├── .gitignore ├── .markdownlint.json ├── .github ├── FUNDING.yml └── workflows │ ├── quality-checks.yaml │ └── notify-website.yaml ├── AZ-900 Microsoft Azure Fundamentals ├── img │ ├── 3-load-balancer.png │ ├── azure-regions.png │ ├── portal-top-menu.png │ ├── billing-structure.png │ ├── defence-in-depth.png │ ├── management-groups.png │ ├── policy-compliance.png │ ├── 3-tier-architecture.png │ ├── azure-data-centers.png │ ├── azure-toc │ │ ├── save-chart.png │ │ └── compare-costs.png │ ├── compliance-dashboard.png │ ├── role-assignment-scope.png │ ├── capex-demand-and-growth.png │ ├── incident-response-stages.png │ ├── shared-responsibility-model.png │ ├── organize-resource-groups │ │ ├── by-department.png │ │ ├── by-environment.png │ │ ├── by-resource-type.png │ │ └── by-department-and-environment.png │ ├── billing-structure.drawio │ └── azure-data-centers.drawio ├── 6.1. Economies of Scale.md ├── 3. Azure Services.md ├── 4.7. Microsoft Azure Information Protection (AIP).md ├── 1.5. Scaling.md ├── 3.1. Compute.md ├── 4.1. Shared Responsibility Model.md ├── 2.1. Purchasing & Licensing Options.md ├── 3.1.3. App Service.md ├── 4.2. Defence in Depth.md ├── 4.8. Microsoft Defender for Identity.md ├── 1. Cloud Basics.md ├── 2. Azure Basics.md ├── 3.2.1. Databases.md ├── 1.3.1. Compute & Serverless & Storage.md ├── 2.7. Compliance in Azure.md ├── 6.2. Capital Expenditure (CapEx) vs Operational Expenditure (OpEx).md ├── 4.3. Azure Security Center.md ├── 1.1. Benefits of Cloud Computing.md └── 1.4. Cloud Compliance.md ├── AZ-400 Microsoft Azure DevOps Solutions ├── img │ ├── implement-dsc.png │ ├── widgets │ │ ├── burndown.png │ │ ├── velocity.png │ │ ├── cycle-time.png │ │ ├── lead-time.png │ │ └── cumulative-flow-diagram.png │ ├── lead-vs-cycle-time.png │ ├── branching-tfvc │ │ ├── main-only.png │ │ ├── feature-isolation.png │ │ ├── release-isolation.png │ │ ├── development-isolation.png │ │ └── service-release-isolation.png │ ├── progressive-stability-branching.png │ ├── pull-request-strategies │ │ ├── rebase.gif │ │ ├── squash-commit.gif │ │ ├── semi-linear-merge.gif │ │ └── merge-no-fast-forward.gif │ ├── continuous-feedback │ │ ├── vm │ │ │ ├── diagnostics.png │ │ │ └── service-map.png │ │ ├── app-insights │ │ │ ├── profiler.png │ │ │ ├── application-map.png │ │ │ └── availability-tests.png │ │ └── static-code-analysis │ │ │ └── azure-devops-code-analysis-reports.png │ └── lead-vs-cycle-time.drawio ├── 12. Infrastructure as code.md ├── 7.3. Jenkins.md ├── 7.2.3. Azure Pipelines - DevTest Labs.md ├── 4.2. Continuous Testing - Azure Test Plans.md ├── 7.1. Deployment Patterns.md ├── 1.2. Common tools for DevOps.md ├── 10.1. Azure Container Registry.md ├── 7.4. SonarQube.md ├── 11. Mobile DevOps (Visual Studio App Center).md ├── 7.2.1. Azure Pipelines - Container Agents.md ├── 2.1. Migrations.md ├── 4.1. Continuous Testing - Choosing Test and Work Management Tools.md ├── 1. Introduction.md ├── 9.2. Pull request strategies.md ├── 3. Agile work management.md ├── 7. Continuous Integration & Continuous Delivery.md ├── 1.1. Design a DevOps Strategy.md ├── 3.1. Azure Boards.md └── 6.1. Azure Artifacts.md ├── AZ-303 Microsoft Azure Architect Technologies ├── img │ ├── networking.jpg │ ├── networking.vsdx │ └── workload-patterns │ │ ├── growing-fast.png │ │ ├── on-and-off.png │ │ ├── predictable-bursts.png │ │ └── unpredictable-burst.png ├── 5.5. Implement code that addresses a transient state.md ├── 2.6. Azure Migration.md ├── 2.3. Azure Content Delivery Network (CDN).md ├── 5.7. Querying Azure Resources.md ├── 5.6. Implement code that addresses singleton application instances.md ├── 5.4. Developing for autoscaling.md ├── 6.2. Hybrid Networking.md ├── 2.6.1. Azure Migrate Service.md ├── 3.1.2. Identities - Active Directory Domain Services (ADDS).md ├── 1. Azure basics.md ├── 2.4.2. Virtual Machines - Azure Backup & Azure Site Recovery & Snapshots.md ├── 2.5.2. Virtual Networks - Virtual Network Interface.md ├── 3.5.2. Authorization.md └── 2.5.1. Virtual Networks - Virtual Network Connectivity.md ├── AZ-304 Microsoft Azure Architect Design ├── img │ └── sentinel-investigation-map.png ├── 1.1. Security - Responsibilities.md ├── 1.3. Security - Azure Key Vault.md ├── 4.1.3. Securing ARM templates (Azure Key Vault).md ├── 1.2. Security - Azure data centers.md ├── 2.2. SaaS services in Azure - Bots (Bot Services, QnA Maker).md ├── 2.4. SaaS services in Azure - Media Processing.md ├── 4.1.1. Role-Based Access Control (RBAC).md ├── 4.4. App Services.md ├── 2.3. SaaS services in Azure - Azure Machine Learning.md ├── 5.2. VM Availability (SLA, Availability Sets, Availability Zones).md ├── 4.1. Azure Resource Manager.md ├── 3.1.2. Storage - StorSimple.md ├── 3.5. Data Analysis (Azure Analysis Services, HDInsight, Azure Data Catalog).md ├── 5.3. Azure VM Scale Sets.md ├── 2.1. SaaS services in Azure - Cognitive Services.md └── 4.3. Migration strategies.md ├── AZ-104 Microsoft Azure Administrator ├── 1.1. Management - Azure Cloud Shell.md ├── 6.2. Networking - Load Balancers.md ├── 3.1. Monitoring - Monitoring costs.md ├── 2.1. Governance - Roles.md ├── 1.3. Management - Resource Groups.md ├── 2.3. Governance - Azure Policies.md ├── 1.2. Management - Resources & Costs.md ├── 5.3 Compute - Virtual machines (VMs) - VM Scale Sets (VMMS).md └── 5.1. Compute - Virtual machines (VMs) - High Availability.md ├── package.json └── tools └── markdownlint-fixer.py /.gitignore: -------------------------------------------------------------------------------- 1 | node_modules -------------------------------------------------------------------------------- /.markdownlint.json: -------------------------------------------------------------------------------- 1 | { 2 | "default": true, 3 | "MD033": false, 4 | "MD013": false 5 | } -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | github: undergroundwires 2 | ko_fi: undergroundwires 3 | custom: https://undergroundwires.dev/donate -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/img/3-load-balancer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-900 Microsoft Azure Fundamentals/img/3-load-balancer.png -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/img/azure-regions.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-900 Microsoft Azure Fundamentals/img/azure-regions.png -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/img/portal-top-menu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-900 Microsoft Azure Fundamentals/img/portal-top-menu.png -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/img/implement-dsc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-400 Microsoft Azure DevOps Solutions/img/implement-dsc.png -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/img/billing-structure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-900 Microsoft Azure Fundamentals/img/billing-structure.png -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/img/defence-in-depth.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-900 Microsoft Azure Fundamentals/img/defence-in-depth.png -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/img/management-groups.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-900 Microsoft Azure Fundamentals/img/management-groups.png -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/img/policy-compliance.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-900 Microsoft Azure Fundamentals/img/policy-compliance.png -------------------------------------------------------------------------------- /AZ-303 Microsoft Azure Architect Technologies/img/networking.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-303 Microsoft Azure Architect Technologies/img/networking.jpg -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/img/widgets/burndown.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-400 Microsoft Azure DevOps Solutions/img/widgets/burndown.png -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/img/widgets/velocity.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-400 Microsoft Azure DevOps Solutions/img/widgets/velocity.png -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/img/3-tier-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-900 Microsoft Azure Fundamentals/img/3-tier-architecture.png -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/img/azure-data-centers.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-900 Microsoft Azure Fundamentals/img/azure-data-centers.png -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/img/azure-toc/save-chart.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-900 Microsoft Azure Fundamentals/img/azure-toc/save-chart.png -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/img/compliance-dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-900 Microsoft Azure Fundamentals/img/compliance-dashboard.png -------------------------------------------------------------------------------- /AZ-303 Microsoft Azure Architect Technologies/img/networking.vsdx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-303 Microsoft Azure Architect Technologies/img/networking.vsdx -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/img/lead-vs-cycle-time.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-400 Microsoft Azure DevOps Solutions/img/lead-vs-cycle-time.png -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/img/widgets/cycle-time.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-400 Microsoft Azure DevOps Solutions/img/widgets/cycle-time.png -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/img/widgets/lead-time.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-400 Microsoft Azure DevOps Solutions/img/widgets/lead-time.png -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/img/role-assignment-scope.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-900 Microsoft Azure Fundamentals/img/role-assignment-scope.png -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/img/azure-toc/compare-costs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-900 Microsoft Azure Fundamentals/img/azure-toc/compare-costs.png -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/img/capex-demand-and-growth.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-900 Microsoft Azure Fundamentals/img/capex-demand-and-growth.png -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/img/incident-response-stages.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-900 Microsoft Azure Fundamentals/img/incident-response-stages.png -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/img/shared-responsibility-model.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-900 Microsoft Azure Fundamentals/img/shared-responsibility-model.png -------------------------------------------------------------------------------- /AZ-304 Microsoft Azure Architect Design/img/sentinel-investigation-map.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-304 Microsoft Azure Architect Design/img/sentinel-investigation-map.png -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/img/branching-tfvc/main-only.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-400 Microsoft Azure DevOps Solutions/img/branching-tfvc/main-only.png -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/img/progressive-stability-branching.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-400 Microsoft Azure DevOps Solutions/img/progressive-stability-branching.png -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/img/pull-request-strategies/rebase.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-400 Microsoft Azure DevOps Solutions/img/pull-request-strategies/rebase.gif -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/img/widgets/cumulative-flow-diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-400 Microsoft Azure DevOps Solutions/img/widgets/cumulative-flow-diagram.png -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/img/branching-tfvc/feature-isolation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-400 Microsoft Azure DevOps Solutions/img/branching-tfvc/feature-isolation.png -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/img/branching-tfvc/release-isolation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-400 Microsoft Azure DevOps Solutions/img/branching-tfvc/release-isolation.png -------------------------------------------------------------------------------- /AZ-303 Microsoft Azure Architect Technologies/img/workload-patterns/growing-fast.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-303 Microsoft Azure Architect Technologies/img/workload-patterns/growing-fast.png -------------------------------------------------------------------------------- /AZ-303 Microsoft Azure Architect Technologies/img/workload-patterns/on-and-off.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-303 Microsoft Azure Architect Technologies/img/workload-patterns/on-and-off.png -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/img/branching-tfvc/development-isolation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-400 Microsoft Azure DevOps Solutions/img/branching-tfvc/development-isolation.png -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/img/continuous-feedback/vm/diagnostics.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-400 Microsoft Azure DevOps Solutions/img/continuous-feedback/vm/diagnostics.png -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/img/continuous-feedback/vm/service-map.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-400 Microsoft Azure DevOps Solutions/img/continuous-feedback/vm/service-map.png -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/img/organize-resource-groups/by-department.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-900 Microsoft Azure Fundamentals/img/organize-resource-groups/by-department.png -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/img/organize-resource-groups/by-environment.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-900 Microsoft Azure Fundamentals/img/organize-resource-groups/by-environment.png -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/img/pull-request-strategies/squash-commit.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-400 Microsoft Azure DevOps Solutions/img/pull-request-strategies/squash-commit.gif -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/img/organize-resource-groups/by-resource-type.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-900 Microsoft Azure Fundamentals/img/organize-resource-groups/by-resource-type.png -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/img/branching-tfvc/service-release-isolation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-400 Microsoft Azure DevOps Solutions/img/branching-tfvc/service-release-isolation.png -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/img/continuous-feedback/app-insights/profiler.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-400 Microsoft Azure DevOps Solutions/img/continuous-feedback/app-insights/profiler.png -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/img/pull-request-strategies/semi-linear-merge.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-400 Microsoft Azure DevOps Solutions/img/pull-request-strategies/semi-linear-merge.gif -------------------------------------------------------------------------------- /AZ-303 Microsoft Azure Architect Technologies/img/workload-patterns/predictable-bursts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-303 Microsoft Azure Architect Technologies/img/workload-patterns/predictable-bursts.png -------------------------------------------------------------------------------- /AZ-303 Microsoft Azure Architect Technologies/img/workload-patterns/unpredictable-burst.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-303 Microsoft Azure Architect Technologies/img/workload-patterns/unpredictable-burst.png -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/img/pull-request-strategies/merge-no-fast-forward.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-400 Microsoft Azure DevOps Solutions/img/pull-request-strategies/merge-no-fast-forward.gif -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/img/continuous-feedback/app-insights/application-map.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-400 Microsoft Azure DevOps Solutions/img/continuous-feedback/app-insights/application-map.png -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/img/continuous-feedback/app-insights/availability-tests.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-400 Microsoft Azure DevOps Solutions/img/continuous-feedback/app-insights/availability-tests.png -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/img/organize-resource-groups/by-department-and-environment.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-900 Microsoft Azure Fundamentals/img/organize-resource-groups/by-department-and-environment.png -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/img/continuous-feedback/static-code-analysis/azure-devops-code-analysis-reports.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undergroundwires/Azure-in-bullet-points/HEAD/AZ-400 Microsoft Azure DevOps Solutions/img/continuous-feedback/static-code-analysis/azure-devops-code-analysis-reports.png -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/12. Infrastructure as code.md: -------------------------------------------------------------------------------- 1 | # Infrastructure as code 2 | 3 | - DevOps + Agile => Needs faster techniques to provision infrastructure 4 | - E.g. create test environments & terminate quickly 5 | - Good for disaster recovery. 6 | - There are many tools to automate the underlying infrastructure 7 | -------------------------------------------------------------------------------- /AZ-104 Microsoft Azure Administrator/1.1. Management - Azure Cloud Shell.md: -------------------------------------------------------------------------------- 1 | # Azure Cloud Shell 2 | 3 | - Browser-accessible shell for managing Azure resources 4 | - Can provide Bash or PowerShell 5 | - 🤗 In background it uses dockerized version of PowerShell / bash 6 | - When you open it for the first time → 7 | 1. It creates a new storage account called `azcloudshell` and some numbers 8 | 2. It then creates a file share that stores your user information. 9 | -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/6.1. Economies of Scale.md: -------------------------------------------------------------------------------- 1 | # Economies of Scale 2 | 3 | - Ability to do things more efficiently or at a lower-cost per unit when operating at a larger scale. 4 | - Cloud providers are large businesses leveraging the benefits of economies of scale. 5 | - Providers can then pass the savings on to their customers. 6 | - Cloud providers can also make deals with local governments and utilities to get tax savings 7 | - lowering the price of power, cooling, and high-speed network connectivity between sites. 8 | - Enables end users (customers) to acquire hardware at a lower cost than what you could achieve on your own. 9 | -------------------------------------------------------------------------------- /AZ-304 Microsoft Azure Architect Design/1.1. Security - Responsibilities.md: -------------------------------------------------------------------------------- 1 | # Responsibilities 2 | 3 | - Microsoft gives you a secure foundation & tooling to control your environment but customers have the responsibility of their subscription governance, data, identities, and how to protect those. 4 | - The cloud presents a spectrum of responsibilities based on what types of services and/or features a customer may be consuming. 5 | - This is unlike more traditional on-premises information systems where most, if not all, security is implemented by the same owner. 6 | - In IaaS , customer owns more control than in PaaS or SaaS. 7 | - The subscription is associated with a Microsoft account or organizational account. 