Recently I passed the Microsoft Azure Fundamental AZ-900 exam. I'm starting out learning Azure due to the customers I support and work with daily. The majority of my customers are government-based, and their options for cloud services are some variant of On-Premises or secured environments. Microsoft Azure solutions have an immediate presence within the government sector to the usage of Microsoft Office 365. Since this was my first Microsoft exam ever, I'm documenting my progress and notes as I learn this new technology.
My typical process for any exam is to review the vendor certification blueprint for Microsoft AZ-900. The exam blueprint options are the following:
Describe cloud concepts (20-25%)
Describe core Azure services (15-20%)
Describe core solutions and management tools on Azure (10-15%)
Describe general security and network security features (10-15%)
Describe identity, governance, privacy, and compliance features (15-20%)
Describe Azure cost management and Service Level Agreements (10-15%)
Based on the exam topics I located all reference notes online at doc.microsoft.com and searched for Azure. For brevity purposes, I'm breaking the reference notes into two (2) blog posts, including a separate appendix for URL links.
Azure Regions and Availability Zones
Azure Provides 60+ regions around the globe.
Regions are geographical locations, which are connected through a dedicated regional low-latency network.
Implement services to multiple regions which will provide High Availability (HA), Low Latency, and geographical access.
Azure provides multiple Availability zones within a single Azure region.
To ensure resiliency a minimum of three separate availability zones are present in all availability zone-enabled regions.
Each Availability Zone is one or more data centers and they have their own network connectivity as well as power resources.
Availability Zones help to achieve high availability with low latency within the same region.
Not all Azure regions have Availability Zones.
Subscription, Resource Groups, Management Groups, and Tags
Resource Group is a container that holds related resource group examples are Virtual Machines (VMs), SQL Database, Web App and Storage Account, etc.
One resource group is associated with one Azure subscription.
Azure resource hierarchy – Management Groups –> Azure Subscription –> Resource Group –> Resources.
One resource can be associated with only one resource group.
A resource group can contain resources from multiple Azure regions.
Resource groups are offered by Azure at no cost, customer only pays for usage of resources and not for resource groups.
Permission applied to a resource group is automatically applied to resources available in that resource group.
To manage cost and billing for different departments within your organization, create different subscriptions.
You cannot merge multiple subscriptions into one. Resources can be moved from one subscription to another subscription.
If a subscription has expired, there will be no creation of new resources, access to existing data is allowed.
Tags are used to identify applications, resources, environments for tracking and reporting purposes.
Tags help to categorize resources within Azure. Tags are not automatically inherited from a resource group to available resources within it.
Virtual Machines, Availability Set and Scale Set
Azure allows for the deployment of software or any application in the cloud via Virtual Machines (VMs).
A Virtual Machine with premium Solid State Drive (SSD) or Ultra disk will give 99.9 % Service Level Agreement (SLA)
Virtual Machine with standard SSD disk will give 99.5 % SLA
Standard HDD disk VM will give 95 % SLA
Two virtual machines in the same availability set give you 99.95% availability
Availability set is a logical grouping of Virtual Machines.
Azure provides two types of Availability Set: Fault Domain and Update Domain
Fault Domain – A group of virtual machines which share a common network switch and power source.
Updated Domain – This logical group can be restarted at the same time. All the maintenance updates occur within this group at the same time.
Design Note: To achieve HA, best to distribute VMs across multiple Fault Domains
Distributing VMs across multiple fault domains will increase availability.
Creating multiple instances in two or more Availability Zones in the same Azure region gives you 99.99% of availability.
Virtual Machine Scale Set (VM Scale Set) allows you to create and manage a group of Azure Virtual Machines.
VM Scale Set allows auto and manual scaling.
A single scale set can allow up to 1000 VM instances.
Auto-scaling in VM Scale Set can be configured based on CPU threshold, memory utilization, etc.
VM Scale Set creates a private IP address by default.
There is a cost for Public IP Address reservation
There are two types of scaling: Vertical Scaling and Horizontal Scaling.
Vertical Scaling – Increasing the available hardware capacity for example would be increasing RAM size.
Horizontal Scaling – Allows increasing the number of Virtual Machines.
Two VMs of the same size can cost differently because they vary with time and region.
