Azure is a Microsoft cloud service. In on-premise you have to manage everything like server, hardware, OS and application, where as in Azure, place Application in cloud and rest all services will taken by cloud itself. Cloud has its own data centers.
This helps developers to build, deploy and manage applications through the global network of Azure data centers. Azure provides cloud services that can be used to design and implement your customized cloud solution and infrastructure. They allow us to migrate on-premises data center to azure cloud; deploy cloud based applications; host workload in the azure cloud; integrate azure cloud services with on-premises infrastructure. These cloud services can be categorized as Compute, Network, Data and storage, App services, Identity and access management, Automation, Security, Availability etc…
Azure as IaaS (Infrastructure as a Service)
IaaS is required when we want to have complete control on applications.
Users can access, manage and monitor data centers which gives complete control of OS and application platform stack to the developers. The virtual machine can be completely modified as per business need. IaaS facilitates design time portability, means application can be migrated to Azure without any rework. IaaS allows quick transition of services to cloud, which helps vendors to render their services to clients easily.
Azure as PaaS (Platform as a Service)
We get platform to develop and deploy applications without thinking about hardware and infrastructure. PaaS itself takes care of OS, servers and networking issues.
Features of PaaS:
→ Fast – Less hassle for developers and applications can be deployed from idea to availability more quickly
→ Cost Effective – Less investment
→ Lowers Rick – Since platform is upto date with latest technology stack and tools for automation.
Azure as SaaS (Software as a Service)
SaaS allows users to connect and use cloud based apps over the internet. Ex: office365
SaaS customers use the software, running on the providers infrastructure. SaaS also referred as software delivered over the web.
→ Gained access to sophisticated enterprise applications
→ Pay only for what you use
→ Use free client software
→ Mobilize your workforce easily
→ Access app data from anywhere using web
Azure is backed by a ‘global network of data centers’ which aims to meet global customer needs and also ensures high application performance and availability.
Azure can be accessed and managed through:
→ Azure classic portal – This was the first portal in Azure that was being used before Azure Resource Manager (ARM). It was based on the Service Management Model (SMM) and provides limited ‘Role Based Access Control’ (RBAC) support.
→ Azure ARM portal (Azure Resource Manager) – This is the default portal for Azure cloud services management. It supports features like Template based deployments; ‘Role Based Access Control’ (RBAC) support; Customized dashboards to view key resources;
→ Client tools like: Powershell; Azure CLI; Visual studio with Azure SDK for .Net. For teams that want to ‘perform service management in an automated fashion’ by using REST API and creating scripts for repetitive or cumbersome administrative tasks, Azure offers options like; a) Azure Power Shell modules: to run scripts from windows
b) Azure Command Line Interface (CLI): to run scripts on all operating systems like Windows, iOS and Linux
Azure Network Services
It offers the foundation for developing hybrid cloud solutions with the help of following essential resources
• Azure Virtual Network – Isolated network within Azure cloud
• Azure Traffic Manager – Controls how user traffic is distributed between geographies in cloud services
• Name Resolution Services – For internal hostname resolution in a cloud service
• Azure Express Route – Extends on-premises network into virtual network
• Application Gateway – Acts as a reverse-proxy service, terminating the client connection and forwarding requests to back-end endpoints. This works at Application layer.
Virtual Network (VNet)
Constitutes a ‘logical boundary defined by a private IP address space’. The IP address space can be distributed into one or more subnets. This makes it functionally equivalent to on-premises networks. VNets are similar to AWS VPC (Amazon Web Services Virtual Private Cloud). VNet offers various networking features like DNS, routing, DHCP blocks, access control, VPN.
• Allows to connect cloud services to our on-premises datacenter securely.
• On-premises connectivity – Allows to set up a virtual lab in the cloud by enabling connectivity to on-premises resources with the help of point-to-site and site-to-site VPN connections.
• Its also acts like a DHCP server, which allows configuring DNS server.
• Isolation – They are isolated from one another. Means we can have different VNets for development, testing and PROD which uses same CIDR address blocks.
• Internet Connectivity – By default, all Azure Virtual Machines (VM) and cloud services role instances are connected to VNet and have access to internet
• VNet Connectivity – To establish connection between VNets, VNet to VNet gateway need to be configured
• Azure resource connectivity – Azure resources such as cloud services and VM’s can be connected to the same VNet. Even the resources are on separate sub nets they can be connected to each other using private IP addresses. Azure offers default routing between VNets, Subnets and on-premises networks. This avoids the need to configure and manage routes.
• Traffic filtering – Cloud services and VM’s traffic can be filtered by source IP address and port, destination IP address and port and protocol.
• Routing – Allows user defined routes and BGP routes
• Load balancing and traffic direction – Load balances traffic to servers
Subnets – A subnet is a range of IP address in the VNet. VNet can be divided into multiple subnets for organization and security. Also we can configure VNet routing tables and NSG (Network Security Groups) to a subnet.
IP Address – Two types of IP address can be assigned to Azure resource
i) Public IP Address: Used for internet or public facing communication
ii) Private IP Address: Used for communication within a VNet and when using VPN gateway or ExpressRoute
Both these Public and Private IP Addresses can be assigned through DHCP
Network Security Groups – NSG’s allow or deny traffic to either a network interface or a subnet. By default the inbound and outbound rules include an ‘implied deny all’. NSG’s are stateful means they check TCP sequence numbers along with checking if the connection is already established.
