Hey Folks! I wanted to share my experience and some notes from the Microsoft Azure Training Day: Fundamentals that might be useful if you are looking to get certified on the Exam AZ-900: Microsoft Azure Fundamentals.
A few days ago I had the opportunity to participate on a Microsoft event in Bellevue about Azure Fundamentals to improve your understanding of cloud concepts and acquire the knowledge you need to earn the Microsoft Azure Fundamentals certification.
Check if there is a Microsoft Azure Training Day: Fundamentals near you! – https://azure.microsoft.com/en-us/community/events/?query=azure+training+day%3A+fundamentals
On this Microsoft Azure Training Day: Fundamentals you could learn basic strategies for transitioning to the cloud along with concepts including security, high availability, scalability, elasticity, agility, fault tolerance, and disaster recovery. So it is a good opportunity to attend this event and apply for the AZ-900 exam. You could get a voucher and a practice test.
The AZ-900: Microsoft Azure Fundamentals exam measures your ability to understand the following concepts: cloud concepts; core Azure services; security, privacy, compliance, and trust; and Azure pricing and support but take it easy, if you understand core cloud components and pricing you are good to go!
There are some resources that I would like to share with you before I share my notes from the event:
- Microsoft Learn Path on Azure Fundamentals – https://docs.microsoft.com/en-us/learn/paths/azure-fundamentals/ – I strongly suggest you check it out
- Exam on Microsoft Learning – https://www.microsoft.com/en-us/learning/exam-AZ-900.aspx
- Course on Pluralsight: https://www.pluralsight.com/courses/azure-fundamentals
Really the exam is measured around the following skills:
• Understand cloud concepts
• Understand core Azure services
• Understand security, privacy, compliance, and trust
• Understand Azure pricing and support
That said, here´s the event recap on the
Microsoft Azure Training Day: Fundamentals
Morning kicked off with a really cool presentation including the overall agenda and the modules that we were supposed to review. This modules were aligned to really prepare you to pass the AZ-900 exam.
Microsoft Azure Training Day: Fundamentals
- Module 0: Course Introduction & Module 1: Cloud Concepts
- Module 2: Core Azure Services
- Module 3: Security, Privacy, Compliance, & Trust
- Module 4: Azure Pricing and Support
So here are my notes starting from Module 2.
Microsoft Azure Training Day: Fundamentals – Module 2 Understand Core Azure Services.
Find the place for your infrastructure to exist, not only the one available but the one you need!
A datacenter with a region this is going a geographic are with probably 1 or more datacenters
There are some restricted regions such as Azure government, to get into one restricted region you need to submit probe to Microsoft that you have business in
It’s important to highlight that every region has a pair, the benefit is that it is an automated replication target. So for example if a chose Geo-Redundant-Storage (GRS) then this will be replicated to the paired region
Geographies: collection of regions that allows you to be compliant such as GDPR.
Availability Zones – selected regions where av zones guarantee that in that region there are at least 3 datacenters to effectively maintain HA mostly in terms of power, electricity or hardware failure
Availability sets. – Important to note that there are 2 domain types
Update domains – mainly for planned maintenance, so if for some reason Microsoft have to perform some cleaning, patch the hypervisor, etc. … so you would want to spread your infrastructure across different domains
What we are saying is that we are not taking more than 1 domain then is patched and then go to the next domain. Ensure that you have your infrastructure in more than 1 update domain.
Fault domain – mainly for unplanned events, if the server goes down, then there is a downtime for the fault domain.
Resource groups – you can see them as a logical containers. Each resource can exist once and only once at a time .
Mainly used to collect things(resources/services), like application based, if you app has networking components, cd etc. then we can group all those components in that resource group to easily manage it.
Quick note: Some resources can´t be moved such as express route.
Azure compute services
Typically speaking, resources on VMs will be available within minutes.
