Nützliche Web-Ressourcen
Azure Charts: https://azurecharts.com/
AZ-900 for everyone: https://marczak.io/az-900/
Microsoft Certified: Azure Fundamentals: https://docs.microsoft.com/de-de/learn/certifications/azure-fundamentals/
Vergleich Public Cloud Servcies: https://comparecloud.in/
AZ-900 questions: https://www.examtopics.com/exams/microsoft/az-900/view/
Microsoft Azure Well-Architected Framework: https://learn.microsoft.com/en-us/azure/architecture/framework/
Azure Overview
Azure Portal:
Intuitive, visual one-stop shop for managing all Azure resources. It is a web-based console and runs in the browser of all modern desktops and tablet devices. To use the portal, JavaScript has to be enabled on the browser. It is recommend not using ad blockers in browsers because they may cause issues with some portal features.
- Recommended Browsers
- Microsoft Edge (latest version)
- Safari (latest version, Mac only)
- Chrome (latest version)
- Firefox (latest version)
- Mobile App
- Azure mobile app (iOS and Android)
Azure CLI:
⇒ Stable: Text commands don´t change and the CLI is in a stable state.
⇒ Structure: CLI commands are structured very logically and all follow the same pattern.
⇒ Cross Platform: The CLI works on Windows, Mac and Linux.
⇒ Automation: It is simple to automate the CLI Commands for future use.
⇒ Logging: Keep track of who ran what command and when in various ways.
Azure PowerShell:
⇒ Cmdlet: A script that performs a specific task. For Example "New-AzVm" creates a new Virtual Machine.
⇒ Azure Resource Manager: PowerShell also uses the Resource Manager, like the Portal, to manipulate Azure resources.
⇒ Versatile: You can use PowerShell for many other tasks and areas. Not just for Azure.
Azure Cloud Shell:
Is an interactive, browser-accessible shell for managing Azure resources
⇒ Access: Access form anywhere using web or mobile app. Authenticated and secure.
⇒ Shell: Choose between Bash (Azure CLI) or PowerShell.
⇒ Tools: Included tools: interpreters, modules, Azure Tools. Language support for Node.js, .NET and Python.
⇒ Storage: Dedicated storage to persist data between sessions.
⇒ File Editor: A complete file editor.
Direct link: Open a browser to https://shell.azure.com.
Azure portal: Select the Cloud Shell icon on the Azure portal: https://portal.azure.com/
Azure Mobile Apps:
Android and iOS mobile apps to be alerted and respond to emergencies, or just perform general maintenance.
ARM Templates:
ARM templates to automate infrastructure setup and avoid human mistakes. They are idempotent, can be put into source control, and are declarative.
"economy of scale"
The ability to do things more efficiently or at a lower cost per unit when operating at a larger scale.
Cloud Concepts
Language of Cloud Computing
Describes stable and dependable cloud computing, the ability to adapt to changes in resource demand, user base and application usage.
⇒ High availability
⇒ Fault Tolerance
⇒ Disaster Recovery
⇒ Scalability
⇒ Elasticity
⇒ Agility
Language of Cloud Economics
CapEx and OpEx describes cost for computing. OpEx is cloud computing with a pay-as-you-go model.
Cloud Service Models
IaaS, PaaS and SaaS are cloud service models that pretty much all Azure products and services fall under. The shared responsibility model dictates whether you or Microsoft is responsible for a cloud service.
Azure Marketplace
An extra layer of functionality for your cloud applications, by letting users use and integrate third-party products and services.
Cloud Architecture Models
Private, public and hybrid approaches to using cloud computing for your business.
Azure Architecture
Regions and Availability Zones
- Azure Region
- A set of data centers that are close enough to each other that it doesn´t matter which datacenter your data is in. Latency is the time it takes for data to travel
- Availability Zone
- Within a region and each zone has its own separate power, cooling and networking. Used for protecting data from failures.
Resource Groups and Azure Resource Manager
- Resource Groups
- All resources belong to a resource group.
- It isn´t a resource, but helps structure your Azure architecture
- Azure Resource Manager (ARM)
- All interaction with Azure resources go through the ARM. It is the main Azure Architecture component for creating, updating and manipulating resources.