8 | -------------------------------------------------------------------------------- /AZ-303 Microsoft Azure Architect Technologies/5.5. Implement code that addresses a transient state.md: -------------------------------------------------------------------------------- 1 | # Implement code that addresses a transient state 2 | 3 | ## Durable functions 4 | 5 | - An extension of Azure Functions that lets you write stateful functions 6 | - The extension manages state, checkpoints, and restarts for you. 7 | - Logic 8 | - You get starter object injected in JS & C# (`DurableOrchestrationClient`) 9 | 10 | ```pseudocode 11 | If starter => existing instance (instanceid) exists 12 | return HttpStatusCode.Conflict 13 | else 14 | starter => start new instance 15 | starter => create response from instanceid 16 | return response from starter 17 | ``` 18 | -------------------------------------------------------------------------------- /.github/workflows/quality-checks.yaml: -------------------------------------------------------------------------------- 1 | name: Quality checks 2 | 3 | on: [push, pull_request] 4 | 5 | jobs: 6 | 7 | lint: 8 | runs-on: ubuntu-latest 9 | strategy: 10 | matrix: 11 | lint-command: 12 | - npm run lint:md 13 | - npm run lint:relative-urls 14 | - npm run lint:external-urls 15 | - npm run lint:consistency 16 | steps: 17 | - name: Checkout 18 | uses: actions/checkout@v2 19 | - name: Setup node 20 | uses: actions/setup-node@v1 21 | with: 22 | node-version: '14.x' 23 | - name: Install dependencies 24 | run: npm ci 25 | - name: Ensure consistency 26 | run: ${{ matrix.lint-command }} -------------------------------------------------------------------------------- /.github/workflows/notify-website.yaml: -------------------------------------------------------------------------------- 1 | name: Website update 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | 8 | jobs: 9 | build: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - 13 | name: Update cloudarchitecture.io 14 | # Requires a "repo" scoped GitHub Personal Access Token. (secret: SITE_REPO_ACCESS_TOKEN) 15 | run: >- 16 | curl https://api.github.com/repos/undergroundwires/cloudarchitecture.io/dispatches \ 17 | -XPOST \ 18 | -H "Authorization: token ${{ secrets.SITE_REPO_ACCESS_TOKEN }}" \ 19 | -H "Accept: application/vnd.github.everest-preview+json" \ 20 | -H "Content-Type: application/json" \ 21 | --data '{"event_type": "child_repo_updated"}' \ 22 | --fail -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "azure-in-bullet-points", 3 | "description": "☁️ Azure summary in bullet points", 4 | "private": true, 5 | "scripts": { 6 | "lint": "npm run lint:md && npm run lint:relative-urls && npm run lint:external-urls && npm run lint:consistency", 7 | "lint:md": "markdownlint **/*.md --ignore node_modules", 8 | "lint:relative-urls": "remark . --frail --use remark-validate-links", 9 | "lint:external-urls": "remark . --frail --use remark-lint-no-dead-urls", 10 | "lint:consistency": "remark . --frail --use remark-preset-lint-consistent" 11 | }, 12 | "devDependencies": { 13 | "markdownlint-cli": "^0.28.1", 14 | "remark-cli": "^10.0.0", 15 | "remark-lint-no-dead-urls": "^1.1.0", 16 | "remark-preset-lint-consistent": "^5.0.1", 17 | "remark-validate-links": "^11.0.0" 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/3. Azure Services.md: -------------------------------------------------------------------------------- 1 | # Azure Services 2 | 3 | - 📝 Microsoft notifies at least 1 months before ending support for an Azure service that does NOT have a successor service. 4 | - **App Hosting** 5 | - Run entire your web application on a managed platform on Linux & Windows 6 | - In Azure Marketplace there are huge range of third party products you can run on Azure 7 | - Including SAP & SQL database solutions 8 | - **Integration** 9 | - Logic apps and service bus connect applications & services 10 | - Allow for workflows to orchestrate business processes on cloud or on-premises 11 | - **Security** 12 | - Security is integrated in every aspect of Azure 13 | - Hardened structures (designed to withstand a range of threats) & global security intelligence monitoring 14 | - **Azure Identity Management** gives you tight control to choose who gets access to what. 15 | -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/4.7. Microsoft Azure Information Protection (AIP).md: -------------------------------------------------------------------------------- 1 | # Microsoft Azure Information Protection (AIP) 2 | 3 | - 📝 Helps to classify and optionally protect (encrypt) documents and emails by applying labels. 4 | - Labels can be applied 5 | - automatically based on rules and conditions 6 | - or manually 7 | - E.g. when a user saves a Microsoft Word document containing a credit card number, a custom tooltip is displayed. The tooltip recommends labeling the file as `Confidential \ All Employees` configured by the administrator. 8 | - After your content is classified, you can track and control how the content is used. E.g. you can: 9 | - Analyze data flows to gain insight into your business 10 | - Detect risky behaviors and take corrective measures 11 | - Track access to documents 12 | - Prevent data leakage or misuse of confidential information 13 | - You can purchase AIP either as a standalone solution, or through one of the following Microsoft licensing suites: 14 | - Enterprise Mobility + Security 15 | - or Microsoft 365 Enterprise 16 | -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/img/billing-structure.drawio: -------------------------------------------------------------------------------- 1 | 7VdNc5swEP01vnQmGQQE4qM/kraHtplxZ5L6JoMCmhESI4sY59d3ZUkGjD+SdOL0EB887NNqpX16q4VBMCnqrxKX+Q+REjbwvbQeBNOB70eBD/8aWBsgjEMDZJKmBkINMKPPxIKeRSuakmXHUQnBFC27YCI4J4nqYFhKseq6PQrWXbXEGekBswSzPnpPU5Ub9NqPG/wboVnuVkbR0IwU2DnbTJY5TsWqBQU3g2AihVDmqagnhGnuHC9m3u2B0e3GJOHqJRPo/Lr6Nb+f16OkvA6jxTyNfl7Yw3jCrLIJj54rSQCaVYtlImmpqOA2AbV2rEhR8ZTowN4gGK9yqsisxIkeXYEMAMtVwcBC8GiXIFKR+uDe0ZYRUBIRBVFyDS61U42VkVWRf2XMVXMkyCkmbx1HYDFsVZBtIzdEwYPl6hW8XfV4G1PGKM8AHCUJ0KM+nDSX/GHOhuekLDpC2Z0UjxR4+mjKkLudjnAWnZGzuMfZd/4kaLIpULju/ofaDPyTOkPeOYWGUI81QCJc6Nz5Yllu8vZeBqHLLz2GCU9HurWAJUrCu4zCoO1iCEgbLxWWynmnFBeCp79zyt2Q8w0dcEt1tpuzIym0IruskCoXmeCY3TToGDOaQagpI4/A6lifI4XeNbLwQiglCh2ppurBbRCe/+gVLq+sNa3dgtpYW8OkrfdwXBhAjahkQk7flpBeRtSpK+Kg0C5QR2eBsSRhWNGn7ib3acrGvRNU383big+76kXRjixNcnZWu73uBPJ3AoU7cUzyvTgbhW9z/QfR9zv5p+hfL3qQtlw/tI3WLG020zbW64vlZBHE5y8CP+5qNxhext6w9QvfVhO7reFU3Peukf4ryGeNvGdjOKn18PxaD/doEr1N3uHO2+KeUG9WNJjNp6Fxb76vg5u/ -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/img/lead-vs-cycle-time.drawio: -------------------------------------------------------------------------------- 1 | 7Vhdb+IwEPw1PPaUOCTQx0J7H7qeVIlK1T26yZJYdeLUMQXu19+G2AlxgjgKRWqvLxCP7bW9M4w3DLxpuvomaZ78EhHwAXGi1cC7HhAy9j38LIF1BXjBZQXEkkUV5DbAjP0BDToaXbAIitZAJQRXLG+DocgyCFULo1KKZXvYXPD2qjmNoQPMQsq76AOLVGKO5TT4d2BxYlZ2Hd2TUjNYA0VCI7HcgrybgTeVQqjqKV1NgZe5M3mp5n3d0VtvTEKm/mUCH8/mit7+fJa3vxchBD+Eii90lBfKF/rAerNqbTIAWXRVJhJbmcgQnCQq5dhy8bEaDVEnic2u3PqsqBEQKSi5xiHLJpsmmclWIg0mgVPFXtrhqSY1rsPVK9wJhgsTx+hPh9HqI4YdE6EQCxmCnrSdPCuOR/YEUlTGoDqB8GHr1A204eYAnrz/jCf3lTxZcdzL89IUfHCaatkfy5Md6NxEjT84UR2/ei1RdqBzE3XZQ1TAMVmTudjss2EseF4I03FRbCqJKxzguvmq6cSnuPy+p8VTWTZIoAoiExO3WIWtBnU0oWCl2kIolBRPMBVcyEYoc8a5BVHO4gybIeoDEJ+8gFQM64wr3ZGyKCqXmSwTpmCW07Bcc4lFFWJSLLIIyjw5+oC6UhrVuyzjwepQNeoJwQ61bIk18LtiJc5uXbaEcCjrZv1jaCd9tD8I+WQiPUqDzlDEnyog7mj0xbeE4HeEMDyrEPoK1LcTwlSkOYdPKRDPGe51BK/n+no7IZAjb2wrRxEtkk3+XN24owp5yDYIccg7uOPtWndMTnTF24F2XPGYa7reGpaXA4rd++3UfCNiyaKKeNL6we17czrQQIZ9BnILFF3CuWcpvGuz2DT1Ho3ZHnWJBF6bZX/UcY5xz4/CLlBP5xzDT+fY93YwfKV1dN4H7UCnsg67QPXPYR3+Tut4bH7jp/CS6TrEaXvMpIYf35fBnMBTUFcW/eO38hRsNn/JVkpq/tf2bv4C -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/7.3. Jenkins.md: -------------------------------------------------------------------------------- 1 | # Jenkins 2 | 3 | - Tool for continuous integration & delivery, see [jenkins.io](https://jenkins.io) 4 | - Multi-OS & open-source 5 | - Supports many languages with rich set of plugins 6 | - You can use webhooks for auto-trigger from GitHub 7 | 8 | ## Jenkins & Azure Repos 9 | 10 | - To enable Jenkins to fetch from Azure Repos ([see lab](https://www.azuredevopslabs.com/labs/vstsextend/Jenkins/)): 11 | - Steps: 12 | - Create a ***personal access token*** in Azure DevOps with read access & add it in Jenkins 13 | - Install [***TFS plugin***](https://github.com/jenkinsci/tfs-plugin) (yet to be renamed Azure DevOps!) to Jenkins to allow: 14 | - TFVC: Poll & read & label 15 | - Git: Push trigger, build information fetching 16 | - For auto trigger from Azure Repos: 17 | - Create [***service hook***](./2.%20Azure%20DevOps%20Overview.md#service-hooks) in Azure repos to trigger Jenkins build ([official docs](https://docs.microsoft.com/en-us/azure/devops/service-hooks/services/jenkins?view=azure-devops)) 18 | - To nest a Jenkins Job with Azure Pipelines 19 | - Add a ***service connection*** to Jenkins. 20 | - You can use Jenkin tasks such as *Queue Jenkins Job*, *Download artifacts* ... 21 | - 💡 Recommended as you can have end-to-end traceability from work items to source code to build and release pipelines. 22 | -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/7.2.3. Azure Pipelines - DevTest Labs.md: -------------------------------------------------------------------------------- 1 | # Azure DevTest Labs 2 | 3 | - VMs that can have lab policies: 4 | - to automatically shut down & start up VMs 5 | - to have caps e.g. max VMs per user or max costs 6 | - To be used for e.g.: 7 | - Conduct compatibility and automated testing with reusable environment templates 8 | - Provide virtual machines for hackathons that automatically expire after the event. 9 | 10 | ## Use DevTest Labs in Azure Pipelines 11 | 12 | - Two use-cases with Azure Pipelines: 13 | - Cheap way to create continuous test environments 14 | - E.g. for development and test environments 15 | - Create a [VM with golden image](https://docs.microsoft.com/en-us/azure/lab-services/devtest-lab-integrate-ci-cd) to execute a specific task e.g. build Erlang/Hack. 16 | - During the build/test phase 17 | - you can add ARM templates & supporting files to the build sources 18 | - so that during the release phase the exact configuration used to test with is deployed to production. 19 | - You can use the Azure DevTest Labs Tasks extension with tasks such as: 20 | - Create Azure DevTest Labs Environment 21 | - 💡 You can instead use an ARM template to deploy the environment instead of this task. 22 | - Deploy ARM template to existing Azure DevTest Labs Environment 23 | - You can provision both Azure PaaS resources & IaaS VMs 24 | - Read more: [Microsoft documentation](https://docs.microsoft.com/en-us/azure/lab-services/use-devtest-labs-build-release-pipelines) 25 | -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/1.5. Scaling.md: -------------------------------------------------------------------------------- 1 | # Scaling 2 | 3 | - Suppose you deployed your website and it becomes popular. You realize that your site can't effectively manage all the requests it's receiving. To solve the problem, you'll need to increase the server's hardware capacity. 4 | - Scale refers to adding network bandwidth, memory, storage, or compute power to achieve better performance. 5 | - 📝 **Dynamic scalability architecture** is an architectural model based on a system of predefined scaling conditions that trigger the dynamic allocation of IT resources from resource pools 6 | 7 | ## Scaling up /down or vertical scaling 8 | 9 | - Increase (up) or decrease (down) the memory, storage, or compute power on an existing virtual machine. 10 | - E.g. add additional memory to a web or database server to make it run faster. 11 | 12 | ## Scaling out/in or horizontal scaling 13 | 14 | - Add (out) or remove (in) virtual machines to power your application. 15 | - E.g., create many virtual machines configured in exactly the same way and use a load balancer to distribute work across them. 16 | 17 | ## Scale down or scale in 18 | 19 | - Do if you needed to scale up or scale out only temporarily. 20 | - Help you save money. 21 | - Services that help you optimize cloud spend: 22 | - Azure Advisor, Azure Cost Management 23 | - You can use these to identify where you're using more than you need 24 | - and then scale back to the capacity you're actually using. 25 | - See also [Cloud Economics - Cost Optimization Best Practices](./6.4.%20Cost%20Optimization%20Best%20Practices.md) 26 | -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/3.1. Compute.md: -------------------------------------------------------------------------------- 1 | # Compute 2 | 3 | - Primarily for performing calculations, executing logic and running applications 4 | - On-demand & computing service for running cloud-based applications 5 | - Provides computing resources like multi-core processors and supercomputers via virtual machines and containers. 6 | - Provides serverless computing to run apps without requiring infrastructure setup or configuration. 7 | - Pay only for the resources you use and only for as long as you're using them. 8 | - Four common techniques for performing compute in Azure: 9 | - [Virtual machines](./3.1.1.%20Virtual%20Machines.md) IaaS: Infrastructure as a Service 10 | - [Containers](./3.1.2.%20Containers.md) 11 | - [Azure App Service](./3.1.3.%20App%20Service.md) 12 | - [Serverless computing](./3.1.4.%20Serverless%20Computing.md) 13 | 14 | ## Choosing a computing strategy 15 | 16 | - "All or nothing" is not needed when choosing a cloud computing strategy. 17 | - Each provides benefits as well as tradeoffs against other options. 18 | - E.g. serverless computing removes the need for you to manage infrastructure 19 | - Serverless computing expects work to be completed quickly; usually within seconds or less. 20 | - You might run your core application on a virtual machine or container but offload some of the data processing onto a serverless app. 21 | - 📝 Most control to least control: Virtual machines, containers, serverless computing 22 | - Learn more: [Overview of Azure compute options](https://docs.microsoft.com/en-us/azure/architecture/guide/technology-choices/compute-decision-tree) 23 | -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/4.1. Shared Responsibility Model.md: -------------------------------------------------------------------------------- 1 | # Shared Responsibility Model 2 | 3 | - Cloud security is a shared responsibility of both cloud providers and customers. 4 | - Azure has many security certifications from outside auditors. 5 | - **Physical security** 6 | - Handled by Microsoft 7 | - Walls, cameras, gates, security personnel 8 | - Strict procedures for employees 9 | - **Digital security** 10 | - Handled by customer + Microsoft 11 | - Azure has tools to mitigate security threats, consumer is responsible to use the tools. 12 | - E.g. role-based access control, multi factor authentication, encryption, monitoring tools such as login failures, suspicious locations, DDoS protection, real-time telemetry & firewalls. 13 | - ❗ You **always** retain responsibility for: Data, Endpoints, Accounts, Access management (identities) 14 | 15 | ## Cloud computing levels 16 | 17 | - 📝 From maximum effort to your side to minimum: IaaS, PaaS, SaaS 18 | 19 | | Responsibility | On-prem | IaaS | PaaS | SaaS | 20 | | -------------- | ------- | ---- | ---- | ---- | 21 | | Data governance & rights management | 🤪 | 🤪 | 🤪 | 🤪 | 22 | | Client endpoints | 🤪 | 🤪 | 🤪 | 🤪 | 23 | | Account & access management | 🤪 | 🤪 | 🤪 | 🤪 | 24 | | Identity & directory infrastructure | 🤪 | 🤪 | ☁️🤪 | ☁️🤪 | 25 | | Application | 🤪 | 🤪 | ☁️🤪 | ☁️ | 26 | | Network controls | 🤪 | 🤪 | ☁️🤪 | ☁️ | 27 | | Operating system | 🤪 | 🤪 | ☁️ | ☁️ | 28 | | Physical host | 🤪 | ☁️ | ☁️ | ☁️ | 29 | | Physical network | 🤪 | ☁️ | ☁️ | ☁️ | 30 | | Physical datacenter | 🤪 | ☁️ | ☁️ | ☁️ | 31 | 32 | - Cloud provider: ☁️ 33 | - Customer: 🤪 34 | -------------------------------------------------------------------------------- /AZ-303 Microsoft Azure Architect Technologies/2.6. Azure Migration.md: -------------------------------------------------------------------------------- 1 | # Azure Migration 2 | 3 | ## Migration Phases 4 | 5 | ### Discover 6 | 7 | - Inventory of on-prem resources to plan where the migration should start 8 | - Tools: ***Azure Migrate Service***, ***Database Migration Assistant*** 9 | - Answer to questions such as _What are my applications? How are they made up JAVA or .NET? Data structure, SQL VM or SQL? How will they look like in Azure? 10 | - You can use Azure partner discovery services such as Cloudamize, CloudSpace… 11 | 12 | ### Migrate 13 | 14 | - Tools: ***Azure Site Discovery***, ***Azure Database Migration Service***, ***Azure Data Box*** 15 | - Deploy identity, network, storage, and compute infrastructure 16 | - You move selected workloads to Azure. 17 | 18 | ### Optimize 19 | 20 | - Fine tune your Azure-based workloads and maximize your ROI (Return on Investment). 21 | - Tools 22 | - **Azure management and security** 23 | - E.g. • backup • monitoring • security • assessment 24 | - **Azure Cost Management** 25 | - Create budgets and alerts with spending thresholds 26 | - Cost tracking, analysis 27 | - Security + performance improvements 28 | - 3rd parties help with with backup, monitoring, security assessments, and cost management. 29 | 30 | ## Arguments for migrating 31 | 32 | - No hardware obsolesce cycle: No need to sell hardware after a while 33 | - No pre-purchase capacity model, but pay for what you use. 34 | - Lack of IT agility 35 | - Desire to focus on core competencies 36 | - Expense of maintaining a global presence 37 | - Enable disaster-recovery scenarios: Geographically dispersed locations. 38 | -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/2.1. Purchasing & Licensing Options.md: -------------------------------------------------------------------------------- 1 | # Purchasing & Licensing Options 2 | 3 | ## Azure purchasing options 4 | 5 | 1. From Microsoft by signing up through Azure website [Azure.com](https://azure.com) 6 | - 📝 Monthly billing 7 | 2. From Microsoft through a Microsoft representative 8 | - 📝 Monthly billing 9 | 3. From a Microsoft partner 10 | - CSP = **Cloud Solution Provider** 11 | - Offer a range of complete managed cloud solutions for Azure. 12 | - Your partner will provide you with access to Azure, manage your billing, and provide support. 13 | 14 | ## Licensing 15 | 16 | ### Free-trial 17 | 18 | - Free access to some Azure products for 12 months 19 | - $200 USD credit to spend for the first 30 days on any service. 20 | - Sign-up from [sign-up page](https://azure.microsoft.com/free) 21 | 22 | ### Pay-as-you-go 23 | 24 | - Get billed for services as you use them 25 | 26 | ### CSP (Cloud Solution Provider) 27 | 28 | - Buy Azure services from a Microsoft Partner organization 29 | - You will be billed by the partner organization. 30 | - First line Azure support will be provided by the partner organization. 31 | 32 | ### Azure in Open licensing 33 | 34 | - You buy from a third party reseller using a 12 month upfront commitment 35 | - Buy Azure Monetary Commitment credits to use in your subscription. 36 | 37 | ### Enterprise Agreement (EA) 38 | 39 | - For big enterprises 40 | - **EA Portal**: enterprise overview of all the spending and budgeting for organization's Azure spend 41 | - **Discounts**: E.g. up to 30% cheaper virtual machines. 42 | - **Enterprise Level Capabilities and Features**: Access to enterprise-only service. 43 | -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/img/azure-data-centers.drawio: -------------------------------------------------------------------------------- 1 | 7VnbctsgEP0av3SmHiGEbD/GTnqbdqbTtJPLG7GIRCoJD8Kx3a8vWGAJI1/iOnLa1A8esYKFPXuWXVAHjrL5e44nyRcWkbTje9G8A887vo/8nvxXgkUpgIOwFMScRqUIVIJL+otooaelUxqRwuooGEsFndjCMctzMhaWDHPOZna3e5bas05wTBzB5RinrvSKRiIppX1jlpJ/IDROzMwgHJRvMmw6a0uKBEdsVhPBiw4cccZE+ZTNRyRV2BlcynHvNrxdLYyTXOwzgN+kd7fX6NMP/onxQfDgf80e3motjzidaoPPscAKT6mVcL1ysTBwcDbNI6I0eh04nCVUkMsJHqu3M+l/KUtElsoWkI/uCs10hAsyr4n0it8TlhHBF7KL4Q9C5RBDHw3mrPIFMFRJan4w/bB2f7zSXCEkHzRITwDMdwCTi44V9RcnBwsAuAusQZtYQQerbySmLD85UD4KdgIVtghU4AB19ohpiu9oSoVa9y3LyclRC7yd9AJem/wKHdikASHOlOn5XTFZmu3tJ4LdNw7AJI/OVAqRLTYhuQ2ofKmzFZCYDQuBuTC9I4ozlkffE5qbV6ZvYATvqDJ26ToSyZSjp2VcJCxmOU4vKukQpzSWqs5Tci9BHSqfUZmjzrT4jgnBMqVpTsW1WaB8vlEzdJFunc/NhKqxMI1c+uK63qiNUs1q2LJlxm1klLQuJmI33ZXZ1sCCTfmYbBkIt/LTJDNDz7LFSYoFfbRnaqKi1vuVUWnPSilENumDoNuTLF/9YGhrLG3QSurZeE3vejApvd6g+vVttSWmjtpl2KyQODySekeMJPBqI+nwiACNEdEu01EDI4/BdIR6W/WCVpluisUa1a8Yl4eCU2dXs7DNyRW1mVuBW5Mk+NEtQqR1wsaiEJz9JCOWMi4luapc4PBexuiayESiPmm4sZjRKFrGbBP4tnvuWS5M3PtHcEbPdgZynQEbnOE/mzPcSucVOcMH/svyRv81ewOBlxUbvrtR/X21Czhq7bLRyyetL0KbN6oMOLCiAGCnquNVERGZfh6FH4OHfm8+GV8NsOCo4WbjP+caj3QOCdvlnN9Q06LaKWtwGAH9hkPhFrXPTEbkkPEkfDru+WtfPu17a7DvIazl24XQ63ruWcikVnQYPYO1e+B1PRv4KH2OF7VuE9Wh2LJ4z67LBt7WVYVru7bdXT6U8x81NBpvCF9kmbahDHvKDhqu1ck94FRm/ecpzBqxb7xT+lexX31YMdi7VXGb2AP3u155RPEIFUnDd71aghinuCjoeD0TVOKatxoOF4eUADsuOYzsTzdb2LgBPXl7hf3mE9Afp3vZrD4Hl92rb+rw4jc= -------------------------------------------------------------------------------- /AZ-304 Microsoft Azure Architect Design/1.3. Security - Azure Key Vault.md: -------------------------------------------------------------------------------- 1 | # Azure Key Vault 2 | 3 | - Helps safeguard cryptographic keys and secrets used by cloud applications and services. 