Lesson 1: Benefits/considerations of Cloud

High Availability, Scalability, Elasticity, Agility, Fault Tolerance, and Disaster Recovery, economies of scale,
describe the differences between Capital Expenditure (CapEx) and Operational Expenditure (OpEx),
describe the consumption-based model
Lesson 2: Cloud Models
Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS)
Lesson 3: Public, Private and Hybrid Cloud
Public, Private and Hybrid cloud models
Lesson 4: Core Azure Architectural components
Regions, Availability Zones , Resource Groups , Azure Resource Manager, the benefits and usage of core
Azure architectural components
Lesson 5: Core Azure Products
Compute -Virtual Machines, Virtual Machine Scale Sets, App Services, Azure Container Instances (ACI) and
Azure Kubernetes Service (AKS)
Networking - Virtual Network, Load Balancer, VPN Gateway, Application Gateway and Content Delivery
Network
Storage - Blob Storage, Disk Storage, File Storage, and Archive Storage
Databases - Cosmos DB, Azure SQL Database, Azure Database for MySQL, Azure Database for PostgreSQL,
Azure Database Migration service
Azure Marketplace and its usage scenarios
Lesson 6: Some solutions available in Azure
Internet of Things (IoT) - IoT Hub and IoT Central
Big Data and Analytics - Azure Synapse Analytics, HDInsight, and Azure Databricks
Artificial Intelligence (AI) - Azure Machine Learning Service and Studio
Serverless computing - Azure Functions, Logic Apps, and Event Grid
DevOps solutions - Azure DevOps and Azure DevTest Labs
The benefits and outcomes of using Azure solutions
Lesson 7: Azure management tools
Azure tools - Azure Portal, Azure PowerShell, Azure CLI and Cloud Shell, Azure Advisor
Lesson 8: Securing Network connectivity
Network Security Groups (NSG), Application Security Groups (ASG), User Defined Rules (UDR), Azure
Firewall, and Azure DDoS Protection, Choose an appropriate Azure security solution
Lesson 9: Core Azure Identity Service
Authentication and authorization, Azure Active Directory, Azure Multi-Factor Authentication
Lesson 10: Security tools and features of Azure
Azure Security Center, Azure Security Center usage scenarios, Key Vault, Azure Information Protection
(AIP), Azure Advanced Threat Protection (ATP)
Lesson 11: Azure Governance Methodologies
Policies and initiatives with Azure Policy, Role-Based Access Control (RBAC), Locks, Azure Advisor security
assistance, Azure Blueprints
Lesson 12: Monitoring and reporting options in Azure
Azure Monitor, Azure Service Health, use cases and benefits of Azure Monitor and Azure Service Health
Lesson 13: Understand Privacy, Compliance, and Data Protection Standards in Azure
industry compliance terms such as GDPR, ISO and NIST, Microsoft Privacy Statement, Trust center, Service
Trust Portal, Compliance Manager, if Azure is compliant for a business need, Azure Government cloud
services, Azure China cloud services
Lesson 14: Azure subscriptions
 Azure Subscription, the uses and options with Azure subscriptions such access control and offer types,
describe subscription management using Management groups
Lesson 15: Planning and management of cost
 options for purchasing Azure products and services  describe options around Azure Free account 
describe the factors affecting costs such as resource types, services, locations, ingress and egress traffic 
describe Zones for billing purposes  describe the Pricing calculator  describe the Total Cost of Ownership
(TCO) calculator  describe best practices for minimizing Azure costs such as performing cost analysis,
creating spending limits and quotas, using tags to identify cost owners, using Azure reservations and using
Azure Advisor recommendations  describe Azure Cost Management
Lesson 16:  Support Options Available in Azure
 Understand describe support plans that are available such as Developer, Standard, Professional Direct and Premier  Understand
describe how to open a support ticket  Understand describe available support channels outside of support plan channels  describe
the Knowledge Center
Lesson 17: Azure Service Level Agreements.
 Describe a Service Level Agreement (SLA)  describe Composite SLAs  describe how to determine an
appropriate SLA for an application
Lesson 18: understand service life cycle
 Describe Public and Private Preview features  describe the term General Availability (GA)  describe
how to monitor feature updates and product changes

Cloud Computing:
Cloud computing is renting resources, like storage space or CPU cycles, on another company's computers. You only
pay for what you use. The company providing these services is referred to as a cloud provider. Some example
providers are Microsoft, Amazon, and Google.

Cloud computing is the delivery of computing services over the Internet using a pay-as-you-go pricing
model. Put another way; it's a way to rent compute power and storage from someone else's data center.

 Renting Resources vs purchasing hardware

 Run your applications in some else datacenter
 Pay for what you use
 CP- responsible for physical hardware + facilities
Module- 1 – Understand Cloud Concepts
Lesson 1: Benefits/considerations of Cloud

 High availability- resources are up and running, SLA is there from CP

 Scalability- Scale up= add more powerful resource, adding more CPUs, or adding more memory
e.g. more CPU = vertical scaling OPP scale down ,
Scale out =add more similar resource = horizontal scaling OPP scale in
In Azure, you can scale automatically by configuring Auto-Scale.
 Elasticity- add/remove resources as per the requirement
Earlier- Static Scaling // in cloud- elastic scaling
 Agility- ability to move quickly and easily.
  Fault Tolerance- CP monitor and react to unhealthy resources. CP replace unhealthy VMs with
healthy one. Automatically
 In case of larger impacts, large natural disaster, BCDR plan(Business continuity & Disaster
Recovery)
Disaster recovery- Disaster recovery not only means having reliable backups of important data,
but it also means that the cloud infrastructure can replicate your application’s resources in an
unaffected region so that your data is safe and your application’s availability isn’t impacted

