AZ-104 Microsoft Azure Administrator Study Notes
Manage Azure identities and governance
Implement and manage storage
Azure blobs
- Provides object storage for the cloud
- Optimised to support massive amounts of unstructured data
- Unstructured data is data that does not fit a specific model e.g. text and binary data
- Typically used for images/videos , documents which could be used on websites.
- Also good for streaming videos/audio
- Storing of log files, archive or backup data
- Can be accessed using HTTP or HTTPS
- Can be accessed using Azture Storage, PowerShell, Azure CLI, JAJA, PHP, .NET
- The storage account creates a unique namespace that you use to access the data, like http://mystorage.blob.core.windows.net
- Containers in the blob storage are used to organise the blobs within the account (think of them like directories). You can create a unlimited number of containers and a container can store an unlimited number of blobs
- Container names muust be lowercase
- Blobs are the files, so image001.jpg would be considered a blob
- There are 3 types of blobs that are supported:
- Block blobs
- These can contain up to about 190.7TiB of text and dinary data
- They are called block bloba as they can be managed individually
- Append blobs
- Similar to block bloba however they are optimised for append operations
- This makes append blobs a good choice for logging data from virtaul machines
- Page blobs
- Used to storage random access files up to 8TiB in size
- You would typically use page blobks to store VHD files which would serve as disks for Azure virtual machines
- Block blobs
Azure files
- Fully managed file share system available in the cloud
- You can access Azure files through SMB protocol
- You can mount file shares from Windows, Linux and MacOS machines that reside both on-prem and in the cloud
- You can cache file shares on Windows servers, using the Azure file sync service
- Azure File AD Authentication allows Azure file share permissions to be controlled through on-prem active directories
- You can create as many file shares as required
- You can use PowerShell, Azure CLI, Azure portal and storage explorer to create, mount and manage Azure File shares
- Azure file share names have to be lowercase letters, numbers and hyphens
Azure queue storage
- Designed for storing large numbers of messages used in communications between the different components of the distributed application. These messages can be accessed from anywhere in the world through authenticated calls via HTTP or HTTPS.
- Each queue message can be up to 64KB in size
- A typical queue can contain millions of messages
- A queue name must be lowercase letters, number or hyphens
- A queue URL will be as follows https://<storage_account>.queue.core.windows.net/<queue_name>
Azure table storage
- This is intended for the storage of structured NoSQL data
- It offers a key/attribute store and a schema-less design
- Schema-less design allows you to more easily adapt data to the needs of your business or application
- You can have as many tables you need up to the limit of the storage itself
- Ideal for large amounts of data that does not contain complex joins, foreign keys or stored procedures. Non relational.
- The URL to access it will be as follows https://<storage_account>.table.core.windows.net/
- A table is just entities, it doesnt enforce a schema on these entities within it
- Entities are basically like a database ROW
- Each entity can be up to 1MB in size
- You can have up to 252 properties for each entity
- There are 3 system properties for each entity as well which are:
- A partition key
- A row key
- A timestamp
- Premium table experience is offered via Azure Cosmos DB which is a globally distributed database service
- Block level storage volumes
- These are used to provide storage capabilities for virtual machines
- A managed disk is much like a disk that you would see in an on-prem server only virtualised
- Available disk types are ultra disks, premium SSD disks, standard SSD disks and standard HDD disks
- Azure backup supports disk sizes up to 32TB
- You can use direct upload to transfer local VHD files to Azure managed disks
- There are two stypes of encryption you can use with managed disks:
- Server-side encryption (SS)
- This performed by the Azure storage service and is enabled by default for all managed disks
- This provides encryption at rest for your data
- This is also enabled by default for snapshots and images in regions where managed disks are available
- Azure disk encryption (ADE)
- Enabled on the OS and data disks of the VM
- On Windows vms disks are encrypted by BitLocker
- On Linux vms disks are encrypted using DM-crypt
- Server-side encryption (SS)
- There are 3 disk roles in Azure:
- Data
- Manage disks attached to a vm, used to store applications and other data
- When you attach the disk its registered as a SCSI drive
- Data disks have a max capacity as 32TB
- The number of managed disks you can attach to a vm depends on the size of the vm
- OS
- Simply hosts the vms operating system and boot volume
- Max capacity of an OS disk is 4TB
- Temp
- Every vm contains a temp disk
- Not a managed disk
- Host page files, swap files
- Data on these disks are lost in maint or if the vm is re deployed
- Temp disks are given the D:
- On Linux vms the temp disk is /dev/sdb/
- Data
- A container that houses all of your storage data objects
- All storage is encrypted
- Virtual machines using Premium SSDs for ALL of their disks qualify for a 99.9% SLA
- Zone redundant storage and Geo zone redundant storage are only available for:
- General-Purpose V2
- Block Blob Storage
- File Storage
- Storage account types:
- General-Purpose V2
- Basic account that can be used to host blobs, files, queues and tables
- Microsoft recommends using this account for more scenarios
- General-Purpose V1
- Can host blobs, files, queues and tables
- Can do the same as V2 but Microsoft recommend using V2, this means this V1 is probably going to go away in the near future
- Block Blob Storage
- Offers premium performance for block blobs and append blobs
- Typically used for situations where high transaction rates are in play
- Also good if the requirement is for low storage latency
- File Storage
- Files only storage accounts
- Feature high performance characteristics
- Microsoft recommends using for enterprise applications or high-performing applications
- Blob Storage
- A legacy account used for blob-storage only
- Microsoft recommend instead of using blob storage accounts to use General-Purpose V2
- General-Purpose V2
- SAS= Shared Access Signature. This gives access to resources in a storage account for a limited amount of time
- Hot:
- Frequently accessed data
- Storage costs are highest but access costs lowest
- Cool
- Infrequently accessed data
- Storage costs are lower but access costs are higher.
- You must also leave data in here for 30 days, if you remove it before then you will be charged a "early removal penalty"
- Archive
- For data that doesnt need to be accessed much like long term backups
- Storage costs lowest but highest access costs.
- To avoid early deletion penalty data must remain in this tier for 180 days.
- You also cannot access data right away, its offline storage meaning the data has to be redydrated before you can get to it. This process can take up to 15 hours.
- Life Cycle Management only works for General Purpose V2 accounts and blob storage accounts
Azure managed disks
Storage accounts
Azure Storage Tiers
Life Cycle Management
This is used to move data between tiers. An example would be to move data from hot to cool if it has not been accessed in XX days, then to move it from cool to achive if it then has not been access for another XX days.