AZ-301: Azure Architect Design - Microsoft PDF Free Download

1y ago

26 Views

1 Downloads

6.66 MB

336 Pages

Report/dmca

Download PDF

Transcription

2019 Skylines Academy, LLC. All rights reserved.Exam TipsPlan for 180minutes40-60Questions Some questions worthmore than 1 pointAnswer ALL thequestions. There is nopenalty. 150 minutes to answerquestions30 mins for variousinstructions, commentsetc.Types ofquestion Multiple choiceListHot AreaActive ScreenDrag and DropCase Studies Lots of information toabsorbFocus on the keypointsSkim read first, look atthe question and comeback to dig in for therequirements

2019 Skylines Academy, LLC. All rights reserved.If you took AZ-300 This exam focuses more on “Design”and “Choice” Less hands on Core concepts on compute, storage,networking will be repeated but focuson mapping requirements to yourchoices this time.

2019 Skylines Academy, LLC. All rights reserved.Identifying RequirementsUse CasesAssumptionsCritical Success Factors Business Drivers Understand the goals of the business and applicationteams Use to formulate specific requirements Any assumptions being made about requirements? E.g. Must be able to use existing licenses Try to align these to specific business outcomes Examples: Application needs to be scalable to xyz ormust be able to utilize existing operations team.

2019 Skylines Academy, LLC. All rights reserved.Business NeedsDefine BusinessObjectives Is this a 24x7application?What RPO/RTO isacceptable?Does the applicationneed to be globallyavailable?Document SLAs What is that availabilityrequirement? 99.9?99.99%?Functional andNon FunctionalRequirements Functional defineswhether theapplication does theright thing.Nonfunction lets youdefine whether theapplication does thosethings well.Decompose byworkload Different workloadsmay have differentrequirements foravailability, scalability,data consistency, anddisaster recovery.

2019 Skylines Academy, LLC. All rights reserved.Business Needs (cont.)Manage CostsPlan for Growth What are the currentexpected users andhow will you scalebeyond that? Ensure you account forall costs in the solutionas well as shared costincreases.

2019 Skylines Academy, LLC. All rights reserved.Azure Architecture Center Be aware of the AzureArchitecture Center Review examplescenarios Design Patterns Reference Architectures Data Architecture ecture/

2019 Skylines Academy, LLC. All rights reserved.Shared Responsibility Model Security is a joint responsibility Cloud computing clearly provides manybenefits over on-premises As you move from IaaS PaaS SaaS youcan offload more of the controls toMicrosoft

2019 Skylines Academy, LLC. All rights reserved.Microsoft Trust Center In-depth information Access toFedRAMP, ISO, SOC auditreports, data protection whitepapers, security assessmentreports, and more Centralized resources aroundsecurity, compliance, and privacyfor all Microsoft Cloud services Powerful assessment toolshttps://servicetrust.microsoft.com/

2019 Skylines Academy, LLC. All rights reserved.Compliance Manager Manage compliance from acentral location Proactive risk assessment Insights and recommendedactions Prepare compliance reportsfor audits

2019 Skylines Academy, LLC. All rights com/ViewPage/BlueprintOverview

2019 Skylines Academy, LLC. All rights reserved.What is an SLA?“A Service Level Agreement (SLA) is anagreement with the business andapplication teams on the expectedperformance and availability of aspecific service.”

2019 Skylines Academy, LLC. All rights reserved.General SLA Practices Define SLA’s for each workload Dependency mapping Make sure to include internal/external dependencies Identify single points of failure Example – workload requires 99.99% but depends on a service that isonly 99.9%

2019 Skylines Academy, LLC. All rights reserved.Key TermsMean Time ToRecovery(MTTR) Average time torecover service froman outageMean TimeBetweenFailures (MTBF) Average time betweenoutagesRecovery TimeObjective(RTO)Recovery PointObjective(RPO) Interval of time inwhich data could belost during a recovery.E.g. 5 minute RPOmeans up to 5 minutesof data could be lost. Time requirement forrecovery to becompleted in beforethere is businessimpact.