Azure compute services – virtual machines (VMs)
VMs are software emulations of physical computers, examples of services for VMSs include:
- Azure VMs
- VM scale sets: designed for automatic scaling of identical VMS
- App services: PaaS offering to build, deploy and scale enterprise-grade web, mobile and API apps
- Functions: creates infrastructure based on an event – Infrastructure as Code, my infrastructure exists only for a time for the event.
Microsoft Azure Training Day: Fundamentals DEMO – Virtual Machines
Family Conventions for VMs (https://azure.microsoft.com/en-us/pricing/details/virtual-machines/series/)
Quick note: There are mainly 2 states when stopping a VM:
- Stop – bring down the virtual machine but you still paying for that VM
- Stop deallocated -shutdown completely the vm and you will loose any temporary data, IP address, any non-persistent component associated. When Auto shutdown is applied VM will be stopped deallocated state
Azure compute services – container services
Containers are a virtualization environment. Unlike virtual machines, they do not include an Operating System.
Containers are meant to be lightweight. Designed to be created, scaled out and stopped dynamically. Examples include:
- Azure Container Instances: A PaaS offering that allows you to upload your containers which it then will run for you
- Azure Kubernetes Service: a container orchestrator service for managing large number of containers
Azure Network services
- Azure Virtual Network: IaaS service to create and use VMs in the cloud
- Azure Load Balancer: Designed for automatic scaling of identical VMs.
- VPN Gateway: Provides a more secure connection from -on-premises to Azure over the internet
- App Gateway: a web traffic load balancer that enables you to manage traffic to your web applications
- Content Delivery Network: A way to get content to users in their local region to minimize latency.
Azure storage services
Azure storage is a service that you can use to store files, messages, tables and other types of information. Example:
- blob storage: no restrictions on the kinds of data it can hold. Blobs are highly scalable
- disk storage; Provides disks for virtual machines, apps and other services
- file storage: Azure files offers fully-managed file shares in the cloud
- archive storage: Storage facility for data that is rarely accessed
Microsoft Azure Training Day: Fundamentals DEMO- create storage account
Azure database services
- Azure cosmos database: a globally-distributed database service that enables you to elastically and independently scale throughput and storage.
- Azure SQL database: a relational database as a service based on the latest stable version on the MS SQL server database engine.
- Azure database migration: a fully manage service designed to enable seamless migrations from multiple databases sources to azure data platforms with minimal downtime
Connects end users with Microsoft partners , independent software vendors and startups that offer solutions and services for azure
Validated marketplace where azure customers can find try purchase and provision azure apps and services from certified service providers.
Includes close to 10,000 products
Internet of things
- IoT Central: fully managed global IoT SaaS solution that makes it easy to connect, monitor and manager your IoT assets at scale
- IoT Hub: a managed service hosted in the cloud that acts as a central message hub for bidirectional communication between your IoT app and the devices it manages
Big data and analytics
- Azure SQL data warehouse
- Azure HD Insights
- Azure DataLake Analytics
- Azure Machine learning service – preferred if you´re new to ML on Azure
- Azure machine learning studio
- Azure Functions: compute when you needed, event driven code
- Azure logic apps: a cloud service that helps you automate and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems and services across enterprise or organizations
- Azure event grid: a fully managed intelligent event routing service that uses a publish-subscribe model for uniform event consumption
- Azure devops services: provides development collaboration tools including pipelines, git repositories, Kanban boards and extensive automated and cloud-based load testing
- Azure DevTest labs: allows you to quickly create environments in azure while minimizing waste and controlling costs
Azure management tools include:
- Azure portal – management website accessed via a web browser
- Azure PowerShell – command shell scripting language
- Azure Command-line Interface –
- Azure Cloud shell
Microsoft Azure Training Day: Fundamentals DEMO- customize and browse resources on the Azure portal.
With azure advisor you can
- Get proactive actionable and personalized best practice recommendations
- Improve the performance security and availability of your resources
- Identify opportunities to reduce your azure costs.
Module 2 review questions
- What are the core architectural components of azure? – think physical regions, geographies, av zones, av sets,
- Every resource crated in azure must exist in one and only one what?
