Management and Governance

Question 1

Factors that affect cost in Azure

Answer 1

• Azure shifts development costs from CapEx to an OpEx, as customer rent the infrastructure they need
• This OpEx cost can be affected by:
  
  1. Resource Type: the type of resource, its settings and the Azure region all impact how much a resource costs.
  2. Consumption: pay-as-you-go. Consuming more in one billing cycle will cost more. Reserved capacity can lead to discounts.
  3. Maintenance: customer’s ability to maintain their cloud environment (e.g. shutting down resources not being used anymore)
  4. Geography: Azure resources differ based on location, due to the differing costs of running datacenters in different locations.
  5. Network Traffic: Inbound and outbound traffic moving between billing zones
  6. Subscription type: certain subscriptions include free allowances, such as trial subscriptions.
  7. Azure Marketplace: let’s customers purchase Azure-based solutions from 3rd party vendors. Pay for the resources but also the expertise of the 3rd party

Question 2

Pricing calculator vs TCO calculator

Answer 2

• Pricing calculator: designed to give customers an estimated cost for provisioning resources
• TCO calculator: helps customers compare the cost of running on-prem infra with their cloud setup

Question 3

Microsoft Cost Management

Answer 3

• Provides the ability to quickly check Azure resource costs, create alerts based on resource spend, and create budgets that can be used to automate management of resources

Question 4

Resource tags

Answer 4

Tags provide extra information, or metadata, about resources. They are useful for:
- Resource management - locate and act on resources that are associated with specific workloads, environments, business units and owners
- Cost management - group resources and report on costs, allocate to internal cost centers, track budgets etc.
- Operations management - group resources according to their criticality to the business. Helps for SLA formulation
- Security - classify data by its security level
- Governance & regulatory compliance - identify resources that align with governance or regulatory compliance requirements
- Workload optimisation/automation: visualise all of the resources that participate in complex deployments

Question 5

Microsoft Purview

Answer 5

• Family of data governance, risk and compliance solutions that give a single, unified view of data across Azure, on-prem, multi-cloud and SaaS
• Purview risk and compliance: protect sensitive data, identify risks and manage regulatory requirements
• Purview unified data governance: map out entire data estate, classify data, end-to-end lineage, identify sensitive data, create a secure environment for customers to find valuable data, generate insights about how data is stored, manage access to the data securely and at scale

Question 6

Azure Policy

Answer 6

• Create, assign and manage policies that control or audit resources. Policies are enforced across resource configurations to ensure those configs stay compliant with corporate standards.
• Evaluate resources and highlight those that aren’t compliant with policies, also prevent noncompliant resources from being created
• E.g. VMs in a certain environment are only allowed to be a certain size; all apps must be tagged with the AppName
• Azure Policy Initiatives is a way of grouping policies together (e.g. monitor: unencrypted SQL databases + OS vulnerabilities + servers with missing endpoint protection)

Question 7

Resource Locks

Answer 7

• Prevents a resource from being accidentally deleted or changed
• Even with RBAC, there is a risk people will delete/change critical cloud resources. Resource locks prevent this. They can be applied to resources, resource groups, or an entire subscription
• Two types of resource locks:
  
  1. Delete: authorised users can read and modify a resource, but can’t delete it
  2. ReadOnly: authorised users can read a resource, but can’t change or delete it.
• To delete/update a locked resource, the lock must be removed first

Question 8

Service Trust Portal

Answer 8

• A portal that provides access to various content, tools and other resources about Microsoft security, privacy and compliance practices
• Contains details about Microsoft’s implementation of controls and processes that protect their cloud services and customer data therein

Question 9

Tools for interacting with Azure (4)

Answer 9

1. Azure portal - web-based console. Can build, manage and monitor all resources, create dashboards of organisational resources, configure accessibility options
2. Azure Cloud Shell - browser-based shell tool that allows for creation, configuration, and management of Azure resources using a shell. Supports both Powershell and Azure CLI (bash)
3. Azure Powershell - a shell where users can run command-lets (cmdlets), which call the Azure REST API to perform management tasks.
4. Azure CLI - same functionality as Powershell but uses Bash commands

Question 10

Azure Arc

Answer 10

• Allows customer to extend Azure compliance and monitoring to a hybrid or multi-cloud environment
• Provides a centralised way to:
  
  • Manage entire environment by projecting existing non-Azure resources into Azure Resource Manager (ARM)
  • Manage multi-cloud and hybrid virtual machines, K8s clusters, and databases
• The following resource types (sitting outside of Azure) can be managed via Arc:
  
  • Servers
  • Kubernetes clusters
  • Azure data services
  • SQL Server
  • Virtual machines

Question 11

Azure Resource Manager (ARM)

Answer 11

• The deployment and management service for Azure. Provides the management layer that enables customers to create, update and delete resources in their Azure account. Anytime anything is done to Azure resources, ARM is involved.
• When a user sends a request from any of the Azure tools, APIs or SDKs, ARM receives the request, authenticates, authorises and sends the request to the Azure service.
• ARM allows for users to leverage Infrastructure as Code mechanisms such as ARM templates, Bicep and Terraform to deploy and manage resources

Question 12

Azure Advisor

Answer 12

• Evaluates Azure resources and makes recommendations to help improve reliability, security, and performance
• Includes a dashboard on the Azure portal that provides a view of all resources and includes suggested actions that can be taken to, which saves time on cloud optimisation.
• Types of recommendations include:
  
  1. Reliability to ensure continuity of applications
  2. Security: detect threats and vulnerabilities
  3. Performance: improve the speed of applications
  4. Operational Excellence: help achieve process and workflow efficiency, resource manageability and deployment best practices
  5. Cost: optimise and reduce Azure spending

Question 12

Azure Service Health

Answer 12

Helps customers keep track of Azure resources globally, both specifically deployed resources and the overall status of Azure.
- Azure Status: broad picture of Azure globally (e.g. outages, incidents etc)
- Service Health: provides a view of Azure services and regions being used by the customer
- Resource Health: tailored view of a customer’s actual Azure resources

Question 12

Azure Monitor

Answer 12

• Platform for collecting data on a customer’s resources, analysing that data, visualising and acting on the results. Includes:
  
  • Azure Log Analytics: tool where customers can write and run log queries on data gathered by Azure monitor
  • Azure Monitor Alerts: automated way to stay informed when Azure Monitor detects a threshold being crossed.
  • Application Insights: monitors customer’s web applications (either Azure, on-prem or other cloud). An SDK or Applications Insights agent is installed in the application, which can monitor app information such as: request data, response times, failure rates, page views and load times, user and session counts, performance counters from Windows/Linux servers