Describe the core architectural components of Azure

Question 1

Regions

Answer 1

-Geographical area on the planet
-One but usually more datacenters connected with low-latency network (<2 milliseconds)
-Location for your services
-Some services are available only in certain regions
-Some services are global services, as such are not assigned/deployed in specific region
-Globally available with 50+ regions
-Special government regions (US DoD Central, US Gov Virginia, etc.)
-Special partnered regions (China East, China North)

Question 2

Region Pairs

Answer 2

-Each region is paired with another region making it a region-pair
-Region pairs are static and cannot be chosen
-Each pair resides within the same geography*
–Exception is Brazil South
-Physical isolation with at least 300 miles distance (when possible)
-Some services have platform-provided replication
-Planned updates across the pairs
-Data residency maintained for disaster recovery

Question 3

Sovereign Regions

Answer 3

Sovereign regions in Azure refer to specialized cloud regions that are designed to cater to the unique data residency and compliance requirements of specific governments and organizations, often on a national or regional level.

-These regions are isolated, physically and logically, from the global Azure infrastructure

-Azure Government
-Azure Government Secret
-Azure China

Question 4

Geographies

Answer 4

-Discrete market
-Typically contains two or more regions
-Ensures data residency, sovereignty, resiliency, and compliance requirements are met
-Fault tolerant to protect from region wide failures
-Broken up into areas: Americas, Europe, Asia Pacific, Middle East and Africa
-Each region belongs only to one Geography

Question 5

Availability Zones

Answer 5

Regional feature:
-Grouping of physically separate facilities
-Designed to protect from data center failures
-If zone goes down others continue working

Two service categories
-Zonal services (Virtual Machines, Disks, etc.)
-Zone-redundant services (SQL, Storage, etc.)

-Not all regions are supported
-Supported region has three or more zones
-A zone is one or more data centers

Question 6

Subnets

Answer 6

A subnet is a range of IP addresses in the virtual network. You can divide a virtual network into multiple subnets for organization and security.

You can also create a subnet without specifying an Availability Zone. In this case, resources within the subnet will be distributed across all available Availability Zones within the region by default. Azure handles the distribution for you.

Question 7

Azure Resource

Answer 7

-Object used to manage services in Azure
-Represents service lifecycle
-Saved as JSON definition

Question 8

Resource FACTS

Answer 8

-Each resource must be in one, and only one resource group
-Resource groups have their own location assigned
-Resources in the resource groups can reside in a different locations
-Resources can be moved between the resource groups
-Resource groups can’t be nested
-Organize based on your organization needs

Question 9

Resource Groups

Answer 9

-Grouping of resources
-Holds logically related resources

Typically organizing by:
-Type
-Lifecycle (app, environment)
-Department
-Billing,
-Location
-Combination of those

Question 10

Subscriptions

Answer 10

In Azure, subscriptions are a unit of management, billing, and scale. Similar to how resource groups are a way to logically organize resources, subscriptions allow you to logically organize your resource groups and facilitate billing.

There are two types of subscription boundaries that you can use:

-Billing boundary: This subscription type determines how an Azure account is billed for using Azure.
-Access control boundary: Azure applies access-management policies at the subscription level, and you can create separate subscriptions to reflect different organizational structures.

You might choose to create additional subscriptions to separate:

-Environments
-Organizational structures
-Billing

Question 11

Management Groups

Answer 11

-Provide a level of scope above subscriptions. You organize subscriptions into containers called management groups and apply governance conditions to the management groups.

-All subscriptions within a management group automatically inherit the conditions applied to the management group, the same way that resource groups inherit settings from subscriptions and resources inherit from resource groups.

-Management groups give you enterprise-grade management at a large scale, no matter what type of subscriptions you might have. Management groups can be nested.

Some examples of how you could use management groups might be:

-Create a hierarchy that applies a policy
-Provide user access to multiple subscriptions

Question 12

Azure Hierarchy

Answer 12

1- Management Groups
2- Subscriptions
3- Resource Groups
4- Resources