Microsoft Azure Cloud Services Introduction PDF

Summary

This document provides an introduction to Microsoft Azure cloud services. It explains what cloud computing is, its benefits, and why Azure is a good choice for businesses. It also describes Azure use cases and the Azure portal.

Full Transcript

Chap 1: Microsoft Azure Cloud Services Introduction
Module 1:

1. What is Cloud Computing?

Cloud computing offers IT services over the internet using a "pay-as-you-go" pricing model.
It reduces operational costs, optimizes resource usage, and allows businesses to adapt to
evolving needs.
Basic Principle:
You "rent" computing power (CPU), storage, and other resources from a cloud provider's data
centers. You only pay for what you use, and the provider handles the maintenance of
infrastructure (hardware, updates, security, etc.).

2. Benefits of Cloud Computing

 Speed and Innovation: The cloud enables quick solutions to complex challenges and fosters
innovation with cutting-edge solutions.
 Unlimited On-Demand Resources: The cloud offers nearly unlimited access to computing,
storage, and networking components.
 Enhanced User Experience: Services like voice recognition or cognitive services improve
applications.

3. Why Choose Azure for Your Business?
Azure is a cloud computing platform developed by Microsoft, offering numerous
benefits for businesses:
o Future-Ready: Continuous innovation ensures support for current developments and
future visions.
o Development Flexibility: Azure is open-source and compatible with all programming
languages and frameworks, enabling businesses to develop and deploy as desired.
o Seamless Hybrid: Azure provides easy integration with existing environments,
designed for hybrid cloud solutions.
o Security and Trust: Integrated security and proactive compliance supported by
experts. Azure is trusted by enterprises, governments, and startups.
4. Azure Use Cases
With Azure, you can:
o Migrate existing applications to virtual machines (VMs) on Azure to start leveraging
the cloud.
o Create innovative solutions like intelligent bots, mixed-reality experiences, and
AI/ML-powered applications.
o Store large volumes of data with dynamic storage solutions.
5. Azure Portal
The Azure Portal is a unified web interface for:
o Managing Azure subscriptions through an intuitive graphical interface.
o Creating, managing, and monitoring resources ranging from simple applications to
complex cloud deployments.
o Customizing dashboards for an organized view of resources.
o Ensuring continuous availability and resilience in case of data center failures.
6. Azure Marketplace
Azure Marketplace is a platform where:
 o Users can find, try, and purchase solutions and services optimized for Azure.
o Microsoft partners and independent vendors offer applications certified to work on
Azure.
o Categories include: virtual machine images, databases, development tools,
deployment software, threat detection, and blockchain.

Module 2:

1. Benefits of Cloud Computing:
o High Availability: Ensures continuous service with minimal downtime, depending on
the chosen service level.
o Scalability:
 Vertical: Increasing the capacity of a resource (e.g., adding RAM or CPU).
 Horizontal: Adding resource instances (e.g., more VMs).
o Elasticity: Enables automatic resource adjustment based on demand.
o Agility: Cloud resources can be quickly deployed or configured.
o Geographic Distribution: Applications and data accessible via regional data centers
for better performance.
o Disaster Recovery: Data protection through backups, replication, and geo-
distribution.
2. Cost Models: CapEx vs. OpEx
When migrating to the cloud, understanding the difference between CapEx (Capital
Expenditure) and OpEx (Operational Expenditure) is crucial:
o CapEx (Capital Expenditure):
 Refers to initial large investments for purchasing and installing physical
infrastructure (e.g., servers, data centers).
 Example: An organization buys servers and installs them in an on-premises
data center.
 Characteristics: High upfront cost, ongoing maintenance expenses, limited
flexibility (fixed capacity).
o OpEx (Operational Expenditure):
 Refers to paying for resources or services used, often based on a
consumption model (pay-as-you-go).
 Example: A company uses cloud services and pays only for consumed
resources (compute, storage, etc.).
 Characteristics: No upfront cost, flexibility to scale resources, maintenance
handled by the cloud provider, directly impacts profits as expenses are
incurred immediately.
3. Cloud Deployment Models There are three main cloud deployment models, each
suited for different needs:
o Public Cloud:
Resources (e.g., servers, storage) are hosted and managed by a third-party provider
and are accessible via the internet.
Examples: Microsoft Azure, AWS, Google Cloud.
 Advantages: Cost-effective, scalable, accessible to everyone.
 Disadvantages: Less control over data and security, vendor dependency.
o Private Cloud:
Resources are used exclusively by one organization, either on-premises or hosted by
a third party.
  Advantages: Enhanced security, full control over infrastructure.
 Disadvantages: High initial cost, less flexible and scalable than public cloud.
o Hybrid Cloud:
A combination of public and private clouds, allowing data and applications to be
shared between the two environments.
 Advantages: Flexibility, gradual cloud transition, ideal for sensitive data
management and compliance needs.
 Disadvantages: Increased complexity for management and integration.
4. Azure Organizational Levels
Azure structures its resources in four hierarchical levels to simplify management, cost
control, and governance:
o Resources: Instances of Azure services like VMs, databases, and storage accounts.
o Resource Groups: Logical containers for organizing Azure resources, simplifying
management.
o Subscriptions: Groups of users and resources, defining quotas and limits.
o Management Groups: Containers to manage multiple subscriptions at scale, applying
global policies.
5. Azure Resource Manager (ARM):
ARM is the management service for organizing, securing, and governing Azure
resources.
Key Features:
o Organizes resources into resource groups.
o Provides role-based access control (RBAC).
o Supports deployment via ARM Templates (JSON files defining resource
configurations).
o Allows programmatic interaction via REST APIs.
o Benefits: Centralized resource management, precise access control, automated
deployment.
6. Azure Regions:
An Azure region is a geographical area hosting multiple data centers.
Why It Matters:
o Data Location: You can choose a region to meet legal or proximity requirements.
o Performance: Selecting a region close to users can reduce latency.
o Multiple Regions: Azure offers regions worldwide, enabling deployment near end
users.
7. Availability Zones:
Availability Zones are physically separated data centers within a region, ensuring high
availability.
Why It Matters:
o High Availability: Services continue running in other zones if one zone fails.
o Redundancy: Minimizes service interruption risks by deploying across multiple zones.
8. Region Pairs:
A region pair is two Azure regions located near each other but in distinct geographical
locations, ensuring disaster recovery and geographic redundancy.
Why It Matters:
o Disaster Recovery: Data replication and service management across two regions.
o Redundancy: Ensures continuity in case of a major regional failure.

