonly used when you need to perform work in response to an event (often via a REST request), timer, or message from another Azure service, and when that work can be completed quickly, within seconds or less.
Azure Functions
A cloud service that helps you schedule, automate, and orchestrate tasks, business processes, and workflows. You can choose from a gallery of hundreds of pre-build connectors for MSFT and 3rd party services.
A form of serverless compute designed in a web-based designer that can execute logic triggered by Azure services without writing any code. Execute workflows to automate business scenarios and are build from predefined logic blocks.
Azure Logic Apps
A logical representation of your network in Azure. Contains one or more subnets.
Provide the following key networking capabilities:
Isolation and segmentation Internet communications Communicate between Azure resources Communicate with on-premises resources Route network traffic Filter network traffic Connect virtual networks
Azure Virtual Networks (VNET)
Azure VPN Gateway
A virtual network gateway that sends encrypted traffic between an Azure VNET and an on-premise location over the internet.
- Connect on-premises datacenters to virtual networks through a site-to-site connection.
- Connect individual devices to virtual networks through a point-to-site connection.
- Connect virtual networks to other virtual networks through a network-to-network connection.
Azure ExpressRoute
Lets you extend your on-premises networks into the Microsoft cloud over a private connection with the help of a connectivity provider.
Azure Storage
a service that you can use to store files, messages, tables, and other types of information.
Azure Disk Storage
Provides disks for Azure virtual machines. Applications and other services can access and use these disks as needed, similar to how they would in on-premises scenarios. This storage type allows data to be persistently stored and accessed from an attached virtual hard disk.
Azure Blob Storage
An object storage solution for the cloud. It can store massive amounts of data, such as text or binary data. It is unstructured, meaning that there are no restrictions on the kinds of data it can hold. It can manage thousands of simultaneous uploads, massive amounts of video data, constantly growing log files, and can be reached from anywhere with an internet connection.
Azure File Storage
Fully managed file shares in the cloud that are accessible via the industry standard Server Message Block and Network File System (preview) protocols. Typical usage scenarios would be to share files anywhere in the world, diagnostic data, or application data sharing. Commonly used with linux.
Blob Access Tiers, Azure storage tiers
Hot
Cool
Archive
Azure Cosmos DB
A fully managed NoSQL database in the cloud. a globally distributed, multi-model database service. At the lowest level, Azure Cosmos DB stores data in atom-record-sequence (ARS) format. The data is then abstracted and projected as an API, which you specify when you’re creating your database. Your choices include SQL, MongoDB, Cassandra, Tables, and Gremlin.
A relational database based on the latest stable version of the Microsoft SQL Server database engine. You can use it to build data-driven applications and websites in the programming language of your choice, without needing to manage infrastructure. It handles most of the database management functions, such as upgrading, patching, backups, and monitoring, without user involvement.
Azure SQL Database
LAMP stack
Linux
Apache
MySQL
PHP
stack usually on premises?
A relational database service in the cloud, based on the MySQL Community Edition database engine, versions 5.6, 5.7, and 8.0. Built-in security, fault tolerance, and data protection that you would otherwise have to buy or design, build, and manage.
Azure Database for MySQL
A relational database service in the cloud. The server software is based on the community version of the open-source PostgreSQL database engine.
Available in Single Server or Hyperscale
Azure Database for PostgreSQL
a scalable cloud data service that provides the broadest SQL Server database engine compatibility with all the benefits of a fully managed platform as a service.
Azure SQL Managed Instance
Difference between Azure SQL managed instance and Azure SQL database
The same collation characters are not used for both.
An integrated analytics service that accelerates time to insight across data warehouses and big data systems.
Azure Synapse Analytics
A cloud distribution of Hadoop components that makes it easy, fast, and cost effective to process massice amouts of data. Run popular open-source frameworks and create cluster types such as Apache Spark, Apache Hadoop, Apache Kafka, Apache HBase, Apache Storm, and Machine Learning Services. Supports a broad range of scenarios such as extraction, transformation, and loading (ETL), data warehousing, machine learning, and IoT.
Azure HDInsight
A data analytics platform optimized for the Microsoft Azure cloud services platform. For developing DATA INTENSIVE applications. You can set up your Apache Spark environment in minutes, and then autoscale and collaborate on shared projects in an interactive workspace. Azure Databricks supports Python, Scala, R, Java, and SQL, as well as data science frameworks and libraries including TensorFlow, PyTorch, and scikit-learn.
Azure Databricks
A technology that enables big data analytics and artificial intelligence. A place to store, organize, and analyze large volumes of different types of data from diverse sources.
Azure Data Lake Analytics
a managed service that’s hosted in the cloud and that acts as a central message hub for bi-directional communication between your IoT application and the devices it manages.
