Module 1a - Understanding Azure Architecture and Management - General Concepts Flashcards
Gain understanding of general security, SLAs, Subscriptions and Management Groups.
Define Azure Subscriptions
A logical unit of Azure Services that links to an Azure account (which is an identity in Azure Active Directory OR in an AAD-trusted directory)
Azure Subscriptions - What are Boundaries?
Subscriptions can be used to define groups with different billing models, access to products and services, etc.
Billing Boundary - How an account is billed. Generates separate billing reports and invoices
Access Control Boundary - Access-management policies to reflect different organizational structures, controlling access to Services for those structures
Hint: E OS B
Azure Subscriptions - What three (3) considerations influence the need to have multiple Subscriptions?
Environments - Create separate environments for testing, security, data isolation or compliance. Ideal since resource access control happens at the Subscription level
Org Structure - Limit some teams to certain services while allowing others to have full access. Allows you to manage and control access
Billing - Since costs are first aggregated at the Subscription level, you can create Subscriptions to manage and track costs based on needs (one subscription for production workloads, one for development, one for testing workloads). Also allows for setting up multiple invoices within the same billing account (you’ll need multiple Billing Profiles), as well as Invoice Sections (i.e. organize line items by department or team, etc.)
How does Microsoft handle Data Center Physical Security for Azure?
- Addresses are not published
- Visits require approval even for MS Employees
- Each data center has physical guards and biometric security systems
Azure complies with different information security standards:
• ISO 27001
• HIPPAA
• FedRAMP
• SOC 1 & 2
• Regional Security Standards for Virtual Security
What 3 things does Azure do to provide Data Security?
- Data Encryption - Data is encrypted and stored separately in the same datacenter from other customer data
- Redundancy - Your data is triplicated within the data center in case of server failure
- Disaster Recovery - Per customer request, data can stored across different data centers to protect against natural disasters or other catastrophic events
Economy of Scale entails three (3) actions
What is Economy of Scale?
What do you pay for?
What does this relieve you of?
Microsoft purchases, manages and maintains all security for ALL infrastructure (hardware, data centers, etc.) so YOU don’t have to.
All you do is pay for the services you need. All Cloud Vendors look to improve this in order to make those services more cost effective for you
This relieves customers of the responsibility and overhead costs of maintaining, implementing and managing all of it themselves
What are Management Groups?
All Subscriptions in a single Management Group can trust multiple Azure Active Directory tenants (T/F)?
Management Groups are “containers” for Subscriptions. They help you manage access, policies and compliance for Subscriptions.
False. All Subscriptions in a single Management Group must trust the SAME Azure Active Directory tenant
Management Groups - What happens when you apply Policies to a Management Group?
When applied to the Management Group, Policies will apply to all Subscriptions within the Group
Note:
- Policies cannot be altered by a Resource or Subscription owner == improved Governance
- You can apply additional Policies to Services by Region
How many Management Groups can be supported in a single directory?
10k groups can be supported in a single directory
All Subscriptions and Management Groups are within a single hierarchy in each directory
Describe the Parent-Child organization of a Management Group
- Each Mgmt Group and Subscription can support ONE parent
- Each Mgmt Group can have many children
How many levels of depth can a Management Group Tree support?
Is that inclusive of the root or the subscription level (Y/N)?
A Mgmt Group Tree can support up to 6 levels of depth, NOT including the root level or subscription level
Management Groups - What is the simplest way to provide User Access?
With multiple Subscriptions under one Management Group, you can create ONE RBAC assignment for the group and it will apply to Subscriptions
General Knowledge: What are SLAs?
What is the target range for Uptime?
All Services have SLA’s (T/F)?
Service Level Agreements. Microsoft’s commitment for uptime and connectivity.
Targets range from 99.0%-99.99%
FALSE - Free and Preview Items do NOT have SLAs, everything else does (Know this for the Exam!)
What is a Composite SLA?
Multiple services supporting an application, each with differing levels of availability.
Synonymous with Lowering your SLA, Composites introduce multiple failure points in your implementation and the overall SLA is impacted by the lowest SLA in your Composite
You can improve the Composite SLA by creating independent fallback paths. For example, if SQL Database is unavailable, put transactions into a queue to be processed later.
What lowers your SLA?
Adding more Services (different from adding Resources). The more variety Services you add the more dependencies your system has, thus the more failure points which could potentially decrease your SLAs.
Choosing free or non-SLA Services like Preview ones
Adding Resources to the SAME Region