├── az-204
├── az-204-3.md
├── az-204-7.md
├── az-204-5.md
├── functionjson.png
├── az-204-2.md
├── choice-flow-diagram.png
├── powershellfunction.png
├── powershelltemplate.png
├── az-204-4.md
├── az-204-6.md
├── study-strategy.md
├── flash-cards.md
├── az-204-1.md
├── alan-rodrigues-course.md
└── scott-duffy-course.md
├── az-900
├── role-scope.png
├── framework-stages.png
├── vpngatewaysizes.png
├── cloudservicemodels.png
├── connectivitymodels.png
├── gatewayrequirements.png
├── azureresourcemanager.png
├── sla-summary.md
├── az-900-6.md
├── az-900-4.md
├── az-900-1.md
├── az-900-5.md
├── az-900-3.md
├── az-900-2.md
└── alan-rodrigues-udemy-course.md
└── README.md
/az-204/az-204-3.md:
--------------------------------------------------------------------------------
1 | # [Store data in Azure](https://docs.microsoft.com/en-us/learn/paths/store-data-in-azure/)
2 |
--------------------------------------------------------------------------------
/az-204/az-204-7.md:
--------------------------------------------------------------------------------
1 | # [Secure your cloud data](https://docs.microsoft.com/en-us/learn/paths/secure-your-cloud-data/)
2 |
--------------------------------------------------------------------------------
/az-900/role-scope.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruthrootz/azure-certifications-study-notes/HEAD/az-900/role-scope.png
--------------------------------------------------------------------------------
/az-204/az-204-5.md:
--------------------------------------------------------------------------------
1 | # [Manage resources in Azure](https://docs.microsoft.com/en-us/learn/paths/manage-resources-in-azure/)
2 |
--------------------------------------------------------------------------------
/az-204/functionjson.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruthrootz/azure-certifications-study-notes/HEAD/az-204/functionjson.png
--------------------------------------------------------------------------------
/az-900/framework-stages.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruthrootz/azure-certifications-study-notes/HEAD/az-900/framework-stages.png
--------------------------------------------------------------------------------
/az-900/vpngatewaysizes.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruthrootz/azure-certifications-study-notes/HEAD/az-900/vpngatewaysizes.png
--------------------------------------------------------------------------------
/az-204/az-204-2.md:
--------------------------------------------------------------------------------
1 | # [Connect your services together](https://docs.microsoft.com/en-us/learn/paths/connect-your-services-together/)
2 |
--------------------------------------------------------------------------------
/az-204/choice-flow-diagram.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruthrootz/azure-certifications-study-notes/HEAD/az-204/choice-flow-diagram.png
--------------------------------------------------------------------------------
/az-204/powershellfunction.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruthrootz/azure-certifications-study-notes/HEAD/az-204/powershellfunction.png
--------------------------------------------------------------------------------
/az-204/powershelltemplate.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruthrootz/azure-certifications-study-notes/HEAD/az-204/powershelltemplate.png
--------------------------------------------------------------------------------
/az-900/cloudservicemodels.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruthrootz/azure-certifications-study-notes/HEAD/az-900/cloudservicemodels.png
--------------------------------------------------------------------------------
/az-900/connectivitymodels.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruthrootz/azure-certifications-study-notes/HEAD/az-900/connectivitymodels.png
--------------------------------------------------------------------------------
/az-900/gatewayrequirements.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruthrootz/azure-certifications-study-notes/HEAD/az-900/gatewayrequirements.png
--------------------------------------------------------------------------------
/az-900/azureresourcemanager.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ruthrootz/azure-certifications-study-notes/HEAD/az-900/azureresourcemanager.png
--------------------------------------------------------------------------------
/az-204/az-204-4.md:
--------------------------------------------------------------------------------
1 | # [Deploy a website with Azure virtual machines](https://docs.microsoft.com/en-us/learn/paths/deploy-a-website-with-azure-virtual-machines/)
2 |
--------------------------------------------------------------------------------
/az-204/az-204-6.md:
--------------------------------------------------------------------------------
1 | # [Deploy a website to Azure with Azure App Service](https://docs.microsoft.com/en-us/learn/paths/deploy-a-website-with-azure-app-service/)
2 |
--------------------------------------------------------------------------------
/az-204/study-strategy.md:
--------------------------------------------------------------------------------
1 | - memorize CLI commands from learning path, don't focus on exercises
2 | - then just take tons of practice tests and read the explanations
3 | - learn the order commands should be run to create specific things
4 | - types of questions: multiple choice, decide whether solution satisfies requirements, case studies
5 | - focus on PowerShell examples because JS isn't available in the test
6 |
--------------------------------------------------------------------------------
/az-204/flash-cards.md:
--------------------------------------------------------------------------------
1 | ## VMs
2 |
3 | 5 resources created when creating a VM
4 | - network interface
5 | - network security group
6 | - virtual network
7 | - OS disk
8 | - public IP address
9 |
10 |
11 | host .NET Core web app on Windows VM steps
12 | .....
13 |
14 |
15 | ## CLI commands
16 |
17 | PowerShell
18 | .....
19 |
20 |
21 | Bash
22 | .....
23 |
24 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Azure certifications study notes
2 |
3 | ### steps
4 | - [ ] go through Microsoft's learning paths (at the bottom of the exam pages)
5 | - [ ] take Udemy courses
6 | - [ ] fork and fill out AzureMentor notes (I did this free-recall style)
7 | - [ ] take practice tests (this is what really helped me, especially with the 204)
8 | - [ ] take the exam!
9 |
10 | ### AZ-900
11 | - [exam](https://docs.microsoft.com/en-us/learn/certifications/exams/az-900)
12 | - [notes](https://github.com/ruthrootz/azure-certifications-study-notes/blob/main/az-900)
13 | - resources
14 | - [Microsoft Azure - Beginner's Guide + AZ-900 - UPDATED 2021 - Alan Rodrigues](https://www.udemy.com/course/microsoft-azure-beginners-guide/) (removed)
15 | - [AZ-900: Microsoft Azure Fundamentals Exam Prep - OCT 2021](https://www.udemy.com/course/az900-azure/) (alternative)
16 | - [AzureMentor study guide](https://github.com/AzureMentor/Azure-AZ-900-Study-Guide)
17 |
18 | ### AZ-204
19 | - [exam](https://docs.microsoft.com/en-us/learn/certifications/azure-developer/)
20 | - [notes](https://github.com/ruthrootz/azure-certifications-study-notes/blob/main/az-204)
21 | - resources
22 | - [AZ-204 Developing for Microsoft Azure Exam Prep](https://www.udemy.com/course/70532-azure/)
23 | - [AZ-204: Developing Solutions for MS Azure Practice Tests](https://www.udemy.com/course/az-204-practice-tests/)
24 | - [AzureMentor study guide](https://github.com/AzureMentor/Azure-AZ-204-Study-Guide)
25 |
--------------------------------------------------------------------------------
/az-900/sla-summary.md:
--------------------------------------------------------------------------------
1 | - API management
2 | - We guarantee that API Management Service instances running in the Consumption Tier, Basic Tier, Standard Tier, and Premium Tier deployments scaled within a single region will respond to requests to perform operations at least 99.95% of the time.
3 | - We guarantee that API Management Service instances running in the Premium Tier with deployments scaled across two or more regions will respond to requests to perform operations at least 99.99% of the time.
4 | - app service: 99.95%
5 | - automation: 99.9%
6 | - active directory: 99.99%
7 | - Azure backup: 99.9%
8 | - bot services: 99.9%
9 | - cognitive search: 99.9%
10 | - cognitive services: 99.9%
11 | - Cosmos DB: 99.9%, but if you run endpoints on multiple regions you get 99.999%
12 | - DB for MySQL, MariaDB, PostgreSQL: 99.99%
13 | - DDoS protection: 99.99%
14 | - Azure Defender: 99.9%
15 | - DevOps: 99.9%
16 | - DNS: 100%
17 | - ExpressRoute: 99.95%
18 | - firewall: 99.95%
19 | - Azure Functions: 99.95%
20 | - Logic Apps: 99.9%
21 | - IoT Central, IoT Hub: 99.9%
22 | - Azure Maps: 99.9%
23 | - SQL DB
24 | - Azure SQL Database Business Critical or Premium tiers configured as Zone Redundant Deployments have an availability guarantee of at least 99.995%.
25 | - Azure SQL Database Business Critical or Premium tiers not configured for Zone Redundant Deployments, General Purpose, Standard, or Basic tiers, or Hyperscale tier with two or more replicas have an availability guarantee of at least 99.99%.
26 | - Azure SQL Database Hyperscale tier with one replica has an availability guarantee of at least 99.95% and 99.9% for zero replicas.
27 | - CDN: 99.9%
28 | - Key Vault: 99.99%
29 | - load balancer: 99.99%
30 | - storage accounts
31 | - We guarantee that at least 99.99% (99.9% for Cool Access Tier) of the time, we will successfully process requests to read data from Read Access-Geo Redundant Storage (RA-GRS) Accounts, provided that failed attempts to read data from the primary region are retried on the secondary region.
32 | - We guarantee that at least 99.9% (99% for Cool Access Tier) of the time, we will successfully process requests to read data from Locally Redundant Storage (LRS), Zone Redundant Storage (ZRS), and Geo Redundant Storage (GRS) Accounts.
33 | - We guarantee that at least 99.9% (99% for Cool Access Tier) of the time, we will successfully process requests to write data to Locally Redundant Storage (LRS), Zone Redundant Storage (ZRS), and Geo Redundant Storage (GRS) Accounts and Read Access-Geo Redundant Storage (RA-GRS) Accounts.
34 | - VPN Gateway
35 | - We guarantee 99.9% availability for each Basic Gateway for VPN or Basic Gateway for ExpressRoute.
36 | - We guarantee 99.95% availability for each Standard, High Performance, VpnGw1, VpnGw2, VpnGw3 Gateway for VPN.
37 | - We guarantee 99.95% availability for each Standard, High Performance, Ultra Performance Gateway for ExpressRoute.
38 |
--------------------------------------------------------------------------------
/az-900/az-900-6.md:
--------------------------------------------------------------------------------
1 | # [Part 6: Describe Azure cost management and service level agreements](https://docs.microsoft.com/en-us/learn/paths/az-900-describe-azure-cost-management-service-level-agreements/)
2 |
3 | ### [Plan and manage your Azure costs](https://docs.microsoft.com/en-us/learn/modules/plan-manage-azure-costs/?ns-enrollment-type=LearningPath&ns-enrollment-id=learn.az-900-describe-azure-cost-management-service-level-agreements)
4 | - Total Cost of Ownership (TCO) Calculator
5 | - it's an Azure service that estimates the cost difference between running on Azure vs. on-premise
6 | - categories of workloads to count in cost: servers, databases, storage, networking
7 | - add in: cost for electricity, IT labor cost, maintenance costs
8 | - purchasing Azure services
9 | - subscription types
10 | - free
11 | - pay-as-you-go
12 | - member offers (possible Azure services available through other Microsoft subscriptions you might have)
13 | - how to purchase services
14 | - through an enterprise agreement (for larger customers)
15 | - through Azure's website itself
16 | - through a cloud solution provider that you work with that uses Azure
17 | - factors that affect cost
18 | - different resources have different costs, and even different versions of the same resource
19 | - how much the resource is used (CPU time, time spent with public IP address, incoming and outgoing network traffic, disk size and number of read/write operations
20 | - things you buy off of Azure Marketplace
21 | - what region a resource is in
22 | - support option you choose
23 | - Auzre's Pricing Calculator can help aggregate these costs and give an estimate
24 | - manage and minimize total cost on Azure
25 | - understand your estimated costs before deploying (use TCO Calculator)
26 | - Azure Advisor is a platform that monitors your usage and shows you resources that you aren't using much and that can save you money if canceled
27 | - set spending limits
28 | - use Azure Reservations; you pay in advance and get up to 72% off
29 | - choose low-cost regions for your resources
30 | - use Azure Cost Management + Billing; it shows you where all your different costs are coming from; you can create reports and budgets from this dashboard and also get recommendations and alerts
31 | - resize underused VMs
32 | - deallocate VMs during off hours
33 | - delete unused resources
34 | - gradually move from IaaS to PaaS services; you get less control with a PaaS service but it's cheaper
35 |
36 | ### [Choose the right Azure services by examining SLAs and service lifecycle](https://docs.microsoft.com/en-us/learn/modules/choose-azure-services-sla-lifecycle/?ns-enrollment-type=LearningPath&ns-enrollment-id=learn.az-900-describe-azure-cost-management-service-level-agreements)
37 | - service-level agreement (SLA)
38 | - and SLA is a formal agreement between the service company (in this case, Azure) and the customer about the services being provided
39 | - an SLA with Azure will specify the performance and availability that Azure commits to providing its customer
40 | - you can view Azure's SLAs for various services from the Service Level Agreements page
41 | - performance commitments are typically measured as a percentage and represent the amount of uptime Azure commits to providing
42 | - SLA percentages and their corresponding downtime
43 | - 99 -> 1.68 hours/week
44 | - 99.99 -> 1.01 minutes/week
45 | - 99.999 -> 6 seconds/week
46 | - customers get service credits for experiencing downtime
47 | - free services usually don't have an SLA; you typically need to file a claim to get credit
48 | - define your application SLA
49 | - start with deciding how important each of your applications is to your company
50 | - sort your applications by business impact
51 | - consider each app's effect on other business operations
52 | - define the usage patters for each of your apps (when/how users use the app)
53 | - lastly, set a realistic percentage you can commit to
54 | - design your application to meet your SLA
55 | - identify your workloads (VMs, SQL DBs, load balancer, etc.)
56 | - compute a composite SLA percentage based on all the workloads (by multiplying the percentages together)
57 | - if you can't meet your SLA with your current workloads
58 | - consider upgrading individual resources
59 | - consider upgrading your Azure tier
60 | - deploy copies of VMs across different zones in the same region
61 | - deploy across multiple regions for redundancy
62 | - SLA percentages above 99.99 are almost never achievable
63 | - use preview services and preview features
64 | - Azure service lifecycle
65 | - development
66 | - public preview
67 | - production-ready service (general availability, or GA)
68 | - each preview service comes with its own terms and conditions, including whether it's covered by customer support
69 | - you can try out preview services, preview features on existing services and preview features on Azure Portal
70 |
--------------------------------------------------------------------------------
/az-900/az-900-4.md:
--------------------------------------------------------------------------------
1 | # [Part 4: Describe general security and network security features](https://docs.microsoft.com/en-us/learn/paths/az-900-describe-general-security-network-security-features/)
2 |
3 | ### [Protect against security threats on Azure](https://docs.microsoft.com/en-us/learn/modules/protect-against-security-threats-azure/?ns-enrollment-type=LearningPath&ns-enrollment-id=learn.az-900-describe-general-security-network-security-features)
4 | - Azure Security Center
5 | - it shows you how secure you are for both your Azure and on-premise services
6 | - security posture
7 | - how well can you predict, prevent and respond to threats?
8 | - what cybersecurity policies and controls do you have in place?
