AZ-900+Slides Skylines+Academy v2

© 2019 Skylines Academy, LLC. All rights reserved.
AZ-900: Azure Fundamentals

Understand Cloud Concepts

Traditional Datacenter
Cloud Computing Overview
What is Cloud Computing?
• Cloud computing is about “renting” resources vs purchasing

hardware
• Pay for what you use
• Run your applications in someone else’s datacenter
• Cloud provider is responsible for the physical hardware and
facilities necessary to execute your work
• Cloud provider responsible for keeping the services they
provide up-to-date
Core Cloud Services
Compute Storage Networking
Application
Analytics
Services
Scalability
• Increase or decrease resources based on

workload demand
• Vertical Scaling
• Also known as scaling up
• Add additional resources to increase the
power of the workload
• E.g. Add additional CPUs to a Virtual
Machine
• Horizontal Scaling
• Also known as scaling out
Scalability
Vertical Scaling
Horizontal Scaling
Elastic
• Major pattern which benefits from cloud computing

• As your workload changes, resources can be changed to compensate (up
or down)
• Example: Seasonal demand for retail web site
High Availability (HA)

What is an SLA?
“A Service Level Agreement (SLA) is an

agreement with the business and
application teams on the expected
performance and availability of a
specific service.”
General SLA Practices
• Define SLA’s for each workload

• Dependency mapping
• Make sure to include internal/external dependencies
• Identify single points of failure
• Example – workload requires 99.99% but depends on a service that is
only 99.9%
Key Terms
Mean Time To Mean Time Recovery Point Recovery Time

Recovery Between Objective Objective
(MTTR) Failures (MTBF) (RPO) (RTO)
• Average time to • Average time between • Interval of time in • Time requirement for
recover service from outages which data could be recovery to be
an outage lost during a recovery. completed in before
E.g. 5 minute RPO there is business
means up to 5 minutes impact.
of data could be lost.
Disaster Recovery and Fault Tolerance
Fault Tolerance Disaster Recovery

• Redundancy is built into • Planning for catastrophic
services so that if one failure of workload
component fails, another • Region to region Failover
takes its place. • On-Premises to cloud
• Reduces impact when failover
disasters occur. • Automation and
Orchestration
HA Examples
Host Outage Cross Region Deployment

• When an underlying host • An application is deployed in
has a catastrophic failure, a configuration to be highly
the virtual machine will available across regions.
automatically be restarted • When a service in one
on another host. region has an outage, traffic
• Availability Sets and Zones can continue to run in the
further increase the second region.
availability.
Cloud Service Models

X as a Service…
Cloud Service Models
Cloud Economics
Economies of Scale
Cloud Benefits
• Cloud providers can pass on
economies of scale to
consumers
• Acquire hardware at lower
Economies of scale is the ability to do costs
things more efficiently or at a lower-
cost per unit when operating at a • Local Government deals
larger scale.
• Datacenter efficiencies
Capex vs Opex
Capital Expenditure Operational Expenditure

(CapEx) (OpEx)
• Spending on infrastructure is • No up-front cost
completed upfront • Pay for service as you
• Cost written off over a consume it
period of time • Deduct from tax bill in same
year as expense occurs
Typical On-Premises CapEx Costs
Server Costs Storage Costs Network Costs
Backup and Datacenter Costs

Archive Costs (including DR)
Typical Opex Costs for Cloud Computing
Server Lease Software and Usage/Demand

Costs Feature Leases Cost Scaling
CapEx vs OpEx Benefits
CapEx Benefits OpEx Benefits

• Predictability • Try and buy
• Cost effective when you can • Low initial costs
consume the infrastructure • Demand fluctuation
quickly
Cloud Deployment Models

• Common Deployment Model

• Azure, AWS, GCP are examples of
Public Cloud providers
Public Cloud • Everything runs on your cloud
providers hardware
Public Cloud
Advantages Disadvantages
• High scalability/agility • There may be specific security

• Pay-as-you-go pricing – you pay only requirements that cannot be met by
for what you use, no CapEx costs using public cloud
• You’re not responsible for • There may be government policies,
maintenance or updates of the industry standards, or legal
hardware requirements which public clouds
• Minimal technical knowledge required cannot meet
to get started • You don’t own the hardware
• Unique business requirements
• You create a cloud like environment

in your own datacenter
• You are responsible for the hardware
and software services you provide
Private Cloud • Characteristics include:
• Self Service
• Automation
• Agility
• Financial Transparency
Private Cloud
• Complete control over all resources • Large upfront costs

and can support legacy scenarios • High skillset required
• Complete security control • Owning equipment adds a lag into the
• May be able to meet strict compliance provisioning process
requirements Public Cloud cannot • Datacenter management
• Combines Public and Private Clouds