Economic benefits

 CapEx- investment in purchasing physical hardware, systems everything to run business (server,
storage, repair, network, cable, backup archive, Datacenter and disaster recovery )
Vs OpEx- Only paying operational cost, monthly basis, no upfront cost. (Server lease cost,
software and features lease, cost scaling)
 Economies of scale- Buy more, pay less. Cloud providers are in profit, they pass that to the
customers. , Local government deals
 consumption-based model= use only the resources which you need, use low then pay low

Lesson 2: Cloud Models

 IaaS, PaaS, SaaS

 IaaS- More control of Infrastructure, more responsibility to users, e.g. VM
We choose OS
Configuration, Maintenance and patching – user responsibility
If something in my company breaks, I have to fix
E.g. Migrating VM from organization to cloud,
 PaaS- we develop and host applications here
Manage configuration of applications – user responsibility
E.g. Azure App service
If code of my app causes any issue, it is my responsibility, not Microsoft’s.
 SaaS
CP has the largest responsibility
Usually accessed through web browser
E.g. skype, Office 365 – accessing office 365 mailbox in google chrome browser
Pay as you go

IaaS-
Compute - Virtual Machines, containers
Storage –Blob, Queue, File, Disks
Networking – Virtual Network, Load balancer, DNS, Express Route, Traffic Manager, VPN
gateway , App Gateway

Pass
Database- almost all in PaaS
Compute- VM Scale set, Container service, Batch, Remote App
Application Platform, media & CDN, Data, Intelligence, Analytics and IoT
 All expect IaaS comes here

Lesson 3: Public, Private and Hybrid Cloud

Public Private Hybrid

 Shared infrastructure  Dedicated to one single  Mixture of private and
provided by CP company public
 Multi-tenant  Single- tenant
 Can be in premise as well
as with 3rd party CP
Benefits : Benefits : Benefits
 High Agility  Agility  Keep some systems on
 Quick deployment  Private Network premise
 Easy Management  Access without internet  Better support for
 Cost control also legacy systems
 No capex cost  Control cost(if 3rd party )  control over data and
 No maintenance of  Complete security control infrastructure
hardware required for user  continue to use your
equipment and
investments already
made

Drawbacks: Drawbacks: Drawbacks :

 Security and regulatory  If infrastructure is owned,  Technically complex to
requirements cost much higher connect systems
 Some loss of flexibility  No effective control  Compatibility of data
access to data (if 3rd party  Additional IT expertise
) is required
 High skillset required  Complicated to
 Have to wait after maintain and setup
purchasing for the  More expensive
provisioning process
 Datacenter management
Eg- Azure, AWS, GCP You create cloud like
environment in your own
datacenter
Complete control over all
resources, can support legacy
scenarios

Module 2: Core Azure Services

Lesson 4: Core Azure Architectural components

 Geography- logical boundary that Microsoft has defined and they are often defined as the
border of a country.
 In every Geography- there are 2 or more regions
 Region-Logical boundary but much more localized than Geography
GeographyRegion Availability zones (1 or 3)  Availability zones consist of DC
Regions are separated with each other, few 100 kilometers far.
Region- where your resources are located
 Total 60+ regions, available in 140 countries
In each region, Microsoft have built datacenters –pic->

Purpose - For Disaster recovery – Replicate data in multiple regions.

Region Pair- They are 2 region within same geography – if Microsoft is doing maintenance in
datacenter, they are only updating one region at a time.

 Availability Zones- Designed to protect applications from datacenter failure

 One Region –3 Availability Zones (wherever available )
 Each availability Zones contains one or more datacenter
 Microsoft guarantees SLA of 99.99% uptime if 2 VM deployed in 2 or more availability zones.
Purpose - maximum availability
 2 kind of services in Availability Zones
Zonal Services: Azure VM are deployed into Availability Zones explicitly
Zone redundant services: SQL server Databases, they are not deployed explicitly, just specify
that you want zone redundant and Microsoft will take care of that.
 Resource Groups: A container that holds related resources for an Azure solution.
Logical container for azure resources. Help in resource management.
Better way to manage cost- we can see cost if entire resource group inside azure portal.
You apply tags to your Azure resources, resource groups, and subscriptions. Tag seems like price
Tag on items in shopping mall.
One box – Resource group- inside that box? Put Web App, Virtual Machine, and database
Benefit- Easy de-provisioning, security boundary (RBAC), Apply policies

 Azure Resource Manager (ARM): It is a service runs on Azure and it is responsible for all the
interactions with Azure services.
ARM- Azure Resource Manager is the deployment and management service for Azure. It
provides a management layer that enables you to create, update, and delete resources in your
Azure account.
Deploying and manage large number of related azure services- Arm
ARM is a service that runs in Azure and responsible for all the interaction with Azure services.

Easy to redeploy with ARM template.

Resources -> Resource Group -> make one image / Template formed, we can redeploy this.
Use when similar deployment required in another region

Resources- Individual Management item available to you in Azure

 Resource Group- Container where you can house your resource for management
Resource provider- provider of service you can deploy in Azure. E.g. Microsoft.Compute,
Microsoft.Storage
ARM template – Files used to define resources you wish to deploy a resource group
Quick start templates provided by Microsoft
ARM Template File: Describe the configuration of your infrastructure via a JSON file
ARM template parameter file, deployment strips (PowerShell for deployment)
ARM template constructs – parameters, variables, resources, outputs

Lesson 5: Core Azure Products

Azure Compute Products:

Azure compute products allow us to easily and dynamically allocate resources that might be needed for
computing any task.

