Azure Cosmos DB is flexible. At the lowest level, Azure Cosmos DB stores data in atom-record-sequence (ARS) format. The data is then abstracted and projected as an API, which you specify when you’re creating your database. Your choices include SQL, MongoDB, Cassandra, Tables, and Gremlin. This level of flexibility means that as you migrate your company’s databases to Azure Cosmos DB, your developers can stick with the API that they’re the most comfortable with. Show Azure SQL Database is a platform as a service (PaaS) database engine.SQL Database provides 99.99 percent availability. SQL Database is a fully managed service that has built-in high availability, backups, and other common maintenance operations. You can migrate your existing SQL Server databases with minimal downtime by using the Azure Database Migration Service. The Microsoft Data Migration Assistant can generate assessment reports that provide recommendations to help guide you through required changes prior to performing a migration. Azure Database for MySQL is a relational database service in the cloud, and it’s based on the MySQL Community Edition database engine, versions 5.6, 5.7, and 8.0. With it, you have a 99.99 percent availability service level agreement from Azure, powered by a global network of Microsoft-managed datacenters. This helps keep your app running 24/7. Azure Database for PostgreSQL is a relational database service in the cloud. The server software is based on the community version of the open-source PostgreSQL database engine.
The Hyperscale (Citus) option horizontally scales queries across multiple machines by using sharding. Its query engine parallelizes incoming SQL queries across these servers for faster responses on large datasets. It serves applications that require greater scale and performance, generally workloads that are approaching, or already exceed, 100 GB of data. The Single Server deployment option offers three pricing tiers: Basic, General Purpose, and Memory Optimized Synapse Analytics: Data warehouse
Functions can be either stateless or stateful. When they’re stateless (the default), they behave as if they’re restarted every time they respond to an event. When they’re stateful (called Durable Functions), a context is passed through the function to track prior activity. Logic apps are similar to functions. Both enable you to trigger logic based on an event. Where functions execute code, logic apps execute workflows that are designed to automate business scenarios and are built from predefined logic blocks. Functions and Logic Apps can both create complex orchestrations. An orchestration is a collection of functions or steps that are executed to accomplish a complex task.
Azure Files ensures the data is encrypted at rest, and the SMB protocol ensures the data is encrypted in transit.One thing that distinguishes Azure Files from files on a corporate file share is that you can access the files from anywhere in the world, by using a URL that points to the file. You can also use Shared Access Signature (SAS) tokens to allow access to a private asset for a specific amount of time. The following considerations apply to the different access tiers:
When you deploy a VPN gateway, you specify the VPN type: either policy-based or route-based. The main difference between these two types of VPNs is how traffic to be encrypted is specified. In Azure, both types of VPN gateways use a pre-shared key as the only method of authentication. Both types also rely on Internet Key Exchange (IKE) in either version 1 or version 2 and Internet Protocol Security (IPSec). IKE is used to set up a security association (an agreement of the encryption) between two endpoints. This association is then passed to the IPSec suite, which encrypts and decrypts data packets encapsulated in the VPN tunnel. POLICY-BASED VPNS Key features of policy-based VPN gateways in Azure include:
ROUTE-BASED VPNS Use a route-based VPN gateway if you need any of the following types of connectivity:
Key features of route-based VPN gateways in Azure include:
ACTIVE/STANDBY ACTIVE/ACTIVE EXPRESSROUTE FAILOVER ZONE-REDUNDANT GATEWAYS Azure ExpressRoute fundamentals Two different layers of the Open Systems Interconnection (OSI) model are:
LAYER 3 CONNECTIVITY ACROSS ON-PREMISES CONNECTIVITY WITH
EXPRESSROUTE GLOBAL REACH DYNAMIC ROUTING EXPRESSROUTE CONNECTIVITY MODELS
COLOCATION AT A CLOUD EXCHANGE POINT-TO-POINT ETHERNET CONNECTION ANY-TO-ANY NETWORKS With any-to-any connections, all WAN providers offer Layer 3 connectivity. For example, if you already use Multiprotocol Label Switching to connect to your branch offices or other sites in your organization, an ExpressRoute connection to Microsoft behaves like any other location on your private WAN.
Azure DevOps Services is a suite of services that address every stage of the software development lifecycle.
