Fundamentals Module 2 Flashcards
Core architectural component groups
- physical infrastructure
- management infrastructure
Datacenter
facilities with resources arranged in racks, with dedicated power, cooling, and networking infrastructure.
NB: individual datacenters aren’t directly accessible
Regions
- a geographical area on the planet that contains at least one, but potentially multiple data centers that are nearby and networked together with a low-latency network.
- minimum of three separate availability zones are present in all availability zone-enabled regions
Availability Zones
- physically separate data centres within an Azure region
- each availability zone is made up of one or more data centres equipped with independent power, cooling, and networking
- connected through high-speed, private fiber-optic networks.
NB not all Azure Regions currently support availability zones.
Azure services that support availability zones fall into three categories:
- Zonal services: You pin the resource to a specific zone (for example, VMs, managed disks, IP addresses).
- Zone-redundant services: The platform replicates automatically across zones (for example, zone-redundant storage, SQL Database).
- Non-regional services: Services are always available from Azure geographies and are resilient to zone-wide outages as well as region-wide outages.
Region pairs
- Most Azure regions are paired with another region within the same geography (such as US, Europe, or Asia) at least 300 miles away
- if a region in a pair was affected by a natural disaster, services would automatically fail over to the other region in its region pair.
Advantages of regional pairs
1.Pair of regions are a) directly connected b) far enough apart to be isolated from regional disasters => provide reliable services and data redundancy.
- If an extensive Azure outage occurs, one region out of every pair is prioritized to make sure at least one is restored as quickly as possible for applications hosted in that region pair.
- Planned Azure updates are rolled out to paired regions one region at a time => minimize downtime and risk of application outage.
- Data continues to reside within the same geography as its pair (except for Brazil South) for tax- and law-enforcement jurisdiction purposes.
Sovereign Regions
instances of Azure that are isolated from the main instance of Azure.
May need to use a sovereign region for compliance or legal purposes.
Azure resource
basic building block of Azure, anything you create, provision, deploy
Examples: Virtual Machines (VMs), virtual networks, databases, cognitive services
Resource groups
- groupings of resources
- every resource needs to be placed into a resource group
- a resource group can contain many resources, a single resource can only be in one resource group at a time
- resource groups can’t be nested
Azure subscriptions
- subscriptions are a unit of management, billing, and scale
- a subscription provides authenticated and authorized access to Azure products and services
- It allows to provision resources
- An Azure subscription links to an Azure account, which is an identity in Azure Active Directory (Azure AD) or in a directory that Azure AD trusts
- In a multi-subscription account, you can use the subscriptions to configure different billing models and apply different access-management policies
Types of subscription boundaries
- Billing boundary
- Access control boundary
Billing boundary
- how an Azure account is billed for using Azure
- Azure generates separate billing reports and invoices for each subscription so that you can organize and manage costs.
Access control boundary
- Azure applies access-management policies at the subscription level
Subscriptions use cases
create additional subscriptions to separate:
- Environments (dev / test) resource AC is at the subscription level
- Organizational structures (IT, marketing)
- Billing: osts are first aggregated at the subscription level, you might want to create subscriptions to manage and track costs based on your needs. i.e. one subscription for your production workloads and another subscription for your development and testing workloads
Azure management groups
- organize subscriptions into containers called management groups and apply governance conditions to the management groups
- management groups can be nested.
- A management group tree can support up to six levels of depth. This limit doesn’t include the root level or the subscription level.
- Each management group and subscription can support only one parent.
Hierarchy
- resource
- resource group
- subscription (highest level to lock)
- management group
Virtual machine scale sets
- let you create and manage a group of identical, load-balanced VMs
- allow you to centrally manage, configure, and update a large number of VMs in minutes
- the number of VM instances can automatically increase or decrease in response to demand, or you can set it to scale based on a defined schedule
- Virtual machine scale sets also automatically deploy a load balancer to make sure that your resources are being used efficiently
Virtual machine availability sets
- designed to ensure that VMs stagger updates and have varied power and network connectivity, preventing you from losing all your VMs with a single network or power failure.
- Availability sets do this by grouping VMs in two ways: update domain and fault domain.
Update domain
- VMs that can be rebooted at the same time
- Update group going through the update process is given a 30-minute time to recover before maintenance on the next update domain starts
Fault domain
- groups your VMs by common power source and network switch
- an availability set will split your VMs across up to three fault domains
VM use cases
- During testing and development
- When running applications in the cloud
- When extending your datacenter to the cloud
- During disaster recovery (while primary datacenter is not available)
- Move to the cloud with VMs
VM Resources
- Size (purpose, number of processor cores, and amount of RAM)
- Storage disks (hard disk drives, solid state drives, etc.)
- Networking (virtual network, public IP address, and port configuration)
Azure Virtual Desktop
- is a desktop and application virtualization service that runs on the cloud. It enables you to use a cloud-hosted version of Windows from any location
- With Azure Virtual Desktop, the data and apps are separated from the local hardware.
- The actual desktop and apps are running in the cloud, meaning the risk of confidential data being left on a personal device is reduced
- user sessions are isolated in both single and multi-session environments.