https://wipro.udemy.

com/course/microsoft-az-204/learn/lecture/
23780934#overview
Course code: https://github.com/skylinesacademy/AZ-204

PowerShell documentation:
https://learn.microsoft.com/en-us/powershell/azure/?view=azps-
13.0.0&viewFallbackFrom=azurermps-6.9.0
Table of Contents
AZ IaaS:...........................................................................................................2
Deploy VM from Portal:......................................................................................................5

Outline:
1) IaaS – VM type solutions
2) Container services – Docker
3) AZ App service – we cover some of web offerings
4) AZ Functions – Microsoft Serverless offerings
5) Cosmos DB – Non-Relational DB
6) AZ Blob Storage – MS storage solution
7) Authentication – different ways
8) AZ Key vault – secret management
9) Application delivery – different ways to deliver & monitor our apps
10) Logic App – Serverless tool
11) API management – to secure our APIs
12) Event based solutions
13) Message based solutions

AZ_Portal_Tutorial
Accessing Azure:
1. AZ Web Portal (portal.azure.com)
2. AZ PowerShell
3. AZ CLI
4. AZ Mobile app
5. AZ REST API [ARM is based on a REST API]
All of the resources {Portal, AZ PowerShell, AZ CLI, Mobile app all just makes
calls to a REST API on the backend}
AZ Resource Manager (ARM) is used to manage all AZ resources within Azure.

Can we create Resource & Resource group in different regions in Azure?

Yes, Resource Group location specifies where its metadata (e.g., tags, resource
properties) is stored. This metadata location is important for managing and
deploying resources.
Tags is the metadata. It can have Tag Name & Value

AZ IaaS:
Understanding AZ VMs & their components:
VM gives you full control to OS it isolates OS from underlying physical HW
using Hypervisor.
There are multiple types of AZ VMs depending on the Workload:

S  Premium SSDs
M  Memory
R  RDMA
ACUs: Azure Compute Units (ACO) is benchmark that allows to compare
CPU performance b/w different sizes & types of VMs. Higher ACO, higher the
VM performance.

Supported OS versions with Az VMs:

There are multiple OS versions available in Aure Marketplace.

There are some Reginal limitations:

Regional limitation is there in VMs versions or HW sizes available within a
given Region.
MS has restricted few common words as VM User names for Security
reasons. For a hacker it might be easy to predict the Password if you use
these kind of common user names.
Disallowed values: "administrator", "admin", "user", "user1", "test", "user2",
"test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2",
"aspnet", "backup", "console", "david", "guest", "john", "owner", "root",
"server", "sql", "support", "support_388945a0", "sys", "test2", "test3",
"user4", "user5".

Naming Rules: https://learn.microsoft.com/en-us/azure/azure-resource-

manager/management/resource-name-rules

Deploy VM from Portal:

Portal  VM  Create  Virtual Machine 
Availability options: No Redundancy, Availability Set, Availability Zone, VM
Scale set
VM Size: CPU, Memory (RAM), Storage (Data Disk)
Authentication: With Linux images: we have SSH public key & Password.
Choose Password and provide UN & password.
Inbound ports: allows to connect to server using SSH/ HTTP(s) over the
internet.
If you have existing NWing that has secure connection (VPN/ express route)
then connect to VM using existing secure NW.

Disk type: Premium SSD/ Standard SSD/ Standard HDD

We can attach new/ existing Data disks to the VM.

NW:
VNW: Instead of isolating the VM resource we can group it into a Virtual NW
for further evaluation.
NSG (NW security group): Security rules for inbound & outbound traffic.

Management: Automatic shutdown, Backup

Monitoring: Alerts & Diagnostics

Advanced: Custom data or script. We can write script to execute when VM is

provisioned like install Python, SQL, etc.,

Tags:

If you have any Azure policy like no SSH/ RDP allowed over public Internet,
upon R + C  Validation will fail.

Copy public IP  open local CMD prompt  ssh <VM_UN>@<public_IP>

[accept the certificate]  password  It prompts to <VM_UN>@<VM_name>:~$
"SSH VM connection" refers to using the Secure Shell (SSH) protocol to remotely access
and interact with a virtual machine (VM), essentially allowing you to log into the VM's
operating system through a secure encrypted connection and execute commands as if you
were directly at the console, all from your own computer.

Networking & NW Security Groups: [Managing access to the

VM]
Let’s investigate Networking tab:
Open the created VM in the portal.
All those Network Security Groups etc., are managed using ARM.

In the cmd prompt: <VM_UN>@<VM_name>:~$

Let’s run curl localhost to check, we are not specifying port here, it takes
default port-80.

o cURL (client URL), is an open-source command-line tool that allows

users to exchange data with a server.
o With cURL, you specify an endpoint (a URL where you want to send
data to or retrieve data from) and, if necessary, the data you want to
send — all this through a command line interface (CLI).
o Users can specify a URL to send or retrieve data from, and any data
to send, through the command line interface (CLI). cURL supports a
number of protocols, including HTTP, HTTPS, and FTP.
o Curl Localhost is a tool that enables developers to send requests
between the client and server without needing to write elaborate
code. It allows developers to quickly send and receive data with
minimal effort and time.
Now copy the Public IP  access it in Browser  it won’t work, NSG is
blocking heavy traffic to the VM.

Go to the Networking tab of the VM, we can see a NW sec group attached to
the NW interface of VM.
Open the NSG  we have inbound & outbound security rules.