Module 3:

1. Relational and NoSQL Databases
 Typical Use
Service Type Advantages
Cases
NoSQL (multi- Distributed applications, IoT, mobile,
Azure Cosmos DB
model) games
Azure SQL Database SQL (PaaS) Cloud applications, web, API, ERP
SQL Managed Instance SQL (IaaS) SQL Server migration to the cloud
Azure Database for
SQL (PaaS) Web applications, eCommerce
MySQL
Azure Database for Applications needing advanced features
SQL (PaaS)
PostgreSQL like geodata

2. Big Data and Analytics

Service Type Typical Use Cases Advantages
Azure Synapse Big Data + Data
Data integration, enterprise reporting
Analytics Warehousing
Big Data (Hadoop,
Azure HDInsight Large data processing, log analysis, ETL
Spark)
Big Data + Machine Data science, machine learning, real-time
Azure Databricks
Learning data analysis
Azure Data Lake
Big Data + Analytics Large data analysis in data lakes
Analytics

3. Virtualization and Containers

Service Type Typical Use Cases Advantages
Azure Virtual IaaS (Virtual Hosting applications, servers, dedicated
Machines Machines) environments
Azure App Service PaaS (App Service) Web applications, API, mobile hosting
Azure Container Deploying containerized applications without
Containers (IaaS)
Instances managing infrastructure
Azure Kubernetes Container Managing large containerized applications at
Service Orchestration scale

4. Serverless Functions and Services

Typical Use
Service Type Advantages
Cases
Azure Functions Serverless Event processing, automation, API integration
Windows Virtual Remote access to Windows desktops, remote
Virtual Desktop
Desktop work

Azure Cosmos DB:
  Description: Azure Cosmos DB is a globally distributed NoSQL database designed
for high performance and low latency at scale. It supports multiple data models,
including documents, graphs, wide-column, and key-value.
 Advantages and Use Cases: Ideal for large-scale applications that require ultra-low
latency and global availability, such as IoT apps, games, and mobile apps. It provides
complete control over data management, scalability, and availability with automatic
replication.

Azure SQL Database and SQL Managed Instance:

 Azure SQL Database: A Platform-as-a-Service (PaaS) providing a fully managed
relational SQL database with automated management, scalability, and high
availability.
 SQL Managed Instance: A managed version of SQL Server in the cloud offering
high compatibility with on-prem SQL Server deployments.
 Advantages and Use Cases:
o SQL Database is suited for modern cloud applications that require a fully
managed SQL database without infrastructure management.
o SQL Managed Instance is ideal for businesses migrating from on-prem SQL
Server, offering tight compatibility with local versions.

Azure Database for MySQL and PostgreSQL:

 Description: These PaaS services allow hosting MySQL and PostgreSQL databases in
the cloud with automated management and scalability features.
 Advantages and Use Cases:
o MySQL is ideal for web and mobile applications requiring a robust and
flexible relational database.
o PostgreSQL is perfect for applications needing an advanced relational database
system with extended features like geospatial data.

Big Data and Analytics in Azure:

 Azure Synapse Analytics: An analytical service combining data warehousing and big
data for large-scale analysis. It provides data integration and visualization with Power
BI.
 Azure HDInsight: A cloud service for processing large amounts of data via popular
big data tools like Hadoop, Spark, and Hive.
 Azure Databricks: A collaborative environment optimized for Apache Spark, used
for data analysis and machine learning.

Virtualization and Azure App Services:

 Azure Virtual Machines: IaaS infrastructure for deploying virtual machines in the
cloud to run applications and services. Ideal for custom infrastructure needs.
 Azure App Service: A PaaS service for deploying and managing web applications
and APIs without worrying about underlying infrastructure.

Azure Containers and Kubernetes:
  Azure Container Instances (ACI): A service for deploying containers without
managing infrastructure, useful for lightweight and ephemeral applications.
 Azure Kubernetes Service (AKS): A managed service for deploying, managing, and
orchestrating containers at scale using Kubernetes, a popular container orchestration
platform.

Azure Functions:

 Description: A serverless compute service that runs code in response to events
without infrastructure management. Ideal for event-based applications and
asynchronous workflows.
 Advantages: Cost-effective and flexible, as you only pay for the execution of the
code.

Windows Virtual Desktop:

 Description: A virtual desktop service allowing access to Windows desktops and
applications from any device.
 Advantages and Use Cases: Perfect for remote workers or businesses wishing to
offer a secure and accessible work environment across devices. It provides centralized
management of desktops and applications.

Module 4:

1. Azure Storage

 Azure Blob Storage:
o Description: Designed for storing unstructured data, like text files, images,
videos, and backups.
o Advantages: Ideal for large quantities of unstructured data, with advanced
security features and flexible access levels (hot, cool, archive).
o Use Cases: Backup storage, archives, web data, and other media content.
 Azure Disk Storage:
o Description: Stores disks for virtual machines (VM), offering SSD and HDD
options with varying performance.
o Advantages: Persistent disks for Azure VMs with high performance,
particularly with SSD Premium disks.
o Use Cases: VM storage, databases, and high-performance applications.
 Azure Files:
o Description: Allows creating file shares in the cloud that can be accessed via
the SMB protocol.
o Advantages: Easy file sharing with SMB support, ideal for data migration.
o Use Cases: File storage, application migration, and archiving.

Access Levels for Azure Blob Storage:

 Hot: For frequently accessed data.
 Cool: For data rarely accessed but needs long-term retention.
  Archive: For rarely used data, available within hours, but at a lower cost.