AZURE DEVTEST LABS
AZURE ADVISOR The recommendations are divided into five categories:
AZURE
MONITOR
AZURE SERVICE HEALTH
There are two approaches to infrastructure as code: imperative (Azure client & Powershell) code and declarative (ARM Templates) code. Imperative code details each individual step that should be performed to achieve a desired outcome. By contrast, declarative code details only a desired outcome, and it allows an interpreter to decide how to best achieve that outcome. This distinction is important because tools that are based on declarative code can provide a more robust approach to deploying dozens or hundreds of resources simultaneously and reliably. THE AZURE MOBILE APP
DO YOU NEED
A WAY TO REPEATEDLY SET UP ONE OR MORE RESOURCES AND ENSURE THAT ALL THE DEPENDENCIES ARE CREATED IN THE PROPER ORDER? By contrast, it’s entirely possible to use either PowerShell or the Azure CLI to set up all the resources for a deployment. However, there’s no validation step in these tools. If a script encounters an error, the dependency resources can’t be rolled back easily, deployments happen serially, and only some operations are idempotent.
Azure serverless computing services: Azure Functions and Azure Logic Apps. AZURE FUNCTIONS AZURE LOGIC APPS The primary difference between the two services is their
intent. Azure Functions is a serverless compute service, and Azure Logic Apps is intended to be a serverless orchestration service. Although you can use Azure Functions to orchestrate a long-running business process that involves various connections, this was not its primary use case when it was designed.
AZURE IOT HUB AZURE IOT CENTRAL AZURE SPHERE Azure Sphere comes in three parts:
IOT HUB or IOT CENTRAL
WHAT’S AZURE SECURITY CENTER? Security Center can:
WHAT’S SECURE SCORE?
DETECT AND RESPOND TO SECURITY THREATS BY USING AZURE SENTINEL AZURE SENTINEL CAPABILITIES
AZURE KEY VAULT WHAT CAN AZURE KEY VAULT DO?
WHAT ARE THE
BENEFITS OF AZURE DEDICATED HOST?
Consider the following scenario. Then choose the best response for each question that follows and select Check your answers. Tailwind Traders is moving its online payment system from its datacenter to the cloud. The payment system consists of virtual machines (VMs) and SQL Server databases. Here are a few security requirements that the company identifies as it plans the migration:
Here are some additional requirements that relate to regulatory compliance:
Here’s a diagram that shows the proposed architecture: On Azure, Tailwind Traders will use both standard virtual machines and virtual machines that run on dedicated physical hardware. In the datacenter, the company will run virtual machines that can connect to databases within its internal network.
LAYERS OF DEFENSE IN DEPTH Here’s a brief overview of the role of each layer:
AZURE FIREWALL DDOS PROTECTION PROVIDES THESE SERVICE TIERS:
Volumetric attacks: The goal of this attack is to flood the network layer with a substantial amount of seemingly legitimate traffic. NETWORK SECURITY GROUPS Tailwind Traders is moving its online payment system to Azure. The processing of online orders begins through a website, which Tailwind Traders manages through Azure App Service. (App Service is a way to host web applications on Azure.) The web application that runs the website passes order information to virtual machines (VMs), which further process each order. These VMs exist on an Azure virtual network, but they need to access the internet to retrieve software packages and system updates. Here’s a diagram that shows the basic architecture of the company’s payment system: https://docs.microsoft.com/en-us/learn/azure-fundamentals/secure-network-connectivity-azure/media/8-architecture.png The security team wants to ensure that only valid network traffic reaches the company’s Azure resources. As an extra layer of defense, the team also wants to ensure that the VMs can reach only trusted hosts on specific ports.
Azure AD Connect synchronizes user identities between on-premises Active Directory and Azure AD. Azure AD Connect synchronizes changes between both identity systems, so you can use features like SSO, multifactor authentication, and self-service password reset under both systems. Self-service password reset prevents users from using known compromised passwords. Multifactor authentication provides additional security for your identities by requiring two or more elements to fully authenticate. These elements fall into three categories:
SUMMARY
CLOUD ADOPTION FRAMEWORK SUBSCRIPTION GOVERNANCE STRATEGY ACCESS CONTROL Subscription limits MANAGEMENT GROUPS How is role-based access control applied to resources?