Some products- Azure Virtual Machine, Virtual Machine Scale Sets, Azure App Service, Service
fabric, Azure Kubernetes Service, Azure Container Instances, Azure functions, Azure Batches

 Azure Virtual Machine- Most common compute service

Structure of computer- CPU, memory, Disk -> hardware -> OS -> users install Application
Virtual machine- CPU, memory, Disk -> hardware -> Hypervisor -> multiple OS -> there different
apps installed on different OS
Every separate OS+ Apps = Virtual machines
VM types:

(A)Basic- testing and deployment

(A)Standard – General Purpose VM
(B) Burstable- burst full capacity of CPU when needed
(D) General Purpose – for enterprise applications
(E) Memory optimized – High memory to CPU core ratio
(f) CPU optimized – High CPU core to memory ratio
(G) Godzilla – Very large instances, ideal for large databases and big data use cases
H, L, M, N
VM specialization:
S- Premium storage option available
M- Large memory configuration of Instance Type
R- Supports remote direct memory access (RDMA)

Deployment of VM takes around one-two minutes (#demo seen)

Connect to VM- 1. Download RDP file from www.portal.azure.com 2. Through PowerShell
Another feature of VM- helps you with fault tolerance – called as Availability Sets
 Availability sets help us in both 2 situations- if unexpected, fault occurred in hardware/ planned
update required in machine. They have 2 logical containers – Fault Domains and Update
Domains
Fault Domains – designed to protect you from hardware issues/power issues within the physical
rack
Update Domain- Protect from downtime due to reboot (reboot of Host computer or VM).

Availability zones vs availability sets-

Azure Availability sets are used to place your VMs in the different Fault Domains and Update
domains but in the same Data Center. Hence 99.95 % SLA.
Availability Zones- Virtual Machines are in different physical locations within an Azure Region. ...
Availability zones offer 99.99% SLA

Sets – same datacenter – different hosts / racks but same datacenter

We can choose Zones but cannot choose in the case of Sets
Virtual Machine Scale Set: Azure virtual machine scale sets let you create and manage a group
of identical, load balanced VMs. The number of VM instances can automatically increase or
decrease in response to demand or a defined schedule. 

 Containers –
 Containers provide a consistent, isolated execution environment for applications. They're
similar to VMs except they don't require a guest operating system. Instead, the application and
all its dependencies is packaged into a "container" and then a standard runtime environment is
used to execute the app. This allows the container to start up in just a few seconds, because
there's no OS to boot and initialize. You only need the app to launch
 Standardized packaging for software and dependencies
If you want to deploy complex application running in the cloud, you need to store database
components and other dependencies, you have to configure all the settings, make sure all the
things are right and working correctly
What happens when you want to deploy the same application in other VM?
We have to repeat the all action again and again and we have to be careful we are doing exactly
the same things what we did first time.
Containers make such deployment much easier.
In example- Docker container, one of the most used container runtime
How it works? You create an image, it is zipped image if your application.
And that image contains – Operating system, the application itself, necessary modules,
database, webserver and its configuration, website and anything else will be zipped if that
application requires
In Azure, container are supported in Azure Kubernetes Service, Azure App Service, Azure
Container Instance, Azure Virtual Machine
Works on Linux and windows server
Allows separate apps to share same OS kernel

Container vs Virtual Machine

Virtual machine- Hardware+ Hypervisor -> multiple OS -> there different apps with different OS
Container – Server ->OS -> Docker -> Multiple Apps

Azure Container Instance, Containers are becoming the preferred way to package, deploy, and
manage cloud applications. Azure Container Instances offers the fastest and simplest way to run
a container in Azure, without having to manage any virtual machines and without having to
adopt a higher-level service.
Azure Container Instances is a great solution for any scenario that can operate in isolated
containers, including simple applications, task automation, and build jobs.

Azure Kubernetes Service: AKS is an open-source fully managed container orchestration service
that became available in June 2018 and is available on the Microsoft Azure public cloud that can
be used to deploy, scale and manage Docker containers and container-based applications in a
cluster environment.
Azure Kubernetes Service offers provisioning, scaling, and upgrades of resources as per
requirement or demand without any downtime in the Kubernetes cluster and the best thing
about AKS is that you don’t require deep knowledge and expertise in container orchestration to
manage AKS.

Azure App services – Web Apps, Mobile Apps, Logic Apps, API Apps

Web Apps-
 Formerly ‘websites’
 Build and host apps with various programming languages
 Auto scalable
 Highly available
 DevOps features

Mobile Apps
 Build a mobile device backend
 Auto scalable
 Highly available
 Build native apps for iOS, android, windows, cross-core platform apps
 Benefit- Share same App service deployments to reduce run rates

Logic Apps
 Automate business processes and workflows
 Use the orchestration engine to build a solution
Examples:
 Every time your app calls an API to do some task
 Routinely ingest data from a storage blob or external SaaS- based service
 Regularly check tweets or #SLACK messages from a specific account (social media)
 API Apps
 Allow us to create, consume and call APIs
 Option to use APIs you create
 Could also be from external API service

Security features of Azure App Service

 Features run on isolated VM
 ISO, SOC and PCI compliant
 Fully integrated Azure active directory
 Managed service identity
 Support custom domains, SSL/TLS, including custom certificates using wildcards or
subject alternate name
 Support multiple authentication protocols: OAuth, OpenID, and Microsoft Azure
Directory
 Integrates with Web Application Firewall (WAF)

DevOps Features: CI/CD support, IDE Tool Integration, deployment slots

Pricing tier for App Service Plan

Free, shared – they runs on shared compute resources, no scale out

Basic, Dedicated, Premium, Isolated – They have dedicated compute resources

App Service Environment

 Fully isolated environment

 For high-performing apps- high CPU and/or memory
 Individual or multiple services plan
 2 ways to deploy: Internal or External
 Created in a subnet of a VNet, which achieves isolation.
 Notes: Many takes a few hours to spin up

Azure Serverless Computing: doesn’t mean we are not using servers, it means No need to managing
servers, infrastructures by us. Let’s you run application code without creating, configuring, or
maintaining a server. 

Serverless computing lets you run application code without creating, configuring, or maintaining a
server. The core idea is that your application is broken into separate functions that run when triggered by
some action. This is ideal for automated tasks - for example, you can build a Serverless process that
automatically sends an email confirmation after a customer makes an online purchase.

