Page 1
AZ-900 Microsoft Azure FundamentalsScott Duffy, Instructor
© 2019 Scott Duffy, softwarearchitect.ca… get the course for these slides at: https://www.udemy.com/az900-azure/?couponCode=SLIDESDISC
Page 2
Microsoft Azure Fundamentals
“foundational level knowledge of cloud services and how those services are provided with Microsoft Azure”
Page 3
Microsoft Azure Fundamentals
● Candidates with non-technical backgrounds
● Candidates with a technical background who have a need to validate their foundational level knowledge around cloud services
Page 4
Microsoft Azure Fundamentals
● Understand cloud concepts
● Understand core Azure services
● Understand security, privacy, compliance and trust
● Understand Azure pricing and support
Page 5
You’ll be prepared to take an pass the AZ-900 exam
Page 6
But you don’t have to, if you just want to learn cloud concepts
Page 7
What is the Cloud?
Page 9
The ability to rent computing resources - on demand
Page 10
What Computing Resources?
Virtual Machines
Unlimited Storage
Databases
Queues
Content Delivery Network
Batch Processing Jobs
Page 11
What Computing Resources?
Big Data - Hadoop
Media Services
Machine Learning
Chat Bots
Cognitive Services
Page 12
1000+Azure Service options
Page 14
Understand Cloud Concepts (15-20%)
Page 16
High Availability
Page 17
Expressed as a percentage, it’s the ability of a system to respond to users
Page 18
99.99%Four nines, 4 minutes per month
Page 20
The ability of a system to handle growth of users or work
Page 21
Max capacity
Number of concurrent users
App failure
Page 23
The ability of a system to automatically grow and shrink based on application demand
Page 24
Userdemand
capacity
Page 26
The ability to change rapidly based on changes to market or environment
Page 28
The ability of a system to handle faults like power, networking, or hardware failures
Page 29
Disaster Recovery
Page 30
The ability of a system to recover from failure within a period of time, and how much data is lost
Page 31
Economies of Scale
Page 32
It’s cheaper for Microsoft to run a server than you can ever achieve yourself
Page 33
Capital Expenditure (CapEx) and Operational Expenditure (OpEx)
Page 34
CapEx is money invested in assets (like computers) that return investment over time
Page 35
OpEx is money spent every day on operating expenses
Page 36
Consumption-Based Model
Page 37
Pay per minutePay per hourPay per execution
Page 38
Infrastructure-as-a- Service (IaaS)
Page 39
Virtual machines, networking, load balancers, firewalls
Page 40
Platform-as-a-Service (PaaS)
Page 41
Upload code packages and have them run, without access to the hardware
Page 42
Software-as-a-Service (SaaS)
Page 43
Access to configuration only
Page 44
Compare and Contrast
Page 47
Computing services offered over the public Internet; anyone can sign up
Page 49
Computing services offered to only select users; internal or corporate cloud
Page 51
Combination of public and private clouds; scale private infrastructure to the cloud
Page 52
Compare and Contrast
Page 53
Public vs private vs hybrid
Page 54
AZ-900 Microsoft Azure FundamentalsScott Duffy, Instructor
© 2019 Scott Duffy, softwarearchitect.ca… get the course for these slides at: https://www.udemy.com/az900-azure/?couponCode=SLIDESDISC
Page 55
Understand Core Azure Services (30-35%)
Page 58
54Regions - not all accessible by everyone
Page 60
Availability Zones
Page 64
Azure Resource Manager (ARM)
Page 66
Core Azure architectural components
Page 67
Compute
Virtual Machines
Virtual Machine Scale Sets
App Service
Functions
Page 68
Networking
Virtual Network
Load Balancer
VPN Gateway
Application Gateway
Content Delivery Network
Page 69
Storage
Azure Storage - Blob, File, Table, Queue