• Allows flexibility to run in the most
appropriate location
• Consume Public Cloud services as
Hybrid Cloud needed and potentially keep legacy
workloads running on-premises
Hybrid Cloud
• Flexibility • Complicated to maintain and setup

• Support for Legacy systems while • Can be more expensive than simply
enabling modern application selecting one model
workloads to move to Public Cloud
• Continue to use your own equipment
and investments
Understanding Azure Core Services

Regions and Availability Zones

Azure Regions
• Location for your

resources
• Area containing at least
one datacenter
• Usually need to select a
region when deploying
a resource
• Examples: East US, West
US, Central India, East
Asia, Germany Central
Why Regions Matter?
• More regions = scalable and redundant

• Azure has the most to date
• You might need a specialized region for compliance purposes: E.g.
US Gov regions or Chinese regions which are run by 21Vianet due
to regulations
Geographies
• Boundaries, often country borders

• Normally 2+ regions for data preservation
• Meets compliance needs
• Data requirements met in boundaries:
• Fault tolerant
• Geographies: Americas, Asia Pacific, Europe, Middle East, Africa
• Each region belongs to a single geography
Region Pairs
Resource Groups
Resource Group Overview
DESTROYED
Web App Virtual Machines Database
Why Resource Groups?
• Organization
• Easy de-provisioning
• Security Boundary
– RBAC
• Apply Policies
Azure Resource Manager (ARM)

Resource Manager Overview
Resource
Resource Resource Group ARM Templates
Provider
Individual manageable item Container where you can Provider of services you Files used to define
available to you in Azure house your resources for can deploy in Azure resources you wish to
management e.g. Microsoft.Compute deploy to a resource
group
ARM Templates Overview
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
• Apply Infrastructure as
"parameters": {
},
"variables": {
},
"resources": [
{
"name": "[concat('storage', uniqueString(resourceGroup().id))]",
Code
"type": "Microsoft.Storage/storageAccounts",
• Download templates
"apiVersion": "2016-01-01",
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"location": "North Central US",
"tags": {},
from Azure Portal
"properties": {}
• Author new templates

}
],
"outputs": { }
}
• Use Quickstart
templates, provided by
Resource
(E.g. Storage Account)
Microsoft
Quickstart Templates
https://azure.microsoft.com/en-us/resources/templates/
https://github.com/Azure/azure-quickstart-templates
ARM File Types
ARM Template ARM Template Deployment

File Parameter File Scripts
Describe the configuration Separate your parameters E.g. PowerShell for

of your infrastructure via a (optional) Deployment
JSON file
ARM Template Constructs
Parameters Variables Resources Outputs
Define the inputs you want Values that you can use Define the resources you Specify values that are
to pass into the ARM throughout your template. wish to deploy or update. returned after the ARM
template during Used to simplify your deployment is completed.
deployment. template by creating reuse
of values.
Azure Virtual Machines

Introduction to Virtual Machines
App App App
Application OS OS OS
Operating System Hypervisor
Hardware Hardware
CPU Memory Disk CPU Memory Disk

VM Types
Type Purpose
A – Basic Basic version of the A series for testing and development.
A – Standard General-purpose VMs.
Burstable instances that can burst to the full capacity of the

B – Burstable
CPU when needed.
D – General Built for enterprise applications. DS instances offer
Purpose premium storage.
E – Memory High memory-to-CPU core ratio. ES instances offer
Optimized premium storage.
High CPU core-to-memory ratio. FS instances offer
F – CPU Optimized
premium storage.
Very large instances ideal for large databases and big data
G – Godzilla
use cases.
VM Types (continued)
Type Purpose
H – High High performance compute instances aimed at very high-
performance end computational needs such as molecular modelling and
compute other scientific applications.
L – Storage Storage optimized instances which offer a higher disk
optimized throughput and IO.
M – Large memory Another large-scale memory option that allows for up to
3.5 TB of RAM.
N – GPU enabled GPU-enabled instances.
SAP HANA on Specialized instances purposely built and certified for
Azure Certified running SAP HANA.
Instances
VM Specializations
S M R
Premium Storage Larger memory Supports remote
options available configuration of direct memory
instance type access (RDMA)
Example: DSv2 Example: Standard A2m_v2 Example: H16mr
Module:
VM Availability
Availability Sets
Potential for VM Impact Availability Sets

• Planned maintenance • Group two or more
• Unplanned hardware machines in a set
maintenance • Separated based on Fault
• Unexpected downtime Domains and Update
Domains
FD 0
FD 1
Fault Domains and Update Domains
FD 2
Fault Domains and Update Domains
FD 0 FD 1 FD 2
UD 0 UD 1
UD 2
Planning for Availability
Web Tier App Tier Data Tier

