Dave Rendón Microsoft Azure MVP, embracing and fostering tech intensity to benefit society and thrive in a digital world.

Microsoft Azure Training Day: Fundamentals

13 min read

Hey Folks! I wanted to share my experience and some notes from the Microsoft Azure Training Day: Fundamentals that might be useful if you are looking to get certified on the Exam AZ-900: Microsoft Azure Fundamentals.

A few days ago I had the opportunity to participate on a Microsoft event in Bellevue about Azure Fundamentals to improve your understanding of cloud concepts and acquire the knowledge you need to earn the Microsoft Azure Fundamentals certification.

Check if there is a Microsoft Azure Training Day: Fundamentals near you! – https://azure.microsoft.com/en-us/community/events/?query=azure+training+day%3A+fundamentals

On this Microsoft Azure Training Day: Fundamentals you could learn basic strategies for transitioning to the cloud along with concepts including security, high availability, scalability, elasticity, agility, fault tolerance, and disaster recovery. So it is a good opportunity to attend this event and apply for the AZ-900 exam. You could get a voucher and a practice test.

The AZ-900: Microsoft Azure Fundamentals exam measures your ability to understand the following concepts: cloud concepts; core Azure services; security, privacy, compliance, and trust; and Azure pricing and support but take it easy, if you understand core cloud components and pricing you are good to go!

Resources

There are some resources that I would like to share with you before I share my notes from the event:

Really the exam is measured around the following skills:

• Understand cloud concepts
• Understand core Azure services
• Understand security, privacy, compliance, and trust
• Understand Azure pricing and support

That said, here´s the event recap on the

Microsoft Azure Training Day: Fundamentals

Morning kicked off with a really cool presentation including the overall agenda and the modules that we were supposed to review. This modules were aligned to really prepare you to pass the AZ-900 exam.

Microsoft Azure Training Day: Fundamentals

  • Module 0: Course Introduction & Module 1: Cloud Concepts
  • Module 2: Core Azure Services
  • Module 3: Security, Privacy, Compliance, & Trust
  • Module 4: Azure Pricing and Support

So here are my notes starting from Module 2.

Microsoft Azure Training Day: Fundamentals – Module 2 Understand Core Azure Services.

Regions

Find the place for your infrastructure to exist, not only the one available but the one you need!

A datacenter with a region this is going a geographic are with probably 1 or more datacenters

There are some restricted regions such as Azure government, to get into one restricted region you need to submit probe to Microsoft that you have business in

It’s important to highlight that every region has a pair, the benefit is that it is an automated replication target. So for example if a chose Geo-Redundant-Storage (GRS) then this will be replicated to the paired region

Geographies: collection of regions that allows you to be compliant such as GDPR.

Availability Zones – selected regions where av zones guarantee that in that region there are at least 3 datacenters to effectively maintain HA mostly in terms of power, electricity or hardware failure

Availability sets. – Important to note that there are 2 domain types

Update domains – mainly for planned maintenance, so if for some reason Microsoft have to perform some cleaning, patch the hypervisor, etc. … so you would want to spread your infrastructure across different domains

What we are saying is that we are not taking more than 1 domain then is patched and then go to the next domain. Ensure that you have your infrastructure in more than 1 update domain.

Fault domain – mainly for unplanned events, if the server goes down, then there is a downtime for the fault domain.

Resource groups – you can see them as a logical containers. Each resource can exist once and only once at a time .

Mainly used to collect things(resources/services), like application based, if you app has networking components, cd etc. then we can group all those components in that resource group to easily manage it.

Quick note: Some resources can´t be moved such as express route.

Azure compute services

Typically speaking, resources on VMs will be available within minutes.

Azure compute services – virtual machines (VMs)

VMs are software emulations of physical computers, examples of services for VMSs include:

  • Azure VMs
  • VM scale sets: designed for automatic scaling of identical VMS
  • App services: PaaS offering to build, deploy and scale enterprise-grade web, mobile and API apps
  • Functions: creates infrastructure based on an event – Infrastructure as Code, my infrastructure exists only for a time for the event.