Managed Disk
Backup and Recovery Storage
Page 70
Databases
Cosmos DB
Azure SQL Database
Azure Database Migration service
Azure SQL Data Warehouse
Page 71
Azure Marketplace
Page 73
Internet of Things (IoT)
IoT Fundamentals
IoT Hub
IoT Central
Page 74
Big Data and Analytics
SQL Data Warehouse
HDInsight
Data Lake Analytics
Page 75
Artificial Intelligence (AI)
Azure Machine Learning Service
Studio
Page 76
Serverless
Azure Functions
Logic Apps
App grid
Page 77
Azure Tools
Azure CLI
PowerShell
Azure Portal
Page 80
AZ-900 Microsoft Azure FundamentalsScott Duffy, Instructor
© 2019 Scott Duffy, softwarearchitect.ca… get the course for these slides at: https://www.udemy.com/az900-azure/?couponCode=SLIDESDISC
Page 81
Understand Security, Privacy, Compliance, and Trust (25-30%)
Page 85
Azure DDoS Protection
Page 87
Network Security Group (NSG)
Page 89
Choose an appropriate Azure security solution
Page 90
All virtual network subnets should use NSG
Page 91
It’s a strong lock on windows and doors that you don’t use
Page 92
DDoS - as needed or after attacked
Page 93
Application Gateway with WAF
Page 94
Security through layers
Page 95
The difference between Authentication and Authorization
Page 96
Authentication is a user proving who they are - user id and password
Page 97
Authorization is ensuring that a user is permitted to perform an action
Page 98
Move away from all authenticated users having admin access
Page 99
Azure Active Directory
Page 100
Identity as a service(IDaaS)
Page 101
Microsoft’s preferred solution for identity management
Page 102
Complete solution for managing users, groups, roles
Page 104
Synchronize with your corporate AD
Page 105
Azure Multi-Factor Authentication
Page 106
First factor is your user id - might be easy to guess
Page 107
Second factor is your password - hopefully hard to guess
Page 108
(Also hopefully unique)
Page 109
Third factor is that you have your phone on you
Page 110
SMS, authenticator app, phone call
Page 112
Physical vs digital security
Page 113
Shared security model
Page 117
Role-Based Access Control (RBAC)
Page 118
Layered approach
Page 119
Security Layers
● Data - i.e. virtual network endpoint
● Application - i.e. API Management
● Compute - i.e. Limit Remote Desktop access, Windows Update
● Network - i.e. NSG, use of subnets, deny by default
● Perimeter - i.e. DDoS, firewalls
● Identity & access - i.e. Azure AD
● Physical - i.e. Door locks and key cards
Page 120
Azure Security Center usage scenarios
Page 121
Unified security management and advanced threat protection
Page 123
Free tier and Standard tier
Page 125
Central, secure repository for your secrets, certificates and keys
Page 130
Azure Information Protection (AIP)
Page 131
Apply labels to emails and documents
Page 132
i.e. Confidential, Super Confidential, Top Secret
Page 133
Used to protect documents from being viewed, printed and/or shared
Page 134
Azure Advanced Threat Protection (ATP)
Page 135
Monitor and profile user behavior and activities
Page 136
Protect user identities and reduce the attack surface
Page 137
Identify suspicious activities and advanced attacks
Page 138
Investigate alerts and user activities
Page 141
Create rules across all of your Azure resources
Page 142
Evaluate compliance to those rules
Page 143
Examples of Built-In Policies
● Require SQL Server 12.0
● Allowed Storage Account SKUs
● Allowed Locations
● Allowed Virtual Machine SKUs
● Apply tag and its default value
● Not allowed resource types
Page 144
Can create custom policies using JSON definition
Page 145
Policy Initiatives
Page 146
A set of policies, grouped together
Page 147
“Every resource and resource group must have these five tags.”
Page 148
10 policies that need to be enforced
Page 149
Grouped together as a policy initiative
Page 150
Role-Based Access Control (RBAC)
Page 151
Microsoft recommended solution for access control
Page 152
Create roles that represent the common tasks of the job
Page 153
AccountantDeveloperBusiness Lead
Page 154
Assign granular permissions to that role
Page 155
Assign users to that role
Page 156
Do not assign granular permissions to an individual
Page 157
ReaderContributorOwner
Page 159
Read OnlyCan Not Delete
Page 161
Using RBAC, you can restrict who has access to locks
Page 162
Azure Advisor security assistance
Page 168
Azure Service Health
Page 171
Azure Monitor vs Azure Service Health
Page 172
Azure Monitor collects all the data for you to analyze and create alerts on
Page 173
Specific to your application, your actions
Page 174
Azure Service Health are general alerts across all of Azure
Page 175
Compliance terms such as GDPR, ISO and NIST
Page 176
Many different standards for technology across the world
Page 177
Microsoft claims to be in compliance with many of them
Page 178
And has tools to help you be in compliance with others
Page 179
General Data Protection Regulation (GDPR)
GDPR is a new set of rules designed to give EU citizens more control over their personal data
Affects companies outside of the EU that handle EU citizen’s data
Data has to be collected legally under strict conditions
Data has to be protected misuse
Reporting obligations is data is mishandled
Page 180
ISO - International Organization for Standardization
Page 181
ISO 9001:2015 is for Quality Management Systems (QMS)
Page 182
ISO/IEC 20000-1:2011 is for Service Management Systems (SMS)
Page 183
NIST Cybersecurity Framework (CSF)
National Institute of Standards and Technology (NIST)
Audited for compliance to security and privacy processes
Page 185
Microsoft Privacy Statement
Page 186
privacy.microsoft.com
Page 189
https://www.microsoft.com/en-us/trustcenter/cloudservices/azure
Page 192
Service Trust Portal
Page 193
servicetrust.microsoft.com
Page 195
Compliance Manager
Page 196
workflow-based risk assessment tool ... to help you manage regulatory compliance
Page 199
Azure Government services
Page 200
Separate account
Page 201
For US government agencies - federal, state and local
Page 202
Department of Defence (DoD) has its own too
Page 203
Isolated data centers separate from the Azure public cloud
Page 204
Meets standards specific to government
Page 205
FedRAMP, NIST 800.171 (DIB), ITAR, IRS 1075, DoD L4, and CJIS
Page 207
Different URLs for connecting to storage, functions, etc.
Page 208
Azure Germany services
Page 209
Separate account
Page 210
Data remains in Germany
Page 211
Strictest EU data protection
Page 212
German Data trustee
Page 214
AZ-900 Microsoft Azure FundamentalsScott Duffy, Instructor
© 2019 Scott Duffy, softwarearchitect.ca… get the course for these slides at: https://www.udemy.com/az900-azure/?couponCode=SLIDESDISC
Page 215
Understand Azure Pricing and Support (25-30%)
Page 217
Azure Subscription
Page 218
Subscription is a billing unit
Page 219
Users have access to one or more subscriptions, with different roles
Page 220
All resources consumed by a subscription will be billed to the owner
Page 221
Can be used to organize resources into completely distinct accounts
Page 223
Management groups
Page 225
Purchasing Azure products and services
Page 226
Purchase from Microsoft
● Pay as you go
● Enterprise Agreement
Page 227
NegotiatedMinimum SpendAnnualCustom Prices
Page 228
Purchase from a Microsoft Partner
● Microsoft Cloud Solution Provider (CSP)
Page 229
Azure Free account
Page 230
http://azure.microsoft.com/free
Page 231
US $200 credit for the first 30 days
Page 232
12 months of free services
Page 233
Some services are always free
Page 234
Factors affecting costs
Page 235
Different services are billed based on different factors
Page 237
Free services
Resource groups
Virtual network (up to 50)
Load balancer (basic)
Azure Active Directory (basic)
Network security groups
Free-tier web apps (up to 10)
Page 239
Pay per usage (consumption model)
Page 240
Opportunity for cost savings
Azure Functions:
● 1 million executions free per month
● $0.20 per million executions
● Cheapest virtual machine is $20 per month
Page 241
Pay per usage services
Functions
Logic Apps
Storage (pay per GB)
Outbound bandwidth
Cognitive Services API
Page 242
Pay for time (per second)
Page 243
Per second billing means billing stops when the VM is stopped *
Page 244
Stability in pricing
