Paas Ex:
App Service, firewall, SQL database, azure functions, azure service fabrics, azure firewall
IaaS Ex:-
VM, Storage accounts
1) VM Series
In general, you’ll be looking at series A, B, or D:
B series: This stands for “burst”. The baseline performance is really low, but it can “burst” up to decent performance for short periods of time. This is ideal for something that sits idle all day, and handles light traffic when it does get used.
A series: This has a slightly better baseline performance than the B series, but at a slightly higher cost as well. It handles small workloads, and is recommended for Dev/Test environments according to the documentation.
D series: This has good baseline performance, and is the first series rated for Production use.
- SLA
You need minimum of two virtual machines with each one located in a different availability zone. Azure offers industry best 99.99% VM uptime SLA.
If SLA of any service not met, you receive credit for that service, which can be used for further monthly billing of that service. - Data in an Azure Storage account is always replicated three times in the primary region. Azure Storage offers two options for how your data is replicated in the primary region:
Locally redundant storage (LRS) copies your data synchronously three times within a single physical location in the primary region. LRS is the least expensive replication option, but is not recommended for applications requiring high availability or durability.
Zone-redundant storage (ZRS) copies your data synchronously across three Azure availability zones in the primary region. For applications requiring high availability, Microsoft recommends using ZRS in the primary region, and also replicating to a secondary region.
The Azure Storage platform includes the following data services:
Azure Blobs: A massively scalable object store for text and binary data. Also includes support for big data analytics through Data Storage Gen2.
Azure Files: Managed file shares for cloud or on-premises deployments.
Azure Queues: A messaging store for reliable messaging between application components.
Azure Tables: A NoSQL store for schema less storage of structured data.
Azure Disks: Block-level storage volumes for Azure VMs.
- Data lakes and data warehouses are both widely used for storing big data, but they are not interchangeable terms. A data lake stores huge semi-structured and unstructured data. Data Lake defines the schema after data is stored. A data warehouse is a repository for structured, filtered data that has already been processed for a specific purpose. Data Warehouse defines the schema before data is stored.
- Azure Monitor is the tool to get the data from the Azure resources to maximize the availability and performance of your applications and services in the form of metrics and logs. This data can then be processed to perform various functions such as analysis, visualization, alerting, automation and integrations.
- Azure Service Fabric is a distributed systems platform that makes it easy to package, deploy, and manage scalable and reliable microservices and containers. It is a full “custom PaaS” system.
- Azure Advisor analyzes your configurations and usage telemetry and offers personalized, actionable recommendations to help you optimize your Azure resources for cost, reliability, security, operational excellence and performance.
- Azure Firewall is cloud-based network security service that protect your Azure virtual network resources. It is fully statefull service with built in high availability and unrestricted cloud scalability.
We can create, enforce and log application network policies across subscriptions and virtual network. Azure Firewall uses static public IP address for your virtual network resources allowing outside firewalls to identify traffic originating from your virtual network. It is Paas.
Using Firewall we can make a VM accessible from internet over HTTP by adding rule to allow connection to VM on port 80(Http).
Denial of Service protection,
access control lists (Azure calls them NSGs),
basic traffic monitoring
Network traffic filtering rules
Outbound SNAT support
Inbound DNAT support
Multiple public IP addresses
- You can use an Azure Network Security Group(NSG) to filter network traffic to and from Azure resources in an Azure virtual network. NSG contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
We can say that a NSG is a firewall, but a very basic one. It is a Microsoft provided solution to filter traffic at the Network layer (L3). However, Azure Firewall is more robust. It’s a managed firewall service that can filter and analyze L3(Transport)-L4(Network traffic, as well as L7(Application) application traffic.
When you create VM, the default setting is to create NSG attached to the Network interface.
Using NSG we can make a VM accessible from internet over HTTP by adding rule to allow connection to VM on port 80(Http).
We can attach NSG to the Virtual network or individual Subnets with the virtual network.
We can attache multiple NSG to a Virtual Network to restrict traffic between resources such as VMs or Subnets.
NSG contain security rules that allow or deny inbound network traffic to, or outbound network traffic from, several type of azure resources.
- Azure Files can be used to completely replace or supplement traditional on-premises file servers or NAS devices. Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol or Network File System (NFS) protocol. Popular operating systems such as Windows, macOS, and Linux can directly mount it.