2. Azure Networking Resources

 Azure Virtual Network (VNet):
o Description: A private virtual network within Azure that allows you to create
a secure and customizable network environment for your resources.
o Advantages: Network segmentation, secure communications, and IP address
control.
o Use Cases: Configuring private networks for cloud applications, databases,
and servers.
 Azure VPN Gateway:
o Description: Creates secure tunnels between on-premises networks and Azure
virtual networks.
o Advantages: Secure communication between Azure and remote sites via
IPSec VPNs.
o Use Cases: Extending enterprise networks into Azure and creating secure
tunnels.
 Azure ExpressRoute:
o Description: A private connection between your on-premises infrastructure
and Azure, bypassing the public internet.
o Advantages: Improved performance, reduced latency, and enhanced security.
o Use Cases: Applications requiring high-performance, low-latency connections
to Azure.

Azure Storage Comparison Table

Service Storage Type Typical Use Cases Advantages
Azure Blob Object Backup, archives, media data, High availability, scalable,
Storage Storage unstructured data secure
Azure Disk High performance, secure,
Disk Storage VM disks, databases
Storage VM support
Shared File File sharing, application Easy SMB access, secure file
Azure Files
Storage migration, archiving management

Chap 2

Overview of AI

 AI enables software systems to perceive their environment and take actions to achieve goals.
  Goal of AI: Create systems that learn or adapt without explicit programming.
 Two Approaches to AI:
o Deep Learning: Mimics the neural networks of the human brain for learning and
growth through experience.
o Machine Learning (ML): Utilizes data to train, test, and predict outcomes or trends.

Examples of AI Applications

 Machine Learning:
o Product recommendations based on past purchases (e.g., e-commerce).
o Fraud detection by analyzing millions of transactions.

Azure AI Product Offerings

1. Azure Machine Learning:
o Tools for connecting data, training models, and deploying them via web APIs.
o Suitable for building custom algorithms using proprietary data.
o Key Features:
 Data processing pipelines.
 Model training, testing, and deployment.
 Used for tailored and complex predictions.
2. Azure Cognitive Services:
o Pre-built ML models accessible via APIs.
o Categories:
 Language: Sentiment analysis, natural language processing.
 Speech: Speech-to-text, text-to-speech, translations.
 Vision: Object and face recognition, video/image analysis.
 Decision: Personalized recommendations, anomaly detection, content
moderation.
3. Azure Bot Service and Bot Framework:
o Tools for creating virtual agents.
o Combines Azure Cognitive Services for natural language understanding, translation,
and more.
o Use Case: Automating repetitive tasks like FAQs or reservations.

Criteria for Choosing AI Services

 Virtual Agents with Natural Language Interfaces: Use Azure Bot Service.
 Content Understanding (Images, Videos, Speech): Use Azure Cognitive Services.
 Predicting User Behavior or Personalization: Use Azure Cognitive Services Personalizer.
 Custom Predictions Using Historical Data: Use Azure Machine Learning.

Case Studies

1. Tailwind Traders: Personalized Product Recommendations
 o Requirement: Predict user behavior and offer personalized product suggestions
based on historical and trending data.
o Solution:
 Use Azure Machine Learning for custom models incorporating sales data and
inventory.
 Personalizer could assist but not suffice for the complexity.
2. Tailwind Traders: Virtual Agent for Customer Service
o Requirement: Build a chatbot to answer FAQs and handle customer queries.
o Solution:
 Use Azure Bot Service integrated with Cognitive Services for natural
language processing and possible translations.
 Pre-built tools like QnA Maker or Power Virtual Agents can expedite
development.

Key Takeaways

 Azure Machine Learning is ideal for tailored models with private data.
 Azure Cognitive Services simplify general-purpose tasks using pre-trained models.
 Azure Bot Service is optimized for creating human-like virtual agents.
 AI applications can transform businesses by automating tasks, enhancing customer
interactions, and improving decision-making.

Criteria for Choosing DevOps Tools

1. Test Lab Automation:
o Azure DevTest Labs excels at automating the creation and management of test-lab
environments.
o Can integrate with Azure Pipelines or GitHub Actions for automation.
2. Open Source Development:
o GitHub is preferred for open-source projects due to visibility and community
acceptance.
o Azure DevOps can host public repositories but lacks GitHub's reputation in open
source.
3. Mix and Match Services:
o GitHub Repos can be used with Azure Boards for work tracking.
o Flexibility allows integration of different services as needed.
4. Granularity in Permissions:
o GitHub: Simple read-write permissions model.
o Azure DevOps: Granular permissions across its toolset for refined control.
5. Project Management and Reporting:
o GitHub: Basic tools like Kanban boards and issues.
o Azure DevOps: Advanced customization, including custom fields and metadata
tracking.
6. Integration with Third-Party Tools:
o Both Azure DevOps and GitHub integrate with most third-party tools via APIs.
Case Studies

Scenario 1: Tailwind Traders

 Requirements:
o Granular permissions for managing contractors and vendors.
o Advanced project management and reporting features (burn-down charts, epics
tracking, custom metadata).
 Analysis:
o Test Lab Automation: Not applicable.
o Open Source: Not a requirement.
o Granular Permissions: Azure DevOps is preferred due to its detailed permissions
model.
o Project Management: Azure DevOps excels due to its customization and robust
features.
o Third-Party Integration: Not a primary concern.
 Conclusion: Azure DevOps is the best choice for its sophisticated reporting and
permission controls.

Scenario 2: API Example Repository

 Requirements:
o Share example code.
o Collect feedback, report issues, and engage the developer community.
 Analysis:
o Test Lab Automation: Not applicable.
o Open Source: Yes, GitHub is the leading candidate for open-source visibility.
o Granular Permissions: GitHub’s simple permissions model suffices.
o Project Management: Sophisticated tools not required.
o Third-Party Integration: Not a primary concern.
 Conclusion: GitHub is the ideal platform for community engagement and open-source
code sharing.