 Fully managed service

 Only Pay for what you use
 Flexibility to scale, as needed
 Stitch together applications and services seamlessly

Azure Serverless computing Services

 Azure Functions – Serverless, trigger based code / supports multiple programming language,
Pay per use,
Logic Apps – drag and drop Serverless workflows / Uses connectors, triggers, and actions.
(Connectors- connect logic app with other service, trigger- tell the logic apps when it should
start the workflow, actions- what to do when triggers get fired)
If else like situation. Visualize, design, build, and automate
Event grid – in case of multiple triggers, multiple events

The Serverless model differs from VMs and containers in that you only pay for the processing time used
by each function as it executes. VMs and containers are charged while they're running - even if the
applications on them are idle. 

Azure Networking Products:

An Azure Virtual Network (VNet) is a representation of your own network in the cloud.

VNet-> then subnets inside VNet -> and then machines inside the subnets
Subnets within Vnet can route to each other
Core Vnet Capabilities:
 Isolation
 Internet Access
 Azure resources (VM, cloud services)
 Vnet connectivity
 On premises connectivity
 Traffic filter
 Routing

Key points

 Primary building block for Azure Networking

 Private network in Azure based on az address space prefix
 Creates subnets on your Vnet with your IP ranges
 Bring your own DNS or use Azure-provided DNS
 Choose to connect the network to on-premises or the internet.

Web, Middle and Data Tier- here Web tier is only exposed to the internet
Azure Virtual Network- segment my network into subnets.
Each tier will have public IP address. To prevent this, solution -> Azure Load balancer
Now users will be able to see the public IP which will belong to Load balancer.
Azure Load balancer will divide the traffic and users will not be able to know which VM is
providing service.
If user want to access particular VM, based on particular service advance of load balancing
solution is Azure Application gateway.
Azure Load Balancer-
  Works at layer 4- transport layer of OSI Model
 Service monitoring (about unhealthy server in backend)
 Automated Reconfiguration
 Hash based distribution
 Internal and Public Options
Azure Application gateway
 Works at layer 7 (Application layer)
 Cookie bases session affinity
 SSL offload
 End to End SSL
 Web Application Firewall
 Requires its own subnet

VPN Gateway-> It connects Azure resources to On-premises resources using encrypted VPN
tunnel.

VPN Gateway connection types/ also called Hybrid connectivity (cloud to on premise)
 Site-to-Site VPN (S2S)- Connects VNet to single on-premises location/ connection your
datacenter via VPN with Azure
 Point-to-site VPN (P2S) - connects one on-premises client to your VNet
 Vnet to Vnet- connect two Azure vNets to each other.
Azure Content Delivery Network (CDN)
 Delivers large files or streaming content over Internet
 Caches file in multiple geographic locations
 Stores files in a point-of-presence (POP) server (often called edge servers)
 Content on edge servers has a time-to-live (TTL) property. TTL- It tells the server how
long to keep that cache copy of that content.
 User -> Edge -> Source where data is present
 Offerings – Standard Akamai, Standard Verizon, premium Verizon
Azure Traffic manager
It is designed to increase the speed and reliability of the application. We configure endpoint
Azure Traffic Manager is a DNS-based traffic load balancer that enables you to distribute traffic
optimally to services across global Azure regions, while providing high availability and
responsiveness.
Priority – traffic sent to priority endpoint, but backup endpoints available in case of primary
outage.
Weighted- Traffic distributed across endpoints. Distribution is even by default and can be
controlled by specifying weights
Performance – Uses network with lowest network latency
Geographic – routed based on locations of DNS server
Multivalued – Returns all endpoints using specific IP protocol version, either IPV4 or IPV6
Subnet- Routed based on end-user IP address range.
Hybrid connectivity

 Site-to-Site VPN (S2S)- connection your datacenter via VPN with Azure
 Connection over IPsec/IKE VPN tunnel
 Required a VPN device in datacenter that has public IP address assigned to it
 Must not be located behind NAT
 S2S connections can be used for cross-premises and hybrid configurations
 Multi-site – Multiple office to Azure via VPN
 Virtual Network Point-to-site A point-to-site VPN also allows you to create a secure
connection from your Windows-based computer to your virtual network without having
to deploy any special software. 
 Secure connection from an individual computer. Great for remote worker situations
 No need for a VPN device or public IP. Connect whatever has an internet connection
 OS Supports- windows 8,9,10, Windows server 2008, 12
 Throughput up to 100 Mbps
 Don’t scale easily so useful for few workstations.
 ExpressRoute lets you create private connections between Azure datacenters and
infrastructure that’s on your premises or in a co-location environment.
 Dedicated circuit between us and Azure
 Steps
Our network -> We choose a partner to work with (Partner Edge) -> they connect to
Azure
Benefits- connectivity via partner to Microsoft, connectivity in all regions, global
connectivity –express route premium add-on, dynamic routing (BGP) – industry
standard, built in redundancy,

 Azure supports the following types of peering:

Virtual network peering: Connect virtual networks within the same Azure region.
Global virtual network peering: Connecting virtual networks across Azure regions.

Azure Storage Products:

They are the products storing data that an application uses.

Types of storage products –

 Blob storage
 Queue storage
 Disk storage
 Azure File storage

Blob storage:
 Blob- binary large object.
 Stores unstructured data (text, images, audio, video, documents)
 Items stored are called as Blob
 Blob types- Block Blob, Append blobs, page blobs
Block blob- ideal for storing text and binary files max 4.75 TB
Page blob- efficient for read/write operations, used by Azure VMs, Max 8 TB
Append blobs- they are optimized for append operations (e.g. logs) When you modify
an append blob, blocks are added to the end of the blob only, via the Append
Block operation. Updating or deleting of existing blocks is not supported.
 Blobs are organized in containers (one container for images, another for video etc)
Pricing Tier
 Hot – Maximum storage cost, lowest access cost
 Cold – Normal storage cost, normal access cost
 Archive- Least storage cost, highest access cost.
 Access quickly in Hot and Cool, but not in Archive

Queue storage
 Cloud based message queue , reliable mechanism for storing and delivering message for
applications
 Keep track of long running operations, or perform complex multi-step operations in
specific order
 Asynchronous processing millions of messaging upto 64 KB
 Access protected by Azure active Directory or a shared key
 Applications access Queue storage using API

Disk Storage
 VM uses disks as a place to store an operating system, applications, and data in Azure.
All virtual machines have at least two disks- a Windows operating system disk and a
temporary disk. Both the operating system disk and the image are virtual hard disks
(VHDs) stored in an Azure storage account. The VHDs used in Azure is .vhd files stored as
page blobs in a standard or premium storage account in Azure. 
 Used to store disk images used in Azure VMs
 Persistent temporary storage for Azure VMs
 Lift and shift of machines from on-premises
 Available in standard HDD and standard, premium SDD
 Disk storage are stored under Azure Blob storage.
Two kinds
1. Unmanaged disk for your storage account
2. Managed disks- Microsoft manages the account for you.

Azure Files Storage

It is an SMB based file storage.
 Azure file storage mainly can be used if we want to have a shared drive between two
servers or across users. In that case, we will go for Azure file storage.
  Cloud based disk space without overhead of a VM
 Uses standard SMB to mount the Disk
 Can be accessed by cloud-based or on-premises computers
 Slower file access from on-premises to the cloud
 Azure File Sync can be installed on-premises
 Sync files in Azure Files with on-premises server
 Easy way to create file shares- word, excel etc.

Azure Table Storage

 NoSQL key-value store
 Schema less design
 Structured or unstructured data
 Access using OData protocol and LINQ queries WCF data service .NET libraries.

Block Blobs: For large objects that doesn't use random read and write operations. e. g.
Pictures Page Blobs: Optimized for random read and write operations. e. g. VHD
Append Blobs: Optimized for append operations. e. g. Logs

Azure Database Products:

Types of data: structured, semi-structured, and unstructured

Structured data:

 They adheres to schema

 All the data has same field and properties
 Stored in a database table with rows and columns
 Relies on keys to indicate how one row in a table relates to data in another row of
another table.
 Referred to as ‘relational data’
 E.g. SQL Server database

Semi structured data

 Doesn’t fit neatly into tables, rows and columns

 Uses tags or keys to organize and provide a hierarchy for the data
 Often referred to as NoSQL or non-relational data

Unstructured Data

 No designated structure
  No restrictions on the kind of data it can hold
 Example, a blob can hold a PDF, JPEG, JSON, videos etc.
 Enterprises are struggling to manage and tap into the insights from their unstructured
data.

Azure SQL Database: relational database made up of tables of data, they have schema, and data which
user enters much comply with schema

Single database – SQL Server database managed by Microsoft. It has 2 models- DTU and V core

Key features

 Predictable performance- measured in DTU- database throughput units.

 High compatibility
 Simplified management
Three tiers- Basic, standard and premium

Three different deployment models: Single database, elastic pool, managed instance

Elastic Pool-

 More than one databases, all managed by same server

 Geared towards SaaS offering
 Multiple (or single) users assigned to their own database
 Databases can be easily moved into and out of the pool.
 Charged for resource usage of the pool, not individual databases.

Managed instances

 Designed for lift and shift scenario

 More compatible with legacy workloads
 Database Migration Service (DMS) available for ease of migration :
 DMS requires either VPN or a service such as Express Route

Azure database for MySQL

 Fully managed MySQL database as a service.

 Pay-as-you-go pricing
 Automatic backups
 Enterprise-grade security and compliance
 Easily scalable in seconds
 Supports commonly used open source tools.

Azure Cosmos DB

 NoSQL database system offering many database API.

 They are not relational database , they don’t have schema
  Key advantage- It has ability to easily scale up and replicate databases globally using
Turnkey Global distribution
 Schema-less data
 For applications with constantly changing data and schema,

Azure Database Migration service

 Azure Database Migration Service is a fully managed service designed to enable

seamless migrations from multiple database sources to Azure data platforms with
minimal downtime 
 Offline Migration: Application downtime starts when the migration starts
 Online Migration: downtime is limited to time cut over at the end of the migration.

Azure Marketplace:

 Many existing ARM templates available inside azure portal

 The Marketplace is the premier destination for all your software needs - certified and
optimized to run on Azure.
 An online applications and services marketplace with over 8000 listings
 Offers technical solution and services from Microsoft and partners that are designed to
extend Azure products and services
 Discover, try and buy cloud software solutions built in for Azure

Lesson 6: Some solutions available in Azure

Internet of Things (IoT)

 Every devices that have internet connectivity – car, camera, refrigerator, water sensor
for farming, temperature and humidity sensors in air conditioning units.
 Devices usually have sensors and they are connected to internet
 Collection of Microsoft managed cloud services focused on connecting, monitoring and
controlling IoT assets.
Azure IoT Hub
 It is PaaS offering
 It manages the communication between your applications and devices.
 Secure handling of messages to and from devices
 Supports virtually all IoT devices at scale (up to 1,000,000 devices in a single IoT Hub)
 Easy management of devices.

Azure IoT Central

 It is SaaS offering
 This solution help you connect and manage your devices
 No azure resource required
 Pay as you go pricing based on the number of devices
  Many templates available for applications. (pre-configured templates)

IoT Solution Accelerators

 Complete ready to deploy solutions that implement common IoT scenarios

Big Data and Analytics

Big data – More data that you can analyze through conventional means within a desired timeframe.

