WIXLIB

AZ-900 Microsoft AzureFundamentalsScott Duffy, Instructor 2019 Scott Duffy, softwarearchitect.ca get the course for these slides at:https://www.udemy.com/az900-azure/?couponCode SLIDESDISC

Microsoft Azure Fundamentals“foundational level knowledge of cloud services and how those services areprovided with Microsoft Azure”

Microsoft Azure Fundamentals Candidates with non-technical backgroundsCandidates with a technical background who have a need to validate theirfoundational level knowledge around cloud services

Microsoft Azure Fundamentals Understand cloud conceptsUnderstand core Azure servicesUnderstand security, privacy, compliance and trust Understand Azure pricing and support

You’ll be preparedto take an pass theAZ-900 exam

But you don’t haveto, if you just wantto learn cloudconcepts

What is the Cloud?

The ability to rentcomputingresources on demand

What Computing Resources?Virtual MachinesUnlimited StorageDatabasesQueuesContent Delivery NetworkBatch Processing Jobs

What Computing Resources?Big Data - HadoopMedia ServicesMachine LearningChat BotsCognitive Services

1000 Azure Service options

Understand Cloud Concepts(15-20%)

High Availability

Expressed as a percentage,it’s the ability of a system torespond to users

99.99%Four nines, 4 minutes per month

Scalability

The ability of a system tohandle growth of users orwork

App failureMax capacityNumber of concurrent users

Elasticity

The ability of a system toautomatically grow andshrink based on applicationdemand

capacityUserdemand

Agility

The ability to change rapidlybased on changes to marketor environment

Fault Tolerance

The ability of a system tohandle faults like power,networking, or hardwarefailures

Disaster Recovery

The ability of a system torecover from failure within aperiod of time, and howmuch data is lost

Economies of Scale

It’s cheaper for Microsoft torun a server than you canever achieve yourself

Capital Expenditure (CapEx) andOperational Expenditure (OpEx)

CapEx is money invested inassets (like computers) thatreturn investment over time

OpEx is money spent everyday on operating expenses

Consumption-Based Model

Pay per minutePay per hourPay per execution

Infrastructure-as-a- Service (IaaS)

Virtual machines, networking,load balancers, firewalls

Platform-as-a-Service (PaaS)

Upload code packages andhave them run, without accessto the hardware

Software-as-a-Service (SaaS)

Access to configuration only

Compare and Contrast

Public cloud

Computing services offeredover the public Internet;anyone can sign up

Private cloud

Computing services offered toonly select users; internal orcorporate cloud

Hybrid cloud

Combination of public andprivate clouds; scale privateinfrastructure to the cloud

Compare and Contrast

Public vs private vs hybrid

AZ-900 Microsoft AzureFundamentalsScott Duffy, Instructor 2019 Scott Duffy, softwarearchitect.ca get the course for these slides at:https://www.udemy.com/az900-azure/?couponCode SLIDESDISC

Understand Core Azure Services(30-35%)

Regions

54Regions - not all accessible by everyone

Availability Zones

Resource Groups

Azure Resource Manager (ARM)

Core Azure architecturalcomponents

ComputeVirtual MachinesVirtual Machine Scale SetsApp ServiceFunctions

NetworkingVirtual NetworkLoad BalancerVPN GatewayApplication GatewayContent Delivery Network

StorageAzure Storage - Blob, File, Table, QueueManaged DiskBackup and Recovery Storage

DatabasesCosmos DBAzure SQL DatabaseAzure Database Migration serviceAzure SQL Data Warehouse

Azure Marketplace

Internet of Things (IoT)IoT FundamentalsIoT HubIoT Central

Big Data and AnalyticsSQL Data WarehouseHDInsightData Lake Analytics

Artificial Intelligence (AI)Azure Machine Learning ServiceStudio

ServerlessAzure FunctionsLogic AppsApp grid

Azure ToolsAzure CLIPowerShellAzure Portal

Azure Advisor

AZ-900 Microsoft AzureFundamentalsScott Duffy, Instructor 2019 Scott Duffy, softwarearchitect.ca get the course for these slides at:https://www.udemy.com/az900-azure/?couponCode SLIDESDISC