- Azure Logic Apps is a cloud-based platform for creating and running automated workflows that integrate your apps, data, services, and systems. It is Paas.
ex:- Schedule and send email notifications when a specific event happens, Move uploaded files from FTP server to Azure Storage. - Azure Government is the mission-critical cloud, delivering breakthrough innovation to US government customers and their partners. Only US federal, state, local and tribal governments and their partners have access to this dedicated instance, operated by screened US citizens. It is a sovereign cloud, physically seperated instance of Azure.
- Azure Key Vault is a cloud service for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, security tokens, passwords, certificates.
- The Azure Active Directory (Azure AD) enterprise identity service provides single sign-on, multi-factor authentication (MFA) and access management (IAM) solution.
- Azure Information Protection (AIP) enables organizations to classify, and protect documents and emails by applying labels to content.
Like AIP can be used to automatically add watermark to Microsoft Word Document that contain credit card information. - Azure SLA guaranteed uptime for paid Azure service for atleast 99.9%. And this can be increased by adding azure resources to multiple regions.
- Azure VM Scale Sets are groups of individual virtual machines (VMs) within the Microsoft Azure public cloud that Administrators can configure and manage as a single unit. Administrators can use Azure VM Scale Sets to deploy complete services, rather than duplicate the same VMs.
Autoscale is a built-in feature of Cloud Services, Mobile Services, Virtual Machine Scale Sets and Websites that helps applications perform their best when demand changes.
Difference b/w Availability Set & Scale Set:
–>Scale Sets have Identical VMs where in Availability Sets does not require them to be identical.
–>Availability set, in concept, are for enhancing application availability in case one primary VM fails/needs update another VM from Fault/Update domain can be provisioned.
Scale sets on another hand, in concept, are designed for Automatic scaling (horizontal) in application where load can vary extensively to fulfill more compute needs.
–>Provisioning new VM in Azure when needed is easier for Scale sets as all other VMs are same in all aspects & replica of one golden copy.
–>Availability set is a predecessor of scale set. It will eventually be replaced although right now they are created in conjunction. What’s more scale sets introduce autoscaling. - Two types of Windows Azure pricing models :-
–>Consumption offers- which is a pay per use model.
–> Subscription based Windows Azure pricing model- which requires a six month commitment of monthly base fees from users. Any usage in excess of this amount is charged at standard consumption rates. - Azure Resource Manager(ARM) is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.
It uses Resource Manager template – A JavaScript Object Notation (JSON) file that defines one or more resources to deploy to a resource group, subscription, management group, or tenant. The template can be used to deploy the resources consistently and repeatedly. - Azure Monitor Logs is a feature of Azure Monitor that collects and organizes log and performance data from monitored resources.
- Azure Log Analytics is a tool to edit and run log queries from data collected by Azure Monitor Logs and interactively analyze their results.
Azure Monitor is the tool to get the data from the Azure resources, and Log Analytics is the tool to query that data if you want to query over multiple resources. - Azure Cloud Shell is a command-line interface that can be used within the browser/Azure Mobile App to manage and create Azure resources. It uses powershell or Bash for the commands. So being a browser based we can use it from Android Tablet as well.
- Azure Databricks is an Apache-Spark based industry-leading, data engineering tool used for processing and transforming massive quantities of data and exploring the data through machine learning models. Recently added to Azure, it’s the latest big data tool for the Microsoft cloud.
- DDoS(Distributed Denial of Service) is a type of attack that tries to exhaust resources. The goal is to affect application availability & it’s ability to handle legitimate requests. DDoS attack can be targeted through any endpoint that is publicly reachable through internet.
Azure DDoS has 2 types of offerings that provide protection from network attack:
DDoS Protection Basic – it comes by default at no extra cost.
DDoS Protection Standard – it can generate reports containing detail of attempted attacks. - VPN gateway , Subnet GAteway
A VPN gateway is a specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet.
So to implement solution that enables the client computers on your on-premises to communicate with Azure VMs, we need a Virtual Private Network Gateway. This VPN gateway need to be located on a dedicated subnet in azure virtual network. This dedicated subnet is known as Subnet GAteway. - Content Deleivery Network(CDN) is a distributed network of server that can efficiently web content to users. CDNs store cached content on edge servers in point-of-presence (POP) locations that are close to end users, to minimize latency.
Azure CDN offers developers a global solution for rapidly deleivering high-bandwidth content to users by caching their content at strategically placed physical nodes across the world. - Azure Internet of Things(IoT) act as a central message hub for bi-directional communication between your IoT application and the devices.
