Section 3 Flashcards
Is a combination of software, data access, computation, and storage services provided to clients through the internet. It is used to describe the internet infrastructure in computer network diagrams.
Cloud computing
Anyone can access. Cloud-based computing resources (such as platforms, applications, and storage) are made available to the public by a cloud service provider. The service provider may require a fee for using these resources.
Public cloud
Provides resources to a single organization. Access is granted only to users within the organization. Are typically hosted internally, but an organization may use third-party hosting because of the necessary expense and expertise.
Private cloud
Is a combination of public and private clouds that are leveraged for certain kinds of apps.
Hybrid cloud
Delivers infrastructure to the client, such as processing, storage, networks, and virtualized environments. The customer rents the infrastructure components that they need.
Infrastructure as a Service (IaaS)
With IaaS, the provider is responsible for managing the following aspects of the infrastructure:
Computing power
Storage
Networking
With IaaS, the customer is responsible for managing:
Operating systems
Applications
Data
Access
Examples of IaaS
Azure virtual machines and Azure storage.
The deployment comes without the cost and complexity of buying and managing the underlying hardware and software layers. Is often used for development, analytics, and business intelligence.
Platform as a Service (PaaS)
With Paas, the provider is responsible for managing the following aspects of the platform:
Operating Systems
Computing power
Storage
Networking
With PaaS, the customer is responsible for managing:
Data
Access
Applications
Examples of PaaS
Azure App Services and Azure SQL
Delivers software applications to the client over the internet or on a local area network. It is by far the most used model.
Software as a Service (SaaS)
With software as a service, the provider is responsible for managing the following aspects of the software applications:
Operating system
Networking
Storage
Computing power
Applications
Examples of SaaS
Microsoft Outlook, Calendar, Teams, OneDrive, and Office 365
Is a term used to define physical objects that communicate with other systems over a public or private network.
Internet of Thins (IoT)
Azure services are managed through this, a dashboard with a graphical user interface.
Azure Portal
Is a management service that provides a location to manage all resources in your Azure account.
Azure Resource Manager (ARM)
provides a one-stop shop for organizations to purchase third-party software and services designed and certified to run on Azure.
Azure Marketplace
Include one or more data centers within the same region that are located in different geographical locations.
Availability zones
Resource groups are logical containers for resources.
Resources
Combines user accounts with the resources each user has created.
Subscriptions
Used to administer multiple subscriptions, policies, compliance, and access.
Management groups
Data centers that are organized into geographical areas. Each one comprises of one or more data centers.
Regions
Benefits of regions:
Resources can be closer to the user
Load balancing
Scalability
Redundancy
Resiliency
Designed specifically to address governmental legal and compliance concerns. These regions may be specific to your state or country.
Azure’s special regions
Include one or more data centers within the same region in different geographical locations. The centers are connected using private fiber-optic networks. Each center can operate on its own if needed so that if one location stops working, the other will continue operations.
Availability zones
Established to provide even further redundancy. If a natural disaster or other event were to impact two or more data centers in the same region, all services would fail over to the region’s pair.
Region pairs
Items that can be managed using Azure. This could include:
Virtual machines
SQL databases
Storage
Web apps
Resources
Contain one or more resources to be managed and could include:
Virtual machines
SQL databases
Storage
Web apps
Management groups
Using Azure Resource Manager, you can:
Create resources
Update resources
Delete resources
Secure resources
Increase stability and reduce hardware costs. Windows Server, Windows Client, or Linux ones can be created on demand.
Virtual Machines
Azure Virtual Machines can be used for:
Times when you need full control over a machine.
Running custom software.
Testing and development.
Increasing the size of a data center.
Applications with fluctuating demands.
Web apps, configurations, and files are packaged together so they can be consistently shared and deployed over the cloud.
Azure Container Instances
Azure Container Instances can be used when:
You need to run multiple isolated container instances on one computer.
You do not need to have full control over the VM.
You want to develop without worrying about managing a full virtual machine.
You need to split your app into logical parts for maintenance and scalability.
An application and desktop virtualization that can be run anywhere in the world using any operating system and any modern browser.
Azure Virtual Desktop
Azure Virtual Desktop can be used when:
You do not want to risk personal data stored on a laptop or other physical device.
Your end-users are using different operating systems.
