What is Azure Fundamentals?

Azure Fundamentals is a series of three learning paths that familiarize you with
Azure and its many services and features.

Whether you're interested in compute, networking, or storage services; learning

about cloud security best practices; or exploring governance and management
options, think of Azure Fundamentals as your curated guide to Azure.

Azure Fundamentals includes interactive exercises that give you hands-on experience
with Azure. Many exercises provide a temporary Azure portal environment called the
sandbox, which allows you to practice creating cloud resources for free at your own
pace.

Technical IT experience isn't required; however, having general IT knowledge will

help you get the most from your learning experience.

What is cloud computing

Cloud computing is the delivery of computing services over the internet. Computing
services include common IT infrastructure such as virtual machines, storage,
databases, and networking. Cloud services also expand the traditional IT offerings
to include things like Internet of Things (IoT), machine learning (ML), and
artificial intelligence (AI).

Because cloud computing uses the internet to deliver these services, it doesn’t
have to be constrained by physical infrastructure the same way that a traditional
datacenter is. That means if you need to increase your IT infrastructure rapidly,
you don’t have to wait to build a new datacenter—you can use the cloud to rapidly
expand your IT footprint.

Describe the shared responsibility model

You may have heard of the shared responsibility model, but you may not understand
what it means or how it impacts cloud computing.

Start with a traditional corporate datacenter. The company is responsible for

maintaining the physical space, ensuring security, and maintaining or replacing the
servers if anything happens. The IT department is responsible for maintaining all
the infrastructure and software needed to keep the datacenter up and running.
They’re also likely to be responsible for keeping all systems patched and on the
correct version.

With the shared responsibility model, these responsibilities get shared between the
cloud provider and the consumer. Physical security, power, cooling, and network
connectivity are the responsibility of the cloud provider. The consumer isn’t
collocated with the datacenter, so it wouldn’t make sense for the consumer to have
any of those responsibilities.

At the same time, the consumer is responsible for the data and information stored
in the cloud. (You wouldn’t want the cloud provider to be able to read your
information.) The consumer is also responsible for access security, meaning you
only give access to those who need it.

Then, for some things, the responsibility depends on the situation. If you’re using
a cloud SQL database, the cloud provider would be responsible for maintaining the
actual database. However, you’re still responsible for the data that gets ingested
into the database. If you deployed a virtual machine and installed an SQL database
on it, you’d be responsible for database patches and updates, as well as
maintaining the data and information stored in the database.

With an on-premises datacenter, you’re responsible for everything. With cloud

computing, those responsibilities shift. The shared responsibility model is heavily
tied into the cloud service types (covered later in this learning path):
infrastructure as a service (IaaS), platform as a service (PaaS), and software as a
service (SaaS). IaaS places the most responsibility on the consumer, with the cloud
provider being responsible for the basics of physical security, power, and
connectivity. On the other end of the spectrum, SaaS places most of the
responsibility with the cloud provider. PaaS, being a middle ground between IaaS
and SaaS, rests somewhere in the middle and evenly distributes responsibility
between the cloud provider and the consumer.

The following diagram highlights how the Shared Responsibility Model informs who is
responsible for what, depending on the cloud service type.

Diagram showing the responsibilities of the shared responsibility model.

When using a cloud provider, you’ll always be responsible for:

The information and data stored in the cloud

Devices that are allowed to connect to your cloud (cell phones, computers, and so
on)
The accounts and identities of the people, services, and devices within your
organization
The cloud provider is always responsible for:

The physical datacenter

The physical network
The physical hosts
Your service model will determine responsibility for things like:

Operating systems
Network controls
Applications
Identity and infrastructure

Define cloud models

What are cloud models? The cloud models define the deployment type of cloud
resources. The three main cloud models are: private, public, and hybrid.

Private cloud
Let’s start with a private cloud. A private cloud is, in some ways, the natural
evolution from a corporate datacenter. It’s a cloud (delivering IT services over
the internet) that’s used by a single entity. Private cloud provides much greater
control for the company and its IT department. However, it also comes with greater
cost and fewer of the benefits of a public cloud deployment. Finally, a private
cloud may be hosted from your on site datacenter. It may also be hosted in a
dedicated datacenter offsite, potentially even by a third party that has dedicated
that datacenter to your company.

Public cloud
A public cloud is built, controlled, and maintained by a third-party cloud
provider. With a public cloud, anyone that wants to purchase cloud services can
access and use resources. The general public availability is a key difference
between public and private clouds.

