AZ-900 study notes: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
Line 103: | Line 103: | ||
* Azure Pipelines allows you to create continuous workflows to build, test and deploy code. | * Azure Pipelines allows you to create continuous workflows to build, test and deploy code. | ||
* Azure dev test labs allows you to spin up dev non prod environments, it allows admins to control costs by setting limits on how many vms can be deployed at once and ensuring vms are shut down when not in use. | * Azure dev test labs allows you to spin up dev non prod environments, it allows admins to control costs by setting limits on how many vms can be deployed at once and ensuring vms are shut down when not in use. | ||
* Free private Git repositories, configurable Kanban boards and extensive automated cloud based load testing | |||
* Formally known as Visual Studio Team Services | |||
* Azure DevTest Labs, quickly create on demand Windows and Linux environments to test or demo applications directly from deployment pipelines | |||
==Azure IoT== | ==Azure IoT== |
Revision as of 14:33, 29 March 2023
Storage
- Blob storage is a flat structure used for unstructured data (images, videos etc) and is normally used for large objects.
- Azure file storage and Azure Data Lake storage are hierarchical file storage similar to SMB shares, both of which you can do shares on
- Azure Queue Storage, A data store for queuing and reliably delivering messages between applications
- Azure Table Storage, Table storage is a server that stores non-relational structured data (also known as structured NoSQL data) in the cloud, providing a key/attribute store with schemaless design.
- LRS = Always 3 copies of the data but always in the same building
- ZRS = Always 3 copies of the data in the but in different zones
- GRS = Always 3 copies of the data, 3 in the primary region then 3 in another region
- GZRS = Always 3 copies of the data in the primary region over different zones then the same at the secondary region
- Premium only allows LRS and ZRS
- Azure File Sync allows you to sync on prem servers with an Azure share, the on prem servers never sync with each other, they all sync to the Azure share
- Azure File Sync you can add up to 100 on prem servers
- Azure Storage Explorer is a Windows app which allows you to browse Azure storage
- Azure Storage Browser is a Azure Portal that allows you to browse Azure storage.
- A storage account lives in a specific region
- A storage account comes in Std (general purpose v2) and prem (blobblocks, file shares, page blobs)
- Blob storage unstructured data types are adlgen2, hierarchical, page, page file storage)
- File storage types are smb/nfs shares
Connectivit/Networkingy
- Azure Express route is more expensive than a site to site VPN
- Azure Express route does not traverse the internet, it's a private connection
- One vnet cannot talk to another vnet unless you create a vnet peer. The peer can span regions and subscriptions.
- For a site to site vpn the "Local Network Gateway" is created in Azure but it refers to the IP address of the on prem router/VPN. The "Virtual Network Gateway" is also created in Azure but this refers to the Azure side of the VPN
- By default all virtual machines get outbound traffic to the internet
- You can divide a vnet up in to subnets and configure routes between them
- If you want inbound traffic from the internet to a vm you must assign a public IP to the vm
- Azure Load Balancer, balances inbound and outbound connections to applications or service endpoints
- Azure Application Gateway, optimizes app server farm delivery whilst increasing application security
- Policy based VPN does not support point to point VPN
- You always lose 5 IP addresses when you create a submet, Azure uses these for gateways, dns etc
- Subnets/vnets cannot span subscriptions
- Azure Traffic Manager can create copies of a website around the world in different regions so it servers the customer from the closest one to them speeding up response and giving them a better experience.
Subscriptions
- One subscription can have a max of 980 resource groups
- One subscription can have a max of 50 tags
- A subscription is a collection of resources
Azure Migrate
Azure Migrate discovers on prem servers both physical and virtual and also both on Hyper-V and vmWare, it then assess the machine and tells you if its ready to migrate to Azure.
It will tell you how big the vm will be, how much it will cost and any other dependent servers that will also need to be migrated.
It will also help you migrate SQL Servers, WebApps, Desktops and data.
Azure Container Instance
Allows you to run a container with a single command.
Azure Kubernetes
- Allows you to run multiple containers which is known as a container orchestrator
- Azure Kubernetes Service, Cluster management for VMs that run containerized services.
Azure Functions
- This is a serverless event driven offering, allowing for individual functions to run and you only pay for it when it gets used.
- Azure Functions run off code so you will need to write code to create the function
- Azure Functions are stateless
Billing
- A billing account is an agreement between you and Mircosoft that you are using Azure Services.
- CAPEX - Purchasing something up front, this normally refers to an on prem solution
- OPPEX - Purchasing resources or services as we use it, this normally refers to a cloud offering
Regions
- A region that supports availability zones has at least 3 datacenters, each datacenter is known as a zone.
- When viewing the Microsoft datacenter location map, if it has a diamond on it then that means it supports availability zones.
Cloudshell
- Cloudshell supports both powershell and bash
- The first time you run CloudShell it will ask you for permission to create a storage account that the CloudShell vm can us
Microsoft Defender For Cloud
- Previously known as Azure Security Center
Azure DataBox
These are basically a box (nas box) that gets sent to you, you copy your data to it and send it back to Azure and they ingest it in to Azure.
