George Plotnikov

Personal site and blog. Please feel free to contact me via the social networks below.

   

Azure outline

please visit the new revision of this article https://www.georgeplotnikov.com/azure-outline/

Content

Foundational Concepts

Why cloud?

Elements of the Cloud Computing Model

** Availability Zone - zone of availability inside the region A region is a set of Azure data centers in a named geographic location. Every Azure resource, including virtual machines, is assigned a region

Virtual Machines

Which Model is Best For Your Workload?

Things to Keep in Mind Regarding Azure VMs

Virtual Machine Resources

Scale refers to adding network bandwidth, memory, storage, or compute power to achieve better performance.

Scaling up, or vertical scaling, means to increase the memory, storage, or compute power on an existing virtual machine. For example, you can add additional memory to a web or database server to make it run faster.

Scaling out, or horizontal scaling, means to add extra virtual machines to power your application. For example, you might create many virtual machines configured in exactly the same way and use a load balancer to distribute work across them.

Azure Advisor and Azure Cost Management are two services that help you optimize cloud spend. You can use these services to identify where you’re using more than you need, and then scale back to the capacity you’re actually using.

Azure VMs base types

Type Sizes Description
General purpose Dsv3, Dv3, DSv2, Dv2, DS, D, Av2, A0-7 Balanced CPU-to-memory. Ideal for dev/test and small to medium applications and data solutions.
Compute optimized Fs, F High CPU-to-memory. Good for medium-traffic applications, network appliances, and batch processes.
Memory optimized Esv3, Ev3, M, GS, G, DSv2, DS, Dv2, D High memory-to-core. Great for relational databases, medium to large caches, and in-memory analytics.
Storage optimized Ls High disk throughput and IO. Ideal for big data, SQL, and NoSQL databases.
GPU optimized NV, NC Specialized VMs targeted for heavy graphic rendering and video editing.
High performance H, A8-11 Our most powerful CPU VMs with optional high-throughput network interfaces (RDMA).

Connect to Windows VMs

Connect to Linux VMs

Storage

Things to Keep in Mind Regarding Azure Storage for IaaS VMs

Azure Storage Types

Replication Options

Azure VM Disk Types

Azure Storage Account Types

Virtual Network Service Endpoints

Associate a storage account with a VNet Limit access to storage account from VNet NAT rules to support on-premises connection (NAT network address rules)

Host Caching

Host - is hardware host, HyperV VM

VM Configuration

Things to Keep in Mind Regarding Azure VMs Configuration

** to connect to an Azure-based VM that isn’t in your Active Directory domain add an entry to workstation’s Trusted Hosts list.

Scaling and High Availability

Things to Keep in Mind Regarding Scaling and High Availability

Azure Maintenance Events

Fault and Update Domains

** Availability set can be configured only when creating a VM workaround can be done via PS

VM scale set

** scale set

Scale set use cases

Load balancer

Application gateway

Traffic manager

Networking

Virtual Network (VNet) - is a communications and security boundary that enables Azure resources (virtual machines, storage accounts, App Services apps, Azure SQL Database instances) to communicate with each other securely.

When multiple VNets make sense

Virtual Private Network (VPN) - is a secure connection over an unsecure medium. Azure site-to-site VPNs use IPSec/IKE tunnels

VNet-to-VNet VPN

Ref

VNet-to-VNet VPN Points to Ponder

** for P2S and VNet-to-VNet VPN deploy route-based Azure VPN gateway

Network Peering - is a seamless connection between two Azure virtual networks. The peered networks appear as one, or connectivity purposes.

Inter-VNet troubleshooting tips

Troubleshooting

Things to Keep in Mind Regarding Networking

Public IP address SKUs

Azure VPN SKUs

Ref

  BANDWIDTH S2S TUNNELS P2S TUNNELS
Basic 100 Mbps Max 10 1-10: Included Max 128 1-128: Included
VpnGw1 650 Mbps Max 30 1-10: Included Max 128 1-128: Included
VpnGw2 1 Gbps Max 30 1-10: Included Max 128 1-128: Included
VpnGw3 1.25 Gbps Max 30 1-10: Included Max 128 1-128: Included

Name Resolution for Azure VNets

Azure VNet Design Best Practices

Network Security Groups

**(NSGs) **Software firewall object

VM IP addressing best practices

Security

Terminology

Asset - people, property, or information (databases, software, code, company records)

Threat - person or process that can exploit a vulnerability (intentionally or accidentally) to obtain, damage or destroy an asset

Vulnerability - weakness or gap in a security program that can be exploited by threats to gain unauthorized access to an asset

Risk - the potential for loss, damage, or destruction of an asset as a result of a threat exploiting a vulnerability

Access Concepts

Things to Keep in Mind Regarding Security

Protect the Storage Subsystem

Role based access control (RBAC)

regulating resource access based on job role. It is a granular, role-based resource access to users, groups, and applications.

Roles

Azure Resource Manager Policies

Data Plane Security

Encryption in Transit

Encryption at Rest

Storage Analytics

Firewall

Antimalware

Azure Security Center

Ref

Provides:

It monitors:

Has kind of alerts:

Notes:

ASC policy component

Ref

Consists of:

Azure activity log

** set up security center installs Microsoft Monitoring Agent to the VMs

Patch Management for Azure VMs

Monitoring

Three monitoring tiers

Ways to check Azure service status

Things to Keep in Mind Regarding Azure VM Monitoring

** Log analytics sets inside an OMS workspace which has a free tier option

Tools

Infrastructure provides

Analysing tools

Monitoring - A layer Approach

Telemetry - is an automated communications process by which measurements and other data are collected at remote or inaccessible points and transmitted to receiving equipment for monitoring.

Monitoring and Diagnostics Pipeline

Azure Monitor Components

Azure diagnostics data

Azure resource log

Monitoring - Questions of scale and intelligence

Log Analytics

Provides

Data sources

Log Analytics query syntax

The need for an alerting solution

Webhook - is a way for an app to provide other applications with real-time information. Also called a web callback or an HTTP push API. The payload is ordinarily JSON.

What can you do with Webhooks

Troubleshooting and support

Azure VM troubleshooting checklist

Cost management

How to buy azure services

Trial is not automatically converted Analyze resource usage Set billing alerts Consider spending limits

Azure SLA

Service-Level Agreement (SLA) - is an official commitment between a service provider and a customer.

Azure support plans

Managed disks

Storage account limits

Value proposition

video

Managed disks facts

Help and support

Azure support issue types