Microsoft Azure Training Day: Fundamentals DEMO – Virtual Machines

Family Conventions for VMs (https://azure.microsoft.com/en-us/pricing/details/virtual-machines/series/)

Quick note: There are mainly 2 states when stopping a VM:

  • Stop – bring down the virtual machine but you still paying for that VM
  • Stop deallocated -shutdown completely the vm and you will loose any temporary data, IP address, any non-persistent component associated. When Auto shutdown is applied VM will be stopped deallocated state

Azure compute services – container services

Containers are a virtualization environment. Unlike virtual machines, they do not include an Operating System.

Containers are meant to be lightweight. Designed to be created, scaled out and stopped dynamically. Examples include:

  • Azure Container Instances: A PaaS offering that allows you to upload your containers which it then will run for you
  • Azure Kubernetes Service: a container orchestrator service for managing large number of containers

Azure Network services

  • Azure Virtual Network: IaaS service to create and use VMs in the cloud
  • Azure Load Balancer: Designed for automatic scaling of identical VMs.
  • VPN Gateway: Provides a more secure connection from -on-premises to Azure over the internet
  • App Gateway: a web traffic load balancer that enables you to manage traffic to your web applications
  • Content Delivery Network: A way to get content to users in their local region to minimize latency.

Azure storage services

Azure storage is a service that you can use to store files, messages, tables and other types of information. Example:

  • blob storage: no restrictions on the kinds of data it can hold. Blobs are highly scalable
  • disk storage; Provides disks for virtual machines, apps and other services
  • file storage: Azure files offers fully-managed file shares in the cloud
  • archive storage: Storage facility for data that is rarely accessed

Microsoft Azure Training Day: Fundamentals DEMO- create storage account

Azure database services

  • Azure cosmos database: a globally-distributed database service that enables you to elastically and independently scale throughput and storage.
  • Azure SQL database: a relational database as a service based on the latest stable version on the MS SQL server database engine.
  • Azure database migration: a fully manage service designed to enable seamless migrations from multiple databases sources to azure data platforms with minimal downtime

Azure Marketplace

Connects end users with Microsoft partners , independent software vendors and startups that offer solutions and services for azure

Validated marketplace where azure customers can find try purchase and provision azure apps and services from certified service providers.

Includes close to 10,000 products

Internet of things

  • IoT Central: fully managed global IoT SaaS solution that makes it easy to connect, monitor and manager your IoT assets at scale
  • IoT Hub: a managed service hosted in the cloud that acts as a central message hub for bidirectional communication between your IoT app and the devices it manages

Big data and analytics

  • Azure SQL data warehouse
  • Azure HD Insights
  • Azure DataLake Analytics

Artificial Intelligence

  • Azure Machine learning service – preferred if you´re new to ML on Azure
  • Azure machine learning studio

Serverless computing

  • Azure Functions: compute when you needed, event driven code
  • Azure logic apps: a cloud service that helps you automate and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems and services across enterprise or organizations
  • Azure event grid: a fully managed intelligent event routing service that uses a publish-subscribe model for uniform event consumption

DevOps

  • Azure devops services: provides development collaboration tools including pipelines, git repositories, Kanban boards and extensive automated and cloud-based load testing
  • Azure DevTest labs: allows you to quickly create environments in azure while minimizing waste and controlling costs

Management solutions

Azure management tools include:

  • Azure portal – management website accessed via a web browser
  • Azure PowerShell – command shell scripting language
  • Azure Command-line Interface –
  • Azure Cloud shell

Microsoft Azure Training Day: Fundamentals DEMO- customize and browse resources on the Azure portal.

Azure Advisor

With azure advisor you can

  • Get proactive actionable and personalized best practice recommendations
  • Improve the performance security and availability of your resources
  • Identify opportunities to reduce your azure costs.

Module 2 review questions

  1. What are the core architectural components of azure? – think physical regions, geographies, av zones, av sets,
  2. Every resource crated in azure must exist in one and only one what?
    — Resource group
  3. You need to deploy a legacy app in azure that has some customizations that are needed to ensure it runs successfully. The app will run on a VM running the Windows OS -Which azure service do you recommend running the virtual machine in? –Azure virtual machines

Microsoft Azure Training Day: Fundamentals. Module 3: Security, Privacy, Compliance & Trust

Learning objectives

Understand and describe how to secure network connectivity in azure
Understand and describe core azure id services, security tools, features, azure governance.

Network security groups

Filters network traffic to and from azure resources on azure virtual networks

Features.