Availability Set Availability Set Availability Set
Availability Zones
Availability Zones
• Offer 99.99% availability

• Minimize impact of
planned and unplanned
downtime
• Enforce them like
Availability Sets, but now
you choose your specific
zone in Azure
App Services
Introduction to Web Apps
Azure App Services consist of the following:
Web Apps Mobile Apps Logic Apps API Apps

App Service Environments (ASEs)
• Fully isolated environment

• For high-performing apps – high CPU and/or memory
• Individual or multiple service plans
• 2 ways to deploy: Internal or External
• Created in a subnet via a VNet, which achieves isolation
• Note: May take a few hours to spin up
Compute Services - Containers

Containers
• Standardized packaging for

software and dependencies
• A way to isolate apps from
each other
• Works with Linux and
Windows Servers
• Allows separate apps to share
the same OS kernel
Application Modernization
Application Code
Monolithic App Issues:
• Minor code changes required
full recompile and testing
• Application becomes a single
point of failure
• Application is difficult and
often expensive to scale
Application Modernization
Individual service
Microservices:
• Break application out into
separate services
12-Factor Apps:
• Make the app independently
scalable, stateless, highly
availably be design.
Comparing Monolithic and Microservices
Monolithic Microservices
Simple deployments Partial deployments

Inter-module refactoring Strong module boundaries
Vertical scaling Horizontal scaling
Technology monoculture Technology diversity
Three Keys to Microservices
1. Functional Decomposition 2. Horizontal Scale 3. Data Decoupling
This… Becomes This Scale what you need to, not what you don’t Now I can pick the best database for the
service
Service 1 Service 1 Scaling Options Service 1

Service 1
Service 1
Service 2 Service 2
All services Service 2
tightly coupled
and error
prone
Service 3 Service 3 Service 3
Service 3
Service 4 Service 4 Service 4

Service 4
Containers vs.Virtual Machines
App App App
App D
App C
App A
App B
App E
OS OS OS
Hypervisor
Docker
OS
Hardware
Server
Serverless Computing
What is Serverless Computing?
• Fully-managed services
• Only pay for what you use
• Flexibility to scale, as needed
• Stitch together applications
and services seamlessly
Azure Serverless Computing Services
Azure Functions Logic Apps Event Grid

Azure Functions –
Key Features
• Program Languages C#, F#, JavaScript, Java

(Preview)
• Pay-per-use Pricing
• Consumption Plan
• App Service Plan
(Run on the same plan as other services)
• Integrated Security with OAUTH providers
(Azure AD, Facebook etc.)
• Code in the portal or deploy via DevOps
tools
Logic Apps –
Key Features
• Workflow Engine
• Used to orchestrate and
stitch together functions
and services (Just like
regular orchestration
tools)
• Visualize, Design, Build,
Automate
Triggers
Logic Apps – Key Constructs
Action
Comparing Compute Options

Comparing Compute Options
Networking Overview
Networking Overview
Source: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview
Networking Overview (continued)
Core VNet
VNet
Subnet A Subnet B Capabilities:
• Isolation
• Internet Access
• Azure Resources (VMs
and Cloud Services)
• VNet Connectivity
• On-Premises
Connectivity
• Traffic Filter
• Routing
VNets: Key Points
• Primary building block for Azure networking

• Private network in Azure based on an address space prefix
• Create subnets in your VNet with your own IP ranges
• Bring your own DNS or use Azure-provided DNS
• Choose to connect the network to on-premises or the
internet
Hybrid Connectivity
Hybrid Connectivity Options
Point-to-Site
Site-to-Site (S2S) ExpressRoute
(P2S)
S2S
S2S
Multi-Site
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways
S2S (continued)
• S2S VPN gateway connection is a connection over IPsec/IKE

(IKEv1 or IKEv2) VPN tunnel
• Requires a VPN device in enterprise datacenter that has a
public IP address assigned to it
• Must not be located behind a NAT
• S2S connections can be used for cross-premises and hybrid
configurations
P2S
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways
P2S (continued)
• Secure connection from an individual computer. Great for

remote worker situations.
• No need for a VPN device or public IP. Connect wherever user
has internet connection.
• OS Support: Windows 7, 8, 8.1 (32 and 64bit), Windows 10,
Windows Server 2008 R2, 2012, 2012 R2 64-bit.
• Throughput up to 100 Mbps (unpredictable due to internet).
• Doesn’t scale easily, so only useful for a few workstations.
VPN Gateway SKUs
Aggregate
S2S/VNet-to-VNet P2S Throughput
SKU Tunnels Connections Benchmark
VpnGw1 Max. 30 Max. 128 650 Mbps
VpnGw2 Max. 30 Max. 128 1 Gbps
VpnGw3 Max. 30 Max. 128 1.25 Gbps
Basic Max. 10 Max. 128 100 Mbps

