Microsoft Azure : Getting Started with Fundamentals and Essential Services

Description

Discover the fundamentals of Azure and explore its essential services in this comprehensive guide. Whether you’re new to cloud computing or looking to expand your knowledge, this article provides a solid foundation for getting started with Azure. Learn about key computing services such as Azure Virtual Machine, Azure Container Instances, and Azure Kubernetes Service, as well as storage services like Azure Blob Storage and Azure Data Lake Storage. Dive into database services, application integration services, developer tools, IoT services, big data and analytics services, AI/ML services, serverless offerings, and more. Gain insights into Azure’s management tools, security features, compliance standards, and monitoring capabilities. With this resourceful overview, you’ll be equipped to navigate the Azure ecosystem and leverage its power to meet your business needs efficiently and effectively.

Tip: This will be Helpful for Getting Started with Azure 900 Exam

Azure Services

Computing Services

• Azure Virtual Machine – VMs
• Azure Container Instances – Docker as a service
• Azure Kubernetes Services – Kubernetes as a service k8s
• Azure Service Fabric – Tier 1 Enterprise container as a service
• Azure Function – Serveless compute
• Azure Batch – Plan, Schedules and Executes

Storage Services

• Azure Blob Storage – Object serveless storage
• Azure Disk Storage – Choose SSD or HHD
• Azure File Storage – Shared volume, EX: file server, SMB
• Azure Queue Storage – Messaging queue, integrated between 2 application to pass the message
• Azure Table Storage – Wide-Column no SQL Database
• Azure Data Box – Lets you send terabytes of data into and out of Azure in a quick, inexpensive, and reliable way
• Azure Achieve Storage – Long term cold storage
• Azure Data Lake Storage

Database Services

• Azure Cosmos Database – No SQL database
• Azure SQL Database – MS SQL database
• Azure Database For MySQL/PSQL/MARIA DB
• SQL Server on VMs
• Azure Synapse Analytics
• Azure Database Migration Service
• Azure Cache For Redis
• Azure Table Storage

Application Integration Services

These are services that are designed to App to App or services to talk each other.

• Azure Notification Hub
• Azure API Apps
• Azure Service Bus
• Azure Stream Analytics
• Azure Logic Apps
• Azure API Management
• Azure Queue Storage

Developer and Mobile Tools

• Azure SignalR Service – Real Time communications into your web application
• Azure App Service – Scaling web application
• Visual Studio – Code editor
• Xamarin – Mobile app framework

Azure DevOps Services

• Azure Boards – Kanban
• Azure Pipelines
• Azure Repos
• Azure Test Plans
• Azure Artifacts
• Azure DevTest Labs

Azure Resource Manager

Infrastructure as code (IAC)
– Using script to setups services like VMs, Database, Storage and more.
(Azure Resource Manage = ARM)

Azure Quick Start Templates

This is a library of pre made ARM templates

Deploy a django app – web app on linux with postgre SQL

vNets and Subnets

vNet logically isolated section to the Azure Network.
You choose a range of IPs using CIDR range.

Cloud-Native Networking Services

• Azure DNS – Ultra high domain availability
• Azure vNets
• Azure Load Balancer – OSI Layer 4 Load balancer
• Azure Application Gateway – OSI Layer 7 (HTTP) Load balancer
• Network Security Groups – A virtual firewall at the subnet level

Enterprise/Hybrid Networking Services

• Azure Front Door – Scalable and secure entry point
• Azure Express Route – A connection between your on-prem to azure cloud
• Virtual WAN
• Azure Connection – VPN connection (IPSec)
• Virtual Network Gateway – A site-to-site VPN connection

Azure Traffic Manager

Azure Traffic Manager – Operates at the DNS layer

• Route traffic to server
• Fail-over to redundant system
• Route to random VM

Azure DNS

Azure DNS allows you to host your domain names on Azure.
Azure DNS does not allow you to purchase domains

Azure Load Balancer

Evenly distributing incoming network traffic across a group of backend resources or servers.
Operates on OSI Layer 4.

Public load balancer, incoming traffic from internet to public facing servers (public IPs).
Internal (Private) load balancer, incoming internal network traffic to private facing servers (private IPs).

Scale Sets

Automatically increase or decrease the amount of servers.

• Change in CPU, Memory, Disk and more.
• On a predefined schedule.

IoT Services

Network of internet connected objects able to collect and exchange data

• Smart Bulbs
• Smart Fridges
• Drones
• Phones

1. IoT Central – Connect your IoT to cloud
2. IoT Hub – Highly secure and reliable connection between your IoT app devices it manages
3. IoT – A fully manages services built on Azure IoT Hubs
4. Windows 10 IoT core services

Big Data and Analytics Services

Big Data – Massive volumes of Structured/Unstructured data that is soo large to move and process.

• Azure Synaps Analytics – Data warehousing and big data analytics
• HD Insight – Open source analytics software
• Azure Databricks
• Data Lake Analytics

AI/ML Services

AI – Machine performs jobs that mimic human behavior.
ML – Machines get better at a task by predicting large amount of data.
Deep Learning – Machines that have an artificial neural network inspired by the human brain.

• Azure Machine Learning Services
• Azure Machine Learning Studio (Classic)

Services

• Personalizer
• Translator
• Anomaly Detector
• Azure Bot Services
• Form Recognizer
• Computer Vision
• Language Understandings
• Q&A Maker
• Text Analytics
• Content Moderator
• Face
• Ink Recognizer

Serverless Services

Serverless, the underlying Servers, Infrastructure, OS is taken care by the Cloud Service Provider.

• Event Driven Scale
• Abstraction of Servers
• Micro Billing

1. Azure Functions
2. Blog Storage
3. Logic Apps
4. Event Grid

Azure Portal

This is a web-based, unified console. The browser you use to access Azure any time you log into Azure is known as Portal.

Preview Portal

• Preview
• Beta
• Other Pre-Release

Azure PowerShell
Command Line Shell and a Scripting Language.
PowerShell is built on top of the .net Common Language Runtime (CLR).

• Azure PowerShell

Vs Code
Is a free source-code editor.

Azure Cloud Shell
Browser-Accessible Shell, we can use either Bash or PowerShell.

Azure CLI
Command Line Interface for Azure.

Azure Trust Center

Public-facing website portal providing easy access to privacy, security and regulatory compliance information.

Requirement

• NIST 800-53
• PIPDA Compliance
• HIPPA Compliance
• FIPS-140-2 Compliance

1. FIPS
2. Criminal Justice Information Services
3. NIST CSF
4. Cloud Security Alliance
5. UK Government – G Cloud
6. General Data Protection Regulation (GDPR)
7. Service Organization Controls (SOC)
8. EU Model Clauses
9. Multi-Tier Cloud Security
10. HIPPA
11. ISO & IEC 27018

Azure Active Directory

Azure AD, MS cloud based identity and access management services.

External Resources

• Microsoft Office 365
• Azure Portal
• SaaS Application

Internal Resources

• Application with your internal networking
• Access to work – on premise

Azure AD to implement Single-Sign On (SSO)
AD is to help employee sign in access resources

AD 4 editors:

1. Free
2. Office 365 Apps
3. Premium 1
4. Premium 2

Multi Factor Authentication

Two Factor Authentication- MFA protects against stolen password.
By Second Device (The Security Code).

Azure Security Center

This is a unified infrastructure security management system.

Key Vault

Safe guard Cryptographic Keys and other secret used by cloud apps and services.

• Secret Management – Token, Pass, API Keys and more
• Key Management – Encryptions
• Certificate Management – SSL Certification
• Hardware Security Module – FIPS 140-2
  • Hardware Security Module to store the encryption / cryptography keys
  • Multi Tenant FIPS 140-2
  • Multi Tenant FIPS 140-3

Azure DDOS Protections

This is used to protect from traffic floods with large amounts of fake traffic to down the website.

Azure Offers 2 Tiers of DDOS

DDOS Protect Basic

• Free
• Azure Global Network

DDOS Protect Standard

• Starting at $2,944/month
• DDOS Expert Support
• Metrics, Herts and Reporting
• SLAs

Azure Firewalls

Cloud based network security services

Azure Firewall Features

• Centrally create, enforce and load app and network connection.
• Uses a static public IP address to get identify by outside.
• No Additional load balancers are required.
• Span multiple AZs for increased availability.
• No Additional cost for firewall in availability zone.
• Additional costs for inbound and out bond data transfer.

Azure Information Protection

Protects sensitive information.

Azure Application Gateway

Web-traffic load balancer in layer 7 (HTTPS).
A WAF can be attached for the layer 7 to protects.
Routing rule to what comes and goes.

Azure Advanced Threat Protections (ATP)

IDS
Intrusion Detection System (Detects)

IPS
Intrusion Prevention System (Prevents)

ATP
Leverages your on-premise AD

Microsoft Security Development Lifecycle (SDL)

An industry-leading software security assurance process.

Azure Policies

A service to create, assign and manage polices.
Allows you to enforce or control the properties of resources.

Azure Role-Based Access Control (RBAC)

Who has access to azure resources.

Role Assignment

1. Security Principal
2. Role Definition – Collection of permission such as read, write and delete
3. Scope – Set of resources (VMs, database, storage)

A Security Principal represent the identities

• Users – Individuals
• Group – Set of users
• Service Principal
• Managed Identity

Azure Lock Resources

Lock a subscription, resource groups or resources.
Azure portal -> lock levels

• Cannot delete
• Read only

Azure Management Groups

Managing multiple subscription accounts.
root -> IT -> Admin

Azure Monitor

For collecting, analyzing and acting on telemetry.

• Create Visual Dashboard
• Smart Alerts
• Automated Actions

Azure Service Health

Current and upcoming issues. Azure status, Service health and resource health