Scenario 3: QA Test Environment

 Requirements:
o Automate creation and management of testing environments.
o Ensure consistency with production environments.
o Control costs and VM usage.
 Analysis:
o Test Lab Automation: Azure DevTest Labs fulfills all requirements, including VM
automation and cost control.
o Open Source: Not applicable.
o Granular Permissions: Not required.
o Project Management: Not a priority.
o Third-Party Integration: Not required.
  Conclusion: Azure DevTest Labs is the best solution for automating test-lab
environments.

Overview of Azure Monitoring Services

Azure provides three primary monitoring offerings to help organizations manage and optimize
their Cloud resources:

1. Azure Advisor
o Evaluates Azure resources and provides recommendations for:
 Reliability
 Security
 Performance
 Cost optimization
 Operational excellence
o Available via the Azure Portal and API with notification options for new
recommendations.
o Personalized dashboard with filters for subscriptions, resource groups, or services.
o Recommendation categories:
 Reliability: Continuity of critical applications.
 Security: Detect and mitigate threats.
 Performance: Improve speed and responsiveness.
 Cost: Reduce Azure spending.
 Operational Excellence: Optimize workflows and resource management.
2. Azure Monitor
o A platform for collecting, analyzing, and acting on metrics and logging data from
Azure and on-premises resources.
o Tracks performance across layers: applications, operating systems, networks, and
more.
o Key features:
 Centralized logging and metrics repositories.
 Custom views and high-level dashboards using Power BI and queries.
 Real-time alerts for critical events.
 Autoscaling based on thresholds.
 Application Insights integration for telemetry data and error diagnosis.
3. Azure Service Health
o Provides notifications about Azure service incidents and planned maintenance.
o Offers a personalized view of Azure services’ health for specific regions and
resources.
o Types of updates:
 Service Issues: Current outages or problems.
 Health Advisories: Issues allowing proactive actions.
 Planned Maintenance: Notifications about downtime or updates.
o Features Root Cause Analysis (RCA) reports for post-outage details.

Scenario 1: Optimizing Cloud Spending and Security

 Situation:
Tailwind Traders wants to optimize Cloud spending and ensure security practices.
 Decision Criteria:
 1. Analyze Azure usage for optimization? Yes.
2. Monitor Azure services’ health? No.
3. Measure custom events? No.
4. Set up alerts for outages or scaling? No.
 Solution:
Use Azure Advisor to analyze resources and get recommendations for cost optimization and
security improvements.

Scenario 2: Diagnosing Intermittent Errors

 Situation:
Tailwind Traders’ e-commerce site experiences intermittent errors likely related to databases
or caching.
 Decision Criteria:
1. Analyze Azure usage for optimization? No.
2. Monitor Azure services’ health? No.
3. Measure custom events? Yes.
4. Set up alerts for outages or scaling? No.
 Solution:
Use Azure Monitor to pinpoint specific issues.
1. Application Insights integration helps track user sessions and performance metrics.

Scenario 3: Operationalizing Cloud Environment

 Situation:
Tailwind Traders wants to:
o Notify stakeholders about planned downtimes.
o Monitor Azure service health for upcoming service retirements.
o Provide Root Cause Analysis (RCA) reports for outages.
 Decision Criteria:
o Analyze Azure usage for optimization? No.
o Monitor Azure services’ health? Yes.
o Measure custom events? No.
o Set up alerts for outages? Yes.
 Solution:
Use Azure Service Health for:
o Tracking planned downtimes.
o Monitoring service retirements.
o Receiving RCA reports for outages.

Key Takeaways

 Azure Advisor: Best for optimization of costs, security, and performance.
 Azure Monitor: Ideal for tracking performance metrics and diagnosing application issues.
 Azure Service Health: Focused on staying informed about service outages, downtimes, and
service changes.
 Benefits of Azure Monitoring:
 o Reduces unnecessary Cloud spending.
o Enhances security posture.
o Identifies root causes of application issues.
o Provides alerts for planned and unplanned downtime.

Key Notes on Azure Monitoring Services

1. General Challenges in Cloud Use
o Concerns include performance optimization, cost management, security, resilience,
diagnosing intermittent issues, and handling outages.
o Azure offers tools to gain insights and optimize Cloud usage: Azure Advisor, Azure
Monitor, and Azure Service Health.

2. Azure Advisor
o Purpose: Provides recommendations for improving reliability, security, performance,
cost, and operational excellence.
o Features:
 Accessible via Azure Portal and APIs.
 Personalized recommendations for subscriptions, resource groups, or
services.
 Categories: Reliability, Security, Performance, Cost, Operational Excellence.

3. Azure Monitor
o Purpose: Platform for collecting, analyzing, and acting on metric and log data across
Azure and on-premises environments.
o Features:
 Centralized logging and metrics across applications, OS, networks, etc.
 Supports custom views (Power BI, Kusto queries).
 Integrates with tools like Application Insights to diagnose application issues.
 Alerts for critical events and auto-scaling triggers.

4. Azure Service Health
o Purpose: Tracks Azure service incidents, planned maintenance, and health
advisories.
o Features:
 Displays localized issues and major outages.
 Alerts for planned maintenance and outages.
 Root Cause Analysis (RCA) reports for incidents.
 Allows stakeholders to act proactively.

5. Scenarios and Recommendations
o Scenario 1: Optimize cloud spend and security.
  Solution: Azure Advisor – provides insights on cost and security best
practices.
o Scenario 2: Trace intermittent errors (e.g., database or caching issues).
 Solution: Azure Monitor – pinpoints service-specific issues and supports
custom event tracking.
o Scenario 3: Operationalize cloud environment (e.g., prepare for planned
downtime).
 Solution: Azure Service Health – alerts for downtime, service retirements,
and RCAs.

Azure Management Tools Overview

1. Visual Tools:
o User-friendly but less effective for complex, large deployments.
o Best for initial setup and infrequent management.
o Examples: Azure Portal, Azure Mobile App.
2. Code-Based Tools:
o Suitable for repeatable and large-scale configurations.
o Commands/scripts can be saved, versioned, and reused.
o Example: Azure CLI, Azure PowerShell.
o Supports Infrastructure as Code (IaC):
 Imperative: Step-by-step instructions.
 Declarative: Desired outcome with automated execution.

