Azureconsolitdation
Azureconsolitdation
• Zoom in on Containerization
https://github.com/nehalineogi/azure-networking ***
https://github.com/kdakan/Azure-Architecture
https://github.com/MicrosoftDocs/architecture-center/blob/main/docs/guide/storage/
storage-start-here.md
https://github.com/microsoft/MTC_IL_WORKSHOP_Azure_Administrator ****
https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/
fundamentals/infrastructure-integrity.md ****
https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/
fundamentals/infrastructure-network.md
CNSHA18AS016
Hyderabad-1@12345$$
Luser_FTPS_WMACC
172.25.161.116
INC000005159572
Hyderabad-1@12345$$
usaws00is001
auto scaling
load balancing
scale set
av set
av zone
nsg,UDRs, and forced tunneling
Service endpoints
point to site x
site to site x
fault domain x
update domain x
hub and spoke
how many ways you can deploy vm
subscriptions x
rbac
storage x
key vault x
backup
resource group x
arm templates x
managed disk and unmanaged disk x
azure dignostics
What is Azure MFA? x
Azure Networking -- VNET,vnet peering,subnet,UDR
peer to peer
azure site recovery
pvt dns resolver
azure backup serivces, azure recovery services vault
backup policies
work load migration
azure monitor
A *network security group (NSG)* contains a list of Access Control List (ACL) rules
that allow or deny network traffic to subnets, NICs, or both. NSGs can be
associated with either subnets or individual NICs connected to a subnet. When an
NSG is associated with a subnet, the ACL rules apply to all the VMs in that subnet.
In addition, traffic to an individual NIC can be restricted by associating an NSG
directly to a NIC.
Virtual machine scale sets are Azure compute resource that you can use to deploy
and manage a set of identical VMs. With all the VMs configured the same, scale sets
are designed to support true autoscale, and no pre-provisioning of VMs is required.
So it’s easier to build large-scale services that target big compute, big data, and
containerized workloads.
Pricing will vary based on product types. ISV software charges and Azure
infrastructure costs are charged separately through your Azure subscription.
Pricing models include:
* **Free**: Free SKU. Customers are not charged Azure Marketplace fees for use of
the offering.
* **Usage-Based**: You are charged or billed based on the extent of your use of the
offering. For Virtual Machines Images, you are charged an hourly Azure Marketplace
fee. For Data Services, Developer services, and APIs, you are charged per unit of
measurement as defined by the offering.
* **Monthly Fee**: You are charged or billed a fixed monthly fee for a subscription
to the offering (from the date of subscription start for that particular plan). The
monthly fee is not prorated for mid-month cancellations or unused services.
Parameters
Variables
Resources - the actual resources that you are going to deploy or update
Outputs
Block blobs store text and binary data, up to about 4.7 TB. Block blobs are made up
of blocks of data that can be managed individually.
Append blobs are made up of blocks like block blobs, but are optimized for append
operations. Append blobs are ideal for scenarios such as logging data from virtual
machines.
Page blobs store random access files up to 8 TB in size. Page blobs store the VHD
files that back VMs
So at
any point of time during upgrade at least one instance is alive and
serving the users request hence you don't face the downtime of your
application.
Parameters
Variables
Resources - the actual resources that you are going to deploy or update
Outputs
Azure Managed Disks are the new and recommended disk storage offerings for use with
Azure Virtual Machines for persistent storage of data. You can use multiple Managed
Disks with each Virtual Machine. Managed Disks offer two types of durable storage
options: Premium and Standard Managed Disks.
Azure storage accounts can also provide storage for the operating system disk and
any data disks. Each disk is a .vhd file stored as a page blob.
Azure Monitor
Azure Monitor helps you maximize the availability and performance of your
applications and services. It delivers a comprehensive solution for collecting,
analyzing, and acting on telemetry from your cloud and on-premises environments.
This information helps you understand how your applications are performing and
proactively identify issues that affect them and the resources they depend on.
Detect and diagnose issues across applications and dependencies with Application
Insights.