The sizes are:
- Azure Data box Disk = 8tb
- Azure data box = 80tb
- Azure data box heavy = 770tb
Management
- Every tennant has a root management level, you can add 6 levels of groups under this
- Management groups help to manage groups of subscriptions
Azure Monitor
- Azure Monitor is a collection of monitoring tools to keep an eye on everything.
- You can create alert rules for example when storage is running low then you can use an Action Rule to do something like send an email or sms etc
Azure Service Health
- This is in the Portal under Help & Support. It shows you health issues with Azure, upcoming maint work. You can also setup alerts to notify you if there are issues with things that will affect things you are running.
Azure Logic Apps
- Low or no code required
- These do something based on a trigger. So for example if a file is uploaded or a web request received it will do something. No code is required for this, its a logic drag and drop interface.
Availability Zones
- When deploying a vm in to an availability zone ensure each vm is in a different zone number
Azure Devops
- Helps devops build, test, create environments.
- Azure Pipelines allows you to create continuous workflows to build, test and deploy code.
- Azure dev test labs allows you to spin up dev non prod environments, it allows admins to control costs by setting limits on how many vms can be deployed at once and ensuring vms are shut down when not in use.
- Free private Git repositories, configurable Kanban boards and extensive automated cloud based load testing
- Formally known as Visual Studio Team Services
- Azure DevTest Labs, quickly create on demand Windows and Linux environments to test or demo applications directly from deployment pipelines
Azure IoT
- Azure IoT central allows you to connect to thermostats, alarms etc. It is a fully managed sas solution. It allows you to create IoT applications without writing any code. It allows you to connect, monitor and manage IoT.
- IoT Hub allows you to integrate your applications with devices, this is where the IoT devices connect in via. It provides secure communications between millions of IoT devices.
- Azure Sphere makes your IoT devices more secure. Which includes certified chips, Azure sphere operating system and Azure sphere security service which adds a layer of security to IoT devices. Sphere prevents bad things being sent to IoT devices and vice versa.
- IoT Edge is a fully managed service that allows data analysis models to be pushed directly onto IoT devices, which allows them to react quickly to state changes without needing to consult cloud based AI models
Azure backup
- Azure backup can backup both Azure and on prem machine
Azure Advisor
- Azure Advisor can suggest how to improve, solution and reduce cost on your environment. For example point out over provisioned machines and suggest a smaller more cost effective machine, it also suggests security recommendations.
Analytics
- Azure HDInsight is older, supports haddop, spark, hive and storm)
- Azure DataBricks is more user friendly and easier to manage than HDInsights and Azure Synapse Analytics. It supports all previously supported version but also Spark
- Azure Synapse Analytics, Fully managed data warehouse with integral security at every level of scale at no extra cost.
Azure CDN
- Azure CDN caches most freq content around the world so users will get it from the nearest server to them
Databases
- Azure Cosmos DB, globally distributed database that supports NoSQL option
- Azure SQL Database, fully managed relational database with auto-scale, integral intelligence and robust security
- Azure Database for MySQL, fully managed and scabled MySQL, relational database with high availability and security
- Azure database for PostgreSQL, fully managed and scalable PostgreSQL relational database with high availability and security
- SQL Server on Azure Virtual machines, service that hosts enterprise SQL server apps in the cloud
- Azure Database Migration Service, a service that migrates database to the cloud with no application code changes
- Azure Database for MariaDB, fully managed and scalable MariaDB relational database with high availability and security
- IAAS, storage, network, computer and hypervisor is all looked after by the provider (azure) os runtime and application layer is down to the customer
- PAAS, Customer is just responsible for the application and data
- SAAS, for example something like office365, no exchange servers or exchange just the email service. This is all down to the provider.
Azure DDos Protection
- Protecs Azure hosted application from distributed denial of server attacks
Azure Network Watcher
- Monitors and diagnoses network issues by using scenario based analysis
Azure Firewall
- Implements high security, high availability firewall with unlimited scalability
AI
- Azure Machine Learning Service, allows you to develop, train, test, deploy, manage and track machine learning models. It can auto generate a model and auto tune it for you. You can start on your local machine then scale out to the cloud.
- Azure ML Studio, Collaborative visual workspace where you can build and deploy machine learning solutions by using prebuilt machine learning algorithms and data handling models.
Misc
- Azure resource locks can prevent accidental deletion or modification of an Azure resource. Even an administrator cannot delete it if the lock is in place, the lock will need to be deleted first then the resource deleted.
- Microsoft has Azur datacenters in every continent apart from Antarctica
- If a virtual machine has a public IP address, if the vm is stopped/deallocated it will release the public ip address
- Availability set = Services spread over different racks in the same zone
- Availability zone = Services spread over different zones (dc's) in the same region
- Something can only be in 1 resource group
- You cannot put a resource group in another resource group
- AKS = Azure Kubernetes Service is for management, automation and orchestration of containers
- A Azure spot instance is something (vm) you can run at very low cost but it can be shutdown by Microsoft in 30 seconds is resource is needed. So you should not run anything critical on it.
- Azure Cache for Redis, fully managed service which caches frequently used and static data to reduce data and application latency