Hybrid cloud
A hybrid cloud is a computing environment that uses both public and private clouds
in an inter-connected environment. A hybrid cloud environment can be used to allow
a private cloud to surge for increased, temporary demand by deploying public cloud
resources. Hybrid cloud can be used to provide an extra layer of security. For
example, users can flexibly choose which services to keep in public cloud and which
to deploy to their private cloud infrastructure.

The following table highlights a few key comparative aspects between the cloud
models.

Public cloud Private cloud Hybrid cloud

No capital , expenditures to scale up Organizations have complete control over
resources and security , Provides the most flexibility
Applications can be quickly provisioned and deprovisioned, Data is not collocated
with other organizations’ data, Organizations determine where to run their
applications
Organizations pay only for what they use, Hardware must be purchased for startup
and maintenance, Organizations control security, compliance, or legal requirements
Organizations don’t have complete control over resources and security,
Organizations are responsible for hardware maintenance and updates ,

Multi-cloud
A fourth, and increasingly likely scenario is a multi-cloud scenario. In a multi-
cloud scenario, you use multiple public cloud providers. Maybe you use different
features from different cloud providers. Or maybe you started your cloud journey
with one provider and are in the process of migrating to a different provider.
Regardless, in a multi-cloud environment you deal with two (or more) public cloud
providers and manage resources and security in both environments.

Azure Arc
Azure Arc is a set of technologies that helps manage your cloud environment. Azure
Arc can help manage your cloud environment, whether it's a public cloud solely on
Azure, a private cloud in your datacenter, a hybrid configuration, or even a multi-
cloud environment running on multiple cloud providers at once.

Azure VMware Solution

What if you’re already established with VMware in a private cloud environment but
want to migrate to a public or hybrid cloud? Azure VMware Solution lets you run
your VMware workloads in Azure with seamless integration and scalability.

Next unit: Describe the consumption-based model

Describe the consumption-based model:

When comparing IT infrastructure models, there are two types of expenses to

consider. Capital expenditure (CapEx) and operational expenditure (OpEx).

CapEx is typically a one-time, up-front expenditure to purchase or secure tangible

resources. A new building, repaving the parking lot, building a datacenter, or
buying a company vehicle are examples of CapEx.

In contrast, OpEx is spending money on services or products over time. Renting a

convention center, leasing a company vehicle, or signing up for cloud services are
all examples of OpEx.

Cloud computing falls under OpEx because cloud computing operates on a consumption-
based model. With cloud computing, you don’t pay for the physical infrastructure,
the electricity, the security, or anything else associated with maintaining a
datacenter. Instead, you pay for the IT resources you use. If you don’t use any IT
resources this month, you don’t pay for any IT resources.

This consumption-based model has many benefits, including:

No upfront costs.
No need to purchase and manage costly infrastructure that users might not use to
its fullest potential.
The ability to pay for more resources when they're needed.
The ability to stop paying for resources that are no longer needed.
With a traditional datacenter, you try to estimate the future resource needs. If
you overestimate, you spend more on your datacenter than you need to and
potentially waste money. If you underestimate, your datacenter will quickly reach
capacity and your applications and services may suffer from decreased performance.
Fixing an under-provisioned datacenter can take a long time. You may need to order,
receive, and install more hardware. You'll also need to add power, cooling, and
networking for the extra hardware.

In a cloud-based model, you don’t have to worry about getting the resource needs
just right. If you find that you need more virtual machines, you add more. If the
demand drops and you don’t need as many virtual machines, you remove machines as
needed. Either way, you’re only paying for the virtual machines that you use, not
the “extra capacity” that the cloud provider has on hand.

Compare cloud pricing models

Cloud computing is the delivery of computing services over the internet by using a
pay-as-you-go pricing model. You typically pay only for the cloud services you use,
which helps you:

Plan and manage your operating costs.

Run your infrastructure more efficiently.

What is cloud computing?

Delivery of computing services over the internet.✔

Cloud computing is the delivery of computing services over the internet.

Delivery of storage services over the internet.

While storage services are a component of cloud computing, cloud computing is much
broader.

Delivery of websites accessible via the internet.

2. Which cloud model uses some datacenters focused on providing cloud services to
anyone that wants them, and some data centers that are focused on a single
customer?

Public cloud
The public cloud model provides cloud services to virtually anyone interested in
using the cloud services. Datacenters are dedicated to anyone consuming cloud
resources instead of a single customer.