Gateway Recommendations
Workload SKUs
Production, critical workloads VpnGw1,VpnGw2,VpnGw3
Dev-test or proof of concept Basic
SKU Features
Basic Route-based VPN: 10 tunnels with P2S; no
RADIUS authentication for P2S; no IKEv2 for P2S
Policy-based VPN: (IKEv1): 1 tunnel; no P2S
VpnGw1,VpnGw2, and VpnGw3 Route-based VPN: up to 30 tunnels (*), P2S,

BGP, active-active, custom IPsec/IKE policy,
ExpressRoute/VPN co-existence
ExpressRoute
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-introduction
ExpressRoute Key Benefits
Layer 3 Connectivity Global Dynamic Built-In

Connectivity in all Regions Connectivity Routing Redundancy
Between your on- To Microsoft cloud To Microsoft services Between your In every peering
premises network and services across all across all regions with network and location for higher
the Microsoft Cloud regions in the ExpressRoute Microsoft over reliability
through a connectivity geopolitical region. premium add-on. industry standard
provider. Connectivity protocols (BGP).
can be from an any-
to-any (IPVPN)
network, a point-to-
point Ethernet
connection, or
through a virtual
cross-connection via
an Ethernet exchange.
ExpressRoute Provisioning
ORDER
START USING
EXPRESS
EXPRESSROUTE
• Azure subscription ROUTE • Provide service key (s-key) CIRCUIT
created/exists CIRCUIT to connectivity provider
• Connectivity provider • Provide additional
identified and • Select service provider information needed by • Link VNets to Azure
relationship set up • Select peering location connectivity provider private peering
• Physical connectivity • Select bandwidth (VPN ID) • Connect to Auzre services
with provider set up • Select billing model • If provider manages on public IPs through
• Select standard or routing, provide details Azure pubic peering
premium add-on • Connect to Microsoft
SERVICE cloud Services through
ENSURE THAT
PROVIDER Microsoft peering
PREREQUISITES
PROVISIONS
ARE MET CONNECTIVITY
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-workflows
Peering – Data to Collect
• Peering subnet for path 1 (/30)
• Peering subnet for path 2 (/30)

• VLAN ID for peering
Azure Private Peering • ASN for peering
• ExpressRoute ASN = 12076
• MD5 Hash (optional)
• Peering subnet for path 1 (/30) – must be public IP

Azure Public Peering • ASN for peering

Microsoft Peering •
•
ASN for peering
Advertised prefixes – must be public IP prefixes
• Customer ASN (optional if different from peering ASN)
• RIR/IRR for IP and ASN validation
Unlimited versus Metered
Unlimited
• Speeds from 50 Mbps to 10 Gbps
• Unlimited Inbound data transfer
• Unlimited Outbound data transfer
• Higher monthly fee
Metered
• Speeds from 50 Mbps to 10 Gbps
• Unlimited Inbound data transfer
• Outbound data transfer charged at a predetermined rate per GB
• Lower monthly fee
ExpressRoute Considerations
Understand the models

• Differences between Unlimited Data and Metered Data
• Understand what model you are using today to accelerate adoption
• Understand the differences in available port speeds, locations and approach
• Understand the limits that drive additional circuits
Understand the providers
• Each offer a different experience based on ecosystem and capabilities
• Some provide complete solutions and management
Understand the costs
• Connection costs can be broken out by the service connection costs (Azure) and the
authorized carrier costs (telco partner)
• Unlike other Azure services, look beyond the Azure pricing calculator
Load Balancers
Azure Load Balancing Services
Azure Load Balancer
Key Features:
• Layer 4
• Basic and standard (preview)
SKUs
• Service monitoring
• Automated reconfiguration
• Hash-based distribution
• Internal and public options
Azure Load Balancer: Internal Example
Azure Load Balancer: Public Example
Azure Load Balancer: Multi-Tier Example
Load Balancing: App Gateway
Key Features:
• Layer 7 application load

balancing
• Cookie-based session affinity
• SSL offload
• End-to-end SSL
• Web application firewall
• URL-based content routing
• Requires its own subnet
App Gateway Sizes
Page Response Small Medium Large

6K 7.5 Mbps 13 Mbps 50 Mbps
100K 35 Mbps 100 Mbps 200 Mbp
Load Balancer Comparison
Service Azure Load Balancer Application Gateway Traffic Manager

Technology Transport level (Layer 4) Application level (Layer 7) DNS-level
Any (An HTTP endpoint is
Application Protocols
Any HTTP, HTTPS, and WebSockets required for endpoint
Supported
monitoring)
Any Azure internal IP address,
Azure VMs, Cloud Services,
Azure VMs and Cloud Services public internet IP address,
Endpoints Azure Web Apps, and
role instances Azure VM, or Azure Cloud
external endpoints
Service
Can be used for both Can be used for both Internet-
Only supports Internet-
VNet support Internet- facing and internal facing and internal (VNet)
facing applications
(VNet) applications applications
Supported via HTTP/HTTPS
Endpoint Monitoring Supported via probes Supported via probes
GET
CDN
CDN
Theodore
Source
CDN
Theodore
Other Users
Edge
Source
Azure CDN Offerings
Standard Akamai Standard Verizon Premium Verizon
https://docs.microsoft.com/en-us/azure/cdn/cdn-overview
Azure CDN Offerings
Types of Data
Types of Data
Semi-Structured Unstructured
Structured Data
Data Data
Structured Data
• Adheres to a schema
• All the data has the same field or
properties
• Stored in a database table with rows
and columns
• Relies on keys to indicate how one
row in a table relates to data in
another row of another table
• Referred to as “relational data”
Semi-Structured Data
• Doesn’t fit neatly into tables, rows and

columns.
• Uses tags or keys to organize and
provide a hierarchy for the data.
• Often referred to as NoSQL or non-
relational data
Unstructured Data
• No designated structure
• No restrictions on the kinds of data it
can hold
• Example a blob can hold a PDF, JPEG,
JSON, videos etc.
• Enterprises are struggling to manage
and tap into the insights from their
unstructured data
Azure SQL Services

Azure SQL
• Relational database-as-a-service
• Uses latest stable version of
Microsoft SQL
• Create NEW or…
• Migrate Existing databases using the
Microsoft Data Migration Assistant
Azure SQL Database – Key Features
Predictable High Simplified

Performance Compatibility Management
Measured in database Supporting existing SQL This includes SQL Server-

throughput units (DTUs) client applications via specific Azure tools
tubular database stream
(TDS) endpoint
Azure SQL Database Tiers
Basic Standard Premium
Small database with single Medium-sized database that Large databases that must
concurrent user must support multiple support a large number of
concurrent connections concurrent connections and
operations
• Small dbs • Good option for cloud apps • High transaction volumes
• Single active operation • Multiple operations • Large number of users
• Dev / Test • Workgroup or web apps • Multiple operations
• Small scale apps • 10-100 DTU • Mission critical apps
• 5 DTU • 100-800 DTU
NEW – Azure SQL Managed Instances
• Managed SQL Servers

• More compatible with legacy
workloads
Third-party Databases in Azure – Managed
• Managed database options:

– Build-in HA at no additional cost
– Predictable performance
– Pay-as-you-go
– Auto-scaling
– Encryption at-rest and in-transit
– Automatic backups with point-in-
time-restore for up to 35 days
– Enterprise-grade security and
compliance
Third-party Databases in Azure – Non-managed
• Non-managed database options:

– Windows Azure VMs hosting MySQL
installations
– Linux Azure VMs hosting MySQL
installations
– ClearDB offering managed MySQL
instance
Cosmos DB
Azure Cosmos DB
• Globally Distributed Database

Service
• Supports schema-less data
• Used to build highly responsive
Always On applications with
constantly changing data
Azure Cosmos DB APIs
• Accessible via various APIs e.g:

– Document DB (SQL) API
– MongoDB API
– Graph (Gremlin) API
– Tables (Key/Value) API
• Automatically partitioned for:
– Performance
– Storage capacity
Azure Storage
Azure Blob Storage
• Unstructured storage for storing

objects
• Store images, video, and files of
any type
• Use cases:
• Streaming video and images direct to
user
• Backup/DR of data
• Archiving
SMB File Storage – Azure File Services
Benefits
• Easy way to create file shares

• Supports SMB 2.1 (unsecured) and 3.0
(secured)
• Mount on Windows, Linux, or Mac
• Azure File Sync can be utilized to sync file
servers on-premises with Azure Files
Azure Table Storage
Table Storage
• A NoSQL key-value store Account Table Entity Object

• Schemaless design
• Structured or Unstructured CONTACT CONTACT
NAME
Data TABLE DATA MODEL

ADDRESS
• Access using the Odata ACCOUNT

SPECIES
protocol and LINQ queries ANIMAL
TABLE
ANIMAL
WCF Data Service .NET LOCATION
Libraries
Azure Queue Storage
Queue Storage
• Provides a reliable mechanism Accounts Queues Messages

for storage and delivering
messages for applications …
…
• A single queue message can be …
up to 64 KB in size, and a SALLY
queue can contain millions of …

…
messages, up to the total …
capacity limit of a storage
account
VM Storage
VM Storage Types
Standard Storage Premium Storage

Backed by traditional
Backed by SSD drives
HDD
Most cost effective Higher performance
Max throughput – Max throughput –

