Notes and Slides from Azure Fundamentals – Day 1


Day 1 – Azure Fundamentals

This is a two-part series of posts. 

The first day covered Modules 1 & 2, and the second day, Modules 3 & 4.

clip_image001[4]

clip_image003[4]

https://aka.ms/azfunpath

Module 1

  • Compute, Storage, TCO, HA – shared responsibility, scale, elasticity, fault tolerance (MS manages)
  • DR, Global, Latency, economies of scale, competition in cloud drops prices
  • No up front costs. OpEx over CapEX

clip_image005[4]

clip_image007[4]

clip_image009[4]

clip_image011[4]

· Pizza as a service

Module 2

clip_image013[4]

clip_image015[4]

  • Geographies -> Regions (collection of DCs) -> Separate Facilities

clip_image017[4]

· Not all regions are equal

clip_image019[3]

clip_image021[3]

· Zones and Sets are only for VMs – fault & update tolerant – are free (locks VMs into a region)

clip_image023[3]

· Defined when created. Can not be set after creation.

· Scale/availability sets handle availability

clip_image025[3]

· Pick Zone (newer regions) or Set

· How to pick Set or Zone? Set vs Zone:

clip_image027[3]

· Region Pairs = Region durability

· Single VM

· SLA = 99.9% for premium VM

· Managed Storage

· Zones/Sets – fault tolerance; helps to partition updates/outages

· Azure: Create a resource group first – metadata container

· Resources can only belong to ONE resource group

· Security set at Resource Group level (Role Based)

· Resource group can be multi-regional

clip_image029[3]

· Resource groups are not backed up

· Deleted resource groups are non-recoverable

clip_image031[3]

Tenant vs Subscription

· Tenant = identity/authentication

· Policy/RBAC/security can be applied to different levels

Azure Portal

clip_image033[3]

· Integrated help within context menus; search box

· Can “pin” favourite resources

· No SLA on non-General Availability services

· Pick a VM you can resize

· Are predictive costs easier with managed disks? Generally, yes.

clip_image035[3]

· Subnet /24 == 255.255.255.0

clip_image037[5]

· You may give a VM an identity (for resource access):

clip_image037[6]

· VMs feature auto-shutdown feature

· Can tag VMs for reporting

clip_image039[3]

· Can download a VM creation template

clip_image040[3]

clip_image041[3]

clip_image043[3]

· Containers – portable, cross-platform, host anywhere

clip_image045[3]

· Kubernetes = Captain (loose translation from ancient Greek)

clip_image047[3]

CDN & Peering

VLAN to VLAN

clip_image049[3]

· Public Internet routing until ExpressRoute

· ExpressRoute, private network

· Metered to Unmetered, 1M to 10M

· Needs a provider who drops your fiber into your environment

Data

clip_image051[3]

· IaaS storage vs PaaS storage

· IaaS: disk, SMB service (FILES)

clip_image053[3]

clip_image055[3]

Storage account name must be globally unique

Replication – egress traffic charges apply

clip_image057[3]

clip_image058[3]

clip_image059[3]

clip_image060[3]

clip_image062[3]

· Endpoints must be universally unique

clip_image064[3]

clip_image066[3]

Apps & Services

clip_image068[3]

clip_image070[3]

clip_image072[3]

clip_image074[3]

clip_image076[3]

· Functions: Normally triggered by an event (a point comes in/goes out)

· Logic App: provides logic

· Event grid – orchestration (1 in, multi-out)

MS DevOps

clip_image077[3]

clip_image079[3]

Management Tools

clip_image081[3]

ARM templates

clip_image082[3]

· Cloud (Power) Shell

clip_image084[3]

· Every CLI command starts with “az”

clip_image085[3]

Questions & Answers

These questions were asked and answered during the training.

How many regions are available?

Over 60, please see https://azure.microsoft.com/en-us/global-infrastructure/geographies/

In terms of security and data redundancy, which service the best you would prefer ?

We have a lot of services to cater to specific requirements. Please see https://docs.microsoft.com/en-us/azure/security/fundamentals/overview for an introduction to our security services and https://docs.microsoft.com/en-us/azure/storage/common/geo-redundant-design for data redundancy.

Can you please elaborate on availability zone?

Each availability zone is an isolation boundary containing one or more datacenters equipped with independent power, cooling, and networking. If one availability zone goes down, the other continues working. The availability zones are typically connected to each other through very fast, private fiber-optic networks. Availability zones allow customers to run mission-critical applications with high availability and low-latency replication. Availability zones are offered as a service within Azure, and to ensure resiliency, there’s a minimum of three separate zones in all enabled regions.

Pair regions sync automatically?

Yes correct although they do it asynchronously.

Can you migrate vns direct from AWS instances or AMI?

You’ll need to check if that is a supported service in Azure first: https://docs.microsoft.com/en-us/azure/architecture/aws-professional/services/

Does it mean, you can’t have just 1 region in a geography, there always have to be 2?

Not necessarily, although most of our geography have at least 2 so that we can set up paired regions.

Can you please give examples for mission-critical applications?

For example, a point-of-sales system for a retailer. If that goes down, their entire line of business operations cannot function until the service is brought back online again.

What were the name of places included n geographies slide?

You can find all the geographies from https://azure.microsoft.com/en-us/global-infrastructure/geographies/.

A little unrelated, but I’m curious the power and reliability differences between the Proj Natick underwater DC vs a “standard” DC on land…?

Powered by renewable energy sources, you can find out more on https://natick.research.microsoft.com/.

Are any of Azure’s data centers fully or partially solar powered?

Check out: https://blogs.microsoft.com/on-the-issues/2019/07/30/building-world-class-sustainable-datacenters-and-investing-in-solar-power-in-arizona/

What is physical container?

Like one of those shipping containers used to ship containers across seas for imports/exports of goods for a country.

Are there by default 3 zones for every region and also zone contains two or more data centers?

No, availability zones are not yet available to all regions yet.

How many zone power/network or any kind of zone level outage has happened in the past 3 years?

You can find this info from https://status.azure.com/en-us/status/history/.

How do these zones compare to the ‘Availability Zone’ you choose to deploy a single non-HA VM?

When you choose to deploy a single VM, if at any point in time the physical server or rack or even datacentre that VM runs in experiences some sort of failure or outage, you might lose your VM or your services will be down temporarily. This is why provisioning your services to ensure they are highly available is important and in Azure for IaaS, you can choose between using availability sets or availability zones for high availability of your services.

I am still confused between zone and sets, could you please explain again?

Availability zone is up to 3 physically separated data centers within a region which means power, cooling, and network are separated which means if one zone has a hardware outage, the other zones will continue to run. Availability set is a group of 2 more Virtual Machine instances that are stored on separate physical hardware (e.g. a different server or rack) in the same data center.

Why would some prefer sets over zones given the benefits zones have

Because availability zones are not available to all Azure regions.

Can you tell about the latency off use different region could impact the performance for end user?

If you deploy your services in a region further away from your users, there is a longer distance between your applications and your users so any request, data, traffic will take more time to make those round-trips hence there would be more latency in terms of response from your applications, etc.

Can I use both Availability Zones and Availability Sets?

You can only select one of those two

Availability Sets are always in the same Availability Zone?

Yes, an AS is always scoped to a single zone (datacentre).

Where can I find the pizza model of PaaS, IaaS and SaaS?

https://da-14.com/assets/sites/default/files/projects/cloud5.jpg

What is the advantage of Availability Sets?

To enable you to provision highly available virtual machine services on Azure.

Is there anywhere in Microsoft learn that would help you with Azure in terms of setting up your DR?

Try: https://docs.microsoft.com/en-us/azure/architecture/framework/resiliency/backup-and-recovery

So if we have a single VM and there is an update, Azure will choose a temp server until the update is done?

Usually before maintenance is done, Azure will migrate your workloads to another working server however in the case that something goes wrong, if you only have one running instance, you run the risk of losing that instance or having your services go down momentarily so you should always provision your services using availability set or availability zones.

Availability Zones has better SLA, and seems better than Availability Sets on every perspective. So what’s the point to choose Availability Sets?

When availability zones are not available for the region you have picked.

The DR is selected by the consumer or allocated by Azure if IaaS is chosen?

Typically, you choose which DR region you want to use unless you opt for region pairs which has already been set up by Microsoft so you can’t customize the DR pairs.

When I select an azure service, do I need to select only region and zone. and sets are selected by Azure for us?

This only applies to Azure virtual machines, for other services typically you would just choose a region to deploy that service to.

Is this video/slides available to us, as a refresher?

Unfortunately, no, however you can refer to aka.ms/azfunpath to refresh your knowledge and continue your learning

Do we need to delete the VM’s also – before actually deleting the RG?

If you don’t have any locks or dependencies you can just delete the RG which will delete all the resources inside the RG.

What is tenant with respect to subscription?

A tenant is an instance of Azure AD which represents an organization under which Azure accounts that map to users in that organization fall under.

What’s the different between APP services and Function App?

A full-blown application vs. running a small piece of custom code on-demand,

Will creating a VM by default be created in a private VNET or my subscription.

A VNET will be set up by default when you create a VM. You need to pick the subscription to deploy these resources to.

Can we resize the machine without stopping or pausing the VM?

Not exactly, your VM might get rebooted when you change its size.

If I upload “my” image VM into Azure, how is the operational pricing of that determined (given I could tweak it at any time )

You are charged based on the VM size you pick: https://docs.microsoft.com/en-us/azure/virtual-machines/sizes-general.

What format do you need to upload the image as for your custom vm image ?

There are a couple of tutorials and guides on Microsoft Docs, this one shows you how to create your own custom images for Azure VM using Azure CLI: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-custom-images

Can you secure a VM’s admin credentials with/to use MFA through the portal?

Using Azure AD to authenticate to your Azure VMs is currently in preview, check it out at https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows.

Is there a method to use RDP via the portal without opening 3389?