Hybrid cloud ✔
The hybrid cloud model is a combination of public cloud and private cloud, using
both datacenters dedicated solely to one customer and datacenters that are shared
with the public.

Multi-cloud
3. According to the shared responsibility model, which cloud service type places
the most responsibility on the customer?

Infrastructure as a Service (IaaS)

IaaS places the most responsibility on the consumer, with the cloud provider being
responsible for the basics of physical security, power, and connectivity.

Software as a Service (SaaS)

Platform as a Service (PaaS)

Scale as your business needs change.
To put it another way, cloud computing is a way to rent compute power and storage
from someone else’s datacenter. You can treat cloud resources like you would
resources in your own datacenter. However, unlike in your own datacenter, when
you're done using cloud resources, you give them back. You’re billed only for what
you use.

Instead of maintaining CPUs and storage in your datacenter, you rent them for the
time that you need them. The cloud provider takes care of maintaining the
underlying infrastructure for you. The cloud enables you to quickly solve your
toughest business challenges and bring cutting-edge solutions to your users.

Describe Azure management infrastructure:

The management infrastructure includes Azure resources and resource groups,

subscriptions, and accounts. Understanding the hierarchical organization will help
you plan your projects and products within Azure.

Azure resources and resource groups

A resource is the basic building block of Azure. Anything you create, provision,
deploy, etc. is a resource. Virtual Machines (VMs), virtual networks, databases,
cognitive services, etc. are all considered resources within Azure.

Diagram showing a resource group box with a function, VM, database, and app
included.

Resource groups are simply groupings of resources. When you create a resource,
you’re required to place it into a resource group. While a resource group can
contain many resources, a single resource can only be in one resource group at a
time. Some resources may be moved between resource groups, but when you move a
resource to a new group, it will no longer be associated with the former group.
Additionally, resource groups can't be nested, meaning you can’t put resource group
B inside of resource group A.

Resource groups provide a convenient way to group resources together. When you
apply an action to a resource group, that action will apply to all the resources
within the resource group. If you delete a resource group, all the resources will
be deleted. If you grant or deny access to a resource group, you’ve granted or
denied access to all the resources within the resource group.

When you’re provisioning resources, it’s good to think about the resource group
structure that best suits your needs.

For example, if you’re setting up a temporary dev environment, grouping all the
resources together means you can deprovision all of the associated resources at
once by deleting the resource group. If you’re provisioning compute resources that
will need three different access schemas, it may be best to group resources based
on the access schema, and then assign access at the resource group level.

There aren’t hard rules about how you use resource groups, so consider how to set
up your resource groups to maximize their usefulness for you.

Azure subscriptions
In Azure, subscriptions are a unit of management, billing, and scale. Similar to
how resource groups are a way to logically organize resources, subscriptions allow
you to logically organize your resource groups and facilitate billing.

Diagram showing Azure subscriptions using authentication and authorization to

access Azure accounts.

Using Azure requires an Azure subscription. A subscription provides you with

authenticated and authorized access to Azure products and services. It also allows
you to provision resources. An Azure subscription links to an Azure account, which
is an identity in Microsoft Entra ID or in a directory that Microsoft Entra ID
trusts.

An account can have multiple subscriptions, but it’s only required to have one. In
a multi-subscription account, you can use the subscriptions to configure different
billing models and apply different access-management policies. You can use Azure
subscriptions to define boundaries around Azure products, services, and resources.
There are two types of subscription boundaries that you can use:

Billing boundary: This subscription type determines how an Azure account is billed
for using Azure. You can create multiple subscriptions for different types of
billing requirements. Azure generates separate billing reports and invoices for
each subscription so that you can organize and manage costs.
Access control boundary: Azure applies access-management policies at the
subscription level, and you can create separate subscriptions to reflect different
organizational structures. An example is that within a business, you have different
departments to which you apply distinct Azure subscription policies. This billing
model allows you to manage and control access to the resources that users provision
with specific subscriptions.
Create additional Azure subscriptions
Similar to using resource groups to separate resources by function or access, you
might want to create additional subscriptions for resource or billing management
purposes. For example, you might choose to create additional subscriptions to
separate:

Environments: You can choose to create subscriptions to set up separate

environments for development and testing, security, or to isolate data for
compliance reasons. This design is particularly useful because resource access
control occurs at the subscription level.
Organizational structures: You can create subscriptions to reflect different
organizational structures. For example, you could limit one team to lower-cost
resources, while allowing the IT department a full range. This design allows you to
manage and control access to the resources that users provision within each
subscription.
Billing: You can create additional subscriptions for billing purposes. Because
costs are first aggregated at the subscription level, you might want to create
subscriptions to manage and track costs based on your needs. For instance, you
might want to create one subscription for your production workloads and another
subscription for your development and testing workloads.
Azure management groups
The final piece is the management group. Resources are gathered into resource
groups, and resource groups are gathered into subscriptions. If you’re just
starting in Azure that might seem like enough hierarchy to keep things organized.
But imagine if you’re dealing with multiple applications, multiple development
teams, in multiple geographies.

If you have many subscriptions, you might need a way to efficiently manage access,
policies, and compliance for those subscriptions. Azure management groups provide a
level of scope above subscriptions. You organize subscriptions into containers
called management groups and apply governance conditions to the management groups.
All subscriptions within a management group automatically inherit the conditions
applied to the management group, the same way that resource groups inherit settings
from subscriptions and resources inherit from resource groups. Management groups
give you enterprise-grade management at a large scale, no matter what type of
subscriptions you might have. Management groups can be nested.

Management group, subscriptions, and resource group hierarchy

You can build a flexible structure of management groups and subscriptions to
organize your resources into a hierarchy for unified policy and access management.
The following diagram shows an example of creating a hierarchy for governance by
using management groups.

Diagram showing an example of a management group hierarchy tree.

Some examples of how you could use management groups might be:

Create a hierarchy that applies a policy. You could limit VM locations to the US
West Region in a group called Production. This policy will inherit onto all the
subscriptions that are descendants of that management group and will apply to all
VMs under those subscriptions. This security policy can't be altered by the
resource or subscription owner, which allows for improved governance.
Provide user access to multiple subscriptions. By moving multiple subscriptions
under a management group, you can create one Azure role-based access control (Azure
RBAC) assignment on the management group. Assigning Azure RBAC at the management
group level means that all sub-management groups, subscriptions, resource groups,
and resources underneath that management group would also inherit those
permissions. One assignment on the management group can enable users to have access
to everything they need instead of scripting Azure RBAC over different
subscriptions.
Important facts about management groups:

10,000 management groups can be supported in a single directory.

A management group tree can support up to six levels of depth. This limit doesn't
include the root level or the subscription level.
Each management group and subscription can support only one parent.
Resource groups are simply groupings of resources. When you create a resource,
you’re required to place it into a resource group. While a resource group can
contain many resources, a single resource can only be in one resource group at a
time. Some resources may be moved between resource groups, but when you move a
resource to a new group, it will no longer be associated with the former group.
Additionally, resource groups can't be nested, meaning you can’t put resource group
B inside of resource group A.

Resource groups provide a convenient way to group resources together. When you
apply an action to a resource group, that action will apply to all the resources
within the resource group. If you delete a resource group, all the resources will
be deleted. If you grant or deny access to a resource group, you’ve granted or
denied access to all the resources within the resource group.

Describe Azure containers

Completed
100 XP
6 minutes
While virtual machines are an excellent way to reduce costs versus the investments
that are necessary for physical hardware, they're still limited to a single
operating system per virtual machine. If you want to run multiple instances of an
application on a single host machine, containers are an excellent choice.

What are containers?

Containers are a virtualization environment. Much like running multiple virtual
machines on a single physical host, you can run multiple containers on a single
physical or virtual host. Unlike virtual machines, you don't manage the operating
system for a container. Virtual machines appear to be an instance of an operating
system that you can connect to and manage. Containers are lightweight and designed
to be created, scaled out, and stopped dynamically. It's possible to create and
deploy virtual machines as application demand increases, but containers are a
lighter weight, more agile method. Containers are designed to allow you to respond
to changes on demand. With containers, you can quickly restart if there's a crash
or hardware interruption. One of the most popular container engines is Docker, and
Azure supports Docker.

Compare virtual machines to containers

The following video highlights several of the important differences between virtual
machines and containers:

Azure Container Instances

Azure Container Instances offer the
Azure; without having to manage any
services. Azure Container Instances
Azure Container Instances allow you
will run the containers for you.
fastest and simplest way to run a container in
virtual machines or adopt any additional
are a platform as a service (PaaS) offering.
to upload your containers and then the service

Azure Container Apps

Azure Container Apps are similar in many ways to a container instance. They allow
you to get up and running right away, they remove the container management piece,
and they're a PaaS offering. Container Apps have extra benefits such as the ability
to incorporate load balancing and scaling. These other functions allow you to be
more elastic in your design.