9 | - Security Center can
10 | - monitor all your security settings (Azure and on-prem)
11 | - automatically apply security settings when a resource comes online
12 | - provide security recommendations
13 | - automatically identify potential vulnerabilities
14 | - use ML to detect malware
15 | - detect potential attacks
16 | - provide just-in-time network port access
17 | - dashboard view shows security health, compliance, reports, etc.
18 | - cloud defense for VMs
19 | - just-in-time access to VMs
20 | - control which apps can run on the VMs
21 | - monitor network traffic
22 | - monitor changes to important config files
23 | - you can set up workflows using Azure Logic Apps to respond to security threats
24 | - Azure Sentinel
25 | - aggregates sources of security info (security information and event management, SIEM)
26 | - collect data from all users, devices, apps, infrastructure, both on-prem and cloud
27 | - detect threats using Microsoft's analytics
28 | - investigate threats with AI
29 | - respond to threats rapidly
30 | - connect to
31 | - Microsoft solution like Microsoft 365, Threat Protection, Azure Active Directory, Windows Defender Firewall
32 | - AWS CloudTrail, Citrix Analytics, VMWare Carbon Black Cloud, etc.
33 | - sources that use Common Event Format (CEF) messaging, Syslog or REST
34 | - you can create custom analyzers to detect threats
35 | - when an incident occurs, the user can view an investigation graph that shows where/how the incident occurred
36 | - you can use Azure Monitor Playbooks to automate a response to a threat
37 | - Azure Key Vault
38 | - store app secrets in one cloud location
39 | - manage secrets, encryption keys, SSL/TSL certificates or store secrets backed by hardware security modules (HSMs)
40 | - benefits
41 | - centralized app secrets
42 | - securely stored
43 | - access monitoring and access control
44 | - simplify administration of secrets
45 | - integrate easily with other Azure services, like storage accounts, containers, event hubs, etc.
46 | - Azure Dedicated Host
47 | - host your VMs on a dedicated physical server
48 | - if you want to be the only Azure customer running on a server, you can get a dedicated server
49 | - a "dedicated host" is a physical server in an Azure datacenter
50 | - a "host group" is a collection of dedicated servers
51 | - benefits
52 | - helps with compliance requirements if you're required to not share hardware with other customers
53 | - lets you choose server hardware details, like processors
54 | - you have more control over the infrastructure than with a regular VM
55 | - you can also control when maintenance updates occur (within a 35-day window)
56 | - you pay per dedicated host
57 |
58 | ### [Secure network connectivity on Azure](https://docs.microsoft.com/en-us/learn/modules/secure-network-connectivity-azure/?ns-enrollment-type=LearningPath&ns-enrollment-id=learn.az-900-describe-general-security-network-security-features)
59 | - defense in depth: protect information and prevent it from being stolen or accessed by unauthorized people
60 | - layers (outside to inside)
61 | - physical security
62 | - identity + access
63 | - perimeter (protects from DDoS attacks)
64 | - network
65 | - compute (access to VMs)
66 | - application
67 | - data
68 | - each layer provides protection
69 | - Azure has security tools at each of these layers
70 | - security posture: your ability to protect from and respond to attacks
71 | - CIA
72 | - confidentiality: deny access by default and only give permission to people who need it
73 | - integrity: preventing changes to information when it's at rest and when it's in transit, one-way hashing algs are often used
74 | - availability: ensure services are available to authorized users and nobody's degrading the systems availability (through a DDoS, for example)
75 | - Azure Firewall
76 | - firewall: monitors incoming/outgoing network traffic and decides which requests to let pass based on security rules
77 | - you can set rules that allow requests from a certain range of IP addresses pass through
78 | - rules can also include port and network protocol info
79 | - Azure Firewall sits between your vnets, your on-prem network and the public web
80 | - it's a stateful firewall which means it analyzes the whole network connection instead of just individual packets
81 | - features
82 | - high availability
83 | - cloud scalability
84 | - inbound/outbound filtering rules
85 | - inbound Destination Network Address Translation (DNAT) support
86 | - Azure Monitor logging
87 | - the firewall should live on a network that connects your vnets, local networks and the internet
88 | - you can configure
89 | - rules that define fully qualified domain names (FQDNs) that can be accesses from a subnet
90 | - rules that define source address, protocol, destination port and destination addresses
91 | - Network Address Translation (NAT) rules that determine the destination IP and port for inbound requests
92 | - Azure also provides web application firewalls (WAFs) through Azure Application Gateway, Azure Front Door and Azure Content Delivery Network
93 | - Azure DDoS Protection
94 | - a distributed denial of service attack attempts to overload an app's network resources by flooding it with requests
95 | - DDoS Protection uses Microsoft's global network to provide DDoS mitigation to every region
96 | - DDoS Protection analyses and discards DDoS traffic
97 | - offers the same level of protection that Microsoft uses to protect its online services
98 | - service tiers
99 | - basic (free with Azure subscription)
100 | - standard offers additional capabilities tuned to work specifically with Azure vnets
101 | - types of attacks it protects from
102 | - volumetric attacks
103 | - protocol attacks (exploit weakness at L3 and L4)
104 | - application layer (only applies to app firewalls, WAFs)
105 | - network security groups (NSGs)
106 | - you can authorize groups to only access specific resources within a vnet
107 | - you filter traffic based on source, destination, port and protocol
108 |
109 |
--------------------------------------------------------------------------------
/az-204/az-204-1.md:
--------------------------------------------------------------------------------
1 | # [Create serverless applications](https://docs.microsoft.com/en-us/learn/paths/create-serverless-applications/)
2 |
3 | ### [Choose the best Azure service to automate your business processes](https://docs.microsoft.com/en-us/learn/modules/choose-azure-service-to-integrate-and-automate-business-processes/)
4 | - design-first
5 | - Logic Apps
6 | - over 200 connectors (interface to an external service)
7 | - you can create connectors if your system exposes a REST API
8 | - code editing is possible
9 | - Microsoft Power Automate
10 | - create workflow with no coding/IT experience
11 | - types
12 | - automated: triggered by an event
13 | - button click starts workflow
14 | - schedule: runs on a schedule
15 | - business process
16 | - code-first
17 | - WebJobs
18 | - part of Azure App Service
19 | - allows developers to detail retry policies
20 | - types
21 | - continuous
22 | - triggered
23 | - can write in multiple languages
24 | - you can use the WebJobs SDK if you're programming the workflow in C# or VB.NET
25 | - package manager: NuGet
26 | - Azure Functions
27 | - you can write a function in C#, Java, JavaScript, PowerShell, Python, or any of the languages in [Supported languages in Azure Functions](https://docs.microsoft.com/en-us/azure/azure-functions/supported-languages)
28 | - templates
29 | - HTTPTrigger
30 | - TimerTRigger
31 | - BlobTrigger: triggers when a new blob is added to an Azure Storage account
32 | - CosmosDBTrigger: triggers in response to new/updates docs in a NoSQL DB
33 | - package managers: NuGet and NPM
34 | - their similarities
35 | - accept inputs
36 | - run actions
37 | - include conditions
38 | - produce outputs
39 | - run on a schedule or be triggered by some event
40 | - Azure Functions and Logic Apps scale automatically
41 | - 
42 |
43 | ### [Create serverless logic with Azure Functions](https://docs.microsoft.com/en-us/learn/modules/create-serverless-logic-with-azure-functions/)
44 | - serverless compute: can be thought of function as a service (FaaS)
45 | - features of serverless compute
46 | - scales automatically
47 | - pay for time running
48 | - stateless
49 | - even driven
50 | - maximum of 10 minutes that the function can be run for
51 | - if it's executed often, it might be cheaper to run on a VM
52 | - you can move your function to a traditional compute environment
53 | - Azure Functions service plans
54 | - consumption plan: max timeout of 10 min. and stateless
55 | - Azure App Services plan: run your function on a VM, stateful, no timeout
56 | - triggers
57 | - blob
58 | - CosmosDB
59 | - Event Hub
60 | - HTTP
61 | - Microsoft Graph event
62 | - Queue Storage
63 | - message from a Service Bus queue
64 | - timer
65 | - binding: defines what happens between when input is received and data is outputted
66 | - functions can have multiple bindings but only one trigger
67 | - a group of functions is called a Function App
68 | - 
69 | - logging
70 | - JS: `context.log('Enter your logging statement here');`
71 | - C#: `log.LogInformation("Enter your logging statement here");`
72 | - PowerShell: `Write-Host "Enter your logging statement here"`
73 | - PowerShell template for HTTP trigger Function APP
74 | - 
75 | - authorization levels for HTTP requests
76 | - anonymous: no key required
77 | - admin: there is one master key
78 | - function: function-specific key
79 | - test the function with a cURL command: `curl --header "Content-Type: application/json" --header "x-functions-key: " --request POST --data "{\"name\": \"Azure Function\"}" `
80 | - PowerShell business logic
81 | - 
82 |
83 | ### [Execute an Azure Function with triggers](https://docs.microsoft.com/en-us/learn/modules/execute-azure-function-with-triggers/)
84 | - timer trigger
85 | - you need to pass in a timestamp parameter name, so you can access the trigger in the code
86 | - and you need to pass in a CRON expression, which is the time interval for the timer
87 | - `{second} {minute} {hour} {day} {month} {day of the week}`
88 | - `0 */5 * * * *` executes the function every 5 minutes
89 | - `*`: every value in the field
90 | - `,`: separates values, e.g. 1,3 in the day of the week field means "Mondays and Wednesdays"
91 | - `-`: specifies a range
92 | - `/`: specifies an increment, e.g. */5 in the minute field means "every 5 minutes"
93 | - HTTP trigger
94 | - you can customize the HTTP trigger
95 | - filter which types of requests trigger the function
96 | - require requests to have an auth key
97 | - two types of keys
98 | - host: these keys can authorize requests for all functions in an app
99 | - function: these keys can authorize requests for only one function
100 | - three authorization levels you can set on the function itself
101 | - function: key-based, must supply either a host or function key
102 | - admin: key-based, must supply a host key
103 | - anonymous: no key required
104 | - return data back to the caller
105 | - use URL route templates
106 | - blob trigger
107 | - function triggers when a blob gets uploaded to a storage account
108 | - you need to specify the path that you want to monitor
109 | - e.g. `samples-workitems/{name}`, or `samples-workitems/{name}.png` if you only want to trigger on png uploads
110 | - `name` is a parameter for the file name that you use as a variable in the function logic
111 |
112 | ### [Chain Azure Functions together using input and output bindings](https://docs.microsoft.com/en-us/learn/modules/chain-azure-functions-data-using-bindings/)
113 |
114 | ### [Create a long-running serverless workflow with Durable Functions](https://docs.microsoft.com/en-us/learn/modules/create-long-running-serverless-workflow-with-durable-functions/)
115 |
116 | ### [Develop, test, and publish Azure Functions by using Azure Functions Core Tools](https://docs.microsoft.com/en-us/learn/modules/develop-test-deploy-azure-functions-with-core-tools/)
117 |
118 | ### [Develop, test, and deploy an Azure Function with Visual Studio](https://docs.microsoft.com/en-us/learn/modules/develop-test-deploy-azure-functions-with-visual-studio/)
119 |
120 | ### [Monitor GitHub events by using a webhook with Azure Functions](https://docs.microsoft.com/en-us/learn/modules/monitor-github-events-with-a-function-triggered-by-a-webhook/)
121 |
122 | ### [Enable automatic updates in a web application using Azure Functions and SignalR Service](https://docs.microsoft.com/en-us/learn/modules/automatic-update-of-a-webapp-using-azure-functions-and-signalr/)
123 |
124 | ### [Expose multiple Azure Function apps as a consistent API by using Azure API Management](https://docs.microsoft.com/en-us/learn/modules/build-serverless-api-with-functions-api-management/)
125 |
126 | ### [Build serverless apps with Go](https://docs.microsoft.com/en-us/learn/modules/serverless-go/)
127 |
--------------------------------------------------------------------------------
/az-900/az-900-1.md:
--------------------------------------------------------------------------------
1 | # [Azure Fundamentals part 1: Describe core Azure concepts](https://docs.microsoft.com/en-us/learn/paths/az-900-describe-cloud-concepts/)
2 |
3 | ### [Introduction to Azure fundamentals](https://docs.microsoft.com/en-us/learn/modules/intro-to-azure-fundamentals/)
4 | - what does Azure offer?
5 | - be ready for the future with Microsoft's constant innovation
6 | - build on your terms, supports all languages and frameworks
7 | - hybrid, on-premises and cloud
8 | - trust your cloud, security that's trusted by all
9 | - what can I do with Azure?
10 | - teams often start with Azure by running their existing apps on Azure's VMs
11 | - create AI and machine learning solutions with speech, text, etc.
12 | - dynamically grow to accommodate data
13 | - how does Azure work?
14 | - it does virtualization by using something called a hypervisor
15 | - the hypervisor runs multiple VMs on each server
16 | - one server in each rack runs a "fabric controller"
17 | - and each fabric controller is connected to the orchestrator
18 | - the orchestrator manages everything to do with the servers, including responding to user requests
19 | - requests are made through the Azure API, which can be accessed many ways, including through the Azure Portal
20 | - when a fabric controller gets a request from the orchestrator, it creates the VM, does something on the VM, whatever the user requested
21 | - what is Azure Portal?
22 | - Azure Portal is the GUI version of the Azure API
23 | - you can build, manage and monitor your apps/deployments
24 | - you can create custom dashboards
25 | - what is Azure Marketplace?
26 | - on Azure Marketplace you can install services to run on Azure
27 | - examples: all sorts of DBs, OS images, blockchain workbenches and dev kits
28 | - Azure services categories
29 | - compute: VMs, deployed apps
30 | - networking: VPN, load-balancing
31 | - storage: disk, file, blob and archival storage types
32 | - mobile: cross-platform/native devices, send notifications, etc.
33 | - DBs: various DB services
34 | - web: Azure Maps for geo services, publish APIs, etc.
35 | - IoT: connect tons of different IoT devices, analyze sensor data
36 | - big data: open source cluster services help do analysis
37 | - AI: use your data to forecast
38 | - devops: automating software delivery
39 | - subscription -> resource groups -> resource -> whatever that resource is (app, function, DB, etc.)
40 |
41 | ### [Discuss Azure fundamental concepts](https://docs.microsoft.com/en-us/learn/modules/fundamental-azure-concepts/)
42 | - public, private and hybrid clouds
43 | - public: services offered over the public internet
44 | - private: these are the services that are only used by the owners of the resources
45 | - hybrid: a cloud that has both private and public resources and allows data to be shared between them
46 | - model comparisons
47 | - public:
48 | - organizations pay only for what they use
49 | - no capital expenditures to scale up (see capEx/opEx below)
50 | - applications can be quickly provisioned and deprovisioned
51 | - private:
52 | - hardware must be purchased at startup and for maintenance
53 | - organizations have complete control
54 | - organizations are solely responsible for maintenance/security
55 | - hybrid:
56 | - most flexible of the models
57 | - organizations decide where to run their applications
58 | - organizations control security/compliance
59 | - cloud computing advantages
60 | - no apparent downtime for the user (how do they do that?)