Correlate infrastructure issues with VM insights and Container insights.
Drill into your monitoring data with Log Analytics for troubleshooting and deep
diagnostics.
Support operations at scale with automated actions.
Create visualizations with Azure dashboards and workbooks.
Collect data from monitored resources by using Azure Monitor Metrics.
Investigate change data for routine monitoring or for triaging incidents by using
Change Analysis
azure_monitor
Metrics for Azure resources
CPU Usage
Disk Metricts
Network Stats
Alerts
Activity Logs
Control Plane activities
When a virtual machine is stopped
When a virtual machine is created
Log Analytics Workspace
Central Solution for all of your logs
Application Insights
Performance
Management system for your live applications
Azure backup
The Azure Backup service provides simple, secure, and cost-effective solutions to
back up your data and recover it from the Microsoft Azure cloud.
On-premises - Back up files, folders, system state using the Microsoft Azure
Recovery Services (MARS) agent. Or use the DPM or Azure Backup Server (MABS) agent
to protect on-premises VMs(Hyper-V and VMware) and other on-premises workloads
Azure VMs - Back up entire Windows/Linux VMs (using backup extensions) or back up
files, folders, and system state using the MARS agent.
Azure Managed Disks - Back up Azure Managed Disks
Azure Files shares - Back up Azure File shares to a storage account
SQL Server in Azure VMs - Back up SQL Server databases running on Azure VMs
SAP HANA databases in Azure VMs - Backup SAP HANA databases running on Azure VMs
Azure Database for PostgreSQL servers - Back up Azure PostgreSQL databases and
retain the backups for up to 10 years
Azure Blobs - Overview of operational backup for Azure Blobs
Application Insights
Application Insights is an extension of Azure Monitor and provides Application
Performance Monitoring (also known as “APM”) features. APM tools are useful to
monitor applications from development, through test, and into production in the
following ways:
The Defender plans of Microsoft Defender for Cloud offer comprehensive defenses for
the compute, data, and service layers of your environment:
Azure Policies
Azure Policy helps to enforce organizational standards and to assess compliance at-
scale. Through its compliance dashboard, it provides an aggregated view to evaluate
the overall state of the environment, with the ability to drill down to the per-
resource, per-policy granularity. It also helps to bring your resources to
compliance through bulk remediation for existing resources and automatic
remediation for new resources.
Common use cases for Azure Policy include implementing governance for resource
consistency, regulatory compliance, security, cost, and management. Policy
definitions for these common use cases are already available in your Azure
environment as built-ins to help you get started.
Specifically, some useful governance actions you can enforce with Azure Policy
include:
Service Subdomain
Azure Access Control Service (retired) *.accesscontrol.windows.net
Microsoft Entra ID *.graph.windows.net / *.onmicrosoft.com
Azure API Management *.azure-api.net
Azure BizTalk Services (retired) *.biztalk.windows.net
Azure Blob storage *.blob.core.windows.net
Azure Cloud Services and Azure Virtual Machines *.cloudapp.net
Azure Cloud Services and Azure Virtual Machines *.cloudapp.azure.com
Azure Container Registry *.azurecr.io
Azure Container Service (deprecated) *.azurecontainer.io
Azure Content Delivery Network (CDN) *.vo.msecnd.net
Azure Cosmos DB *.cosmos.azure.com
Azure Cosmos DB *.documents.azure.com
Azure Files *.file.core.windows.net
Azure Front Door *.azurefd.net
Azure Key Vault *.vault.azure.net
Azure Kubernetes Service *.azmk8s.io
Azure Management Services *.management.core.windows.net
Azure Media Services *.origin.mediaservices.windows.net
Azure Mobile Apps *.azure-mobile.net
Azure Queue Storage *.queue.core.windows.net
Azure Service Bus *.servicebus.windows.net
Azure SQL Database *.database.windows.net
Azure Stack Edge and Azure IoT Edge *.azureedge.net
Azure Table Storage *.table.core.windows.net
Azure Traffic Manager *.trafficmanager.net
Azure Websites *.azurewebsites.net
GitHub Codespaces *.visualstudio.com
A popular and effective method for enhancing availability and performance is load
balancing. Load balancing is a method of distributing network traffic across
servers that are part of a service. For example, if you have front-end web servers
as part of your service, you can use load balancing to distribute the traffic
across your multiple front-end web servers.
