Looking for a Tutor Near You?

Post Learning Requirement »
x

Choose Country Code

x

Direction

x

Ask a Question

x

x
x
For better view click here
x
Hire a Tutor
DISCOVER

NOTES FOR AZURE FUNDAMENTALS AZ-900

Loading...

Published in: Cloud Computing | Computer Science
257 Views

After studying these self made notes you are guaranteed to pass the azure fundamentals exam at no cost.

Rockerss / Delhi

1 year of teaching experience

Qualification: M.Tech (Ggs Indraprastha University , New Delhi - 2020)

Teaches: Basic Computer, Cloud Computing, Data Structures, DBMS & RDBMS, Oracle Training, PL/SQL, IT, Python Programming, Artificial Intelligence, Data Science

Contact this Tutor
  1. MODULE -1 Types of cloud model Public cloud • Owned by cloud services or hosting providers. • Provides resources and services to multiple organisations and users. • Accessed via secure network connection (typically over the internet). Private cloud • Organisations create a cloud environment in their datacenter • Organisation is responsible for operating the services they provide • Does not provide access to users outside of the organisation. Hybrid cloud • Combines Public and Private clouds to allow applications to run in the most appropriate location. Cloud model comparison Public Cloud Private Cloud Hybrid Cloud No capital expenditures to scale up. Applications can be quickly provisioned and deprovisioned. Organisations pay only for what they use. Hardware must be purchased for start-up and maintenance. Organisations have complete control over resources and security. The Organisations are responsible for hardware maintenance and updates Provides the most flexibility. Organisations determine where to run their applications. Organisations control security, compliance, or legal requirements.
  2. Cloud Benefits - Objective Domain Identify the benefits of cloud computing such as High Availability Elasticity, Agility, and Disaster Recovery. Identify the differences between Capital Expenditure (CapEx) and Operational Expenditure (OpEx). Describe the consumption-based model. High availability Scalability Global reach Agility Disaster recovery Fault tolerance Elasticity Customer latency capabilities Predictive cost considerations Security Compare CapEx vs. OpEx Capital Expenditure (CapEx)[private cloud/product] • The up-front spending of money on physical infrastructure • Costs from CapEx have a value that reduces over time. Operational Expenditure (OpEx)[pubIic cloud/service] • Spend on products and services as needed, pay-as-you-go Get billed immediately Consumption-based model Cloud service providers operate on a consumption-based model, that end users only pay for the resources that they use. Whatever they use is what they pay for. • Better cost prediction • Prices for individual resources and services are provided • Billing is based on actual usage
  3. Cloud services Cloud Services - Objective Domain Describe Infrastructure-as-a-Service (laaS) Describe Platform-as-a-Service (PaaS) Describe Software-as-a-Service (SaaS) Identify a service type based on a use case Describe the shared responsibility model Describe serverless computing Infrastructure as a Service (laaS) Build pay-as-you-go IT infrastructure by renting servers, virtual machine networks, and operating systems from a cloud provider. laaS Servers and storage Networking firewalls/Security Datacenter physical plant/building Platform as a Service (PaaS) Provides an environment for building, testing, and deploying software ,focusing on managing underlying infrastructure.
  4. Des Servers and sto rag e laaS N e rki ng city Pa as Datacenter p hysi I plant/building Operating systerns 1 De ve prn ent tools. database rna nag erne nt. busi ness analytics Software as a Service (SaaS) Users connect to and use cloud-based apps over the internet: for eg : Office 365, email, and calendars. Servers and storage laaS Networking firewalls/Security PaaS Datacenter physical plant/building SaaS Operating systems 11 Development tools, database management. business analytics SaaS Hosted appncattons/apps Cloud service comparison laaS The most flexible cloud service. You configure and manage the hardware for your application. PaaS Focus on application development. Platform management is handled by the cloud provider. Pay-as-you-go pricing model. Users pay for the software they use on a subscription
  5. Shared responsibility model On-Premises ( Private Cloud ) Data & Access Applications Runtime Operating System Virtual Machine Compute Networking Storage Infrastructure ( as a Service ) Data & Access Applications Runtime Operating System Virtual Machine Compute Networking Storage Platform ( as a Service ) Data & Access Applications Runtime Operating System Virtual Machine Compute Networking Storage Software ( as a Service ) Data & Access Applications Runtime Operating System Virtual Machine Compute Networking Storage Serverless Computing With serverless computing applications, the cloud service automatically provisions, scales, and manages the infrastructure to run the code. • Azure Functions is code running your service and not the underlying platform or infrastructure. It creates infrastructure based on an event. • Azure Logic Apps is a cloud service that helps you automate and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services.