4 | - You can encrypt keys and secrets (such as authentication keys, storage account keys, data encryption keys, `.PFX` files, and passwords) by using keys that are protected by hardware security modules (HSMs). 5 | - You can import or generate keys in HSMs. If you choose to do this, Microsoft processes your keys in FIPS 140-2 Level 2 validated HSMs (hardware and firmware). 6 | - HSM = Hardware security module 7 | - Streamlines the key process and enables you to maintain control of keys that access and encrypt your data. 8 | - Developers can create keys for development and testing, and then seamlessly migrate them to production keys. 9 | - Security administrators can grant (and revoke) permission to keys, as needed. 10 | - Administration 11 | - It can be created and managed by an organization's administrator who manages other Azure services for an organization. 12 | - E.g.: 13 | - Administrator would sign in with an Azure subscription, create a vault for the organization in which to store keys, and then be responsible for operational tasks, such as: 14 | - Create or import a key or secret. 15 | - Revoke or delete a key or secret. 16 | - Authorize users or applications to access the key vault, so they can then manage or use its keys and secrets. 17 | - Configure key usage (for example, sign or encrypt). 18 | - Monitor key usage. 19 | - This administrator would then provide developers with URIs to call from their applications, and provide their security administrator with key usage logging information. 20 | -------------------------------------------------------------------------------- /AZ-104 Microsoft Azure Administrator/6.2. Networking - Load Balancers.md: -------------------------------------------------------------------------------- 1 | # Load Balancer Options 2 | 3 | - All load balancers are software appliances (software defined networking: SDN) 4 | - 💡 Only Standard (not Basic) SKU allows availability zones in Load balancer 5 | 6 | ## Public Load Balancer 7 | 8 | - OSI Layer 4 TCP and UDP 9 | - Internet-facing, has public IP address 10 | - Offers two distribution modes 11 | - ***Set-up public load balancer*** 12 | 1. Settings -> Back-end-pools-> Add VMs 13 | 2. Settings -> Health-probe -> Add health probe 14 | - E.g. tcp-80-probe (HTTP) probe 15 | - Set interval -> time between prop events 16 | - Set unhealth threshold (e.g. 2) before VM is dropped out from the pool 17 | - Add load balancing port 18 | - Incoming request from port 80 (*port*) will be passed to TCP passed 80 (*back-end port*) 19 | - Select backend pool & health-probe 20 | - Set session persistance 21 | - Floating IP (direct server return) 22 | - Use with internal load balancers 23 | - Use with SQL server always on cluster 24 | - Used when same back-end port needs to be used across multiple rules in a single Load Balancer. 25 | 3. Add inbound NAT rule 26 | - Map TCP 5000 to a VMs RDP port (3389) 27 | - Map TCP 5000 to a VMs RDP port (3389) 28 | 29 | ## Internal load balancer 30 | 31 | - OSI Layer 4 TCP and UDP 32 | - Applies to traffic only within a virtual network 33 | - No public IP address 34 | - Good for applying load balancing to n-tier application services (database) 35 | 36 | ## Application Gateway 37 | 38 | - OSI Layer 7 application 39 | - Application Delivery Controller (ADC) as a service 40 | - SSL offload 41 | - Has Web Application Firewall (WAF) 42 | 43 | ## Traffic Manager 44 | 45 | - DNS-level 46 | - Geographical load balancing 47 | - Offers different routing methods 48 | -------------------------------------------------------------------------------- /AZ-303 Microsoft Azure Architect Technologies/2.3. Azure Content Delivery Network (CDN).md: -------------------------------------------------------------------------------- 1 | # Azure Content Delivery Network (CDN) 2 | 3 | - Increases speed and availability 4 | - Caches content to the user by using servers that are closest to the users. 5 | - Can compress (can be enabled in Azure portal). 6 | - Also modify the MIME types list to tune which content formats to compress. 7 | 8 | ## Flow 9 | 10 | 1. User sends request to an *Edge Server* 11 | 2. DNS routes the request to the best performing Point-of-Presence (POP) location (probably geographically closer) 12 | 3. If edge does not have the content, it sends request to origin. 13 | - Origin can add HTTP headers describing the file's Time-to-Live (TTL). 14 | 15 | ## CDN Profiles 16 | 17 | - You can choose between Microsoft, Akamai or Verizon as implementation. 18 | - Four choices for **Origin type**: Storage, Cloud Service, Web App, and Custom origin. 19 | - Supports compression, query string, and geo filtering. 20 | - Endpoint isn't immediately available for use. 21 | - Microsoft standard = 10 min, Akamai = 1 min, Verizon = 90 min 22 | - Rules 23 | - You can set global caching rules 24 | - e.g. TTL Cache Expiration Duration 25 | - Or custom caching rules 26 | - If a pattern match in path & file extensions you can override global caching rules. 27 | 28 | ### Optimization options 29 | 30 | - Vendor specific settings 31 | - ***General web delivery***: Web content, website, applications, small images 32 | - ***General media streaming***: Live & video (so you don't need to change between live and VOD). 33 | - ***Video on demand media streaming***: Only for video streaming. 34 | - ***Large file download***: Large file download: > 10 MB. 35 | - Uses chunking 36 | - To disallow failing of whole request. 37 | - Uses pre-fetch: starts fetching next chunk if the download is on the chunk before. 38 | -------------------------------------------------------------------------------- /AZ-303 Microsoft Azure Architect Technologies/5.7. Querying Azure Resources.md: -------------------------------------------------------------------------------- 1 | # Querying Azure Resources 2 | 3 | ## Using Azure CLI 4 | 5 | - Azure CLI uses `-query` argument to execute a `JMESPath` query 6 | - `JMESPath` => JSON query language. 7 | - `-query` argument is supported by all commands in the Azure CLI. 8 | - Return type 9 | - JSON Array, no order guarantee. 10 | - Projection 11 | - E.g. `select` in LINQ 12 | 13 | ```bash 14 | az vm list --query '[].{name:name image:storageProfile.imageReference.offer}' 15 | ``` 16 | 17 | - Filtering 18 | - E.g. `where` in LINQ 19 | 20 | ```bash 21 | az vm list --query "[?starts\_with(storageProfile.imageReference.offer, 'WindowsServer')]" 22 | ``` 23 | 24 | - Combine project + filter 25 | 26 | ```bash 27 | az vm list --query "[?starts\_with(storageProfile.imageReference.offer, 'Ubuntu')].{name:name, id:vmId} 28 | ``` 29 | 30 | ## Using fluent Azure SDK 31 | 32 | - Better option if you intend to write code to find connection information for a specific application instance. 33 | - Flow: 34 | - Connect 35 | - You need `azure.auth` file (JSON file describing, secret, key url's etc) 36 | - You can create like this: `az ad sp create-for-rbac --sdk-auth > azure.auth` 37 | - Then `Azure azure = Azure.Authenticate("azure.auth").WithDefaultSubscription();` 38 | - See VMs 39 | 40 | ```c# 41 | var vms = await azure.VirtualMachines.ListAsync(); 42 | foreach(var vm in vms) 43 | { 44 | Console.WriteLine(vm.Name); 45 | } 46 | ``` 47 | 48 | - Gather virtual machine metadata to determine the IP address 49 | 50 | ```c# 51 | INetworkInterface targetNic = targetVm.GetPrimaryNetworkInterface(); 52 | INicIPConfiguration targetIpConfig = targetNic.PrimaryIPConfiguration; 53 | IPublicIPAddress targetIpAddress = targetIpConfig.GetPublicIPAddress(); 54 | Console.WriteLine($"IP Address:\t{targetIpAddress.IPAddress}"); 55 | ``` 56 | -------------------------------------------------------------------------------- /AZ-104 Microsoft Azure Administrator/3.1. Monitoring - Monitoring costs.md: -------------------------------------------------------------------------------- 1 | # Azure monitoring costs 2 | 3 | - **Estimating costs** 4 | - [Azure Pricing Calculator](https://azure.microsoft.com/en-us/pricing/calculator/) 5 | - [Azure Total Cost of Ownership (TCO) Calculator](https://azure.microsoft.com/en-us/pricing/tco/calculator/) 6 | - Calculate the cost savings by migrating from on-premises to Azure 7 | - **End of month bills** 8 | - Invoice, detailed usage CSV file 9 | 10 | ## Azure Cost Management 11 | 12 | - Detailed cost analysis 13 | - Consumption, cost, performance 14 | - In portal 15 | - Open scope (e.g. subscription or resource) → Click on code analysis blade 16 | - Or go to "Cost Management" → "Cost analysis" and change scope on top 17 | - Resource optimizations 18 | - Identify underutilized resources 19 | - Budgets, alerts, action groups 20 | - Compare costs against budget 21 | - Cross-cloud 22 | - Manage Azure, Amazon and Google cloud resources in one tool. 23 | - In portal can be found 24 | - 🤗 Replaces **Cloudyn** that was a third party cost management service which was acquired by Microsoft in 2017 and integrated in Azure Cost Management, Cloudyn is deprecated since 2020 but existing users can still user. 25 | 26 | ## Monitoring costs using portal 27 | 28 | - In Subscription → Cost Analysis 29 | - Filter, view consumptions per resource/tags etc. 30 | - Subscription → Invoices 31 | - Shows invoices 32 | - ❗ It does not show individual resources. 33 | - To see them go to: Subscription → Manage and download invoices 34 | 35 | ## Monitoring costs using Consumption APIs 36 | 37 | - Allows programmatic access to cost and usage data 38 | - Some APIs provided differ based on subscription type such as [1] 39 | - Enterprise Enrollments 40 | - Web Direct Subscriptions 41 | - 🤗 Formerly known as **Azure Billing APIs** categorized as enterprise and non-enterprise APIs 42 | 43 | [1]: https://docs.microsoft.com/en-us/rest/api/consumption/ "Consumption APIs" 44 | -------------------------------------------------------------------------------- /AZ-304 Microsoft Azure Architect Design/4.1.3. Securing ARM templates (Azure Key Vault).md: -------------------------------------------------------------------------------- 1 | # Securing ARM templates 2 | 3 | ## Azure Key Vault 4 | 5 | - Create, manage and import **secrets**, **keys**, and **certificates** for applications, services and users. 6 | - When deploying resources using Arm templates and automating that deployment, it is best practice to use a **Service Principal**. 7 | - In on-prem AD it was called: Active Directory Service Account 8 | - The premium tier allows storage of these secrets in a Hardware Security Module, a physical device to contain all your secrets. 9 | - Flow: 10 | - Administrator creates & manages vaults and keys. 11 | - Can be created by any contributor/owner. 12 | - Sends URIs to developers. 13 | - Security administrators uses usage logging for keys. 14 | - Dev/test keys can be migrated to production use at deployment. 15 | - **Key Vault Use in ARM Templates** 16 | - Embedding credentials and passwords inside a template are unwise. 17 | - To further secure the deployment, it is advised to create an Azure Service Principal. 18 | - With key vaults the value is never exposed because you only reference its key vault ID. 19 | - Use in ARM templates 20 | 1. Set the enabledForTemplateDeployment property to true when you create the Key Vault. 21 | 2. Create secret to be used in template 22 | 3. Ensure template can access Key vault 23 | - Ensure the service principal, user or template has the **Microsoft.KeyVault/vaults/deploy/action** permission for the correct Key Vault 24 | - The Contributor built-in role already has this permission. 25 | 4. Reference the secret using a static ID in the template parameter file. 26 | - ❗ Challenge: Sometimes the Key Vault secret will change from deployment to deployment 27 | - It this requires the use of a dynamic ID reference. 28 | - It cannot go in the parameter file. 29 | - 💡 Solution: Nested template where key is also deployed. 30 | -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/4.2. Continuous Testing - Azure Test Plans.md: -------------------------------------------------------------------------------- 1 | # Azure DevOps - Test Plans 2 | 3 | - View test cases, runs & results. 4 | - **Test suites**: Groups test cases together for e.g. different scenarios. 5 | - **Test plans**: Groups test suites and test cases. 6 | 7 | ## Test cases 8 | 9 | - Each work item in Azure Boards can have multiple test cases. 10 | - Create by clicking on *Add test* 11 | - Each test case consists of multiple steps 12 | - Each step has an Action, Expected result, and Attachments. 13 | - You can assign the test cases to individual testers 14 | - Run test cases manually 15 | - In test plan view you can run your tests one by one. 16 | - You can comment & add screenshots/recording/user actions and create issues & bugs easily. 17 | - Or you can as passed or failed on directly on Azure Boards 18 | - [Run automated test cases](https://docs.microsoft.com/en-us/azure/devops/test/run-automated-tests-from-test-hub?view=azure-devops) 19 | - You can couple test-cases with pipelines and run them automatically through Test 20 | 21 | ## Load Tests 22 | 23 | - See how well your application can behave under certain types of load or stress. 24 | - Types 25 | - You can create URL based load tests 26 | - Import tests from tools such as Visual Studio or Apache JMeter. 27 | - Run HTTP-archive based tests 28 | - Record HTTP sessions. 29 | - Tests from Fiddler can be important this way 30 | - You can set: 31 | - Load pattern that can be: 32 | - Constant: Same amount of users 33 | - Step: Set amount of initial users `x`, after period of `y` seconds, increment number of users by `z`. 34 | - Set time duration, maximum amount of users, initial user count, warmup duration, and which browsers to mimic. 35 | - Select user agents: 36 | - Automatically provisioned: You can select the geo-location 37 | - Your own provisioned agents 38 | - After execution you get summary, charts (performance, throughput, errors, tests), diagnostics and logs. 39 | -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/7.1. Deployment Patterns.md: -------------------------------------------------------------------------------- 1 | # Deployment Patterns 2 | 3 | ## Feature toggles 4 | 5 | - [Feature toggles](https://martinfowler.com/bliki/FeatureToggle.html) are booleans in code that activates or deactivates a feature in run-time 6 | - You can deploy first 7 | - Measure soundness of your release in backwards compatibility/bug perspective 8 | - Release new functionality gradually to different users, or vice versa (scale down or even rollback functionality and/or binaries). 9 | - Allows for splitting availability of functionality from deployment of binaries, and gives much more fine-grained decision making then only "deploy/rollback" 10 | - 💡 Always using it a good way to increase your confidence in a new version, since the new version functions exactly like the old until someone flips a feature toggle. 11 | 12 | ## Blue Green deployments 13 | 14 | - The essence of blue-green is deploying all at once 15 | - Easy rollbacks in case of failure. 16 | - Completely automated deployment process 17 | - Zero downtime deployment 18 | - Concept 19 | - Blue version = Current version, users use it 20 | - Green version = New version on production, not yet available 21 | - You redirect users to Green release and at the end it becomes your Blue release. 22 | - Azure Traffic Manager [allows it](https://azure.microsoft.com/en-us/blog/blue-green-deployments-using-azure-traffic-manager/) with its [weighted](https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methods#weighted) round-robin routing method 23 | 24 | ## Canary Deployments 25 | 26 | - The essence of canary deployment is deploying incrementally 27 | - Deploys in small, incremental steps, and only to a small group of people 28 | - It is about to get an idea of how new version will perform (integrate with other apps, CPU, memory, disk usage, etc). 29 | 30 | ## Rolling deployment 31 | 32 | - Slowly replaces currently running instances of the application with newer ones. 33 | - Noting that the old one is removed only when the new is has passed health checks is important 34 | -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/1.2. Common tools for DevOps.md: -------------------------------------------------------------------------------- 1 | # Common tools for DevOps 2 | 3 | ## Project management 4 | 5 | - 💡 Recommended: **[Azure Boards](https://azure.microsoft.com/en-us/services/devops/boards/)** in Azure DevOps services, **[JIRA](https://www.atlassian.com/software/jira)** 6 | - Allows you to: 7 | - Work with different work items. 8 | - Track items on a Kanban board 9 | - Create test cases from items. 10 | - Work with sprints. 11 | 12 | ## Team Collaboration 13 | 14 | - 💡 Recommended: **[Microsoft Teams](https://teams.microsoft.com)**, **[Slack](https://slack.com)** 15 | - Allows you to: 16 | - Create multiple channels for communication 17 | - Highly accessible as it's available in the browser. 18 | - Collaborate with external suppliers and contractors 19 | - You can integrate slack with Azure DevOps 20 | - E.g. by installing [Azure Pipeline app for Slack](https://docs.microsoft.com/en-us/azure/devops/pipelines/integrations/slack). 21 | 1. Log-in through app 22 | 2. Run `/azpipelines subscribe [project url]` inside a channel 23 | 24 | ## Managing Technical Debt 25 | 26 | - Technical Debt = Compromising quality over speed of delivery 27 | - 📝 **[SonarQube](https://www.sonarqube.org/)** for variety of languages. 28 | 29 | ## Build and Release Pipelines 30 | 31 | - **[Jenkins](https://jenkins.io/)**: Continuous Integration & Continuous Delivery 32 | - **[Azure Pipelines](https://azure.microsoft.com/en-us/services/devops/pipelines/?cdn=disable)**: Continuous Integration & Continuous Delivery 33 | - **[Octopus](https://octopus.com/)**: Continuous Delivery 34 | - **[Bamboo](https://www.atlassian.com/software/bamboo)**: CI/CD tool from Atlassian 35 | - **[Travis](https://travis-ci.org/)**: CI/CD tool 36 | 37 | ## Others 38 | 39 | - See [security tools](./8.%20DevSecOps.md#security-tools) 40 | - See [test tools](./4.1.%20Continuous%20Testing%20-%20Choosing%20Test%20and%20Work%20Management%20Tools.md#test-tools) 41 | - See [test coverage tools](./4.1.%20Continuous%20Testing%20-%20Choosing%20Test%20and%20Work%20Management%20Tools.md#test-coverage-tools) 42 | -------------------------------------------------------------------------------- /AZ-303 Microsoft Azure Architect Technologies/5.6. Implement code that addresses singleton application instances.md: -------------------------------------------------------------------------------- 1 | # Implement code that addresses singleton application instances 2 | 3 | - An application that communicates with elements running in the cloud has to be sensitive to the transient faults that can occur in this environment. 4 | - Faults e.g. momentary loss of network connectivity to components and services, the temporary unavailability of a service, or timeouts that occur when a service is busy. 5 | - These faults are self-correcting and if action is done after delay, it's likely to be successful. 6 | - E.g. `ConnectionClosed`, `TimeOut`, `RequestCanceled` 7 | - Strategies 8 | - **Cancel** : Report exception & cancel operation. E.g. invalid credentials. 9 | - **Retry** : If specific fault reported is unusual or rare, E.g. network packet becoming corrupted. 