Azure Compute
- Virtual Machines
- A virtual machine is your machine exclusively.
- You don´t buy, own or control any hardware. Azure does this.
- Virtual machines are an IaaS offering, where you are responsible for the entire machine.
- Azure virtual machines take advantage of Azure tools
- Pricing goes up as resources go up, and you pay by the hour.
- Scale Sets
- Multiple VMs: Simple to manage multiple identical VMs using a load balancer.
- High Availability: If one VM fails or stops, the others in the scale set will keep working.
- Auto Scaling: Automatically match demand by adding or removing VMs from the scale set.
- Large Scale: Run up to 1000 VMs in a single scale set.
- No Extra Cost: No added cost for using scale sets.
- App Services (easy way to host and manage your web application)
- Web Apps: Website and online applications hosted on Azure´s managed platform
- Web Apps for Containers: Deploy and run containerized applications in Azure
- API Apps: Expose and connect your data backend
- Azure Container Instances (ACI)
- Manage Application Dependencies: All the dependencies for an application are included in the container image. You can manage the application and its dependencies with confidence.
- Less Overhead: Virtual machines require a lot more maintenance and updates. Containers don´t have any components relating to the operating system that require maintenance.
- Increased Portability: Applications running in containers can be deployed easily to multiple different operating systems and hardware platforms.
- Efficiency: Development, deployment and maintenance are all more efficient when using containers. Scaling and patching is much simpler
- Consistency: The operations team can rely on containers being the same every time, no matter which target they are being deployed to.
- Azure Kubernetes Service
- Open-source tool for orchestrating and managing many container images and applications.
- Uses clusters and pods to scale and deploy applications
- Azure Virtual Desktop
- 100% virtualized Windows 10 or Windows 11.
- Access with any devcie that has a browser and internet connection.
- Reuse licenses to save some bananas.
- Functions
- Serverless Azure offering
- Smallest Compute service on Azure
- A single function of compute
- Called, or invoked, via a standard web address (URL)
- Runs once and stops
Azure Networking
- Virtual Network
- An address space is a range of IP addresses you can use for your resource.
- A subnet is a smaller network, which is part of your VNet. Use these for security and logical division of resources
- A VNet is in a single region and single subscription
- VNets in the cloud can scale, have high availability and isolation
- Load Balancer
- Internet Traffic
- Balance the load of incoming Internet traffic into a system or application
- Internal Networks
- A load balancer works well with internal applications
- Port Forwarding
- Traffic can be forwarded to a specifi machine in the backend pool
- Outbound Traffic
- Allow outbound connectivity for backend pool VMs.
- Internet Traffic
- VPN Gateway (VPN Gateways are instrumental in a hybrid cloud architecture)
- A VPN Gateway is a specific VNet Gateway. It consists of two or more dedicated VMs
- VNet Gateway + "vpn" becomes a VPN Gateway
- Sends encrypted data between Azure and on premises network.
- Azure Gateway Subnet, secure tunnel and on-premises gateway makes up a VPN Gateway scenario.
- Application Gateway
- It works on the HTTP request of the traffic, instead of the IP address and port.
- Traffic from a specific web address can go to a specific machine.
- Is a fit for most other Azure services
- Supports auto-scaling, end-to-end encryption, zone redundancy and multi-site hosting
- Content Delivery Network (CDN)
- Cache
- Collection of temporary copies of original files.
- The primary purpose is to optimize speed for an application.
- When a copy expires, a new copy is needed.
- Origin Server
- The original location of the files, such as a web application.
- It is the master copy of your application.
- Cache
- ExpressRoute
- Create private connections between Microsoft datacenters and infrastructure that's on your premises or in a colocation facility
- ExpressRoute connections don't go over the public Internet.
- Low Latency
- Fast Connection
Azure Storage (Link zu MSFT)
Benefits
- Durable and highly available.
- Secure.
- Scalable.
- Managed.
- Accessible
Azure Storage data services
- Blob
- General storage for anything you´d like.
- Block, append and page varieties.
- Blob is inside a container, which is inside a storage account.
- Hot, cool or archive price tiers.
- Disk
- A disk is generally attached to a VM.
- A managed storage service.
- Choose HDD, SSD, Premium SSD or Ultra Disk
- File
- Mitigating on-premises file storage solutions.