Pay a fixed price per month for computing power or storage capacity
Whether you use it or not
Discounts for 1-year or 3-year commitment in VM (Reserved Instances)
Multi-tenant or isolated environment
Page 245
Pay for bandwidth
Page 246
First 5 GB is free
Page 247
Inbound data is free
Page 248
Bandwidth costs
Outbound data, $0.05 to $0.087 / GB for Zone 1 (NA and EU w/o Germany)
Outbound data, $0.057 to $0.10 / GB for DE Zone 1 (Germany)
Outbound data, $0.08 to $0.12 / GB for Zone 2 (Asia, Africa and Oceania)
Outbound data, $0.16 to $0.181 / GB for Zone 3 (Brazil)
(Availability zone pricing is different)
Page 249
1 PB of data transfer = $52,000
Page 250
Zones for billing purposes
Page 251
Zone is a geographical grouping of Azure Regions for billing purpose
Page 252
Zone 1
United States, Europe, Canada, UK, France
Page 253
Zone 2
Asia Pacific, Japan, Australia, India, Korea
Page 254
Zone 3
Brazil South
Page 255
DE Zone 1
Germany Central, Germany Northeast
Page 256
Pricing calculator
Page 257
https://azure.microsoft.com/en-ca/pricing/calculator/
Page 258
Estimates are hard to make 100% accurate
Page 259
Configurable Options
Region
Tier
Subscription Type
Support Options
Dev/Test Pricing
Page 260
Export and share the estimate
Page 261
Total Cost of Ownership (TCO) calculator
Page 262
The cost of a server is more than just the cost of the hardware
Page 263
Other costs
● Electricity
● Cooling
● Internet connectivity
● Rack space
● Setup labor
● Maintenance labor
● Backup
Page 264
https://azure.microsoft.com/en-ca/pricing/tco/calculator/
Page 265
Best practices for minimizing Azure costs
Page 266
Azure Advisor cost tab
Page 267
Auto shutdown on dev/qa resources
Page 268
Utilize cool/archive storage where possible
Page 269
Reserved instances
Page 270
Configure alerts when billing exceeds an expected level
Page 271
Use Policy to restrict access to certain expensive resources
Page 272
Auto scaling resources
Page 273
Downsize when resources over-provisioned
Page 274
Ensure every resource has an owner (tags)
Page 275
Azure Cost Management
Page 276
Another free tool inside Azure to analyze spending
Page 278
Analyze spending over time
Page 279
Tracking against budgets
Page 280
Schedule reports
Page 282
Levels of Azure Support
Basic - free and included in all plans
Developer - non-production environments
Standard - production environments
Professional Direct - business critical
Premier - multiple products, including Azure
Page 283
Basic Support
Self-help support
Documentation
Azure Advisor recommendations
Service Health dashboard and Health API
Page 284
Developer Support
Business hours access to support engineers via email
Unlimited contacts / cases
Sev C - Non-business critical
One day response time (< 8 hours)
General architectural guidance
$29 / month
Page 285
Standard Support
24 x 7 access to support engineers by phone and email
Unlimited contacts / cases
Sev C support (< 8 hours), Sev B (< 4 hours), and Sev A (< 1 hour)
General architectural guidance
$100 / month
Page 286
Professional Direct Support
24 x 7 access to support engineers by phone and email
Unlimited contacts / cases
Sev C support (< 8 hours), Sev B (< 4 hours), and Sev A (< 1 hour)
Architectural guidance on best practices
Onboarding and consultations
Delivery Manager
$1,000 / month
Page 287
Premier Support
24 x 7 access to support engineers by phone and email
Unlimited contacts / cases
Sev C support (< 8 hours), Sev B (< 4 hours), and Sev A (< 1 hour, < 15 minutes)
Specific architectural support such as design reviews, performance tuning, etc
Technical account manager, including service reviews, reporting
On demand training
“Contact us”
Page 290
Open a support ticket
Page 293
Available support channels
Page 295
Knowledge Center
Page 296
https://azure.microsoft.com/en-ca/resources/knowledge-center/
Page 299
Service Level Agreement (SLA)
Page 300
https://azure.microsoft.com/en-ca/support/legal/sla/
Page 303
Preview features
Page 304
Preview features are for “testing” and not production use
Page 305
Could change significantly before it goes live
Page 307
Public and Private Preview
Page 308
Public preview available to everyone
Page 309
Private Preview requires registration
Page 312
General Availability (GA)
Page 314
Monitor feature updates
Page 315
https://azure.microsoft.com/en-ca/updates/
Page 317
AZ-900 Microsoft Azure FundamentalsScott Duffy, Instructor
© 2019 Scott Duffy, softwarearchitect.ca… get the course for these slides at: https://www.udemy.com/az900-azure/?couponCode=SLIDESDISC
Page 318
Thank you and best of luck!