Your users are scattered across different locations and need anywhere-access.
You need to accommodate users using various operating systems.
An orchestration service that can be used to manage numerous container instances (nodes).
Azure Kubernetes Service (AKS)
Can be used when you need to manage a large number of container instances.
Azure Kubernetes Service
Provide a method for Azure VMs, databases, and apps to communicate.
Azure virtual networks
The following methods can be used to extend your virtual network:
Azure ExpressRoute
Point-to-site private networks
Site-to-site private networks
Azure virtual networks can be used for:
Segmentation (subnets)
Isolation
Network traffic filtering
Communication between local and Azure resources
Provides a secure connection between an Azure virtual network and another network.
Azure VPN Gateway
VPN Gateways can be used to establish the following connections:
Network-to-network connection
Site-to-site connection
Point-to-site connection
A private connection between your on-premises network and Microsoft cloud services such as Azure.
Azure ExpressRoute
Unlike a VPN that is limited to around 1.25 Gbps network speed, Azure ExpressRoute can provide up to how many Gbps?
10
Useful when you need faster speeds, lower latency, and increased reliability over regular internet connectivity.
Azure ExpressRoute
Provides a low-latency option for connecting one virtual network to another. Traffic between the two networks is done on Microsoft’s private infrastructure instead of over the Internet.
Virtual network peering
Is useful for database failover and data replication.
Virtual network peering
Houses large amounts of unstructured data such as images, audio, video, and text.
Blob storage
Items stored in blob storage are called?
Blobs
Are organized into containers. This data is connected to user accounts and can be accessed from anywhere.
Blobs
Blob storage is often used for:
Files that need distributed access
Streaming video
Backup and disaster recovery data
Browser images or documents
Used with Azure Virtual Machines. Azure provides hard disks, solid-state drives, and ultra disks.
Azure-managed disks
Azure-managed disks are valuable when you need:
A high level of availability
A large number (potentially thousands) of virtual machines
Protection against regional disasters
Protection from datacenter failures
Provide cloud-based file shares. These file shares can be accessed by Windows, macOS, or Linux deployments can access these file shares on the premises or in the cloud.
Azure files
Can be shared using a URL. Shares can be long-term or managed for a shorter term using Shared Access Signature (SAS) tokens.
Azure Files
File storage are useful for:
Sharing files between on-premise or cloud-based applications
Sharing files between multiple virtual machines
Designed to store important data, but does not need to be accessed regularly.
Archive storage
Archive storage is useful for:
Storing old data for compliance purposes
Long-term backup
Surveillance footage
Useful when you need a reliable relational database based on MySQL without the hassle of database design, build, and management.
Azure Database for MySQL
An Azure hosted NoSQL database system. You can choose to use any of the following API/database types:
Core (SQL)
Cassandra
Gremlin
MongoDB
Azure Table
Cosmos DB
Useful when you want to migrate your database to Azure, but you do not want to change your API.
Cosmos DB
A platform as a service (PaaS) hosted by Microsoft. The backend infrastructure, upgrades, backups, and monitoring are fully managed, so you just need to focus on your data.
Azure SQL Database
Useful when you need a highly reliable, high-performing relational database without the hassle of database management.
Azure SQL Database
A relational database service hosted by Microsoft. The backend infrastructure, upgrades, and monitoring are fully managed so you can focus on your data.
Azure Database for MySQL
Useful when you need a reliable relational database based on MySQL without the hassle of database design, building, and management.
Azure Database for MySQL
A relational database service. Microsoft handles configuration, replication, backups, security, and monitoring.
Azure Database for PostgreSQL
Is useful when you need a reliable relational database based on the PostgreSQL database engine.
Azure Database for PostgreSQL
A more advanced version of the Azure SQL Database PaaS service.
Azure SQL Managed Instance
Useful when you need the benefits of a hosted SQL database, but you need more functionality than is provided by Azure SQL Database.
Azure SQL Managed Instance
Involves data collection, processing, and analytics; specifically, data that is too complicated or too large for standard analytics software.
Big data
A big data solution that combines data warehousing and analytics, including:
Synapse SQL (distributed query service)
Spark (an open-source big data solution)
Synapse pipelines
Synapse tudio (data management, tasks, and user experience building)
Azure Synapse Analytics
Can be used to quickly gather, analyze, and draw insights from all of your data warehouses.