10 | - **Retry after delay** : Fault caused by e.g.. busy/connectivity failures. Try after short period of time. 11 | - For more common transient failures, period between retries should be chosen to spread requests from multiple instances of the application as evenly as possible 12 | - Reduces chance of being overloaded. 13 | - Too many service retry => longer to recover 14 | - If service fails again, wait & make another attempt, if necessary, increase delays between retry attempts until maximum is reached. 15 | - Delay can be increased incrementally or exponentially depending on the type of failure & probability that it'll be corrected during this time. 16 | - Many SDKs implement retry policies, where some parameters can be set: maximum number of retries, amount of time between retry, …. 17 | - An application should log the details of faults & failing operations. 18 | - Scaling out can lower frequency of faults caused by being overloaded etc. 19 | - Partition the database & spread the load across multiple servers. 20 | - In code 21 | - Try catch for the exception 22 | - Set delay (`Delay = TimeSpan.FromSeconds(5)`) and wait for the delay (`Task.Delay`) 23 | - Log the exception 24 | - `throw` if retry count is maximum 25 | -------------------------------------------------------------------------------- /AZ-304 Microsoft Azure Architect Design/1.2. Security - Azure data centers.md: -------------------------------------------------------------------------------- 1 | # Azure data centers 2 | 3 | - Azure data centers are secured by using different technical isoalations. 4 | - Based on following components: 5 | - [Azure Fabric Controller](#azure-fabric-controller-fc) 6 | - [Virtualization](#virtualization) 7 | - [Logical Separations](#logical-separations) 8 | 9 | ## Azure Fabric Controller (FC) 10 | 11 | - Kernel of the Azure platform, managing resources as needed. 12 | - Provisions, stores, delivers, monitors and commands the VMs and physical servers that make up the Azure customer environment and infrastructure. 13 | - Deploys & manages health of compute services. 14 | - Manages data center infrastructure (hardware & software), recovers from failures 15 | - Drives infrastructure updates. 16 | 17 | ## Virtualization 18 | 19 | - The **Host OS** is a configuration-hardened version of Windows Server. 20 | - The **Hypervisor** is Hyper-V from Windows Server 2012 R2, which has been battle-tested and proven in enterprise environments worldwide. 21 | - Two types of a hypervisor: 22 | - Type 1 Hypervisor *(e.g. VMware, HyperV)* runs the OS. 23 | - Type 2 Hypervisor *(e.g. VMware Workstation, VirtualBox)* runs on OS. 24 | - The **Guest VM OS** can be either Windows Server, several distributions of Linux, or an OS image supplied by the customer (much be supported Operating Systems, or starting from the Azure Marketplace images. 25 | 26 | ## Logical separations 27 | 28 | - Segregates each customer's data & application from that of others. 29 | - **Storage isolation** 30 | - **Storage Access Key (SAK)**: Data is accessible only through claims-based Identity Management & access control with a Storage Access Key. 31 | - **Shared Access Signature (SAS)** 32 | - Recommended as it does not reveal account key and is more granular & restricted access. 33 | - Can be reset via the Microsoft Azure Portal or the Storage Management API. 34 | - Storage blocks are hashed by the hypervisor to separate accounts. 35 | - **SQL isolation**: SQL Azure isolates separate account databases. 36 | - **Network isolation**: VM switch at the host level blocks inter-tenant communication. 37 | -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/3.1.3. App Service.md: -------------------------------------------------------------------------------- 1 | # App Service 2 | 3 | - Azure App Service is an HTTP-based service. 4 | - Enables you to build and host many types of web-based solutions without managing infrastructure. 5 | - E.g. you can host web apps, [mobile back-ends](#mobile-apps), and RESTful APIs in several supported programming languages. 6 | - Supports different frameworks such as .NET, .NET Core, Java, Ruby, Node.js, PHP, Python.. 7 | - Can scale on both both Windows and Linux-based environments. 8 | 9 | ## Mobile apps 10 | 11 | - Allows developers to create mobile backend as a service (MBaaS) 12 | - Features include 13 | - Autoscaling 14 | - Offline data synchronization 15 | - Broadcasting push notifications 16 | - Integration with identity providers including Azure Active Directory, Google, Twitter, Facebook, and Microsoft 17 | 18 | ## Azure Marketplace 19 | 20 | - Online store that hosts applications that are certified and optimized to run in Azure. 21 | - Many types of applications are available, e.g. AI / web applications. 22 | - Deployments from the store are done via the Azure portal using a wizard-style user interface. 23 | - Makes evaluating different solutions easy. 24 | 25 | ## Pricing tiers 26 | 27 | - Categories 28 | 29 | | Category | Description | 30 | | --------- | ------------ | 31 | | **Dev / Test** | Ideal for less demanding workloads. Focused on providing shared infrastructure. Additional features include custom domains / SSL and manual scale. | 32 | | **Production** | Ideal for more demanding workloads. Additional features include staging slots, daily backups, and a traffic manager. | 33 | | **Isolated** | Ideal for workloads that require advanced networking and fine-grained scaling. | 34 | 35 | - Within each category, there are different pricing tiers. 36 | 37 | ### Scale up an App Service 38 | 39 | 1. Open the [Azure portal](https://portal.azure.com) 40 | 2. From the left-hand navigation menu (may need to click on menu icon), select **Dashboard** 41 | 3. Select the **App Service** with the name you chose it in the previous exercise. 42 | 4. Under **Settings** you see many configurable settings 43 | 5. Select **Scale up (App service plan)**. 44 | -------------------------------------------------------------------------------- /AZ-303 Microsoft Azure Architect Technologies/5.4. Developing for autoscaling.md: -------------------------------------------------------------------------------- 1 | # Developing for autoscaling 2 | 3 | - Applications workloads are unpredictable 4 | - Overestimate => Pay for unnecessary compute resources 5 | - Underestimate => Poor user experience 6 | - Ideally => Use extra instance only when it's needed and shut down when it's not. 7 | 8 | ## Workload Patterns 9 | 10 | - 📝 Four common computing patterns you'll see for web applications in cloud 11 | - **On and Off** 12 | - |||||....|||||...... 13 | - ![On and of workload | Scaling cloud computing pattern](./img/workload-patterns/on-and-off.png) 14 | - E.g.: batch processing. 15 | - **Growing fast** 16 | - |.||.|||.||||.|||||.|||||| 17 | - ![Growing fast | Scaling cloud computing pattern](./img/workload-patterns/growing-fast.png) 18 | - Often growing start-ups. 19 | - **Unpredictable bursting** 20 | - |..|..|||||||||..|.| 21 | - ![Unpredictable Bursting | Scaling cloud computing pattern](./img/workload-patterns/unpredictable-burst.png) 22 | - **Predictable bursting** 23 | - |.|.||||.|.|.||||.|.| 24 | - ![Predictable bursting | Scaling cloud computing pattern](./img/workload-patterns/predictable-bursts.png) 25 | - E.g. during black friday for a e-commerce site. 26 | - Distribute applications across multiple instances to provide redundancy + performance. 27 | - A load balancer is needed to distribute. 28 | 29 | ## Auto scale 30 | 31 | - Primary advantage of the cloud is **elastic scaling**. 32 | - Ability to use as much capacity as you need, scale out if load increases, scale in when the extra capacity is not needed. 33 | - Supported in many Azure Services 34 | - IaaS: Azure Virtual Machine Scale Sets (identical VMs in same set) 35 | - PaaS: Azure App Service 36 | - Or event database services such as Cosmos DB 37 | - Auto-scale metrics 38 | - Supported in all pricing plans of App Service. 39 | - Autoscale can be triggered based on metrics or at scheduled date and time. 40 | - Metrics are aggregated over all instances of the plan 41 | - E.g. `CpuPercentage`, `MemoryPercentage`, `BytesRecieved`, `BytesSent`, `HttpQueueLength`, `DiskQueueLength` (read+writes queued on storage) 42 | - ❗ Basic plan does not include AutoScaling 43 | -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/10.1. Azure Container Registry.md: -------------------------------------------------------------------------------- 1 | # Azure Container Registry 2 | 3 | - Managed private Docker registry service 4 | - Store your private Docker container images 5 | - Security (❗ below features are only available in [Premium SKU](https://docs.microsoft.com/sv-se/azure/container-registry/container-registry-skus)) 6 | - ***Consent trust*** for image tag signing 7 | - ***Firewalls and virtual networks*** to restrict access to the registry. 8 | - If you want your CI/CD tool to be able to work with ACR => 9 | - Create a service principal e.g. for Jenkins. 10 | - `az ad sp create-for-rbac --skip-assignment` 11 | - Assign it to the ACR: 12 | - `az role assignment create --assignee 626dd8ea-042d-4043-a8df-4ef56273670f --role Contributor --scope $ACR_ID` 13 | - You can now use appId (username) and password of your service principal to push & update images. 14 | - To upload image 15 | - Install azure CLI: `apt-get azure-cli` 16 | - Sign in: `az login` 17 | - Create a container registry: `az acr create --resource-group registry-rg --name registry --sku Standard --location eastus` 18 | - Build image & tag & push it to Azure 19 | - Using CLI: 20 | - `az acr build --registry registry --image namewithtag:v1 .` 21 | - [Using Azure Pipelines](https://docs.microsoft.com/en-us/azure/devops/pipelines/ecosystems/containers/acr-template?view=azure-devops): 22 | - You can create a new pipeline & configure it to be docker, it'll then create `azure-pipelines.yml` file. 23 | - Or you can create the yaml file yourself using Docker task: 24 | 25 | ```yaml 26 | - stage: Build 27 | displayName: Build and push stage 28 | jobs: 29 | - job: Build 30 | displayName: Build job 31 | pool: 32 | vmImage: $(vmImageName) 33 | steps: 34 | - task: Docker@2 35 | displayName: Build and push an image to container registry 36 | inputs: 37 | command: buildAndPush 38 | repository: $(imageRepository) 39 | dockerfile: $(dockerfilePath) 40 | containerRegistry: $(dockerRegistryServiceConnection) 41 | tags: | 42 | $(tag) 43 | ``` 44 | -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/7.4. SonarQube.md: -------------------------------------------------------------------------------- 1 | # SonarQube 2 | 3 | - Open-source code Analysis tool, [sonarqube.org](https://sonarqube.org) 4 | - Helps you to see your projects technical debt 5 | - Detect bugs, vulnerabilities, code smells, coverage... 6 | 7 | ## SonarQube & Azure Repos 8 | 9 | - See [labs](https://azuredevopslabs.com/labs/vstsextend/sonarcloud/) 10 | - 📝 Steps: 11 | - *(If you don't have SonarQube)* Create VM with container & SonarQube image 12 | - Ensure port 8080 is open on VM/container to be able to comunicate with Azure DevOps 13 | 1. Create a project in SonarQube 14 | - It'll give you authentication token you'll need (you can also use an existing token) 15 | - Also gives you scripts to run for different languages/frameworks 16 | - You'll use name of this project in service connection. 17 | 2. You create **service connection** for SonarQube. 18 | - You can use token from SonarQube project or generate a new token in security section of SonarQube 19 | 3. In organization settings add SonarQube **extension** 20 | - Gives you tasks to execute in [following order](https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-azure-devops/): 21 | 1. Prepare Analysis Configuration 22 | - Before executing the build 23 | 2. Run Code Analysis 24 | - Not required for Maven or Gradle projects, because scanner will be run as part of the Maven/Gradle build. 25 | 3. Publish Quality Gate Result 26 | - Optional to display the Quality Gate status in the build summary 27 | 4. You can analyze results in SonarQube server 28 | - Set-up a pull-request integration: 29 | 1. Create a Personal Access Token in Azure DevOps 30 | 2. Configure SonarCloud to analyze pull requests 31 | - In Pull Requests tab set provider to Azure DevOps Services 32 | 3. Configure the branch policy for the project in Azure DevOps 33 | - Set SonarQube pipeline as build definition 34 | 4. Block pull requests if the Code Quality check failed 35 | - Branch Policy => Add status policy => SonarCloud/quality gate and mark requirement as Required 36 | - [Tasks to run](https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-azure-devops/): 37 | - Prepare Analysis Configuration 38 | - Run Code Analysis (not required) 39 | -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/11. Mobile DevOps (Visual Studio App Center).md: -------------------------------------------------------------------------------- 1 | # Visual Studio App Center 2 | 3 | - [appcenter.ms](https://appcenter.ms) 4 | - Build, test, distribute, diagnostics, analytics, auth, data push mobile applications. 5 | - Automate & manage the lifecycle of iOS; Android, Windows and macOS applications. 6 | - Connect to your repositories & automate your builds 7 | - Test builds on real devices in the cloud 8 | - Distribute apps to beta testers 9 | - Monitor real-world usage with crash and analytics data 10 | - Enable get feedback from users on the new features 11 | - 📝 It's used to: 12 | - Manage mobile target device sets and distribution groups 13 | - Managed target UI test device sets 14 | - Provision tester devices for deployment 15 | - Create public and private distribution group 16 | 17 | ## Distribution groups 18 | 19 | - Controls access to releases 20 | - Set of users e.g. QA Team, Canary users etc. 21 | releases, such as Staging. 22 | - Release the application to users via distribution groups 23 | - Types 📝 24 | - **Private**: Invited by e-mail to test application 25 | - **Public**: Unauthenticated users, download application with a link. 26 | - **Shared**: Shared across multiple applications in a single organization. 27 | - Created at organization level, not application level. 28 | - Device registration - example for iOS application 29 | - Devices have to be specified in the provisioning profile for the application 30 | - App Center will help register the tester device IDs into the Apple Development account 31 | - You will need the `.p12` certificate which was used to sign the application at build time. 32 | 33 | ## Releasing an application 34 | 35 | - **Android** 36 | - Ensure you have updated the manifest and have a correctly configured Gradle build. 37 | - In Android Studio, choose ***Build > Generate Signed Bundle / APK*** and follow the steps in the wizard to build the app bundle or APK. 38 | - **iOS / macOS** 39 | - ❗ Register each testers devices on Apple Developer portal as test devices. 40 | - In Xcode, go to Product > Archive to archive your app. 41 | - Export the archive using the proper provisioning profile. 42 | - Windows: `.appx`, `.appxbundle`, `.appxupload`, `.msi`, `.msix`, `.msixbundle`, `.msixupload`, or `.zip` 43 | - Other OS: `.zip` 44 | -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/4.2. Defence in Depth.md: -------------------------------------------------------------------------------- 1 | # Defence in Depth 2 | 3 | - Strategy to slow the advance of an attack to get unauthorized access to information. 4 | - Layered approach: Each layer provides protection, so if one layer is breached, a subsequent prevents further exposure. 5 | - Applied by Microsoft, both in physical data centers and across Azure services. 6 | 7 | ## Layers 8 | 9 | - ![Defence in depth layers](./img/defence-in-depth.png) 10 | 11 | ### Data 12 | 13 | - In almost all cases attackers are after data. 14 | - Data can be in database, stored on disk inside VMs, on a SaaS application such as a Microsoft 365 app or in cloud storage. 15 | - Those storing and controlling access to data to ensures that it's properly secured 16 | - Often regulatory requirements dictates controls & processes 17 | - to ensure confidentiality, integrity, and availability. 18 | 19 | ### Application 20 | 21 | - Ensure applications are secure and free of vulnerabilities. 22 | - Store sensitive application secrets in a secure storage medium. 23 | - Make security a design requirement for all application development. 24 | - Integrate security into the application development life cycle, 25 | 26 | ### Compute 27 | 28 | - Secure access to virtual machines. 29 | - Implement endpoint protection and keep systems patched and current. 30 | - Malware, unpatched systems, and improperly secured systems open your environment to attacks. 31 | 32 | ### Networking 33 | 34 | - Limit communication between resources. 35 | - Deny by default. 36 | - Allow only what is required 37 | - Restrict inbound internet access and limit outbound, where appropriate. 38 | - Implement secure connectivity to on-premises networks. 39 | 40 | ### Perimeter 41 | 42 | - Use distributed denial of service (DDoS) protection to filter large-scale attacks before they can cause a denial of service for end users. 43 | - Use perimeter firewalls to identify and alert on malicious attacks against your network. 44 | 45 | ### Identity and access 46 | 47 | - Control access to infrastructure and change control. 48 | - Access granted is only what is needed 49 | - Use single sign-on and multi-factor authentication. 50 | - Audit events and changes. 51 | 52 | ### Physical security 53 | 54 | - Building security & controlling access to computing hardware. 55 | - First line of defense 56 | -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/4.8. Microsoft Defender for Identity.md: -------------------------------------------------------------------------------- 1 | # Microsoft Defender for Identity 2 | 3 | - Formerly **Azure Advanced Threat Protection (ATP)** 4 | - Cloud-based security solution that identifies, detects, helps you investigate threats. 5 | - Capable of detecting known malicious attacks and techniques, security issues such as compromised identities, and risks/threats against your network. 6 | - Can be integrated with on-premises Microsoft Defender ATP 7 | 8 | ## Microsoft Defender for Identity components 9 | 10 | ### Microsoft Defender for Identity portal 11 | 12 | - Own portal at [portal.atp.azure.com](https://portal.atp.azure.com) 13 | - ❗ User accounts must be assigned to an Azure AD security group that has access to the Azure ATP portal to be able to sign in. 14 | - Through it you can monitor and respond to suspicious activity. 15 | - Allows you to create your Azure ATP instance, and view the data received from Azure ATP sensors. 16 | - Monitor, manage, and investigate threats in your network environment. 17 | 18 | ### Microsoft Defender for Identity sensor 19 | 20 | - Sensors are installed directly on your domain controllers. 21 | - 📝 Monitors domain controller traffic without requiring a dedicated server or configuring port mirroring. 22 | 23 | ### Microsoft Defender for Identity cloud service 24 | 25 | - Runs on Azure infrastructure 26 | - Deployed in the United States, Europe, and Asia. 27 | - Connected to [**Microsoft Intelligent Security Graph**](https://www.microsoft.com/security/blog/2019/05/14/executing-vision-microsoft-threat-protection/) 28 | - Threats signals are seamlessly shared across all the services in Microsoft 365 Defender, 6.5 trillion signals daily. 29 | - **Microsoft 365 Defender** 30 | - Formerly known as **Microsoft Threat Protection** 31 | - Consists of different Azure security services 32 | - E.g. Office ATP, Microsoft Defender ATP, SmartScreen, Exchange Online Protection (EOP) 33 | - Provides comprehensive security across multiple attack vectors. 34 | - Allows you to use [Microsoft Graph Security API](https://docs.microsoft.com/en-us/graph/security-concept-overview) 35 | - Connects Microsoft security products, services, and partners 36 | - Can be used to 37 | - streamline security operations 38 | - improve threat protection, detection, and response capabilities. 39 | -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/1. Cloud Basics.md: -------------------------------------------------------------------------------- 1 | # Cloud Basics 2 | 3 | ## What's cloud 4 | 5 | - Delivery of computing services over the Internet using a pay-as-you-go pricing model. 6 | - in other words: a way to rent compute power and storage from someone else's data center. 7 | - **Pay-as-you-go**: You're billed only for what you use. 8 | - Instead of maintaining CPUs and storage in your data center, you rent them for the time that you need them 9 | - The cloud provider takes care of maintaining the underlying infrastructure for you. 10 | - **On-demand access**: 11 | - You can treat cloud resources like you would your resources in your own data center. When you're done using them, you give them back 12 | - The real value of the cloud: speed 13 | - Enables you to quickly solve your business challenges and bring cutting edge solutions to your users. 14 | - In less time than it takes to eat lunch, you can create & deploy a website on Azure 15 | - A foundational building block of everything from digital transformation to the next big startup. 16 | 17 | ## Why move to the cloud 18 | 19 | - Move faster and innovate in ways that were once nearly impossible 20 | - Two-trends in world: 21 | - Teams are delivering new features to their users at record speeds. 22 | - Software releases were once scheduled in terms of months or even years. 23 | - Today, teams are releasing features in smaller batches 24 | - Allows to schedule multiple releases a day 25 | - End users expect an increasingly rich and immersive experience with their devices and with software. 26 | - Many ways to interact with devices 27 | - E.g. they can recognize your face & voice commands 28 | - E.g. mobile phones, PCs, tablets, VR headsets, webpages... 29 | - The cloud provides on-demand access to: 30 | - A nearly limitless pool of raw compute, storage, and networking components. 31 | - Speech recognition and other cognitive services that help make your application stand out from the crowd. 32 | - Analytics services that enable you to make sense of telemetry data coming back from your software and devices. 33 | - While migrating your existing apps to virtual machines is a good start, the cloud is more than just "a different place to run your virtual machines". 34 | - It can provide AI and machine-learning, storage (that grows with your needs) and more. 35 | -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/2. Azure Basics.md: -------------------------------------------------------------------------------- 1 | # Azure Basics 2 | 3 | - Azure is Microsoft's private & public cloud computing platform 4 | - Provides developers & IT admins tools to provide, build, manage, and deploy applications. 5 | - on a massive global network 6 | - freedom to choose tools and frameworks 7 | - More than 90% of Fortune 500 companies run on the Microsoft Cloud [[source](https://docs.microsoft.com/en-us/learn/modules/welcome-to-azure/1-introduction)] 8 | 9 | ## Azure services 10 | 11 | - More than 100 services.. 12 | - **Compute services** such as VMs and containers that can run your applications 13 | - **Database services** that provide both relational and NoSQL choices 14 | - **Identity services** that help you authenticate and protect your users 15 | - **Networking services** that connect your datacenter to the cloud, provide high availability or host your DNS domain 16 | - **Storage solutions** that can accommodate massive amounts of both structured and unstructured data 17 | - **AI and machine-learning** services can analyze data, text, images, comprehend speech, and make predictions using data 18 | - See also [list of Azure services](./3.%20Azure%20Services.md) 19 | 20 | ## How Azure works 21 | 22 | - It uses virtualization 23 | - Uses an abstraction layer called **hypervisor**. 24 | - Separates tight coupling between hardware (CPU, RAM, GPU..) and its operating system 25 | - Emulates a real computer in a **virtual machine** 26 | - Can run multiple virtual machines in same time 27 | - Optimizes capacity of abstracted hardware 28 | - Can run any OS such as Windows, Linux & macOS 29 | - Azure repeats virtualization in massive scale 30 | - Each data center has many racks filled with servers 31 | - Each server includes a hypervisor to run multiple virtual machines. 32 | - A network switch provides connectivity to all those servers 33 | - One server in each rack runs a special software called **fabric controller** 34 | - Each fabric controller is connected to another software called as **orchestrator** 35 | - Orchastrator manages everything in Azure, including responding user requests 36 | - Users requests using **Azure API** 37 | - Azure API can be reached in many ways including Azure Portal 38 | - Orchestrator packages everything it's needed and sends to package & request to fabric controller. 39 | -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/7.2.1. Azure Pipelines - Container Agents.md: -------------------------------------------------------------------------------- 1 | # Container agents 2 | 3 | - The agent will first fetch and start the container. 4 | - Then, each step of the job will run inside the container 5 | - or you can set agent on task level 6 | 7 | ## Linux agents 8 | 9 | - E.g.: 10 | 11 | ```yaml 12 | pool: 13 | vmImage: 'ubuntu-16.04' 14 | container: ubuntu:16.04 15 | steps: 16 | - script: printenv 17 | ``` 18 | 19 | - On your agent host, ensure: 20 | - Docker is installed 21 | - Agent has permission to access the Docker daemon 22 | - Container requirements: 23 | - Bash 24 | - `glibc`-based 25 | - Can run Node.js (which the agent provides) 26 | - Does not define an `ENTRYPOINT` 27 | - `USER` has access to `groupadd` and other privileges commands without `sudo` 28 | 29 | ## Windows agents 30 | 31 | - E.g. 32 | 33 | ```yaml 34 | pool: 35 | vmImage: 'windows-2019' 36 | container: mcr.microsoft.com/windows/servercore:ltsc2019 37 | steps: 38 | - script: set 39 | ``` 40 | 41 | ## Service containers 42 | 43 | - Spin up multiple containers 44 | - Automatically create, network, and manage the lifecycle 45 | - Read more: [Microsoft documentation](https://docs.microsoft.com/en-us/azure/devops/pipelines/process/service-containers) 46 | 47 | ### Service container example 48 | 49 | ```yaml 50 | resources: 51 | containers: 52 | - container: my_container 53 | image: ubuntu:16.04 54 | - container: nginx 55 | image: nginx 56 | - container: redis 57 | image: redis 58 | 59 | pool: 60 | vmImage: 'ubuntu-16.04' 61 | 62 | container: my_container 63 | 64 | services: 65 | nginx: nginx 66 | redis: redis 67 | 68 | steps: 69 | - script: | 70 | apt install -y curl 71 | curl nginx 72 | apt install redis-tools 73 | redis-cli -h redis ping 74 | ``` 75 | 76 | - Fetches the latest `nginx` and `redis` containers from Docker Hub and then starts the containers 77 | - The containers are networked together so that they can reach each other by their `services` name. 78 | - Pipeline then runs the `apt`, `curl` and `redis-cli` commands inside the `ubuntu:16.04` container. 79 | - From inside this job container, the `nginx` and `redis` host names resolve to the correct services using Docker networking 80 | - All containers on the network automatically expose all ports to each other 81 | -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/3.2.1. Databases.md: -------------------------------------------------------------------------------- 1 | # Databases 2 | 3 | - Multiple database services to store a wide variety of data types and volumes. 4 | - Have global connectivity and instant data availability 5 | 6 | ## Azure Cosmos DB 7 | 8 | - 📝 Globally distributed (= multiple regions) database service 9 | - Supports schema-less data, stores JSON 10 | - 💡 Good for **Always On** applications to support constantly changing data. 11 | - Helps with failover during regional disaster 12 | - [Transparent multi-master replication](https://docs.microsoft.com/en-us/azure/cosmos-db/global-dist-under-the-hood), [99.999% high availability](https://docs.microsoft.com/en-us/azure/cosmos-db/high-availability) for both reads and writes 13 | - 💡 Good for data used by & maintained by users around the globe. 14 | 15 | ## Azure Cache for Redis 16 | 17 | - Caches frequently used and static data to reduce data and application latency 18 | 19 | ## Azure SQL Database Options 20 | 21 | - **Azure Database for MySQL**: Fully managed and scalable MySQL 22 | - **Azure Database for PostgreSQL**: Fully managed and scalable PostgreSQL 23 | - **Azure Database for MariaDB**: Fully managed and scalable MariaDB 24 | - **SQL server on VMs**: Host SQL servers in own VPNs 25 | 26 | ### Azure SQL Database 27 | 28 | - Relational database as a service (DaaS) 29 | - Based on the latest stable version of the Microsoft SQL Server database engine. 30 | - High-performance, reliable, fully managed and secure database 31 | 32 | #### Azure Database Migration Service 33 | 34 | - Allows to migrate existing SQL Server to Azure 35 | - Performs all of the required steps. 36 | - Minimal downtime 37 | - Uses the **Microsoft Data Migration Assistant** 38 | - Generate assessment reports that provide recommendations 39 | 40 | ### Azure Synapse Analytics 41 | 42 | - Formerly **SQL Data Warehouse** 43 | - 📝 A cloud data warehouse for the enterprise 44 | - Characterized by high resiliency through automatic scaling. 45 | - Massive parallel processing (MPP) to run complex queries quickly across petabytes of data 46 | 47 | ### Azure HDInsight 48 | 49 | - 📝 A big data and advanced analytics service providing open-source analytics, processing and integrations with big data frameworks, including: 50 | - Apache Hadoop 51 | - Apache Spark 52 | - Apache HBase 53 | - Apache Kafka 54 | - Useful for big data tasks such as ETL \(Extract, Transform, Load\), data warehousing, machine learning, and IoT. 55 | -------------------------------------------------------------------------------- /AZ-303 Microsoft Azure Architect Technologies/6.2. Hybrid Networking.md: -------------------------------------------------------------------------------- 1 | # Hybrid Networking 2 | 3 | ## Site-to-site connectivity (Site-to-site VPN) 4 | 5 | - Between your on-premises site <=> VNet in Azure via IPsec tunnel. 6 | - Resources on local network can communicate with resources on Azure VNet 7 | - No need for separate connection for each client computer in local network. 8 | - Requires VPN device. 9 | - E.g.: 10 | - IT Pros and Developer in-office have their own gateway and connect to Azure. 11 | - Q&A offshore team has its own gateway and connect to Azure 12 | 13 | ## Point-to-site connectivity (Point-to-site VPN) 14 | 15 | - Configured on each client computer that you want to connect to the VNet in Azure. 16 | - No need for VPN device 17 | - Instead you use VPN client you install on each client computer. 18 | - Requires manually starting connection from client, can have auto reset. 19 | 20 | ## Combining site-to-site and point-to-site connectivity 21 | 22 | - Q&A offshore team connects via VPN gateway (site-to-site VPN) 23 | - Developers & IT Pros at office connects via VPN gateway (site-to-site VPN) 24 | - Developers working from home connect via direct VPN (point-to-site VPN) 25 | 26 | ## Combining ExpressRoute and site-to-site connectivity 27 | 28 | - Reasons 29 | - Multiple branch offices, it's costly to purchase peering for every location. 30 | - Multiple networks within the enterprise 31 | - Connect one to Azure using Express route for higher-risk traffic. 32 | - For lower-risk traffic, use site-to-site VPN 33 | - Use site-to-site VPN as a failover link if ExpressRoute connection fails. 34 | 35 | ## Virtual network to virtual network connectivity (VNET to VNET) 36 | 37 | - Utilizes Azure VPN gateways to connect VNets in Azure over IPSec/IKE tunnels. 38 | - E.g.: you have following topology (topology=nodes connect to other network via links) 39 | - IT-pros/developers in office has VPN-to-VPN to _Azure East Asia_ 40 | - Offshore QA team has VPN-to-VPN to _Azure West US_ 41 | - You set VNet-to-VNet between _Azure East Asia_ and _Azure West US_ 42 | - Then both team can access _Azure East Asia_ and _Azure West US_ 43 | 44 | ## Connecting across cloud providers 45 | 46 | - For failover, backup or migration between providers. 47 | - Amazon Web Services (AWS) => 48 | - Create EC2 VM with Openswan (VPN software) 49 | - Create gateway on the Azure VNet side using static routing. 50 | - Use gateway IP from Azure to configure Openswan for tunnel connection 51 | -------------------------------------------------------------------------------- /AZ-303 Microsoft Azure Architect Technologies/2.6.1. Azure Migrate Service.md: -------------------------------------------------------------------------------- 1 | # Azure Migrate Service 2 | 3 | - Free tool for primarily IaaS-based assessments. 4 | - Good for lift-and-shift migrations. 5 | - Supports VMware-virtualized Windows and Linux VMs. 6 | - Non-intrusive discovery of on-premises VMs & workloads 7 | - Examines & assets: 8 | - ***Azure readiness*** 9 | - Suitability of on-premises machines 10 | - Asserts • ready for azure, • ready with conditions, • not ready for Azure, • Azure readiness unknown (when readiness cannot be identified due to data unavailability) 11 | - ***Sizing suggestions*** 12 | - For VMs & disks based on history 13 | - Two settings: 14 | - As on-premises 15 | - Performance based 16 | - Based on utilization history 17 | - *Storage*: default is Premium disks 18 | - *Network*: performance required by network adapters 19 | - *Compute*: CPU & memory requirements 20 | - ***Cost estimation*** 21 | - The estimated cost for running the machines & storages in Azure 22 | - ***High confidence migration*** 23 | - Migration risks and recommended tools: recommends e.g. **Azure Site Recovery** 24 | - Visualize dependencies of on-premises machines through **dependency maps** 25 | - Create groups that you will asses and migrate together 26 | - Assessment content 27 | - Target location, Storage type, Reserved Instances, Sizing criterion, Performance history, Comfort factor, VM series, Currency, Discount (%), VM uptime, Azure offer, Azure Hybrid Benefit 28 | - **Comfort factor**: Buffer that's applied on top of machine utilization data for VMs. 29 | - ❗ Assesses only VMWare (>5.5) environments, for Hyper-V machines use *Azure Site Recovery Deployment Planner*. 30 | 31 | ## Flow 32 | 33 | 1. Create migration project 34 | - In Azure, create an Azure Migrate project. 35 | 2. Install **Collector** 36 | - You download .OVA & import in VMware vCenter as VM 37 | - Read-only VM to log 38 | 3. Configure **Collector** 39 | - You connect to console of VM or web to initiate the discovery 40 | - Copy & paste your project id and key from Azure. 41 | - It reads: config data, virtual processors, memory size, disk, network configuration, performance history (CPU utilization, memory, disk IOPS & throughput, network output to choose right size for VMs) 42 | 4. Select VMs or groups (can customize groups) & create assessment. 43 | - Customize machines in report to recalculate costs. 44 | 5. You can optionally install **Dependency Agent** to see dependency maps 45 | -------------------------------------------------------------------------------- /AZ-304 Microsoft Azure Architect Design/2.2. SaaS services in Azure - Bots (Bot Services, QnA Maker).md: -------------------------------------------------------------------------------- 1 | # Bots 2 | 3 | ## Bot services 4 | 5 | - PaaS 6 | - Provides an integrated environment that is purpose-built for bot development, enabling you to build, connect, test, deploy, and manage intelligent bots from one place. 7 | - You can write a bot, connect, test, deploy, and manage it from your web browser with no separate editor or source control required. 8 | - For simple bots, you may not need to write code at all. 9 | - The code glues in an HTTP REST endpoint the following: 10 | - Platform: Platform Services 11 | - AI: Intelligent Tools 12 | - SDK: Bot Framework SDK 13 | 14 | ### Bot services key concepts 15 | 16 | - **Multiple language support** 17 | - Leverages **Bot Framework SDK** with support for .NET and Node.js. 18 | - **Bot templates** 19 | - E.g.: 20 | - Forms bot for collecting user input 21 | - a Language understanding bot that leverages LUIS to understand user intent 22 | - a QnA bot to handle FAQs 23 | - a Proactive bot that alerts users of events. 24 | - **Bring your own dependencies**: Support NuGet and NPM. 25 | - **Flexible development options** 26 | - Publish from Visual Studio 27 | - Code bot right in the Azure portal 28 | - Set up continuous integration and deploy the bot through GitHub, Visual Studio Team Services, and other supported development tools. 29 | - **Connect to channels** 30 | - Bot Service supports popular channels for connecting your bots and the people that use them. 31 | - E.g. Skype, Facebook, Teams, Slack, SMS, and others. 32 | - **Tools and services** 33 | - **Bot Framework Emulator**: Allows to test bots. 34 | - **Channel Inspector**: Allows to preview bots on different channels with the . 35 | - **Open source** 36 | - The Bot Builder SDK is open-source and available on [GitHub](https://github.com/microsoft/botbuilder-dotnet). 37 | 38 | ## QnA Maker 39 | 40 | - Trains AI to respond to user's questions in a more natural, conversational way. 41 | - Provides a GUI that allows non-developers to train, manage, and use the service for a wide range of solutions. 42 | - Extracts a knowledge base from two types of input: FAQ pages (web pages or documents) and product manuals (PDF). 43 | - Once extracted, the QnA Maker service creates a **knowledge base** and bot using the knowledge bas 44 | - Handles indexing and ranking 45 | - It can be consumed through REST API 46 | - Over time, the knowledge base can be updated, retrained, and republished to meet the morphing needs to a user-facing web application. 47 | -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/2.1. Migrations.md: -------------------------------------------------------------------------------- 1 | # Azure DevOps Migrations 2 | 3 | ## Migrating code 4 | 5 | - TFVC to Git 6 | - Using web portal by clicking import repository (180 days history & less complex) 7 | - Using `git-tfs` command line tool (more than 180 and complex) 8 | - `git tfs clone https://tfs:8080/tfs/DefaultCollection $/Project1` 9 | - Git to Git 10 | - Using web portal by clicking import repository 11 | - Using git mirror 12 | 13 | ## Migrating from on-prem TFS/Azure DevOps to Azure DevOps Services 14 | 15 | - You can migrate easily to Azure DevOps services from on-prem TFS / Azure DevOps Server 16 | - Using the ***data migration tool*** (formerly ***Database Import Service for Visual Studio Team Services***). 17 | - 💡 Team Foundation Server (TFS) became Azure DevOps Server with the 2019 release of the on-premises product 18 | - Summary of [Azure DevOps Server to Azure DevOps Services Migration Guide and tool](https://azure.microsoft.com/en-us/services/devops/migrate/?cdn=disable). 19 | - **Prerequisites** 20 | - Ensure your team has active Azure Active Directory 21 | - You can implement Azure Active Directory to synchronize with your on-premises Active Directory environment. 22 | - Use ***Azure AD Connect*** 23 | - Good to enable ***MFA*** for access from unknown places using ***Conditional Access*** 24 | - **Steps** 25 | 1. Upgrade TFS 26 | 1. Upgrade your Azure DevOps Server or Team Foundation Server 27 | - It's to get DB scheme as close to the current in Azure DevOps Service 28 | 2. Run "Configuration Features" to enable new features 29 | 2. Validate Your TFS Server 30 | 1. Run validations with migration tool 31 | 2. Review logs and fix errors 32 | 3. Repeat validation checks 33 | 3. Get Ready for Import 34 | 1. Assign, activate, and map Azure DevOps Services subscriptions 35 | 2. Generate import settings using `Migrator prepare` command 36 | 3. Provide the configurable settings 37 | 4. Review the Identity Map log file 38 | 5. Create an Azure Storage Container in the same datacenter as the final Azure DevOps Services organization. 