61 | - easily scale vertically (increase processing power on individual machines) and horizontally (add capacity such as additional VMs)
62 | - scale up or down as needed so you only pay for what you use
63 | - deploy quickly as requirements change
64 | - distribute deployments across the world to get the best performance everywhere
65 | - backup services and data replication
66 | - capital expenses vs. operating expenses
67 | - capEx: the up-front costs of physical infrastructure, these assets depreciate over time
68 | - opEx: cost you pay as you use the services/products (consumption-based model), recurring payments
69 | - cloud services are opEx, users only pay for the resources that they use
70 | - opEx benefits:
71 | - has no upfront costs
72 | - no need to pay for maintenance or infrastructure that might go unused
73 | - pay only for what you use
74 | - stop paying for what you don't use
75 | - cloud service models
76 | - SaaS services -> PaaS services -> IaaS services
77 | - IaaS (infrastructure as a service): closest to managing physical servers, the cloud provider only keeps the hardware up to date, operating system and network configuration is up to the user
78 | - PaaS (platform as a service): one step up from IaaS, the software as well as hardware requirements for running an app are taken care of by the provider, the user just has to upload code
79 | - SaaS (software as a service): the software is provided on top of everything else, e.g. Office 365
80 | - disadvantages
81 | - Paas: the hardware might have limitations and the user can't customize
82 | - SaaS: the hardware might not satisfy all the user's requirements, and the software itself might not either, no customization available
83 | - 
84 | - serverless computing
85 | - the developers don't deal with the actual running of their app on a server, a provider runs the server for them
86 |
87 | ### [Describe core Azure architectural components](https://docs.microsoft.com/en-us/learn/modules/azure-architecture-fundamentals/)
88 | - overview
89 | - management groups
90 | - manage access, policy, etc. for multiple subscriptions
91 | - subscriptions
92 | - groups user accounts
93 | - resource groups
94 | - resources grouped together, say by app
95 | - resources
96 | - VMs
97 | - DBs
98 | - etc.
99 | - Azure regions, availability zones, region pairs
100 | - regions
101 | - Azure balances workloads in each region so that each region can serve its users as quickly as possible
102 | - each resource gets deployed to a specific region, and the VM where that resource lives will be within that region
103 | - availability zones
104 | - physically separate data centers in a region
105 | - the idea is that at least one center in each zone will be running at any one time
106 | - not all regions support availability zones
107 | - you can replicate resources in multiple zones to provide redundency
108 | - services that support zones
109 | - zonal services (pin resource to a zone)
110 | - VMs, IP addresses, managed disks
111 | - zone-redundant services (replicates automatically across zones)
112 | - storage, SQL DBs
113 | - region pairs
114 | - each region is paired with another region at least 300 miles away
115 | - the resources in each region are replicated in the other in case something wipes out the other region
116 | - some Azure services offer automatic geo-redundant storage with region pairs
117 | - resource groups
118 | - usually a group holds resources that are of the same type, related to the same app or all in the same region
119 | - a resource can only be a member of one group
120 | - deleting a resource group deletes all the resources in it
121 | - you can apply role-based access control (RBAC) to a resource group
122 | - resource manager
123 | - 
124 | - with resource manager you can deploy/redeploy resources with templates to ensure deployments are consistent
125 | - you can define dependencies between resources
126 | - you can apply tags to resources
127 | - subscriptions
128 | - each user/account can have multiple subscriptions, each with different resource groups, permissions, etc.
129 | - subscriptions can separate dev environments (testing, development, etc.)
130 | - subscriptions can separate organizational structures, departments
131 | - subscriptions can separate different billing groups so costs can be tracked by groups
132 | - some resources are limited to a certain number per subscription, so you might make additional subscriptions in order to make more of that resource
133 | - billing
134 | - subscriptions can be grouped together into invoice sections so you can see the cost of groups of subscriptions
135 | - billing account -> billing profile -> invoice section -> subscription
136 | - each billing profile has its own monthly invoice and payment method
137 | - management groups
138 | - management groups are a level above subscriptions
139 | - subscriptions automatically inherit the conditions/rules applied to the group
140 | - e.g., you can make a rule for a management group that resources can only be made in specific regions
141 | - a management group tree can be six levels deep, not including the root level or the subscription level
142 | - Azure Marketplace
143 | - store for apps that are certified to run in Azure, made up of Azure resources
144 | - you can buy and then deploy your own "copies" of those apps
145 |
146 |
--------------------------------------------------------------------------------
/az-900/az-900-5.md:
--------------------------------------------------------------------------------
1 | # [Part 5: Describe identity, governance, privacy, and compliance features](https://docs.microsoft.com/en-us/learn/paths/az-900-describe-identity-governance-privacy-compliance-features/)
2 |
3 | ### [Secure access to your applications by using Azure identity services](https://docs.microsoft.com/en-us/learn/modules/secure-access-azure-identity-services/?ns-enrollment-type=LearningPath&ns-enrollment-id=learn.az-900-describe-identity-governance-privacy-compliance-features)
4 | - authentication vs. authorization
5 | - authentication: establishing user's identity, is the user who they say they are
6 | - authorization: once identity is authenticated, authorization determines what the user gets access to
7 | - Azure Active Directory
8 | - Active Directory runs on a Windows Server and "syncs" user logins across your services and resources so that each user only has one account associated with them
9 | - Azure AD takes AD to a new level by being a cloud-based version of AD that syncs your on-prem stuff (apps on intranet, cloud applications) and your Azure and Microsoft resources (Azure, Microsoft 365, etc.)
10 | - Azure AD provides
11 | - authentication: verify user's identity
12 | - single sign-on (SSO): a single identity (login) is linked to a single user
13 | - application management
14 | - device management: restrict access attempts to those coming from known devices (so a user can't sign in to just any device)
15 | - Azure AD Connect syncs your local, existing AD to with Azure AD
16 | - your Azure AD instance is tied to an Azure AD "tenant" that has users linked to it
17 | - multifactor authentication and conditional access
18 | - Azure AD Multi-Factor Authentication
19 | - user is prompted for an additional form of identification when signing in
20 | - three different categories of identifying elements
21 | - something the user knows: email, password, etc.
22 | - something the user has: a code sent to their phone, etc.
23 | - something the user is: a biometric property
24 | - Azure AD offers multi-factor authentication for the "global admin" access level, but it can be turned on for all users
25 | - Conditional Access
26 | - Azure AD can be used to allow/deny access based on the user's identity, location and device
27 | - you can conditionally turn on multi-factor authentication based on these things as well
28 | - you need an Azure AD Premium P1 or P2 license or a Microsoft 365 Business Premium license to use Conditional Access
29 |
30 | ### [Build a cloud governance strategy on Azure](https://docs.microsoft.com/en-us/learn/modules/build-cloud-governance-strategy-azure/?ns-enrollment-type=LearningPath&ns-enrollment-id=learn.az-900-describe-identity-governance-privacy-compliance-features)
31 | - governance: establishing rules and policies and making sure they are adhered to
32 | - it helps you make sure you stay compliant with industry standards (like PCI DSS) and corporate standards, like security requirements
33 | - role-based access control (Azure RBAC)
34 | - you can create roles or use Azure's built-in roles that define a set of permissions
35 | - then you assign users or groups to one or more of these roles
36 | - 
37 | - each column is a role (custom or built-in)
38 | - each row is a scope
39 | - each user or user group can be assigned multiple roles that span multiple scopes
40 | - when you assign a role to a user you also select a scope
41 | - management group (collection of subscriptions)
42 | - single subscription
43 | - resource group
44 | - single resource
45 | - every action that gets passed through Azure Resource Manager will verify that the user has permission to make the action
46 | - resource locks
47 | - a resource lock prevents authorized users from making changes or from deleting a resource
48 | - there are two levels of lock: CanNotDelete and ReadOnly
49 | - entities that can have a lock: subscriptions, resource groups, resources
50 | - a lock can be added/deleted from the entity's Settings -> Locks page
51 | - if you have an Azure Blueprint it can replace locks on specific entities in case the lock gets deleted
52 | - organize resources with tags
53 | - ways to organize resources: group them into subscriptions, put related resources into resource groups, add metadata tags to the resources
54 | - resource tags let you
55 | - find resources based on specific workloads, environments, business units and owners
56 | - group resources and generate cost reports and estimates
57 | - group tags into how critical their availability is
58 | - classify resources by security level
59 | - identify which resources are compliant with which regulations
60 | - perform automated tasks on resources based on their tags
61 | - you can use Azure Policy to enforce rules about tags, such as requiring tags to be applied to new resources or making resources inherit tags from their resource group, etc.
62 | - Azure Policy
63 | - Azure Policy lets you define rules/policies that control you resources
64 | - you can get Policy to
65 | - prevent locks from being removed from certain resources
66 | - require that certain tags be applied to certain resources
67 | - reapply locks, tags, etc. if they get removed
68 | - prevent non-compliant resources from being created
69 | - highlight non-compliant resources
70 | - apply policies to DevOps pre- or post-deployment phases
71 | - example: require MFA for all subscription accounts with write permissions
72 | - example: require system updates (which are recommended through Azure Security Center)
73 | - a group of policies is called an initiative
74 | - Azure has a bunch of built-in policies you can use
75 | - when you create a policy you're defining what to evaluate and what action to take
76 | - when you apply a policy, you apply it to a specific scope (see scopes listed above), and all the subscopes automatically get the policy applied
77 | - policies are evaluated about once per hour
78 | - Azure Policy initiatives
79 | - it's a way of grouping policies together
80 | - example: a group of policies that check for notifications from Azure Security Center regarding the resources the initiative is applied to
81 | - Azure Blueprints
82 | - it allows you to define a set of governance tools and standard resources at the subscription level
83 | - things Azure Blueprints orchestrate
84 | - role assignments
85 | - policy assignments
86 | - Azure Resource Manager (ARM) templates
87 | - resource groups
88 | - blueprints are versioned
89 | - each component in a blueprint is called an artifact
90 | - some artifacts require configuration while some are ready to go right away
91 | - Cloud Adoption Framework
92 | - it's a step-by-step guide for implementing your cloud infrastructure
93 | - each stage has exercises and tools for you to work with
94 | - stages:
95 | - 
96 | - create a subscription governance strategy
97 | - things to consider when setting up subscriptions for your Azure cloud
98 | - decide how to split up subscriptions based on billing practices (by department maybe?)
99 | - each subscription has an Azure Active Directory tenant, which provides admins with the ability to define and assign roles
100 | - consider resource limits (e.g. you can only have up to 10 Azure ExpressRoute circuits per subscription)
101 |
102 | ### [Examine privacy, compliance, and data protection standards on Azure](https://docs.microsoft.com/en-us/learn/modules/examine-privacy-compliance-data-protection-standards/?ns-enrollment-type=LearningPath&ns-enrollment-id=learn.az-900-describe-identity-governance-privacy-compliance-features)
103 | - compliance: adhere to a law, guideline or standard
104 | - regulatory compliance: the process of ensuring a company follows the laws that governing bodies enforce
105 | - Azure's compliance offerings
106 | - Azure offers compliance in the categories of global, U.S. government, industry and regional
107 | - Azure has obtained Cloud Security Alliance STAR certification
108 | - Azure conforms to the Criminal Justice Information Services (CJIS) Security Policy
109 | - it also follows the EU data privacy laws
110 | - it follows HIPAA regulations
111 | - it has adopted the ISO/IEC 27018 personal information code of practice
112 | - others
113 | - Multi-Tier Cloud Security Singapore
114 | - Service Organization Controls 1, 2, and 3
115 | - National Institute of Standards and Technology Cybersecurity Framework
116 | - United Kingdom Government G-Cloud
117 | - access Microsoft Privacy Statement, Online Services Terms and the Data Protection Addendum
118 | - Microsoft Privacy Statement
119 | - explains what personal data Microsoft collects, how it's used and for what purposes
120 | - every device, application, service, website, software that Microsoft makes has a MPS
121 | - Online Services Terms
122 | - applies to online subscriptions from Microsoft
123 | - it's an agreement for you and Microsoft to both respect customer data
124 | - Data Protection Addendum
125 | - outlines Microsoft's online services' compliance with laws, disclosure of processed data, data security and data transfer/deletion/retention
126 | - you can access the DPA from the Licensing Terms and Documentation page and by searching "DPA" in the search bar
127 | - Trust Center
128 | - it provides information about security, privacy, compliance, policies, feature and practices across Microsoft's cloud products
129 | - has additional resources for each topic
130 | - links to news about security, privacy and compliance
131 | - Azure compliance documentation
132 | - provides detailed information about Azure's compliance to legal and regulatory standards
133 | - the documentation spans these categories
134 | - Global
135 | - US government
136 | - Financial services
137 | - Health
138 | - Media and manufacturing
139 | - Regional
140 | - you can also find audit reports and compliance blueprints
141 | - Azure Government
142 | - it's a separate instance of Microsoft Azure that addresses the extra security and compliance needs of government services/agencies/clients
143 | - it provides physical isolation from non-US government deployments and employs screened personnel
144 | - examples of government regulations that Azure Government addresses
145 | - Federal Risk and Authorization Management Program (FedRAMP)
146 | - National Institute of Standards and Technology (NIST) 800.171 Defense Industrial Base (DIB)
147 | - International Traffic in Arms Regulations (ITAR)
148 | - Internal Revenue Service (IRS) 1075
149 | - Department of Defense (DoD) L4
150 | - Criminal Justice Information Service (CJIS)
151 | - Azure China 21Vianet
152 | - it's a version of Azure that is operated by 21Vianet, which is located in China
153 | - it is a fully owned subsidiary of 21Vianet
154 | - China has special/extra regulations that IaaS and PaaS companies have to follow
155 | - the service also has to have less than 50% foreign investment, which is why Azure China 21Vianet is owned by a Chinese company
156 | - Azure China 21Vianet supports most of the services that global Azure does
157 |
--------------------------------------------------------------------------------
/az-900/az-900-3.md:
--------------------------------------------------------------------------------
1 | # [Part 3: Describe core solutions and management tools on Azure](https://docs.microsoft.com/en-us/learn/paths/az-900-describe-core-solutions-management-tools-azure/)
2 |
3 | ### [Choose the best Azure IoT service for your application](https://docs.microsoft.com/en-us/learn/modules/iot-fundamentals/?ns-enrollment-type=LearningPath&ns-enrollment-id=learn.az-900-describe-core-solutions-management-tools-azure)
4 | - managing IoT devices with Azure
5 | - common measuring devices
6 | - weather info
7 | - bar codes, QR codes
8 | - geolocation
9 | - light, radar, ladar
10 | - sound, motion, smell
11 | - chemical sensors (smoke, gas, alcohol)
12 | - pressure
13 | - error detection
14 | - IoT devices such as ones that measure the above can collect data and send it to Azure
15 | - that aggregate data can be stored and processed by Azure services
16 | - you can predict when you'll need to do maintenance
17 | - you can know when you have to increase inventory
18 | - you can send updates to devices through Azure
19 | - Azure IoT Hub
20 | - two-way communication with your IoT devices
21 | - secure connections to millions of devices
22 | - mostly for transferring data
23 | - Azure IoT Central
24 | - like Hub but also offers a customizable dashboard
25 | - you can set up alerts to trigger when certain things happen to the devices
26 | - has monitoring and reporting capabilities that Hub doesn't
27 | - Azure Sphere
28 | - end-to-end security, from the device to Azure
29 | - comes with physical micro-controller unit
30 | - has built-in Linux OS to run security software
31 | - can detect if it's been compromised (Azure Sphere Security Service)
32 | - the device will only connect to Azure if the MCU decides it's safe
33 | - analyze decision criteria (how to choose which IoT service to use)
34 | - is it likely that devices get hacked and is it critical that they don't? (Azure Sphere)
35 | - do I need a dashboard to manage and report data? (Azure Central adds a dashboard on top of Azure Hub)
36 | - do I just need the data because I already have my own software to use the data? (Azure Hub)
37 |
38 | ### [Choose the best AI service for your needs](https://docs.microsoft.com/en-us/learn/modules/ai-machine-learning-fundamentals/?ns-enrollment-type=LearningPath&ns-enrollment-id=learn.az-900-describe-core-solutions-management-tools-azure)
39 | - product options
40 | - deep learning algorithm: algorithm that is structured like the human brain, with neurons, enabling it to grow and learn from data
41 | - machine learning algorithm: data model is trained with data and then used to predict results for new data
42 | - Azure Machine Learning
43 | - set up process for obtaining, cleaning and splitting data
44 | - train and evaluate models
45 | - define where and when training should occur (since it's computationally intensive and shouldn't be run anywhere, anytime)
46 | - deploy the best algorithms for use
47 | - Azure Cognitive Services
48 | - you don't need to know about machine learning to use this service
49 | - provides prebuilt ML models
50 | - they solve general problems with
51 | - language
52 | - speech
53 | - vision
54 | - decision-making
55 | - Azure Bot Service
56 | - for creating a bot that acts like a human
57 | - meant to automate simple or repetitive tasks
58 | - analyze the decision criteria
59 | - are you building a virtual agent to interface with humans using natural language?