Azure Synapse Analytics
Useful when you need an open-source analytics solution that supports a variety of frameworks:
As a PaaS
As a cloud-based analytics service
To supports Hadoop, Apache Spark, R, Hive, and other frameworks
HDInsight
Useful when focusing on data collaboration and transformation instead of data management.
Is a PaaS cloud-based analytics service
Works with the Hadoop framework
Has two development environments for data applications:
Azure Databricks Workspace
Azure Databricks SQL Analytics
Azure Databricks
Computer software designed to simulate a human’s intelligence and information processing capabilities.
Artificial Intelligence (AI)
Teaches computer software how to process information and make predictions based on that data.
Machine learning (ML)
Azure Machine Learning is:
A cloud-based service
Used for training, deploying, and managing machine learning models
Used to integrate cognitive intelligence into apps, including:
A cloud-based service
Four cognitive services:
Speech (speech recognition)
Vision (video and image analysis)
Decision (identify offensive content and personalize a user’s experience)
Language (interpret the intended message, not just individual words)
Cognitive Services
A managed service for bot development.
Azure Bot Service
A suite of services designed for use throughout the software development life cycle (SDLC).
Azure DevOps
A repository where developers can publish source code for feedback and peer collaboration.
Azure Repos
Uses continuous integration (CI) and continuous delivery (CD) for building, testing, and distribution.
Azure Pipelines
A repository for source code artifacts.
Azure Artifacts
A visual Kanban-style method for managing and tracking development projects.
Azure Boards
Used to manage software testing.
Azure Test Plans
What tools are available in the Azure DevOps?
Repos, Pipelines, Artifacts, Boards and Test Plans
An environment for testing. You can test the creation and management of virtual machines, IaaS, and PaaS before purchasing and implementing them in a live setting.
DevTest Labs
Designed for developers looking to create custom solutions for their IoT platform.
Azure IoT Hub
A PaaS solution
Can be integrated with other Azure services
A bi-directional, centralized messaging hub that communicates between your IoT management application and its devices
Designed for developers looking to develop custom solutions for their IoT platform using Python, Java, C, C#, and Node.js
Secure, reliable, and scalable
Azure IoT Hub
An application platform that provides software to connect your IoT devices to the cloud.
Azure IoT Central
Is a SaaS solution
Provides standardized templates for building applications
Simplifies your design processes and reduces the cost of development and management
Is secure, reliable, and scalable
Can be used to manage your own IoT devices without in-depth knowledge of IoT application development
IoT Central
Used for creating and programming IoT devices, including:
Certified chips known as microcontroller units (MCUs)
A Microsoft managed Linux-based operating system
Azure Security Service
Azure Sphere
Run code when triggered by Azure and on-premises system events that need an immediate response
Allow you to focus on the code running your service instead of its infrastructure
Support .NET, Java, Python, PowerShell, and several other languages
Azure Functions
Is used for scheduling, automating, and orchestrating workflow
Includes pre-built connectors for Microsoft services and third-party services
Logic Apps
a centralized, web-based interface for creating, monitoring, and managing your simple Azure deployments and applications.
Azure Portal
a command-line interface preferred by Windows users that:
Can be used with Linux, Windows, and iOS
Is used for automation
Uses simple commands (cmdlets)
Is run on a user’s local machine
Azure PowerShell
Used with Linux, Windows, and iOS.
Is often used with a command-line interface
Is used for automation
Is run on a user’s local machine
Azure CLI
Connects to a preinstalled Azure PowerShell or Azure CLI terminal.
Azure Cloud Shell
Uses a web browser
Can be accessed using the Azure Mobile App on a mobile device
Is a free service
Azure Cloud Shell
Used to deploy and manage all resources and resource groups.
Controls access to resources using the privileges defined by Azure Active Directory.
Azure Resource Manager (ARM)
You can use to connect to your Azure resources. You can monitor and manage virtual devices and applications using this.
Azure Mobile App
Outlines issues related to personal data. It applies to all Microsoft products, including services, apps, software, servers, and devices.
Microsoft Privacy Statement
Personal data Microsoft collects
How collected data is used
Reasons for sharing personal data
Information about cookies, web beacons, and other data collection tools
Situation and product-specific privacy information
Methods for accessing and controlling a user’s data
Microsoft Privacy Statement topics
A legal agreement. When customers sign the OST, they agree to the privacy terms and conditions that apply to the purchased online service(s).