Azure IOT Hub
builds on top of IoT Hub by adding a dashboard that allows you to connect, monitor, and manage your IoT devices.
Azure IOT Central
creates an end-to-end, highly secure IoT solution for customers that encompasses everything from the hardware and operating system on the device to the secure method of sending messages from the device to the message hub. Most secure IoT solution.
Azure Sphere
create a virtual agent to interact with humans by using natural language. Integrates knowledge sources, natural language processing, and form factors to allow interaction across different channels.
Azure Bot Service
watches your users’ actions within an application. You can use Personalizer to predict their behavior and provide relevant experiences as it identifies usage patterns. Here again, you could capture and store user behavior and create your own custom Azure Machine Learning solution to do these things, but this approach would require much effort and expense.
Azure Cognitive Services Personalizer
a cloud based environment you can use to train, deploy, automate, manage, and track machine learning models.
Azure Machine Learning
A suite of services that address every stage of the software development lifecycle. Best for enterprise development. more granularity for permissions than GitHub, better project management.
Azure DevOps Services
is a centralized source-code repository where software development, DevOps engineering, and documentation professionals can publish their code for review and collaboration.
Azure Repos
is an agile project management suite that includes Kanban boards, reporting, and tracking ideas and work from high-level epics to work items and issues.
Azure Boards
a CI/CD pipeline automation tool. (continuous integration/continuous delivery)
Azure Pipelines
A repository for hosting artifacts, such as compiled source code, which can be fed into testing or deployment pipeline steps.
Azure Artifacts
An automated test tool that can be used in a CI/CD pipeline to ensure quality before a software release.
Azure Test Plans
arguably the world’s most popular code repository for open-source software. Best for open source development.
GitHub
self-service sandbox environment to quickly create dev/test. an automated means of managing the process of building, setting up, and tearing down virtual machines (VMs) that contain builds of your software projects. This way, developers and testers can perform tests across a variety of environments and builds. And this capability isn’t limited to VMs. Anything you can deploy in Azure via an ARM template can be provisioned
Azure DevTest Labs
a web-based user interface, you can access virtually every feature of Azure.
Azure Portal
mobile app provides iOS and Android access to your Azure resources when you’re away from your computer. With it, you can:
Monitor the health and status of your Azure resources.
Check for alerts, quickly diagnose and fix issues, and restart a web app or virtual machine (VM).
Run the Azure CLI or Azure PowerShell commands to manage your Azure resources.
Azure mobile App
A shell with which developers and DevOps and IT professionals can execute commands called cmdlets (pronounced command-lets). These commands call the Azure Rest API to perform every possible management task in Azure. Cmdlets can be executed independently or combined into a script file and executed together to orchestrate:
The routine setup, teardown, and maintenance of a single resource or multiple connected resources.
The deployment of an entire infrastructure, which might contain dozens or hundreds of resources, from imperative code.
Azure PowerShell
A shell with which developers and DevOps and IT professionals can execute commands called cmdlets (pronounced command-lets). These commands call the Azure Rest API to perform every possible management task in Azure. Cmdlets can be executed independently or combined into a script file and executed together to orchestrate:
The routine setup, teardown, and maintenance of a single resource or multiple connected resources.
The deployment of an entire infrastructure, which might contain dozens or hundreds of resources, from imperative code. Best for one-off, administrative tasks.
Azure PowerShell
A JSON file that defines the infrastructure and configuration for your project. templates use declarative syntax and are idempotent which means you can deploy many times and get same resources and state.
define your application’s infrastructure requirements for a repeatable deployment that is done in a consistent manner. before any code is executed, ensures that the resources will be created and connected correctly. The template then orchestrates the creation of those resources in parallel. That is, if you need 50 instances of the same resource, all 50 instances are created at the same time.
Infrastructure-as-code
ARM Templates (Azure Resource Manager)
command-line interface is an executable program with which commands can be executed in Bash (bourne again shell). The commands call the Azure Rest API to perform every possible management task in Azure. You can run the commands independently or combined into a script and executed together for the routine setup, teardown, and maintenance of a single resource or an entire environment.
In many respects, the Azure CLI is almost identical to Azure PowerShell in what you can do with it. Both run on Windows, Linux, and Mac, and can be accessed in a web browser via Cloud Shell. The primary difference is the syntax you use. If you’re already proficient in PowerShell or Bash, you can use the tool you prefer.
Best for Linux background devs.
Azure CLI (command line interface)
recommendations on your existing resources.
when you’re looking for an analysis of your deployed resources, analyzes the configuration and usage of your resources and provides suggestions on how to optimize for reliability, security, performance, costs, and operations based on experts’ best practices.
Advise on best practices for your deployed resources.
Azure Advisor
monitors existing resources.
A service that collects monitoring telemetry from a variety of resources. Management tools like azure security center push log data to azure monitor.