We recommend that you employ load balancing whenever you can, and as appropriate
for your services. Following are scenarios at both the Azure virtual network level
and the global level, along with load-balancing options for each.
Requires requests from the same user/client session to reach the same back-end
virtual machine. Examples of this are shopping cart apps and web mail servers.
Accepts only a secure connection, so unencrypted communication to the server isn't
an acceptable option.
Requires multiple HTTP requests on the same long-running TCP connection to be
routed or load balanced to different back-end servers.
Load-balancing option: Use Azure Application Gateway, an HTTP web traffic load
balancer. Application Gateway supports end-to-end TLS encryption and TLS
termination at the gateway. Web servers can then be unburdened from encryption and
decryption overhead and traffic flowing unencrypted to the back-end servers.
Scenario: You need to load balance incoming connections from the internet among
your servers located in an Azure virtual network. Scenarios are when you:
Have stateless applications that accept incoming requests from the internet.
Don't require sticky sessions or TLS offload. Sticky sessions is a method used with
Application Load Balancing, to achieve server-affinity.
Load-balancing option: Use the Azure portal to create an external load balancer
that spreads incoming requests across multiple VMs to provide a higher level of
availability.
Scenario: You need to load balance connections from VMs that are not on the
internet. In most cases, the connections that are accepted for load balancing are
initiated by devices on an Azure virtual network, such as SQL Server instances or
internal web servers.
Load-balancing option: Use the Azure portal to create an internal load balancer
that spreads incoming requests across multiple VMs to provide a higher level of
availability.
Have a cloud solution that is widely distributed across multiple regions and
requires the highest level of uptime (availability) possible.
Need the highest level of uptime possible to make sure that your service is
available even if an entire datacenter becomes unavailable.
Load-balancing option: Use Azure Traffic Manager. Traffic Manager makes it possible
to load balance connections to your services based on the location of the user.
For example, if the user makes a request to your service from the EU, the
connection is directed to your services located in an EU datacenter. This part of
Traffic Manager global load balancing helps to improve performance because
connecting to the nearest datacenter is faster than connecting to datacenters that
are far away.
What are the key components of the Azure Resource Manager (ARM)?
Azure Resource Manager (ARM) is an Azure resources deployment and management
service. The key components of ARM include:
Resource groups: A logical container for resources that are deployed within an
Azure subscription.
ARM templates: JSON files that define the resources, configurations, and
dependencies for an Azure deployment.
ARM API: A RESTful API for managing Azure resources programmatically.
Role-based access control (RBAC): A mechanism for controlling access to Azure
resources based on user roles and permissions.
Can you explain the difference between Azure Service Bus, Event Hubs, and Event
Grid?
Azure Service Bus is a fully managed enterprise integration message broker that
supports both point-to-point and publish-subscribe communication patterns. It is
designed for high-throughput, low-latency messaging scenarios.
Azure Event Hubs is a big data streaming platform and event ingestion service that
can process millions of events per second. It is designed for real-time data
processing and analytics.
Azure Event Grid is a fully managed event routing service that enables event-
driven, reactive programming. It connects event sources with event handlers using a
publish-subscribe model and supports filtering and routing based on event types and
data.
6. What is Azure Active Directory (AAD), and how does it differ from an on-premises
active directory?
Azure Active Directory (AAD), now Microsoft Entra ID, is a cloud-based identity and
access management service that provides single sign-on (SSO), multi-factor
authentication, and identity protection for applications and services.
What are Azure Virtual Machines (VMs), and how do they differ from other computing
options in Azure?