- Use to have highly available and super resilient storage that can be shared easily.
- Archive
- A very cheap way to store massive amounts of data.
- It is also a blob storage type
- Azure storage redundancy types
- Locally redundant storage (LRS)
- Geo-redundant storage (GRS)
- Read-access geo-redundant storage (RA-GRS)
- Zone-redundant storage (ZRS)
- Geo-zone-redundant storage (GZRS)
- Read-access geo-zone-redundant storage (RA-GZRS)
Azure Database
- Cosmos DB
- Globally distributed database
- Super fast and easy to manage
- Can be costly
- Scale to infinite performance and size
- Azure SQL
- Fully managed
- Using stable Microsoft SQL Technology
- Compatible with on-premises SQL servers
- Azure Database for MySQL
- Very robust
- Very stable
- Very popular
- Community driven
- Open-Source
- Azure Database for PostgreSQL
- Azure offers a managed version
- Very popular
- Enterprise features (e.g. horizontal scaling)
- Database Migration Services
- Migration of almos any kind of database to Azure SQL or SQL Server
- Guides
- Step-by-Step Instructions
- Comprehensive documentation
Azure Authentication and Authorization
- Identity Services
- Authentication
- Making sure you are you
- Confirming identity
- First test for access
- Authorization
- Comes after authentication
- Do you get access?
- Granular control
- Authentication
- Azure Active Directory (AAD)
- Is Fundamental
- You can´t use Azure without AAD.
- AAD is not the same as Active Directory (AD).
- First service of every new account will be an Azure Active Directory instance.
- Tenant:
- special instance of AAD
- first instance when a new Azure Account is set up.
- A user can be a member or guest in up to 500 tenants.
- Is Fundamental
- Multi-Factor Authentication
- An extra layer of security using something you know, something you have and something you are.
- Single Sign-On
- Use a single username and password to log in to multiple applications using Azure Active Directory.
Azure Solutions
- Internet of Things
- IoT. is a network of millions of connected devices that function without human intervention. IoT Hub collates and manages data feeds as a PaaS product. IoT Central is a SaaS offering with templates and dashboards for a quick start.
- Big Data
- Processing and storage of very large data sets, Azure has Data Lake Analytics and HDInsight. This can lead to reduced cost, better decisions and new products.
- Machine Learning
- Use rules and models to train your AI implementation. Azure Machine Learning Studio has pre-made models and tools to help you get started. Azure Machine Learning Service is a collection of tools
- Serverless
- You are using someone else´s servers. Azure Function is a single unit of compute. Azure Logic Apps can connect data feeds and applications. Azure Event Grid is a network to route events between applications
- DevOps
- Azure DevOps has 5 tools: Boards, Pipelines, Repos, Test Plans and Artifacts. Use one or more in your workflow. Azure DevTest Labs lets you create full development and test environments easily and cost efficiently. GitHub and GitHub actions are tools that are similar to Azure DevOps.
Azure Security
- Defense in Depth
- Different Layers for Protection
- Physical
- Identity and Access
- Perimeter
- Network
- Compute
- Gateways and Firewalls
- Data
- Different Layers for Protection
- Securing Network Connectivity
- Firewall
- Rules: A firewall defines rules for what kind of traffic can and cannot access the devices of services behind it.
- Variations: Firewalls comes as hardware and software versions. They can suit any type and size of network.
- Critical Part: Any network that take security serious will have a firewall.
- Firewall
- DDoS Protection Service
- Many Internet-Connected Devices
- A lot of computers and other connected devices target a single website to make it stop. GitHub had a 127M request per second attack!
- Protection
- Detects the DDoS attack and deflects it. Various levels of protection depending on scenario.
- No Downtime
- There is no interruption to your service at all. Azure will mitigate the attack globally.
- Network Security Group (NSG)
- Filter network traffic between Azure resources in an Azure virtual network.
- Contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
- Many Internet-Connected Devices
- Resource Firewall
- Personal resource firewall. Attach to virtual network, subnet or network interface
- Rules
- A NSG determines who can access the resources attached to it, using rules for inbound and outbound traffic.
- Application Security Groups
- Protects Application Infrastructure
- Focus the security on the application rather than the IP endpoint.