39 | 4. Import 40 | 1. Dry run of end-to-end import 41 | 2. Detach the team project collection 42 | 3. Create portable backup 43 | 4. Upload SQL database backup 44 | 5. Generate SAS key 45 | 6. Delete previous dry run organizations 46 | 7. Rename imported organization 47 | 8. Set up billing 48 | 9. Reconnect to new organization 49 | -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/4.1. Continuous Testing - Choosing Test and Work Management Tools.md: -------------------------------------------------------------------------------- 1 | # Test and Work Management Tools 2 | 3 | - Decide tools that works best for **you** 4 | - Ask questions: 5 | - What sort of testing do you perform? 6 | - E.g. unit testing, system testing, volume testing, system testing 7 | - See [test tools](#test-tools) and [test coverage tools](#test-coverage-tools) 8 | - Do you perform static code analysis? 9 | - Do developers use tools where errors are highlighted? 10 | - Do you perform dynamic code analysis? 11 | - Tests on runtime 12 | - Do you posses any test frameworks? 13 | - Do you test your code against security vulnerabilities? 14 | - Most common by OWASP (Open Web Application Security Project) 15 | - See [security tools](8.%20DevSecOps.md#security-tools) 16 | - What languages do your company use? E.g. .NET, java, python 17 | - Tools will change based on the support for the underlying programming language 18 | - Do you use any performance testing tools? 19 | - See [test tools](#test-tools) 20 | - Do you use any work management tools? 21 | - E.g. change management, configuration management and release management 22 | 23 | ## Test Tools 24 | 25 | - Load Testing 26 | - [Load Runner](https://www.microfocus.com/en-us/products/loadrunner-professional/overview) 27 | - [Apache JMeter](https://jmeter.apache.org/) 28 | - UI Testing 29 | - [Selenium](https://www.selenium.dev/) for web applications 30 | - [Xamarin.UITest](https://docs.microsoft.com/en-us/appcenter/test-cloud/uitest/) for running NUnit on android & IOS applications 31 | - Unit testing 32 | - [NUnit](https://nunit.org/) for .NET 33 | - Static code analysis 34 | - [Microsoft.CodeAnalysis (Rosyln APIs)](https://docs.microsoft.com/en-us/dotnet/csharp/roslyn-sdk/get-started/syntax-analysis) 35 | - PMD, CheckStyle, FindBugs | [see Continuous Feedback - Static Code Analysis](./5.%20Continuous%20Feedback.md#static-code-analysis) 36 | 37 | ## Test Coverage tools 38 | 39 | | Name | Language | Format supported by Azure Pipelines | 40 | | ---- | -------- |:-----------------------------------:| 41 | | [Cobertura](https://cobertura.github.io/cobertura/) | Java | ✔️ | 42 | | [JaCoCo](https://www.eclemma.org/jacoco/) | Java | ✔️ | 43 | | [BullseyeCoverage](https://www.bullseye.com/) | C++ | ❌ | 44 | | [MSTests](https://stackoverflow.com/questions/415562/mstest-code-coverage) | .NET | ❌ | 45 | | [NCover](https://www.ncover.com/) | .NET | ❌ | 46 | | [Coverlet](https://github.com/tonerdo/coverlet) | .NET | ❌ | 47 | | [Coverage.py](https://coverage.readthedocs.io/en/v4.5.x/cmd.html) | Python | ❌ | 48 | -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/1. Introduction.md: -------------------------------------------------------------------------------- 1 | # Introduction 2 | 3 | ## DevOps 4 | 5 | ### What 6 | 7 | - Misconceptions 8 | - It fits every organization 9 | - It can be applied to any application lifecycle process 10 | - Leads to failure when it comes to implementing DevOps 11 | - As per Wikipedia: 12 | - > Set of software development practices 13 | - So it's not a software or application 14 | - It's not set of tools, even though tools are important 15 | - It's a practice where an organization needs to be mature enough to develop & follow the practice 16 | - > Combines software development (Dev), information technology operations (Ops) 17 | - 💡 Do not separate them but combine them! 18 | - **Maturity**: Departments must be mature enough to work together. 19 | - Most common blocker. 20 | - > Shortens development lifecycle, while delivering features, fixes, updates frequently in close alignment with business objectives. 21 | 22 | ### Why 23 | 24 | - **Automation**: that all organizations go towards 25 | - Changes onto applications 26 | - Delivery of releases 27 | - Creation of the infrastructure 28 | - **Agility**: How fast you deliver your changes to customer 29 | - **Customer satisfaction**: Based on how fast you deliver 30 | - **Quality** through more automation 31 | - **Delivery** with more value 32 | 33 | ## Other resources 34 | 35 | ### Whitepapers 36 | 37 | - [Container security in Microsoft Azure](https://azure.microsoft.com/en-us/resources/container-security-in-microsoft-azure/en-us/) 38 | 39 | ### Free 40 | 41 | - [DevOps engineer - Microsoft Learn](https://docs.microsoft.com/en-us/learn/browse/?products=azure&resource_type=learning%20path&roles=devops-engineer) 42 | - [DevOps labs - Azure DevOps Labs](https://azuredevopslabs.com/) 43 | - Many refers to OpenEdx however it's not free anymore. 44 | - Use [21cskills.africa](https://learn.21cskills.africa/dashboard) instead. 45 | - [(Video) Ignite | Exam Prep](https://www.youtube.com/watch?v=7YBmBxE7ZMA) 46 | - [Pluralsight Azure Devops Learning Track](https://www.pluralsight.com/role-iq/microsoft-azure-devops-engineer) 47 | - [(Video) Microsoft Certification Exam Revision](https://www.youtube.com/watch?v=t6Xprv93844) 48 | - [Azure DevOps AZ-400 Exam – Study Notes - Gregor Suttie](https://gregorsuttie.com/2018/10/27/azure-devops-az-400-exam-study-notes/) 49 | - [Preperation slides](https://stanislas.io/2019/07/26/preparation-guide-for-microsoft-az-400-microsoft-azure-devops-solutions-certification/) 50 | 51 | ### Paid 52 | 53 | - [Whizlabs](https://www.whizlabs.com/learn/course/microsoft-azure-az-400/) 💡 Check for a coupon, there are often discounts 54 | -------------------------------------------------------------------------------- /AZ-304 Microsoft Azure Architect Design/2.4. SaaS services in Azure - Media Processing.md: -------------------------------------------------------------------------------- 1 | # Media Processing 2 | 3 | ## Media Services 4 | 5 | - Extensible platform that enables developers to build scalable media management and delivery applications. 6 | - It is based on REST APIs that enable you to securely upload, store, encode, and package video or audio content for both on-demand and live streaming delivery to various clients (for example, TV, PC, and mobile devices). 7 | - Should be used with Content Delivery Network (CDN) 8 | - Supports: 9 | - Secure Media, Encoding, On-Demand origin, Live ingest, Live Origin, Advertising, Media Job Scheduling, Static/Dynamic Packaging, Content Protection, Live Encoding, Analytics, Identity Management. 10 | - Also partner technologies: Media processors, origin servers, live encoders etc. 11 | - Packaging 12 | - **Static packaging** (traditional) 13 | - Have different assets (files) for different protocols. 14 | - Eg. HLS for HLS protocol (apple, mac) 15 | - Eg. Smooth for Smooth Protocol (XBOX, Windows) 16 | - Eg. MP4 for HTTPS 17 | - **Dynamic packaging** 18 | - MP4 asset can be automatically adopted to those protocals. 19 | 20 | ## Computer Vision API 21 | 22 | - API for advanced algorithms for processing images and returning information. 23 | - Use cases/fatures: 24 | - ***Tag images based on content***. 25 | - Based on more than 2000 recognizable objects, living beings, scenery, and actions 26 | - ***Generate descriptions of the content*** 27 | - A collection of content tags forms the foundation for an image 'description' displayed as human readable language formatted in complete sentences. 28 | - Various descriptions are evaluated and a confidence score is generated. 29 | - ***Color schemes*** 30 | - The colors are analyzed in three different contexts: foreground, background, and whole. They are grouped into twelve 12 dominant accent colors. Those accent colors are black, blue, brown, gray, green, orange, pink, purple, red, teal, white, and yellow. Depending on the colors in an image, simple black and white or accent colors may be returned in hexadecimal color codes. 31 | - ***Optical Character Recognition (OCR)*** 32 | - Identify printed text found in images 33 | - You can use the result for search and numerous other purposes like medical records, security, and banking 34 | - Other features include: 35 | - Categorize images 36 | - Identify the type and quality of images 37 | - Detect human faces and return their coordinates 38 | - Recognize domain-specific content 39 | - Flag adult content 40 | - Crop photos to be used as thumbnails 41 | - Recognize handwritten text 42 | - Distinguish color schemes 43 | -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/9.2. Pull request strategies.md: -------------------------------------------------------------------------------- 1 | # Pull request strategies 2 | 3 | - In Azure repo's you can have **limit merge types** branch policy 4 | - Standardizes a strategy for the whole team 5 | 6 | ## Merge (no fast-forward) 7 | 8 | - Standard strategy in Azure repos & most other Git providers 9 | - It emulates running `git merge pr` from the master branch 10 | - All the individual commits in the pull request branch are preserved as-is, 11 | - and a new merge commit is created to unite the master branch and the pull request branch. 12 | - ![git merge (no fast-forward) illustration](./img/pull-request-strategies/merge-no-fast-forward.gif) 13 | - Trade-off: 14 | - Pros 15 | - It gives the most insight into how a branch evolves 16 | - Illustrates exactly how a developer (or developers) worked on a pull request 17 | - Cons: since it preserves every commit is may be very verbose. 18 | 19 | ## Squash commit 20 | 21 | - Creates a single new commit 22 | - leads to a just a simple, straight, linear history 23 | - Emulates running `git merge pr --squash` from the master branch. 24 | - The resulting commit is not a merge commit; those individual commits that made up the pull request are discarded. 25 | - ![git squash-commit illustration](./img/pull-request-strategies/squash-commit.gif) 26 | - 💡 As individual commits are lost, it's best for teams that use "fix up" commits or do not carefully craft individual commits for review before pushing them. 27 | 28 | ## Rebase 29 | 30 | - Takes each individual commit in the pull request and cherry-pick them onto the master branch. 31 | - Emulates running 32 | 1. `git rebase` master on the pull request branch 33 | 2. `git merge pr --ff-only` on the master branch. 34 | - ![git rebase illustration](./img/pull-request-strategies/rebase.gif) 35 | - History is straight and linear, like it is with the "squash" option but each individual commit is retained 36 | - 💡 Useful for teams that practice careful commit hygiene, where each individual commit stands on its own. 37 | 38 | ## Semi-linear merge 39 | 40 | - Also known as "rebase and merge" 41 | - The commits in the pull request are rebased on top of the master branch 42 | - Then rebased pull requests are merged into master branch 43 | - Emulates running 44 | 1. `git rebase master` on the pull request branch 45 | 2. `git merge pr --no-ff` on the master branch 46 | - ![git semi-linear merge](./img/pull-request-strategies/semi-linear-merge.gif) 47 | - 💡 Some see it as best of both worlds 48 | - individual commits are retained, so that you can see how the work evolved 49 | - but instead of just being rebased, a "merge bubble" is shown so that you can immediately see the work in each individual pull request. 50 | -------------------------------------------------------------------------------- /AZ-104 Microsoft Azure Administrator/2.1. Governance - Roles.md: -------------------------------------------------------------------------------- 1 | # Roles 2 | 3 | ## Role assignments 4 | 5 | - Delegated resource administration 6 | - Roles organize related resource permissions together 7 | - Depends on resource type 8 | - E.g. different for VM and storage. 9 | - **Scope** 10 | - Roles are applied to a scope. 11 | - They're inherited in following order: 12 | - Management groups 13 | - Subscription 14 | - Resource groups 15 | - Individual resources 16 | - Role can be assigned to: 17 | - Users 18 | - Groups 19 | - Service principal 20 | - Application 21 | - System Assigned Managed Identity: App Service, Function App, Virtual Machine, Virtual Machine Scale Set 22 | - User Assigned Managed Identity 23 | 24 | ## Role types 25 | 26 | ### Built-in roles 27 | 28 | - 60+ 29 | - Common roles: 30 | - **Owner**: Manage resources and resource access 31 | - **Contributor**: Manage resources but not resource access. 32 | - **Reader**: Read-only access 33 | - **Storage Blob Data Reader**: Specific to storage accounts 34 | - **SQL DB Contributor**: Manage, but not access, SQL databases 35 | - **VM Contributor**: Manage, but not access, virtual machines. 36 | 37 | ### Custom roles 38 | 39 | - ❗ Built using only PowerShell / CLI or REST API. 40 | - `New-AzureRmRoleDefinitation -Role $customRole` 41 | - Shows in same drop-down lists with built-in roles 42 | - JSON file looks like this: 43 | 44 | ```json 45 | { 46 | "Name": "Network Resource Viewer", 47 | "IsCustom": true, 48 | "Description": "Allows reading Azure network resources.", 49 | "Actions": [ "Microsoft.Network/*/read" ], 50 | "NotActions": [ ], 51 | "AssignableScopes": [ "/subscriptions/048.." ] 52 | } 53 | ``` 54 | 55 | ## Classic Administrator Roles 56 | 57 | - The account that is used to sign up for Azure is automatically set as both the *Account Administrator* and *Service Administrator*. 58 | - Roles are properties that can be changed in Subcription blade 59 | - 💡 Azure recommends using RBAC roles 60 | - **Account Administrator** (1 per Azure account) 61 | - Conceptually, the billing owner of the subscription. 62 | - The Account Administrator has no access to the Azure portal. 63 | - **Service Administrator** (1 per Azure subscription) 64 | - By default, for a new subscription, the Account Administrator is also the Service Administrator. 65 | - The Service Administrator has the equivalent access of a user who is assigned the Owner role at the subscription scope. 66 | - The Service Administrator has full access to the Azure portal. 67 | - **Co-Administrator** (200 per subscription) 68 | - The Co-Administrator has the equivalent access of a user who is assigned the Owner role at the subscription scope. 69 | -------------------------------------------------------------------------------- /AZ-304 Microsoft Azure Architect Design/4.1.1. Role-Based Access Control (RBAC).md: -------------------------------------------------------------------------------- 1 | # Role-Based Access Control (RBAC) 2 | 3 | - You can assign roles to existing Azure AD identities that grants them pre-determined levels of access to an Azure subscription, resource group or individual resource. 4 | - Some built-in roles: 5 | - **Owner** : Owner can manage everything, including access. 6 | - **Contributor** : Contributors can manage everything except access. 7 | - **Reader** : Readers can view everything, but can't make changes. 8 | - **User Access Administrator** : Allows you to manage user access to Azure resources. 9 | - **Virtual Machine Contributor** : Allows you to manage virtual machines, but not access to them, and not the virtual network or storage account they are connected to. 10 | 11 | ## Role Assignment 12 | 13 | - Associates a **[security principal]**(#security-principals) to a **role** in a [**given scope**](#resource-scopes). 14 | 15 | ### Security principals 16 | 17 | - **Users** 18 | - Users in AD of the subscription. 19 | - Can be assigned to external Microsoft accounts in same directory. 20 | - **Groups** 21 | - AD security groups. 22 | - Best practice. 23 | - **Service principals** 24 | - Service identities. 25 | - Authenticates with Azure AD to communicate with each other. 26 | - Can be granted access to other resources by assigning roles. 27 | 28 | ### Resource Scopes 29 | 30 | - Subscriptions, resource group, individual resources. 31 | - Resource inherits assignments from its parent resources. 32 | - Access inheritance: Subscription => Resource Groups => Resources 33 | - **Scoping to Resource Groups** 34 | - Add/remove and modify resources quickly without having to recreate assignments and scopes 35 | - Owner or contributor access => Does not require additional administrator assistance or having access to resources in other resource groups. 36 | 37 | ## Custom roles 38 | 39 | - Use REST API. 40 | - ❗ Azure AD tenant is limited to 2000 custom roles. 41 | - Steps: 42 | 1. Create a role definition with assignable scopes. 43 | 2. Assign the role definition to a scope. 44 | 45 | ### Creating a new role definition 46 | 47 | - 📝 To create a new custom role you run the `New-AzureRmRoleDefinition` cmdlet 48 | - You can pass a JSON template to the cmdLet or use `PSRoleDefinitionObject`. 49 | - E.g. json: 50 | 51 | ```json 52 | { 53 | "Name": "New Role 1", 54 | "Id": null, 55 | "IsCustom": true, 56 | "Description": "Allows for read access to Azure storage and compute resources", 57 | "Actions": [ 58 | "Microsoft.Compute/\*/read", 59 | "Microsoft.Storage/\*/read", 60 | 61 | ], 62 | "NotActions": [ 63 | ], 64 | "AssignableScopes": [ 65 | "/subscriptions/c489345-9cd4-44c9-99a7-4gh6575315336g" 66 | ] 67 | } 68 | ``` 69 | -------------------------------------------------------------------------------- /AZ-303 Microsoft Azure Architect Technologies/3.1.2. Identities - Active Directory Domain Services (ADDS).md: -------------------------------------------------------------------------------- 1 | # Active Directory Domain Services (ADDS) 2 | 3 | - Other name: Windows Server Active Directory 4 | - On prem solution. 5 | - Different architecture than Azure Active Directory. 6 | - Logical divisions: 7 | - **Objects**: users, printers etc. 8 | - **Domain** 9 | - Groups objects 10 | - Each domain holds a database containing object identity information. 11 | - Domains are identified by their DNS name structure, the namespace. 12 | - **Tree** 13 | - A collection of one or more domains and domain trees in a contiguous namespace 14 | - Linked in a transitive trust hierarchy 15 | - **Forest** 16 | - At top of the structure 17 | - A collection of trees that share a common global catalog, directory schema, logical structure, and directory configuration. 18 | - The forest represents the security boundary within which users, computers, groups, and other objects are accessible. 19 | - **Domain controller (DC)** is a server computer that responds to security authentication requests (logging in, checking permissions, etc.) within a domain. 20 | - Multiple instances can be deployed. 21 | - You can deploy AD DS to Azure as VM but: 22 | - You manage the deployment, configuration, virtual machines, patching, and other backend tasks. 23 | 24 | ## Active Directory Federation Services (AD FS) 25 | 26 | - Included by Active Directory Domain Services (ADDS) 27 | - Authenticates via AD DS 28 | - Federated identity 29 | - When the user logs into a service, instead of providing credentials to the service provider, the service provider trusts the identity provider to validate the credentials 30 | - So the user never provides credentials directly to anybody but the identity provider. 31 | - Includes Active Directory Certificate Services (AD CS), Active Directory Lightweight Directory Services (AD LDS), and Active Directory Rights Management Services (AD RMS). 32 | 33 | ## Azure Active Directory vs ADDS 34 | 35 | | **Aspect** | **Azure AD** | **Azure AD Domain Services** | 36 | | --- | --- | --- | 37 | | Device controlled by | Azure AD | Azure AD Domain Services managed domain | 38 | | Representation in the directory | Device objects in the Azure AD directory. | Computer objects in the AAD-DS managed domain. | 39 | | Authentication | OAuth/OpenID Connect based protocols | Kerberos, NTLM protocols | 40 | | Management | Mobile Device Management (MDM) software like Intune | Group Policy | 41 | | Networking | Works over the internet | Requires machines to be on the same virtual network as the managed domain. | 42 | | Extending | Relies on federation to extend scope | Uses trusts between domains for delegated management | 43 | | 💡 Great for | End-user mobile or desktop devices | Server virtual machines deployed in Azure | 44 | -------------------------------------------------------------------------------- /AZ-304 Microsoft Azure Architect Design/4.4. App Services.md: -------------------------------------------------------------------------------- 1 | # App Services 2 | 3 | ## SKUs 4 | 5 | - **Basic Tier** 6 | - Scaling is manual 7 | - **Standard or upper service tiers** 8 | - Scaling is automatic 9 | - ❗ Standard tier allows to scale up to 10 instances. 