  6. MODULE -2 Core Azure architectural components Regions Azure offers more global regions than any other cloud provider with 60+ regions representing over 140 countries Regions are made up of one or more data centres in close proximity Provide flexibility and scale to reduce customer latency. Preserve data residency with a comprehensive compliance offering. Region Pairs At least 300 miles of separation between region pairs. Automatic replication for some services. Prioritized region recovery in the event of outage. Updates are rollout sequentially to minimize downtime. AVAILABILITY OPTIONS VM SLA 99.9% with Premium Storage SINGLE VM Easier lift and shift VM SLA 99.99% AVAILABILITY ZONES Protection from entire datacenter failures MULTI Region 1 Region 2 REGION PAIRS Regional protection within Data Residency Boundaries
  7. Availability zones • Provide protection against downtime datacenter failure. • Physically separate datacenters within same region. • Each datacenter is equipped with independent power, cooling, and Networking. • Connected through private fiber-optic networks. Availability Zone 1 Availability Zone 3 Azure Resources Azure resources are components like storage, virtual machines available to build cloud solutions. Virtual Machines App Services Resource groups Storage Accounts SQL SQL Databases Virtual Networks Functions A resource group is a container to manage and aggregate resources in a single unit Resources can exist in only one resource group. Resources can exist in different regions Resources can be moved to different resource groups. Applications can utilise multiple resource groups.
  8. Azure Resource Manager The Azure Resource Manager (ARM) provides a management layer that enables you to create, update, and delete resources in your Azure subscription. Azure portal Azure PowerShell Azure CLI SDKs 9 Azure Resource Manager Data Store Web App Virtual Machine 1- Service Management REST clients 4.-..-+ Authentication Other services Azure Subscriptions An Azure subscription provides you with authenticated and authorized access to Azure accounts. • Billing boundary: generate separate billing reports and invoices for each subscription. • Access control boundary: manage and control access to the resources that users can provision with specific subscriptions. Management Groups Management groups can include multiple Azure subscriptions. Subscriptions inherit conditions applied to the management group. 10,000 management groups can be supported in a single directory. A management group tree can support up to six levels of depth. SQL Managernent groups Subscriptions Resource groups Res ources
  9. Azure compute services Azure compute is an on-demand computing service that provides resources such as disks, processors, memory, networking, and operating systems Azure virtual machines • Azure Virtual Machines (VM) are software emulations of physical computers. • Includes virtual processor, memory, storage, and networking. • laaS offering that provides total control and customization. Azure App Services Azure App Services is a fully managed platform to build, deploy, and scale web apps and APIs quickly. Works with .NET, .NET Core, Node.js, Java, Python, or php. PaaS offering with enterprise-grade performance, security, and compliance requirements. Azure Container Services Azure Containers are a light-weight, virtualized environment that do operating system management, and can respond to changes on demand. • Azure Container Instances: a PaaS offering that runs a container in Azure without the need to manage a virtual machine or additional services. • Azure Kubernetes Service: an orchestration service for containers with distributed architectures and large volumes of containers. Windows Virtual Desktop Windows Virtual Desktop is a desktop and app virtualization that runs in the cloud. • Create a full desktop virtualization environment without having to run additional gateway servers. • Publish unlimited host pools to accommodate diverse workloads. • Reduce costs with pooled, multi-session resources. Azure networking services Azure Virtual Network (VNet) enables Azure resources to communicate with each other, the internet, and on-premises networks. Virtual Private Network Gateway (VPN) is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public internet. Azure Express Route extends on-premises networks into Azure over a private connection that is facilitated by a connectivity provider.