Azure Kubernetes Service

Azure Kubernetes Service (AKS) is a container orchestration service. An
orchestration service manages the lifecycle of containers. When you're deploying a
fleet of containers, AKS can make fleet management simpler and more efficient.

Use containers in your solutions

Containers are often used to create solutions by using a microservice architecture.
This architecture is where you break solutions into smaller, independent pieces.
For example, you might split a website into a container hosting your front end,
another hosting your back end, and a third for storage. This split allows you to
separate portions of your app into logical sections that can be maintained, scaled,
or updated independently.

Imagine your website back-end has reached capacity but the front end and storage
aren't being stressed. With containers, you could scale the back end separately to
improve performance. If something necessitated such a change, you could also choose
to change the storage service or modify the front end without impacting any of the
other components.

Next unit: Describe Azure functions

Describe application hosting options

Completed
100 XP
3 minutes
If you need to host your application on Azure, you might initially turn to a
virtual machine (VM) or containers. Both VMs and containers provide excellent
hosting solutions. VMs give you maximum control of the hosting environment and
allow you to configure it exactly how you want. VMs also may be the most familiar
hosting method if you’re new to the cloud. Containers, with the ability to isolate
and individually manage different aspects of the hosting solution, can also be a
robust and compelling option.

There are other hosting options that you can use with Azure, including Azure App
Service.

Azure App Service

App Service enables you to build and host web apps, background jobs, mobile back-
ends, and RESTful APIs in the programming language of your choice without managing
infrastructure. It offers automatic scaling and high availability. App Service
supports Windows and Linux. It enables automated deployments from GitHub, Azure
DevOps, or any Git repo to support a continuous deployment model.

Azure App Service is a robust hosting option that you can use to host your apps in
Azure. Azure App Service lets you focus on building and maintaining your app, and
Azure focuses on keeping the environment up and running.

Azure App Service is an HTTP-based service for hosting web applications, REST APIs,
and mobile back ends. It supports multiple languages, including .NET, .NET Core,
Java, Ruby, Node.js, PHP, or Python. It also supports both Windows and Linux
environments.

Types of app services

With App Service, you can host most common app service styles like:
Web apps
API apps
WebJobs
Mobile apps
App Service handles most of the infrastructure decisions you deal with in hosting
web-accessible apps:

Deployment and management are integrated into the platform.

Endpoints can be secured.
Sites can be scaled quickly to handle high traffic loads.
The built-in load balancing and traffic manager provide high availability.
All of these app styles are hosted in the same infrastructure and share these
benefits. This flexibility makes App Service the ideal choice to host web-oriented
applications.

Web apps
App Service includes full support for hosting web apps by using ASP.NET, ASP.NET
Core, Java, Ruby, Node.js, PHP, or Python. You can choose either Windows or Linux
as the host operating system.

API apps
Much like hosting a website, you can build REST-based web APIs by using your choice
of language and framework. You get full Swagger support and the ability to package
and publish your API in Azure Marketplace. The produced apps can be consumed from
any HTTP- or HTTPS-based client.

WebJobs
You can use the WebJobs feature to run a program (.exe, Java, PHP, Python, or
Node.js) or script (.cmd, .bat, PowerShell, or Bash) in the same context as a web
app, API app, or mobile app. They can be scheduled or run by a trigger. WebJobs are
often used to run background tasks as part of your application logic.

Mobile apps
Use the Mobile Apps feature of App Service to quickly build a back end for iOS and
Android apps. With just a few actions in the Azure portal, you can:

Store mobile app data in a cloud-based SQL database.

Authenticate customers against common social providers, such as MSA, Google,
Twitter, and Facebook.
Send push notifications.
Execute custom back-end logic in C# or Node.js.
On the mobile app side, there's SDK support for native iOS and Android, Xamarin,
and React native apps.

Next unit: Describe Azure virtual networking:

Describe Azure virtual networking

Completed
100 XP
5 minutes
Azure virtual networks and virtual subnets enable Azure resources, such as VMs, web
apps, and databases, to communicate with each other, with users on the internet,
and with your on-premises client computers. You can think of an Azure network as an
extension of your on-premises network with resources that link other Azure
resources.