Azure Management Tools

1. Azure Portal:
o Web-based UI for accessing Azure features.
o Great for new users or visual interface needs.
o Suitable for quick, one-off tasks.
2. Azure Mobile App:
o For monitoring and minor management on the go.
o Ideal when away from a computer.
3. Azure CLI:
o Bash-based scripting tool for managing Azure.
o Suitable for Linux users.
4. Azure PowerShell:
o Windows-friendly command-line tool.
o Ideal for Windows users and long-term IT professionals.
5. Azure Resource Manager (ARM) Templates:
o Declarative JSON-based templates for scalable, reliable deployments.
o Validates resources and dependencies before execution.
o Supports parallel creation of resources.

Choosing the Right Tool:
 1. One-off tasks:
o Use Azure CLI or Azure PowerShell.
o Preferred tool depends on Windows (PowerShell) or Linux (CLI) expertise.
2. Repeatable and reliable deployments:
o Use ARM templates for robust orchestration.
o Ensures dependencies are created in order and supports parallelism.
3. Reporting and Visual Needs:
o Use Azure Portal for graphical reports and custom insights.
4. Remote Monitoring:
o Use Azure Mobile App for flexibility and real-time issue triaging.

Tailwind Traders Scenarios:

1. Weekly Meetings (CFO & Cloud Director):
o Requirement: Visual insights and reporting.
o Tool: Azure Portal.
2. Windows Admins – One-off Tasks:
o Requirement: Windows background.
o Tool: Azure PowerShell.
3. Linux Admins – One-off Tasks:
o Requirement: Linux background.
o Tool: Azure CLI.
4. Cloud Monitoring for E-commerce:
o Requirement: Remote monitoring for holidays.
o Tool: Azure Mobile App.
5. Scaling Operations During Peak Periods:
o Requirement: Efficient, reliable, repeatable deployments.
o Tool: ARM templates.

Key Principles of Serverless Computing

 Serverless computing abstracts the underlying infrastructure.
 You don’t manage servers; the cloud vendor does, handling scaling and maintenance.
 The service runs based on events (e.g., HTTP request, timer, or message).
 Used primarily for backend tasks (e.g., messaging, data processing), not for user-facing
systems.
 Main Azure serverless services: Azure Functions and Azure Logic Apps.

Azure Functions

 Azure Functions hosts a single method that responds to events (e.g., HTTP request, queue
message).
 Can scale automatically based on demand (e.g., for IoT data).
 Stateless: Each invocation runs like a fresh execution.
 Durable Functions: Orchestrates long-running tasks while maintaining state.
 Ideal for developers who focus on writing event-driven logic (e.g., using C#, Python,
JavaScript).
Azure Logic Apps

 Azure Logic Apps is a low-code/no-code platform for automating workflows and integrating
systems.
 Works with a visual designer to build workflows with triggers and actions.
 Can integrate services via 200+ connectors (e.g., Salesforce, SAP, Oracle DB).
 Better for users with limited coding skills, such as business analysts, IT professionals, or cloud
architects.

Comparison of Azure Functions vs. Logic Apps

 Azure Functions: Best for developers who need full control over logic, especially for complex
algorithms or custom business logic.
 Azure Logic Apps: Best for non-developers or teams needing an easy, visual way to automate
workflows and integrate systems with minimal coding.

Example 1: Tailwind Traders - Real-Time Inventory Tracking

 Azure Functions is ideal because the logic is already written in C#, so developers can port the
existing code and bind it to an event-driven trigger (new message in queue).
 Azure Logic Apps could be used but would require building custom integrations, which could
be time-consuming for this scenario.

Example 2: Tailwind Traders - Customer Satisfaction Survey Workflow

 Azure Logic Apps is ideal for this no-code scenario: multiple pre-built connectors (Azure
Cognitive Services, Office 365, Dynamics 365) can automate the process without developer
involvement.
 Azure Functions would require significant developer effort to integrate these services
manually, making it less efficient for this case.

Conclusion

 Azure Functions: Best for custom logic and event-driven processes, especially for developers
who prefer code-based environments.
 Azure Logic Apps: Best for low-code/no-code automation, especially when integrating
existing APIs and workflows without needing developer resources.

Azure IoT Services Overview:

1. Azure IoT Hub:
o Acts as a central hub for communication between IoT devices and the cloud.
o Supports telemetry (data from devices), file uploads, and request-reply methods.
o Allows for device-to-cloud and cloud-to-device messaging.
o Use when needing basic telemetry and device control but no complex dashboards.
2. Azure IoT Central:
o Built on IoT Hub, but with added graphical dashboards for monitoring and managing
IoT devices.
o Ideal for users who need a pre-configured solution with templates for various
industries.
 o Provides easy-to-use dashboards, alerts, and remote device management.
o Best for those who need quick set-up with minimal customization.
3. Azure Sphere:
o A complete end-to-end solution focused on secure IoT devices.
o Combines microcontroller hardware, an OS, and a security service to ensure devices
aren’t compromised.
o Ideal for applications where security is critical, like ATMs or secure appliances.

Decision Criteria for Choosing IoT Service:

1. Security:
o Critical security needs: Choose Azure Sphere (provides the highest level of security).
o Security preferred but not critical: Azure IoT Hub or IoT Central (if security is not a
top priority).
2. Device Communication Needs:
o Simple telemetry and occasional updates: Use Azure IoT Hub (supports basic
communication).
o Reporting, monitoring, and device control needed: Use Azure IoT Central (pre-
configured dashboards for quick set-up).
3. Integration with Existing Systems:
o Want to integrate with current software: Azure IoT Hub (allows full customization
and integration with existing systems).
o Need a pre-built dashboard and less customization: Azure IoT Central (great for
quick deployment and pre-configured reports).

Scenario Examples:

 Tailwind Traders Appliances:
o Security not critical, only telemetry data needed for maintenance.
o Best option: Azure IoT Hub.
 Tailwind Traders Delivery Vehicles:
o Security ideal but not critical, need a dashboard for managing fleet and shipments.
o Best option: Azure IoT Central.
 Tailwind Traders Self-checkout Terminals:
o Security is critical (needs protection from malicious attacks).
o Best option: Azure Sphere.