  10. Azure storage services Container storage (blob) is optimized for storing amounts of unstructured data, such as text or binary data. Disk storage provides disks for virtual machines, applications, and other services to access and use. Azure Files sets up a highly available network file shares that can be accessed by using the standard Server Message Block (SMB) protocol. Azure storage access tiers Hot Optimized for storing data that is accessed frequently. Cool Optimized for storing data that is infrequently accessed and stored for at least 30 days. Archive Optimized for storing data that is rarely accessed and stored for at least 180 days with flexible latency requirements. Azure database services Azure Cosmos Database is a globally-distributed database that elastically and independently scales throughput Azure SQL Database is a relational database as a service (DaaS) based on the latest stable version of the Microsoft SQL Server database engine. Azure Database for MySQL is a fully-managed MySQL database service for app developers. Azure Database for PostgreSQL is a relational database service based on the open-source Postgres database engine. Azure SQL Managed Instance Azure SQL Managed Instance allows existing SQL Server customers to lift and shift their on-premises applications to the cloud with minimal application and database changes Fully managed and evergreen platform as a service. Preserves all PaaS capabilities (automatic patching and version updates, automated backups, and high availability) Exchange existing licenses for discounted rates on SQL Managed Instance using the Azure Hybrid Benefit
  11. Explore Azure Marketplace Azure Marketplace allows customers to find, try, purchase, and provision applications and services from hundreds of leading service providers, which are all certified to run on Azure. Open source container platforms. Virtual machine and database images. Application build and deployment software. Developer tools And much more, with 10,000+ listings! MODULE -3 Azure Internet of Things internet of Things (IOT) is the ability for devices to garner and then for data analysis. Azure IOT Hub is a managed service hosted in the cloud that acts as a central message hub for bi-directional communication between IOT applications and the devices it manages. Azure IOT Central is a fully managed global IOT SaaS solution that makes it easy to connect, monitor, and manage IOT assets at scale. Big data and analytics Azure HDlnSlght A fully-managed, open-source analytics service for enterprises. Azure Databricks Apache Spark based analytics service. Azure Synapse Analytics A cloud-based Enterprise Data Warehouse. Artificial Intelligence & Machine Learning Azure Machine Learning: cloud-based to develop, and deploy machine learning models. Cognitive Services: quickly enable apps to see, hear, speak, understand, and interpret a user's needs. Azure Bot Service: develop intelligent, enterprise-grade bots.
  12. Serverless Computing Azure Functions Event based code running your service and not the underlying infrastructure. Azure Logic Apps Automate and orchestrate tasks, business processes, and workflows to integrate apps. Develop your apps with DevOps and GitHub Azure DevOps: development collaboration tools include Kanban boards, and automated cloud-based load testing. GitHub: software development hosting with version control, source code management, and bug/task management. GitHub Actions for Azure: automate software workflow to build, test, and deploy from withing GitHub. Azure DevTest Labs: quickly create environments in Azure while minimizing waste and controlling cost. Management tools available in Azure Azure Portal Azure Mobile App REST Azure REST API >>> Azure PowerShell Command-Line Interface (CLI) ZAzure Cloud Shell Azure Resource Manager (ARM)
  13. Azure Advisor Azure Advisor analyzes deployed Azure resources and makes recommendations based on best practices to optimize Azure deployments. Reliability Security Performance Cost Operational Excellence Azure Monitor Azure Monitor maximizes the availability and performance of applications and services by collecting, analyzing, and acting on telemetry from cloud and on-premises environments. Application Insights Log Analytics Smart Alerts Automation Actions Customized Dashboards Azure Service Health Azure Service Health provides a personalized view of the health of Azure services and the regions being used. • Communication regarding outages • Planned maintenance • Other health advisories Azure Resource Manager (ARM) templates Azure Resource Manager (ARM) templates are JavaScript Object Notation (JSON) files that can be used to create and deploy Azure infrastructure without having to write programing commands. Declarative syntax Repeatable results Orchestration Modular files Built-in validation Exportable code
  14. Resource Manager Template One template submitted Non-template infrastructure as code Multiple imperative PUT calls Azure Resource Manager Resource Providers MODULE -4 Azure Security Center Azure Security Center is a monitoring service that provides threat protection across both Azure and on-premises datacenters. • Provides security recommendation • Detect and block malware • Analyze and identify potential attacks • Just-in-time access control for ports Azure Key Vault Azure Key Vault stores application secrets in a centralized cloud location in order to securely control access permissions and access logging. Secrets management. Key management. Certificate management. Storing secrets backed by hardware security modules (HSMS).