60 | - use Bot Service
61 | - there are pre-built Bots on Azure Marketplace
62 | - do you need a service to understand media such as text, sound, images, etc?
63 | - Cognitive Services will solve common problems that have already been solved with ML
64 | - it works with common media data types (text, video, speech, images, etc.)
65 | - do you need to make predictions or provide personalized recommendations?
66 | - Cognitive Services has a Personalizer component to do this
67 | - you could also train your own models with Azure ML Service
68 | - do you have custom/personal data you want to make predictions with?
69 | - you can use Azure ML Service to create, test and deploy your own models
70 |
71 | ### [Choose the best Azure serverless technology for your business scenario](https://docs.microsoft.com/en-us/learn/modules/serverless-fundamentals/?ns-enrollment-type=LearningPath&ns-enrollment-id=learn.az-900-describe-core-solutions-management-tools-azure)
72 | - serverless computing: an execution environment is set up and managed for you
73 | - you write the code and Azure deploys, runs and scales it
74 | - primarily for back-end services like reacting to events triggered by REST endpoints or a timer
75 | - Azure Functions
76 | - event driven
77 | - you have to code the functions yourself
78 | - can be coded in C#, Python, JavaScript, Typescript, Java, and PowerShell
79 | - Azure Functions are stateless (but you could hook them up to an Azure storage account if you need to save state)
80 | - when you care about the code and not the infrastructure it's running on
81 | - Azure Logic Apps
82 | - use when you need to respond to events
83 | - low-code / no-code development using Logic Apps Designer
84 | - use when demand is variable
85 | - analyze the decision criteria
86 | - do you need to perform an orchestration across APIs?
87 | - lots of common connectors are already built for Azure Logic Apps
88 | - you can create your own if necessary
89 | - otherwise, just drag and drop graphical code blocks to create the app
90 | - do you need to run custom algorithms or specialized data parsing or lookups?
91 | - for specialized cases you'll want to use Azure Functions so you can write your own code
92 | - do you have existing automated tasks already written?
93 | - if your functions are already written then you can use Azure Functions to deploy them straight to Azure
94 | - do you prefer visual/declarative or written/imperative coding?
95 | - Azure Functions is for written code
96 | - you "write" Logic apps with a graphical interface
97 |
98 | ### [Choose the best tools to help organizations build better solutions](https://docs.microsoft.com/en-us/learn/modules/azure-devops-devtest-labs/?ns-enrollment-type=LearningPath&ns-enrollment-id=learn.az-900-describe-core-solutions-management-tools-azure)
99 | - the role of DevOps is to automate ongoing development so that software can be tested and released quickly
100 | - some parts of DevOps: source-code management, continuous integration and continuous delivery (CI/CD), automating testing environments
101 | - Azure DevOps Services
102 | - store repos
103 | - use task boards and reporting tools to organize work
104 | - CI/CD pipeline automation
105 | - host artifacts, like compiled source code, for feeding into deployment of testing pipeline steps
106 | - automated test tool
107 | - GitHub and GitHub Actions
108 | - great for open-source
109 | - can automate a CI/CD toolchain
110 | - a toolchain is a combo of software tools that work to deliver, deploy and manage apps
111 | - output of one step in the chain is the input to the next
112 | - things done in toolchain: automated dependency updates, build/configure software, build artifacts, run tests, etc.
113 | - lighter weight than Azure DevOps, is more public, geared for individual developers
114 | - Azure DevTest Labs
115 | - builds, sets up and tears down VMs used to test your software builds
116 | - creates various environments for testing
117 | - management can restrict how many environments can be built and how long they can run for
118 | - analyze the decision criteria
119 | - automate test-lab creation? Azure DevTest
120 | - building open-source software? GitHub
121 | - need granular control over permissions? Azure DevOps
122 | - do you need sophisticated project management and reporting? Azure DevOps
123 | - do you need to integrate tightly with third-party tools? check which platform the third-party tool integrates with
124 |
125 | ### [Choose the best tools for managing and configuring your Azure environment](https://docs.microsoft.com/en-us/learn/modules/management-fundamentals/?ns-enrollment-type=LearningPath&ns-enrollment-id=learn.az-900-describe-core-solutions-management-tools-azure)
126 | - there are visual and code-based tools, and Azure provides both types
127 | - code that can be run to set up resources is called "infrastructure as code"
128 | - can either be imperative or declarative code
129 | - imperative code: details each step
130 | - declarative code: outlines the outcome and lets the interpreter decide how to reach the outcome
131 | - declarative code is best for when you want to deploy dozens or hundreds of resources at once
132 | - Azure portal
133 | - you can access pretty much every Azure feature
134 | - has a UI interface
135 | - create, deploy, configure resources
136 | - view reports
137 | - Azure mobile app
138 | - monitor status of resources
139 | - check for alerts, restart apps or VMs
140 | - run Azure CLI or Azure PowerShell commands
141 | - Azure PowerShell
142 | - execute "cmdlets"
143 | - can create scripts
144 | - can do every management task in Azure
145 | - use imperative code/script to deploy and entire infrastructure
146 | - can be used through the Azure Cloud Shell or through PowerShell on any computer
147 | - you can transfer your PowerShell knowledge to using Azure
148 | - Azure CLI
149 | - use Azure through a Bash shell
150 | - you can perform any possible Azure management task
151 | - can be accessed through any computer running Bash or through the Cloud Shell
152 | - ARM (Azure Resource Manager) templates
153 | - scripts that deploy lots of resources that depend on each other and probably need to be deployed/created in a certain order
154 | - written in JSON
155 | - the template is verified before running to make sure no mistakes were made
156 | - templates can execute Bash/PowerShell scripts before or after a resource has been set up
157 | - declarative, unlike Bash/PowerShell scripts
158 | - analyze the decision criteria
159 | - need to perform one-time management, admin or reporting actions? it's fastest to use Azure PowerShell or Azure CLI (on desktop or on mobile)
160 | - need to set up resources and ensure dependencies are created in the right order? use an ARM template to ensure the template will create everything in the correct order BEFORE running the script
161 | - do you have Linux or Windows admin background? if Windows, you'd use Azure PowerShell; if Linux, you'd use Azure CLI (Bash)
162 |
163 | ### [Choose the best monitoring service for visibility, insight, and outage mitigation](https://docs.microsoft.com/en-us/learn/modules/monitoring-fundamentals/?ns-enrollment-type=LearningPath&ns-enrollment-id=learn.az-900-describe-core-solutions-management-tools-azure)
164 | - questions for companies to ask
165 | - are we spending too much money on cloud services?
166 | - could we be utilizing our cloud resources better?
167 | - are our systems secured?
168 | - what happens when we experience a regional outage?
169 | - how can we figure out the cause of an outage
170 | - how do we plan downtime for fixes/updates?
171 | - use Azure monitoring services to
172 | - get insights to be sure you've optimized your cloud usage
173 | - diagnose issues
174 | - prepare for planned downtime
175 | - Azure Advisor
176 | - it analyses your Azure resources
177 | - it recommends ways to optimize reliability, security, performance and cost
178 | - Azure Monitor
179 | - collects, analyses, visualizes and potentially takes action on logging data
180 | - it powers application insights to find the root cause of issues
181 | - you can set it to send alerts when things go wrong, including text message alerts
182 | - Azure Application Insights uses Azure Monitor under the hood
183 | - Azure Service Health
184 | - provides a view of the health of the Azure services, regions and resources that you rely on
185 | - shows history and root cause analyses
186 | - lets you know about service issues (outages, etc.), planned maintenance and health advisories
187 | - analyze the decision criteria
188 | - do you need to reduce costs, improve resilience or harden your security? Azure Advisor
189 | - do you want to monitor your Azure usage and services? Azure Service Health, or Azure Monitor if you want to track issues specific to individual resources
190 | - do you want to measure custom events? Azure Monitor
191 | - do you need alerts for outages? Azure Monitor
192 |
--------------------------------------------------------------------------------
/az-204/alan-rodrigues-course.md:
--------------------------------------------------------------------------------
1 | # [AZ-204 Developing Solutions for Azure Certification 2021](https://www.udemy.com/course/exam-microsoft-azure-dev/)
2 |
3 | ### Section 3: Develop Azure compute solutions - Virtual Machines
4 | - when VM is deployed, these are also created
5 | - virtual network
6 | - disk storage
7 | - network interface, which acts as a virtual NIC
8 | - public and private IP addresses
9 | - network security group, acts as a firewall for the VM
10 | - hosting a .NET Core web app on a Windows VM
11 | - create VM
12 | - add a port 80 inbound NSG rule
13 | - go to the NI resource, IP Configurations, and disassociate the public IP from the NI
14 | - assign a DNS name to the IP address resource and set the IP address to static
15 | - go back to the NI and reassociate the public IP address
16 | - log into VM and set it up as an IIS web server
17 | - install Management Service and add an IIS Manager rule that enables connections on port 8172
18 | - add a port 8172 inbound NSG rule
19 | - install .NET Core X.X Hosting Bundle, where X.X is the .NET Core version of your web app
20 | - install Web Deploy (which allows an IIS server to deploy apps, I guess?)
21 | - create a .NET Core project, right-click on the project and click publish
22 | - create a publish profile, choosing the VM you created
23 | - publish the app!
24 | - hosting a .NET Core web app on a Linux VM
25 | - you can use PUTTY to log into the VM
26 | - Kestrel web server
27 | - cross-platform server for .NET Core
28 | - it's what runs .NET Core apps on Linux machines/VMs (instead of IIS)
29 | - when running a Linux .NET Core project locally, you can run it either on IIS Express or Kestrel
30 | - you can also use NGINX
31 | - publish the project to a folder
32 | - copy the folder onto the VM (using WinSCP)
33 | - install the Core SDK on the VM
34 | - `wget https://packages.microsoft.com/config/ubuntu/18.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb`
35 | `sudo dpkg -i packages-microsoft-prod.deb`
36 | `sudo apt-get update; \`
37 | `sudo apt-get install -y apt-transport-https && \`
38 | `sudo apt-get update && \`
39 | `sudo apt-get install -y dotnet-sdk-3.1`
40 | - creating a custom VM image
41 | - start by creating a VM and installing on it all the software/code you want your VMs to have
42 | - use Sysprep to remove user data and generalize the VM
43 | - stop the VM
44 | - create an image using the capture button
45 | - creating the image is a destructive process
46 | - Azure Resource Manager templates
47 | - it's a JSON script
48 | - can be used to create VMs, storage accounts, SQL DBs, etc.
49 | - there are ready-made templates on the Marketplace
50 | - you can set a dependsOn property for a resource in the JSON
51 | - Azure CLI
52 | - you need a storage account to use Cloud Shell
53 | - CLI commands
54 | - create resource group: `az group create --name [RG name] --location [location]`
55 | - create VM: `az vm create --resource-group [RG name] --name [VM name] --image [image name] --admin-username [user name]`
56 | - when this command is run, you'll be prompted for a password
57 | - PowerShell commands
58 | - create resource group: `New-AzResourceGroup -Name new-vm-grp -Location EastUS`
59 | - create VM: `New-AzVm -ResourceGroupName "new-vm-grp" -Name "demovm1" -Location "East US" -VirtualNetworkName "demo-network" -SubnetName "subnetA" -SecurityGroupName "myNSG" -PublicIpAddressName "new-ip" -OpenPorts 80,3389`
60 | - Azure backup service for VMs
61 | - data is backed up to Recovery Services vault, which is a resource in the same region as the VM
62 | - only backs up changes since the last backup
63 | - backup policy sets frequency, how long you want the data backed up for and which recovery points you always want to keep (let's say, the recovery point exactly a year ago)
64 | - recovery points are created with every backup
65 | - you can choose to recover certain files, the entire VM or a disk
66 | - types of snapshots
67 | - application consistent: backs everything up, including pending I/O operations
68 | - file-system consistent: backups up all the files at the same time
69 | - crash consistent: happens if the VM shuts down during the backup
70 |
71 | ### Section 4: Develop Azure compute solutions - Azure Web Apps and Azure Functions
72 | - Azure Web App Service
73 | - supported languages: .NET, .NET Core, Java, Python, Node.js, Ruby
74 | - it's a PaaS, you don't manage the VM/DBs your app runs on
75 | - it has scaling
76 | - high security
77 | - DevOps capabilities like continuous deployment
78 | - App Service Plan
79 | - your app lives on an App Service Plan (which is a resource)
80 | - free: 10 apps, 1GB disk space, 60 CPU minutes/day
81 | - shared: 100 apps, 1GB, 240 CPU minutes/day
82 | - basic: unlimited apps, 10GB, unlimited CPU minutes/day, 3 maximum instances
83 | - maximum instances: the number of VMs you can have on the plan to run your apps, the requests get balanced between the instances
84 | - all web apps on a plan have to be in the same region as the plan
85 | - all web apps on a plan have to have the same underlying OS
86 | - Azure Web App logging
87 | - types of logging
88 | - app logging: logs generated by your app
89 | - web server logging: records HTTP requests
90 | - detailed error messages: stores .htm error pages that would've gone to the client
91 | - deployment logging: errors that occur during publish
92 | - logs are streamed in real time
93 | - you can access the stream through an FTP URL of from the log stream page on your web app resource
94 | - you can enable continuous deployment with GitHub Actions by linking your web app to a GitHub repo
95 | - if you link your web app to a GitHub repo, continuous deployment will be automatically implemented
96 | - Web App CLI commands
97 | - `$plan="plan-name"`
98 | - `$appname="app-name"`
99 | - `$repoulr="https://github.com/[username]/[repo name]"`
100 | - `az group create --location westeurope --name [group name]`
101 | - `az appservice plan create --name $plan --resource-group [group name] --sku B1`
102 | - `az webapp create --name $appname --resource-group [group name] --plan $plan`
103 | - `az webapp deployment source config --name $appname --resource-group [group name] --repo-url $repourl --branch master --manual-integration`
104 | - `manual-integration`: you have to trigger a deployment, no continuous deployment on code change
105 | - custom domain
106 | - buy a domain name
107 | - go to the custom domains page on the web app resource and add custom domain
108 | - set the custom domain to the name you bought and save the custom domain
109 | - on the domain provider site you have to have a CNAME record that links your original web app URL (that Azure assigns) to your new domain
110 | - SSL custom domain
111 | - go to TLS/SSL settings and create an app service managed certificate
112 | - add SSL binding (new certificate to custom domain)
113 | - CORS: cross-origin resource sharing
114 | - browsers notice when a page is trying to request data from a different domain, and they block this from happening
115 | - from the CORS page on the web app resource (that gets requests) you can add domains that are allowed to make requests
116 | - CLI command: `az webapp cors add -g [group name] -n [app name] --allowed-origins [domain that makes requests to this web app]`
117 | - deployment slots
118 | - deploy multiple versions of the same app to different environments
119 | - each environment is a "slot" (e.g. production, staging, etc.)