Azure Virtual Machines (VMs) are Infrastructure-as-a-Service (IaaS) offerings that
provide on-demand, scalable compute resources in the cloud. VMs differ from other
compute options in Azure, such as Web Apps and Functions, in that they provide more
control over the underlying infrastructure, including the operating system,
networking, and storage. This makes VMs suitable for workloads that require custom
configurations or need to run specific software that is not supported by other
Azure compute services.
----------------------------------------------------------------------------------
How do you ensure high availability and disaster recovery for Azure Virtual
Machines (VMs)?
To ensure high availability for Azure VMs, you can:
Deploy VMs in an Availability Set, which distributes VMs across multiple fault
domains and update domains within a data center.
Use Azure Virtual Machine Scale Sets to automatically scale the number of VM
instances based on demand or a predefined schedule.
Deploy VMs in multiple Azure regions and use Azure Traffic Manager or Azure Front
Door to distribute traffic across regions.
For disaster recovery, you can:
Use Azure Site Recovery to replicate VMs to a secondary Azure region and enable
failover in case of a disaster.
Regularly back up VMs using Azure Backup and restore them to a new VM in case of
data loss or corruption.
What is Azure Storage Service Encryption (SSE), and how does it help protect data?
Azure Storage Service Encryption (SSE) is a feature that automatically encrypts
data at rest in Azure Blob Storage, File Storage, Table Storage, and Queue Storage.
SSE uses Azure-managed encryption keys or customer-managed keys to encrypt data
before it is written to storage and decrypts it when it is read. This helps protect
data from unauthorized access and ensures compliance with data security and privacy
regulations.
Use Azure Monitor to collect, analyze, and visualize performance metrics and logs
from Azure resources.
Set up alerts and notifications based on performance thresholds or specific events.
Use Azure Advisor to get personalized recommendations for optimizing resource
performance, cost, security, and reliability.
Implement autoscaling for compute resources, such as VMs and App Services, to
adjust capacity based on demand.
Use Azure CDN and Azure Traffic Manager to optimize content delivery and network
performance.
What is Azure Virtual Network (VNet), and what are its key features?
Azure Virtual Network (VNet) is a logically isolated network within the Azure cloud
that enables you to connect Azure resources and on-premises networks securely. Key
features of Azure VNet include:
Private IP address space and DNS settings for resources within the VNet.
Subnets for organizing and segmenting resources based on security and network
requirements.
Network Security Groups (NSGs) for controlling inbound and outbound traffic to
resources.
Virtual Network Gateway for connecting VNets to on-premises networks using VPN or
ExpressRoute.
VNet peering for connecting VNets within the same or different Azure regions.
What is Azure Load Balancer, and how does it help distribute traffic to Azure
resources?
Azure Load Balancer is a network service that distributes incoming network traffic
across multiple resources, such as VMs, to ensure high availability, scalability,
and low latency. Azure Load Balancer supports both Layer 4 (TCP/UDP) and Layer 7
(HTTP/HTTPS) traffic and provides features such as:
What is Azure Backup, and how does it help protect Azure resources?
Azure Backup is a cloud-based backup service that enables you to back up and
restore Azure resources, such as VMs, databases, and file shares. Azure Backup
helps protect Azure resources by:
What is Azure site recovery, and how does it help with disaster recovery in Azure?
Azure Site Recovery is a cloud-based disaster recovery service that enables you to
replicate, failover, and recover Azure resources and on-premises workloads in case
of a disaster or outage. Azure Site Recovery helps with disaster recovery in Azure
by:
What is Azure cost management, and how does it help control and optimize Azure
spending?
Azure Cost Management is a suite of tools and services that help you monitor,
analyze, and optimize your Azure spending. Azure Cost Management provides:
Cost analysis reports and dashboards for visualizing and understanding your Azure
spending patterns.
Budgets and alerts for tracking and controlling spending against predefined limits.
Cost recommendations based on your usage patterns and Azure best practices.
Integration with Azure Policy for enforcing cost-related policies and compliance.
What are some best practices for securing Azure resources and data?
Some best practices for securing Azure resources and data include: