Main Flashcards
1
Q
What is cloud computing?
A
the practice of using a network of remote servers hosted on the Internet to store, manage and process data, rather than local server or a personal computer
2
Q
What is cloud hosting?
A
Multiple physical machines that act as one system. Benefits include flexibility, scalability, security, cost-effectiveness and configurability
3
Q
IaaS cloud services
A
- Compute (like VMS)
- Storage (Virtual HDDs/SDD)
- Networking (Virtual Network defining internet connections or networking isolation)
- Databases (ie. SQL DBS hosted elsewhere)
4
Q
Benefits of Cloud
A
- You only pay for what you use, pay as you go model is kept cheap by sharing costs with thousands of other customers using the same resources
- Launch workloads anywhere in the world
- Cloud provider takes care of physical security and deep configurability for other security
- data backup, disaster recovery, data replication and fault tolerance
- increase or decreases resources and services based on demand
- automate scaling during spikes and drop in demand
- software is patched, upgraded and replaced by cloud provider without disruption to you
5
Q
Types of Cloud Computing
A
- SaaS: product is run and managed by the service provider (gmail, salesforce etc) for customers
- PaaS Focus on the deployment and management of your apps. Don’t worry about provisioning, configuring or understanding hardware or OS for developers
- IaaS Basic building blocks for cloud IT. Provides access to networking features, computers and data storage space for Admins.
6
Q
What do you have to handle on-prem?
A
EVERYTHING
7
Q
What are you responsible for with IaaS and what is covered by CSP?
A
Apps,Data,Runtime,Middleware,OS
Not responsible: Virtualization,Servers,Storage,Networking
8
Q
What are you responsible for with PaaS and what is covered by CSP?
A
Apps,Data
Not responsible: Runtime,Middleware,OS,Servers,Storage,Networking
9
Q
What are you responsible for with SaaS and what is covered by CSP?
A
EVERYTHING COVERED BY CSP
10
Q
What is Capex (Capital Expenditure) vs Opex (Operational Expenditure)?
A
Capex: Spending money upfront on physical infrastructure and Deducting that expense from your tax bill over time i.e server costs, storage costs, network costs.
Have to guess what to spend upfront
Opex: Costs associated with an on-premises datacenter has shifted cost to service provider. Only concerned with non-physical costs. i.e Leasing software and customizing features, paying for cloud support and billing based on use time/amount used.
11
Q
Cloud Architecture Terms:
A
Availability - ability to ensure service remains available (High Availability/HA)
Scalability - ability to grow rapidly/unimpeded
Elasticity - ability to shrink and grow to meet demand
Fault Tolerance - ability to prevent failure
Disaster Recovery - ability to recover from failure (High Durability/DR)
12
Q
How is high availability possible?
A
By running workload redundantly through multiple servers across multiple availability zones (azure term for datacenter) your workload will not go down
13
Q
What is a load balancer?
A
Allows you too evenly distribute traffic to multiple servers in one or more datacenter. If a datacenter or server because unavailable the load balancer will route the traffic to only available datacenter with servers.
14
Q
How is high scalability possible?
A
Use vertical scaling/scaling up to upgrade to a more powerful server
Use horizontal scaling/scaling out to increase number of servers
15
Q
How is high elasticity possible?
A
Differs from scalability by being automatic and being able to decrease demand
By scaling horizontally inwards and outwards
Doesn’t make sense vertically because scaling down could lead to issues
16
Q
how is high durability possible?
A
Done by making sure backups are taken, backups can be restored easily, making sure live data isn’t corrupt
17
Q
What is a VM?
A
-Hypervisor is the software layers hat lets you use VMS
-Can run multiple VMs on one machine
-physical server is shared by multiple -customers which is why you only pay a fraction of the cost
-still will overpay for underutilizing it
18
Q
What is a container?
A
- Servers or VM can run multiple containers
- Unlike VM, rather than simulating a whole computer, containers emulate layers above the OS level
- Docker Deamon is the software layer that lets you run multiple containers
- Can share underlying OS between multiple containers or have them run different OS
19
Q
What are Functions?
A
- Managed VMs running managed containers
- Known as Serverless Compute
Upload a piece of code choose the amount of memory and duration - Only responsible for code and data, nothing else
- Very cost effective, only pay for the time code is running, VMS only run there is code to be executed
- Cold start (have to wait for server to be provisioned before running)
20
Q
What is a region and what is a Geography?
A
- A region is a grouping of multiple datacenters (Availability Zones)
- A Geography is a discreet market of two or more regions that preserves data residency (make data stay within country its being used in) and compliance boundaries
21
Q
What is a paired region?
A
A region that is paired with another region 300 miles away. This is done so that if your region has an outage, there is no disruption because the other region takes over.
I.e Azure Geo-redudant storage (GRS) replicates data to a second region automatically, ensuring data is durable even if primary region never recovered.
22
Q
What are the types of regions in azure?
A
Recommended region - A region that provides the broadcast range of service capabilities and is designed to support availability zones new, or in the future
Alternate (other) region - A region that extends Azure’s footprint within a data residency boundary where a recommended region also exists. Not designed to supports AZs. These regions are labelled as other in the azure portal.
23
Q
What are the 3 categories of services in Azure Cloud?
A
Foundational - When
Mainstream -
Specialized -
24
Q
What is an availability zone?
A
An availability zone (AZ is a physical location made up of one or more datacenters. a region generally contains 3 availability zones. A datacenter is just a building with a bunch of computers.
Is a combination of a fault domain and update domain
25
What is a fault domain?
A logical grouping of hardware to avoid a single point of failure within an AZ, group of virtual machines that share a common power source and network switch
26
What is an update Domain?
Azure may need to apply updates to the underlying hardware and software. Update domains ensure your resources do not go offline.
27
What is an availability set?
A logical grouping that you can use in Azure to ensure that the VMs you place in the availability Set are different fault/update domains to avoid downtime. This is done by targeting servers in different racks in the datacenter.
28
What are the types of Computing Services offered by Azure?
VM - shared hardware between customers but you chose your computer specs
Azure Container Instances - Docker as a Service. Run containerized apps on Azure without provisioning servers or VMs.
AKS - Kubernetes as a Service. Easy to deploy, manage and scale containerized app software
Azure Service Fabric - Tier 1 enterprise containers as a platform. Microservices (like containers)
Azure Functions - Event-driven server less compute (functions) run code without provisioning or managing servers.
Azure Batch - plans schedules and executes batch computer workloads across running 100+ jobs in parallel.
29
What are the type of storage services from Azure?
Azure Blob Storage - Object Serverless Storage. Store very large files and large amounts of unstructured files. Pay for what you store, unlimited storage no re-sizing volumes.
Azure Disk Storage - A virtual volume. Basically a hard drive in the cloud, choose between SSD or HDD. Attached to a VM.
Azure File Storage - A shared volume that you can access and manage like a file server. Useful for multiple VM's need the same information
Azure Queue Storage - Messaging Queue. A data integrator delivering messages between apps
Azure Table Storage - Wide Column No SQL Database
Azure Data Box/
Azure Archive Storage - Long term cold storage for hold onto files for years on the cheapest storage options.
30
What are the Azure Database Services?
Azure Cosmos DB - fully managed NoSQL databases. designed for scale with guarantee of 99.9% availability
Azure SQL database - fully managed SQL database with auto-scale, integral intelligence and robust security
Azure Database for MySQL/PSQL/MariaDB - Fully managed and scalable database type with hight availability and security
SQL Server on VMs - Host enterprise SQL Server apps in the cloud. Lift and shift from on premise to cloud.
Azure Synapse analysts - fully managed data warehouse with integral security at every level of scale at no extra cost
Azure DB mIgration service - Migraets your databases to the cloud with no application code changes
Azure Cache for Redis - Caches frequently used and static data to reduce data and application latency
31
What are the Application Integration Services?
Azure Notifications Hub - Pub/Sub Send push notifications to any platform from any backend
Azure API Apps - Api Gatewa Quickly build and consume APIs in the cloud. Route APIs to Azure Services
Azure Service Bus - Service Bus reliable cloud messaging as a service (MaaS) and simple hybrid integration
Azure Stream Analytics - Serverless real-time analytics, from the cloud to the edge
Azure Logic Apps - Schedule, automate and orchestrate tasks, business processes and workflows. Integrate with Enterprise SaaS and Enterprise Applications.
Azure API Management - Hybrid multi-cloud platform for APIs across all environments. Put this infront of existing API for extra functionality
32
What are the Developer and Mobile Tools in Azure?
Azure SignalR Service - Real-Time Messaging Easily add real-tie web functionality to applications
Azure App Service - Easy to use service for deploying and scaling web-apps, and not worry about the underlying infrastructure
Visual Studio (Microsoft Owned) - Code Editor IDE designed for Azure Dev
Xamarin - Mobile-App Framework to create native mobile apps with .NET and Azure
33
What are Azure DevOps Services?
Azure DevOps:
- Azure Boards - Kanabn deliver value to users using agile tools
- Azure Pipeline - Build, test and deploy with CI/CD that works with any language,platfomr and cloud. Connect to Github or other Git provider and deploy continously
- Azure Repos exactly like Github Repos
- Azure Test Plans - Manual and Explatory testing tools
- Azure Artificats - CI/CD pipelines with azure
- Azure DevTest Labs - Dev Test environment
34
What is IaC?
Using scripts to set up services. I.e script to set up VM
35
What is Azure Resource Manager (ARM)
Azure's IaC tool. Lets you programmatically create Azure resource via JSON template.
36
What are Azure Quickstart templates?
library of a pre-made ARM templates provided by community
37
What are VNets and Subnets?
A vNet (Virtual Network) is a logically isolated section of the Azure Network where you launch Azure resources. Choose a range of IPs using CIDR range.
CIDR Range of 10.0.0.0/16 = 65 536 IP Addresses
Subnets exists inside a VNet typicall.
Subnets = logical partition of an IP network into multiple smaller network segments. You are breaking up your IP range for VNet into smaller networks. Subnets need to have a smaller CIDR range than to the vNet represent their portion. i.e 10.0.0.0/24 = 256 IP Addresses
38
What is a public Subnet and Private Subnet?
Public = can reach the internet
Private = cannot reach the internet
39
What are the Cloud Native Networking Services (used solely with cloud)
Azure DNS - Provides ultra-fast DNS responses and high domain availability
Azure Virtual Network (vNet) - logical isolated section of the Azure network for customers to launch Azure resources within
Azure Load Balancer - OSI Level 4 (transport) Load Balancer
Azure Application Gateway OSI Level 7 (HTTP) Load Balancer, can apply a Web App Firewall
Network Security Groups - A virtual firewall at the subnet level
40
Enterprise/Hybrid Networking services (Integrating on premise with cloud)
Azure Front Door - Scalable and secure entry point for fast delivery of your global applications
***Azure Express Route - Connection between on premise to Azure cloud from 50 Mbps to 10 Gbps.
Virtual WAN - networking service that brings many networking, security and routing functionalities to one interface
Azure Connection - VPN connection securely connects 2 azure local network via IPsec
Virtual Network Gateway- site to site VPN connection between Azure virtual network and your local network
41
What is Azure traffic manager?
Operates at the DNS layer to quickly and efficiently direct incoming DNS requests based on the routing method of your choice
42
What is Azure DNS?
Allows you to host domain names on Azure. Can create DNS ones and manage DNS records
43
What is the Azure Load Balancer?
Used for evenly distributing incoming network traffic across group fo backend resources or servers
Operates on OSI Layer 4 (Transport)
44
Define public and private load balancers
Public: Route traffic from internet to public facing servers
Private: Route traffic from internal network to private facing servers
45
What are scale sets?
Allows one to group identical VMs and automatically increase/decrease amount of servers based on
- Change in CPU,memory,disk and network performance
-predefined schedule
46
What is the IOT (Internet of Things)?
A network of internet connected objects (usually hardware) that are able to collect/exchange data
- i.e Smart bulbs/fridges, security cameras, alexa etc etc
47
What are the IOT services in Azure?
IOT Central: Connects your IoT devices to cloud
IoT Hub: Enable secure and reliable communication between IoT app and managed devices
IoT Edge: fully managed service built on Azure IoT Hub. Allows data processing, analysis near the IoT devices. Edge computing is when you offload compute from cloud to local computing hardware like IoT devices, phones or home computers.
Windows 10 IOT Core Services: Cloud services subscription that provides essential services needed to commercialize service on Windows
48
What is Big Data?
Term to describe massive volumes of structured and instructed data that is so big it's tough to move and process with traditional software
49
What are the Azure Big Data Services?
Azure Synapse Analytics: Enterprise dat warehousing and Big Data analytics. Inteded to run SQL queries against large databases for things like reporting
HDInsight: Run open-source software like Hadoop, Kafka and Spark
Azure Databricks: Apache Spark-based analytics platform optimized for Azure cloud services platform with support for third parties
Data Lake Analytics: On demand analytics for job services that simplifies big data. A data lake is a storage repository that holds a vast amount of raw data in its native format until needed
50
What is AI?
Machines that perform jobs that mimic human behaviour
51
What is ML?
Machines get better at tasks without explicit programming
52
What is DL?
Machines that have an artificial neural network inspired by the human brain to solve complex problems
53
What is Azure Machine Learning Service?
Lets you simplify/automate Ai/ML workloads and build flexible pipelines using R, python etc.
54
What are the Serverless Services?
Server-less Definition: Underlying servers, infrastructure and OS is taken care of the CSP. Generally highly available scalable and cost-effective
Event Driven Scale: server less function can be triggered or trigger other events allowing you to compose complex apps and it just scales
Abstraction of Servers: Servers are abstracted away. Code is described as functions and function can be running on different compute instances
Micro Billing: Only bills for fractions of a second
55
What are the Serverless Services in Azure ?
Azure Functions: Run smalls amount of code knows as services functions in your favourite language: C#, Java, Javascript, Python and Powershell
Blob Storage: Serverless Object Storage. Just upload files don't think about underlying architectures
Logic Apps: Allows you to build serverless workflows composed of Azure Functions Building a state machine for serverless compute
Event Grid: Uses Pub/Sub messaging system to allow you to react to events and trigger other cloud services such as Azure Functions
56
What is PowerShell?
Task automating and config management framework. A command-line shell and a scripting language
57
What is the Azure CLI?
CLI stands for Command Line Interface
type "az" and then azure commands to create, update,delete,view and manage azure resources instead of using azure portal.
58
What is a resource group?
A container that holds related resources for an Azure solution
59
What Compliance Programs exist?
Criminal Justice Information Services (CJIS) - Any US state or local agency that wants to access the FBI's CJIS database is required to adhere to the CJIS Security Policy
Cloud Security Alliance (CSA) STAR Certifcation - Independent third-party assessment of a cloud provider's security posture
General Data Protection Regulation (GDPR) - European privacy law. Imposes rules on companies, government agencies etc etc and provides services to EU.
Health Insurance Portability and Accountability Act (HIPAA) - US federal law that regulates patient Protected Health info
ISO and IEC 27018 - Code of practice covering the processing of personal info by cloud service providers
SOC 1,2,3 - Independent third-party examination reports that demonstrate how the company achieved key compliance controls and objectives
NIST SCF - Voluntary Framework that consists of standard, guidelines and best practices to manage cyber security risks
60
What is Azure AD?
Microsoft's cloud-based identity and access management service, to help employees sign in and access resources
Includes things like SSO and accessing of internal and external resources
61
What are the 4 tiers of Azure AD?
free - MFA, SSO, Basic Security and Usage reports, user management
Office 365 Apps - Company Branding, SLA, Two-Sync between On-Premise and Cloud
Premium 1 - Hybrid Architecture, Advanced Group Access, Conditional Access
Premium 2 - Identity protection and governance
62
What is Azure Security Center?
Unified infrastructure security management system. Strengthens the security posture of your data centres, and provides advances threat protection across hybrid cloud workloads
63
What is Azure Key Vault?
Helps you safeguard crypto keys and other secrets used by cloud apps and services
Secrets management: store and tightly control access to tokens, passwords, certificates, API keys and other secrets
Key management: Create and control encrypt keys
Certificate Management: provision, manage and deploy public and private SSL certificates for use with Azure and internal connected resources
Hardware Security Module: secrets and keys protected by software or FIPS 140-2 level 2 validated HSMs
64
What is the differences between the 2 DDoS Plans?
Free vs 2994/month
Protection standard includes metrics, alerts, reporting, support and SLAs
65
What are the features of Azure Firewall?
Create, enforce and log app and net connectivity policies across subscriptions and vnets
use static public IP address for net resources allowing firewalls to identify traffic from the vnet
High availability built in, no need for extra load balancers
Can configure during deployment to span multiple AZs for increased availability
No additional cost for firewall in AZ zone
No data inbound/outbound costs
66
What is Azure Information Protection (AIP)?
Protects sensitive info such as emails and documents with encryption, restricted access and rights, and integrated security in Office apps
67
What is Azure App Gateway?
Web-traffic load balancer (Layer 7 HTTP) that re-route traffic based on a set of rules. a Web App Firewall (WAF) can be attached for additional protection on OSI Layer 7.
68
What is IDS/IPS?
Intrusion detection system and intrusion protection system. A device of software app that monitors a network or systems for malicious activity or policy violations
69
What is Azure Advances Threat Protection (ATP)?
Cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advances threats, compromised identities, and malicious insider actions directed at your org.
70
What is the Microsoft Security Development Lifecycle (SDL)?
A Microsoft wide initiativea nd mandatory policy since 04, DSL played critical role in embedding security and privacy in Microsoft software and culture.
71
What is an Azure Policy?
A service you can use to create, assign, and among policies. A policy allows you to enforce or control the properties of a resource.
Policy evaluates resources in Azure by comparing the properties of those resources to business rules defined in a JSON format (policy definitions).
72
What is Azure Role-Based Access Control?
Helps you manage who has access to Azure resources, what they can do with those resources and what areas they have access to.
73
What is a role assignment?
The way you control access to resources
Consists of:
1. security principals - represents identities requesting access to an Azure resource (user, group, service principal, managed principal)
2. role definition (list of operations that can be performed such as read, write, and delete. Owner, contributors, reader, user access admin)
3. scope (set of resources that access for the Role Assignment applies to)
74
What are lock resources?
locking of subscription, resource group or resource
Levels:
CanNotdelete (Delete) - users can read and modify but not delete
ReadOnly - cannot delete or update resource
75
What are Azure Management groups?
Way of managing multiple subscriptions (accounts) into a hierarchical structure
highest level of group is the root, all subscriptions within a group automatically interit conditions applied to the group
76
What is Azure Monitor?
Solution for collecting, analyzing and acting on telemetry form cloud and on premise
77
What is Azure Service Health?
Information current and upcoming issues i.e planned maintenance, service impacting events
1. Azure status - informs you of service outages
2. Azure service health - a personalized view of the health of the Azure services and regions you're using
3. Azure resource health - info about the health of your individual cloud resources
78
What is Azure Advisor?
Peronsalized cloud consultant to optimize Azure Deployments
Categories: high availability, security, performance, cost, operational excellence
79
What is an SLA?
describes azure's commitments for uptime and connectivity
SLA's are individualized per service
Uptime and connectivity are called performance targets (%)
80
What is a Service Credit?
Customers may have a discount applied to their Azure bill as compensation for under-performing Azure products or services based on the SLA
81
What is a composite SLA?
Actual SLA when combining all services
multiply SLA % for all services to get number
Fallback systems will improve overall SLA by saving a queue of transactions
82
What is the Total Cost of Ownership Calculator?
Estimate cost of savings by migrating workloads to Azure by generate out a detailed report
83
What are the 4 kinds of support?
Basic, Dev, Standard, Professional Direct
Dev upwards has third party software support, minimal business impact < 8 hours response
Standard upwards has moderate issue support (Sev B) < 4 hours on standard < 2 hours on professional direct
Dev-Standard comes with architecture General Guidance
Pro-direct comes with architecture, operations and Proactive guidance by ProDirect delivery managers
Pro-Direct has webinars from Azure Engineers as well
84
What is Azure Hybrid benefit (HUB)?
Allows companies to use existing windows licenses for Azure VMs (Windows servers and SQL servers)
85
What are the 4 tiers of Azure subscriptions?
Free - Credit card required, 200 USD, certain products free for 12 months
Pay as you go - credit card required, charged at the end of month based on consumed resources
Enterprise Agreement - An enterprise and Azure agree on discounted price for licenses and services
Student Subscription - no credit card, 100 USD for 12 months, requires students email