120 | - each slot has its own DNS name (its own URL)
121 | - you can swap slots
122 | - only available on standard app service plans or higher
123 | - you use a different publish profile on your project for each environment/slot
124 | - PowerShell commands
125 | - `$location="Central US"`
126 | - `$resourcegrp="newgrp"`
127 | - `$webappname="demoapp4040"`
128 | - `New-AzResourceGroup -Name $resourcegrp -Location $location`
129 | - `New-AzAppServicePlan -Name $webappname -Location $location -ResourceGroupName $resourcegrp -Tier Standard`
130 | - `New-AzWebApp -Name $webappname -Location $location -ResourceGroupName $resourcegrp -AppServicePlan $webappname`
131 | - `New-AzWebAppSlot -Name $webappname -ResourceGroupName $resourcegrp -Slot "staging"`
132 | - autoscaling
133 | - the VM that your app is running on
134 | - on a basic app service plan, you can have up to 3 VMs for scaling, but you have to manually select to add/remove a machine
135 | - on standard tier or higher, VM creation/deallocation (scale out, scale in) is triggered automatically based on rules you create
136 | - called "custom autoscaling"
137 | - you create rules on the app service plan resource
138 | - you can base your rules not only on the service plan metrics but also metrics that come from other types of resources
139 | - storage queue
140 | - service buss queue
141 | - etc.
142 | - metrics you can create rules based on
143 | - CPU %
144 | - data in/out
145 | - HTTP queue length
146 | - memory %
147 | - etc.
148 | - cool-down period: the time it takes for the new VM to be added/removed once an autoscaling rule threshold has been reached
149 | - connection strings
150 | - needed to connect an Azure web app to an Azure SQL DB
151 | - in your API project, create a service that defines a SqlConnection, make a connection, runs SQL statements and then closes the connection
152 | - this is where you paste in the DB connection string, username, password, etc.
153 | - OR you can add the full connection string from Azure into appsettings and then pass the connection string into your service
154 | - OR you can store the full connection string on the Configuration page for the web app
155 | - install the NuGet package System.Data.SqlClient (or whatever you package you want to use for whatever framework you're using)
156 | - inject the service (along with MVC or whatever you're using)
157 | - create a controller to get the data and display it in a view component
158 | - App Configuration resource
159 | - used to store connection strings on Azure so they're outside of an appsettings file and can be used by multiple web apps at once
160 | - you create key-value pairs in this resource
161 | - you need the Azure App Configuration NuGet package in your app
162 | - you add the connection string for the key you want to access (copied from Azure) into your code
163 | - you can also add feature flags in the App Configuration resource
164 | - methods/views can have a FeatureGate attribute on it with a specific feature flag value (that you define in an enum) assigned to it
165 | - Azure Functions
166 | - languages: C#, Java, JavaScript, Python, PowerShell
167 | - ways to invoke a function
168 | - HTTP request
169 | - GET
170 | - POST
171 | - timer
172 | - blob events
173 | - queue storage events
174 | - event hub events
175 | - when you create the function app you select the language the functions will be written in
176 | - plans
177 | - you can add the function to an app service plan
178 | - or you can use a consumption-based plan
179 | - premium plan: pre-warmed instances and autoscaling compute
180 | - you can enable Application Insights on the function app
181 | - adding functions to the function app
182 | - you can pick a template based on a trigger
183 | - the function is a C# script file (if the function app you created is in C# and you're editing in the Azure editor)
184 | - the function.json file has the script complied to JSON for Azure to deploy the function
185 | - you can test in Azure or with Postman
186 | - you can only test GETs though a regular browser
187 | - if you develop the function in VS then publishing the function to Azure only pushes up the function.json file since that's the only file Azure needs to deploy the function
188 | - durable functions
189 | - Azure functions are stateless, so if you have a bunch of functions working together, you have to manually check each function's state and figure out when to run the next function
190 | - in durable functions
191 | - an orchestrator oversees all the functions and knows which ones are running/done/etc.
192 | - activity functions perform the actual tasks
193 | - a starter function that invokes the orchestrator function
194 | - there is a durable function template
195 | - it has a template RunOrchestrator() function, activity function and starter function
196 | - you can define each function in the same file, but on Azure they show up as individual functions in the function app
197 | - connecting to a SQL DB
198 | - get the connection string from the Azure resource
199 | - paste it into the function and make sure to set correct password
200 | - install SqlClient NuGet package so connection can be made
201 | - if you are connecting via a variable defined as part of the function app resource
202 | - `string _connection_string = Environment.GetEnvironmentVariable("SQLAZURECONNSTR_SQLConnectionString");`
203 | - "SQLConnectionString" is the name of the variable, "SQLAZURECONNSTR" is what you prepend to make Azure fetch the variable
204 | - in the app's Configuration page you can add the connection string with the name of the variable
205 |
206 | ### Section 5: Develop Azure compute solutions - Docker, Azure Container Instances, Kubernetes
207 | - benefits of containers
208 | - test app in isolation, no clash between dependencies when two instances are running on the same machine/VM
209 | - each container has its own set of dependencies, independent of any other containers on the same machine
210 | - portability, you can move containers between VMs easily, just deploy the container onto a different VM (assuming it has the same base OS)
211 | - containers are lightweight
212 | - image: the set of instructions, the template, for creating the container
213 | - the image is made up of many layers
214 | - the base layer is made up of OS-level configurations
215 | - an image can only be run on the OS that the base layer is for
216 | - container: the runnable instance of an image on which your app can run
217 | - once you install the Docker runtime on your machine (Linux or Windows) you can deploy containers based on an image
218 | - Docker Hub is a website with tons of pre-made Docker images
219 | - if you want to access a website being run in a Docker container, you have to specify a port mapping when you deploy the container
220 | - the container is isolated from the machine, including its network, that's why you have to tell Docker which port you want it to forward the site to so you can access it from the machine's browser
221 | - you can then create an inbound traffic rule for the VM so that you can access the app -> that the container is running -> on the VM -> through the browser on your physical machine
222 | - Docker + Windows Subsystem for Linux
223 | - installing Docker desktop on a Windows machine automatically installs Windows Subsystem for Linux
224 | - WSL creates a Linux environment on the machine, which Docker then runs on
225 | - Windows-based containers are way larger than Linux-based containers
226 |
227 | ### Section 6: Develop for Azure Storage
228 |
229 | ### Section 7: Implement Azure Security
230 |
231 | ### Section 8: Monitor, troubleshoot, and optimize solutions
232 |
233 | ### Section 9: Connect to and consume Azure and third-party services
234 |
--------------------------------------------------------------------------------
/az-900/az-900-2.md:
--------------------------------------------------------------------------------
1 | # [Azure Fundamentals part 2: Describe core Azure services](https://docs.microsoft.com/en-us/learn/paths/az-900-describe-core-azure-services/)
2 |
3 | ### [Explore Azure compute services](https://docs.microsoft.com/en-us/learn/modules/azure-compute-fundamentals/)
4 | - most prominent Azure compute services
5 | - VMs
6 | - IaaS
7 | - simulate computers with an OS already installed
8 | - everything but the hardware is customizable
9 | - VM scale sets: a set of identical, load-balanced VMs
10 | - container instances
11 | - you can run multiple on a single VM
12 | - they are virtualized application environments that are set up to run a specific app
13 | - they are designed to quickly replicate settings for multiple app instances
14 | - app services
15 | - PaaS
16 | - the platform that the app is running on is managed for you
17 | - Azure functions (for serverless computing)
18 | - if you just want your code to run, make it an Azure function
19 | - you don't care about the underlying platform or infrastructure
20 | - when to use VMs
21 | - custom hosting configurations
22 | - custom software running on VM
23 | - you need to update, configure and maintain the software running on the VM
24 | - you can select a preconfigured VM image
25 | - examples of when to use VMs
26 | - use for testing your app on different OSs
27 | - when running applications on VMs you can easily add/remove VMs as demand increases/decreases
28 | - when extending an on-premise network
29 | - during disaster recovery you can use VMs to pick up the slack
30 | - lift and shift: the process of moving from a physical server to the cloud
31 | - you can just make an image of the existing server and run that image on a VM
32 | - Azure batch
33 | - this is for running large-scale parallel and high-performance computing jobs
34 | - batch will spin up a pool of VMs, install the necessary apps and data, runs the jobs and then scales down as the work completes
35 | - when to use an app service
36 | - you can host web apps, background jobs, mobile backends and REST APIs
37 | - you don't have to configure the environment
38 | - Azure takes care of scaling
39 | - continuous deployment from Azure DevOps, GitHub or any Git repo
40 | - endpoints can be secured
41 | - hosts web apps using ASP.NET, ASP.NET Core, Java, Ruby, Node.js, PHP or Python on either Windows or Linux
42 | - API apps have Swagger support
43 | - WebJobs often run background tasks for your app
44 | - mobile app: store data, authenticate users, send notifications, execute backend logic
45 | - when to use a container/Kubernetes service
46 | - containers allow you to run multiple instances of an app on the same VM
47 | - each container can run your app with different configurations (even a different OS)
48 | - containers are managed by a container orchestrator
49 | - manage containers with
50 | - Azure container instances
51 | - PaaS
52 | - you upload containers and it runs them
53 | - Azure Kubernetes service
54 | - for large volumes of containers
55 | - is an orchestration service
56 | - it can update containers
57 | - it can move them to different VMs
58 | - it can restart failed containers
59 | - it can manage networking and storage (even sharing data between containers)
60 | - containers are used to create a microservice architecture
61 | - each service runs on its own container
62 | - each container can run a completely different environment that best suits the developers and the purpose of the microservice
63 | - updates to one microservice don't have to affect the other services
64 | - when to use an Azure function
65 | - good for event driven logic, i.e. it's usually waiting for input
66 | - serverless: the infrastructure isn't your responsibility
67 | - event triggers: timers, HTTP requests, queues, etc.
68 | - micro-billing: you only pay for the time your function spends actually running
69 | - Azure functions:
70 | - can be written in almost any language
71 | - stateless: behave as if it's restarted every time
72 | - stateful (durable function): a context is passed into the function to track prior activity
73 | - you can redeploy the function into a non-serverless environment if the need arises
74 | - can run locally or in the cloud
75 | - Azure logic apps
76 | - built with predefined logic blocks in a graphical web-based editor
77 | - meant for executing workflows
78 | - predefined logic blocks exist to integrate with many popular services
79 | - you can write your own custom connectors
80 | - runs only in the cloud
81 | - when to use a virtual desktop
82 | - you can access a cloud-hosted version of Windows from pretty much any device
83 | - you can protect your data because the user can't leave your files on their personal device since the environment is virtual
84 | - you can pick to host the VDs near your data centers to reduce load times
85 | - you can make VDs persistent, e.g. for remote employees
86 | - user profile appears on the device like a native user
87 | - load balancing users on your host VM pools (the VMs the desktops are running on)
88 | - breadth mode: on login, users are spread out across VMs
89 | - depth mode: users are logged into one VM until it is full then new logins are directed to the next VM
90 | - if you own a Microsoft 365 or Windows license, you get Windows 10 and 7 desktops and apps for free
91 |
92 | ### [Explore Azure networking services](https://docs.microsoft.com/en-us/learn/modules/azure-networking-fundamentals/)
93 | - what is Azure virtual networking?
94 | - key capabilities
95 | - isolation/segmentation
96 | - you can create multiple isolated virtual networks (vnets)
97 | - you can define a private IP address space
98 | - you can divide the IP addresses into subnets for different parts of the network
99 | - internet communications
100 | - a VM can access the internet by default
101 | - communicate between Azure resources
102 | - virtual networks: can connect together Azure resources, even VM scale sets
103 | - service endpoints: you use these to access data resources
104 | - communicate with on-premise resources
105 | - point-to-site: a computer outside your network connects to your Azure VPN
106 | - site-to-site: links your on-premises VPN to your Azure VPN, your Azure devices act like they're on your local network
107 | - Azure ExpressRoute: provides a dedicated private connection that doesn't travel over the internet, for high security and high bandwidth traffic
108 | - route network traffic
109 | - you can create custom routing tables for the subnets on your VPN
110 | - border gateway protocol (BGP) works with Azure VPN gateways or ExpressRoute to link on-premises BGP routes to Azure virtual networks
111 | - filter traffic
112 | - network security group: an Azure resource that can contain inbound and outbound security rules (based on protocol, IP address, port, destination, etc.)
113 | - network virtual appliances: a VM that can be configured like a network appliance, it can run a firewall, optimize WAN connections, etc.