Azure virtual networks provide the following key networking capabilities:

Isolation and segmentation
Internet communications
Communicate between Azure resources
Communicate with on-premises resources
Route network traffic
Filter network traffic
Connect virtual networks
Azure virtual networking supports both public and private endpoints to enable
communication between external or internal resources with other internal resources.

Public endpoints have a public IP address and can be accessed from anywhere in the
world.
Private endpoints exist within a virtual network and have a private IP address from
within the address space of that virtual network.
Isolation and segmentation
Azure virtual network allows you to create multiple isolated virtual networks. When
you set up a virtual network, you define a private IP address space by using either
public or private IP address ranges. The IP range only exists within the virtual
network and isn't internet routable. You can divide that IP address space into
subnets and allocate part of the defined address space to each named subnet.

For name resolution, you can use the name resolution service that's built into
Azure. You also can configure the virtual network to use either an internal or an
external DNS server.

Internet communications
You can enable incoming connections from the internet by assigning a public IP
address to an Azure resource, or putting the resource behind a public load
balancer.

Communicate between Azure resources

You'll want to enable Azure resources to communicate securely with each other. You
can do that in one of two ways:

Virtual networks can connect not only VMs but other Azure resources, such as the
App Service Environment for Power Apps, Azure Kubernetes Service, and Azure virtual
machine scale sets.
Service endpoints can connect to other Azure resource types, such as Azure SQL
databases and storage accounts. This approach enables you to link multiple Azure
resources to virtual networks to improve security and provide optimal routing
between resources.
Communicate with on-premises resources
Azure virtual networks enable you to link resources together in your on-premises
environment and within your Azure subscription. In effect, you can create a network
that spans both your local and cloud environments. There are three mechanisms for
you to achieve this connectivity:

Point-to-site virtual private network connections are from a computer outside your
organization back into your corporate network. In this case, the client computer
initiates an encrypted VPN connection to connect to the Azure virtual network.
Site-to-site virtual private networks link your on-premises VPN device or gateway
to the Azure VPN gateway in a virtual network. In effect, the devices in Azure can
appear as being on the local network. The connection is encrypted and works over
the internet.
Azure ExpressRoute provides a dedicated private connectivity to Azure that doesn't
travel over the internet. ExpressRoute is useful for environments where you need
greater bandwidth and even higher levels of security.
Route network traffic
By default, Azure routes traffic between subnets on any connected virtual networks,
on-premises networks, and the internet. You also can control routing and override
those settings, as follows:

Route tables allow you to define rules about how traffic should be directed. You
can create custom route tables that control how packets are routed between subnets.
Border Gateway Protocol (BGP) works with Azure VPN gateways, Azure Route Server, or
Azure ExpressRoute to propagate on-premises BGP routes to Azure virtual networks.
Filter network traffic
Azure virtual networks enable you to filter traffic between subnets by using the
following approaches:

Network security groups are Azure resources that can contain multiple inbound and
outbound security rules. You can define these rules to allow or block traffic,
based on factors such as source and destination IP address, port, and protocol.
Network virtual appliances are specialized VMs that can be compared to a hardened
network appliance. A network virtual appliance carries out a particular network
function, such as running a firewall or performing wide area network (WAN)
optimization.
Connect virtual networks
You can link virtual networks together by using virtual network peering. Peering
allows two virtual networks to connect directly to each other. Network traffic
between peered networks is private, and travels on the Microsoft backbone network,
never entering the public internet. Peering enables resources in each virtual
network to communicate with each other. These virtual networks can be in separate
regions, which allows you to create a global interconnected network through Azure.

User-defined routes (UDR) allow you to control the routing tables between subnets
within a virtual network or between virtual networks. This allows for greater
control over network traffic flow.

Next unit: Exercise - Configure network access

Describe Infrastructure as a Service:

Infrastructure as a service (IaaS) is the most flexible category of cloud services,

as it provides you the maximum amount of control for
your cloud resources. In an IaaS model, the cloud provider is responsible for
maintaining the hardware, network connectivity
(to the internet), and physical security. You’re responsible for everything else:
operating system installation, configuration,
and maintenance; network configuration; database and storage configuration; and so
on. With IaaS, you’re essentially renting the hardware
in a cloud datacenter, but what you do with that hardware is up to you.

