1) What is cloud computing?

It is the use of VMs on the internet to “store”, “manage” and “process” data. The difference is, instead
of using your own servers; you are using someone else’s servers to do your task, paying them for the
amount of time you use it for (Pay As you go model)

2) What are the different cloud deployment models?

Public Cloud: The infrastructure is owned by cloud service provider and the hardware that you
are using could be a multi-tenant system. Multiple clients share the same hardware

Private Cloud: Private Cloud offers dedicated resources and infrastructure to a single
organization. In the private cloud, you’re not sharing infrastructure with any other organization.
The data center resources may be located on premises or operated by a third-party vendor off-
site. Private Cloud is owned, operated and managed by the organization itself or a third-party
service provider.

Microsoft Azure provides Private Cloud software called stack HCI that you can rent and buy
from them to use on your own hardware.

Hybrid Cloud: When you use both Public Cloud and Private Cloud together, it is called Hybrid
Cloud. For Example: I am hosting my front-end web application in public cloud and hosting
backend Database in Private cloud.

Hybrid Cloud involves a connection from an on-premises data center to a Public Cloud.

3) What are the different types of services offered in the cloud?

IAAS (Infrastructure as a service):

In Infrastructure as a service, you can provision Virtual machines on your own

In IAAS, you have complete control over OS and server. For Example: Azure VM

PAAS (Platform as a Service):

Platform as a Service, gives you a platform to publish your code without giving the access to the
OS. You will not have control over OS and server. You do not know on which server your
DATABASE or APPLICATION is hosted. You are only responsible for configuration of Application.

For example: Web Apps, Mobile Apps in Azure.

Cloud service provider is responsible for OS updates, auto scaling, Availability and Load
balancing.
SAAS (Software as a Service):

You get software as a service in Azure, i.e. no infrastructure, no platform, simple software that
you can use without purchasing licenses. For example: Office 365 such as Microsoft outlook.

4) What are the important parameters you need to consider to provision Virtual Machine in
Azure?

You need to provide the following to provision a VM.

A) Name of the subscription you are going to choose

B) Resource Group name
C) Virtual Machine name
D) Region
E) Image (name of Operating system you wish to provide. Windows OS (or) Linux OS)
F) Size (Number of CPU cores and RAM (GB))
G) Provide admin credentials (Local Admin Credentials)
H) Select Virtual network, Subnet where VM is going to get deployed into
I) Tags information

5) What is subscription in Azure Cloud?

Azure Subscription allows you to access Azure services. Without Subscription, you cannot
create any resources in Azure. You can have multiple subscriptions in one azure account. For
example, you can have one subscription for Production servers, another subscription for
Nonproduction servers (For example Development servers)

6) What is a Resource Group?

Resource Group is just like a container that holds all the related resources for a solution (For
example application or VM). You can manage all the resources under RG as a single entity
You can create a new RG (or) you can select existing RG from the drop down.

7) What is Region?

A region is a set of data centers deployed within a geographical location. Microsoft Azure is now
available from three India regions: Central India (Pune), South India (Chennai), and West India
(Mumbai).

8) Does Every Azure Region have at least 3 Availability Zones?

MOST Azure Regions have at least 3 AZs. However, it is important to remember that NOT all
Azure regions have 3 Availability Zones.
9) Does All Availability Zones in an Azure Region are present in the same data center?

Each Availability Zone has one or more DISCRETE data centers.

10) Does Availability Zones in a region are connected through low-latency links?

Availability Zones in a region are connected through low-latency links

11) What is Azure Marketplace?

You can access all the services offered by Microsoft from Azure marketplace.

12) What is Image?

You need to choose base operating system (OS) from Azure marketplace. For example, you can
choose Windows or Linux OS.

13) What are the VM sizes you frequently use to build VM?

We are using E –series V3 & V4 mostly for SAP applications running on Azure VMs.

14) What are the inbound ports in Azure?

15) How VM will get Public IP address?

Public IP addresses will be assigned by Microsoft. Using Public IP Address, you can access Azure
VM from the internet.

16) How VM will get private IP address?

A virtual machine (VM) is automatically assigned a private IP address from a subnet address
range. The VM retains the address until the VM is deleted.

17) What is Network Interface Card (NIC)?

A network interface enables an Azure Virtual Machine to communicate with internet & Azure
resources. While creating a virtual machine using the Azure portal, the portal creates one
network interface (NIC) automatically.

18) What is accelerated networking?

It enables low latency and high throughput on the network interface

19) What are the benefits of Cloud Computing?

Cost, Speed, Scalability & Reliability

20) What is Microsoft Azure and why is it used?

Companies which provide cloud services are called the Cloud service providers. There is lot of
cloud service providers in market. Microsoft Azure is a leading cloud service provider.
Customers are accessing Microsoft infrastructure (Microsoft datacenters) in Azure.

21) How many disks will be created by default as soon as Windows VM is created in Azure?

OS disk (C drive) & temporary storage disk (D drive) will be created in Windows Azure VM

22) What is the default size of OS disk (or) C drive in Windows VM?

127 GB

23) How do you login to Windows VM?

You need “Remote Desktop Connection “app to login to windows VMs. (type mstsc and click on
enter)
24) What is Azure Hybrid benefit?

If you already have Windows server license at on premises, you can use the same license in
cloud to save cost. Save up to 49% with a license you already own using Azure Hybrid Benefit.

25) What is Availability Set?

An Availability Set is a logical grouping of VMs.

Azure makes sure that the VMs you place within an Availability Set are distributed across
Hardware. If a hardware or software failure happens, at least one VM will be up and running to
ensure you have high availability for your application.

Update Domain:

Group of VMs that are rebooted (updated) at the same time.

Fault Domain:

It is similar to your rack. Virtual machines in the same fault domain share a common power
source and physical network switch.

Default FD is 2 and Max is 3 you can create.

Default UD is 5 and Max is 20 you can create.

26) What is the Availability Zone in Azure?

Availability Zone is also high-availability service offered by Azure that protects your applications
from datacenter failures. Availability Zones are unique physical locations within an Azure
region. Each AZ is made up of one or more datacenters equipped with independent power,
cooling, and networking. To ensure resiliency, there’s a minimum of three separate AZs in all
enabled regions. The physical separation of Availability Zones within a region protects
applications and data from datacenter failures. With Availability Zones, Azure offers industry
best 99.99% VM uptime SLA.
27) What is the difference between deploying only one VM in availability set (versus) not
deploying the VM into any availability set?

If there is only one VM in the availability set, then there is no SLA for this VM, same as single
VM without availability set.
28) What are the sizes for Windows virtual machines in Azure?

29) What disk types are available in Azure?

There are 4 disk types available in Azure.

Premium SSD - You will get max throughput & max IOPS
Standard SSD - Average throughput & Average IOPS
Standard HDD - Low throughput & Low IOPS
Ultra SSD - Ultra Disks are suited for data-intensive workloads such as SAP HANA, top-tier
databases, and transaction-heavy workloads. Ultra disks must be used as data disks and can
only be created as empty disks. You should use Premium solid-state drives (SSDs) as operating
system (OS) disks. You can change the performance parameters of an Ultra Disk without having
to restart your VMs.
SSD: Solid State Disk
HDD: Hard Disk
30) Do I need to take downtime to add a data disk in Azure Windows VM?

No. We can add disk online (It means when VM is up and running)

31) Do I need to take downtime to change storage disk type from Standard to Premium?

Yes. You need to stop the VM first.

32) How do I upgrade (or) downgrade IOPS & Throughput for a Standard storage disk type?

You will not have option to upgrade (or) downgrade IOPS & Throughput for a Standard SSD or
HDD disk type

33) Do I need to take downtime to extend OS disk (or) Data disk in Windows VM?

You can extend DATA disk in Windows servers while VM is up and running fine.

You need to STOP VM to extend OS disk.

34) Do I need to take downtime to upgrade IOPS & Throughput for disks?

No. You do not need to stop VM to upgrade IOPS and Throughput

35) Do I need downtime to add Network Interface to VM?

Yes. You need to stop the VM

36) Do I need downtime to Detach Network Interface from VM?

Yes. You need to stop the VM

37) Can I Detach NIC if the VM has only one NIC?

No. You cannot detach NIC if the VM has only one NIC. A VM should have at least one NIC card
attached to the same.

38) How many data disks I can add in a Virtual Machine?

The number of data disks that you add is based on your VM size.

39) User saying that his VM performance is poor. How to fix that issue?

A) Check VM size and its CPU cores & RAM

B) Accelerated networking is ON or OFF
C) Disk is premium or Standard
D) Check IOPS & Throughput
40) Change the availability set for a Windows VM?

A VM can only be added to an availability set when VM is created. To change the availability
set, you need to delete and then recreate the virtual machine.

41) I have OS disk type as “Premium “in my VM. Now while adding additional drive, Can I use
additional disk type as “Standard”?

Yes. You can use a combination of Standard and Premium disks.

42) Can I have more than one NIC attached to my VM?

A VM can have one or more network interfaces. When you create a virtual machine through the
portal, the portal creates a network interface with default settings and attaches it to the VM for
you.

43) What will happen exactly when you redeploy VM in Azure?

If you have been facing difficulties troubleshooting Remote Desktop (RDP) connection or
application access to Windows-based Azure virtual machine (VM), redeploying the VM may
help. When you redeploy a VM, Azure will shut down the VM, move the VM to a new node
within the Azure infrastructure, and then power it back on, retaining all your configuration
options and associated resources

44) I have one NIC attached to my VM. Now I need to detach the same from my VM. How do
you do it?

Each VM should have at least one NIC attached to it. You cannot detach NIC when you have
only one NIC attached to VM.

45) What is the default size of OS disk (C drive) in Azure Windows VM?
127 GB

46) The existing size of my disk is 193GB. But, I am using only 120 GB effectively out of 193GB.
I have decided to decrease the disk size from existing size to 120 GB. What is the procedure to
do the same?

The new size should be greater than the existing disk size. System will not allow you to decrease
disk size. You can only increase disk size.

47) What is the maximum capacity of OS disk size in Azure?

The maximum allowed is 4 TB for OS disks.

48) What is the maximum capacity of data disk size in Azure?

You can extend your data disk up to 32TB. Currently Azure backup supports disk sizes up to 32
TB disks.

49) What is the procedure to resize your VM (CPU cores & RAM)?

Stop the VM first, select desired VM size and then resize your VM. Once VM is resized
successfully, start the VM. Resizing means upgrading/downgrading RAM & CPU cores only.

50) What is Proximity placement group?

Proximity placement groups allow you to group Azure resources physically closer together in
the same data center. For example, I am placing all my PROD VMs in one PPG. So that all my
Prod VMs will be hosted in same Data center. So that there will not be latency issues.

PPGs can be used with stand-alone VMs, VMs in an Availability set or a Virtual Machine Scale
Set.

You need to stop existing VMs to move into PPG. Because VM will be redeployed potentially
into a different datacenter in the region to satisfy the colocation constraint.

51) What will happen if you use Dynamic IP address for a VM?

Suppose, you have provided dynamic IP address. Now if you restart your VM, IP address will be
changed automatically.

52) How to Rename the OS Disk for an Azure Virtual Machine?

Please follow below steps in Azure portal

A) Create a snapshot of the OS Disk.

B) Create a disk from the snapshot with the desired name
B) Swap the OS disk for the VM

NOTE: VM will be stopped once the disk is swapped. You need to take planned downtime
window to perform this activity.
53) Can we change the name of VM in Azure portal?

Virtual Machines in Azure have two separate names. Virtual machine name used as the azure
resource identifier, and in guest host name. When you create a VM in the portal, the same
name is used for both the VM name and host name. The virtual machine name cannot be
changed after the VM is created. You can change the host name when you log into the VM.
Once you change host name in OS level, it will reflect in Azure portal (VM name) as well.

54) Difference between Managed Disks and Unmanaged Disks

When we create a VM we can use managed or unmanaged disks. If you are using unmanaged
disks first you have to create a storage account to store the disks. In this we need to take care
of the IOPS limits for storage account and the other limitations applied to storage account.

But when we use managed disk we didn't want to create any storage accounts we can simply
create a disk and add it to a VM as LUN. Microsoft will take care of the underline storage
account.

55) What are the IP address types and allocation methods in Azure?

You can assign IP addresses to Azure resources to communicate with other Azure resources,
your on-premises network, and the Internet. There are two types of IP addresses you can use in
Azure:

Public IP addresses: Used for communication with the Internet, including Azure public-facing
services.

Private IP addresses: Used for communication within an Azure virtual network (VNet), and your
on-premises network, when you use a VPN gateway or ExpressRoute circuit to extend your
network to Azure.

Allocation methods are Static & Dynamic.

56) What is the use of enabling boot diagnostics?

Enabling boot diagnostics captures logs from the host running the virtual machine for
diagnostics by capturing the serial console output and screenshots of the virtual machine.

57) What is the use of enabling OS Guest diagnostics?

Gets metrics every minute for your VM.

58) What is OS Guest diagnostics storage Account?

Metrics are written to a storage account so you can analyze them with your own tools.

59) I have some private servers in my own data center, also I have distributed some of my
workload on the public cloud, and what is this architecture called?

Hybrid Cloud

Explanation: This type of architecture would be a hybrid cloud. Why? Because we are using
both, the public cloud, and on premises servers i.e the private cloud.

60) What are Azure Administrative roles?

1) Owner: Has full access to manage all resources, including the ability to assign roles to others.

2) Contributor: Can create and manage all Azure resource types but cannot grant access to
others

3) Reader: Can view existing Azure resources

61) What is Snapshot?

A snapshot is a full, read-only copy of a virtual hard disk (VHD). You can take snapshot of OS or
data disk to use as a backup.

62) What is an Image?

Image can be created from a generalized virtual machine (VM). The image can be used to
create multiple VMs.

63) Can I use my VM after creating Image from the same VM?

No. The VM is not useable. After you have run Sysprep on a VM, that VM is considered
generalized and cannot be restarted. The process of generalizing a VM is not reversible. If you
need to keep the original VM functioning, you should create a copy of the VM and generalize its
copy.

64) Can I create multiple VMs from one single Image?

Yes. You can create multiple VMs from one Image.

65) What is an Azure Virtual Network (VNet)?

Azure Virtual Network (VNet) is a representation of your own network in the cloud. It is a logical
isolation of the Azure cloud dedicated to your subscription.

When you create a VNet, your services and VMs within your VNet can communicate directly
and securely with each other in the cloud.

VNet is similar to a traditional network that you'd operate in your own data center

NOTE: You can switch your VM’s between subnets with in the same Virtual Network. But you
cannot switch VM’s to other VNet.

66) What is Subnet?

A subnet is a range of IP addresses in the VNet, you can divide a VNet into multiple subnets.

67) What is NSG?

A network security group (NSG) is a networking filter containing a list of security rules allowing
or denying network traffic to resources connected to VNets. These rules can manage both
inbound and outbound traffic.

NSGs can be associated to subnets and/or individual Network Interfaces attached to VMs. Each
NSG has the following properties regardless of where it is associated:

When a NSG is associated to a subnet, the rules apply to all resources connected to the subnet.
Traffic can be further restricted by also associating a NSG to a VM or NIC. NSGs that are
associated to subnets are said to be filtering packets flowing in and out of a subnet).
68) What are the default security rules of Network Security Group (NSG)?

1. By default, All the VMs deployed in Virtual Network, will communicate to each other.
Within VNET, all inbound & outbound traffic is allowed between VMs deployed in same
VNET.
2. All the VMs deployed in VNET, will have outbound access allowed. It means you can
access internet from VM by logging into the same.
3. All inbound access is blocked by default. If you want to access VM which are deployed in
VNET, you need to enable port and then access VM. For example RDP (3389), SSH (22).
69) How to resize a VM which is in availability set?

If the VM you wish to resize is part of an Availability set, then you must stop all VMs in the AS
before changing the size of any VM in the availability set.

The reason is that all running VMs in the availability set must be using the same physical
hardware cluster. Therefore, if a change of physical hardware cluster is required to change the
VM size then all VMs must be first stopped and then restarted one-by-one to a different
physical hardware clusters

IP Address Versions:
===================

1) IP Version4 - The entire world is currently using IP V4 only.

2) IP Version6 (IP V6 is NOT in use)

xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx ---- > Total 4*8 = 32 Bits ---- > IP V4 format.

xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx ---- > Total 6*8 = 48 Bits ---- > IP V6 format.

1) Question is “How many IPs will be available in this address space x.x.x.x/22 “?

Total number of bits in IPv4 is 32 - 22 = 10 = 2 to the power of 10 = 1024 IPs available in this address
space

2) How many IPs will be available in this subnet Range x.x.x.x/27?

Total number of bits in IPv4 is 32 - 27 = 5 = 2 to the power of 5 = 32 IPs available in x.x.x.x27 address
space

70) What is Serverless Computing?

Often the term serverless computing is misunderstood with a type of computing without
servers. In actuality, servers run in the background to handle all operations, but cloud providers
are responsible for managing, scaling up or down, and maintaining those servers.

Serverless computing provides inbuilt infrastructures and a runtime environment to develop

applications rapidly. It is the next-generation evolution of Platform as a Service. There is no
need to worry about infrastructure, scaling, management, and provisioning at all. You can
manage real-life applications also and pay for the resources you consume. Whenever the
application is in an idle state, you are not charged for it.

There is no need to worry about any sort of provisioning, purchasing, and managing backend
servers. It follows an architecture where vendors provide required backend services to
developers.
71) Is Azure AKS serverless?

Azure AKS is a serverless, fully managed Kubernetes service to deploy and manage
containerized applications. It offers elastic provisioning that eliminates the need to maintain
and provision servers.

72) What is an example of serverless computing?

Answer: Azure Functions.

Azure Function is a serverless offering where users pay for what they use. It directly optimizes
the cost. Users are only billed when the Azure function is running, not when the Azure Function
is in an idle state. Azure functions mean no other virtual machine is running to handle the
servers.

Users can use Azure Cosmos DB as it is a serverless database and for storing the data of their
serverless applications. Cosmos DB replicates the data across regions and provides the best
services to the users of the application. You pay for number of requests, Duration of requests,
Memory consumed.

LAB: Create a Function app in Azure portal.

73) What are azure management groups?

You organize subscriptions into containers called "management groups" and apply your
governance conditions to the management groups. All subscriptions within a management
group automatically inherit the conditions applied to the management group

74) What are Azure Compute Services?

a) Virtual Machines
b) VM Scale Sets
c) App services (Web apps)
d) Azure Container Instances (ACI) – Single instance, quickest way to deploy a container
e) Azure Container Apps – Easy to use like a web service, with advanced features
f) Azure Kubernetes Service (AKS) – runs on a cluster of servers, enterprise-grade
G) Azure Virtual Desktop (AVD)

75) What is Azure App Service?

Azure App Service is a Platform-as-a-Service (PaaS) offering from Microsoft Azure that allows
developers to quickly create, deploy and manage web, mobile and API apps. It provides a fully
managed, highly scalable, secure, and reliable cloud-based environment for creating and
running modern web, mobile, and API applications.

With App Service, developers can quickly create and deploy applications to the cloud without
having to worry about managing the underlying infrastructure. App Service also provides built-
in features such as auto-scaling, backup, security, and encryption, making it an ideal platform
for developing applications.

76) What is Dedicated Host in Azure?

Azure Dedicated Hosts allow you to provision and manage a physical server within our data
centers that are dedicated to your Azure subscription. A dedicated host gives you assurance
that only VMs from your subscription are on the host, flexibility to choose VMs from your
subscription that will be provisioned on the host, and the control of platform maintenance at
the level of the host.

77) What is Azure Spot Instance?

Azure spot VMs allow customers to purchase VMs from a pool of unused spare capacity at a
significantly lower price—up to 90% less—than pay-as-you-go.

a) Azure doesn’t offer any SLA for Spot VMs

b) Termination can occur with only a 30-second warning

78) Explain VMs vs Containers?

The traditional way a business operates is by applications running on the server. It would be like
one application on server (it can be Database, Web server or Email). Because the Operating
system didn't have the capability to run multiple applications securely on a single server. For
each application, they would have to buy a new server for it to run on. On top of that,
applications could not take full advantage of a server's capability. Modern servers are so
powerful often times, server is running only 10% of its capacity. So running one application on
one server turned out to be a waste of money. So to fix this problem engineers developed
Virtual Machines.

Virtual machines allows multiple applications to run on a single server by simulating hardware
& software. For example, if a company had 3 servers running one application each those 3
applications can be run on single server by simulating those 3 server and their applications by
creating 3 VMs. So now, this one Physical server running 3 VMs software based machines.
Running all of the different OS and also the applications such as Databases, web servers &
Emails. They are all running side by side on one machine
To build VMs, you start off with hardware such as a server and then on top of the hardware there is a
software called Hypervisor. Basically, Hypervisor allows one machine to run multiple VMs. Hypervisor
allocates and controls the sharing of a machine's hardware. Some common Hypervisors are VMWare
ESXi, Citrix Xen server and Microsoft Hyper-V. On top of the Hypervisors, are the Virtual machines.

Each VM has their own Operating system such as Windows, Linux. On top of the OS, applications will run
in each VM.
VMs solve problem of wasting money on new Physical servers. But VMs also has some drawbacks.
1) VMs consume lot of disk space.
2) Since each VM has it's own dedicated OS, consume lot of CPU & RAM from the server that
could be used for other processes.
3) VMs are slow to start up. Because since they have an entire OS which makes their file size
larger which is why they do take time to boot up
4) Each VM also requires license for each OS which cause even more money.

Now let us talk about containers.

Containers are similar to VMs but the major difference is that where VMs simulate an entire
machine, containers contain only application. Virtual machines virtualize hardware while
Containers virtualize OS

a) Container is an application that's been packaged with all the files, configurations,
Dependencies necessary for it to run which basically means that it is bundled with everything
that it needs to run on just about any computing environment without having to add anything
else to that computer. For example, if a developer create a website and they wanted to
distribute that website so it can be hosted on any other computer they can create a container
for that website by bundling with everything it takes for it to be hosted on another computer
such as libraries, HTML code, scripts, web images, web server software then that container
image can be distributed and hosted on just about any computer server without adding any
additional software or doing any configuration.

The leading software that is used to create, manage and run container is Docker. Docker can
run on Windows or Linux machines

Just like VMs to create Containers you start off with the hardware such as server and then on
top of hardware is an Operating system such as Linux. Now instead of Hypervisor, the
containers use container engine.

The Container engine unpacks the container files and hands them off to the Operating system
kernel.

VMs are slow to start up. Because since they have an entire OS which makes their file size larger
which is why they do take time to boot up BUT CONTAINERS Don’t.

The Containers share the underlying Operating system that is on the hardware (server).
Containers contain only application which makes their file size much smaller. This is the reason
Containers are considered light weight. While VMs take minutes to boot up Containers take
milliseconds. Also consume less RAM & CPU Power from server (hardware) than VMs
79) What are Container Disadvantages?

1) Containers must be packaged to work with the same Operating system of server. If the server
(Hardware) operating system is Linux then Container file must be Linux based. If Operating
system is Windows, Container must be Windows based but with Virtual machines this is not a
problem. A VM can run any Operating system it wants.
2) Since Container share the underlying Operating system, if the Operating system on the server crashes
then all the Containers will go down.
3) Some organizations use Containers inside Virtual machines utilizing maximum productivity.
4) Docker Containers are the future because of the size, speed & portability.
80) What is ARM template?

ARM template uses JavaScript Object Notation (JSON) script to provision resources in Azure
portal. Instead of using GUI in Azure portal, you will be using JSON script to deploy resources in
Resource Group (RG).

81) What are Resource Manager Locks?

You can apply locks at resource group (RG) level. So that NO one can delete resources
accidently in Azure portal. Locks are used for prevention of accidental deletion.

82) What are the 2 types of Locks?

A) Read-Only locks, which prevent any changes to the resource.

B) Delete locks, which prevent deletion

83) Who can delete locks?

Only Owner and User Access Administrator roles can create or delete management locks.

84) What is Compute Cost & Storage Cost?

Compute costs (CPU Cores & RAM) - You will not be charged for compute capacity if you stop
and deallocate the VM since this releases CPU cores and RAM.

The cost for a VM includes the charge for the Windows operating system.

Storage costs - You are charged separately for the storage (disks) that is being used by VM.
Even if the VM is stopped/deallocated, you will be charged for the storage used by the disks.

85) What is Reserved Virtual Machine Instances?

The Reserved Virtual Machine Instances (RI) option is an advance purchase of a virtual machine
for one or three years in a specified region. The commitment is made up front, and in return,
you get up to 72% price savings compared to pay-as-you-go pricing. RIs are flexible and can
easily be exchanged or returned for an early termination fee. Prefer this option if the VM has to
run continuously, or you need budget predictability, and you can commit to using the VM for at
least a year.

86) Does Azure support 32 bit OS?

Azure only supports 64-bit operating systems.

87) Is it possible to upgrade Windows OS?

Microsoft does not support an in-place upgrade of the Windows operating system of a
Microsoft Azure virtual machine.

88) Is it possible to upgrade Linux OS?

Linux (SUSE Linux & Red Hat Linux) supports an upgrade of the operating system of a Microsoft
Azure virtual machine.

89) What are Service Level Agreements for AS & AZ?

 For all Virtual Machines that have two or more instances deployed across two or more
Availability Zones in the same Azure region, we guarantee you will have Virtual Machine
Connectivity to at least one instance at least 99.99% of the time.

 For all Virtual Machines that have two or more instances deployed in the same Availability
Set, we guarantee you will have Virtual Machine Connectivity to at least one instance at
least 99.95% of the time.

 For any Single Instance Virtual Machine using premium storage for all Operating System
Disks and Data Disks, we guarantee you will have Virtual Machine Connectivity of at least
99.9%.

Update Domains and Fault Domains helps Azure maintain high availability and fault tolerance
when deploying and upgrading applications. Each virtual machine in an availability set is placed
in one update domain and two fault domains.

90) Does placing your virtual machines into an availability set protect your application from
OS failures?

Placing your virtual machines into an availability set does not protect your application from
operating system or application-specific failures. For that, you need to review other disaster
recovery and backup techniques.

NOTE: This is a tricky question to understand difference between AS and Backup.

91) What is VM Scale Sets (VMSS)?

Virtual machine scale sets (VMSS) are an Azure Compute resource you can use to deploy and
manage a set of identical VMs.
With all VMs configured the same, VM scale sets are designed to support true auto-scale – no
pre-provisioning of VMs is required.

So, as demand goes up more virtual machine instances can be added, and as demand goes down
virtual machines instances can be removed. The process can be manual or automated or a
combination of both.

Scale sets works in a way that provides many benefits.

 All VM instances are created from the same base OS image and configuration. This
approach lets you easily manage hundreds of VMs without additional configuration tasks or
network management.
 Scale sets support the use of the Azure load balancer for basic layer-4 traffic distribution,
and Azure Application Gateway for more advanced layer-7 traffic distribution and SSL
termination.
 Scale sets are used to run multiple instances of your application. If one of these VM
instances has a problem, customers continue to access your application through one of the
other VM instances with minimal interruption.
 Customer demand for your application may change throughout the day or week. To match
customer demand, scale sets can automatically increase the number of VM instances as
application demand increases, then reduce the number of VM instances as demand
decreases. This is known as autoscale.
 Scale sets support up to 1,000 VM instances. If you create and upload your own custom VM
images, the limit is 300 VM instances.

92) What is auto scale?

Auto scale minimizes the number of unnecessary VM instances that run your application when
demand is low, while customers continue to receive an acceptable level of performance as
demand grows and additional VM instances are automatically added.
93) What is vertical scaling and what is horizontal scaling?

If your application is hosted on 1 server, horizontal scaling means hosting it on 3

identical servers. It means adding additional servers to the application.

Vertical scaling means upgrading CPU cores & RAM on the same VM

94) What are the major issues you have faced in your experience?

Detailed description of the issue 1:

One of my Windows VM is keep on rebooting on its own post installing OS

security patches on the same. I have logged into Azure portal, checked under
Resource health and I can see that VM is rebooted multiple times. On an average
VM is rebooting every 3 hours.