114 | - connect virtual networks
115 | - connect vnets with network peering
116 | - peering is what enables vnets to talk to each other
117 | - user defined routing (UDR): user can control routing tables between vnets and between subnets in each network
118 | - Azure vnet settings
119 | - you can create a vnet from the Azure portal, using the Azure cloud shell or using Azure PowerShell on your local computer
120 | - things you set when you create a vnet: which resource group it belongs to, location, multiple subnets, DDoS protection, service endpoints, address space (in classless interdomain routing (CIDR) format)
121 | - additional settings: network security group to define security rules for each subnet, custom routing tables, create peering arrangements to connect vnets
122 | - you can create an automation script to generate a created vnet
123 | - Azure VPN gateway fundamentals
124 | - gateways are deployed in an Azure vnet
125 | - they enable site-to-site, point-to-site and network-to-network connectivity
126 | - all data is encrypted when it passes through untrusted networks
127 | - Azure VPN gateways use pre-shared key authentication
128 | - internet key exchange (IKE) version 1 or 2 sets up the security agreement between the two endpoints, and the IPSec suite encrypts/decrypts the data
129 | - VPN gateway types
130 | - policy-based: user specifies which static IP addresses should be encrypted, IKEv1 only
131 | - route-based: source/destination networks aren't statically defined and instead routing tables are dynamically generated, used to connect vnets
132 | - 
133 | - you need these things before you can deploy a gateway
134 | - vnet
135 | - GatewaySubnet
136 | - public IP address
137 | - local network gateway
138 | - vnet gateway (can either be a VPN or ExpressRoute gateway)
139 | - connection resource (to connect the VPN gateway and the local network gateway)
140 | - 
141 | - an Azure VPN gateway has an active and a standby instance, the standby instance takes over for the active one if necessary
142 | - you can also deploy a VPN in an active/active state if you need higher availability
143 | - you can use an Azure VPN gateway to act as a failsafe for an ExpressRoute gateway
144 | - Azure ExpressRoute fundamentals
145 | - you use this to establish a connection between your on-premise networks and Azure/Microsoft services without going over any public networks
146 | - doesn't encryp data though
147 | - open systems interconnection (OSI) model
148 | - layer 2: data link layer, node-to-node where the nodes are on the same network
149 | - layer 3: network layer, addressing and routing between nodes on a multi-node network
150 | - benefits of ExpressRoute
151 | - layer 3 connectivity between on-premise and Microsoft networks
152 | - global connectivity available
153 | - dynamic routing between you and Microsoft via BGP
154 | - high reliability with built-in redundancy
155 | - ExpressRoute global reach
156 | - connect your networks via two ExpressRoute circuits, one at each location
157 | - cross traffic will travel through the Microsoft network
158 | - ExpressRoute connectivity models
159 | - 
160 | - colocation: if you're near an internet provider you can request that they connect you directly to Microsoft
161 | - point-to-point Ethernet: connect your network directly to a Microsoft datacenter via Ethernet
162 | - any-to-any: Azure can link into your WAN and act as a part of your network
163 |
164 | ### [Explore Azure Storage services](https://docs.microsoft.com/en-us/learn/modules/azure-storage-fundamentals/)
165 | - Azure Storage is used to store many kinds of files, including files, messages, tables
166 | - types of storage
167 | - blob storage: for images, videos, documents, etc.
168 | - file storage: file sharing in the cloud, like connecting to shared folder on your computer
169 | - disk storage: for you VMs to connect to, similar to accessing on-premises disks, solid and conventional drives available
170 | - table storage: no SQL, store semi-structured data for cheap
171 | - queue storage: message queuing for communicating between app components
172 | - storage tiers: hot (frequent access), cool (infrequent access, stored for at least 30 days), archive (long-term data, stored for at least 180 days)
173 | - disk storage fundamentals
174 | - provides disk storage for VMs
175 | - the disks act as if they were physically connected to the VM (the VM, in turn, acting like a physical computer)
176 | - hard disk drives or solid state drives
177 | - varying performance and storage levels are available
178 | - IaaS disks with 0% annualized failure rate
179 | - blob storage fundamentals
180 | - unstructured, meaning you can store whatever you want on there
181 | - used for massive amounts of data
182 | - it can handle thousands of simultaneous uploads
183 | - it can be used to store unconventional formats, like binary data, encrypted data or even a custom format you created
184 | - ideal for: serving photos to a browser, video/audio, backup/archiving, data for analysis, up to 8 TB for VMs
185 | - organize blobs with containers
186 | - file storage fundamentals
187 | - accessible via server message block and network file system
188 | - any number of Azure VMs can connect to the file storage share
189 | - it mounts to a computer like any networked disk
190 | - uses
191 | - you can mount the file share to an existing letter drive and apps that access that letter drive will now also be able to access the file share
192 | - store config files on the file share and connect it to multiple VMs
193 | - dump data into file share to analyze later, even on a different machine
194 | - Azure files are encrypted and SMB protocol encrypts the data while it's in transit
195 | - each Azure file has a URL that points to it
196 | - you can use shared access signature (SAS) tokens to share private files for a specific amount of time
197 | - blob access tiers
198 | - to save on costs, organize your data based on access frequency and retention period
199 | - access tiers
200 | - hot: optimized for storing data that is accessed frequently
201 | - cool: for data that is infrequently accessed and stored for at least 30 days (e.g. customer invoices)
202 | - archive: for data that is rarely accessed and stored for at least 180 days (e.g. long-term backups)
203 | - hot and cool access tiers can be set at the account level
204 | - archive, hot and cool access tires can be set on each blob
205 | - data in a cool blob is cheaper to store but more expensive to access
206 | - data in an archive blob is cheapest to store and is stored offline, which makes it the most expensive tier for actually accessing the data
207 |
208 | ### [Explore Azure database and analytics services](https://docs.microsoft.com/en-us/learn/modules/azure-database-fundamentals/)
209 | - Azure offers relational, NoSQL and in-memory DBs
210 | - scalability, security and availability is automated
211 | - Azure Cosmos DB
212 | - supports schema-less data
213 | - great for constantly changing data
214 | - at the lowest level Cosmos DB stores data in atom-record-sequence format
215 | - the data is then projected as an API which you specify
216 | - choices include MongoDB, SQL, Cassandra, Tables and Gremlin
217 | - in this case, I guess "API" is referring to the method/syntax/language with which the data is accessed?
218 | - Azure SQL DB
219 | - relational DB based on the latest version of Microsoft SQL Server engine
220 | - no need to manage infrastructure, just build your apps that access the data
221 | - it's a PaaS
222 | - 99.99% availability
223 | - has built-in backups
224 | - allows storage of relational and non-relational data
225 | - you get the perks of SQL Server, including in-memory tech and intelligent query processing
226 | - Azure makes it easy to migrate your DB to the cloud using their Migration Assistant
227 | - after migrating, you just have to change your DB connection strings and you're set!
228 | - Azure DB for MySQL
229 | - LAMP stack: Linux, Apache, MySQL, PHP
230 | - based on the MySQL Community Edition engine
231 | - 99.99% availability service level agreement from Azure
232 | - built-in security, fault tolerance and data protection
233 | - point-in-time restore to recover earlier states as far back as 35 days
234 | - delivers automatic backups, protection for at-rest and in-motion data, enterprise-grade security
235 | - automatically scales up, you only pay for what you use
236 | - Azure DB for PostgreSQL
237 | - based on the community version of the open-source PostgreSQL DB engine
238 | - point-in-time restore to recover earlier states as far back as 35 days
239 | - automatic scaling up or down
240 | - delivers automatic backups, protection for at-rest and in-motion data, enterprise-grade security
241 | - single server deployment
242 | - comes in basic, general purpose and memory optimized tiers
243 | - hyperscale (Citus)
244 | - horizontally scales queries across multiple machines using sharding
245 | - parallelizes incoming queries across multiple servers
246 | - offers real-time operational analytics, supports multi-tenant apps, high throughput transactional workloads
247 | - Azure SQL managed instance
248 | - PaaS DB engine, so it's a fully-managed environment
249 | - 99.99% uptime SLA
250 | - automated backup and configurable backup retention periods
251 | - example of when you'd want a SQL managed instance: your DB uses Cyrillic characters so the data can't be stored in an Azure SQL DB
252 | - big data and analytics
253 | - Azure Synapse Analytics
254 | - limitless analytics service
255 | - query data using serverless or provisioned (?) resources
256 | - you ingest, prepare, manage and serve the data all with this one service
257 | - Azure HDInsight
258 | - you can run popular open-source frameworks
259 | - you can create cluster types (Apache Spark, Apache Hadoop, Apache Kafka, Apache HBase, Apache Storm, Machine Learning Services)
260 | - supports extraction, transformation, loading (ETL)(?), warehousing, machine learning and IoT
261 | - Azure Databricks
262 | - unlock insights and build artificial intelligence solutions
263 | - Apache Spark environment
264 | - autoscale and collaborate in an interactive workspace
265 | - supports Python, Scala, R, Java and SQL
266 | - supports frameworks including TensorFlow, PyTorch and scikit-learn
267 | - Azure Data Lake Analytics
268 | - on-demand analytics service
269 | - you write the queries to transform your data and extract insights
270 | - handles jobs of any scale
271 | - you only pay for the time your job spends running
272 |
--------------------------------------------------------------------------------
/az-900/alan-rodrigues-udemy-course.md:
--------------------------------------------------------------------------------
1 | # [Microsoft Azure - Beginner's Guide + AZ-900 - 2021](https://www.udemy.com/course/microsoft-azure-beginners-guide/)
2 |
3 | ### Azure virtual machines
4 | - resources that get created when you create a VM
5 | - a virtual network
6 | - disk to store the OS and additional disks you choose
7 | - NIC with a private and public IP
8 | - Network Security Group that acts as a firewall
9 | - stopping/deallocating/costs
10 | - stopping a VM using the Azure Portal stop button
11 | - "deallocates" the VM which removes it from the physical server
12 | - and deletes anything in the temporary storage disk
13 | - puts the VM in "stopped" and "deallocated" states
14 | - restarting the VM will give it a new public IP address
15 | - shutting down a VM from the VM OS itself
16 | - doesn't deallocate the VM
17 | - puts the VM in "stopped" state
18 | - doesn't delete temporary data
19 | - keeps original public IP
20 | - there is a partial compute charge for VMs in the stopped state and no charge for compute time for VMs in the deallocated state
21 | - there's a partial charge for the OS disk when a VM is deallocated because the disk is a separate resource from the VM
22 | - you can alter the public IP resource to be a static address that doesn't change even if the VM has been deallocated/reallocated
23 | - availability set
24 | - when creating a VM you can choose to make it part of an availability set
25 | - Azure spreads the VMs that are in the set across different fault domains and update domains
26 | - fault domain: separate server with its own power source and network link, not dependent on other servers
27 | - update domain: a set of servers that gets updated at the same time
28 | - you create an availability set with the number of fault (up to 3) and update (up to 20) domains
29 | - availability sets are for VMs in the same region
30 | - once a VM is created you can't assign it to a set
31 | - an availability set is a resource
32 | - using sets ups VM SLA to 99.95%
33 | - availability zones
34 | - an availability zone is a collection of data centers within a region
35 | - instead of separating VMs only across physical servers, zones let you separate them also across a geographic area
36 | - using zones ups VM SLA to 99.99%
37 | - there is no extra cost for availability zones or sets, but there is a cost for bandwidth between zones ($0.01/GB)
38 | - dedicated host
39 | - you are the only customer on the physical host
40 | - your data is more secure
41 | - you can control maintenance events
42 | - workload
43 | - an application or a service (e.g. a web app, a DB server) that you can host on Azure using a service (say, a VM that you install the app/server onto)
44 | - Azure Pricing Calculator vs. Cost Management vs. TOC Calculator
45 | - Pricing Calculator: for estimating prices of hosting resources
46 | - Cost Management: seeing costs for resources you're already running
47 | - TOC Calculator: estimating price for migrating workload/s onto Azure
48 |
49 | ### Azure virtual networks
50 | - IPs
51 | - the private IP of a VM in a vnet is within the vnet's IP range
52 | - the public IP of a VM is the only one you can use to access the VM
53 | - IP (and the network security group) resources are attached to the network interface resource (which acts as a NIC) which is then attached to the VM
54 | - for each vnet you assign an IP range (for the private IP addresses) and you can add subnets to the vnet (which starts with a default subnet)
55 | - a subnet is a subset of the assigned IP range
56 | - a VM
57 | - can only be part of one vnet
58 | - can't be moved between networks
59 | - must be in the same region as the vnet you want it to be connected to
60 | - network security group
61 | - a NSG can either be assigned to a single NIC for a single VM or an entire subnet
62 | - it has a list of inbound and outbound security rules
63 | - some rules are created by default and cannot be changed or removed
64 | - info needed for rules
65 | - priority
66 | - port
67 | - protocol
68 | - source and destination
69 | - the first rule that the request matches is the one that will be followed and the others will be ignored
70 | - you can set the order of the rules with the priority value
71 | - the rules get evaluated lowest number to largest
72 | - application security group
73 | - a logical group of VMs/servers/etc. (that are all linked to the same NSG) that you can use as destination/source when creating NSG rules
74 | - use if you, let's say, want to write some rules just for your web servers and some just for your DB servers
75 | - your web servers will be one application security group and your DB servers another
76 | - virtual network peering
77 | - you can connect servers on different vnets via their private IP addresses by putting a virtual network peering connection on each vnet
78 | - point-to-site VPN connection
79 | - with this you can connect outside-network machines to servers on a vnet via their private IP
80 | - deploy an Azure VPN gateway resource to create the VPN connections to connect the outside machines to the private IP vnet servers
81 | - site-to-site VPN connection
82 | - connect an entire on-premise network to your vnet machines via their private IPs
83 | - create a VPN gateway that is also linked to a local network gateway
84 | - the local network gateway knows the public IP of the router for the on-premise network and allows traffic from that network onto the vnet through the VPN gateway
85 | - ExpressRoute circuit
86 | - you connect your on-prem network directly to your Azure network using Microsoft's own infrastructure, instead of using the public internet
87 | - you either have to connect to a Microsoft datacenter or find another Microsoft customer that uses their infrastructure and will let you plug in
88 |
89 | ### Azure storage
90 | - types of Azure storage accounts
91 | - blob: on a virtual hard disk, used for object files and large files
92 | - table: used to store table data
93 | - file: used for file shares, accessed via SMB (server message block protocol)
94 | - queue: used to send messages between components
95 | - you can create multiple storage resources (containers, file shares, etc.) per storage account
96 | - storage account redundancy options
97 | - locally redundant: three copies of your data across storage devices in the same data centers
98 | - zone-redundant: data is copied three times across three data centers within a zone
99 | - geo-redundant: data is copied three times in one region and again three times in another region
100 | - read-access geo-redundant: you can read data from either region instead of just the primary one
101 | - geo-zone-redundant: combines zone and region redundancy
102 | - cost increases because you have to store more data and you have to pay for moving data across regions (and zones?)
