Availability Set – a logical group capability; isolation of resources; redundancy
—
CapEx – money spent on fixed assets; owning property, computer/network equipment; one time purchases
—
OpEx – day to day business; used up within the year; leases equipment.
—
IaaS – test and dev, web hosting, storage, backup, and recovery; running web applications, big data analysis.
—
PaaS – dev and dev environment; includes tools, middleware, db management, etc.; connected with IaaS (where the vendor controls the IaaS), but also includes tools.
—
SaaS – apps over the internet; online email, office 365.
—
Public Cloud – most common.
Private Cloud – used exclusively by a business.
Hybrid – combine on-prem with public cloud; private and public resources.
—
Region – deployed within a latency-defined perimeter.
All regions are paired, as regional pairs.
—
Availability Zone – protects applications and data from datacenter failures.
—
Resource Groups – holds related resources for an Azure solution; management boundary.
—
Resource Manager – deploy objects and maintain consistency
resource – manageable item; VM, web apps
resource groups – contains resources
resource provide – supplies resources; microsot.compute, microsot.web
resource manager template –
declarative syntax –
—
Scale sets – create and manage a group of identical, load balanced VMs.
App Service – quickly build powerful web, mobile, and API apps.
Azure Functions – run code on demand, a serverless compute service.
—
Azure Virtual Networks – scoped to one region, secure, isolation and segmentation.
–deleting or reconfiguring VNGs is a good way to provide cost savings
—
Azure Load Balancer – scale applications and high availability.
Azure VPN Gateway – send encrypted traffic. Can take up to 45 minutes to create. Topologies: site-to-site, multi-site, point-to-point, vnet-to-vnet, expressroute
—
Content Delivery Network – point of presence, minimizes latency, delivers web content to users.
—
Blob Storage in Azure – store large, unstructured data
-store images directly to browser
-stream videos and audio
-writing logs
-storing data for backup/restore
-3 requirements: storage account, container, blob
-3 types: block, append, page
—
Azure Files – managed file shares in the cloud; shared access, fully managed, scripting and tooling.
—
Archive Storage – lowest cost, incurs higher retrieval costs
blobs in Archive can’t be read, copied, overwritten, or modified.
-long-term backup
—
CosmoDB – globally distributed, multi-model DB service; elastically scale.
—
Azure SQL DB – a relational DB-as-a-service.
—
Database Migration Service – fully managed service; enables seamless migrations; High availability.
—
Azure SQL Data Warehouse – enterprise data warehouse
-massively parallel processing
-simple polybase t-sql queries
-high performance analytics
—
Azure IoT – central message hub.
—
HDInsight – use Azure HDInsight to analyze streaming or historical data
-is a managed, full-spectrum, open-source analytics service for enterprises.
-HDInsight is a cloud service that makes it easy, fast, and cost-effective to process massive amounts of data.
-HDInsight also supports a broad range of scenarios, like extract, transform, and load (ETL); data warehousing; machine learning; and IoT.
—
Data Lake Analytics – on-demand analytics job service
-simplifies big data
-scale instantly
—
Azure Machine Learning Service – manage machine learning
-supports open source
-support for rich tools
—
Azure Machine Learning Studio – drag and drop tool build and manage predictive analytics
-publishes models as web services
-interactive
-no programming
—
Azure Logic Apps – automate and orchestrate tasks, processes, and workflows
-send email notifications in O365
-monitor tweets
—
Azure CLI – command line for managing azure resources
-build automation scripts
—
Azure PowerShell – cmdlets for managing Azure Resources
Az Module – run powershell 5x on Windows or powershell 6
—
Azure Advisor – personalized consultant
-recommends cost effectiveness, performance, High availability, and security.
—
Azure Firewall – cloud-based network security service
-Stateful
-High availability
—
Azure DDOS Protection –
-basic protection
-standard protection
-mitigation: volumetric attacks, protocol attacks, resource layer attacks
—
Network Security Groups – filter network traffic
-contain security rules
—
Authentication and Authorization
Authentication – act of validating users
Authorization – is the process of giving the user permission to access resources
—
Azure Active Directory – Cloud-based Identity and access management service
– sign in and access internal and external resources
—
Azure AD Identity Protection – enables organizations to configure automated responses to detected suspicious actions related to user identities.
—
Azure Multi-factor Authentication – requires two or more authentication methods
-something you have
-something you know
-something you are
-authentication methods image
—
Azure Security – Secure Platform, Privacy & Controls, Compliance, Transparency
—
Azure Security Center – Strengthen (security posture), Protect (against threats), Secure (get secure faster).
— Azure Key Vault – encrypt keys and small secrets.
-handles certificates and key management
-protects by HSMs (hardware security models)
—
Azure Information Protection – AIP – Use labels to classify/protect documents and emails.
-headers, footers, and watermarks.