Some common scenarios where IaaS might make sense include:

Lift-and-shift migration: You’re setting up cloud resources similar to your on-prem

datacenter, and then simply moving the things running on-prem to running on the
IaaS infrastructure.
Testing and development: You have established configurations for development and
test environments that you need to rapidly replicate. You can start up or shut down
the different environments rapidly with an IaaS structure, while maintaining
complete control.

Describe Platform as a Service:---

Platform as a service (PaaS) is a middle ground between renting space in a

datacenter (infrastructure as a service) and paying for a
complete and deployed solution (software as a service). In a PaaS environment, the
cloud provider maintains the physical infrastructure,
physical security, and connection to the internet. They also maintain the
operating systems, middleware, development tools, and business
intelligence services that make up a cloud solution. In a PaaS scenario, you don't
have to worry about the licensing or patching for
operating systems and databases.

PaaS is well suited to provide a complete development environment without the

headache of maintaining all the development infrastructure.

Shared responsibility model

The shared responsibility model applies to all the cloud service types. PaaS splits
the responsibility between you and the cloud provider. The cloud provider is
responsible for maintaining the physical infrastructure and its access to the
internet, just like in IaaS. In the PaaS model, the cloud provider will also
maintain the operating systems, databases, and development tools. Think of PaaS
like using a domain joined machine: IT maintains the device with regular updates,
patches, and refreshes.

Depending on the configuration, you or the cloud provider may be responsible for
networking settings and connectivity within your cloud environment, network and
application security, and the directory infrastructure.

Some common scenarios where PaaS might make sense include:

Development framework: PaaS provides a framework that developers can build upon to
develop or customize cloud-based applications. Similar to the way you create an
Excel macro, PaaS lets developers create applications using built-in software
components. Cloud features such as scalability, high-availability, and multi-tenant
capability are included, reducing the amount of coding that developers must do.
Analytics or business intelligence: Tools provided as a service with PaaS allow
organizations to analyze and mine their data, finding insights and patterns and
predicting outcomes to improve forecasting, product design decisions, investment
returns, and other business decisions.

Describe Software as a Service

Completed
100 XP
2 minutes
Software as a service (SaaS) is the most complete cloud service model from a
product perspective. With SaaS, you’re essentially renting or using a fully
developed application. Email, financial software, messaging applications, and
connectivity software are all common examples of a SaaS implementation.

While the SaaS model may be the least flexible, it’s also the easiest to get up and
running. It requires the least amount of technical knowledge or expertise to fully
employ.

Some common scenarios for SaaS are:

Email and messaging.

Business productivity applications.
Finance and expense tracking.

Introduction
Completed
100 XP
1 minute
Microsoft Power BI is a complete reporting solution that offers data preparation,
data visualization, distribution, and management through development tools and an
online platform.

Power BI can scale from simple reports using a single data source to reports
requiring complex data modeling and consistent themes. Use Power BI to create
visually stunning, interactive reports to serve as the analytics and decision
engine behind group projects, divisions, or entire organizations.

Power BI is an essential tool to data analysts and their organization; however, all
data professionals benefit from understanding how Power BI works to explore and
present data insights within organizations.

Use Power BI
Completed
100 XP
3 minutes
In order to create reports with Power BI, you must first understand the tools
necessary. There are three primary components to Power BI:

Power BI Desktop (desktop application)

Power BI service (online platform)
Power BI Mobile (cross-platform mobile app)
Power BI Desktop is the development tool available to data analysts and other
report creators. While the Power BI service allows you to organize, manage, and
distribute your reports and other Power BI items. Power BI Desktop is available to
download for free either through the Windows store or directly online.

You can access the Power BI service at app.powerbi.com with a school or work
account. If your organization doesn't already use Power BI, you can still explore
the service by getting a free trial or signing up for a free Microsoft 365
Developer account.

Power BI Mobile allows consumers to view reports in a mobile-optimized format. You

can create these optimized report views in Power BI Desktop.

Explore the flow of Power BI

There's a common flow when creating reports with Power BI. First, you start with
Power BI Desktop to connect to data and create the report. Then you publish the
report to the Power BI service and distribute to consumers.

The flow of Power BI is:

Connect to data with Power BI Desktop.

Transform and model data with Power BI Desktop.
Create visualizations and reports with Power BI Desktop.
Publish report to Power BI service.
Distribute and manage reports in the Power BI service.
The Power BI service also allows you to create high-level dashboards that drill
down to reports, and apps to easily group related reports to users in a simple
format.