Understand Security, Privacy,Compliance, and Trust (25-30%)

Azure Firewall

Azure DDoS Protection

Network Security Group (NSG)

Choose an appropriate Azuresecurity solution

All virtual networksubnets should useNSG

It’s a strong lock onwindows and doorsthat you don’t use

DDoS - as neededor after attacked

ApplicationGateway with WAF

Security throughlayers

The difference betweenAuthentication and Authorization

Authentication is a userproving who they are user id and password

Authorization is ensuringthat a user is permitted toperform an action

Move away from allauthenticated usershaving adminaccess

Azure Active Directory

Identity as a service(IDaaS)

Microsoft’spreferred solutionfor identitymanagement

Complete solutionfor managing users,groups, roles

Single-sign on

Synchronize withyour corporate AD

Azure Multi-Factor Authentication

First factor is youruser id - might beeasy to guess

Second factor isyour password hopefully hard toguess

(Also hopefullyunique)

Third factor is thatyou have yourphone on you

SMS, authenticatorapp, phone call

Azure Security

Physical vs digitalsecurity

Shared security model

Azure AD

MFA

Role-Based AccessControl (RBAC)

Layered approach

Security Layers Data - i.e. virtual network endpoint Application - i.e. API Management Compute - i.e. Limit Remote Desktop access, Windows Update Network - i.e. NSG, use of subnets, deny by default Perimeter - i.e. DDoS, firewalls Identity & access - i.e. Azure AD Physical - i.e. Door locks and key cards

Azure Security Center usagescenarios

Unified security managementand advanced threatprotection

Free tier andStandard tier

Key Vault

Central, secure repository foryour secrets, certificates andkeys

Azure Information Protection(AIP)

Apply labels toemails anddocuments

i.e. Confidential,Super Confidential,Top Secret

Used to protectdocuments frombeing viewed,printed and/orshared

Azure Advanced ThreatProtection (ATP)

Monitor and profileuser behavior andactivities

Protect useridentities andreduce the attacksurface

Identify suspiciousactivities andadvanced attacks

Investigate alertsand user activities

Azure Policy

Governance

Create rules acrossall of your Azureresources

Evaluatecompliance tothose rules

Examples of Built-In Policies Require SQL Server 12.0 Allowed Storage Account SKUs Allowed Locations Allowed Virtual Machine SKUs Apply tag and its default value Not allowed resource types

Can create custompolicies using JSONdefinition

Policy Initiatives

A set of policies,grouped together

“Every resource andresource groupmust have thesefive tags.”

10 policies thatneed to be enforced

Grouped togetheras a policy initiative

Role-Based Access Control(RBAC)

Microsoftrecommendedsolution for accesscontrol

Create roles thatrepresent thecommon tasks ofthe job

AccountantDeveloperBusiness Lead

Assign granularpermissions to thatrole

Assign users to thatrole

Do not assigngranularpermissions to anindividual

ReaderContributorOwner

Locks

Read OnlyCan Not Delete

Using RBAC, youcan restrict whohas access to locks

Azure Advisor security assistance

Azure Monitor

Azure Service Health

Azure Monitor vs Azure ServiceHealth

Azure Monitorcollects all the datafor you to analyzeand create alerts on

Specific to yourapplication, youractions

Azure ServiceHealth are generalalerts across all ofAzure

Compliance terms such as GDPR,ISO and NIST

Many differentstandards fortechnology acrossthe world

Microsoft claims tobe in compliancewith many of them

And has tools tohelp you be incompliance withothers

General Data Protection Regulation (GDPR)GDPR is a new set of rules designed to give EU citizens more control over theirpersonal dataAffects companies outside of the EU that handle EU citizen’s dataData has to be collected legally under strict conditionsData has to be protected misuseReporting obligations is data is mishandled

ISO - International Organization for Standardization

ISO 9001:2015 isfor QualityManagementSystems (QMS)

ISO/IEC20000-1:2011 is forServiceManagementSystems (SMS)

NIST Cybersecurity Framework (CSF)National Institute of Standards and Technology (NIST)Audited for compliance to security and privacy processes

Microsoft Privacy Statement

privacy.microsoft.com

Trust center

ervices/azure

Service Trust Portal

servicetrust.microsoft.com

Compliance Manager

workflow-based riskassessment tool .to help you manageregulatorycompliance

Azure Government services

Separate account

For US governmentagencies - federal,state and local

Department ofDefence (DoD) hasits own too

Isolated datacenters separatefrom the Azurepublic cloud

Meets standardsspecific togovernment

FedRAMP, NIST800.171 (DIB), ITAR,IRS 1075, DoD L4,and CJIS

portal.azure.us

Different URLs forconnecting tostorage, functions,etc.