— Resource group
- You need to deploy a legacy app in azure that has some customizations that are needed to ensure it runs successfully. The app will run on a VM running the Windows OS -Which azure service do you recommend running the virtual machine in? –Azure virtual machines
Microsoft Azure Training Day: Fundamentals. Module 3: Security, Privacy, Compliance & Trust
Understand and describe how to secure network connectivity in azure
Understand and describe core azure id services, security tools, features, azure governance.
Network security groups
Filters network traffic to and from azure resources on azure virtual networks
- Set inbound and outbound rules to filter by source and destination IP address, port and protocol
- Add multiple rules, as needed within subscription limits
Application security groups
provides for the grouping of servers with similar port filtering requirements and group together servers with similar functions such as webservers
- Defense in depth
a layered approach to securing computer systems
- provides multiple levels of protection
- Mitigate attacks against one layer are isolated from subsequent layers
Choosing azure network security solutions
- Perimeter layer, protect your networks boundaries with azure DDoS protection and azure firewall
Migrating from customer controlled to cloud based data centers shift the responsibility for security
Security becomes a shared concern between cloud providers an customers
Authentication and authorization
- Authentication – how do I know you are the person you say you are?
- Authorization – whether if you are allowed to touch that resource.
Azure Active Directory
Azure cloud-based identity access and access management service
- App management
Provides additional security for your identities by requiring 2 or more elements for full auth. 3 categories
- Something you know
- You possess
- You are
Security tools and features
Security center monitoring services that provides threat protection across all azure and on-premises services
- provides security recommendations based on your configurations resources and networks
Detect assess and diagnose stages of an incident response
Stores App secrets in a centralized cloud locations to control access permissions and access logging
Azure information protection
classifies and protects documents and emails by applying labels
Azure advanced threat protection
Cloud based security solution for identifying detecting and investigating
Initiatives (group of Azure policies)
- work alongside policies in Azure Policy
- Group multiple policy definitions into a single unit to track compliances
RBAC . Role Based Access Control
- fine grained access management control over you azure resources
Available to all azure subscribers
-ie grant specific access rights to particular users for certain jobs
allocate particular database types to creating databases administration groups.
protect your azure resources form accidental deletion or modification
Mange lock at subscription resource group or individual resource levels within azure portal
- Get personalized advice and recommendations to improve and enhance security
- Integrates with azure security center to provide in-depth security
- View recommendations
Create reusable environment definitions that can recreate your azure resources and apply your policies instantly
- Help audit and trace your deployments and maintain compliance using built-in tools and artifacts.
- Associate blueprints with specific devops build artifacts and release pipelines for rigorous tracking
There are mainly 3 aspects to consider in relation to creating and managing subscription
- Billing: reports and charge back can be generated per subscription
- Access control: a subscription is a deployment boundary for azure resources and has the ability to setup tole-based access control
- Subscription limits: subscription are also bound to some hard limitations if there is a need to go over those limits in particular scenarios, then additional subscriptions may be needed. If you hit a hard limit there is no flexibility. -Example limit of 50 VNet per subscription.
Monitoring and reporting in azure
Tag properly, tag often. Apply tags to your azure resources providing metadata to logically organize them into a taxonomy .
Collect analyze and act on telemetry from cloud and on-premises environments to maximize your apps availability and performance
- Starts collecting data as soon as you create an azure subscription and add resources
- Activity logs, record all resource creation and modification events
- Metrics -measure resource performance and consumption
- Add an azure monitor agent to collect operational data for a resource
Evaluate the impact of azure service issues with personalized guidance and support notifications and issue resolution updates
- Service health
- Resource health
Monitoring apps and services
Integrate azure monitor with other azure services to improve your data monitoring capabilities, and gain better insights into your operations
- Analyze – use variants of azure monitor for resources with azure ap insights for apps
- Respond. Azure alerts can respond proactively to critical conditions identified in you monitor data
- Visualize- use azure monitor data to create interactive visualizations
- Integrate – integrate azure monitor with other systems to build customized solutions to suit your need and requirements
Compliance terms and requirements
Microsoft provides the most comprehensive set of compliance offerings of any cloud service provider
CSA star certification
Microsoft privacy statement
Provides openness and honesty about how MS handles the user data collected form its products and servicesMicrosoft privacy statements explains
- Which data Microsoft process
- how Microsoft processes it
- And for what purposes Test question!