Kinds- Azure SQL Data warehouse, Azure data lake Storage, Azure HDInsight

Azure SQL Data warehouse

 Designed for relational data
 Cloud based Enterprise Data Warehouse (EDW) that uses massive parallel processing
(MPP) to run complex queries across petabytes of data
 Data is encrypted and secured
 Easily scalable to control costs
 Two performance tiers- Gen1 , Gen2
 Azure Synapse (SQL Data warehouse) is an analytics service that brings together
enterprise data warehousing and Big Data analytics. It gives you the freedom to query
data on your terms, using either Serverless on-demand or provisioned resources—at
scale. Azure Synapse brings these two worlds together with a unified experience to
ingest, prepare, manage, and serve data for immediate BI and machine learning needs.

Azure Data lake storage

 Not relational data, it simplifies big data
 Data stored in Containers
 Enables multi-modal storage
 Not usually suitable for presenting data to people
 Billing – similar to Azure Blob storage
Azure HDInsight
 To perform analysis on big data
 Microsoft’s managed Hadoop service
 Also supports- HBase, Storm, spark, R Server, Kafka
 Clustered computers for analytics
 Scenarios – batch Processing (ETL), Data warehousing
 Billed per hour basis

Azure Databricks
 Azure Databricks is an Apache Spark-based analytics platform optimized for the
Microsoft Azure cloud services platform. Designed with the founders of Apache Spark,
Databricks is integrated with Azure to provide one-click setup, streamlined workflows,
and an interactive workspace that enables collaboration between data scientists, data
engineers, and business analysts.
Artificial intelligence

 AI uses digital neutral network

 2most common method – Natural Language Processing and Machine learning
 NLP- computer’s ability to understand human speech
 Machine learning – image and pattern recognition
 All relies on ‘Big Data’
Azure cognitive service
 Computer Vision- (for recognizing face, text, handwriting & images)
 Microsoft speech (for recognizing translating speech)
 Language understanding intelligent Service (LUIS)- understand speech and take action
on it
 Azure search and Bing Search
ML frameworks
 ONNX
 Pytorch
 TensorFlow
 Sci-Kit Learn
Azure databricks
 Accumulate, organize, and form data for a ML model
 Data can be organized, visualized, and documented in notebooks
 Databricks uses the Databricks Runtime for ML, but you can also use the third-party ML
tools.
 Once a model is developed, it can be exported (productionalized)
MLeap
Databricks ML Model Export

Azure Machine learning- It is a data science technique that allows computers to use
existing data to forecast future behaviors, outcomes and trends. By using ML,
computers learn without explicitly programmed.
Azure Machine Learning service
 It provides cloud based solution for building machine learning models. Prep data, train,
test, deploy, manage and track machine learning models
 Uses python to build ML models.
 Unlike databricks, build databricks on-premises and upload for ML modeling
 Models are trained in a cluster
 Models can be exported as a Docker image or FPGA (Field Programmable Gate Arrays)
image
Azure Machine Learning studio
 SaaS solution
 Web bases, drag and drop environment
 Uses pre-built ML components, including sample datasets.
 Models can be exported to a web service

Azure DevOps:
 DevOps (development and operations) is an enterprise software development phrase
used to mean a type of agile relationship between development and IT operations. The
goal of DevOps is to change and improve the relationship by advocating better
communication and collaboration between these two business units.
 Azure DevOps provides developer services to support teams to plan work, collaborate
on code development, and build and deploy applications. Developers can work in the
cloud using Azure DevOps Services or on-premises using Azure DevOps Server. Azure
DevOps Server was formerly named Visual Studio Team Foundation Server (TFS).
 Azure DevTest Labs enables developers on teams to efficiently self-manage virtual
machines (VMs) and PaaS resources without waiting for approvals.
DevTest Labs creates labs consisting of pre-configured bases or Azure Resource
Manager templates. These have all the necessary tools and software that you can use to
create environments. You can create environments in a few minutes, as opposed to
hours or days.

Lesson 7: Azure management tools

The Azure Portal

 Web based management portal
 Build, manage and monitor every Azure resource in a single, unified console
 Fully customizable
 Portal.azure.com
Azure PowerShell
 PowerShell AZ Module for Azure
 Set of PowerShell cmdlets for managing azure resources
 Cross platform for windows, mac OS or Linux
Azure CLI
 Command line interface for managing Azure resources
 Can be scripted
 Cross platform
Azure Advisor
 Ensures your resources are configured for high availability, efficiency (performance) and
security
 Personalized cloud consultant that helps you follow best practices to optimize your
Azure deployments
 It gives recommendations – what to implement to address the recommendation.

Module 3 Understand Security, Privacy, Compliance and Trust

Lesson 8: Securing Network connectivity

 Azure Firewall: To protect virtual network from outside attack, use rues to determine if
traffic is allowed. All traffic goes through the firewall, used when application exposes a
public IP address
Managed, cloud-based network security service that protects the Azure virtual network
resources.
 Uses below rules to determine if traffic is allowed:
a. Network address translation rules (NAT) - forward traffic from firewall to specific
device on network.
b. Network rules- allows traffic on specific IP Address and ports.
c. Application Rules – uses specific applications/ specific domains
 Rule order controlled by priority
 Traffic that doesn’t match a rule is blocked.
 Azure firewall is Stateful firewall (Stateless firewalls watch network traffic and restrict or
block packets based on source and destination addresses or other static values. Stateful
firewalls can watch traffic streams from end to end. )
 Billed- 1.25 dollar hour + 3 cents per GB

Azure DDoS: helps in protecting from DDoS attack

 Two tiers: Basic and Standard
 Basic- Free, both for ipv4 and ipv6, no reporting, automatic
 Standard- Paid, only for ipv6 traffic, uses Machine learning to profile network traffic

Network Security Groups (NSG)

 Uses inbound and outbound rules to control the traffic that goes around the network. ,
used to control the flow of network traffic
 Rules can use a specific IP Address or an IP range.
 Can be associated with a subnet or a network interface
 Uses a flow record to store set of connections
 Can also use service tags.