IaaS, PaaS, SaaS and Containers
IaaS (Infrastructure As A Service) – A cloud model which allows customers the ability to manage infrastructure from a Cloud Service Provider. With this cloud model, the customer is responsible for managing Virtual Machine, Database, OS, Load Balancer, etc. All of the underlying hardware has to be managed by the customer.
PaaS (Platform As A Service) – The customer is responsible for their own application deployment and related configuration. No need to worry about the underlying hardware. Azure App Service, Azure Container, Azure Cosmos DB are examples of a PaaS model. In a PaaS model, the customer can configure hardware requirements and adjust for auto-scaling as needed.
SaaS (Software As A Service) – The customer is responsible for using the application and not for deployment and maintenance. Google Docs, Office 365, Dropbox are examples of a SaaS model.
Azure Containers can be used to virtualize software. In this case, VMs are not required.
Microservice-based applications can be deployed to Azure with the help of Azure Containers.
Azure Containers create a docker image for each microservice based on requirements. For example, customer can create a docker image for Windows + .NET and another image for Linux + PHP
Azure offers Azure Service Fabric and Kubernetes for container orchestration.
Kubernetes, Docker, Nomad, and OpenShift are some of the popular container orchestration tools.
Azure Service Fabric is a container orchestration tool that runs on the Azure cloud-only.
Public Cloud, Private Cloud, and Hybrid Cloud
Public Cloud – allows customers to host and deploy applications within the cloud with no data center available for on-premises. No Capital expenditure (CapEx) is required, Pay-as-you-go, underlying hardware maintained by Azure, hardware resource shared among multiple tenants.
Private Cloud – Allows customers to host and deploy everything within their own data center. Capital Expenditure (CapEx) is required for staff and equipment maintenance. Private Cloud provides a high level of security and privacy. Most Government/Intelligence agencies request private cloud deployments.
Hybrid Cloud – This is a combination of Public and Private Cloud Solutions. An example would be an Application Server that is in an on-premise data center and the database architecture is in the Azure cloud.
Serverless, Azure Functions and Logic Apps
Serverless computing enables developers to build applications faster by eliminating the need for them to manage infrastructure. It's zero visibility of servers. Within a Serverless environment no request = no cost.
An Azure function is an example of Serverless computing. Functions allow the developer to write less code and maintain less infrastructure which saves money.
The Azure function allows you to pay for the number of requests raised and memory utilization. It supports all the major programming languages such as C#, Python, Java, TypeScript, etc.
While creating Azure Function in Azure portal, select the runtime (.NET, JAVA, etc.); and selection for things like availability set and availability zones are not available within the Azure Function
Azure Functions are auto-scalable.
Logic App is a serverless orchestration service in Azure. It is a no-code (or low code) solution and mostly works with GUI drag and drop features.
Logic App can be useful to trigger events on a specific action such as sending an email and sharing files such as FTP and SFTP
Azure offers in-built templates to create Logic Apps.
Azure Storage Solutions
Azure offers File Storage (Azure Files), Block Storage (Azure Disk), and Object Storage (Blob Storage).
File storage can be shared between multiple Virtual Machines.
Azure offers the following data redundancy – LRS, ZRS, GRS, and GZRS.
LRS (Locally Redundant Storage) – Synchronizes three copies within the same data center, less expensive and with the least availability.
ZRS (Zone Redundant Storage) – Synchronizes three copies in three Availability Zones within the primary region.
GRS (Geo Redundant Storage) – It is LRS + Async copies to the secondary region.
GZRS (Geo Zone Redundant Storage) – ZRS + Async copies data to the secondary region. It is most expensive and provides high availability.
Azure Disk with standard HDD is recommended for backup storage options.
Standard SSD is recommended for lightweight applications.
Azure Disk with premium/Ultra SSD is the best practice for production use cases.
Blob storage allows the storage of huge unstructured data.
Azure Database
Note: It's important to know that Azure offers a choice of fully managed relational, NoSQL, and in-memory databases for various uses.
In Conclusion
The next post will be the rest of my Azure study notes. After the holidays I will start studying for the Azure Administrator exam AZ-104 and post progress and notes here as well. If you have any questions or comments, feel free to leave a comment. I am always looking for new helpful content, so if you have any ideas for articles or videos, please reach out to me using the comment section.