Learn about security, privacy compliance policies, features and practices across mS cloud products
Services trust portal
Website for compliance-related publications about Microsoft cloud services
Use it to access:
- Audit reports
- Publications about trust
a workflow-based risk assessment tool in the Microsoft Service Trust Portal, enables you to track, assign, and verify your organization’s regulatory compliance activities related to Microsoft Professional Services and Microsoft cloud services compliance activities
Azure Government services
- meets the security and compliance needs of us federal agencies state and local governments and their solution providers
- Separate instance of azure
- Physically isolated from non-us government and deployment
- Accessible only to screened authorized personnel
Meets strict data protection access and control requirements under German law including:
- Customer data and supporting systems reside in German data centers
- Datacenters are managed independently
21vianet to provide services
Module 3 review questions:
- There’s been an attack on you website, the apps resources have been exhausted and are now unavailable what services should you use to prevent shits type of attack
— azure DDoS
- Azure ad is capable of providing which services? Authentication, authorization, SSO, app management, b2b, b2c, device management – answer might be all of the above!
- Where can you obtain details about the personal data Microsoft processes how Microsoft processes it and for what purposes?
Microsoft Azure Training Day: Fundamentals Module 04 – Azure Pricing and Support
• Understand and describe azure subscription and management groups
• Recognize ways to plan and manage costs
• Understand azure support options
• Understand and describe SLAs
• Understand and describe the service lifecycle in azure
Provides you with authenticated and authorized access to azure products and services and allow you to provision resources on azure. It’s a logical unit of azure services that links on an azure account
.Azure offers free and paid subscription options to suite different need and requirements. An account can have one subscription or multiple subscriptions that have different billing models and to which you apply different access management policies.
Subscriptions uses and options
Use azure subscriptions to define boundaries around azure products services and resources.
2 types of subscriptions
- Billing boundary – determines how an azure account is billed for using azure
- Access control boundary .- azure will apply access management policies at the subscription level
Several other subscription types to choose from include the free account PAYG
Folder for subscription, collection of subscriptions.
Are containers for managing access policies, and compliance across multiple azure subscriptions
Allows you to order your resources hierarchically into collections which provide a further level of classification beyond subscriptions.
You can apply an initiative to a management group.
The organization structure for resources in azure has 4 levels.
1. Management groups
3. Resource groups
Purchasing Azure products and services
3 main customer types on which the available purchasing options for azure products and services are:
• Enterprise agreement -enterprise customers sing an enterprise agreement with azure that commits them to spending a negotiated amount on azure services which is paid annually
• Web direct. Web direct customers sign up for azure thru the azure website
• CSP. Microsoft partner companies
Products and services in azure are arranged by category, such as compute and networking, which have various resources that you can provision
Azure free account
- provides subscribers with 200 usd azure credit for a 30 day trial period
- Once trials end azure suspends your account unless you sign up for a paid account.
Factors affecting costs
3 primary factors
- Resource type: costs are resources-specific, so the usage that a meter tracks and the number of meters associated with a resource depend on the resources type
- Services. Azure usage rates and billing periods can differ between enterprise, web direct and CSP customers
- Location. Azure infrastructure is globally distributed, and usage costs might vary between locations that offer particular azure products services and resources.
Example: DC in Virginia is overall really cheap and so we can do storage very cheap, if you go to Sao Paulo or Singapore, overall you will see a price increase.
Most of the EMEA or North America regions cost more or less the same.
Zones for billing purposes.
Bandwidth refers to data moving gin and out of azure datacenters
Some inbound data transfers are free such ad data going into azure datacenters. For outbound data transfers such as data going out of azure datacenters – pricing is based on zones
Helps you estimate all you need and configure them according to your specific requirements.