Online Services Terms (OST)
An addendum to the OST. It provides additional information about the data processing and security terms and conditions for purchased service(s). Topics include:
Government compliance
Data security
Data handling
Data Protection Addendum (DPA)
A website for an individual or an organization who wants to learn more about all of Microsoft’s privacy, security, and compliance efforts.
The Microsoft Trust Center
Created to address information and data security for the criminal justice and law enforcement fields. It is a collection of requirements and standards for local, state, and federal agencies.
Criminal Justice Information Services (CJIS)
A standard created to address information and data security for the health care field.
The Health Insurance Portability and Accountability Act (HIPAA)
Standards include the following enforcements for cloud-stored data. These standards ensure that customer data is not used for marketing or advertising purposes and that the data will not be shared unless there is a legally binding order for disclosure.
International Organization of Standards/International Electrotechnical Commission (ISO/IEC)
An agency of the U.S. Department of Commerce.
Encourages technological advancements and provides recommendations for data protection.
National Institute of Standards (NIST)
The name for Azure cloud regions designed only for United States government use.
Physically managed separately from the traditional Microsoft Azure service.
Azure Government
It is designed to address special requirements and regulations specific to a particular government, whether on a country, state, or local level.
Azure Government
The United States Department of Defense (DoD) uses Azure Government. The United States is divided into several regions, including:
S DoD East
US DoD Central
US Gov Texas
US Gov Arizona
US Gov Virginia
Is the responsibility of both the customer and the cloud provider.
Cloud security
Microsoft has approached security measures based on:
Confidentiality, integrity and availability (CIA principles).
Includes data stored in databases, virtual machines, cloud storage, and SaaS applications. Many regulatory requirements are in place to ensure that data remains confidential.
Data layer
Includes applications and application secret storage. Ideally, an organization should integrate security into its application development process.
Application layer
Includes virtual machines, systems, and endpoints. Each of these should be secured and should have access controls in place.
Compute layer
Includes all network resources. Network segments, secure connectivity, limited internet access, and secure connectivity between cloud and on-premises networks help with this defense.
Network
Firewalls and DDoS protection are the primary defenses at this level. It’s harder to eliminate a threat once it has breached your perimeter.
Perimeter level
Defense measures include SSO and multifactor authentication, control access, and event audits, ensuring that access is only granted as needed and logging all events and changes.
Identity and access
Includes building security and data center access. Physical defenses help to ensure that only authorized individuals have access to a building or a data center and that any loss or theft is documented and addressed
Physical layer
A centralized security monitoring service that helps to protect your services from security threats.
Azure Security Center
Monitors cloud and on-premises services
Monitors resources
Performs security assessments
Identifies vulnerabilities
Detects and stops malware installation
Applies security settings to new resources
Azure Security Center
A security information and event management (SIEM) system. SIEM systems collect data from various sources for threat detection and response that includes:
Data collection from cloud and on-premises
Microsoft analytics and threat intelligence to detect hidden threats
Task automation to respond to incidents quickly
Azure Sentinel
A centralized cloud service that stores highly sensitive secrets such as passwords, certificates, tokens, and API keys.
Azure Key Vault
Stores and manages sensitive information
Can be used to create and manage encryption keys
Can be used to create and manage SSL/TLS certificates for both internal and Azure resources
Provides access control and access monitoring
Azure Key Vault
Ensures that your VMs are hosted on dedicated physical servers. You can select the appropriate Azure region, availability zone, and fault domain to help ensure high availability.
Azure Dedicated Host
Inspects network traffic and filters network traffic. Traffic can be filtered by port number, protocol, FQDN, and network address. Network administrators can set NAT, network, or application rules to deny or allow various traffic types.
Azure Firewall
Reviews the traffic, compares it to the existing rules, and permits or blocks the traffic accordingly.
Azure Firewall
Provides a level of defense against several types of distributed denial-of-service attacks, including:
Volumetric attacks
Resource-level attacks
Protocol attacks
Azure DDoS Protection
Firewall services offered by Azure. These NSGs filter network traffic between services in an Azure virtual network.
Network security groups (NSG)