 Azure Security Center:

 Purpose: Monitors security posture across both Azure and on-premises systems.
 Key Features:
o Automatically applies security settings.
o Provides recommendations for improvement.
o Detects and blocks malware.
o Monitors for inbound attacks and breaches.
o Offers just-in-time VM access and adaptive network hardening.
o Generates a secure score based on security controls.

 Azure Sentinel (SIEM):
  Purpose: Collects and analyzes security data across all environments (on-premises,
Azure, multi-cloud).
 Key Features:
o Uses machine learning for threat detection.
o Provides built-in and custom analytics for suspicious activities.
o Uses investigation graphs for threat analysis.
o Automates responses using workbooks, triggering actions like blocking IPs or
sending alerts.

 Azure Key Vault:

 Purpose: Manages sensitive information like passwords, encryption keys, and
certificates.
 Key Features:
o Stores and controls access to secrets and keys.
o Can manage SSL/TLS certificates.
o Offers secure access using authentication and authorization policies.
o Integrates with other Azure services for secure referencing of secrets.

 Azure Dedicated Host:

 Purpose: Provides dedicated physical servers for Azure VMs to meet compliance and
isolation requirements.
 Key Features:
o Provides control over server infrastructure.
o Useful for compliance and regulatory requirements.
o Allows selection of VM series, sizes, and processors.
o Supports maintenance control for update scheduling.

Azure offers security features across various layers:

1. Physical Security: This is the first line of defense in data centers, controlling physical
access to computing hardware.
2. Identity and Access: Ensures that only authorized users access resources. Azure
supports Single Sign-On (SSO), multi-factor authentication, and logging of events.
3. Perimeter Security: Distributed Denial of Service (DDoS) protection and perimeter
firewalls help filter attacks before they can affect the network.
4. Network Layer: Network segmentation and controls limit communication between
resources, reducing the risk of attacks spreading across systems.
5. Compute Layer: Secures access to virtual machines, ensuring systems are patched
and protected from malware.
6. Application Layer: Ensures that applications are secure and free of vulnerabilities.
7. Data Layer: Protects access to business and customer data, ensuring confidentiality
and compliance with regulations.

In addition to these layers, Azure provides specific tools:

 Azure Firewall: A cloud-based managed service that protects virtual networks,
offering high availability and scalability.
  DDoS Protection: Helps prevent large-scale attacks by filtering traffic before it
impacts services.
 Network Security Groups (NSGs): Allows filtering of traffic within an Azure virtual
network to further secure internal resources.

Chap 3:

 Authentication (AuthN):

 Verifies the identity of a user or service attempting to access resources.
 Involves credentials like usernames, passwords, or biometrics.
 Example: Showing an ID card to a doorman.

 Authorization (AuthZ):

 Determines what an authenticated user is allowed to access and do.
 Defines permissions based on the user's role or credentials.
 Example: A doorman granting access to specific rooms based on your ID.

 Azure Active Directory (Azure AD):

 A cloud-based Identity and Access Management service by Microsoft.
 Enables secure access to internal/external resources like Microsoft 365 and custom
apps.
 Offers functionalities such as:
o Authentication: SSO, multi-factor authentication (MFA), self-service
password reset.
o Device Management: Enabling conditional access through registered devices.
 Azure AD Connect integrates on-premises Active Directory with Azure AD for
seamless user experience and synchronization.

 Single Sign-On (SSO):

 Allows users to log in once and access multiple applications without re-entering
credentials.
 Reduces security risks and simplifies account management.

 Multi-Factor Authentication (MFA):

 Adds an extra layer of security by requiring two or more forms of identification.
 Examples: Password, phone code, or biometric scans.
 Azure AD MFA can be configured for administrators and specific users through
conditional access policies.

 Conditional Access:

 Grants or restricts resource access based on signals like user location, device, or risk
factors.
  Examples of policies:
o Require MFA for access from untrusted locations.
o Allow only approved client apps or managed devices to access services.
o Block access from unknown or high-risk locations.

1. Organizing Resources in Azure

Resource Tags

 Purpose: Enhance resource management, cost control, security, and governance.
 Metadata: Tags consist of a name (e.g., appname, cost center) and value (e.g., application
name, environment type).
 Uses:
o Resource Management: Locate resources by specific workloads or owners.
o Cost Optimization: Group resources for budget tracking and cost allocation.
o Operations Management: Organize by criticality (mission-critical, low-impact).
o Security: Classify data by sensitivity (e.g., public, confidential).
o Governance: Identify resources for compliance with standards like ISO 27001.
o Automation: Facilitate automation tasks by associating resources with workloads or
applications.
 Implementation:
o Add, modify, delete tags using Azure Portal, PowerShell, CLI, REST API, or Resource
Manager templates.
o Enforce tagging with Azure Policy.

2. Enforcing Compliance with Azure Policy

 What is Azure Policy?
o A service to create, assign, and manage policies that enforce rules on resource
configurations.
o Ensures compliance with corporate standards.

Features

 Policy Definition: Specifies conditions and effects (e.g., restrict VM regions, enforce MFA).
 Built-In Policies: Predefined categories (e.g., storage, networking, security).
 Policy Assignment:
o Scope: Management group, subscription, or resource group.
o Inheritance: Policies apply to all child resources unless explicitly excluded.
 Compliance Evaluation:
o Marks resources as compliant or non-compliant.
o Evaluates policies approximately every hour.
 Initiatives:
o Group related policies into one set.
o Useful for tracking large compliance goals (e.g., ISO 27001, HIPAA).
Example Uses

 Restrict VM sizes or locations.
 Audit and enforce network security (e.g., CORS, Endpoint Protection).
 Monitor unencrypted databases and security vulnerabilities.