60MB/S per disk 250MB/S per disk
Max IOPS – Max IOPS –
500 IOPS per disk 7500 IOPS per disk
Managed Disk – Standard Storage Sizes
S4 S6 S10 S20 S30 S40 S50

Disk size 32 64 128 512 1024 2048 4095
(GB)
• Max IOPS for all sizes above is 300 IOPS/Disk
• Max throughput for all sizes is 60MB/s
Managed Disk – Premium Storage Sizes
P4 P6 P10 P15 P20 P30 P40 P50

Disk 32 64 128 256 512 1024 2048 4095
size
(GB)
Max 120 240 500 1100 2300 5000 7500 7500
IOPS
Max 25 50 100 125 150 200 250 250
through MB/s MB/s MB/s MB/s MB/s MB/s MB/s MB/s
Managed vs. Unmanaged Disks
Unmanaged Disks Managed Disks
DIY option Simplest option
Management overhead Lower management

(20000 IOPS per storage overhead as Azure manages
account limit) the storage accounts
Supports all replication

Only LRS replication mode
modes
currently available
(LRS, ZRS, GRS, RA-GRS)
Replication Options
Logically Zone Read Only

Geographically
Geographically
Replicated Replicated Replicated
Replicated
Storage Storage Storage
Storage
(LRS) (ZRS) (GRS)
(RA-GRS)
Replicated three times within Replicated three times across Replicates your data to a Same replication as per GRS
a storage scale unit one or two datacenters in second region that is but also provides read access
(collection of racks of addition to storing three hundreds of miles away from to the data in the other
storage nodes) hosted in a replicas similar to LRS. Data the primary region.Your data region.
datacenter in the same stored in ZRS is durable even is curable even in the event
region as your storage in the event that the primary of a complete region outage.
account was created. datacenter is unavailable or
unrecoverable.
Replication Strategies
Replication Strategy LRS ZRS GRS RA-GRS
Data is replicated across No Yes Yes Yes

multiple datacenters?
Data can be read from a No No No Yes

secondary location and the
primary location?
Number of copies of data 3 3 6 6

maintained on separate nodes:
Storage Account Overview

Azure Blob Storage Overview
Storage Account
Container Container
IMAGE.JPG VIDEO.AVI IMAGE.JPG VIDEO.AVI

Storage Account Types
General Purpose General Purpose

v1 Blob Account v2
(GPV1) (GPV2)
Block Blobs vs. Page Blobs
Block Blob Page Blob

• Ideal for storing text or • Efficient for read/write

binary files operations
• A single block blob can • Used by Azure VMs
contain up to 50,000 blocks • Up to 8 TB in size
of up to 100 MB each, for a
total size of 4.75 TB
• Append blobs are optimized
for append operations (e.g.
logging)
Storage Tiers
Hot Cold Archive
• Higher storage costs • Lower storage costs • Lowest storage costs

• Lower access costs • Higher access costs • Highest retrieval costs
• Intended for data that • When a blob is in
will remain cool for 30 archive storage it is
days or more offline and cannot be
read
Choosing Between Blobs, Files, and Disks
• Access application data from anywhere

Blobs • Large amount of objects to store, images, videos etc.
• Access files across multiple machines

Files • Jumpbox scenarios for shared development scenarios
• Do not need to access the data outside of the VM

Disks • Lift-and-shift of machines from on-premises
• Disk expansion for application installations
IoT Services
Azure IoT
• Collection of Microsoft managed

cloud services focused on
connecting, monitoring and
controlling IoT assets
• IoT solutions are made up of 1 or
more IoT devices and 1 or more
back end services running in the
cloud.
IoT Device Examples
• Water sensors for farming

• Pressure sensors on a remote oil
pump
• Temperature and humidity
sensors in an air-conditioning unit
IoT Services in Azure
IoT Solution
IoT Central IoT Hub
Accelerators
SaaS solution to help you Underlying service needed Complete ready to deploy
connect and manage your to facilitate messages solutions that implement
devices between your IoT common IoT scenarios
application and devices
Big Data Services

Big Data Solution
SQL Data Warehouse
• Key component of a Big Data solution

• Cloud based Enterprise Data
Warehouse (EDW) that uses Massive
Parallel Processing (MPP) to run
complex queries across petabytes of
data.
• Stores data in relational tables
reducing storage costs and improves
performance
SQL DW Architecture
Control Node
Compute Node
DMS – Data Movement