- Natural Extension
- Group VMs and virtual networks into logical application groups and apply an application security group.
- Protects Application Infrastructure
- Microsoft Defender for Cloud
- Threat Alerts
- Ready for Hybrid architectures
- Each VM has an agent installed that sends data
- Azure analyzes the data and alerts you if necessary
- Regulatory Compliance
- Resource Security Hygiene
- Key Vault
- Secure Hardware
- The Key Vault hardware is secure too. Not even Microsoft can access the keys in it.
- Secrets Management - Azure Key Vault can be used to Securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets
- Key Management - Azure Key Vault can be used as a Key Management solution. Azure Key Vault makes it easy to create and control the encryption keys used to encrypt your data.
- Certificate Management - Azure Key Vault lets you easily provision, manage, and deploy public and private Transport Layer Security/Secure Sockets Layer (TLS/SSL) certificates for use with Azure and your internal connected resources.
- Application Isolation
- An application can´t pass on secrets, nor access another application´s secrets.
- Global Scaling
- Scale globally like any other managed Azure service.
- Secure Hardware
- Azure Information Protection
- Classify Data
- Classify data according to how sensitive it is either using policies, or manually.
- Track Activities
- Track what is happening with shared data and revoke access if needed.
- Share Data
- Safely share data as you can control who edits, views, prints and forwards it.
- Integration
- Controls for document access is integrated with common applications and tools, such as Microsoft Office.
- Classify Data
- Microsoft Defender for Identity
- You secure and manage users of your organization. Monitor user´s behaviour, create a baseline of this behaviour and report on any anomalies from it.
- Azure Sentinel
- Collect, aggregate, analyze, and present security issues automatically for you to take action.
- Azure Dedicated Hosts
- Your own dedicated Azure hardware to install Windows, Linux or SQL Server VMs on. Gives you control without losing cloud benefits like scaling, scale sets, fault isolation and availability zones.
Azure Privacy, Compliance and Trust
- Governance
- Azure Policy, role-based access control (RBAC), resource locks, and Azure Blueprints
- Azure Monitor
- Collect telemetry data from resources, which you can analyze. Maximize performance and availability and identifiy issues.
- Monitoring Tools
- Gain insights and receive alerts when something goes wrong with Log Analytics, Application Insights, and Azure Monitor alerts.
- Azure Service Health
- Notifies you about any planned and unplanned incidents on the Azure platform
- Compliance
- Comply with GDPR and adhere to ISO and NIST standards. Use Compliance Manager to manage compliance. Azure Government and China regions.
- Privacy
- Core part of Azure and its products. Azure Information Protection. Azure Policy, and the GDPR guide are all privacy tools.
- Trust
- Trust Center
- Learn about Microsoft´s effort on security, privacy, GDPR, data location, compliance and more.
- A hub for more information about trust in each product and service
- Service Trust Portal
- Review all the independent reports and audits performed on Micorosft´s products and services.
- Azure complies with more standards than any other cloud provider.
- Trust Center
Azure Pricing
- Subscriptions
- Every resource belongs to a subscription. An Azure account can have multiple subscriptions. Billing admins control costs. Management groups help you keep track of many subscriptions in an account.
- Cost Management
- Use free accounts and Azure Cost Management to keep costs as low as possible and optimize resources.
- Pricing Factor
- Resource size, resource type, location of the service and bandwidth used all affect the price of a service.
- Azure Pricing Calculator and Total Cost of Ownership Calculator can help predict costs.
- Best Practices
- Use spending limits, quotas for services, tags to order resources and reserved instances to manage costs and get the best price.
Azure Support
- Plans
- Basic, developer, standard, professional direct, and premier tiers.
- The more you pay the more benefits and lower response times.
- Tickets
- A unique reference for a support issue. Create tickets through the Azure portal
- Channels
- Use the Azure documentation, Azure forums and social media accounts to get free support from Microsoft and the community.
- Azure on Q&A
- A collection of the most common questions. Search the Azure Q&A site and find a lot of answers.
- Service Level Agreement
- A contract between you and Azure documenting Microsoft´s commitment for uptime and connectivity.
- Service Lifecycle
- Azure services can be in private preview and public preview, before they become generally available. Watch the Azure Updates feed for new products, features and more.