3. Scaling Governance with Azure Blueprints

 What are Azure Blueprints?
o Define a repeatable set of governance tools and standard Azure resources.
o Designed to help scale governance across multiple subscriptions.
 Key Components:
o Artifacts: Role assignments, policy assignments, resource templates, resource
groups.
o Versioning: Tracks changes to blueprints.
 Steps to Implement:
o Create a blueprint definition (e.g., ISO 27001 compliance).
o Assign the blueprint to a management group or subscription.
o Track and audit blueprint assignments.
 Flexibility:
o Parameters in artifacts allow customization for different scopes.
 Example: Use the ISO 27001 shared services blueprint for compliance across subscriptions
under a management group.

4. Real-World Use Case: Tailwind Traders

 Tags:
o Organize test environments for easy deletion of unused resources.
o Use specific tags like appname, environment, and impact to manage cost and
prioritize resources.
 Azure Policy:
o Enforce tagging on resources.
o Prevent creation of non-compliant resources.
o Automatically reapply tags if removed.
 Azure Blueprints:
o Use ISO 27001 blueprint for organizational compliance.
o Standardize resource deployment and governance across new and existing
subscriptions.

This approach ensures Tailwind Traders can manage cloud resources effectively while
maintaining compliance, optimizing costs, and adhering to security and operational standards.
For further details, consider diving deeper into Azure's built-in tools via the portal or
command-line interfaces.
Summary of Azure Resource Organization and Governance

Resource Tags

 Purpose: Organize resources by adding metadata (tags) for:
o Resource Management: Locate resources by workload, environment, etc.
o Cost Management: Group resources for budget tracking.
o Operations Management: Classify resources by criticality.
o Security: Mark resources as public or confidential.
o Compliance: Ensure resources meet standards like ISO 27001.
o Automation: Tag workloads for easier deployment tasks.
 Implementation:
o Add/modify tags via Azure Portal, CLI, PowerShell, or Azure Policy.
o Use Azure Policy to enforce tag consistency and inheritance.

Azure Policy

 Purpose: Enforce governance by auditing and managing resource configurations.
 Features:
o Built-in and custom policies for compliance.
o Prevent creation of non-compliant resources.
o Auto-remediate non-compliance (e.g., reapply removed tags).
 Steps:
o Create Policy Definitions: Define conditions and actions.
o Assign Policies: Apply to resource groups, subscriptions, or management groups.
o Review Compliance: Check compliance status and remediate issues.
 Initiatives: Group multiple policies for broader compliance goals.

Azure Blueprints

 Purpose: Scale governance and enforce standards across multiple subscriptions.
 Features:
o Define reusable governance templates (e.g., ISO 27001).
o Combine artifacts like role assignments, policies, templates, and groups.
o Version control for tracking changes.
 Steps:
o Create a management group for organizing subscriptions.
o Define a blueprint using built-in templates or custom configurations.
o Assign the blueprint to ensure compliance across all subscriptions.

By combining tags, policies, and blueprints, you can effectively manage, monitor, and
ensure compliance in Azure environments.

1. Cloud Adoption Framework Stages:
o Define Your Strategy: Identify motivations, business outcomes, and ROI.
o Make a Plan: Inventory assets, align teams, plan skills development, and create an
adoption roadmap.
 o Ready Your Organization: Establish landing zones and refine them for governance,
security, and scalability.
o Adopt the Cloud: Start migration, modernize applications, and ensure innovations
align with business goals.
o Govern and Manage: Iteratively improve governance and operations with
benchmarks and feedback loops.
2. Azure Hierarchy:
o Resources: Individual services like VMs and databases.
o Resource Groups: Logical containers for resources.
o Subscriptions: Boundaries for resources, billing, and access control.
o Management Groups: Control and policy application across subscriptions.
3. Azure RBAC:
o Roles and Scopes:
 Built-in roles: Reader, Contributor, Owner.
 Custom roles: Define specific permissions.
 Scopes: Hierarchical (Management group → Subscription → Resource Group
→ Resource).
o Role Assignments:
 Attach roles to users, groups, or applications at a specific scope.
 Supports granular access control.
o Best Practices:
 Least privilege principle: Grant minimum required permissions.
 Role assignment via management groups for scalability.

Proposed Action Plan for Tailwind Traders

1. Define Governance Strategy:
o Create a Cloud Center of Excellence (CCoE) to centralize governance practices.
o Use the Governance Benchmark Tool to assess current readiness.
2. Implement Subscription Strategy:
o Organize subscriptions by department or project to align with billing and access
control requirements.
o Use tags for additional granularity in reporting.
3. Set Up Role-Based Access Control:
o Define roles and responsibilities for each team (e.g., Development, Engineering,
Marketing).
o Implement Azure RBAC to assign roles at appropriate scopes:
 Developers: Contributor role at the resource group level.
 Database administrators: Specific SQL roles at the subscription level.
4. Build Landing Zones:
o Establish initial landing zones for critical workloads with governance and security
policies.
o Use proven Azure blueprints to standardize configurations.
5. Begin Migration:
o Start with a low-risk, high-impact project.
o Use Azure Migrate to plan and execute migrations.
6. Continuous Improvement:
o Regularly update governance policies to address new risks.
o Monitor access and adjust roles as business needs evolve.
 o Establish feedback loops for ongoing optimization.

Compliance Categories Available on Azure

Azure compliance offerings are categorized as:

1. Global: Standards and regulations recognized worldwide (e.g., ISO/IEC 27001, CSA STAR
Certification).
2. US Government: Compliance for US government agencies (e.g., CJIS Security Policy,
FedRAMP).
3. Industry: Regulations for specific sectors (e.g., HIPAA for healthcare, PCI DSS for payment
security).
4. Regional: Standards specific to countries or regions (e.g., EU Model Clauses, UK Government
G-Cloud, Multi-Tier Cloud Security Singapore).

