Fundamentals Module 3 Flashcards
Azure Advisor
evaluates your Azure resources and makes recommendations to help improve:
- reliability
- security
- performance
- achieve operational excellence
- reduce costs
Azure Advisor: category of recommendations
- Reliability is used to ensure and improve the continuity of your business-critical applications.
- Security is used to detect threats and vulnerabilities that might lead to security breaches.
- Performance is used to improve the speed of your applications.
- Operational Excellence is used to help you achieve process and workflow efficiency, resource manageability, and deployment best practices.
- Cost is used to optimize and reduce your overall Azure spending.
Azure Health Service
- a global cloud solution to help you manage your infrastructure needs, reach your customers, innovate, and adapt rapidly
- helps you keep track of Azure resource, both your specifically deployed resources and the overall status of Azure
Azure Service Health - important services
- Azure Status
- Service Health
- Resource Health
NB
1. gives you a complete view of your Azure environment
2. historical alerts are stored and accessible for later review
Azure Status
- a broad picture of the status of Azure globally
- informs you of service outages
- view of the health of all Azure services across all Azure region
Service Health
- focuses on the Azure services and regions you’re using
- the best place to look for service impacting communications about outages, planned maintenance activities, and other health advisories because the authenticated Service Health experience knows which services and resources you currently use.
- can set up Service Health alerts
Resource Health
- a tailored view of your actual Azure resources
- information about the health of your individual cloud resources, such as a specific virtual machine instance
- an also configure alerts to notify you of availability changes to your cloud resources.
Azure Monitor
- a platform for collecting data on your resources, analyzing that data, visualizing the information, and even acting on the results.
- can monitor Azure resources, your on-premises resources, and even multi-cloud resources like virtual machines hosted with a different cloud provider.
Azure Monitor: reaction to critical events
- alerts delivered to teams via SMS, email e.c.t.
- use thresholds to trigger autoscaling functionality
Azure Log Analytics
- the tool in the Azure portal where you’ll write and run log queries on the data gathered by Azure Monitor
Azure Monitor Alerts
- an automated way to stay informed when Azure Monitor detects a threshold being crossed. You set the alert conditions, the notification actions, and then Azure Monitor Alerts notifies when an alert is triggered
- epending on your configuration, Azure Monitor Alerts can also attempt corrective action.
Action group
- Azure Monitor Alerts use action groups to configure who to notify and what action to take
- a collection of notification and action preferences that you associate with one or multiple alerts
Application Insights
- monitor web applications that are running in Azure, on-premises, or in a different cloud environment.
- can also configure it to periodically send synthetic requests to your application, allowing you to check the status and monitor your application even during periods of low activity.
Ways to configure Application Insights
- install an SDK in your application
- use the Application Insights agent
Application Insights can monitor
- Request rates, response times, and failure rates
- Dependency rates, response times, and failure rates, to show whether external services are slowing down performance
- Page views and load performance reported by users’ browsers
- AJAX calls from web pages, including rates, response times, and failure rates
- User and session counts
- Performance counters from Windows or Linux server machines, such as CPU, memory, and network usage
Tools for managing Azure environment
- Azure portal
- Azure PowerShell
- Azure Command Line Interface (CLI)
The Azure portal
- maintains a presence in every Azure datacenter
- is designed for resiliency and continuous availability
- updates continuously and requires no downtime for maintenance activities.
Azure Cloud Shell
a browser-based shell tool that allows you to create, configure, and manage Azure resources using a shell
Azure Cloud Shell Features:
- It is a browser-based shell experience, with no local installation or configuration required
- It is authenticated to your Azure credentials
- supports both Azure PowerShell and the Azure CLI
Azure PowerShell
call the Azure REST API to perform management tasks in Azure
Azure Arc
In utilizing Azure Resource Manager (ARM), Arc lets you extend your Azure compliance and monitoring to your hybrid and multi-cloud configurations.
Azure Arc provides a centralized, unified way to:
- Manage your entire environment together by projecting your existing non-Azure resources into ARM.
- Manage multi-cloud and hybrid virtual machines, Kubernetes clusters, and databases as if they are running in Azure.
- Use familiar Azure services and management capabilities, regardless of where they live.
- Continue using traditional ITOps while introducing DevOps practices to support new cloud and native patterns in your environment.
- Configure custom locations as an abstraction layer on top of Azure Arc-enabled Kubernetes clusters and cluster extensio
What can Azure Arc do outside of Azure?
manage the following resource types hosted outside of Azure:
- Servers
- Kubernetes clusters
- Azure data services
- SQL Server
- Virtual machines (preview)
Azure Resource Manager (ARM)
- deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account
- When a user sends a request from any of the Azure tools, APIs, or SDKs, ARM receives the request. ARM authenticates and authorizes the request
Azure Resource Manager benefits
- Manage your infrastructure through declarative templates rather than scripts.
- Deploy, manage, and monitor all the resources for your solution as a group, rather than handling these resources individually.
- Re-deploy your solution throughout the development life-cycle and have confidence your resources are deployed in a consistent state.
- Define the dependencies between resources, so they’re deployed in the correct order.
- Apply access control to all services because RBAC is natively integrated into the management platform.
- Apply tags to resources to logically organize all the resources in your subscription.
- Clarify your organization’s billing by viewing costs for a group of resources that share the same tag.