Load Balancing – We have three different Azure Load Balancing solutions
|Azure Traffic Manager||Azure Load Balancer||Azure Application Gateway|
|DNS is used to route traffic to the necessary destination.||Performs L4 load balancing within a virtual network||Performs L7 load balancing|
|The three destination selection methods are failover, performance and round robin||Currently only supports round robin distribution||Supports HTTP request based load balancing, SSL Termination and cookie-based persistence.|
DNS name resolution – Default and support for custom DNS
Routing Tables – Azure provides user defined routes and forced tunneling methods.
Intersite Connectivity – Methods
|Traffic is secured between two VPN gateways using IPSEC/ IKE||User connects to Azure via VPN client and traffic is encrypted using TLS (Transport Layer Security)||Traffic is secured between two Virtaul networks using IPSEC/ IKE||It provides a dedicated peered connection into Azure|
|Connects an on-premises network and all its computers to a VNet||Connects a single computer to a VNet||VPN can be used to connect two or more Azure VNets. Such connections are termed as VNet-to-VNet VPN's||An ExpressRoute connection is a dedicated server that does not connect to the Internet. By using ExpressRoute, you can increase security, reliability, and bandwidth.|
1) Which Azure networking component is the core unit from which administrators can have full control over IP address assignments, name resolution, security settings, and routing rules? — Virtual Networks (VNets)
2) When should you use a static IP address? — DNS Server
3) Which connection configuration offers faster speeds, higher security, lower latencies and higher reliability? — Express Route
4) ExpressRoute connections enable access to the — All of the mentioned (MS Azure Services + MS Office 365 services + MS Dynamics)
5) Microsoft uses industry standard which dynamic routing protocol to exchange routes between your on-premises network, your instances in Azure, and Microsoft public addresses. — EGP
6) What is used to route the traffic between virtual machines inside your private virtual network. — Azure Internal Load Balancers
7) A subnet is a range of IP addresses in a — VNet
8) Default Private IP address allocation method is — Dynamic
Azure Compute Services
Provides the processing power for running cloud applications. This support applications that have a substantial number of simultaneous users.
Resource Groups: Containers that are automatically created for VM’s, DB’s and other assets. They are used to monitor, control access, provision and manage billing for collections of assets.
• All the resources in a group should share the same life cycle. i.e. deploy, update and delete.
• If a resource needs to exist on a different deployment cycle then that resource should be in another resource group.
• A resource can exist only in one resource group. It can be added, moved or deleted from a resource group at any time.
• A RG can include resources that reside in different regions.
• A RG can be used to control access.
• A resource can interact with other resources in different RG’s.
A general purpose computing environment that lets you to create, deploy and manage VM’s.
Different ways to create Azure VM:
i) Azure CLI
ii) Azure Portal
iii) Azure Powershell
iv) Resource Manager Template
iii) Dv2 series
iv) DS, DSv2, GS series
• Availability Set: Azure places VMs into a logical grouping called Availability set.
• The VM size determines the number of — Nic
• Azure supports both .vhd and .vhdx file formats for Virtual Machines — False
• You can estimate costs you will incur on Azure by using which tool? — Pricing Calculator
• Which of the following Windows Server roles is not supported on Azure Virtual Machines? — Hyper-v
• The smallest recommended virtual machine size in Azure for a production environment is: –A1
• Which of the following helps Azure maintain high availability and fault tolerance when deploying and upgrading applications. — Availability Set
• To how many resource groups can a resource be added? — 1
• Most types of resource can be moved to a different resource group at — anytime
• You need to deploy a virtual machine on Azure with a low memory entry level requirement. Which virtual machine sizes should you consider choosing? — Basic A0 – A4
Azure Database Services
→ Relational Database Services
→ SQL Data Warehouse
→ Azure Redis Cache
• Data lake store is known as “Highly Scalable Apache Hadoop file system” that can be used for enterprise-wide big data analytics workloads. It has unlimited storage, store data in native format, massive read throughput and can be accessed from Hadoop using webHDFS.
• Cosmos DB: Supports global distribution and horizontal scale. It extends the idea of index-free database system.
Azure Virtual Machines only support VM’s running Microsoft Windows operating system. — False
Which connection configuration offers faster speeds, higher security, lower latencies and higher reliability? — ExpressRoute
Geo-replication is enabled by default in Windows Azure Storage. — Yes
Which of the following are methods Traffic Manager uses to pick endpoints? –All the options mentioned
The connection between storage and Microsoft’s CDN (Content Delivery Network) is stated to be at least _______ percent available. — 99.9
What VPN types are supported by Azure? — All the options
Which of the following services allow creation and management of virtual machines that serve either in a Web role and a Worker role? — Compute
What is the format of an Azure Resource Template? — JSON
In which type of Storage replication, data is not replicated across multiple datacenters? — Locally Redundant Storage(LRS)
The smallest recommended virtual machine size in Azure for a production environments is ____. — A1
A subnet is a range of IP addresses in a __________. — Vnet
Is it possible to create a custom Domain name, or use your organizations domain name, such as fresco.com, in Azure Active Directory? — True
In which operating system, we can use Azure PowerShell? — All the options mentioned
Which Azure networking component is the core unit, from which administrators can have full control over IP address assignments, name resolution, security settings and routing rules? — Virtual Networks
To delegate administrative tasks for specific resource groups in Azure which functionality should be used? — Role based access control
What VM series should you consider, if you want host applications that require high-performance IO for persisted data? — DS Series
Which of the following helps Azure maintain high availability and fault tolerance when deploying and upgrading applications? — Availability Set
Which of the following Windows Server roles is not supported on Azure Virtual Machines? — Hyper-V
Which of the following web applications can be deployed with Azure? — All the options mentioned
Which type of storage offering uses SSDs and is intended for use with Virtual machines? — Standard