-uses Azure Rights Management
—
Azure Advanced Threat Protection – ATP – a cloud-based security solution
-investigate advanced threats and malicious actions
-monitors and analyzes user activities
—
Azure Policies – Used to Create, Assign, and Manage Policies
-stay compliant
-enforce rules
—
RBAC – Role-based Access Control – manage access to resources
-authorization system
-fine-grained access management
-can split responsibilities
-create role assignments to enforce permissions
RBAC Roles
-Owner: full access
-Contributor: manage all types of access, cannot grant access
-Reader: view existing resources
-User Access Administrator: manage user access
Each subscription can support up to 2000 role assignments.
—
Resource Locks – prevent users from accidentally deleting or modifying resources
-Can set lock level CanNotDelete or ReadOnly
-Called Delete and Read-only in the Portal
-Inheritable
-Built-in Owner and User Access Administrator cal delete locks
—
Azure Advisor Security Assistance – Consolidated view of recommendation
-integrates with Azure Security Center
-prevent, detect, and respond to threats
—
Azure Monitor – Maximizes availability and Performance of Applications
-collects, analyzes, and acts on telemetry
-identifies issues affecting apps and resources
-can collect data
—
Azure Service Health – Provides personalized guidance and support
-prepare for maintenance
-understand the impact of issues
-Azure Status, Service Health, Resource Health
—
Azure Service Health notifies you about Azure service incidents and planned maintenance so you can take action to mitigate downtime. Configure customizable cloud alerts and use your personalized dashboard to analyze health issues, monitor the impact to your cloud resources, get guidance and support, and share details and updates.
—
GDPR stands for General Data Protection Regulation
—
ISO stands for International Organization for Standardization
—
Microsoft Trust Center is now totally designed to provide support and resources. The information from this new fully equipped website can be used by professionals, legal and compliance community.
Reference: https://www.microsoft.com/en-ww/trust-center/product-overview
https://docs.microsoft.com/en-us/azure/security/fundamentals/trust-center
—
The Microsoft Service Trust portal or STP provides organizations with a variety of content tools and other resources that pertain to Microsoft security privacy as well as compliance practices.
Reference: https://docs.microsoft.com/en-us/office365/securitycompliance/get-started-with-service-trust-portal
—
In Azure, you can scale automatically by configuring Auto-Scale. Auto-Scale is an Azure service Free Azure accounts have limited access to resources, such as data upload, web apps, and spending.
—
Activity logs can be used to track user activity with VMs. It is available on the blade, to the left of the VMs blade.
—
Azure Key Vault helps solve secret management, key management, certificate management, and stored secrets backed by HSMs
Reference: https://docs.microsoft.com/en-us/azure/key-vault/key-vault-whatis
—
Azure Traffic Manager – is a DNS-based traffic load balancer that enables you to distribute traffic optimally to services across global Azure regions, while providing high availability and responsiveness.
Reference: https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview
—
PowerShell Core 6.0 is a new edition of PowerShell that is cross-platform (Windows, macOS, and Linux), open-source, and built for heterogeneous environments and the hybrid cloud.
—
When VMs are created, if you want to allow RDP, or other internet ports/services, you need to configure the network security group, under the Networking option.
—
Plans
Basic
Cheapest
No email, phone support
Developer
Business hours access to Support Engineers via email
Standard, pro, premier
24×7 access to Support Engineers via email and phone
Reference: https://azure.microsoft.com/en-us/support/plans/ (study this)
—
SLAs for VMs
Monthly Uptime Calculation and Service Levels for Single-Instance Virtual Machines
Monthly Uptime % = (Minutes in the Month – Downtime) / Minutes in the Month X 100
MM-D / MM x 100
—
Monthly Uptime Calculation and Service Levels for Virtual Machines in an Availability Set
Monthly Uptime % = (Maximum Available Minutes – Downtime) / Maximum Available Minutes X 100
MM-D / MM x 100
—
Monthly Uptime Calculation and Service Levels for Virtual Machines in Availability Zones
Monthly Uptime % = (Maximum Available Minutes – Downtime) / Maximum Available Minutes X 100
MM-D / MM x 100
Reference: https://azure.microsoft.com/en-us/support/legal/sla/virtual-machines/v1_8/
—
SLAs for Azure AD
Azure Active Directory Basic
(User Minutes – Downtime) / User Minutes * 100
UM-D / UM * 100
Azure Active Directory Premium
(User Minutes – Downtime) / User Minutes * 100
UM-D / UM * 100
Reference: https://azure.microsoft.com/en-us/support/legal/sla/active-directory/v1_0/
Review this: https://azure.microsoft.com/en-us/support/legal/sla/summary/
—
Manage the availability of Windows virtual machines in Azure
To provide redundancy to your application, we recommend that you group two or more virtual machines in an availability set.
—
Azure HDInsight is a cloud-based service from Microsoft for big data analytics that helps organizations process large amounts of streaming or historical data.
Reference: https://whatis.techtarget.com/
—
Azure Data Lake Analytics is a distributed, cloud-based data processing architecture offered by Microsoft in the Azure cloud. It pairs with Azure Data Lake Store, a cloud-based storage platform designed for Big Data analytics.
—
How to avoid unknown or accidental deletion of your Azure resources by other users.
—