------------------------------------------------------------------------------------- / _ \ \_\(_)/_/ _//"\\_ JOHLEM.net / \ https://johlem.net/V1/topics/cheatsheet.php ------------------------------------------------------------------------------------- ################################################## CHEATSHEET NOTES AZURE AZ-900 For Exam AZ-900: Microsoft Azure Fundamentals File: Cheatsheet_Azure_certNotes.txt from johlem.net ################################################## --------------------------------------- source: https://docs.microsoft.com/en-us/learn/modules/intro-to-azure-fundamentals/ Azure is a cloud computing platform Azure is a continually expanding set of cloud services. Azure provides more than 100 services Cloud computing is the delivery of computing services over the internet by using a pay-as-you-go pricing mode. build, deploy, manage application private and public cloud platform azure using vitualisation around the world -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- AZ-900 Domain Area Describe cloud concepts 20-25% Describe core Azure services 15-20% Describe core solutions and management tools on Azure 10-15% Describe general security and network security features 10-15% Describe identity, governance, privacy, and compliance features 20-25% Describe Azure cost management and Service Level Agreements 10-15% ------- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - Paid only for the service you use Paid only for the ressources you use Paid only for the storage you use You Rent, for the time you need them. ------- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - ------- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - azure = use technologie name is virtualization |hardware| -> |Hypervisor| -> |OS| Hypervisor emulate all functions of computers, can store multiples VMs.. ------- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - -- How does Azure work? -- -- -- -- -- -- -- -- -- network switch connect server Each rack connected to a fabric controller Each fabric controler is connected to Orchestrator Orchestrator responsable for everything happening in azure including user request Users made request using the web orchestrator API. The Web API can be call by many tools including the user interface of the Azure portal. WHen a user made request to create machine the Orchestra packages everything that needed, pick the best server rack and sent the package and request to the fabric controller when fabric controler had created the virtual machine, the user can connect to it. ---- ------- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - -- What is the Azure portal? -- -- -- -- -- -- -- -- -- The Azure portal is a web-based, unified console that provides an alternative to command-line tools. - Build, manage, and monitor everything from simple web apps to complex cloud deployments. - Create custom dashboards for an organized view of resources. - Configure accessibility options. Azure portal is designed for resiliency and continuous availability ---- ------- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - --- What is Azure Marketplace? (a kind of apple store) -- -- -- -- -- -- -- -- -- Azure Marketplace customers can find, try, purchase, and provision applications and services from hundreds of leading service providers. All solutions and services are certified to run on Azure. example: open-source container platforms, virtual machine images, databases, application build and deployment software, developer tools, threat detection, and blockchain --- ------- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - --- Azure services -- -- -- -- -- -- -- -- -- 10 main categories - compute: let you scale your capability on demande, you paid for what you use. // ex: Az VMs,Az kubernetes,Az service fabric, Azbatch, Azcontainer, Az functions(serveless) - networking: let you connect your cloud and on-premise infra.(ex: vpn, load balancer,DNS, DDos, Firewall..) - storage: scale your data and secure (ex: Az Blob storage (for very large object such as video files or bitmaps), AZ file Storage(file shares like file server), Az Queue storage(data store for queuing and reliable deliverig message between application), Azure table storage(stores non-relational structured data like NoSQL data) - mobile: cross platform apps, send notification, make app smarter - database: open source and proprietary (ex: Az cosmos Db(Globally distributed db that supprt NoSQL options), az cache for redis, az mariadb...) - web: build, deploy and manage webapp. create web apps, publish API for your applications. (ex: Az cognitive search(search as service), Az SignalR Service( add realtime functionality), Az Hubs(send push notification),,_ - Iot: connect, monitor all Iot assets. Analyse data from sensors and take action with it. (ex: IoT Central(Iot SaaS to connect, monitor),(Az Iot Hub(messaging hub secure communication, monitoring between iot devices), Iot Edge(allow Iot Devices to react to quick changes without needing to consult cloud based IA models)), - Big data: analytic with complex query for decision on large volume.(ex: Az synapse analytics (run analytics on massive scale), Az HDInsight(process massive amount of data Hadoop cluster), Az databrick(Apache Spack-based analytics) - AI: use you existing data to forecast futur behaviours. / AZ-Machine learning service to build, train, deploy models to the cloud (autogenerate modele)(example: panier amazon recommended other products),Az ML Studio(collaborative visual workspace to buiodl, test deploy machine learning solutions using prebuilt machine algorithms and data-handling modules) - Cognitive: text analystics translator, face api, content moderator, speed service.. - Devops: automatic delivery, deployment continous (ex: Az Devops(high performace pipelines,development collaborative tools, kaban,Git Hub, visual studio..),Az DevTest labs(quickly create on demand windows linux environnemnt to test from deployment pipelines)) --- These services all share several common characteristics: Durable and highly available with redundancy and replication. Secure through automatic encryption and role-based access control. Scalable with virtually unlimited storage. Managed, handling maintenance and any critical problems for you. Accessible from anywhere in the world over HTTP or