  15. Azure Dedicated Host Azure Dedicated Host provides physical servers that host one or more Azure virtual machines that is dedicated to a single organization's workload. Benefits • Hardware isolation at the server level • Control over maintenance event timing • Aligned with Azure Hybrid Use Benefits Secure Network Connectivity Defence in depth • A layered approach to securing computer systems. • Provides multiple levels of protection • Attacks against one layer are isolated from subsequent layers. Physical Security Identity & Access Perimeter Network Compute Application Data Shared Security • Migrating from customer controlled to cloud-based datacenters shifts the responsibility for security. • Security becomes a shared concern between cloud providers and customers.
  16. Responsibility Data governance and Rights Management Client endpoints Account and access management Identity and directory infrastructure Application Network controls Operating system Physical hosts Physical network Physical datacenter On-Premises Customer Customer Customer Customer Customer Customer Customer Customer Customer Customer laaS Customer Customer Customer Customer Customer Customer Customer Microsoft Microsoft Microsoft PaaS Customer Customer Customer Microsoft/ Customer Microsoft/ Customer Microsoft/ Customer Microsoft Microsoft Microsoft Microsoft SaaS Customer Customer Customer Microsoft/ Customer Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Network Security Groups (NSGs) Network Security Groups (NSGs) filter network traffic to and from Azure resources on Azure Virtual Networks. • Set inbound and outbound rules to filter by source and destination IP address, port, and protocol. • Add multiple rules, as needed, within subscription limits. • Azure applies default, baseline security rules to new NSGs. • Override default rules with new, higher priority rules. Azure Firewall A stateful, managed Firewall as a Service (FaaS) that grants/denies server access based on originating IP address, in order to protect network resources. applies inbound and outbound traffic filtering rules Built-in high availability Unrestricted cloud scalability Uses Azure Monitor logging Azure Application Gateway also provides a firewall, Web Application Firewall (WAF). WAF provides centralized, inbound protection for your web applications.
  17. Azure Distributed Denial of Service (DDoS) protection DDoS attacks overwhelm and exhaust network resources, making apps slow or unresponsive. • Sanitizes unwanted network traffic before it impacts service availability. • Basic service tier is automatically enabled in Azure. • Standard service tier adds mitigation capabilities that are tuned to protect Azure virtual network resources Attacker Azure Backbone Azure DDoS Protection MODULE -5 Virtual Network Compare Authentication and Authorization Authentication • Identifies the person or service seeking access to a resource. • Requests legitimate access credentials. • Basis for creating secure identity and access control principles. Azure Multi-Factor Authentication Authorization • Determines an authenticated person's or service's level of access. • Defines which data they can access, and what they can do with it. Provides additional security for your identities by requiring two or more elements for full authentication. Something you know Something you possess Something you are
  18. Username Password Azure Active Directory (AAD) Azure Active Directory (AAD) is Microsoft Azure's cloud-based identity and access management service. Authentication (employees sign-in to access resources). Single sign-on (SSO). Application management. Business to Business (B2B). Business to Customer (B2C) identity services. Device management. Conditional Access Conditional Access is used by Azure Active Directory to bring signals together, to make decisions, and enforce organizational policies. User or Group Membership IP Location Device Application Risk Detection Signals user and location Application Verify every access attempt Device Allow access Require MFA Real-time risk Block access Apps and data 101010 010101 101010
  19. AZURE GOVERNANCE METHODOLOGIES Explore Role-based access control (RBAC) Fine-grained access management. Segregate duties within the team and grant only the amount of access to users that they need to perform their jobs. Enables access to the Azure portal and controlling access to resources. Azu re Active Directory User Apps User groups Azu re Azure su bscri ption Resource group Resource group Resource locks • Protect your Azure resources from accidental deletion or modification. • Manage locks at subscription, resource group, or individual resource levels within Azure Portal. Lock Types CanNotDelete ReadOnly Read Update Yes No Delete No No