Azure provides a detailed estimate of the costs associated with you selections and configurations.
PRICING CALCULATOR – https://azure.microsoft.com/en-us/pricing/calculator/
Total cost of ownership calculator
A tool that you use to estimate costs savings you can realize by migrating to azure
A report compares the costs of on-premises infrastructures with the costs of using Azure products and services to host infrastructure in the cloud.
TIP : question How can you compare cost on azure
Best practice guidelines
- Perform cost analyses: use the azure pricing and TCO calculators
- Monitor usage with azure advisor. Implement recommendations
- Use spending limits: Use via free trial customers and some credit-based azure subscriptions
- Use azure reservations: Reserve products and resources by pay in in advance
- Chose low-cost locations and regions. If possible use low-cost locations
- Apply tags to identify cost owners: identify usage owners with tags.
Azure Cost Management.
Is an azure product that provides a set of tools for monitoring, allocating and optimizing azure costs, provides:
- Reporting. Generates reports
- Data enrichment improves accountability by categorizing resources with tags
- Budgets. Monitors resources demand trends consumption rates and cost patterns
- Alerting. Provides alerts based on you cost and usage budgets
- Recommendations. Provides recommendations to eliminate idle resources and to optimize provisioned azure resources
Microsoft Azure Training Day: Fundamentals. Understand your bill for Microsoft Azure
Support plan options
Every subscription includes
- Free access to billing and subscription support
- Azure products and services documentation
- Online self-help docs
- Community support forums
Paid support plans
- Developer for azure use in trial and non production environments
- Standard. Appropriate for azure in production environments
- Professional direct. Appropriate for organizations with business critical dependence on azure
- Premier. Ideal for organizations with substantial dependency on MS products including azure
Exam tip! Be aware of the names and priority!
Alternate support channels
- MSDN azure forums
- Stack overflow
- Server faults
- Azure feedback forums
Azure knowledge center
A searchable dab that contains support questions and answers from a community of azure experts developers customers and users.
SLAs Service Level Agreements
- Document that specify terms that define azure performance standards
- Define Microsoft commitment to an azure service or products
- Individual SLAs are available for each azure product and services
SLA for azure products and services
3 key characteristics
- Performance targets uptime and connectivity guarantees: uptime or connectivity rates such as availability
- Performance targets range: typical SLAs specify performance-target commitments ranging from 99.9 to 99.99%
- Service credits: percentage of the applicable monthly service fees credited to you if a service fails to meet SLA uptime guarantee
What is the max downtime you would expect for this app ?
The composite for sla is 99.95* 99.99 = 9,994.0005 99.94
- Move to PaaS. Azure customers can use SLA to evaluate how their Azure solutions meet their business requirements, and the needs of their clients and users
- Self-healing. You azure solution should be self-diagnosing and self-healing
- Response time. Responding to failures quickly enough to meet SLA performance targets above four 9s are difficult to meet
- Realistically achievable: the smaller the time window for recover, ie.e hourly or daily – the tighter the tolerances and higher the cost
Public and private preview features
MS offers preview of azure features for evaluation purposes
You can test beta and other pre-release features,
2 types of preview
- private preview – azure feature is available to certain azure customers for evaluation
- Public preview. Azure feature is available to all azure customer for evaluation
Accessing azure portal review
provide performance, navigation and accessibility improvements to the azure portal interface.
- Once a feature is evaluated and tested successfully it might be released to customers as part of the Azure default service or feature set.
- Once the feature is released to all azure customer and this release is referred to GA
Monitoring feature updates
Check Azure updates
- View details about all azure updates
Module review questions:
- What is an azure subscription – a logical boundary
- What are some of the factors affecting costs: type of the resource, region, SLA, services(thru CSP? Webdirect?)
- what 4 paid plan types are available with azure?
developer, standard, professional, premier
Hope this notes from the Azure Training Day: Fundamentals help you on your journey to achieve the AZ-900 certification!