10 | - 💡 If you still need more instances you can go to the **Isolated tier** where you can scale up to 100 instances 11 | - 💡 Use **Standard** or **Premium** tiers in order to support autoscale and SSL. 12 | 13 | ## Authorization types 14 | 15 | - **Allow all requests** 16 | - Use your own authentication and authorization code. 17 | - **Allow only authenticated requests** 18 | - User is challenged or returned 401 19 | - **Allow Anonymous requests** 20 | - Handles authentication & authorization 21 | - Defers authorization decisions to your application code 22 | 23 | ## App Types 24 | 25 | ### Web Apps 26 | 27 | - PaaS offering to host web applications. 28 | - Fully managed and easily configurable for e.g. such as AlwaysOn, custom domains, and autoscale. 29 | - Supports .NET, Java, PHP, Node.js, or Python 30 | - **Deploy**: Git, Kudu, Microsoft Visual Studio through FTP or Web Deploy protocol. 31 | - **Autoscale** 32 | - Creates multiple instances of the Web App 33 | - Automatically load balanced to meet potentially demands 34 | 35 | #### Web app containers 36 | 37 | - Linux variant can host docker containers directly using a Web App. 38 | - Docker containers can be sourced from Docker Hub, Azure Container Registry or GitHub. 39 | - Can be deployed manually, or deployed in a streamlined continuous integration process using Docker Hub or GitHub. 40 | 41 | ### API apps 42 | 43 | - Specialized version of Web Apps. 44 | - Support for developing, hosting and securing your custom APIs in the context of App. 45 | - It can run either 46 | - custom code or 47 | - pre-built software to connect to existing popular SaaS solutions through Logic App. 48 | - Integrates seamlessly with API Management. 49 | - Easy authentication using service-to-service or CORS. 50 | 51 | ### Mobile Apps 52 | 53 | - Mobile App endpoints are REST APIs. 54 | - Provides capabilities of: 55 | - **Single sign on** 56 | - From list of Azure AD. 57 | - **Offline sync** 58 | - Work offline when connectivity is not available, and synchronize with your enterprise backend systems when devices comes back online. 59 | - Data sources include including • SQL • Table Storage • Mongo • Document DB • any SaaS API including Microsoft 365 apps, Salesforce, Dynamics, or on-premises databases. 60 | - **Push notifications** 61 | - Allows you to hook Notification Hubs to any existing app backend. 62 | - **Auto scaling** 63 | - Client SDKs are available to connect mobile app to a Mobile App instance for its backend data. 64 | - Supported for: • Xamarin Android/IOS, • Android Native, • IOS Native, • Windows Store, • Windows Phone, • .NET, • HTML 65 | -------------------------------------------------------------------------------- /AZ-304 Microsoft Azure Architect Design/2.3. SaaS services in Azure - Azure Machine Learning.md: -------------------------------------------------------------------------------- 1 | # Azure Machine learning 2 | 3 | - Azure Machine learning is an end-to-end data science and analytics solution that's integrated into Azure. 4 | - Built on top of open source technologies: Jupyter Notebook, Conda, Python, Docker, Apache Spark, and Kubernetes (also from Microsoft, e.g. Cognitive Toolkit) 5 | - It allows users to develop experiments as well as deploy data and models via the cloud. 6 | - Its composed of 7 | - Azure Machine Learning **Workbench** 8 | - Desktop application that includes command-line tools. 9 | - It allows users to help manage learning solutions via data ingestion and preparation, model development, experiment management, 10 | - Azure Machine Learning **Experimentation Service** 11 | - Helps handling the implementation of machine learning experiments 12 | - Provides project management, roaming, sharing, and git integration to support the Workbench. 13 | - Allows implementation of services across a range of environment options such as Local native, Local Docker container, or Scale out Spark cluster in Azure. 14 | - Creates Virtual environments for scripts to provide an isolated space with reproducible results. 15 | - Documents run history information 16 | - Visually displays the information so you can select the best model from your experiments. 17 | - Azure Machine Learning **Model Management Service** 18 | - Provides users the ability to deploy predictive models into a range of environments. 19 | - Information on models, such as the version and lineage, is notated from training runs throughout the deployment. 20 | - The models themselves are registered, managed, and stored in the cloud. 21 | - **MMLSpark (Microsoft Machine Learning Library for Apache Spark)** 22 | - Open-source Spark Package providing data science and Deep Learning tools for Apache Spark. 23 | - MMLSpark allows users to create robust, analytical, and highly scalable predictive models for large image and text datasets. 24 | - **Visual Studio Code Tools for AI** 25 | - Extension used with Visual Studio code that allows you to test, build, and deploy AI and Deep Learning solutions. 26 | - It contains various integration points from Azure Machine learning. 27 | - E.g. visualization of run history that displays the performance of training runs, select targets for your scripts to execute. 28 | - Fully support various open source technologies, such as scikit-learn, TensorFlow, and more. 29 | - Traditional BI flow: *(value & amount of information increases in each step)* 30 | - **Descriptive analytics**: What happened? 31 | - Leads to hindsight 32 | - **Diagnostic analytics**: Why did it happen? 33 | - Leads to insight 34 | - **Predictive analytics**: What will happen? 35 | - Leads to optimization & foresight 36 | - **Prescriptive analytics**: How can we make it happen? 37 | -------------------------------------------------------------------------------- /AZ-104 Microsoft Azure Administrator/1.3. Management - Resource Groups.md: -------------------------------------------------------------------------------- 1 | # Resource groups 2 | 3 | - Logical grouping of resources that shares the same lifecycles. 4 | - Resource group holds different unique resources. 5 | - Resource groups can contain resources that reside in different regions. 6 | - Location of resource group is just the meta data for the resource group. 7 | 8 | ## Tags 9 | 10 | - Categorization / organization of resource groups for e.g. billing, management 11 | - E.g. `Dept: IT` 12 | - 💡 Tags are not inherited 13 | - ❗ Max 15 tag name/value pairs. 14 | 15 | ## Locks 16 | 17 | - For accidental deletion or accidental changes to resources within a resource group. 18 | - Consists of two locks: 19 | - `CanNotDelete` 20 | - Authorized users can still read and modify a resource, but they can't delete the resource. 21 | - `ReadOnly` 22 | - Authorized users can read a resource, but they can't delete or update the resource. 23 | - Same as giving everyone a ***Reader*** role. 24 | - Locks are inherited from resources within the resource group. 25 | 26 | ## IAM 27 | 28 | - Access control, RBAC 29 | - Roles are inherited 30 | - ***Role assignment***: Role definition role (role, e.g. Reader) + Person/Scope/Service Principal + Scope 31 | 32 | ## Policies 33 | 34 | - Azure entity that controls behaviors within a resource group 35 | - Allow you to keep compliant with corparate standards and SLAs. 36 | - Set in a ***scope*** with a ***name*** and ***definition***. 37 | - Scope: E.g. resource group, subscription. 38 | - Definition: E.g. *"Allow resource types"* 39 | - Name, description, Policy (e.g. `azurepolicy.rules.json`), Parameters (e.g. `azurepolicy.parameters.json`) 40 | 41 | ## Events 42 | 43 | - Create event subscriptions triggered by the resources group in Event Grid. 44 | 45 | ## Automation Script 46 | 47 | - Can be added to library to be redeployed later on. 48 | - ❗ All resources cannot be redeployed 49 | - 💡 Must change the name to avoid duplicates. 50 | - ARM templates for resource groups can also be found on [GitHub](https://github.com/Azure/azure-quickstart-templates). 51 | - You can *Add to library*, or click on *Deploy* to deploy directly. 52 | 53 | ## Moving Resources 54 | 55 | - You can move resources to another resource group or subscription. 56 | - ❗ All resources cannot be moved. 57 | - Ways of moving 58 | - Using CLI: `az resource move --destination-group new-rg --id resourceid` 59 | - In portal: Overview → Move 60 | 61 | ## Alerts 62 | 63 | 1. **Target**: What resource and where 64 | 2. **Criteria**: What specific action 65 | 3. **Details**: Who, when, where, how 66 | 4. **Action Group**: Who to inform and how to inform them 67 | 68 | ## Metrics 69 | 70 | 1. **Resource group**: Where to look at the metric 71 | 2. **Resource type**: The type of resource to look at 72 | 3. **Available metrics**: What specifics about the metrics 73 | 4. **Chart**: Graphic display of the metric 74 | -------------------------------------------------------------------------------- /AZ-304 Microsoft Azure Architect Design/5.2. VM Availability (SLA, Availability Sets, Availability Zones).md: -------------------------------------------------------------------------------- 1 | # VM Availability 2 | 3 | - Microsoft Azure provides a Service Level Agreement (SLA) 4 | - backed by a financial service credit payment for IaaS Virtual Machines. 5 | - Depends on the deployment of the virtual machine and what resources it uses. 6 | 7 | ## Availability Set 8 | 9 | - Ensures SLA can be provided. 10 | - One VM being available at least 99.95% of the time. 11 | - Ensures VMs you deploy within an Azure data center are isolated from each other. 12 | - Ensures that all virtual machines that are added to the set are placed in such a way as to ensure that neither hardware faults or Azure fabric updates that is unplanned and planned maintenance events can bring down all of the virtual machines. 13 | - Application availability can be impacted by: 14 | - Unplanned hardware maintenance event 15 | - An unexpected downtime 16 | - Planned maintenance events 17 | - 💡 To reduce or remove the impact of downtime: 18 | - Place virtual machines in an availability set for redundancy. 19 | - Use managed disks for all VMs placed in an availability set. 20 | - Use Scheduled Events to respond to events. 21 | - Place each tier of your application in a separate availability set. 22 | - Use a load balancer in combination with availability sets. 23 | - 💡 Avoid single instance VMs in an availability set. 24 | - They are subject to any SLA unless all the Operating System and Data disks are using Premium storage. 25 | 26 | ### Update and Fault Domains 27 | 28 | - Each machine in the Availability set is placed in an Update Domain and a Fault domain. 29 | - A **Fault Domain (FD)** is essentially a rack of servers. 30 | - It consumes subsystems like network, power, cooling etc. 31 | - **Update Domain (UD)** 32 | - Purposeful move to take down one (or more) of your servers. 33 | - It will walk through your update domains one after the other. 34 | - 📝 FDs come in sets of 2 and UDs come in sets of 5 (default) 35 | - So if you deploy more than 5 VMs in an availability set they'll end up in same UD and FD. 36 | 37 | ### Multiple availability sets 38 | 39 | - E.g. N-tier availability sets 40 | - An extension of the availability set model is used logically to place individual tiers of an application into separate Availability Sets. 41 | - E.g. put front-ends in one, and data tier in another availability set. 42 | 43 | ## Availability Zones 44 | 45 | - Advent of a data center-wide fault would prevent the Availability set from functioning. 46 | - Allows for a complete data center failure and keep your VM based application running. 47 | - Zone = separate zone or building within a single Azure region. 48 | - You can set the count of zones while creating VM. 49 | - There is a maximum of three Availability Zones per supported Azure region. 50 | - Each Zone operates on an entirely isolated power source, cooling system, and network infrastructure. 51 | -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/1.3.1. Compute & Serverless & Storage.md: -------------------------------------------------------------------------------- 1 | # Compute & Serverless & Storage 2 | 3 | - Cloud is like ***electricity*** 4 | - only pay for what you need 5 | - don't worry about how & when power plants upgrade to the latest technology. 6 | - you don't manage scaling, e.g. many people can move to town and light will stay on 7 | - **Cloud computing** 8 | - Solves management of hardware and software 9 | - = Renting resources, like storage space or CPU cycles, on another company's computers 10 | - **Flexible** and **cost-efficient**, 11 | - E.g. you only pay for what you use. 12 | - **Cloud Provider** 13 | - Provides cloud computing services 14 | - E.g. Microsoft, Amazon, Google 15 | - Typical services: 16 | - **Compute power**: such as Linux/Windows servers or web applications 17 | - **Storage**: such as files and databases and blobs 18 | - **Networking**: such as secure connections between the cloud provider and your company/datacenter 19 | - **Analytics**: such as visualizing telemetry and performance data 20 | 21 | ## Compute Power 22 | 23 | - Choose how you want work to be done based on your resources and needs. 24 | - **Virtual Machines (VM)** 25 | - Emulation of a computer, like your desktop / laptop 26 | - Includes operating system and hardware, you can install any software on it. 27 | - More control and responsibility over maintenance. 28 | - Cloud provider runs it for you in one of its datacenters 29 | - Often sharing that server with other VMs 30 | - **Containers** 31 | - Consistent, isolated execution environment for application 32 | - Similar to VM but they don't require guest operating system 33 | - They can run on different guest systems 34 | - Highly portable, can run on-premises or in the cloud with often no changes to application. 35 | - Takes few seconds/lesser time to start up as there's no OS to initialize 36 | - Application and its dependencies are packaged into a container 37 | - **Docker** 38 | - Open source 39 | - The leading platform for managing containers. 40 | 41 | ## Serverless computing 42 | 43 | - Lets you run application code without creating, configuring, or maintaining a server 44 | - Your application is broken into separate functions that runs when triggered by some action/event 45 | - Good for automation e.g. serverless process that automatically sends an email confirmation after a customer makes an online purchase. 46 | - pay for the processing time used by each function as it executes. 47 | - ❗On contrast, VMs and containers are running even if the applications on them are idle. 48 | 49 | ## Storage 50 | 51 | - Most devices and applications read and/or write data 52 | - E.g. when leaving a voicemail 53 | - Cloud providers offers different services 54 | - e.g. for storing a text you can use file on disk. 55 | - e.g. for relationships in address book, you can use a database 56 | - Advantage of a cloud-based data storage is you can scale to meet your needs. 57 | -------------------------------------------------------------------------------- /AZ-303 Microsoft Azure Architect Technologies/1. Azure basics.md: -------------------------------------------------------------------------------- 1 | # Azure basics 2 | 3 | ## Interacting with Azure 4 | 5 | - Azure is based on REST APIs 6 | - You can use Portal, PowerShell, Azure CLI that wrap REST APIs. 7 | - **Azure Cloud Shell**: Browser-accessible shell on portal that can run PowerShell, Azure CLI and even more like `git`/`bash`/`pip`/`maven` etc. 8 | - 💡 Azure CLI can often handle everything that other wrappers can and even more. 9 | 10 | ## Service-level agreement (SLA) 11 | 12 | - A guarantee that Azure gives to customers for different offerings. 13 | - Guarantees Monthly Uptime Percentage 14 | - `Monthly Uptime % = (Maximum Available Minutes – Downtime) / Maximum Available Minutes x 100` 15 | 16 | ## Regions 17 | 18 | - Azure has different regions 19 | - Each Azure Region has one or more (often 3) *availability zone*s. 20 | - Each availability zone is made up one or more *data-centers*. 21 | - Data centers have independent power, cooling and networking. 22 | - Each region includes a *pair* in its country (>500 kms away if it's possible) 23 | - Pairs enables *system update isolation* where regions are updated in queue[^fn1] 24 | - Azure region pair is highly prioritized during recovery 25 | - Services with geo-redundant storage uses paired region automatically. 26 | 27 | ## Resource Group 28 | 29 | - Logical group to manage *resource*s together 30 | - Groups values e.g. analyzing and forecasting resource consumption and spending. 31 | - You can create policies on resource group 32 | - A **resource** is an object in Azure (Azure object) 33 | 34 | ### Azure Resource Manager (ARM) 35 | 36 | - Each object in Azure has ARM files associated with it. 37 | - Can be deployed directly from Visual Studio 38 | - They are JSON text files. 39 | - `$schema` *(required)* : URL of the JSON schema file describing the version. 40 | - `contentVersion` *(required)* : Version of the template (e.g. 1.0.0.0) 41 | - `resources` *(required)*: Resource types that's deployed or updated in the group. 42 | - `parameters`: Customizable values that are provided when deployment executed. 43 | - `variables`: JSON fragments in template to simplify language expressions. 44 | - `outputs`: Values that are returned after deployment. 45 | - 💡 Secure any username, password parameters in JSON files. 46 | - Usually parameters (`azuredeploy.parameters.json`) and the file (`azuredeploy.json`) is separated. 47 | - ❗ Hard to create from stratch. 48 | - 💡 Have a base and modify later. 49 | - Create a resource, copy its auto-generated ARM from *Automation blade.* 50 | - Use **Azure QuickStart templates** 51 | - Maintained by Microsoft + Community (on GitHub) 52 | - Provides "Deploy to Azure" button 53 | - You can control how things are deployed using **Azure Policy** on resource group, subscription, or management group level. 54 | 55 | ## Egress charges 56 | 57 | - Moving data to Azure mostly is free. 58 | - From Azure to outside (without ExpressRoute or Content Delivery Network) you get extra egress charges. 59 | -------------------------------------------------------------------------------- /tools/markdownlint-fixer.py: -------------------------------------------------------------------------------- 1 | ''' 2 | Not tested for generic usage. It fixes following lint issues in md files: 3 | MD007 - Unordered list indentation 4 | MD009 - No trailing whitespaces 5 | MD004 - Unordered list style 6 | MD002 - Headings should be surruonded by blank lines 7 | ''' 8 | import math, os.path, sys, argparse 9 | 10 | parser = argparse.ArgumentParser(description="markdownlint fixer") 11 | parser.add_argument('-i', 12 | help='File to fix', 13 | dest='filename', 14 | type=argparse.FileType('r', encoding='UTF-8'), 15 | required=True) 16 | args = parser.parse_args() 17 | path = str(args.filename.name) 18 | new_lines = [] 19 | 20 | def count_leading_whitespaces(text): 21 | return len(text) - len(text.lstrip(' ')) 22 | 23 | with open(path, 'r', encoding = 'UTF-8') as file: 24 | lines = file.readlines() 25 | for line_index, line in enumerate(lines): 26 | # Ensure 2 whitespaces are used instead of tabs (MD007 - Unordered list indentation) 27 | if line.startswith(' '): 28 | total_white_spaces = count_leading_whitespaces(line) 29 | line = line.lstrip(' ') 30 | total_white_spaces = total_white_spaces / 2 31 | if int(total_white_spaces) != total_white_spaces: 32 | normalized = math.ceil(total_white_spaces) 33 | print(f'Bad total white spaces: {str(total_white_spaces)} normalized to {str(normalized)}. Line: "{line}"') 34 | total_white_spaces = normalized 35 | total_white_spaces = int(total_white_spaces) 36 | for i in range(total_white_spaces): 37 | line = ' ' + line 38 | # Fix MD009 - No trailing whitespaces 39 | text_part = line.split('\n')[0].rstrip(' ') 40 | if line.endswith('\n'): 41 | line = f'{text_part}\n' 42 | else: 43 | line = f'{text_part}' 44 | # MD004 - Unordered list style 45 | if line.lstrip().startswith('-'): 46 | total_white_spaces = 0 47 | while line.startswith(' '): 48 | total_white_spaces += 1 49 | line = line[1:len(line)] 50 | line = "*" + line[1:len(line)] 51 | while total_white_spaces != 0: 52 | line = ' ' + line 53 | total_white_spaces -= 1 54 | # MD002 - Headings should be surruonded by blank lines 55 | if line_index < len(lines) - 1: 56 | next_line = lines[line_index + 1].lstrip(' ') 57 | if next_line.startswith('#') and line != '\n': 58 | line = f'{line}\n' 59 | else: 60 | if line.lstrip().startswith("#") and next_line != '\n': 61 | line = f'{line}\n' 62 | new_lines.append(line) 63 | 64 | filename, file_extension = os.path.splitext(path) 65 | output_path = f'{filename}_fixed{file_extension}' 66 | with open(output_path, 'w', encoding='UTF-8') as fixed_file: 67 | fixed_file.writelines(new_lines) -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/3. Agile work management.md: -------------------------------------------------------------------------------- 1 | # Agile work management 2 | 3 | ## Benefits 4 | 5 | - Allows for faster delivery of product features to your customer 6 | - Leads to increased customer satisfaction. 