Service
Azure Storage
HD Insight
• Fully managed open-source analytics

service for enterprises
• Use the most popular frameworks like
Hadoop, Spark, Hive etc.
• Scenarios:
– Batch Processing (ETL)
– Data Warehousing
Data Lake Analytics
• On-Demand job service that simplifies

big data
• Pay only for your job when it is running
• You write queries to transform your
data and extract insights
Which service?
IF YOU WANT... USE THIS
A fully managed, elastic data warehouse with security at every level of scale at no extra SQL Data Warehouse
cost
A fully managed, fast, easy and collaborative Apache® Spark™ based analytics platform Azure Databricks
optimized for Azure
A fully managed cloud Hadoop and Spark service backed by 99.9% SLA for your HDInsight
enterprise
A data integration service to orchestrate and automate data movement and Data Factory
transformation
Open and elastic AI development spanning the cloud and the edge Machine Learning
Real-time data stream processing from millions of IoT devices Azure Stream Analytics
A fully managed on-demand pay-per-job analytics service with enterprise-grade Data Lake Analytics
security, auditing, and support
Enterprise grade analytics engine as a service Azure Analysis Services
A hyper-scale telemetry ingestion service that collects, transforms, and stores millions Event Hubs
of events
Fast and highly scalable data exploration service Azure Data Explorer
Machine Learning
Azure Machine Learning
• Machine learning is a data science

technique that allows computers to use
existing data to forecast future behaviors,
outcomes, and trends. By using machine
learning, computers learn without being
explicitly programmed.
• Azure Machine Learning service provides
a cloud-based environment you can use to
prep data, train, test, deploy, manage, and
track machine learning models.
• Automated ML and DevOps capabilities
Machine Learning Studio
• Collaborative, drag-and-drop visual

workspace where you can build,

test, and deploy machine learning
solutions without needing to write
code.
• Uses prebuilt and preconfigured
machine learning algorithms and
data-handling modules as well as a
proprietary compute platform
Accounts and Subscriptions Overview

Azure Account Hierarchy
Azure Enterprise http://ea.azure.com
Departments
Accounts http://account.azure.com
Subscriptions http://portal.azure.com
Resources Groups
Resources
Account to Subscription Relationships
Enterprise Hierarchy Example
Common Scenarios
EA Breakdown
Enterprise Department Service
Admin Admin Account Owner Admin

Add other admins Enterprise Admins, Account Owners Add Service Admins No
Department Admins,
and Account Owners
Departments Add/Edit Departments Edit Department X X
Add or associate Yes Yes – to the No No

accounts to the department
enrollment
Add Subscriptions No – but can add No Yes No

themselves as AO
View usage and Across all Accounts Across Department Across Account No
charges data and Subscriptions
View remaining Yes No No No

balances
Domain Services
Domain Services Overview
Azure Active
Active Directory
Azure AD Directory
Domain Services
(AAD) Domain Services
(ADDS)
(AADDS)
Azure Active Directory
AAD
• Modern AD service built directly for

the cloud
• Often the same as O365 directory
service
• Can sync with On-premises
directory service
Active Directory Domain Services
ADDS
• Legacy Active Directory since

Windows 2000
• Traditional Kerberos and LDAP
functionality
• Deployed on Windows OS usually
on VMs
Azure Active Directory Domain Services
AADDS
• Provides managed domain services

• Allows you to consume domain
services without the need to patch
and maintain domain controllers on
IaaS
• Domain Join, Group Policy, LDAP,
Kerberos, NTLM; all supported
Azure AD
Azure AD Overview
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis
Azure AD Features
Multifactor
Enterprise
Single Sign-On Authentication Self Service
Identity Solution
(MFA)
Create a single identity for Provide single sign-on Enhance security with Empower your users to
users and keep them in access to applications and additional factors of complete password resets
sync across the enterprise. infrastructure services. authentication. themselves, as well as
request access to specific
apps and services.
Role-based Access Control (RBAC)

RBAC Overview
• Create Users, Apps,

Groups
• Assign them to objects
in Azure with a specific
Role
Azure RBAC Built-in Roles
Owner Contributor Reader Other Roles
Full access to all resources, Can create and manage all Can view existing Azure https://docs.microsoft.com
including the right to types of Azure resources, resources, but cannot /en-us/azure/active-
delegate access to others but cannot grant access to perform any other actions directory/role-based-
others against them access-built-in-roles
Azure RBAC Built-in Roles (continued)
Role Name Description

API Management Service Contributor Can manage API Management service and the APIs
API Management Service Operator Role Can manage API Management service, but not the APIs
themselves
API Management Service Reader Role Read-only access to API Management service and APIs
Application Insights Component Contributor Can manage Application Insights components
Automation Operator Able to start, stop, suspend, and resume jobs
Backup Contributor Can manage backup in Recovery Services vault
Backup Operator Can manage backup except moving backup in Recovery
Services vault
Backup Reader Can view all backup management services
https://docs.microsoft.com/en-us/azure/active-directory/role-based-access-built-in-roles
Azure RBAC Built-in Roles (continued)
• Roles include various actions