Application Security Group (ASG) 

 Application Security Groups helps to manage the security of Virtual Machines by
grouping them according the applications that runs on them. It is a feature that allows
the application-centric use of Network Security Groups
 Azure Security Groups allow us to define fine-grained network security policies based on
workloads, centralized on applications, instead of explicit IP addresses.
 ASGs provide the capability of grouping the VMs with monikers and secure our
applications by filtering traffic.
 By implementing granular security traffic controls, we can improve isolation of
workloads and can protect them individually
 User Defined Routing or UDR is a significant update to Azure’s Virtual Networks as this
allows network admins to control the routing tables between subnets within a subnet as
well as between VNets thereby allowing for greater control over network traffic flow.

Lesson 9: Core Azure Identity Service

Azure Active Directory

 Identity?
 Authentication - Who you are
 Authorization – what you can do- permissions
 It is cloud based identity service for authentication and authorization
 Core components- users, roles, Groups etc.

Multifactor authentication
 Something you know- username and password- single factor
 Something you have, such as mobile device
 Something you are, e.g. Fingerprint
 Azure MFA- only available in Azure premium plan
 Enabled per user

Lesson 10: Security tools and features of Azure

Azure Security Center

 Single portal for monitoring and managing security of your Azure resources
 Centralized policy management
 Continuous security assessment
 ‘Security center Agent’ allows for on-premises resources.
 Two tiers of service-
 Free- VM and App Service only
 Standard VM, App Service, SQL Databases, MySQL, PostgreSQL, and blob storage.

Azure Key Vault

 Solution for secure storage of secrets, keys and certificates
 Encrypt and safeguard authentication keys, storage account keys, data encryption keys,
certificates and passwords.
 Encrypted, even Microsoft has no visibility of that encryption keys.
 Two tiers- Standard and premium tier
 In premium- access keys stored in HSMs. (hardware security modules)
 Required FIPS 140-2 compliance

Azure Information protection

 Protect emails and office documents
 Emails and Docs- classified for protection
 Cloud based solution that helps organizations classify documents and email.
 Manually or automatically classify sensitive data using 80+ built-in data types (credit
card, ID, SSN, etc)

Azure Advance threat protection

 Attack happening on on-premises devices/ mobile devices
 Uses analytics and ML – determine what is normal or not normal
 Cloud-based security solution that identifies, detects and helps you investigate
advanced threats, compromised identities and malicious insider actions.
 Built-in advanced threat detection using data from Azure Active directory, Azure
Monitor logs, Azure security center

Lesson 11: Azure Governance Methodologies

Azure policy
 Define and enforce rules for resource creation, assign and management
 Used to enforce governance
 Uses policies to define rules.
 Policies can be assigned to management groups, subscriptions or resource groups and
are inherited downwards.
 Policies can be audited or applied to resource
 Various effect-
Audit- if this policy is not complied with, a warning will be logged so that I will be aware
of it.
Append- add additional properties to a resource
AuditIfNotExists – logs a warning if a specific resource type doesn’t already exists.
Deny- denies the create or update operation.
DeployIfnotExists- Automatically deploy a specific resource type if it doesn’t already
exist.
Disabled: a policy is not in effect.

Role based access control (RBAC)

Four principles:
 Security principal- represents identity – e.g. user, group, applications
 Role – how the security principal interact with azure resources
 Scope – level at which role is applied
 Role assignment- assigning a role to a security principle
Common built in roles
 Owner – full access , can delegate access to others
 Contributor- create and manage, but don’t give RBAC to other security principal
 Reader- only to see- view option
- Applies within resource group

Locks
 Prevents changes or deletion of Azure resources
 Extra layer of protection
 Unlike RBAC, locks applies to all users
 Lock type-
ReadOnly - Read (only read but not modify) only and CANNOTDELETE - delete (can
modify restrict from deleting)

Azure Advisor
 Best-practices analyzer for Azure resources
 Helps ensure high availability, performance, security, and control of cost.
 This integrates with azure security center to provide better governance of security
concerns

Azure Blueprints
 Just as a blueprint allows an engineer or an architect to sketch a project's design
parameters, Azure Blueprints enables cloud architects and central information
technology groups to define a repeatable set of Azure resources that implements and
adheres to an organization's standards, patterns, and requirements. Azure Blueprints
makes it possible for development teams to rapidly build and stand up new
environments with trust they're building within organizational compliance with a set of
built-in components, such as networking, to speed up development and delivery.
 Blueprints are a declarative way to orchestrate the deployment of various resource
templates and other artifacts such as:
 Role Assignments
 Policy Assignments
 Azure Resource Manager templates
 Resource Groups

Lesson 12: Monitoring and reporting options in Azure

Azure Monitor
 Being able to monitor your Azure resources is important
 Azure monitor makes it easy to monitor the azure resources
 All your metrics for Azure resources at single place
 Alerts make it easy to keep people informed

Azure Health Services

 View current status of all Azure services in all regions
 Can be scoped to just your resources

Lesson 13: Understand Privacy, Compliance, and Data Protection Standards in Azure
 Microsoft Privacy Statement
It’s about data
 Personal data that Microsoft collects and how Microsoft uses it
 Reasons why Microsoft share personal data e.g. required by aw
 How to access and control your data collected by Microsoft
 How Microsoft use cookies
 Data that’s shared when you use Microsoft account with 3 rd parties
 Specifies about Microsoft’s securing of data, where it’s processed and retention policies

Microsoft trust Center

 Learn about Microsoft approach to security, privacy and compliance
 Website with up-to-date information
 Web portal- web portal, Microsoft commitment to trust.
 It provides information

Service Trust Portal

 Web-based portal for access to compliance tools
 Access to compliance Manager, Audit Report, Data Protection Information and privacy
tools.
 It provides tolls and all. e.g. compliance manager

Compliance manager
 View and manage compliance
 Determine who’s responsible for compliance areas.
 Various industry standards-

Azure government
 For US Govt. requirements
 Only accessible by Microsoft employees who are US citizens and are screened
 Completely isolated datacenters and EXPRESSROUTE locations
 Also available for city and municipal governments
 Portal address- portal.azure.us
 A subset of datacenters are compliant with DoD impact level 5 provisional Authorization

Azure Germany
 Distinct cloud system designed to meet requirements mandated by European Union
 Available for EU customers, the European Free Trade Association and UK customers
 Datacenters physically located in Germany
 Operated under strict security measures enforced by T-Systems International
 Microsoft only involved in managing systems with no access to customers data.