IoT Hub provide data from millions of senors.
There are two types of storage service IoT Hub can route message to:-
Azure Blob storage
Data Lake Storage- Azure Data Lake Storage accounts are heirarchical namespace-enabled storage account built on top of Blob storage.
Both of these use Blob for their storage.
- Azure Machine Learning service provides a cloud-based environment that you can use to develop, train, test, deploy, manage, and track machine learning models.
Databricks is an environment that makes it easy to build, train, manage, and deploy machine learning and deep learning models. - Azure storage offers different Access Tiers, allowing you to store blob object data in the most cost-effective manner. Available Access Tiers include:
Hot – Optimized for storing data that is accessed frequently.
Cool – Optimized for storing data that is infrequently accessed and stored for at least 30 days.
Archive – Optimized for storing data that is rarely accessed and stored for at least 180 days with flexible latency requirements, on the order of hours.
To read & download archive data you must rehydrate before the data can be accessed. - Azure commands can be run from Powershell or Azure CLI Command prompt. But Bash command can run on Azure cloud shell only.
- Azure Function is a serverless computing service that lets you run event-triggered code without having to explicitly provision or manage infrastructure. It is PaaS.
- Azure offer below Expenditure Models:-
Capital Expenditure Model (CapEx)
Operational Expenditure Model (OpEx) - Azure DevTest Labs enables developers on teams to efficiently self-manage virtual machines (VMs) and PaaS resources without waiting for approvals. DevTest Labs creates labs consisting of pre-configured bases or Azure Resource Manager templates.
- The Trust Center is an important part of the Microsoft Trusted Cloud Initiative and provides support and resources for the legal and compliance community.
Azure has more then 90 compliance certification, including over 50 specific to global region & countries, such as US, Canada, UK, Japan, Europe, India, China. Those compliance certificate can be viewed at Microsoft Trust Center to know if Azure meet your regional requirements. - You can configure Lock on Resource group to prevent accidently deleting the resources. The lock applies to everyone including Global Administrators. If you want to delete resource group, the lock must be removed first.
Lock level can be of 2 types:
CanNotDelete- means authorized users can read and modify the resources, but they can’t delete it.
ReadOnly- means authorized users can Read the resource, but they can’t Delete or Update the same. - In Stateless, server is not needed to keep the server information or session details to itself.
In stateful, a server is required to maintain the current state and session information. - Layers of OSI Model (bottom to Up). Physical, Data & Network are hardware layers. Session, Presentation & Application are software layers.
L7- Application
L6- Presentation
L5- Session
L4- Transport
L3- Network
L2- Data
L1- Physical - Azure Traffic Manager is a DNS-based traffic load balancer. This service allows you to distribute traffic to your public facing applications across the global Azure regions. Traffic Manager is not a proxy or a gateway. Traffic Manager does not see the traffic passing between the client and the service.
We learned that the Azure Traffic Manager has been designed to distribute traffic globally (Multiregional environments). Nevertheless, the Azure Load Balancer can only route traffic inside an Azure region, as it only works with Virtual Machines in the same region. - The Activity log is a platform log in Azure that provides insight into subscription-level events. This includes such information as when a resource is modified or when a virtual machine is started. You can view the Activity log in the Azure portal or retrieve entries with PowerShell and CLI.
- Azure Policy is a service in Azure which allows you create polices which enforce and control the properties of a resource. When these policies are used they enforce different rules and effects over your resources, so those resources stay compliant with your IT governance standards.
Like Azure Policy can be assigned to resource group to prevent creation of VM in the resource group. Also Azure Policy can be created to restrict creation of Azure Resource out of Region in the country where company office is located. - You can move VMs & it’s asspciated resources to different subscription, irrespective of the resource group they lie in.
- Many Azure resource have have quota limit to control cost. So you may receive message that you must increase your Azure Subscription limits.
You can request a quota limit increase by opening a “Support request”. - Azure tags are name-value pairs that are used to organize resources in Azure Portal. You apply tags to your Azure resources, resource groups, and subscriptions to logically organize them into a taxonomy. Each tag consists of a name and a value pair. For example, you can apply the name Environment and the value Production to all the resources in production.
- Modern Lifecycle Policy covers product & services that are serviced & supported continuosly. For products governed by Modern Lifecysle Policy, Microsoft will provide minimum 12 months notification prior to ending support if no successor product or service is offered- excluding free services or preview releases.