Azure Monitor
Notifies you about Azure service incidents and planned maintenance so you can take action to mitigate downtime.
Azure Service Health
Azure’s unified infrastructure security management system that strengthens the security posture of your data centers. Provides security guidance around Azure services. Includes Secure score.
Azure Security Center
(SIEM - Security Information and Event Management). Microsoft’s SIEM system that aggregates security data from many different sources (as long as those sources support an open-standard logging format). It also provides capabilities for threat detection and response. And Microsoft’s security orchestration automated response (SOAR) solution.
Azure Sentinel
a centralized cloud service for storing an application’s secrets in a single, central location. It provides secure access to sensitive information by providing access control and logging capabilities.
Azure Key Vault
Some organizations must follow regulatory compliance that requires them to be the only customer using the physical machine that hosts their virtual machines. ___________ provides dedicated physical servers to host your Azure VMs for Windows and Linux.
Azure Dedicated Host
______________ is Microsoft’s cloud-based identity and access management service. It simplifies authentication for developers by providing identity as a service. It supports industry-standard protocols such as OAuth 2.0 and OpenID Connect.
When a company or organization signs up to use Azure, M365, Intune, Dynamics 365, they are assigned a default directory, an instance of ______________. This directory holds the users and groups that will have access to each of the services the company has purchased. This default directory can be referred to as a tenant. A tenant represents the organization and the default directory assigned to it.
Azure Active Directory
A billing entity and security boundary for a tenant.
Azure subscription
Connect Active Directory to Azure AD
Azure AD Connect
built-in roles that describe common access rules for cloud resources. You can also define your own roles. Each role has an associated set of access permissions that relate to that role. When you assign individuals or groups to one or more roles, they receive all of the associated access permissions. (Role Based Access Control)
Azure RBAC
The industry-standard protocol for authorization. It provides specific authorization flows for web, desktop, and mobile applications. This specification was primarily designed to enable users to authorize an application to access data in another application.
OAuth 2.0
An authentication layer that’s built on top of OAuth 2.0. It includes identity verification methods that are missing from OAuth 2.0. It gives you an access token plus an ID token, which you can send to an application to prove your identity.
OpenID Connect
advanced detection and remediation of identity-based risks to protect your Azure AD identities and applications.
Azure AD Identity Protection
a managed, cloud-based network security service that helps protect resources in your Azure virtual networks. A fully stateful firewall as a service.
It’s a fundamental building block for your private network that enables virtual machines and other compute resources to securely communicate with each other, the internet, and on-premises networks.
Azure Firewall
A distributed denial of service attack attempts to overwhelm and exhaust an application’s resources, making the application slow or unresponsive to legitimate users. DDoS attacks can target any resource that’s publicly reachable through the internet, including websites.
Standard- offers more reporting
Basic - included by default
Azure DDoS Protection
Contains security rules that allow or deny inbound or outbound network traffic. Can contain multiple inbound and outbound security rules that enable you to filter traffic to and from resources by source and destination IP address, port, and protocol. Can be applied to a subnet or network adapter.
Network Security Groups
the process of establishing the identity of a person or service that wants to access a resource. It involves the act of challenging a party for legitimate credentials and provides the basis for creating a security principal for identity and access control. It establishes whether the user is who they say they are.
Authentication
the process of establishing what level of access a person or service has. It specifies what data they’re allowed to access and what they can do with it.
Authorization
prevents resources from being accidentally deleted or changed
Resource Lock
The definition of the conditions which you want to control/gorvern
Azure Policy
A way of grouping related azure policies into one set. The initiative definition contains all of the policy definitions to help track your compliance state for a larger goal.
Azure Policy Initiatives
Instead of having to configure features like Azure Policy for each new subscription, with _____________ you can define a repeatable set of governance tools and standard Azure resources that your organization requires. In this way, development teams can rapidly build and deploy new environments with the knowledge that they’re building within organizational compliance with a set of built-in components that speed the development and deployment phases.
Azure (policy) Blueprints
provides you with proven guidance to help with your cloud adoption journey. helps you create and implement the business and technology strategies needed to succeed in the cloud.
Cloud Adoption Framework
explains what personal data Microsoft collects, how Microsoft uses it, and for what purposes.
Microsoft privacy statement
is a legal agreement between Microsoft and the customer that details the obligations by both parties with respect to the processing and security of customer data and personal data applying specifically to Microsoft’s online services that you license through a subscription, including Azure, Dynamics 365, Office 365, and Bing Maps.
Online Service Terms
Defines the data processing and security terms for online services. These terms include:
Compliance with laws.
Disclosure of processed data.
Data Security, which includes security practices and policies, data encryption, data access, customer responsibilities, and compliance with auditing.
Data transfer, retention, and deletion.
