AZ-104 Microsoft Azure Administrator Study Notes
https://learn.microsoft.com/en-us/certifications/exams/az-104/
Manage Azure identities and governance
Implement and manage storage
Azure blobs
- Provides object storage for the cloud
- Optimised to support massive amounts of unstructured data
- Unstructured data is data that does not fit a specific model e.g. text and binary data
- Typically used for images/videos , documents which could be used on websites.
- Also good for streaming videos/audio
- Storing of log files, archive or backup data
- Can be accessed using HTTP or HTTPS
- Can be accessed using Azture Storage, PowerShell, Azure CLI, JAJA, PHP, .NET
- The storage account creates a unique namespace that you use to access the data, like http://mystorage.blob.core.windows.net
- Containers in the blob storage are used to organise the blobs within the account (think of them like directories). You can create a unlimited number of containers and a container can store an unlimited number of blobs
- Container names muust be lowercase
- Blobs are the files, so image001.jpg would be considered a blob
- There are 3 types of blobs that are supported:
- Block blobs
- These can contain up to about 190.7TiB of text and dinary data
- They are called block bloba as they can be managed individually
- Append blobs
- Similar to block bloba however they are optimised for append operations
- This makes append blobs a good choice for logging data from virtaul machines
- Page blobs
- Used to storage random access files up to 8TiB in size
- You would typically use page blobks to store VHD files which would serve as disks for Azure virtual machines
- Block blobs
Azure files
- Fully managed file share system available in the cloud
- You can access Azure files through SMB protocol
- You can mount file shares from Windows, Linux and MacOS machines that reside both on-prem and in the cloud
- You can cache file shares on Windows servers, using the Azure file sync service
- Azure File AD Authentication allows Azure file share permissions to be controlled through on-prem active directories
- You can create as many file shares as required
- You can use PowerShell, Azure CLI, Azure portal and storage explorer to create, mount and manage Azure File shares
- Azure file share names have to be lowercase letters, numbers and hyphens
Azure queue storage
- Designed for storing large numbers of messages used in communications between the different components of the distributed application. These messages can be accessed from anywhere in the world through authenticated calls via HTTP or HTTPS.
- Each queue message can be up to 64KB in size
- A typical queue can contain millions of messages
- A queue name must be lowercase letters, number or hyphens
- A queue URL will be as follows https://<storage_account>.queue.core.windows.net/<queue_name>
Azure table storage
- This is intended for the storage of structured NoSQL data
- It offers a key/attribute store and a schema-less design
- Schema-less design allows you to more easily adapt data to the needs of your business or application
- You can have as many tables you need up to the limit of the storage itself
- Ideal for large amounts of data that does not contain complex joins, foreign keys or stored procedures. Non relational.
- The URL to access it will be as follows https://<storage_account>.table.core.windows.net/
- A table is just entities, it doesnt enforce a schema on these entities within it
- Entities are basically like a database ROW
- Each entity can be up to 1MB in size
- You can have up to 252 properties for each entity
- There are 3 system properties for each entity as well which are:
- A partition key
- A row key
- A timestamp
- Premium table experience is offered via Azure Cosmos DB which is a globally distributed database service
- Block level storage volumes
- These are used to provide storage capabilities for virtual machines
- A managed disk is much like a disk that you would see in an on-prem server only virtualised
- Available disk types are ultra disks, premium SSD disks, standard SSD disks and standard HDD disks
- Azure backup supports disk sizes up to 32TB
- You can use direct upload to transfer local VHD files to Azure managed disks
- There are two stypes of encryption you can use with managed disks:
- Server-side encryption (SS)
- This performed by the Azure storage service and is enabled by default for all managed disks
- This provides encryption at rest for your data
- This is also enabled by default for snapshots and images in regions where managed disks are available
- Azure disk encryption (ADE)
- Enabled on the OS and data disks of the VM
- On Windows vms disks are encrypted by BitLocker
- On Linux vms disks are encrypted using DM-crypt
- Server-side encryption (SS)
- There are 3 disk roles in Azure:
- Data
- Manage disks attached to a vm, used to store applications and other data
- When you attach the disk its registered as a SCSI drive
- Data disks have a max capacity as 32TB
- The number of managed disks you can attach to a vm depends on the size of the vm
- OS
- Simply hosts the vms operating system and boot volume
- Max capacity of an OS disk is 4TB
- Temp
- Every vm contains a temp disk
- Not a managed disk
- Host page files, swap files
- Data on these disks are lost in maint or if the vm is re deployed
- Temp disks are given the D:
- On Linux vms the temp disk is /dev/sdb/
- Data
- A container that houses all of your storage data objects
- All storage is encrypted
- Virtual machines using Premium SSDs for ALL of their disks qualify for a 99.9% SLA
- Zone redundant storage and Geo zone redundant storage are only available for:
- General-Purpose V2
- Block Blob Storage
- File Storage
- Storage account types:
- General-Purpose V2
- Basic account that can be used to host blobs, files, queues and tables
- Microsoft recommends using this account for more scenarios
- General-Purpose V1
- Can host blobs, files, queues and tables
- Can do the same as V2 but Microsoft recommend using V2, this means this V1 is probably going to go away in the near future
- Block Blob Storage
- Offers premium performance for block blobs and append blobs
- Typically used for situations where high transaction rates are in play
- Also good if the requirement is for low storage latency
- File Storage
- Files only storage accounts
- Feature high performance characteristics
- Microsoft recommends using for enterprise applications or high-performing applications
- Blob Storage
- A legacy account used for blob-storage only
- Microsoft recommend instead of using blob storage accounts to use General-Purpose V2
- General-Purpose V2
- SAS= Shared Access Signature. This gives access to resources in a storage account for a limited amount of time
- Hot:
- Frequently accessed data
- Storage costs are highest but access costs lowest
- Cool
- Infrequently accessed data
- Storage costs are lower but access costs are higher.