HTTPS. ------- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - -- Azure accounts -- -- -- -- -- -- -- -- -- Azure account -> Subscriptions -> Ressource Groups -> Ressources Free Account: free access to popular azure product 12 Months / credit to spend 30 days / 25 prod always free Student account: 12 months/12 months/ 100$ credit ------- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - Azure fundamental concepts -- -- -- -- -- -- -- -- -- source: https://docs.microsoft.com/en-us/learn/modules/fundamental-azure-concepts/ ------- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - -- Cloud model comparison -- -- -- -- -- -- -- -- -- - public cloud : Services are offered over the public internet and available to anyone who wants to purchase them. Cloud resources, such as servers and storage, are owned and operated by a third-party cloud service provider, and delivered over the internet. No capital expenditures to scale up. Applications can be quickly provisioned and deprovisioned. Organizations pay only for what they use. - private cloud A private cloud consists of computing resources used exclusively by users from one business or organization. A private cloud can be physically located at your organization's on-site (on-premises) datacenter, or it can be hosted by a third-party service provider. Hardware must be purchased for start-up and maintenance. Organizations have complete control over resources and security. Organizations are responsible for hardware maintenance and updates. - hybrid cloud A hybrid cloud is a computing environment that combines a public cloud and a private cloud by allowing data and applications to be shared between them. Provides the most flexibility. Organizations determine where to run their applications. Organizations control security, compliance, or legal requirements. ------- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - -- cloud computing advantages -- -- -- -- -- -- -- -- -- - High availability: depending the SLA (servive-level agreement) - Scalability: vertical to increase compute capacity by adding RAM or CPU to virtual machine. / Horizontal to increase compute capacity, such adding vm to the configuration. - Elasticity: autoscalling for apps, so your apps get always the ressource they need. - Agility: deploy and configure cloud-based resource quickly as your app requirements change. - Geo-distribution: You can deploy apps and data to regional datacenters around the globe. - disaster recovery: backup, data replication, geo-distribution for safety or your data. ------- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - Capital expenses vs. operating expenses -- -- -- -- -- -- -- -- -- There are two different types of expenses that you should consider: - Capital Expenditure (CapEx) is the up-front spending of money on physical infrastructure, and then deducting that up-front expense over time. The up-front cost from CapEx has a value that reduces over time. BAD: Requires significant up-front financial costs, as well as ongoing maintenance and support expenditures. - Operational Expenditure (OpEx) is spending money on services or products now, and being billed for them now. You can deduct this expense in the same year you spend it. There is no up-front cost, as you pay for a service or product as you use it. consumption-based mode / only responsible for the cost of the computing resources that it uses. Cloud computing is a consumption-based model A consumption-based model has many benefits, including: - No upfront costs. - No need to purchase and manage costly infrastructure that users might not use to its fullest. - The ability to pay for additional resources when they are needed. - The ability to stop paying for resources that are no longer needed. ------- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - What are cloud service models? -- -- -- -- -- -- -- -- -- - On-Premises (private cloud) your hardware on the data center, you manage all regarding what is installed on your hardware. - Iaas : Infrastructure-as-a-Service // This cloud service model is the closest to managing physical servers; a cloud provider will keep the hardware up-to-date, but operating system maintenance and network configuration is up to you as the cloud tenant. *you manage VM, OS, app, data, runtime // cloud provider manage: compute, networking, storage - PaaS : Platform-as-a-Service // This cloud service model is a managed hosting environment. The cloud provider manages the virtual machines and networking resources, and the cloud tenant deploys their applications into the managed hosting environment. For example, Azure App Services provides a managed hosting environment where developers can upload their web applications, without having to worry about the physical hardware and software requirements. (example: heroku,aws Beanstalk, Google App Engine) *You manage Application and data and access - SaaS : Software-as-a-Service // In this cloud service model, the cloud provider manages all aspects of the application environment, such as virtual machines, networking resources, data storage, and applications.(ex Office 365, GMAIL) *you manage data and access note: Like PaaS, serverless computing enables developers to build applications faster by eliminating the need for them to manage infrastructure ------- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - Describe core Azure architectural components -- -- -- -- -- -- -- -- -- source: https://docs.microsoft.com/en-us/learn/modules/azure-architecture-fundamentals/ ------- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - Organization structure for resources in Azure: -- -- -- -- -- -- -- -- -- 4 Levels: - Management groups: These groups help you manage access, policy, and compliance for multiple subscriptions. All subscriptions in a management group automatically inherit the conditions applied to the management group. - Subscriptions: A subscription groups together user accounts and the resources that have been created by those user accounts. For each subscription, there are limits or quotas on the amount of resources that you can create and use. Organizations can use subscriptions to manage costs and the resources that are created by users, teams, or projects. - Resource groups: Resources are combined into resource groups, which act as a logical container into which Azure resources like web apps, databases, and storage accounts are deployed and managed. - Resources: Resources are instances of services that you create, like virtual machines, storage, or SQL databases. ------- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - Azure regions -- -- -- -- -- -- -- -- -- Regions are what you use to identify the location for your resources. Resources are created in regions, which are different geographical locations around the globe that contain Azure datacenters. A region is a geographical area on the planet that contains at least one but potentially multiple datacenters that are nearby and networked together with a low-latency network Some services or VM features are only available in certain regions, such as specific VM sizes or storage types Some global Azure services don't require you to select a particular region, such as Azure Active Directory, Azure Traffic Manager, and Azure DNS. - regions give you the flexibility to bring applications closer to your users no matter where they are. - Global regions provide better scalability and redundancy - They also preserve data residency for your services. Special Azure regions Azure has specialized regions that you might want to use when you build out your applications for compliance or legal purposes. - US DoD Central, US Gov Virginia, US Gov Iowa and more: These regions are physical and logical network-isolated instances of Azure for U.S. government agencies and partners. These datacenters are operated by screened U.S. personnel and include additional compliance certifications. - China East, China North, and more: These regions are available through a unique partnership between Microsoft and 21Vianet, whereby Microsoft doesn't directly maintain the datacenters. ------- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - What is an availability zone? -- -- -- -- -- -- -- -- -- Availability zones are physically separate datacenters within an Azure region. - Each availability zone is made up of one or more datacenters equipped with independent power, cooling, and networking. - An availability zone is set up to be an isolation boundary. If one zone goes down, the other continues working. - Availability zones are connected through high-speed, private fiber-optic networks. Not every region has support for availability zones (src:https://docs.microsoft.com/en-us/azure/availability-zones/az-region) You can use availability zones to run mission-critical applications and build high-availability into your application architecture by co-locating your compute, storage, networking, and data resources within a zone and replicating in other zones Availability zones are primarily for VMs, managed disks, load balancers, and SQL databases. Azure services that support availability zones fall into three categories: - Zonal services: You pin the resource to a specific zone (for example, VMs, managed disks, IP addresses). - Zone-redundant services: The platform replicates automatically across zones (for example, zone-redundant storage, SQL Database). - Non-regional services: Services are always available from Azure geographies and are resilient to zone-wide outages as well as region-wide outages. Availability zones are created by using one or more datacenters. There's a minimum of three zones within a single region. It's possible that a large disaster could cause an outage big enough to affect even two datacenters. That's why Azure also creates region pairs.. ------- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - What is a Azure region pair? -- -- -- -- -- -- -- -- -- Each Azure region is always paired with another region within the same geography (such as US, Europe, or Asia) at least 300 miles away. This approach allows for the replication of resources (such as VM storage) across a geography that helps reduce the likelihood of interruptions because of events such as natural disasters, civil unrest, power outages, or physical network outages that affect both regions at once. If a region in a pair was affected by a natural disaster, for instance, services would automatically failover to the other region in its region pair. Additional advantages of region pairs:: - Planned Azure updates are rolled out to paired regions one region at a time to minimize downtime and risk of application outage. - Data continues to reside within the same geography as its pair (except for Brazil South) for tax- and law-enforcement jurisdiction purposes. Before you create a subscription for your compagny, you will need to be ready to start creating resources and storing them in resource groups Resource: A manageable item that's available through Azure. Virtual machines (VMs), storage accounts, web apps, databases, and virtual networks are examples of resources. Resource group: A container that holds related resources for an Azure solution. The resource group includes resources that you want to manage as a group. You decide which resources belong in a resource group based on what makes the most sense for your organization. ------- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - Azure resource groups -- -- -- -- -- -- -- -- -- Resource groups are a fundamental element of the Azure platform. A resource group is a logical container for resources deployed on Azure. These resources are anything you create in an Azure subscription like VMs, Azure Application Gateway instances, and Azure Cosmos DB instances All resources must be in a resource group, and a resource can only be a member of a single resource group. Resource groups can't be nested. Before any resource can be provisioned, you need a resource group for it to be placed in. Resource groups exist to help manage and organize your Azure resources. By placing resources of similar usage, type, or location in a resource group, you can provide order and organization to resources you create in Azure. If you delete a resource group, all resources contained within it are also deleted. Organizing resources by life cycle can be useful in nonproduction environments, where you might try an experiment and then dispose of it. Resource groups make it easy to remove a set of resources all at once. Resource groups are also a scope for applying role-based access control (RBAC) permissions. By applying RBAC permissions to a resource group, you can ease administration and limit access to allow