Azure Germany services

Separate account

Data remains inGermany

Strictest EU dataprotection

German Datatrustee

START HERE

AZ-900 Microsoft AzureFundamentalsScott Duffy, Instructor 2019 Scott Duffy, softwarearchitect.ca get the course for these slides at:https://www.udemy.com/az900-azure/?couponCode SLIDESDISC

Understand Azure Pricing andSupport (25-30%)

Azure Subscription

Subscription is abilling unit

Users have accessto one or moresubscriptions, withdifferent roles

All resourcesconsumed by asubscription will bebilled to the owner

Can be used toorganize resourcesinto completelydistinct accounts

Managementgroups

Purchasing Azure products andservices

Purchase from Microsoft Pay as you go Enterprise Agreement

NegotiatedMinimum SpendAnnualCustom Prices

Purchase from a Microsoft Partner Microsoft Cloud Solution Provider (CSP)

Azure Free account

http://azure.microsoft.com/free

US 200 credit forthe first 30 days

12 months of freeservices

Some services arealways free

Factors affecting costs

Different servicesare billed based ondifferent factors

Free services

Free servicesResource groupsVirtual network (up to 50)Load balancer (basic)Azure Active Directory (basic)Network security groupsFree-tier web apps (up to 10)

Pay per usage(consumptionmodel)

Opportunity for cost savingsAzure Functions: 1 million executions free per month 0.20 per million executions Cheapest virtual machine is 20 per month

Pay per usage servicesFunctionsLogic AppsStorage (pay per GB)Outbound bandwidthCognitive Services API

Pay for time (persecond)

Per second billingmeans billing stopswhen the VM isstopped *

Stability in pricingPay a fixed price per month for computing power or storage capacityWhether you use it or notDiscounts for 1-year or 3-year commitment in VM (Reserved Instances)Multi-tenant or isolated environment

Pay for bandwidth

First 5 GB is free

Inbound data is free

Bandwidth costsOutbound data, 0.05 to 0.087 / GB for Zone 1 (NA and EU w/o Germany)Outbound data, 0.057 to 0.10 / GB for DE Zone 1 (Germany)Outbound data, 0.08 to 0.12 / GB for Zone 2 (Asia, Africa and Oceania)Outbound data, 0.16 to 0.181 / GB for Zone 3 (Brazil)(Availability zone pricing is different)

1 PB of datatransfer 52,000

Zones for billing purposes

Zone is ageographicalgrouping of AzureRegions for billingpurpose

Zone 1United States, Europe, Canada, UK, France

Zone 2Asia Pacific, Japan, Australia, India, Korea

Zone 3Brazil South

DE Zone 1Germany Central, Germany Northeast

Pricing calculator

or/

Estimates are hardto make 100%accurate

Configurable OptionsRegionTierSubscription TypeSupport OptionsDev/Test Pricing

Export and sharethe estimate

Total Cost of Ownership (TCO)calculator

The cost of a serveris more than justthe cost of thehardware

Other costs Electricity Cooling Internet connectivity Rack space Setup labor Maintenance labor Backup

ulator/

Best practices for minimizingAzure costs

Azure Advisor costtab

Auto shutdown ondev/qa resources

Utilize cool/archivestorage wherepossible

Reserved instances

Configure alertswhen billingexceeds anexpected level

Use Policy torestrict access tocertain expensiveresources

Auto scalingresources

Downsize whenresourcesover-provisioned

Ensure everyresource has anowner (tags)

Azure Cost Management

Another free toolinside Azure toanalyze spending

Analyze spendingover time

Tracking againstbudgets

Schedule reports

Support plans