  • Set inbound and outbound rules to filter by source and destination IP address, port and protocol
  • Add multiple rules, as needed within subscription limits

Application security groups

provides for the grouping of servers with similar port filtering requirements and group together servers with similar functions such as webservers

  • Defense in depth
    a layered approach to securing computer systems
  • provides multiple levels of protection
  • Mitigate attacks against one layer are isolated from subsequent layers

Choosing azure network security solutions

  • Perimeter layer, protect your networks boundaries with azure DDoS protection and azure firewall

Shared responsibility

Migrating from customer controlled to cloud based data centers shift the responsibility for security

Security becomes a shared concern between cloud providers an customers

Authentication and authorization

  • Authentication – how do I know you are the person you say you are?
  • Authorization – whether if you are allowed to touch that resource.

Azure Active Directory

Azure cloud-based identity access and access management service

Includes

  • authentication
  • SSO
  • App management

Multi-Factor Authentication

Provides additional security for your identities by requiring 2 or more elements for full auth. 3 categories

  • Something you know
  • You possess
  • You are

Security tools and features

Security center monitoring services that provides threat protection across all azure and on-premises services

  • provides security recommendations based on your configurations resources and networks

Scenarios
Detect assess and diagnose stages of an incident response

Key vault

Stores App secrets in a centralized cloud locations to control access permissions and access logging

Azure information protection

classifies and protects documents and emails by applying labels

Azure advanced threat protection

Cloud based security solution for identifying detecting and investigating

Initiatives (group of Azure policies)

  • work alongside policies in Azure Policy
    • Group multiple policy definitions into a single unit to track compliances

RBAC . Role Based Access Control

  • fine grained access management control over you azure resources

Available to all azure subscribers
-ie grant specific access rights to particular users for certain jobs
allocate particular database types to creating databases administration groups.

Locks

protect your azure resources form accidental deletion or modification

Mange lock at subscription resource group or individual resource levels within azure portal

User Actions
Lock typesReadUpdateDelete
Cannot deleteYesYesNo
Read onlyYesNono

Azure advisor

  • Get personalized advice and recommendations to improve and enhance security
  • Integrates with azure security center to provide in-depth security
  • View recommendations

Azure blueprints

Create reusable environment definitions that can recreate your azure resources and apply your policies instantly

Usage:

  • Help audit and trace your deployments and maintain compliance using built-in tools and artifacts.
  • Associate blueprints with specific devops build artifacts and release pipelines for rigorous tracking

Subscription governance

There are mainly 3 aspects to consider in relation to creating and managing subscription

  • Billing: reports and charge back can be generated per subscription
  • Access control: a subscription is a deployment boundary for azure resources and has the ability to setup tole-based access control
  • Subscription limits: subscription are also bound to some hard limitations if there is a need to go over those limits in particular scenarios, then additional subscriptions may be needed. If you hit a hard limit there is no flexibility. -Example limit of 50 VNet per subscription.

Monitoring and reporting in azure

Tags

Tag properly, tag often. Apply tags to your azure resources providing metadata to logically organize them into a taxonomy .

Azure monitor.

Collect analyze and act on telemetry from cloud and on-premises environments to maximize your apps availability and performance

  • Starts collecting data as soon as you create an azure subscription and add resources
  • Activity logs, record all resource creation and modification events
  • Metrics -measure resource performance and consumption
  • Add an azure monitor agent to collect operational data for a resource

Service health

Evaluate the impact of azure service issues with personalized guidance and support notifications and issue resolution updates

Components:

  • Status
  • Service health
  • Resource health

Monitoring apps and services

Integrate azure monitor with other azure services to improve your data monitoring capabilities, and gain better insights into your operations

  • Analyze – use variants of azure monitor for resources with azure ap insights for apps
  • Respond. Azure alerts can respond proactively to critical conditions identified in you monitor data
  • Visualize- use azure monitor data to create interactive visualizations
  • Integrate – integrate azure monitor with other systems to build customized solutions to suit your need and requirements

Compliance terms and requirements

Microsoft provides the most comprehensive set of compliance offerings of any cloud service provider

Some include

CJIS
CSA star certification
Gdpr
Hipaa
Iso/iec27019
Nist

Microsoft privacy statement

Provides openness and honesty about how MS handles the user data collected form its products and servicesMicrosoft privacy statements explains

  • Which data Microsoft process
  • how Microsoft processes it
  • And for what purposes Test question!