103 | - blob storage
104 | - on a storage account, you create a container to hold blob data
105 | - you can change the access level on each container
106 | - in the container you can set the access tier, hot/cool/archive, for each blob
107 | - block blob: used to store text and binary data
108 | - page blob: a virtual hard disk to store any type of data
109 | - file storage
110 | - used to store files that are shared between users
111 | - you can create, let's say, one file share per department
112 | - unlike with blobs, you have to first connect to the file share to view the files using their URLs
113 | - you can connect to the file share by running a PowerShell script that Azure provides per file share
114 | - queue storage
115 | - one part of your app can add messages to the queue that can be picked up by another app and do something given each message
116 | - one app adds to the queue and another removes from the queue
117 | - FIFO structure
118 | - table storage
119 | - entities in a table have to each have a partition key and a row key, which uniquely identify each row (act as PK)
120 | - the partition key is the column that Azure uses to group data (with the same key value) into partitions to make it faster to query the data
121 | - example of a partition key: city, product category
122 | - row key is usually an id property
123 | - stores non-relational data
124 | - region pairs
125 | - when you choose geo-redundant storage, you can't choose the secondary region; the secondary region will be the region that is paired with the primary region
126 | - Azure SQL databases
127 | - you can either run your own SQL server on a VM (IaaS) and have full control
128 | - you can choose to access the DB only via private IP
129 | - you access the DB through the VM itself
130 | - you have to create backup solutions
131 | - you have to do the work to guarantee availability
132 | - or you can use PaaS SQL server where you only have to deal with the server and not the infrastructure it's running on
133 | - has built-in backup
134 | - 99.99 SLA
135 | - single database: you create a DB from scratch on Azure
136 | - managed instance: move existing DBs onto Azure, created the DBs you need automatically
137 | - elastic pool: all your DBs share the underlying resources
138 | - when you create a SQL server, Azure creates the DB and the server itself that the DB is hosted on
139 | - you can't actually log into the server because Azure is managing it, not you (because PaaS)
140 | - when creating, you can choose to add the DB to an elastic pool
141 | - if you choose a DTU (database transaction unit) service tier
142 | - you have a set amount of CPU processing power and memory that your DB can use
143 | - you have to increase that capacity if you want more DTUs
144 | - a DTU is a unit of measure that combines CPU and memory
145 | - you can also choose a max size for the DB
146 | - if you could choose a vCore-based service tier
147 | - you set the number of virtual cores and amount of memory
148 |
149 | ### understanding cloud concepts
150 | - high availability
151 | - scalability
152 | - disaster recovery (through redundancy)
153 | - elasticity (how flexible a workload is to changing demands)
154 | - fault tolerance
155 | - cloud service types
156 | - IaaS
157 | - PaaS
158 | - SaaS
159 | - economies of scale
160 | - Azure owns a ton of infrastructure, which lowers the average cost of the components
161 | - the cost savings gets passed to the customer
162 | - capital expenditure: initial cost
163 | - operational expenditure: recurring costs
164 |
165 | ### more Azure core services - part 1
166 | - Azure (web) apps
167 | - you can host your app on a VM, IaaS
168 | - or you can deploy it on an Azure web app service, PaaS
169 | - there are app service plans: free, shared env, basic dedicated, standard production, premium performance, high performance and secure
170 | - you get different running time limits for the different plans
171 | - VM scale sets
172 | - when a VM starts to reach the limits of its CPU
173 | - you can increase the VM's CPU size
174 | - or you can create a scale set that will automatically add VMs based on the CPU usage of your VM
175 | - create a custom image to apply to each new VM, otherwise you have to set up each VM as it gets created
176 | - you can add another condition to remove VMs when CPU usage goes below a certain percentage
177 | - Azure load balancer
178 | - equally split traffic between the VMs hosting your app
179 | - Azure Resource Manager Templates
180 | - a JSON template that will create a set of resources that you frequently need to create
181 | - e.g. you frequently create test environments (a combination of VM/client, server, DB)
182 | - you can find templates on Azure Marketplace
183 | - Azure traffic manager
184 | - DNS routing service
185 | - create an Azure traffic manager profile that connects to multiple endpoints
186 | - the traffic manager profile can route to any location, globally, whereas the load balancer can only route within a region
187 | - the traffic manager can route based on different attributes, like priority, weightage, etc.
188 | - serverless services
189 | - Azure Functions
190 | - Azure Logic Apps
191 |
192 | ### more Azure core services - part 2
193 | - monitoring
194 | - you can pick your scope, the resources you want to monitor
195 | - you can create alter trigger rules
196 | - action group
197 | - creates a resource called an action group
198 | - you define actions to perform based on alerts
199 | - log analytics
200 | - creating some resources automatically creates a log analytics resource
201 | - you can direct logs from specific resources to a log analytics workspace/resource
202 | - Docker and containers
203 | - VMs are used to isolate the running of different apps
204 | - containers do the same thing, isolating apps and their dependencies
205 | - containers are isolated instances that can run side-by-side on the same VM or machine
206 | - containers include an OS, libraries/dependencies and the app itself
207 | - Docker engine
208 | - is a container toolset
209 | - it monitors and runs the containers on the VM
210 | - Azure Kubernetes service
211 | - Kubernetes
212 | - is container orchestration software
213 | - it lets you manage all your containers/nodes across all your VMs, as well as the VMs themselves
214 | - one machine running Kubernetes will be the "master" of your "Kubernetes cluster"
215 | - the cluster is your whole set of containers being managed by the master
216 | - Kubernetes can perform load balancing
217 | - it can provide DNS names to your containers
218 | - it can restart, create, kill containers
219 | - Azure Kubernetes
220 | - you can create a Kubernetes resource in Azure through which you can create and manage containers
221 | - Azure Content Delivery Network
222 | - point of presence: a place where you store copies of your data on "edge servers" on a different region that where your resource is deployed
223 | - your main resource might be in one region, but you can create a content delivery network profile to add resources to edge servers
224 | - you can have multiple points of presence
225 | - origin: your original resource at its original location
226 | - if the client doesn't find the service/data at the point of presence, it will then redirect to the origin
227 | - edge servers cache responses
228 | - Azure Advisor
229 | - access from Azure Portal
230 | - gives you advice on minimizing cost, increasing security, reliability and performance
231 | - Azure Application Insights
232 | - helps to diagnose issues and detect anomalies
233 | - understand how users use your app
234 | - what gets monitored
235 | - response times
236 | - failure rates
237 | - exceptions
238 | - page views
239 | - diagnostic trace logs
240 | - Azure DevOps
241 | - create task boards
242 | - create pipelines for CI/CD
243 | - create test plans
244 | - create repos
245 | - create artifacts to store packages
246 | - DevTest Labs
247 | - devs can create resources for testing/demoing based on predefined Azure Resource Manager templates
248 | - you can schedule auto-shutdown or autostart for your machines
249 | - you can set limits on the number of machines that can be created
250 | - you can easily track costs
251 | - machine learning
252 | - in the machine learning resource, in the designer, you can use prebuilt models or create your own
253 | - you can then edit/create the model on the canvas
254 | - you can add datasets, select algorithms for training and score your model
255 | - then you create a compute cluster to run the machine learning pipeline
256 | - cognitive services
257 | - set of prebuilt AI services
258 | - computer vision (image analyzation, facial emotion recognition)
259 | - language
260 | - speech
261 | - decision
262 | - search
263 | - use ready-made APIs to access these services
264 | - bot services
265 | - used for web chats
266 | - based on Azure AI services
267 | - IoT Hub
268 | - managed services for messages to and from IoT devices
269 | - secure communication if necessary
270 | - use Azure Stream Analytics to put data in a DB
271 |
272 | ### security, privacy, compliance and trust
273 | - Azure Active Directory
274 | - identity manager
275 | - use role-based access control to assign permissions
276 | - create users, groups, resource access, etc.
277 | - works at the subscription level
278 | - there are a bunch of built-in roles in Azure
279 | - you can use Azure Directory Connect to sync your on-prem AD to your Azure AD
280 | - Azure policies
281 | - initiative is linked to subscription
282 | - initiative is a group of policies you want to apply
283 | - you choose whether to apply policies to the subscription or the resource level
284 | - Policy dashboard shows whether you're compliant or not
285 | - Policies don't delete existing resources that aren't compliant but they will prevent new non-compliant resources from being created
286 | - management groups
287 | - a collection of subscriptions
288 | - there is a default Tenant Root Group that all other management groups are children of
289 | - you can assign blanket permissions to management groups
290 | - e.g., one management group per department
291 | - Azure Security Center
292 | - gives overview of security of your resources
293 | - gives you recommendations for increasing security
294 | - Azure Sentinel
295 | - detects suspicious activities and threats
296 | - helps with quickly responding to threats
297 | - collects data from your Azure resources and external sources
298 | - Sentinel, unlike Security Center, is active and can perform automated responses to threats
299 | - Azure Blueprints
300 | - defines what's allowed across...
301 | - ARM templates
302 | - Azure policies
303 | - resource groups
304 | - role-based access control
305 | - will actively make sure these rules are followed
306 | - blueprints apply to management groups or subscriptions and make sure each subscription has the required ARM templates, policies, resource groups and access control
307 | - Azure DDoS protection
308 | - every resource is protected by basic DDoS protection
309 | - standard DDoS protection is much more robust and even will give you Azure credits for costs incurred from an attack
310 | - Azure Firewall
311 | - you can filter IPs and domain names
312 | - it recognizes malicious IPs
313 | - regulations
314 | - GDPR: protects EU citizen's data
315 | - ISO: independent internet standards
316 | - NIST: specifically looks at U.S.'s innovation
317 | - you can view Microsoft's audit reports from the Service Trust Portal
318 |
319 | ### Azure pricing and support
320 | - there's no SLA on Azure's preview features
321 | - support plans
322 | - basic: free
323 | - developer: $29/month
324 | - standard: $100/month
325 | - professional direct: $1,000/month
326 | - response time and 24/7 access to tech support varies between plans
327 | - standard and professional offer 24/7 tech support and case-severity-based response times
328 | - cloud adoption framework
329 | - Azure helps customers move their services/apps to the cloud
330 | - the Cloud Adaption Framework is Azure's step-by-step guide for their customers
331 | - each resource and service has an SLA
332 | - you get service credit if the downtime is more than the SLA claims
333 | - pricing calculator
334 | - the calculator approximates pricing for the services and resources you want to use
335 | - Azure Hybrid Benefit: you already have some Microsoft services (Microsoft 365, etc.), so you get a discount on some Azure services
336 | - total cost of ownership
337 | - you tell Azure how much you spend on on-prem
338 | - Azure tells you how much you'll spend for migrating some/all to Azure
339 | - shows you how much you'll save by using Azure
340 | - budgets on Azure
341 | - you can choose to be notified when certain percentage of the budget is reached
342 | - budgets can be applied at the subscription level
343 | - resource tags
344 | - tags are name-value pairs that can be applied to resources
345 | - it's a way to group resources in addition to resource groups
346 | - e.g., you can tag by department
347 | - resource tags applied at the resource group level doesn't apply those tags to the resources in the group
348 | - at the subscription level, you can see the cost broken down by tags
349 | - reserved and spot instances
350 | - reserved pricing: commit to a one- or three-year plan to save on costs
351 | - spot virtual machines: machines are available when there's spare capacity on the machine that it's hosted on; good for background processes that can handle interruptions; you can choose to have the VM stopped or deleted when an interruption occurs
352 |
--------------------------------------------------------------------------------
/az-204/scott-duffy-course.md:
--------------------------------------------------------------------------------
1 | ## virtual machines
2 | - Azure spot instance: you get to rent for cheap a VM for a short time (less than a day)
3 | - after choosing options for the VM you can save those settings as an ARM template
4 | - resources created with a VM
5 | - VM itself
6 | - public IP address
7 | - virtual network card
8 | - network security group
9 | - virtual network (in the same region as the VM)
10 | - virtual disk/s
11 | - optional resources
12 | - automatic shutdown rule
13 | - etc.
14 | - ARM templates
15 | - creating a VM from an ARM template gives you a form with inputs for the parameters in the template script
16 | - you can save the parameters JSON file from a deployed VM and import the JSON into the template form
17 | - admin user password doesn't get saved/imported as a parameter
18 |
19 | ## Azure App Service
20 | - a web app lives inside an app service plan
21 | - ACU: Azure compute unit
22 | - WebJobs
23 | - a background task that is attached to a web app
24 | - it runs on a schedule
25 | - kind of like a timer-triggered Azure Function
26 | - deployment slots
27 | - a way to host multiple instances of an app all under one web app instance
28 | - CLI hint: use `get-command *{search term}*` to search for a command
29 | - Kudu
30 | - when you publish your web app, you get a URL for the Kudu site of your app
31 | - the Kudu site gives you details about your app
32 | - files
33 | - log streams
34 | - deployment scripts
35 | - from the site you can use a cloud Bash or PowerShell shell to navigate the directories
36 |
37 | ## containers
38 | - Azure offers different container options
39 | - you can pick to deploy your web app to a Docker container when you create the app resource
40 | - you can create a Kubernetes resource, which is complex to set up and use, but it's powerful and scales well
41 | - you can create an Azure container instance, which is a simple and fast way to get a container running, but it's not as powerful as Kubernetes and it doesn't scale
42 | - you can build your web app project into an image and push it to a directory right from VS
43 | - you can then deploy those images to an Azure web app, a VM with Docker running on it, an Azure Container Instance, etc.
44 | - Docker image: a bundle of OS, dependencies and code that can be used to create and run a container instance
45 | - Azure Container Registry
46 | - a place to publish private container images
47 | - DockerHub, on the other hand, is a public registry
48 | - a container registry is a resource
49 | - Azure Container Instance
50 | - a container instance is a resource in which a deployed container image runs
51 | - ACI is faster to deploy than an app service, but app services have more features (backups, scaling, etc.)