2019 Skylines Academy, LLC. All rights reserved.Azure Active DirectoryAAD Modern AD service built directly forthe cloud Often the same as O365 directoryservice Can sync with On-premisesdirectory service

2019 Skylines Academy, LLC. All rights reserved.Active Directory Domain ServicesADDS Legacy Active Directory sinceWindows 2000 Traditional Kerberos and LDAPfunctionality Deployed on Windows OS usuallyon VMs

2019 Skylines Academy, LLC. All rights reserved.Azure Active Directory Domain ServicesAADDS Provides managed domain services Allows you to consume domainservices without the need to patchand maintain domain controllers onIaaS Domain Join, Group Policy, LDAP,Kerberos, NTLM; all supported

2019 Skylines Academy, LLC. All rights reserved.Azure AD FeaturesEnterpriseIdentity SolutionSingle Sign-OnMultifactorAuthentication(MFA)Create a single identity forusers and keep them insync across the enterprise.Provide single sign-onaccess to applications andinfrastructure services.Enhance security withadditional factors ofauthentication.Self ServiceEmpower your users tocomplete password resetsthemselves, as well asrequest access to specificapps and services.

2019 Skylines Academy, LLC. All rights reserved.Password Sync Options Password Sync – Ensures user passwords are the same inboth directories (AD DS and Azure AD) Passthrough Authentication – Easy method to keep usersand passwords aligned. When a user logs into Azure AD,the request is forwarded to AD DS. Essentially, a singlesource. AD FS – Use AD Federation Services server to fullyfederate across AD DS and Azure AD, along with otherservices.

2019 Skylines Academy, LLC. All rights reserved.Design AuthenticationCloud AuthenticationFederated AuthenticationCloud-OnlyAD FSPassword Hash Sync Seamless SSO3rd Party FederationProvidersPass-ThroughAuthentication Seamless SSO

2019 Skylines Academy, LLC. All rights reserved.Azure HD Hybrid Identity with Password Hash SyncUserExperienceEffort Least effort requiredPart of AD ConnectSync process that runsevery 2 minutes. Deploy seamless SSOeliminating unnecessaryprompts after usersigns in.OtherConsiderationsBusinessContinuity Highly available as thecloud service scaleswith Microsoftdatacenters.Deploy additional ADConnect server instaging mode in astandby configuration. No immediateenforcement in onpremises account statechanges. Considerrunning an immediatesync after bulk updates.

2019 Skylines Academy, LLC. All rights reserved.Azure HD Hybrid Identity with Pass-through authenticationUserExperienceEffort Need 1 or more(recommend 3) agentsinstalled on existingservers.Must have access toon-premises ADcontrollers.Need outbound accessto internet Deploy seamless SSOeliminating unnecessaryprompts after usersigns in.OtherConsiderationsBusinessContinuity Recommended todeploy 2 extra passthrough agents forredundancy.Deploy password hashsync as a backupmethod. Consider passwordhash sync as a backupmethod.Remember passthrough auth enforceson the on-premisesaccount policy at thetime of sign in.

2019 Skylines Academy, LLC. All rights reserved.Azure RBAC Built-in RolesOwnerContributorReaderOther RolesFull access to all resources,including the right todelegate access to othersCan create and manage alltypes of Azure resources,but cannot grant access toothersCan view existing Azureresources, but cannotperform any other actionsagainst irectory/role-basedaccess-built-in-roles

2019 Skylines Academy, LLC. All rights reserved.Azure RBAC Built-in Roles(continued)Role NameDescriptionAPI Management Service ContributorCan manage API Management service and the APIsAPI Management Service Operator RoleCan manage API Management service, but not the APIsthemselvesAPI Management Service Reader RoleRead-only access to API Management service and APIsApplication Insights Component ContributorCan manage Application Insights componentsAutomation OperatorAble to start, stop, suspend, and resume jobsBackup ContributorCan manage backup in Recovery Services vaultBackup OperatorCan manage backup except moving backup in RecoveryServices vaultBackup ReaderCan view all backup management ive-directory/role-based-access-built-in-roles

2019 Skylines Academy, LLC. All rights reserved.Azure RBAC Built-in Roles(continued) Roles include various actions Action defines what type of operations you can perform on agiven resource type– Write enables you to perform PUT, POST, PATCH, and DELETEoperations– Read enables you to perform GET operations Use PowerShell to get latest rolesGet latest rolesGet-AzureRMRoleDefinition

2019 Skylines Academy, LLC. All rights reserved.RBAC Custom RolesCreate if none ofthe built-in roleswork for youEach tenant canhave to 2000rolesUse “Actions”and “NotActions”Assignablescopes:-Subscriptions- Resource Groups- Individual Resources

2019 Skylines Academy, LLC. All rights reserved.What is Privileged Identity Management (PIM)UsersPrivileged User(E.g. Subscription Owner,AAD Global Admin)Azure ResourcesAzure Active DirectorySaaS AppsOffice 365

2019 Skylines Academy, LLC. All rights reserved.Key Features of Azure PIM Visibility into users with privileged access– Azure Resources– Azure AD Enable on-demand administrative accessView administrator historySetup alertsRequire approvals (via workflows)

2019 Skylines Academy, LLC. All rights reserved.PIM RolesRoleDescriptionPrivileged Role AdministratorCan manage role assignments in Azure AD, and all aspects ofPrivileged Identity Management.Security AdministratorCan read security information and reports, and manageconfiguration in Azure AD and Office 365. First person to use PIM is assigned the Security Administrator andPrivileged Role Administrator roles. Only Privileged Role Administrators can manage Azure AD directory roleassignment of users.