Benefits of using ARM templates
- Declarative syntax
- Repeatable results
- Orchestration
- Modular files (next template)
- Extensibility (can add PowerShell or Bash scripts to your templates)
Bicep
is a language that uses declarative syntax to deploy Azure resources
benefits of Bicep over JSON
- Support for all resource types and API versions
- Simple syntax
- Repeatable results
- Orchestration (order of deployment)
- Modularity
Two components to implement a “infrastructure as code”
- Bicep
- ARM Templates
Microsoft Purview
a family of data governance, risk, and compliance solutions that helps you get a single, unified view into your data
With Microsoft Purview, you can stay up-to-date on your data landscape thanks to:
- Automated data discovery
- Sensitive data classification
- End-to-end data lineage
Two main solution areas comprise Microsoft Purview
- risk and compliance
- unified data governance
Microsoft Purview: risk and compliance solutions
by managing and monitoring your data, is able to help your organization:
- Protect sensitive data across clouds, apps, and devices.
- Identify data risks and manage regulatory compliance requirements.
- Get started with regulatory compliance.
Microsoft Purview: Unified data governance
robust, unified data governance solutions that help manage your on-premises, multicloud, and software as a service data
helps your organization:
1. Create an up-to-date map of your entire data estate that includes data classification and end-to-end lineage.
2. Identify where sensitive data is stored in your estate.
3. Create a secure environment for data consumers to find valuable data.
4. Generate insights about how your data is stored and used.
5. Manage access to the data in your estate securely and at scale.
Azure Policy
a service in Azure that enables you to create, assign, and manage policies that control or audit your resources.
evaluates your resources and highlights resources that aren’t compliant with the policies you’ve created
can be set at each level
Azure Policy initiatives
a way of grouping related policies together
Examples:
1. Monitor unencrypted SQL Database in Security Center
2. Monitor OS vulnerabilities in Security Center
3. Monitor missing Endpoint Protection in Security Center
Resource lock
- prevents resources from being accidentally deleted or changed
- can be applied to individual resources, resource groups, or even an entire subscription
- are inherited
Types of resource locks
- Delete means authorized users can still read and modify a resource, but they can’t delete the resource.
- ReadOnly means authorized users can read a resource, but they can’t delete or update the resource.
How to change a locked resource
- remove the lock
- apply any action you want
Service Trust portal
- provides access to various content, tools, and other resources about Microsoft security, privacy, and compliance practices.
- contains details about Microsoft’s implementation of controls and processes that protect our cloud services and the customer data therein
Factors that can affect costs in Azure
- Resource type (type, setting, region, access tier, redundancy settings)
- Consumption (also offers the ability to commit to using a set amount of cloud resources in advance and receiving discounts on those “reserved” resources => savings on reliable, consistent workloads)
- Maintenance
- Geography (cost of power, labor, taxes, and fees vary depending on the location)
- Subscription type
- Azure Marketplace
Azure Marketplace
lets you purchase Azure-based solutions and services from third-party vendors
may pay for not only the Azure services that you’re using, but also the services or expertise of the third-party vendor
Pricing calculator
give you an estimated cost for provisioning resources in Azure. You can get an estimate for individual resources, build out a solution, or use an example scenario to see an estimate of the Azure spend.
TCO calculator
help you compare the costs for running an on-premises infrastructure compared to an Azure Cloud infrastructure.
enter your current infrastructure configuration, including servers, databases, storage, and outbound network traffic.
enter your configuration, add in assumptions like power and IT labor costs
Cost Management
provides the ability to
- quickly check Azure resource costs
- create alerts based on resource spend
- create budgets that can be used to automate management of resources.
- cost saving options
Cost alerts
provide a single location to quickly check on all of the different alert types that may show up in the Cost Management service.
Cost alert types
- Budget alerts
- Credit alerts
- Department spending quota alerts.
Budget alerts
notify you when spending, based on usage or cost, reaches or exceeds the amount defined in the alert condition of the budget.
can view all cost alerts in the Azure portal
Cost Management budgets are created using
- Azure portal (cost)
- Azure Consumption API (cost & consumption)
Budgets
- A budget is where you set a spending limit for Azure.
- can set budgets based on a subscription, resource group, service type, or other criteria.
Resource tags
another way to organize resources. that provide extra information, or metadata, about your resources (subscriptions, resource groups)
Managing resource tags
- can use Azure Policy to enforce tagging rules and conventions
- Resources don’t inherit tags from subscriptions and resource groups, - can create custom tagging schemas
- Not all resources support tags
SLAs Table
- 99% - 7h 18m 17s per month
- 99.5% - 3h 39m 8s per month
- 99.9% - 43m 49s per month
- 99.95% - 21m 54s per month
- 99.99% - 4m 22s per month
- 99.999% - 26s per month
TCO Calculator Input
- Current infrastructure configuration
- Power cost
- IT labor cost
- ## Geo-redundand storage
When you cancel an Azure subscription:
- A resource lock doesn’t block the subscription cancellation.
- Azure preserves your resources by deactivating them instead of immediately deleting them.
- Azure only deletes your resources permanently after a waiting period.
Cost saving options
- Spot instance pricing - use unused capacity in the data center
- Hybrid use benefits model (use your existing licences )
- B-series VMs (lowest quality)
- Reservations (reserved instances)
Price calculator: factors
- Region
- Tarif
- Abrechnungsoptionen
- Support options
- Price for Azure Dev/Test
Azure preview type
- Private (available to some customers)
- Public
What is the maximum number of virtual network rules and IP network rules allowed per storage account in Azure?
150