52 |
53 | ## Function App
54 | - Durable Functions
55 | - stateful
56 | - long-running tasks (more than 30min)
57 | - can be suspended while it waits for another call to complete
58 | - can call other functions
59 | - can make async calls
60 | - made up of
61 | - client: the original function that gets triggered, generally starts the orchestrator
62 | - orchestrator: the traffic cop, makes sure the activities run in the right order
63 | - activity: basic unit of work in a function
64 | - how to set up durable functions
65 | - create an app service plan
66 | - go to App Service Editor
67 | - create a package.json file in the app service root
68 | - add app name and version to the file
69 | - use npm to install durable functions package
70 | - `npm install durable-functions`
71 | - you can now create a function based on the durable function starter template
72 | - then create a function based on the durable function orchestrator template
73 | - it references the activity functions
74 | - then create functions for each activity, based on the durable function activity template
75 | - test the durable function by calling the starter/client function
76 | - it returns several URLs that can give you back different information about the durable function and its state
77 | - delays and timers
78 | - install TypeScript and Moment from the App Service Plan's console
79 | - add `const moment = require('moment');` to the orchestrator function
80 | - `deadline = moment.utc(context.df.currentUtcDateTime).add(1, 'h');`
81 | - `yield context.df.createTimer(deadline.toDate());`
82 | - `outputs.push(yield context.df.callActivity('ActivityFunctionName', 'parameter/s'));`
83 | - Function Core Tools - func
84 | - you can create functions in the cloud shell
85 | - `func init` + `func new` and then `code .` to open a code editor
86 | - `func start` runs the function on localhost in the cloud shell
87 | - then you can `az functionapp create` to create a function app
88 | - `func azure functionapp publish "name of function app"` to publish the function to a function app
89 | - custom handlers
90 | - use programming languages that aren't traditionally supported by Azure function apps
91 | - choose "Custom Handler" for runtime stack on the create function app screen
92 | - you have to develop the app in a code editor that supports your language
93 | - in host.json you
94 | - set the `customHandler.description/defaultExecutablePath` to `handler` (or `handler.exe` for Windows)
95 | - set `customHandler/enableForwardingHttpRequest` to `true`
96 | - the handler will be the complied function code
97 |
98 | ## Azure storage accounts
99 | - managed storage accounts are the accounts Azure makes when you create a VM, open the cloud shell for the first time, etc., you don't create them directly
100 | - unmanaged storage accounts are the ones you create as resources for whatever you want
101 | - premium performance tier
102 | - you pay more per GB of storage but less for the transactions themselves
103 | - used for data you're accessing hundreds of times a second
104 | - in the networking tab, when creating a storage account, you can choose
105 | - access the account through a public endpoint
106 | - you'd still need a private access key to hit the endpoint
107 | - access the account through a specific network, and then you pick/create a virtual network
108 | - a private endpoint cannot be accessed from the internet, even with an access key or via VPN
109 | - blob containers
110 | - types of containers
111 | - private: no anonymous read access
112 | - blob: anonymous read access for all the blobs
113 | - container: anonymous read access for entire container
114 | - accessing data from storage account
115 | - under the storage account's properties, there is a URL for each of the container types (blob, file, queue, table, Data Lake, static website)
116 | - if you have read-only geo-redundant storage enabled, you get a secondary endpoint for each type as well
117 | - under access keys you will find the access keys that enable full access to the entire account
118 | - hitting the endpoint for a file/account/container with the key will serve you the file/account/container
119 | - under shared access signature (SAS) you can select permissions and a time duration that the files/containers can be accesses and then generate a token that can be appended to the endpoint URLs
120 |
121 | ## CosmosDB
122 | - no-SQL, non-relational DB
123 | - Cosmos guarantees sub 10ms latency
124 | - it is more expensive than an Azure Table Storage
125 | - types of CosmosDB accounts
126 | - Core (SQL)
127 | - JSON documents stored
128 | - you can use SQL to access the data
129 | - MongoDB
130 | - usually used for migrating an existing DB
131 | - Cassandra
132 | - also usually used for migrating
133 | - Azure Table
134 | - different from a table in an Azure storage account
135 | - Gremlin (Graph)
136 | - based on nodes, edges/relations
137 | - you can make the CosmosDB account geo-redundant (which means you'll be paying double for storage)
138 | - if you pick geo-redundant storage you can enable the paired region to make writes to the account (doubles the cost of the account again)
139 | - two copies of DB backups are stored for you for free
140 | - you can then choose between locally- or geo-redundant storage
141 | - once you have an account
142 | - you can create containers and explore them through the Data Explorer
143 | - you can create role-based access controls
144 | - you can add/remove read regions on the replicate page
145 | - the synchronizing and replication happens automatically
146 | - on the keys page you can view your primary and secondary access keys, both the read-write and the read keys, as well as the URI for the account
147 | - creating a container
148 | - you get to pick an RU/second level (400+)
149 | - 1 RU/s: the amount of compute needed to read 1kb of data in one second
150 | - the higher the RU, the more the DB will cost you
151 | - you can choose to share those RU/s across all the containers in your DB
152 | - partition key: the field by which CosmosDB will physically split up your data
153 | - default consistency (how the data syncs across replicated regions)
154 | - strong: data is automatically synced each time it changes
155 | - bounded stateless: you set the maximum amount of time you will allow before data has to be synced
156 | - session: this is the default, the clients in the current session will see their data synced across whatever regions they're accessing, but for regions that aren't being currently accessed there are undefined delays between syncs
157 | - consistent prefix: no guarantee of when the data gets synced, but it'll always be in the right order
158 | - eventual: no guarantee of when the data gets synced and no guarantee of order
159 |
160 | ## SQL database
161 | - SQL Server resource
162 | - the simplest way to migrate your existing DBs
163 | - not the cheapest
164 | - you'd essentially have a VM running what you used to have hosted on your own machines
165 | - used if you need to really fine-tune the DBs and/or manage CPU precisely
166 | - Azure SQL Server resource
167 | - also a simple option if you have basic DBs
168 | - migrate data and change connection strings, that's it
169 | - cheaper
170 | - usually the best option
171 | - PaaS
172 | - you pay per DB
173 | - there are also MariaDB, MySQL and PostgreSQL options
174 | - elastic pool
175 | - you can have multiple DBs sharing the same compute resources
176 | - good if the DBs are independent and they won't both get flooded with traffic at the same time
177 | - DTU: data transaction unit, a combo of CPU and memory resources
178 | - you are charged per DTU
179 | - the charge per DTU is different depending on the pricing tier you choose
180 | - performance models: Basic, Standard, Premium
181 | - there is now also a vCore model that is used instead of the DTU model
182 | - you get to pick
183 | - General Purpose, Hyperscale and Business Critical pricing tiers
184 | - provisioned / serverless
185 | - serverless scales up or down automatically
186 | - you can't predict your cost in advance
187 | - how many cores you want
188 | - how much memory you want
189 | - much more expensive than the DTU model
190 | - when you create a DB you're also creating a server (unless you specified an existing server to put the DB on)
191 | - you can set up Active Directory access
192 | - you add IPs to the firewall rules of the server to access the DB/s
193 | - geo replication
194 | - you can replicate your data in multiple regions
195 | - each time, you create a new server
196 | - read-only
197 | - you pay double what you did if you only have the DB on your primary server
198 | - Azure SQL Managed Instance
199 | - Azure manages performance and scaling for you
200 | - SQL Data Warehouse
201 | - used for tons of data
202 | - used for reporting
203 |
204 | ## blob containers
205 | - container into which you can put whatever files you want
206 | - access levels
207 | - private: no anonymous access
208 | - blob: anonymous read access to blobs only
209 | - container: anonymous read access to all containers and blobs
210 | - to access a blob/container you still need an access key (I think)
211 | - AzCopy
212 | - a Windows command line tool
213 | - you can use it to move files between containers, etc.
214 | - if you're moving between storage accounts you're going to have different `/SourceKey` and `/DestinationKey` arguments
215 | - leases
216 | - different clients can "lease" a file while they use it, and that locks out all other users
217 | - once the client is done with the file, they break the lease so that another client can access it
218 | - access tiers
219 | - hot: the default, it's cheap to access, expensive to store
220 | - cool: stored for at least 30 days
221 | - archive: stored for at least 180 days, cheap to store, expensive to access
222 |
223 | ## Azure authentication
224 | - Azure Active Directory
225 | - different than Windows AD
226 | - you can connect your on-prem Windows AD with Azure AD
227 | - if you're connected to Windows AD, you don't have to sync all your Azure AD accounts, i.e. the syncing can go only one way (Windows -> Azure)
228 | - you can allow users to log in with Google/Facebook/Microsoft
229 | - you can create an Azure AD account with your own domain (instead of the default Microsoft domain)
230 | - AD has built-in multi-factor authentication (you enable per account)
231 | - Azure tenant
232 | - when you create a new account, it creates a completely new Azure tenant, without resources or even a subscription
233 | - you can hook the tenant up to an app and use the tenant to authenticate and register the app's users
234 | - once you register your app on the AD account, you get a client ID to put into your app
235 | - then you activate tokens for the application (under Authentication)
236 | - your app sends a request to your AD account and the AD account sends back a token to the redirect URI that you specify in the AD account application
237 | - you can create users for individual apps in your AD account
238 |
239 | ## Azure Access Control
240 | - RBAC (role based access control)
241 | - give users access only to what they need
242 | - access is based on type + role + scope
243 | - roles
244 | - owner: access to everything and can grant access to other users
245 | - contributor: access to everything but can't grant access to others
246 | - reader: read-only
247 | - and tons more, specific to types of resources
248 | - and custom roles
249 | - scopes
250 | - resource
251 | - resource group
252 | - subscription
253 | - management group
254 | - SAS (shared access signature)
255 | - used instead of making AD accounts for every single user who needs to access your resources
256 | - access keys allow users with that key to access the resource / resource group / etc.
257 | - shared access signatures allow you to assign much more granular permissions
258 | - the user would use the combination of access key and SAS to access the resource/etc.
259 | - you can't revoke SAS tokens, but you can regenerate access keys, which invalidates existing SAS tokens
260 |
261 | ## secure data
262 | - storage accounts
263 | - encryption at rest
264 | - this is turned on by default
265 | - you can't turn encryption off
266 | - but you can use your own encryption key
267 | - you store them in your Key Vault
268 | - encryption in transit
269 | - in configuration you must enable secure transfer required
270 | - this is for HTTPS/SSL option
271 | - it doesn't support secure transfer for custom domain names
272 | - you then use your encryption key for transfers from/to the app that uses that storage account
273 | - Azure DBs
274 | - transparent data encryption page
275 | - data is automatically encrypted at rest
276 | - you can't turn server encryption off
277 | - like with storage accounts you can choose to use your own key
278 | - you can encrypt at server and DB levels
279 | - you can turn off encryption for individual DBs
280 | - the master DB can't be encrypted because that's the DB that stores the keys
281 | - Azure key vaults page
282 | - you can restrict access to a key vault to only specific virtual networks
283 | - used to store
284 | - keys: encryption keys
285 | - secrets: for values you don't want hard-coded in your config file
286 | - kind of like environment variables except env vars are usually used once per build and not reused during a runtime
287 | - secrets have URLs
288 | - ARM templates often access secrets, not just apps/APIs
289 | - certificates: used for HTTPS and SSL certificates
290 |
291 | ## scaling apps and services
292 | - free plan and basic plan don't offer autoscaling
293 | - manual scaling
294 | - scale up: moving between plan tiers for an app service
295 | - scale out: increase number of instances of the app
296 | - automatic scaling
297 | - available on the standard plan and up
298 | - standard plan can scale out to up to 10 instances
299 | - when you enable autoscaling
300 | - you define scaling conditions / rules
301 | - you pick the metric source you want to monitor
302 | - the specific metric
303 | - the threshold
304 | - and the resulting action
305 | - you can set the min, max and default number of instances
306 | - you should have a scale in and scale out rule for each condition
307 | - you can have multiple scale conditions (that track different metrics)
308 | - VM scale sets
309 | - group of identical VMs
310 | - you can set up scaling rules like you can for app services
311 | - you don't spend more for using scale sets, but you do pay per instance
312 | - the difference between availability sets and scale sets
313 | - scale sets are identical VMs
314 | - availability sets are individual VMs that share resources
315 | - single VM scaling
316 | - under VM size page, you can resize the VM
317 | - load balancing
318 | - you can create a load balancer and add availability sets to it
319 | - you can set up an ARM template that runs a script based on different VM metrics
320 | - transient faults
321 | - most of the time, scaling up doesn't affect users
322 | - scaling down does, because what if the cloud app is trying to scale down while an execution is happening?
323 | - that's called a transient fault
324 | - you should implement retry or back-off policies to handle failed requests
325 | - you could use a queue or DB to receive requests and then let it deal with failures instead of making the app making the request make the retry requests
326 | - this uncouples the requesting API/app/server and the receiving API/app/server since neither has to directly talk to the other
327 | - if an error happens over and over, you should have a special queue/log to alert someone so it can be dealt with
328 |
329 | ## caching and content delivery networks
330 | - Redis
331 | - Redis is a very fast cache
332 | - it's an in-memory DB
333 | - you use the StackExchange.Redis package
334 | - you use the connection string from your Redis Azure resource
335 | - CDN (content delivery network)
336 | - stores the static content from your app on a server that's not your web server
337 | - stores the data closer to the client
338 | - create a CDN
339 | - create a CDN profile
340 | - a CDN is a global service, you don't pick a region for it
341 | - three companies offer CDN services on Azure
342 | - Verizon / Verizon Premium
343 | - Microsoft
344 | - Akamai
345 | - all the companies charge the same amount
346 | - create a CDN endpoint
347 | - this is the URL that your app will use to access the files
348 | - the app will hit those endpoints, and if it doesn't find the content it'll request it from your server and store it in the cache for next time
349 | - each time your static files get updated you have to purge the caches
350 | - or you can version your files and specify the correct version in your app, forcing the clients to get the new version from the server and cache it instead of using the old file that was already cached
351 |
352 | ## monitoring and logging
353 | - Azure Monitor
354 | - central spot that puts together the logs/diagnostics from all your resources
355 | - you can view
356 | - logs: shows logs for resources that have logging turned on
357 | - logs have to be enabled on each resource
358 | - logs are different from metrics and diagnostic settings
359 | - you have to choose an Analytics Workspace to save the logs to
360 | - alerts
361 | - metrics: builds traffic/performance graphs, allows you to turn on alerts
362 | - service health
363 | - insights section
364 | - you can view information by type of resource (VMs, apps, containers, etc.)
365 | - under Diagnostic settings you can see all the resources you can enable logging on
366 | - logging for VMs
367 | - you have to enable monitoring
368 | - and choose what to performance counter to monitor and what logs to collect
369 | - you could choose to send the diagnostic data to Application Insights
370 | - you can configure the Azure Diagnostics agent (where the logs are stored, disk quota, etc.)
371 | - logging for Function Apps
372 | - you can enable Azure Insights from the monitor section of the app
373 |
374 | ## consuming Azure services
375 | - Logic App
376 | - it's essentially a workflow
377 | - it's point-and-click and visual
378 | - you can pick from tons of templates
379 | - it's an if-this-then-that service
380 | - trigger: HTTP request, file is added to a server, when a tweet is posted
381 | - action: run an Azure Function App, upload a file, make an HTTP request, write to a DB, condition, etc.
382 | - Azure Search
383 | - allows you to add in-app search
384 | - different tiers offer you different sizes and number of indexes
385 | - higher tiers offer
386 | - more storage
387 | - scaling instances
388 | - partitions
389 | - replicas
390 | - load balancing
391 | - API Management
392 | - lets you manage your API, especially public or B2B APIs
393 | - get analytics
394 | - rate limit and quota your APIs
395 | - require clients to be approved to use the API
396 | - after setting up the management service, you add an API to it (could be OpenAPI, API App Service, Logic App, etc.)
397 | - clients will access the API through the management service's URL and not the API's URL
398 | - you can add inbound policies (restrict to certain IP addresses, add custom headers, etc.)
399 | - you can also do outbound processing to responses going back to the client, like adding headers to the requests
400 | - Swagger / OpenAPI
401 | - Swagger is an open standard now
402 | - you can add an external API using Swagger/OpenAPI to define the documentation, etc.
403 | - Event Grid / Event Hub
404 | - a way for apps to send messages to each other
405 | - you can add messages to a queue or a Service Bus (which is the enterprise version of a queue)
406 | - or you can use events
407 | - event: small notifications, not much information, like a notification on your phone
408 | - message: has more info, all the info you need to process the message, like an email in your inbox
409 | - Event Grid
410 | - for events happening in Azure
411 | - different Azure resources can pick up events from other resources
412 | - event sources: resource groups, event hubs, blob storage, service bus
413 | - event handlers: Azure Functions, Logic Apps, queue storage
414 | - Event Hub
415 | - for events happening outside of Azure that you want your Azure resources to receive
416 | - there is a regular event hub and an IoT event hub
417 | - you use this for large volumes of events
418 | - you can push these events into an Event Grid
419 |
420 | ## application messaging
421 | - queues use the FIFO model
422 | - Azure storage queue
423 | - you use a queue storage account to send messages and small pieces of data between apps
424 | - you need an access key to access a queue, just like for blob containers
425 | - async messages
426 | - up to 64kb messages
427 | - messages usually have an expiration date
428 | - reliable and cheap
429 | - Service Bus queue
430 | - has an SLA with 99.9% uptime
431 | - supports messages >= 256kbs
432 | - a more expensive but more robust version of a storage queue
433 | - standard tier and up you can store topics as well as queues
434 | - topics: while queues are one-to-one, topics can be received by more than one app (one-to-many)
435 | - you pay per message instead of per storage
436 |
--------------------------------------------------------------------------------