Trust center

Microsoft.com/trustcenter

Learn about security, privacy compliance policies, features and practices across mS cloud products

Services trust portal

Sercivetrust.microsoft.com

Website for compliance-related publications about Microsoft cloud services

Use it to access:

  • Audit reports
  • Guides
  • Publications about trust

Compliance manager.

a workflow-based risk assessment tool in the Microsoft Service Trust Portal, enables you to track, assign, and verify your organization’s regulatory compliance activities related to Microsoft Professional Services and Microsoft cloud services compliance activities

Azure Government services

  • meets the security and compliance needs of us federal agencies state and local governments and their solution providers

Azure Government:

  • Separate instance of azure
  • Physically isolated from non-us government and deployment
  • Accessible only to screened authorized personnel

Azure Germany

Meets strict data protection access and control requirements under German law including:

  • Customer data and supporting systems reside in German data centers
  • Datacenters are managed independently

Azure china

21vianet to provide services

Module 3 review questions:

  1. There’s been an attack on you website, the apps resources have been exhausted and are now unavailable what services should you use to prevent shits type of attack
    — azure DDoS
  2. Azure ad is capable of providing which services? Authentication, authorization, SSO, app management, b2b, b2c, device management – answer might be all of the above!
  3. Where can you obtain details about the personal data Microsoft processes how Microsoft processes it and for what purposes?

Microsoft Azure Training Day: Fundamentals Module 04 – Azure Pricing and Support

Objectives:

• Understand and describe azure subscription and management groups
• Recognize ways to plan and manage costs
• Understand azure support options
• Understand and describe SLAs
• Understand and describe the service lifecycle in azure

Azure subscriptions

Provides you with authenticated and authorized access to azure products and services and allow you to provision resources on azure. It’s a logical unit of azure services that links on an azure account

.Azure offers free and paid subscription options to suite different need and requirements. An account can have one subscription or multiple subscriptions that have different billing models and to which you apply different access management policies.

Subscriptions uses and options

Use azure subscriptions to define boundaries around azure products services and resources.

2 types of subscriptions

  • Billing boundary – determines how an azure account is billed for using azure
  • Access control boundary .- azure will apply access management policies at the subscription level

Several other subscription types to choose from include the free account PAYG

Management groups

Folder for subscription, collection of subscriptions.

Are containers for managing access policies, and compliance across multiple azure subscriptions

Allows you to order your resources hierarchically into collections which provide a further level of classification beyond subscriptions.

You can apply an initiative to a management group.

Object hierarchy

The organization structure for resources in azure has 4 levels.
1. Management groups
2. Subscriptions
3. Resource groups
4. Resources

Purchasing Azure products and services

3 main customer types on which the available purchasing options for azure products and services are:

• Enterprise agreement -enterprise customers sing an enterprise agreement with azure that commits them to spending a negotiated amount on azure services which is paid annually
• Web direct. Web direct customers sign up for azure thru the azure website
• CSP. Microsoft partner companies

Products and services in azure are arranged by category, such as compute and networking, which have various resources that you can provision

Azure free account

  • provides subscribers with 200 usd azure credit for a 30 day trial period
  • Once trials end azure suspends your account unless you sign up for a paid account.

Factors affecting costs

3 primary factors

  • Resource type: costs are resources-specific, so the usage that a meter tracks and the number of meters associated with a resource depend on the resources type
  • Services. Azure usage rates and billing periods can differ between enterprise, web direct and CSP customers
  • Location. Azure infrastructure is globally distributed, and usage costs might vary between locations that offer particular azure products services and resources.

Example: DC in Virginia is overall really cheap and so we can do storage very cheap, if you go to Sao Paulo or Singapore, overall you will see a price increase.

Most of the EMEA or North America regions cost more or less the same.

Zones for billing purposes.

Bandwidth refers to data moving gin and out of azure datacenters
Some inbound data transfers are free such ad data going into azure datacenters. For outbound data transfers such as data going out of azure datacenters – pricing is based on zones

Pricing calculator.

Helps you estimate all you need and configure them according to your specific requirements.

Azure provides a detailed estimate of the costs associated with you selections and configurations.