2019 Skylines Academy, LLC. All rights reserved.Assigned Roles (Directory vs Resource)Directory RolesResource Roles Azure AD Roles E.g. Global Admin etc. Roles can be “eligible” or“permanent” Use Azure RBAC Built-in or custom roles E.g. Subscription Admin etc.

2019 Skylines Academy, LLC. All rights reserved.Microsoft Recommended Process Stage 1 (24-48 hours): Critical items that we recommend you do rightaway Stage 2 (2-4 weeks): Mitigate the most frequently used attack techniques Stage 3 (1-3 months): Build visibility and build full control of admin activity Stage 4 (six months and beyond): Continue building defenses to furtherharden your security oles-secure

2019 Skylines Academy, LLC. All rights reserved.Structured Data Adheres to a schema All the data has the same field orproperties Stored in a database table with rowsand columns Relies on keys to indicate how onerow in a table relates to data inanother row of another table Referred to as “relational data”

2019 Skylines Academy, LLC. All rights reserved.Semi-Structured Data Doesn’t fit neatly into tables, rows andcolumns. Uses tags or keys to organize andprovide a hierarchy for the data. Often referred to as NoSQL or nonrelational data

2019 Skylines Academy, LLC. All rights reserved.Unstructured Data No designated structure No restrictions on the kinds of data itcan hold Example a blob can hold a PDF, JPEG,JSON, videos etc. Enterprises are struggling to manageand tap into the insights from theirunstructured data

2019 Skylines Academy, LLC. All rights reserved.Azure SQL Relational database-as-a-service Uses latest stable version ofMicrosoft SQL Create NEW or Migrate Existing databases using theMicrosoft Data Migration Assistant

2019 Skylines Academy, LLC. All rights reserved.Azure SQL Database – Key plifiedManagementMeasured in databasethroughput units (DTUs)Supporting existing SQLclient applications viatubular database stream(TDS) endpointThis includes SQL Serverspecific Azure tools

2019 Skylines Academy, LLC. All rights reserved.Azure SQL Database TiersBasicStandardPremiumSmall database with singleconcurrent userMedium-sized database thatmust support multipleconcurrent connectionsLarge databases that mustsupport a large number ofconcurrent connections andoperations Small dbsSingle active operationDev / TestSmall scale apps5 DTU Good option for cloud appsMultiple operationsWorkgroup or web apps10-100 DTU High transaction volumesLarge number of usersMultiple operationsMission critical apps100-800 DTU

2019 Skylines Academy, LLC. All rights reserved.Third-party Databases in Azure – Managed Managed database options:Build-in HA at no additional costPredictable performancePay-as-you-goAuto-scalingEncryption at-rest and in-transitAutomatic backups with point-intime-restore for up to 35 days– Enterprise-grade security andcompliance––––––

2019 Skylines Academy, LLC. All rights reserved.Third-party Databases in Azure – Non-managed Non-managed database options:– Windows Azure VMs hosting MySQLinstallations– Linux Azure VMs hosting MySQLinstallations– ClearDB offering managed MySQLinstance

2019 Skylines Academy, LLC. All rights reserved.vCore Pricing ModelvCore Pricing ModelvCore Generations Lets you independently scalecompute and storage resources Match on-premises performance Optimize price Lets you choose specificgeneration of hardware Gen4: Up to 24 logical CPUs basedon Intel E5-2673 v3 (Haswell) 2.4GHz processors, vCore 1 PP(physical core), 7 GB per core,attached SSDGen5: Up to 80 logical CPUs basedon Intel E5-2673 v4 (Broadwell) 2.3GHz processors, vCore 1 LP(hyper-thread), 5.1 GB per core, fasteNVM SSD

2019 Skylines Academy, LLC. All rights reserved.vCore Pricing Model TiersGeneral PurposeBusiness CriticalHyperscaleMost businessworkloads. Offersbudget-oriented,balanced, and scalablecompute and storageoptions.Business applicationswith high I/Orequirements. Offershighest resilience tofailures by usingseveral isolatedreplicas.Most businessworkloads withhighly scalablestorage and readscale requirements.