  20. Tags Provides metadata for your Azure resources. Logically organizes resources into a taxonomy. Consists of a name-value pair. Very useful for rolling up billing information. OR owner: joe department: marketing environment: production Azure Policy cost-center: marketing Azure Policy helps to enforce organizational standards and to assess compliance at scale. Provides governance and resource consistency with regulatory compliance, security, cost, and management. • Evaluates and identifies Azure resources that do not comply with your policies. • Provides built-in policy and initiative definitions, under categories such as Storage, Networking, Compute, Security Center, and Monitoring. Azure Blueprints Azure Blueprints makes it possible for development teams to rapidly build and stand up new environments. Development teams can quickly build trust through organizational compliance with a set of built-in components (such as networking) in order to speed up development and delivery. Role Assignments Policy Assignments Azure Resource Manager Templates Resource Groups
  21. Cloud Adoption Framework xo Strategy Define business justification and expected outcomes. Migrate Migrate and modernize existing workloads. Manage Operations management for cloud and hybrid solutions. Plan Align actionable adoption plans to business outcomes. Innovate Develop new cloud-native or hybrid solutions. Ready Prepare the cloud environment for the planned changes. Govern Govern the environment and workloads. The One Microsoft approach to cloud adoption in Azure. Best practices from Microsoft employees, partners, and customers Tools, guidance, and narratives for strategies and outcomes. Security, Privacy, and Compliance Security: Secure by design. With built in intelligent security, Microsoft helps to protect against known and unknown cyberthreats, using automation and artificial intelligence. Privacy: We are committed to ensuring the privacy of organizations through our contractual agreements, and by providing user control transparency. Compliance: We respect local laws and regulations and provide comprehensive coverage of compliance offerings. Compliance Terms and Requirements Microsoft provides the most comprehensive set of compliance offerings (including certifications and attestations) of any cloud service provider. Some compliance offerings include. CJIS Criminal Justice Information Services CSA STAR Certification EU Model Clauses Microsoft privacy statement HIPAA Health Insurance Portability and Accountability Act ISO/IEC 27018 NIST National Institute of Standards and Technology The Microsoft privacy statement provides openness and honesty about how Microsoft handles the user data collected from its products and services. The Microsoft privacy statement explains: • What data Microsoft processes. • How Microsoft processes it. • What purposes the data is used for. Online Services Terms and Data Protection Addendum Online Services Terms: The licensing terms define the terms and conditions for the products and Online Services you purchase through Microsoft Volume Licensing programs. Data Protection Addendum: The DPA sets forth the obligations, with respect to the processing and security of Customer Data and Personal Data, in connection with the Online Services.
  22. Trust Center Learn about security, privacy, compliance, policies, features, and practices across Microsoft's cloud products. The Trust Center website provides: • In-depth, expert information. • Curated lists of recommended resources, arranged by topic. • Role-specific information for business managers, administrators, engineers, risk assessors, privacy officers, and legal teams. Azure Compliance Documentation Microsoft offers a comprehensive set of compliance offerings to help your organization comply with national, regional, and industry-specific requirements that govern the collection and use of data. Azure Sovereign Regions (US Government services) Meets the security and compliance needs of US federal agencies, state and local governments, and their solution providers. Azure Government: • Separate instance of Azure. • Physically isolated from non-US government deployments. • Accessible only to screened, authorized personnel. Examples of compliant standards: Fed RAMP, NIST 800.171 (DIB), ITAR, IRS 1075, DOD L2, L4 & L5, and CJS. Azure Sovereign Regions (Azure China) Microsoft is China's first foreign public cloud service provider, in compliance with government regulations. Azure China features: • Physically separated instance of Azure cloud services operated by 21 Vianet • All data stays within China to ensure compliance

Need a Tutor or Coaching Class?

Post an enquiry and get instant responses from qualified and experienced tutors.

Post Requirement

Related Study Notes

Upload Study Notes

If you have your own Study Notes which you think can benefit others, please upload on LearnPick. For each approved Study Note you will get 100 Credit Points and 100 Activity Score which will increase your profile visibility.

Upload Now
Home > Study Notes > NOTES FOR AZURE FUNDAMENTALS AZ-900