PRICING CALCULATOR – https://azure.microsoft.com/en-us/pricing/calculator/

Total cost of ownership calculator

A tool that you use to estimate costs savings you can realize by migrating to azure

A report compares the costs of on-premises infrastructures with the costs of using Azure products and services to host infrastructure in the cloud.

TIP : question How can you compare cost on azure

Minimizing costs.

Best practice guidelines

  • Perform cost analyses: use the azure pricing and TCO calculators
  • Monitor usage with azure advisor. Implement recommendations
  • Use spending limits: Use via free trial customers and some credit-based azure subscriptions
  • Use azure reservations: Reserve products and resources by pay in in advance
  • Chose low-cost locations and regions. If possible use low-cost locations
  • Apply tags to identify cost owners: identify usage owners with tags.

Azure Cost Management.

Is an azure product that provides a set of tools for monitoring, allocating and optimizing azure costs, provides:

  • Reporting. Generates reports
  • Data enrichment improves accountability by categorizing resources with tags
  • Budgets. Monitors resources demand trends consumption rates and cost patterns
  • Alerting. Provides alerts based on you cost and usage budgets
  • Recommendations. Provides recommendations to eliminate idle resources and to optimize provisioned azure resources

Microsoft Azure Training Day: Fundamentals. Understand your bill for Microsoft Azure

Support plan options

Every subscription includes

  • Free access to billing and subscription support
  • Azure products and services documentation
  • Online self-help docs
  • Community support forums

Paid support plans

  • Developer for azure use in trial and non production environments
  • Standard. Appropriate for azure in production environments
  • Professional direct. Appropriate for organizations with business critical dependence on azure
  • Premier. Ideal for organizations with substantial dependency on MS products including azure

Exam tip! Be aware of the names and priority!

Alternate support channels

  • MSDN azure forums
  • Stack overflow
  • Server faults
  • Azure feedback forums
  • twitter

Azure knowledge center

A searchable dab that contains support questions and answers from a community of azure experts developers customers and users.

SLAs Service Level Agreements

  • Document that specify terms that define azure performance standards
  • Define Microsoft commitment to an azure service or products
  • Individual SLAs are available for each azure product and services

SLA for azure products and services

3 key characteristics

  • Performance targets uptime and connectivity guarantees: uptime or connectivity rates such as availability
  • Performance targets range: typical SLAs specify performance-target commitments ranging from 99.9 to 99.99%
  • Service credits: percentage of the applicable monthly service fees credited to you if a service fails to meet SLA uptime guarantee

Composite SLAs

Question
What is the max downtime you would expect for this app ?

The composite for sla is 99.95* 99.99 = 9,994.0005 99.94

Improving SLAs

  • Move to PaaS. Azure customers can use SLA to evaluate how their Azure solutions meet their business requirements, and the needs of their clients and users
  • Self-healing. You azure solution should be self-diagnosing and self-healing
  • Response time. Responding to failures quickly enough to meet SLA performance targets above four 9s are difficult to meet
  • Realistically achievable: the smaller the time window for recover, ie.e hourly or daily – the tighter the tolerances and higher the cost

Service Lifecyle

Public and private preview features

MS offers preview of azure features for evaluation purposes
You can test beta and other pre-release features,
2 types of preview

  • private preview – azure feature is available to certain azure customers for evaluation
  • Public preview. Azure feature is available to all azure customer for evaluation

Accessing azure portal review
preview.portal.azure.com
provide performance, navigation and accessibility improvements to the azure portal interface.

General availability

  • Once a feature is evaluated and tested successfully it might be released to customers as part of the Azure default service or feature set.
  • Once the feature is released to all azure customer and this release is referred to GA

Monitoring feature updates

Check Azure updates

  • View details about all azure updates

Module review questions:

  • What is an azure subscription – a logical boundary
  • What are some of the factors affecting costs: type of the resource, region, SLA, services(thru CSP? Webdirect?)
  • what 4 paid plan types are available with azure?
    developer, standard, professional, premier

Hope this notes from the Azure Training Day: Fundamentals help you on your journey to achieve the AZ-900 certification!

Dave Rendón Microsoft Azure MVP, embracing and fostering tech intensity to benefit society and thrive in a digital world.

Leave a Reply

Your email address will not be published. Required fields are marked *