Data Protection Addendum/Amendment
showcases Microsoft’s principles for maintaining data integrity in the cloud and how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services.
Trust Center
is a separate instance of the Microsoft Azure service. It addresses the security and compliance needs of US federal agencies, state and local governments, and their solution providers. offers physical isolation from non-US government deployments and provides screened US personnel.
Azure Government
A physically separated instance of cloud services located in China, independently operated and transacted by a Chinese company.
Azure China 21Vianet
to see how the cost of running on Azure compares to what you pay today. used for MIGRATING
TCO Calculator (total cost of ownership)
What types of Azure subscriptions can I use?
Free trial
pay-as-you-go
Member offers
How do I purchase Azure services?
Through an Enterprise Agreement
Directly from the web
Through a Cloud Solution Provider
What factors affect cost?
Resource Type Usage Subscription type Region Tier Support options
offers discounted prices on certain Azure services. can save you up to 72 percent as compared to pay-as-you-go prices. To receive a discount, you reserve services and resources by paying in advance. Typically 1 year or 3 years.
Reserved Instances / Azure reservations
You can access preview features that are specific to the Azure portal
Microsoft Azure Preview
provides information about the latest updates to Azure products, services, and features, as well as product roadmaps and announcements.
Azure Updates
Virtual Machines are an example of this service
PaaS
SQL is an example of this service
IaaS
MIcrosoft 365 is an example of this service
SaaS
automatically grow and shrink based on app demand
Elasticity
The ability to react quickly to changes in demand without manual intervention
Agility
The ability to do thins more efficiently or at a lower cost per unit when operating at a larger scale
Economies of Scale
spending of money on physical infrastructure up front
CapEx
spending money on services or products now and being billed as you go
OpEx
pay for what you use
Consumption based model
ability of a system to handle power network failures
Fault Tolerance
ability to keep service up and running for long periods of time
High availability
ability to recover from an event that has taken down a cloud service
Disaster recovery
Unique physical locations within a region with independent power, network, and cooling. Comprised of one or more datacenters. Tolerant to datacenter failures via redundancy and isolation
Availability Zones
container that holds the resources that are related to an azure solution. Used to group resources that share a common lifecycle.
Resource Groups
provide a level of scope above subscriptions.
Each directory is given a single top level management group called the Root
Management Groups
A discrete market that contains two or more regions, that preserves data residency and compliance boundaries
Azure Geography
A set of datacenters deployed within a geographical area i.e. Geographies have several Regions. Example: US East
Azure Regions
The relationship between two azure regions for disaster recovery, must have about 300 miles between
Azure Region Pairs
A logical container used to provision resources in Azure. used in order to use different payment methods. To isolate resources between departments and projects.
Subscription
A desktop and app virtualization service that runs in microsoft azure.
Windows Virtual Desktop
COnnect two or more virtual networks in azure
VNET Peering
A service that stores structure NoSQL data in Azure, including a schemaless key/attribute store.
Table Storage
A service for storing large numbers of messages, accessible form anywhere via authenticated HTTP or HTTPS calls
Queue Storage
catalog of certified apps and services, simplifies billing with a singel bill for all microsoft and third party service.s
Azure Marketplace
Cloud-based services with REST APIs and client library software development kits (SDKs) available to help you build cognitive intelligence into your applications. Provides understanding in the followign areas: Vision, speech, language, decision, and search.
Cognitive services
Enables you to mange events across many different azure services and applications. PUSH model.
Event Grid
How are PaaS and Serverless different
PaaS gives more control over the deployment environment.
PaaS applications has to be configured to autoscale, serverless the app scales automatically.
PaaS application takes a while to spin up, serverless application code only executes when invoked.
a single platform for implementing DevOps, deploying code using the CI/CD framework, facilitating agile software development.
Azure DevOps
helps automate software development workflows within github.
Github actions
An interactive, authenticated, browser accessible shell for managing azure resources. includes Bash and Powershell.
Azure Cloud Shell
A layered approach that does not rely on one method to completely protect your environment.
Defense in-Depth
apply business policies or track costs on resources
tags
4 principles of trust
security, privacy, compliance, transparency
government, china, germany
Azure sovereign regions
enables youto more easily manage costs across predictable and variable workloads and help optimize budgeting and forecasting - applies to sql etc.
Reserved Capacity
let’s you use on-premise licensing with azure services
Hybrid use benefit
access UNUSED azure compute capacity at deep discounts - up to 90 percent compared to pay as you go. Applies to azure VM’s only. you set when your VM can be killed/not available.
Spot pricing
gices you pricing options before you deploy
Pricing calculator
AFTER YOU DEPLOY a suite of tools provided to help save costs on your workloads
azure cost management
service lifecycle
private preview, public preview (not available in all regions, but available to all customers in the regions where available), general availability