- You must also leave data in here for 30 days, if you remove it before then you will be charged a "early removal penalty"
- Archive
- For data that doesnt need to be accessed much like long term backups
- Storage costs lowest but highest access costs.
- To avoid early deletion penalty data must remain in this tier for 180 days.
- You also cannot access data right away, its offline storage meaning the data has to be redydrated before you can get to it. This process can take up to 15 hours.
- Life Cycle Management only works for General Purpose V2 accounts and blob storage accounts
- Life Cycle Management policies only run once a day, so it could take 24hrs from when you create the policy before anything happens
- If a vm is using unmanaged disks a storage account will be required
- If the vm is using managed disks a storage account is not required
- Reserved instances can be 1 or 3 years, this can get you 72% cheaper than pay-as-you-go
- Spot pricing uses unused compute capacity, can be up to 90% cheaper than pay-as-you-go however these can be shutdown, rebooted etc at short notice by Azure when that unused compute is needed
- Virtual machine options
- General purpose - Balanced CPU to MEM ratio
- Compute optimized - High CPU to MEM ratio
- Memory optimized - High MEM to core ratio
- Storage optimized - High disk throughput and IO
- GPU - Intended for heavy graphic and video rendering. Has dedicated GPUs
- High performance compute - Fastest and most powerfull CPU
- Virtual machine options
- When you deploy at least 2 machines in to an Availability set you qualify for a 99.95% uptime
- If you deploy a single vm in to an Availability set you still qualify for 99.95% uptime providing you use a premium SSD or ultra-disk for all the OS disks and data disks attached to the vm
- An Availability set contains 5 update domains by default, this can be increased to 20 in resource manager deployments
- An update domain is a group of hosts that can be updated and rebooted at the same time
- When updates or maint is performed by MS, only 1 update domain is rebooted at a time
- A fault domain is a group of hosts that share a common power source and network switch
- When virtual machines are added to a Availability set they are distributed across up to 3 different fault domains in a resource manage deplyment or across 2 domains in classic deployments
- When you deploy a vm to an availability zone they will be covered by a 99.99% uptime
- A scale set it a group of identical virtual machines
- It can be configured to automatically increase or decrease the vms instances
- A load balancer is generally used to point to the scale set and distribute the worklod to the nodes in the scale set
- In a scale set all virtual machines os is all created from the one base config meaning you can update/manage the virtual machines in the scaleset easily
- A scale set with load balancer allows you to do layer 4 traffic rules
- A scale set with Azure Application Gateway allows you to do layer 7 traffic rules with SSL termination
- A scale set can support 1000 virtual machines if you use Azure images if you use your own or custom images then its 600
- You can use Azure Monitor For VMs to monitor the vms in the scale set and Application Insights to collection information and monitor the application
- The "Control Plane" is what manages the nodes and pods
- The standard way to perform authentication is Azure Active Directory
- You can manage Kubernetes using the kubectl command
- Min number of nodes recommended for a prod cluster is 3
Azure managed disks
Storage accounts
Azure Storage Tiers
Life Cycle Management
This is used to move data between tiers. An example would be to move data from hot to cool if it has not been accessed in XX days, then to move it from cool to achive if it then has not been access for another XX days.