2019 Skylines Academy, LLC. All rights reserved.DTU Service TiersBasicStandardPremiumDevelopment and productionDevelopment and productionDevelopment and productionUptime SLA99.99%99.99%99.99%Backup retention7 days35 days35 daysLowLow, Medium, HighMedium, High2.5 IOPS per DTU2.5 IOPS per DTU48 IOPS per DTU5 ms (read), 10 ms (write)5 ms (read), 10 ms (write)2 ms (read/write)Columnstore indexingN/AS3 and aboveSupportedIn-memory OLTPN/AN/ASTarget workloadDevelopment and productionDevelopment and productionDevelopment and productionTarget workloadCPUIO throughput (approximate)IO latency (approximate)

2019 Skylines Academy, LLC. All rights reserved.Elastic Pool eDTU, Storage, and Pooled Database LimitsMaximum storage sizeper databaseMaximum storage sizeper poolMaximum eDTUs perdatabaseMaximum eDTUs perpoolMaximum number ofdatabases per poolBasicStandardPremium2 GB1 TB1 TB156 GB4 TB4 TB530004000160030004000500500100

2019 Skylines Academy, LLC. All rights reserved.Auditing for SQL Database and Data Warehouse Why Audit?– Maintain regulatory compliance– Understand DB activity– Gain deeper insights What it does?– Tracks DB events and writes themto an audit log– Utilize OMS workspace, StorageAccount, or Event Hubs

2019 Skylines Academy, LLC. All rights reserved.Azure SQL Database Auditing OverviewYou can use SQL database auditing to:RetainReportAnalyzeAn audit trail ofselected events.You candefine categories ofdatabase actions to beaudited.Report on databaseactivity using preconfigured reports anda dashboard to quicklyget started.Analyze reports, findunusual activity,suspicious events andtrends.

2019 Skylines Academy, LLC. All rights reserved.Azure SQL Database Auditing Overview Audit logs are written to Append Blobs in Azure Blobstorage on your Azure subscription All storage types (v1, v2, blob) are supported All storage replication configurations are supported Premium storage is currently not supported Storage in VNet is currently not supported Storage behind a Firewall is currently not supported

2019 Skylines Academy, LLC. All rights reserved.Server-level vs Database-level Auditing PoliciesServer LevelApplies to all existing and newly created databases on the server.If server blog auditing is enabled, it will always applied to thedatabase regardless of your database auditing settings.Policy for the specific database. Enabling on both the server andthe database does not change the server auditing. Both auditsexist in parallel.Database-levelAvoid unless you have a use case for that specific database andwant to send to a separate storage account or need a differentretention period.

2019 Skylines Academy, LLC. All rights reserved.Distributed Application CachingPrivate CachingShared CacheUsed when data is held locally on theinstance that is running theapplication or serviceCommon source that can be accessby multiple application processesand/or machines

2019 Skylines Academy, LLC. All rights reserved.Azure Redis Cache Implementation of the opensource Redis cache that runs as aservice in Azure Provides caching service for cloudservices or websites inside VMs Can be shared by clientapplications that have the accesskey

2019 Skylines Academy, LLC. All rights reserved.Azure Cosmos DB Globally Distributed DatabaseService Supports schema-less data Used to build highly responsiveAlways On applications withconstantly changing data

2019 Skylines Academy, LLC. All rights reserved.Azure Cosmos DB APIs Accessible via various APIs e.g:––––Document DB (SQL) APIMongoDB APIGraph (Gremlin) APITables (Key/Value) API Automatically partitioned for:– Performance– Storage capacity

2019 Skylines Academy, LLC. All rights reserved.Consistency LevelsStrongGuaranteed writeoperation onlycommitted and visibleon the primary after ithas been committedand confirmed by allreplicas.BoundedStalenessAllows to configurehow stale docs can bewithin replicas;staleness means thequantity or versioncount a replicadocument can bebehind a primarydocument.SessionConsistentPrefixGuarantees that allread and writeoperations areconsistent within auser session.Ensures changes areread in the order thatmatches the sequenceof the correspondingwrites.EventualOffers looserconsistency andcommits and writeoperations against theprimary immediately.Replica transactionsare asynchronouslyhandled and willeventually beconsistent with theprimary.