Key Compliance Offerings

1. Criminal Justice Information Service (CJIS):
o Contractual commitment to CJIS Security Policy for law enforcement and public
safety entities.
2. Cloud Security Alliance STAR Certification:
o Involves third-party assessments based on ISO/IEC 27001 and Cloud Controls Matrix
(CCM).
3. European Union Model Clauses:
o Guarantees compliance for data transfers outside the EU, adhering to GDPR.
4. Health Insurance Portability and Accountability Act (HIPAA):
o Provides Business Associate Agreements (BAA) to ensure compliance with PHI data
protection.
5. ISO/IEC 27018:
o Focuses on protecting personal data processed by cloud providers.
6. Multi-Tier Cloud Security (MTCS) Singapore:
o Certification across IaaS, PaaS, and SaaS.
7. Service Organization Controls (SOC):
o Covers SOC 1, 2, and 3 for auditing controls on security, availability, and processing
integrity.
8. National Institute of Standards and Technology (NIST) CSF:
o Adheres to guidelines for managing cybersecurity risks.
9. United Kingdom Government G-Cloud:
o Accreditation for services used by the UK government.
10. Payment Card Industry Data Security Standard (PCI DSS):
o Ensures compliance for businesses handling credit card transactions.

Microsoft's Compliance Resources
  Microsoft Privacy Statement: Details what personal data is collected and how it is used.
 Online Services Terms (OST): Legal agreement detailing obligations for processing and
security of customer data.
 Data Protection Addendum (DPA): Further elaborates on data security, retention, and
deletion practices.

Azure Government

 Specifically designed for US government agencies.
 Operates using isolated data centers in the US.
 Complies with strict government regulations like NIST and Department of Defense (Level 5).

Trust Center

The Trust Center is a key resource that provides:

 In-depth compliance information across Microsoft products.
 Links to audit reports, whitepapers, and additional compliance resources.
 Support for professionals managing security, privacy, and compliance.

For accessing specific compliance documentation, navigate to the Trust Center and explore
resources like ISO/IEC 27001 for detailed audit cycles, in-scope services, and FAQs.

Purchasing Azure Services & Factors Affecting Cost

 Azure Subscriptions:
o There are several Azure subscription options:
 Free Trial: Includes 12 months of popular services and $200 credit for
30 days.
 Pay-as-you-go: Allows you to pay for the resources you use, billed
monthly.
 Member Offers: Available to Visual Studio subscribers, Microsoft
Partner Network members, and others.
 Ways to Purchase Azure Services:
o Enterprise Agreement: Large organizations commit to spending a specific
amount over 3 years and receive custom pricing.
o Web Direct: Purchase directly from the Azure Portal at standard prices, billed
monthly.
o Cloud Solution Provider (CSP): A Microsoft partner who resells Azure
services and provides support.
 Billing Overview:
o Services are billed monthly via credit card or invoice, with the ability to track
usage in the Azure portal.
Factors Affecting Azure Costs

 Resource Types & Customization:
o The cost of a resource depends on its configuration. For example, storage costs
vary depending on the type, performance tier, and access tier (e.g., hot, cool, or
archive).
 Usage Meters:
o Azure tracks the usage of resources using meters, such as CPU time,
bandwidth, and disk operations. These meters accumulate usage data, which is
billed accordingly.
 Azure Subscription Types:
o Free Trial, Pay-as-you-go, and Enterprise Agreements come with different
pricing structures, including allowances for free services or credits.
 Azure Marketplace:
o You can purchase third-party services (e.g., backup solutions or managed
firewalls) that have their own pricing structures.
 Regions and Network Traffic:
o Costs may differ by region. Deploying in different Azure regions can have
price implications. For instance, transferring data between regions can incur
additional costs.
o Bandwidth Zones: Data transfer pricing depends on Azure's geographical
zones. Inbound transfers are usually free, but outbound transfers may incur
charges depending on the destination zone.
 VM Deallocation Example:
o De-allocating a VM (as opposed to deleting it) can save on compute costs, but
you'll still incur charges for the storage used by the VM's data.
 Azure Pricing Calculator:
o The pricing calculator helps estimate costs for various Azure products and
services by specifying your needs, selecting regions, and configuring services.
It provides a consolidated price estimate, including detailed breakdowns.

Best Practices to Minimize Azure Costs

 Understand Estimated Costs:
o It's crucial to get a clear idea of potential costs before making decisions about
Azure services. The Azure pricing calculator can help with this.
 Optimize Resource Usage:
o Avoid unnecessary resource allocation, and turn off resources that are not in
use (e.g., de-allocate VMs during off-hours).
 Review Resource Configurations:
o Choose the appropriate pricing tiers (e.g., Standard vs Premium storage) to
avoid overprovisioning resources that may not be necessary.
 Monitor and Adjust:
o Use tools like Azure's cost management and billing portal to track and review
your resource usage regularly. This helps in optimizing your usage over time.
 Leverage Azure Reserved Instances (RIs):
 o Committing to longer-term services (e.g., 1 or 3 years) can offer significant
cost savings on compute resources.
 Take Advantage of Discount Offers:
o Use available discounts for volume purchases, long-term commitments, or
certain Microsoft subscriptions to reduce overall spending.

1. Azure Service SLAs

 SLAs define performance guarantees (like uptime) for Azure services, and each service has its
own SLA.
 SLAs help assess the reliability of services and assist in setting your own application SLA.

2. Application SLA

 An application SLA defines the availability for your specific application on Azure.
 Example: A 99.9% SLA allows about 10.1 minutes of downtime per week.

3. SLA Breakdown

 Introduction: Explains the scope and terms of the SLA.
 General Terms: Defines downtime and error codes.
 SLA Details: Specifies performance guarantees (e.g., 99.9% uptime).

4. Impact of Multiple Services

 When combining multiple services, the composite SLA is calculated by multiplying individual
SLAs.
 For example, combining services like VMs, Databases, and Load Balancers results in a lower
overall SLA.

5. Improving SLA

 Azure Availability Zones and Redundancy across regions can increase your SLA.
 Use premium services to boost performance and availability.

6. Challenges with High SLA Targets

 Achieving SLAs higher than 99.99% is challenging due to minimal downtime allowed.
 Applications may need to self-heal (automatically recover) and use advanced monitoring to
meet these high targets.

Best Practices:

 Design with redundancy and multi-region deployments for higher availability.
 Use premium services to improve performance.
 Implement monitoring and automated recovery to maintain high SLAs.