Yes, check out Azure Bastion: https://azure.microsoft.com/en-us/services/azure-bastion/

What format do you need to upload the image as for your custom vm image ?

There are a couple of tutorials and guides on Microsoft Docs, this one shows you how to create your own custom images for Azure VM using Azure CLI: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-custom-images

Can I force a VM to be created in a private VNET and not use default VNET that is created. For example create a VM in my own private VNET in my company’s private VNET thus ensuring private confidential data is stored in that VM.

You can create a virtual network in Azure that maps to the one similar to your on-premises network and then you can choose that vnet to deploy your VMs to.

How to create vm and join company domain

You’ll need to have the Azure VM communicate back down to your on-premises: https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/identity/.

Can I create VM environment for learning and practice purpose free of charge

Yes, you can always create a free Azure account.

Could you please point me to the link for the documentation available on creating the Bastion service that was just mentioned?

Try: https://docs.microsoft.com/en-us/azure/bastion/tutorial-create-host-portal

Different types/series of VMs?

The full series: https://azure.microsoft.com/en-us/pricing/details/virtual-machines/series/

What is the use case of Containers?

Makes your applications and data workloads much more lightweight and portal than traditional VMs. Also containers allows you to run some traditionally large services on edge devices.

I would like to see that vm vs container picture

https://www.docker.com/sites/default/files/d8/2018-11/docker-containerized-and-vm-transparent-bg.png

Container? docker?

You might find this explanation handy: https://www.docker.com/resources/what-container.

What is containers runtime?

The container engine e.g. Docker: https://www.docker.com/products/container-runtime

Difference between Azure Traffic Manager, Application Gateway and Load Balancer?

Traffic Manager is a DNS-based load balancer, Application Gateway is a L7 load balancer and Azure LB is a L4 load balancer.

On the Azure portal, there is SQL database and Azure SQL, what are the differences?

They are all variations of SQL in Azure. Azure SQL DB services can be categorized into IaaS (SQL server on Azure VM) to PaaS (SQL managed instances and Azure SQL DB elastic pool or Azure SQL DB single instance).

can we have 2 VMs in two different zones?

If availability zones are supported, yes.

site-to-site vs express connection?

Site-to-site VPN gateway refers to connecting on-premises environment to Azure over a public channel. ExpressRoute is a dedicated fibre that hooks your on-premises datacentre into one of Azure’s datacentres.

SMB = Files

Yes, a protocol used predominantly for file shares

Site-to-site and Express connection hence only apply to a Hybrid cloud model?

Typically yes, if you want to employ a hybrid cloud deployment, you’ll need to connect your on-premise/private cloud environment to Azure using one of those options.

are storage tiers the same as data categories?

Not quite, this overview might help clarify: https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview.

LRS vs ZRS, what was the key difference?

Locally-redundant: 3 copies of your blobs will be replicated within the same zone/datacentre. Zone-redundant: 3 copies of your blobs are replicated and distributed across the 3 different zones within a region.

Difference between data lake, data factory and data warehouse?

Data lake: a storage service for large amounts of unstructured data. Data factory: a data ingestion and integration service that allows you to build data pipelines. Data warehouse (which is called Azure Synapse Analytics): this is where large amounts of processed data can be landed into where data analytics queries can be performed on top of. W\If you are keen, we have an Azure Data Fundamentals training day coming out soon so keep an eye out on Azure events and webinars

Can Azure be used for training Deep Learning algorithms?

Yes, check out Azure Machine Learning: https://azure.microsoft.com/en-us/services/machine-learning/

Is DevTest Labs the cloud equivalent of Release Management?

Somewhat, you’d most likely spin up VMs to host various environments (i.e dev, staging, prod) which can handle the requirements of your application. Using DevTest labs can be used as a dev environment, but it can also be used to be spun up try new ideas. This depends on your specific requirements when you do release management.

Could you quantify Big data pls. does 4 GB consider a large dataset, can I use datawarehouse for 4 gb data

There is no limit to big data. Big data generally refers to data that comes in high volumes, high velocity, high variety, high variability and high veracity.

Is there a website listing all these services / modules on Azure and a description on what they do?

See: https://azure.microsoft.com/en-us/services/

Is Cloud Shell just a browser-available way to access the CLI?

You can install Azure CLI to your local command line utility: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli

Is there a practice exam we can attempt?

https://us.mindhub.com/p/MU-AZ-900?utm_source=microsoft&utm_medium=certpage&utm_campaign=msofficialpractice

Is there a difference between CLI and GUI? will we able to do all the actions using both?

You can generally use both to execute similar actions. There might be some very specific commands that are supported by Azure CLI/Powershell that is not currently supported by the Portal but these are very specific scenarios/cases.

How did we move from CLI to powershell?

You can toggle it on the left-hand corner within the Azure cloud shell.


About Rob Sanders

IT Professional and TOGAF 9 certified Enterprise Architect with nearly two decades of industry experience, 18 years in commercial software development and 11 years in IT consulting. Check out the "About Rob" page for more information.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.