2019 Skylines Academy, LLC. All rights reserved.Choose a Consistency Strategy1. Stronger Consistency Level Ensures documents in replicas do not lagbehind the primary Recommended for applications that requireall replicas to exactly match the primary atany point in time Negative affect on the write operations2. Weaker Consistency Level Ensures the database operates at peakefficiency Recommended for all apps that require highperformance Read operations against a replica can returnstale data

2019 Skylines Academy, LLC. All rights reserved.Azure IoT Collection of Microsoft managedcloud services focused onconnecting, monitoring andcontrolling IoT assets IoT solutions are made up of 1 ormore IoT devices and 1 or moreback end services running in thecloud.

2019 Skylines Academy, LLC. All rights reserved.IoT Services in AzureIoT CentralIoT HubSaaS solution to help youconnect and manage yourdevicesUnderlying service neededto facilitate messagesbetween your IoTapplication and devicesIoT SolutionAcceleratorsComplete ready to deploysolutions that implementcommon IoT scenarios

2019 Skylines Academy, LLC. All rights reserved.SQL Data Warehouse Key component of a Big Data solution Cloud based Enterprise DataWarehouse (EDW) that uses MassiveParallel Processing (MPP) to runcomplex queries across petabytes ofdata. Stores data in relational tablesreducing storage costs and improvesperformance

2019 Skylines Academy, LLC. All rights reserved.HD Insight Fully managed open-source analyticsservice for enterprises Use the most popular frameworks likeHadoop, Spark, Hive etc. Scenarios:– Batch Processing (ETL)– Data Warehousing

2019 Skylines Academy, LLC. All rights reserved.Data Lake Analytics On-Demand job service that simplifiesbig data Pay only for your job when it is running You write queries to transform yourdata and extract insights

2019 Skylines Academy, LLC. All rights reserved.Data Integration with Azure Data Factory Manage exact-transform-load(ETL) and data integration service Facilitates data-drive workflows(pipelines) that carry out tasks:––––Connect and collectTransform and enrichPublishMonitor

2019 Skylines Academy, LLC. All rights reserved.Database ChoicesIF YOU WANT.USE THISA globally distributed multi-model database, with support for NoSQL choices, withindustry-leading performance and SLAsAzure Cosmos DBA fully managed relational database that provisions quickly, scales on the fly, andincludes built-in intelligence and securitySQL DatabaseA fully managed, scalable MySQL relational database with high availability and security Azure Database forbuilt in at no extra costMySQLA fully managed, scalable PostgreSQL relational database with high availability andsecurity built in at no extra costAzure Database forPostgreSQLTo host enterprise SQL Server apps in the cloudSQL Server on VirtualMachines

2019 Skylines Academy, LLC. All rights reserved.Database ChoicesIF YOU WANT.USE THISA fully managed, elastic data warehouse with security at every level of scale at noextra costHelp migrating your databases to the cloud with no application code changesSQL Data WarehouseHigh throughput and consistent low-latency data access to power fast, scalableapplicationsA NoSQL key-value store for rapid development using massive semi-structureddatasetsFast and highly scalable data exploration serviceAzure Cache for RedisA fully managed, scalable MariaDB relational database with high availability andsecurity built in at no extra costAzure Database forMariaDBAzure DatabaseMigration ServiceTable storageAzure Data Explorer

2019 Skylines Academy, LLC. All rights reserved.Azure Blob Storage Unstructured storage for storingobjects Store images, video, and files ofany type Use cases: Streaming video and images direct touser Backup/DR of data Archiving

2019 Skylines Academy, LLC. All rights reserved.SMB File Storage – Azure File ServicesBenefits Easy way to create file shares Supports SMB 2.1 (unsecured) and 3.0(secured) Mount on Windows, Linux, or Mac Azure File Sync can be utilized to sync fileservers on-premises with Azure Files

2019 Skylines Academy, LLC. All rights reserved.Azure Table StorageTable Storage A NoSQL key-value store Schemaless design Structured or UnstructuredData Access using the Odataprotocol and LINQ queriesWCF Data Service AMECONTACTDATA N

2019 Skylines Academy, LLC. All rights reserved.Azure Queue StorageQueue Storage Provides a reliable mechanismfor storage and deliveringmessages for applications A single queue message can beup to 64 KB in size, and aqueue can contain millions ofmessages, up to the totalcapacity limit of a storageaccountAccountsQueuesMessages SALLY

AZ-301: Azure Architect Design. ved. Exam Overview. ved. Exam Tips 40-60 Questions Some questions worth more than 1 point Answer ALL the questions. There is no penalty. Plan for 180 . Data Architecture Guide. ved. Compliance and Security Requirements. ved. Shared Responsibility Model Security is a joint responsibility