• Action defines what type of operations you can perform on a
given resource type
– Write enables you to perform PUT, POST, PATCH, and DELETE
operations
– Read enables you to perform GET operations
• Use PowerShell to get latest roles
Get latest roles Get-AzureRMRoleDefinition
User Rights
Users
Resulting Rights
Roles
RBAC Custom Roles
Assignable
Create if none of Each tenant can
Use “Actions” scopes:
the built-in roles have to 2000 - Subscriptions
and “NotActions”
work for you roles - Resource Groups
- Individual Resources
Azure Policy
Azure Policies
Assigned to
Enforce Built-in or
Subscriptions or Create > Assign
Governance Custom Code
Resource Groups
Resource Locks
Azure Resource Locks
• Mechanism for locking down

resources you want to ensure
have an extra layer of protection
before they can be deleted
• 2 options available:
– CanNotDelete: Authorized users can
read and modify but not delete the
resource
– ReadOnly: Authorized users can read
the resource but cannot update or delete
Compliance and Security Requirements

Shared Responsibility Model
• Security is a joint responsibility
• Cloud computing clearly provides many

benefits over on-premises
• As you move from IaaS > PaaS > SaaS you

can offload more of the controls to
Microsoft
You are always responsible for…
Access
Data Endpoints Account
Management
https://gallery.technet.microsoft.com/Shared-Responsibilities-81d0ff91
Microsoft Trust Center
• In-depth information Access to

FedRAMP, ISO, SOC audit
reports, data protection white
papers, security assessment
reports, and more
• Centralized resources around

security, compliance, and privacy
for all Microsoft Cloud services
• Powerful assessment tools
https://servicetrust.microsoft.com/
Compliance Manager
• Manage compliance from a

central location
• Proactive risk assessment
• Insights and recommended

actions
• Prepare compliance reports

for audits
Azure Security Center Overview

Azure Security Center Overview
Continuous
Centralized Policy Actionable
Security
Management Recommendations
Assessment
Advanced Cloud Prioritized Alerts Integrated

Defenses and Incidents Security Solutions
Security Center Pricing Tiers
Free (Azure Resources Only) Standard
• Security assessment • All features in free tier plus

• Security recommendations • Just in time VM access
• Basic security policy • Network threat detection
• Connected partner solutions • VM threat detection

AZ-900+Slides Skylines+Academy v2

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AZ-900+Slides Skylines+Academy v2

Uploaded by

Copyright:

Available Formats

© 2019 Skylines Academy, LLC. All rights reserved.

AZ-900: Azure Fundamentals

Understand Cloud Concepts

• Cloud computing is about “renting” resources vs purchasing

Compute Storage Networking

• Increase or decrease resources based on

• Major pattern which benefits from cloud computing

High Availability (HA)

“A Service Level Agreement (SLA) is an

• Define SLA’s for each workload

Mean Time To Mean Time Recovery Point Recovery Time

Fault Tolerance Disaster Recovery

Host Outage Cross Region Deployment

Cloud Service Models

Capital Expenditure Operational Expenditure

Server Costs Storage Costs Network Costs

Backup and Datacenter Costs

Server Lease Software and Usage/Demand

CapEx Benefits OpEx Benefits

Cloud Deployment Models

• Common Deployment Model

• High scalability/agility • There may be specific security

• You create a cloud like environment

• Complete control over all resources • Large upfront costs

• Combines Public and Private Clouds

• Flexibility • Complicated to maintain and setup

Understanding Azure Core Services

Regions and Availability Zones

• Location for your

• More regions = scalable and redundant

• Boundaries, often country borders

Azure Resource Manager (ARM)

• Author new templates

ARM Template ARM Template Deployment

Describe the configuration Separate your parameters E.g. PowerShell for

Parameters Variables Resources Outputs

Azure Virtual Machines

App App App

Operating System Hypervisor

CPU Memory Disk CPU Memory Disk

A – Basic Basic version of the A series for testing and development.

A – Standard General-purpose VMs.

Burstable instances that can burst to the full capacity of the

Potential for VM Impact Availability Sets

Web Tier App Tier Data Tier

• Offer 99.99% availability

Azure App Services consist of the following:

Web Apps Mobile Apps Logic Apps API Apps

• Fully isolated environment

Compute Services - Containers

• Standardized packaging for

Simple deployments Partial deployments

Service 1 Service 1 Scaling Options Service 1

Service 4 Service 4 Service 4

App App App

Azure Functions Logic Apps Event Grid

• Program Languages C#, F#, JavaScript, Java

Comparing Compute Options

• Primary building block for Azure networking

• S2S VPN gateway connection is a connection over IPsec/IKE

• Secure connection from an individual computer. Great for

VpnGw2 Max. 30 Max. 128 1 Gbps

VpnGw3 Max. 30 Max. 128 1.25 Gbps