AZ-900 study notes: Difference between revisions

Storage

• Blob storage is a flat structure used for unstructured data (images, videos etc) and is normally used for large objects.
• Azure file storage and Azure Data Lake storage are hierarchical file storage similar to SMB shares, both of which you can do shares on
• Azure Queue Storage, A data store for queuing and reliably delivering messages between applications
• Azure Table Storage, Table storage is a server that stores non-relational structured data (also known as structured NoSQL data) in the cloud, providing a key/attribute store with schemaless design.
• LRS = Always 3 copies of the data but always in the same building
• ZRS = Always 3 copies of the data in the but in different zones
• GRS = Always 3 copies of the data, 3 in the primary region then 3 in another region
• GZRS = Always 3 copies of the data in the primary region over different zones then the same at the secondary region
• Premium only allows LRS and ZRS
• Azure File Sync allows you to sync on prem servers with an Azure share, the on prem servers never sync with each other, they all sync to the Azure share
• Azure File Sync you can add up to 100 on prem servers
• Azure Storage Explorer is a Windows app which allows you to browse Azure storage
• Azure Storage Browser is a Azure Portal that allows you to browse Azure storage.
• A storage account lives in a specific region
• A storage account comes in Std (general purpose v2) and prem (blobblocks, file shares, page blobs)
• Blob storage unstructured data types are adlgen2, hierarchical, page, page file storage)
• File storage types are smb/nfs shares

Connectivit/Networkingy

• Azure Express route is more expensive than a site to site VPN
• Azure Express route does not traverse the internet, it's a private connection
• One vnet cannot talk to another vnet unless you create a vnet peer. The peer can span regions and subscriptions.
• For a site to site vpn the "Local Network Gateway" is created in Azure but it refers to the IP address of the on prem router/VPN. The "Virtual Network Gateway" is also created in Azure but this refers to the Azure side of the VPN
• By default all virtual machines get outbound traffic to the internet
• You can divide a vnet up in to subnets and configure routes between them
• If you want inbound traffic from the internet to a vm you must assign a public IP to the vm
• Azure Load Balancer, balances inbound and outbound connections to applications or service endpoints
• Azure Application Gateway, optimizes app server farm delivery whilst increasing application security
• Policy based VPN does not support point to point VPN
• You always lose 5 IP addresses when you create a submet, Azure uses these for gateways, dns etc

Subscriptions

• One subscription can have a max of 980 resource groups
• One subscription can have a max of 50 tags
• A subscription is a collection of resources

Azure Migrate

Azure Migrate discovers on prem servers both physical and virtual and also both on Hyper-V and vmWare, it then assess the machine and tells you if its ready to migrate to Azure.

It will tell you how big the vm will be, how much it will cost and any other dependent servers that will also need to be migrated.

It will also help you migrate SQL Servers, WebApps, Desktops and data.

Azure Container Instance

Allows you to run a container with a single command.

Azure Kubernetes

• Allows you to run multiple containers which is known as a container orchestrator
• Azure Kubernetes Service, Cluster management for VMs that run containerized services.

Azure Functions

This is a serverless offering, allowing for individual functions to run and you only pay for it when it gets used.

Billing

• A billing account is an agreement between you and Mircosoft that you are using Azure Services.
• CAPEX - Purchasing something up front, this normally refers to an on prem solution
• OPPEX - Purchasing resources or services as we use it, this normally refers to a cloud offering

Regions

• A region that supports availability zones has at least 3 datacenters, each datacenter is known as a zone.
• When viewing the Microsoft datacenter location map, if it has a diamond on it then that means it supports availability zones.

Cloudshell

• Cloudshell supports both powershell and bash
• The first time you run CloudShell it will ask you for permission to create a storage account that the CloudShell vm can us

Microsoft Defender For Cloud

• Previously known as Azure Security Center

Azure DataBox

These are basically a box (nas box) that gets sent to you, you copy your data to it and send it back to Azure and they ingest it in to Azure.

The sizes are:

• Azure Data box Disk = 8tb
• Azure data box = 80tb
• Azure data box heavy = 770tb

Misc

• Azure resource locks can prevent accidental deletion or modification of an Azure resource. Even an administrator cannot delete it if the lock is in place, the lock will need to be deleted first then the resource deleted.
• Microsoft has Azur datacenters in every continent apart from Antarctica
• If a virtual machine has a public IP address, if the vm is stopped/deallocated it will release the public ip address