only what's needed. ------- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - Azure Resource Manager -- -- -- -- -- -- -- -- -- Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features like access control, locks, and tags to secure and organize your resources after deployment. When a user sends a request from any of the Azure tools, APIs, or SDKs, Resource Manager receives the request. It authenticates and authorizes the request. Resource Manager sends the request to the Azure service, which takes the requested action. Because all requests are handled through the same API, you see consistent results and capabilities in all the different tools. All capabilities that are available in the Azure portal are also available through PowerShell, the Azure CLI, REST APIs, and client SDKs. Functionality initially released through APIs will be represented in the portal within 180 days of initial release. With Resource Manager, you can: Manage your infrastructure through declarative templates rather than scripts. A Resource Manager template is a JSON file that defines what you want to deploy to Azure. Deploy, manage, and monitor all the resources for your solution as a group, rather than handling these resources individually. Redeploy your solution throughout the development life cycle and have confidence your resources are deployed in a consistent state. Define the dependencies between resources so they're deployed in the correct order. Apply access control to all services because RBAC is natively integrated into the management platform. Apply tags to resources to logically organize all the resources in your subscription. Clarify your organization's billing by viewing costs for a group of resources that share the same tag. ------- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - Azure subscriptions -- -- -- -- -- -- -- -- -- - Using Azure requires an Azure subscription - A subscription provides you with authenticated and authorized access to Azure products and services. - An Azure subscription is a logical unit of Azure services that links to an Azure account, which is an identity in Azure Active Directory (Azure AD) or in a directory that Azure AD trusts. - An account can have one subscription or multiple subscriptions that have different billing models and to which you apply different access-management policies. - You can use Azure subscriptions to define boundaries around Azure products, services, and resources. 2 types of subscription boundaries: - Billing boundary: This subscription type determines how an Azure account is billed for using Azure - Access control boundary: Azure applies access-management policies at the subscription level, and you can create separate subscriptions to reflect different organizational structures. An example is that within a business, you have different departments to which you apply distinct Azure subscription policies. For example, you might choose to create additional subscriptions to separate: - Environments: When managing your resources, you can choose to create subscriptions to set up separate environments for development and testing, security, or to isolate data for compliance reasons. This design is particularly useful because resource access control occurs at the subscription level. - Organizational structures: You can create subscriptions to reflect different organizational structures. For example, you could limit a team to lower-cost resources, while allowing the IT department a full range. This design allows you to manage and control access to the resources that users provision within each subscription. - Billing: You might want to also create additional subscriptions for billing purposes. Because costs are first aggregated at the subscription level, you might want to create subscriptions to manage and track costs based on your needs. For instance, you might want to create one subscription for your production workloads and another subscription for your development and testing workloads. - Subscription limits: Subscriptions are bound to some hard limitations. For example, the maximum number of Azure ExpressRoute circuits per subscription is 10. Those limits should be considered as you create subscriptions on your account. If there's a need to go over those limits in particular scenarios, you might need additional subscriptions. Note:If you have multiple subscriptions, you can organize them into invoice sections. Each invoice section is a line item on the invoice that shows the charges incurred that month. For example, you might need a single invoice for your organization but want to organize charges by department, team, or project. ------- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - Azure management groups -- -- -- -- -- -- -- -- -- Azure management groups provide a level of scope above subscriptions. You organize subscriptions into containers called management groups and apply your governance conditions to the management groups All subscriptions within a management group automatically inherit the conditions applied to the management group. You can build a flexible structure of management groups and subscriptions to organize your resources into a hierarchy for unified policy and access management You can create a hierarchy that applies a policy. For example, you could limit VM locations to the US West Region in a group called Production. This policy will inherit onto all the Enterprise Agreement subscriptions that are descendants of that management group and will apply to all VMs under those subscriptions. This security policy can't be altered by the resource or subscription owner, which allows for improved governance. ##Important facts about management groups -10,000 management groups can be supported in a single directory. -A management group tree can support up to six levels of depth. This limit doesn't include the root level or the subscription level. - Each management group and subscription can support only one parent. - Each management group can have many children. - All subscriptions and management groups are within a single hierarchy in each directory. TODO: https://docs.microsoft.com/en-us/learn/modules/azure-storage-fundamentals/ TODO: https://docs.microsoft.com/en-us/learn/modules/azure-compute-fundamentals/ TODO: https://docs.microsoft.com/en-us/learn/modules/azure-database-fundamentals/