Observers, Users managing resources, Admins, and Automated processes illustrate the kinds of users or accounts that would typically be assigned each of the various roles. When you grant access at a parent scope, those permissions are inherited by all child scopes. For example:
RBAC uses an allow model. When you’re assigned a role, RBAC allows you to perform certain actions, such as read, write, or delete. If one role assignment grants you read permissions to a resource group and a different role assignment grants you write permissions to the same resource group, you have both read and write permissions on that resource group. RESOURCE LOCKS You can set the lock level to CanNotDelete or ReadOnly.
TAGS
AZURE POLICY POLICY INITIATIVES POLICY ASSIGNMENT AZURE BLUEPRINTS Azure Blueprints orchestrates the deployment of various resource templates and other artifacts, such as:
Implementing a blueprint in Azure Blueprints involves these three steps:
With Azure Blueprints, the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved. In other words, Azure creates a record that associates a resource with the blueprint that defines it. This connection helps you track and audit your deployments.Each component in the blueprint definition is known as an artifact. Tailwind Traders has created environments for development and testing for its e-commerce system.Here’s a diagram that shows the basic compute, database, and networking components found in each environment.
OST TRUST
CENTER AZURE COMPLIANCE DOCUMENTATION
DPA
Consider the following scenario. Then choose the best response for each question that follows, and select Check your answers.
Use Azure Advisor to monitor your usage Use spending limits to restrict your spending Use Azure Reservations to prepay Use Azure Cost Management + Billing to control spending Before they migrate their existing e-commerce system from their datacenter to production environments on Azure, the Tailwind Traders team wants to first set up environments for development and testing. Here’s a diagram that shows the basic compute, database, and networking components found in each environment: After the development team verifies changes to the Dev environment, they promote changes to the Test environment. The Test environment is where the testing team verifies new app features and also verifies that no regressions, or breaks to existing features, happen as new features are added.
When you build applications on Azure, the availability of the services that you use affect your application’s performance. Understanding the SLAs involved can help you establish the SLA you set with your customers. You don’t need an Azure subscription to review service SLAs. Each Azure service defines its own SLA. Azure services are organized by category. A service credit is the percentage of the fees you paid that are credited back to you according to the claim approval process. Free products typically don’t have an SLA. Azure status provides a global view of the health of Azure services and regions. If you suspect there’s an outage, this is often
a good place to start your investigation.
The following image shows the top-down hierarchy of organization for these levels.
An Azure subscription is a logical unit of Azure services that links to an Azure account, which is an identity in Azure Active Directory (Azure AD) or in a directory that Azure AD trusts.
Subscription limits: Subscriptions are bound to some hard limitations. For example, the maximum number of Azure ExpressRoute circuits per subscription is 10. Those limits should be considered as you create subscriptions on your account. If there’s a need to go over those limits in particular scenarios, you might need additional subscriptions. If you have multiple subscriptions, you can organize them into invoice sections. Each invoice section is a line item on the invoice that shows the charges incurred that month. For example, you might need a single invoice for your organization but want to organize charges by department, team, or project. Depending on your needs, you can set up multiple invoices within the same billing account. To do this, create additional billing profiles. Each billing profile has its own monthly invoice and payment method. The following diagram shows an overview of how billing is structured. If you’ve previously signed up for Azure or if your organization has an Enterprise Agreement, your billing might be set up differently. AZURE MANAGEMENT GROUPS Important facts about management groups
ANSWER KEYS
Can we create free account on Azure?Create Your Azure Free Account Today.
What is the minimum charge for having an Azure account each month even if you don't use any resources?The monthly Azure invoice will contain the consumption of every resource you run inside of a subscription. If you don't run any resources and therefore have no consumption–-your bill is $0.
Is Azure free forever?You start getting monthly free amounts of more than 55 other services when you create your Azure free account. If you move to pay-as-you-go pricing after 30 days or after you use your credit, you'll continue to receive monthly free amounts of these services.
What are free services in Azure?Cloud migration and modernization
Protect your data and code while the data is in use in the cloud. Accelerate time to market, deliver innovative experiences and improve security with Azure application and data modernisation. Seamlessly integrate applications, systems, and data for your enterprise.
|