Azure China cloud services

 Microsoft Azure operated by 21Vianet (Azure China) is a physically separated instance of
cloud services located in China. It's independently operated and transacted by Shanghai
Blue Cloud Technology Co., Ltd. ("BlueCloud"), a wholly owned subsidiary of Beijing
21Vianet Broadband Data Center Co., Ltd. ("21Vianet").

Module 4: Azure Pricing, Service Level Agreements, and Lifecycles

Lesson 14: Azure subscriptions

Azure subscriptions:
 An Azure Account is a unique global entity that gives you an access to your Azure
subscription
 In each of your subscription, you can manage resources using resource group.
 Highest level azure resource
 Each subscription has a unique subscription ID
 Subscriptions have limits (Quota)
Azure subscriptions- Uses and Options
 An Azure subscription is created for you when you first sign up for Azure.
 But you can also create additional subscriptions, and this is useful in cases where you
want to separate expenses. 
Several subscription types:
 Free
 Pay as you go
 Pay as you go Dev/test

Lesson 15: Planning and management of cost

- Options for purchasing Azure products and services:

Purchase directly from Microsoft: created on demand, invoiced each month, support
provided by Microsoft, enterprise agreements also available

Purchase from Microsoft Cloud solution partner (CSP): Purchase an entire cloud
solution, work with CSP to manage deployments, support provided by partner

- Azure Free Account

 Available to new Azure customers
 12 months of free access to popular services
 200$ credit- 30 day period

- Factors affecting cost

 Meters are assigned to specific resource
 Plan how you purchase resources e.g. what king of agreement
 Some regions cost more than others.
 - Understand Zones
 Zone 1 – US, Europe, Canada, UK, France
 Zone 2- Asia pacific, Japan, Australia. India, Korea
 Zone 3- Brazil
 Zone 4: - Germany

- Pricing calculator
Estimate of expenses
 Type of products, where the product is deployed, other factors

- Total cost of ownership (TCO Calculator)

 Estimates of cost savings by moving to the cloud
 Uses on-premises expense data accumulated by Microsoft over many years of
experience
 Includes detailed chart of expense saving
 Total cost on-premises vs total cost on Azure

- Minimizing Azure cost

 Plan carefully
 Buy only what you need
 Fully utilize resources
 Use tags for internal accountability
 Carefully choose your purchase options
 Use the pricing calculator and TCO calculator
 Monitor usage carefully and TCO calculator
 Monitor usage carefully and adjust as needed
 Use Azure Advisor
 Use Serverless where it makes sense

- Azure Cost management

 Analyze cost at granular level
 Create budgets to control costs
 Configure alerts
 Accessed via Cost management + Billing in the portal

Lesson 16:  Support Options Available in Azure

- Support Plans

Terminologies

 Business hours (weekdays,9 am to 5 pm, north America 6 am to 6 pm)

 Severity A case- production app completely down
  Severity B case- production app moderately impacted
 Severity C case- minimal impact

Plans types

 Basic- limited free support

 Developer- free trial and non- production
 Standard – production applications
 Professional Direct- business critical applications
 Premier – Contracted support

SLA – how soon you will be contacted by Microsoft

- Open support case

 From portal. Search support

- Support channels outside of support plan

 MSDN Forum- community based forum, by Microsoft
 Stack overflow- community based forum, by 3rd party

- Knowledge center
 Website where you can get answers to common questions about Microsoft Azure
products and services. 

Lesson 17: Azure Service Level Agreements.

- Service Level Agreements.

 Establish target for availability
 Generally above 99%
 Highest- 99.999 (5 nine)
 Typical- 99.9
 Claim within 2 months of billing cycle

- SLA for particular product

Lesson 18: understand service life cycle

- Preview offerings before they are generally released

- Private preview:
 No (or reduced) SLA and at reduced cost
 For small no of customers- by invitation
 Only subset of features
 Not for production use
 Special portal link

- Public preview:
 Open to all users
 Usually after fully-functional or close to it
 No (or reduced) SLA and at reduced cost
 Not for production use
 Within azure portal

- General Availability (GA)

 Service or features reaches quality and availability bar

 Fully supported
 SLA available
 May have to recreate resources created during preview
 GA may not happen in all geographies at same time

The End

- Azure Subscription Overview-

Azure account Hierarchy-
 Enterprise (ea.azure.com) -> Department -> Accounts (account.azure.com) ->
Subscriptions (portal.azure.com) -> resource group -> resources
 One to many relationships

- Domain Services Overview
Azure AD (AAD)
 Modern AD service – for cloud
 Can sync with on premises directory service
 Often the same O365 directory service.

Active directory domain services (ADDS)

 Legacy AD since Windows 2000
 Traditional
 Deployed on Windows OS usually on VMs

Azure Active directory domain services (AADDS)

 Provides managed domain services
 Allows you to consume domain services without the need to patch and maintain domain
controllers on IaaS
 Domain Join, Group policy, LDAP, Kerberos, NTLM; all supported
 - Azure Active Directory
Features:
 Enterprise Identity solution
 Single sign on
 Multi factor authentication
 Self service

- RBAC

Create Users, apps, groups

Roles

- Write – put post patch delete

- Read- get
- Each tenant can have 2000 roles

Inbound data transfers

(i.e. data going into Azure data centers): Free
Outbound- charges
gg

Ddd

dddd

Cc
Ss

ff
Ff

Ff

1. Why private cloud and private cloud vs keeping resources in data center
2. Storage- comes under IaaS or PaaS