Solution:
McAfee antivirus is running on my VM (you can find installed soft wares under
“Control panel” in Windows servers). After downloading memory dump file from
the server, found that a very old driver: mfeavfk.sys, which is a McAfee filter, is
responsible for this bug.

We have gone to Control panel and uninstalled McAfee software completely from
the server. After that issue has been resolved. We have worked with Security
team to uninstall McAfee antivirus completely from VM.

NOTE: Follow below steps to configure “Complete Memory Dump “in Windows
VM
1. Configure the dump type in a computer with Windows operating system.

2. Log on as a user with administrator privileges from the Windows VM and complete the
following procedure:

1. Click Start, right-click Computer, and then click Properties.

2. Click Advanced system settings on the System page, and then click the Advanced tab.

3. Click Settings in the Startup and Recovery area, and then ensure that you
select Complete memory dump in the Write Debugging information section.

Detailed description of the issue 2:

We got a restore request to restore entire VM (VM name: ssdlap01) using

snapshot backup. It was Production VM and critical SAP application is running on
the same. The Source VM is up and running in the Azure portal. This restore was
performed by one of our Lead consultant (like team lead). After restoration of
Source VM using snapshot backup, my source VM dis joined from Domain and it
caused P1 issue where SAP team was not able to access application.

Existing VM (or) Source VM: test-mgmt

Newly Restored VM: Test-mgmt-Restore-VM

Solution:
Remember, it is always recommended to stop Source VM and then restore
recovery point from Source VM. Once restore is completed successfully, login to
your new VM which is up and running after restore (You must have given new VM
name while restoring source VM), change hostname immediately at OS level and
reboot server. After that only, you can start your Source VM.

The source VM & newly restored VM have SAME HOSTNAME AT OS LEVEL. That is
the reason, my Source VM disjoined from Domain. We have logged a case with
Microsoft and we got above solution from Microsoft only.

95) How to troubleshoot snapshot backup failures for a Windows VM?

Step 1: Check Azure VM health
 Ensure Azure VM provisioning state is 'Running': If the VM provisioning
state is in the Stopped/Deallocated/Updating state, then it will interfere
with the backup operation. Open Azure portal > VM > Overview > and check
the VM status to ensure it's Running and retry the backup operation.
 Review pending OS updates or reboots: Ensure there are no pending OS
update or pending reboots on the VM.

Step 2: Check Azure VM Guest Agent service health

 Ensure Azure VM Guest Agent service is started and up-to-date:
o On a Windows VM:
o Navigate to services.msc and ensure Windows Azure VM Guest
Agent service is up and running. Restart Windows Azure VM Guest
Agent service service

96) What are your Day to Day activities once you logged in (or) what are your
roles and responsibilities as an Azure admin?

A) We are using office 365 for Outlook. We need to acknowledge all the Emails
received from SAP Basis team & Customer in my shift.

B) We are using Cherwell ticketing tool in my project. We need to monitor and

work on tickets received in my shift. There will be Response SLA and Resolution
SLA for each ticket (Service Request / Incident / Change Request) received in
Cherwell tool.
Example of Service Request = Provision a new VM, Add additional disk space,
increase VM size, Provision storage account, etc

Example of Incident = anything which is not working is considered as Incident (for

example, VM is down, not able to RDP, snapshot backup failure, etc.)

Example of Change Request = we need to raise Change request (CR) in Cherwell to

perform Patching Activity on servers.

C) We are using Microsoft Teams app in our project. We have to be available

online in Teams throughout my shift.

D) Check and work on Snapshot backup failures if there are any. However, we
have configured alerts for snapshot backup failures. We will receive backup
failure alert to our Email ID.

E) Once in a while we will receive VM provisioning request, to add additional

space to the disks, to add additional CPU cores and RAM from SAP Basis Team.

F) Windows Patching is scheduled every quarter (Every 3 moths) in our project.

So we have to collaborate with SAP Basis team and prepare maintenance plan and
share with customer for downtime approval. Once customer is OK with date and
time then we will raise Change Request (CR) and submit the same for approval
from customer.

G) Troubleshoot if there are any issues with VMs like not booting up, not able to
RDP etc.

97) Provisioning Windows Virtual Machine in Real time?

A) You will be getting VM provisioning request from SAP Basis team in real time.
They have to provide us the following details.

>Is this Sandbox VM (or) DEV VM (or) Quality VM (or) Production VM?

>How many CPU cores & RAM is needed for this new VM.

>How many Data disks they need in this VM. What is the size of each Data disk
required?
>Are you going to install Application or Database in this server or both in one
server?

After getting above details from SAP Basis team, we will provide VM name as per
naming standards defined in our project.

B) In our project, all the VMs are running with CST time zone. So we have to
change time zone to CST at OS level before handing over VM to SAP Basis team.

C) We have to add newly provisioned VM hostname & IP address of the VM into

DNS A Records. So that you can login to VM using hostname as well. In our
project, this task is taken care by our SME.

D) Login to VM and add the same into our domain. So that you can login to VM
using domain login credentials (For example, UN: JGI\vnuvvala-admin)

98) Explain your environment (or) explain your Project scope of support?

A) We have total 42 servers in my project. SAP Application & MS SQL Database is

running on those servers. SAP Applications like Gateway (GW), SAP Router, Cloud
Connector, Print servers, Redwood etc.
Sandbox VMs = 7
Development VMs = 7
Quality VMs = 13
Production VMs = 15
B) We are taking snapshot backup of all the VMs in Azure portal. Also, we are
taking SQL DB backup of Database servers in Azure portal.

C) All my resources are deployed in EAST US location.

D) Snapshot backups are scheduled to run Daily and Retention period is 30 days
for snapshot backups (or) VM level backups. SQL DB backups are taken care by
our lead for now.

E) End to end networking is taken care from customer side. They have dedicated
team to handle networking components like Firewalls, NSG etc.
F)We will take care of Compute (VM provisioning requests, Troubleshooting any
VM level issues like Not able to RDP or VM is not booting up etc. .), Storage, Azure
Backup, Update management for quarterly patching.

G) We are using Windows 2016 OS in all the Windows VMs. All the VMs are
provisioned from Azure marketplace.

H) We are using Data dog for monitoring purpose in our project. We have
dedicated Monitoring team who is taking care of Data dog configuration &
Implementation only. We will receive alerts if CPU Utilization goes above 80%,
Memory Utilization goes above 80%, if disk is 90% FULL, if server is down or if
server is not responding etc.

>If CPU utilization (or) Memory utilization goes above 80%, then login to that
particular VM and check which process is consuming more CPU (or) RAM? Inform
SAP team to take care of the same.
>If SAP application related process is consuming more CPU and RAM inform to
SAP Basis team to look into it.
>If SQL Database related process are taking more CPU & RAM, then inform SQL
Database admin to look into the same.

99) How do you connect to Windows VMs in your project or environment?

First, we will login to Citrix workspace using https link provided by customer. Once
we are logged into Citrix using our admin credentials, then we will be able to RDP
our Windows VMs directly from Citrix. In our Project Citrix maintenance will be
taken care from customer end.

100) How do you install updates (or) Patches in a Windows VM manually?

Login to Azure Windows VM and go to “Windows update “.

There you will be able to find if there are any updates or patches pending for
installation. Once you click on “Check for updates “, the same will be installed and
you will get prompt to reboot VM. You need to reboot (or) restart VM post
installing updates or patches.
101) Can we configure NSG rules (Inbound or Outbound) using server name (or)
Hostname?

No. We cannot use server name in NSG Inbound or Outbound rules. Mostly, we
use IP address to configure NSG rules.
102)What are the Azure Monitor capabilities?

Azure Monitor provides three main capabilities: monitor and visualize metrics, query and
analyze logs, and finally, set up alerts and actions.

All data collected by Azure Monitor fits into one of the two fundamental types: metrics and
logs.

For many Azure resources, the data collected by Azure Monitor is displayed on the overview
page in the Azure Portal.

The log data collected by Azure Monitor is stored into a service offering called Log Analytics.

You can run that rich query language (KUSTO) to quickly retrieve, consolidate, and analyze the
collected data

103)What is the difference between Azure Monitor and Log Analytics?

Azure Monitor is designed to be the single place for monitoring all your Azure IaaS and PaaS
services, along with your own applications

Log Analytics is a service within Azure Monitor. It’s a bit like the relationship of Office to Word,
Excel etc... Monitor is the brand, and Log Analytics is one of the solutions.
Azure Monitor log data is still stored in a Log Analytics workspace and is still collected and
analyzed by the same Log Analytics service, but we are changing the term Log Analytics in many
places to Azure Monitor logs.

104)What is Azure Network Watcher?

Network Watcher enables you to monitor and repair the network health of IaaS products like
virtual machines (VMs), virtual networks (VNets), application gateways, load balancers, etc.
Network Watcher isn't designed or intended for PaaS monitoring or Web analytics.

Network Watcher offers seven network diagnostic tools that help troubleshoot and diagnose
network issues:

1)Connection Monitor:

Helps us to monitor communication between two end points (in this case 2 VMs). We will get
constant data triggers between these 2 devices.

2)Topology:

The topology under the Network Watcher helps you generate a visual diagram of all the
resources you have in that resource group. You can filter the resource group by clicking on the
resource group section here and then identifying the network for which you want to generate
the topology.

3)IP flow verify:

IP flow verify allows you to detect traffic filtering issues at a virtual machine level. It checks if a
packet is allowed or denied to or from an IP address (IPv4 or IPv6 address). It also tells you
which security rule allowed or denied the traffic.

4)Next hop:

The purpose of Next hop is to determine if the traffic is being directed to the intended
destination by showing the next hop. This will help determine if the network routing is correctly
configured.

5)Connection troubleshoot:

Connection troubleshoot enables you to troubleshoot network performance and connectivity

issues in Azure. You can check the connectivity between the source virtual machine and
destination virtual machine, or it could be an FQDN, or an IP address.

Packet capture
VPN troubleshoot
NSG diagnostics
Effective security rules

105)What is Azure Storage Sync Service (Azure File sync agent)?

File Sync, which lets you synchronize multiple File Servers and keep them under one single File
Share in Azure.

Now, every time our users copy something to this particular File Share, it will be automatically
synchronized to the File Share in our Storage Account.

106)What is Azure Import / Export service (Azure Data Box)?

If your organization has volumes and volumes of data on your premise and you would like to
move such workloads to Azure Blob storage, then it's not advisable to use internet as a means
to transport such volumes of data. It is important to ship such data using a secure and a reliable
mechanism.

Azure Import/Export service is used to securely import large amounts of data to Azure Blob
storage and azure files by shipping disk drives to an Azure data center. With this service, we can
also transfer data from Azure Blobs to disk drives and then ship it back to your on-premises
data centers. You would consider an Azure Import/Export service when using internet to
download or upload the data is too slow or your network provider charges you based on upload
and downloads. Another scenario where you would find this useful would be when you would
like to migrate data to the cloud. Moving large amounts of data to Azure quickly and cost
effectively can be easily done through this service.

107)What is Azure Baston Host?

Azure Bastion is a fully managed service that provides more secure and seamless Remote
Desktop Protocol (RDP) and Secure Shell Protocol (SSH) access to virtual machines (VMs)
without any exposure through public IP addresses. You can RDP or SSH your VMs from internet
without Public IPs assigned to it.

You cannot deploy any resources to Baston subnet. In order to use Baston service, you need to
create a Baston subnet first.

108) What is Initiative definition?

Initiative definition is a collection of policies. So, if you really want to create a complex, single
unified policy for your organization, you'll create an initiative definition.
So, you can create multiple policies under a single initiative definition. So, I'm just adding all of
these policies that are there, or at least the ones that are required for my organization. And
that means that I will have the selected policies under a single unified initiative definition.

109)How do you design Availability Set design?

A) For redundancy, configure multiple VMs in an AS.

B) Configure each application tier into separate Availability Sets.
C)Combine a Load Balancer with Availability Sets.

110)How do you secure the storage account?

Azure Storage provides a comprehensive set of security capabilities

A) Encryption:

Everything that you write in Azure Storage is automatically encrypted using storage service
encryption. Also called SSE. By default, SSE is enabled and cannot be disabled.

B) You can authenticate your storage account against Azure Active Directory and rule-based
access controls.

C)Disk encryption:

SSE with PMK is server-side encryption with a platform-managed key. This is enabled by default
on all managed disks. SSE with CMK is server-side encryption with customer managed key. Data
in Azure managed disks is encrypted using 256-bit AES encryption.

D)Shared access signatures are used for delegating access to the data objects in Azure Storage,
and they can then be granted to use shared access signatures.

111)What is customer managed keys?

Customer managed keys are used if you would like to use and manage your own encryption
keys instead of having Microsoft manage it for you.

You can go through the key vault, create your own encryption keys, store them in the key vault,
and then use them to encrypt the storage account.

112) What is High Availability?

The ability of a system to remain operational to users during planned or unplanned outages.

a) Availability Set
b) Availability Zone
113)What is Azure DNS?

DNS stands for Domain Name System. It is used to resolve Domain names into IP addresses.

For example, you have Microsoft.com. When you type Microsoft.com into a browser, the DNS is
going to look up what’s the IP address associated with Microsoft.com, return that back and
then your computer is going to use the IP address to connect to the server.

Now there is a private DNS inside of Azure and that allows you to give your Private IP address
names. So, DNS only applies internally to Azure.

If you are going to assign a name to IP address using Azure DNS, it is not going to work outside
of Azure.

114) What are the services in Azure to drive Governance and Compliance?

115) What is Azure Policy?

Create rules for some or all your Azure resources and resource groups.

Allowed Storage account SKUs

Allowed deployment locations
Allowed VM SKUs
Automatically apply tagging
116) What is Azure Arc?

Azure Arc allows you to manage Virtual machines and Physical servers and containers outside of Azure
as if they were Azure VM servers and containers.

You can manage both Windows and Linux, physical servers and virtual machines that are running
outside of Azure using Azure Arc. Install Azure VM extensions on Non-Azure Windows and Linux VMs.

117) What is Azure Advisor?

An Advisor is a digital cloud assistant that helps you follow best practices to optimize your Azure
deployments. It analyzes your resource configuration and usage telemetry and then recommends
solutions that can help you improve the cost effectiveness, performance, reliability, and security of your
Azure resources.

118) What are public and private endpoints?

Public endpoints, which have a public IP address and can be accessed from anywhere in the world.

Private endpoints, which exist within a virtual network and have a private IP address from within the
address space of that virtual network.

Public and private endpoints exist on the Azure storage account.

Whenever you create a resource in Azure, it has different implications when it comes to who can access
it and how.

For example, when you create a storage account, you can see here the default selection is to enable
public access from all networks. This includes the Internet.

Now, again, this doesn't mean that any one on the Internet has access to the contents of your storage
account. You still need an access key or authentication in order to be able to get into it.

The third option is what's called private endpoints. And so you can just disable all access, and then you
would have to create what's called a private endpoint that would then allow private connections to this
resource. And so you basically have to, for anyone who needs to access this storage account, you do
need to create a private endpoint and a private link on the other side in order for that connection to
happen. It's basically direct one-to-one routing as opposed to open for anyone with the access key.
Now, this does not just apply to storage accounts.

Endpoint configurations

You can configure your endpoints to restrict network access to your storage account. There are two
approaches to restricting access to a storage account to a virtual network:
  Create one or more private endpoints for the storage account and restrict all access to the
public endpoint. This ensures that only traffic originating from within the desired virtual
networks can access the Azure file shares within the storage account. See Private Link cost.

 Restrict the public endpoint to one or more virtual networks . This works by using a capability of
the virtual network called service endpoints. When you restrict the traffic to a storage account
via a service endpoint, you're still accessing the storage account via the public IP address, but
access is only possible from the locations you specify in your configuration.

119) What are Azure shared disks?

Azure shared disks is a feature for Azure managed disks that allow you to attach a managed disk to
multiple virtual machines (VMs) simultaneously. Attaching a managed disk to multiple VMs allows you to
either deploy new or migrate existing clustered applications to Azure.

Shared disks require a cluster manager, like Windows Server Failover Cluster (WSFC), or Pacemaker, that
handles cluster node communication and write locking. Shared managed disks don't natively offer a fully
managed file system that can be accessed using SMB/NFS.

120) What is on-demand bursting?

Allows this disk to burst beyond original provisioned target up to 30,000 IOPS and 1,000 Mbps. Premium
solid-state drives (SSD) have two available bursting models: credit-based bursting and on-demand
bursting.

Before you enable on-demand bursting, understand the following:

 On-demand bursting cannot be enabled on a premium SSD that has less than or equal to 512
GiB. Premium SSDs less than or equal to 512 GiB will always use credit-based bursting.

 On-demand bursting is only supported on premium SSDs. If a premium SSD with on-demand
bursting enabled is switched to another disk type, then disk bursting is disabled.

 On-demand bursting doesn't automatically disable itself when the performance tier is changed.
If you want to change your performance tier but do not want to keep disk bursting, you must
disable it.

 On-demand bursting can only be enabled when the disk is detached from a VM or when the VM
is stopped. On-demand bursting can be disabled 12 hours after it has been enabled.