7 | - Reduced risks since you have small feature releases carried out frequently 8 | - Predictable costs and schedule 9 | - Easily allows for change 10 | 11 | ## Traditional Waterfall Model 12 | 13 | - Stages 14 | 1. **Requirements**: Business analysts gets all requirements from customers. 15 | 2. **Design stage**: Peers & architects design application 16 | 3. **Code**: Dev teams work with application 17 | 4. System testing 18 | 5. User Acceptance Testing 19 | 6. Software release 20 | - Problems 21 | - Release date can be far into the future. 22 | - Can be redundant even before release as business can change 23 | - Bugs & issues detected during the testing phase, it can delay the release as you repeat stages. 24 | - Software may not comply with the requirements 25 | - E.g. during coding stage design requirements can change which will not be reflected. 26 | - As result, user may not get what he/she wants 27 | 28 | ## Scrum 29 | 30 | 1. Have a vision / goal 31 | 2. User stories: describes what customer / end user wants 32 | 3. Product backlog 33 | - Start taking tasks from user stories 34 | 4. Pick tasks from product backlog to sprint backlog 35 | 5. Work with them during a sprint 36 | - Sprint = 1-2 weeks 37 | - Sprint results in working functionality 38 | 6. Retrospective & review meetings 39 | 40 | ## Reporting (Project metrics) 41 | 42 | - Important to avoid frustrations such as late deliveries 43 | - Understand how your work items are progressing in terms of development, testing, release 44 | - Are work items being tracked to completion? 45 | - Are feature requests being tracked? 46 | - Time remaining for key work items 47 | - Time spend on work items. 48 | - Normally use cumulative flow diagrams to monitor the flow of work. 49 | - 📝 Primary metrics are: 50 | - ![Differences between lead and cycle time](./img/lead-vs-cycle-time.png) 51 | - **Cycle time** 52 | - How long it takes to complete one production cycle 53 | - Calculated by `work completion time - start of doing work` 54 | - ![Cumulative Flow Diagram](./img/widgets/cycle-time.png) 55 | - **Lead time** 56 | - Measures `work completion time - work requested time` 57 | - ![Cumulative Flow Diagram](./img/widgets/lead-time.png) 58 | - **Burndown**: Shows remaining work within a specific time period. 59 | - Burnup is exactly like burndown, except that it plots work completed, rather than work remaining. 60 | - ![Cumulative Flow Diagram](./img/widgets/burndown.png) 61 | - **Velocity** 62 | - Indication of how much work a team can complete during a sprint based. 63 | - ![Cumulative Flow Diagram](./img/widgets/velocity.png) 64 | - **Cumulative Flow Diagram** 65 | - See the count of work items over time of a Kanban board. 66 | - ![Cumulative Flow Diagram](./img/widgets/cumulative-flow-diagram.png) 67 | -------------------------------------------------------------------------------- /AZ-104 Microsoft Azure Administrator/2.3. Governance - Azure Policies.md: -------------------------------------------------------------------------------- 1 | # Microsoft Azure Policies 2 | 3 | - Configures what kind of resources can be deployed and managed 4 | - Ensures proper cloud governance by controlling resource deployment and usage. 5 | - ❗ Publishing requires `Microsoft.Authorization/policyassigments/write` permission. 6 | - The assigner is saved as `assignedBy` property. 7 | - Apply to new and existing resources. 8 | - Resources are scanned hourly for compliance with policies. 9 | 10 | ## Policy types 11 | 12 | - **Built-in policies** 13 | - E.g.: Require SQL Server 12.0, Allowed Storage Account SKU, Allowed Resource Types, Allowed Locations, Allowed Virtual Machine SKUs, Apply tag and its default value, Enforce tag and its value, Not allowed resource types 14 | - **Custom Policies** 15 | - JSON format 16 | - Supports logical operations (`or`, `allOf`, `noneOf`) and `if` statements. 17 | - Used for granular resource control 18 | - E.g. limit load balancer creation to IT admins. 19 | - Can be create manually or by copying existing policy from e.g. GitHub. 20 | - E.g. 21 | 22 | ```json 23 | { 24 | "policyRule": { 25 | "if": { 26 | "not": { 27 | "field": "location", 28 | "in": "[parameters('allowedLocations')]" 29 | } 30 | }, 31 | "then": { 32 | "effect": "audit" 33 | }, 34 | "parameters": { 35 | "allowedLocations": { 36 | "type": "Array", 37 | "metadata": { 38 | "description": "The list of allowed locations for resources", 39 | "displayName": "Allowed Locations", 40 | "strongType": "location" 41 | } 42 | } 43 | } 44 | } 45 | } 46 | ``` 47 | 48 | ## Policy parameters 49 | 50 | - Passed to policy 51 | - Enable policy reuse 52 | - Fewer policies are required. 53 | - String or array 54 | 55 | ## Policy Effects 56 | 57 | - **`Append`**: Resource policy additions, e.g. tags. 58 | - **`Audit`**: Logging only, generates a warning. 59 | - **`AuditIfNotExists`**: Enables audit if resource does not exists 60 | - **`Deny`**: Denies deployment 61 | - 💡 Existing non-compliant resources are marked but not deleted. 62 | - **`DeployIfNotExists`**: If resource does not exists, deploy it. 63 | 64 | ## Management Groups 65 | 66 | - Organizes multiple subscriptions. 67 | - Up to 6 hierarchical levels. 68 | - Allows to assign policy groups 69 | - 💡 Subscriptions inherit settings 70 | - Facilitates RBAC 71 | - Subscriptions can be moved to other parts of hierarchy. 72 | 73 | ## Policy exclusions 74 | 75 | - Called **exclusion scopes** 76 | - Policies can have exclusions in different scopes 77 | - Scopes can be e.g. resource groups in subscription, or VMs in resource groups. 78 | 79 | ## Policy Initiative Definations 80 | 81 | - Groups policies into a single unit. 82 | - Used when a single Azure governance goal consists of multiple checks. 83 | - Can be assigned to resources/groups/subscriptions 84 | - E.g. Security Compliance 85 | 1. Check for endpoint protection 86 | 2. Check for VM disk encryption 87 | -------------------------------------------------------------------------------- /AZ-304 Microsoft Azure Architect Design/4.1. Azure Resource Manager.md: -------------------------------------------------------------------------------- 1 | # Azure Resource Manager 2 | 3 | - Designed to represent each service in Azure as a resource provider and each service instance in Azure as a modular resource. 4 | - JSON templates are used to deploy collections of resources using Infrastructure-as-Code concepts. 5 | - You can interact with Resource Manager using PowerShell, CLI, Client libraries, Visual Studio, Portal, REST API. 6 | 7 | ## Resource groups 8 | 9 | - Common lifecycle for resources: They can be created, managed, monitored, or deleted together. 10 | - The Resource Manager also offers the concept of resource group templates 11 | - You define a service unit in advance, and then use the template to create as many resource groups as you need. 12 | 13 | ## Azure Resource Manager (ARM) Objects 14 | 15 | - 💡 Envision your solution using ARM 16 | - Start by designing and conceptualizing your entire solution considering all components that may compose your solution. 17 | - Then identify individual units of functionality and find resources available on Azure that can facilitate the specific functionalities. 18 | - **Resource** : Single service. E.g. web app, app service plan, SQL database. 19 | - **Resource group** : Logical grouping of resources. 20 | - **Resource group template** : JSON file that describes a set of resources. 21 | 22 | ## ARM Templates 23 | 24 | - Some or all of the properties of the resource can be parameterized so that you can customize your deployment by providing parameter values at deployment time. 25 | - Deployment 26 | - ARM Templates are deployed in a few ways. 27 | - These depend on your aims, the result intended and your chosen method for development. 28 | - A ***developer*** may choose to use Visual Studio to create and deploy ARM templates directly and to manage the lifecycle of the resources through Visual Studio. 29 | - An ***administrator*** may choose to use PowerShell or the Azure Command Line to deploy resources and amend them. 30 | - An ***end user*** without command line or developer skills would choose to use the Azure Portal to deploy resources without realizing a template is involved. E.g. marketplace offerings. 31 | - Advantages: 32 | - ***Ensure idempotency*** : Identical template to multiple resource => same functionality. 33 | - ***Simplify orchestration*** : Automatize. 34 | - ***Configure multiple resources** : Order, fix dependencies. 35 | - ***Parameterize*** : Define input & input for reuse. Can be nested for larger orchestration. 36 | - Template resources: Parameters *(=> Variables )* => Resources => Output 37 | 38 | ### JSON schema 39 | 40 | - 📝 Empty ARM template: 41 | 42 | ```json 43 | { 44 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", 45 | "contentVersion": "1.0.0.0", 46 | "parameters": { }, 47 | "variables": { }, 48 | "resources": [ ], 49 | "outputs": { } 50 | } 51 | ``` 52 | 53 | - Required: `content`, `resources` 54 | - Optional: `parameters`, `variables`, `output`. 55 | - Sources: 56 | - The Azure Quickstart templates on Github are 57 | - Inspect Automation script element of objects. 58 | -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/7. Continuous Integration & Continuous Delivery.md: -------------------------------------------------------------------------------- 1 | # Continuous Integration & Continuous Delivery 2 | 3 | ## Continuous Integration 4 | 5 | - Automation for entire application lifecycle. 6 | - Allows you to detect issues & bugs early on in development lifecycle 7 | - It takes more time for issues to resolved when they are detected too late 8 | - Re-testing needs to be carried out. 9 | - Solution: 10 | - Run tests as soon as developer makes a commit to repository 11 | - Based on a schedule that runs e.g. every day 12 | - E.g. 13 | - Commit *->* Version control *--triggers-->* build *---triggers-->* deployed to a test environment *--triggers-->* test cases are automated *--triggered-->* final results *->* build is marked as success or failure 14 | - Tools are important e.g. Jenkins, Atlassian Bamboo, TeamCity, Azure Pipelines 15 | - Multi-configuration builds 16 | - e.g. build app for both debug and release configurations on both x86 and x64 platforms. 17 | 18 | ## Continuous Delivery 19 | 20 | - Compliments your continuous integration process. 21 | - Automates deployment of your changes after build. 22 | - Track of your release process quality 23 | - Visualizations about the quality of all the releases pipeline. e.g. adding a dashboard widget which shows the status of every release. 24 | - Release Notes, functional and technical documentation 25 | - Generate Release Notes Build Task (VSTS) 26 | - WIKI Updater Tasks (VSTS) 27 | - 💡 Treat release documentation & manuals as source-code 28 | - When the product changes, the documentation needs to change as well 29 | - Multi-configuration deployments 30 | - e.g. for different geographic regions. 31 | 32 | ### Feature Flags 33 | 34 | - Allows you to separate your functional release from your technical release 35 | - Decide to have a feature on runtime; enable/disable a feature based on a boolean 36 | 37 | ### Deployment rings 38 | 39 | - Gradually deploying and validating changes in production 40 | - Impact 41 | - Also called **blast radius** 42 | - evaluated through observation, testing, analysis of telemetry, and user feedback 43 | - E.g.: 44 | - **Canaries*** who voluntarily test bleeding edge features as soon as they are available. 45 | - **Early adopter*** who voluntarily preview releases, considered more refined than the canary bits. 46 | - **Users** who consume the products, after passing through canaries and early adopters. 47 | 48 | ### Web App Deployment 49 | 50 | - **Deployment slots** 51 | - Allows you to create a new deployment for the web app. 52 | - ❗ Requires **Standard** or higher plan to be able to use deployment slots. 53 | - App content and configurations elements can be swapped between two deployment slots, including the production slot. 54 | - Use-cases: 55 | - Create staging environment easily in Web Apps 56 | - Validate in staging before swapping to production 57 | - You can apply Blue Green deployments 58 | - Zero downtime deployment with a **auto swap** 59 | - Allows you to ensure that all instances of the slot are warmed up before being swapped into production 60 | - Click on slot => App settings => Auto swap: on 61 | -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/2.7. Compliance in Azure.md: -------------------------------------------------------------------------------- 1 | # Compliance in Azure 2 | 3 | ## Microsoft Privacy Statement 4 | 5 | - [privacy.microsoft.com/privacystatement](https://privacy.microsoft.com/en-us/privacystatement) 6 | - 📝 Explains what personal data Microsoft processes, how Microsoft processes it, and for what purposes. 7 | - Applies to the interactions Microsoft has with you and Microsoft products such as Microsoft services, websites, apps, software, servers, and devices. 8 | 9 | ## Microsoft Trust Center 10 | 11 | - [microsoft.com/trust-center](https://www.microsoft.com/trust-center) 12 | - 📝 In-depth information about security, privacy, compliance offerings, policies, features, and practices across Microsoft cloud products. 13 | - Recommended resources in the form of a curated list of the most applicable and widely used resources for each topic. 14 | - Direct guidance and support 15 | 16 | ## Service Trust Portal 17 | 18 | - [servicetrust.microsoft.com](https://servicetrust.microsoft.com/) 19 | - 📝 Can download 20 | - audit reports produced by external auditors 21 | - Microsoft-authored reports about its cloud services. 22 | - Also has compliance guides to help you understand how you can use Microsoft cloud service features to manage compliance with various regulations. 23 | - Hosts [Compliance Manager](#compliance-manager), companion feature to the [Trust Center](#microsoft-trust-center). 24 | 25 | ### Compliance Manager 26 | 27 | - [servicetrust.microsoft.com/ComplianceManager](https://servicetrust.microsoft.com/ComplianceManager) 28 | - Free workflow-based risk assessment dashboard with 29 | - summary of your data protection, compliance stature, recommendations for improvement 30 | - Features: 31 | - Combines the following three items: 32 | 1. Information provided by Microsoft to auditors and regulators e.g.ISO 27001, ISO 27018, and NIST. 33 | 2. Information that Microsoft compiles internally for its compliance with regulations (such as HIPAA and the EU GDPR). 34 | 3. An organization's self-assessment of their own compliance with these standards and regulations. 35 | - Repository in which to upload and manage evidence and other artifacts related to compliance activities. 36 | - Assign, track, and record compliance and assessment-related activities 37 | - Help your organization cross team barriers to achieve your organization's compliance goals. 38 | - ***Compliance Score*** to help you track your progress with onging risk assessments. 39 | - Recommends also actions as part of the risk assessment. 40 | - Excel reports that document the compliance activities performed by Microsoft and your organization. 41 | - 💡 Can be provided to auditors, regulators, and other compliance stakeholders 42 | 43 | ## Azure Security Center 44 | 45 | - 📝 Global service in Azure that includes regulatory compliance dashboard of **your** services. 46 | - Insights into your compliance posture based on continuous assessments 47 | - Analyzes risk factors in your hybrid cloud environment according to security best practices 48 | - Overall security score, assessment against e.g. CIS, PCI DSS 3.2.1, SOC, ISO 27001.. 49 | - ![Compliance Dashboard in Azure Security Center](./img/compliance-dashboard.png) 50 | -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/6.2. Capital Expenditure (CapEx) vs Operational Expenditure (OpEx).md: -------------------------------------------------------------------------------- 1 | # Capital Expenditure (CapEx) vs Operational Expenditure (OpEx) 2 | 3 | - Before: up-front cost in hardware and infrastructure to start or grow a business (CapEx) 4 | - With cloud: Use services without significant upfront costs or equipment setup time (OpEx) 5 | - 📝 Hybrid solution = combine both in cloud with using both on-premises (CapEx) and cloud (OpEx) 6 | - Also possible to have CapEx in cloud with e.g. [Azure Reserved VM Instances](https://azure.microsoft.com/en-us/pricing/reserved-vm-instances/) 7 | - CapEx model is also sometimes use in cloud 8 | 9 | ## Capital Expenditure (CapEx) 10 | 11 | - Spending of money on physical infrastructure up front 12 | - and then deducting that expense from your tax bill over time. 13 | - An upfront cost, which has a value that reduces over time. 14 | 15 | ### Costs of CapEx 16 | 17 | - E.g. server, storage, network, backup & archive, organization continuity and disaster recovery, datacenter infrastructure, technical personal. 18 | 19 | ### Benefits of CapEx 20 | 21 | - Plan your expenses at the start of a project or budget period. 22 | - Your costs are fixed, meaning you know exactly how much is being spent. 23 | - 💡 Appealing when you need to predict the expenses before a project starts due to a limited budget. 24 | 25 | ## Operational Expenditure (OpEx) 26 | 27 | - Spending money on services or products now and being billed for them now. 28 | - There's no upfront cost: You pay for a service or product as you use it 29 | - Deduct expense from your tax bill in the same year. 30 | 31 | ### Billing of OpEx 32 | 33 | - As soon as the provider provisions resources, billing starts 34 | - your responsibility to de-provision the resources when they aren't in use so that you can minimize costs. 35 | - Cloud computing can bill in various ways e.g. 36 | - Number of users, CPU usage time, allocated RAM, I/O operations per second (IOPS), and storage space. 37 | - Billing at the user or organization level. 38 | - **Pay-per-use** (or subscription model) 39 | - Designed for both organizations and users 40 | - billed for the services used, typically on a recurring basis 41 | - E.g. when using a dedicated cloud service, you could pay based on server hardware and usage. 42 | 43 | ### Costs of OpEx 44 | 45 | - Leasing software and customized features 46 | - Scaling charges based on usage/demand instead of fixed hardware or capacity. 47 | - 💡Plan for backup traffic and disaster recovery traffic to determine the bandwidth needed. 48 | 49 | ### Benefits of OpEx 50 | 51 | - CapEx challange: Demand and growth can be unpredictable and can outpace expectation 52 | - ![CapEx demand & growth](./img/capex-demand-and-growth.png) 53 | - Companies wanting to try a new product or service don't need to invest in equipment 54 | - Instead, they pay as much or as little for the infrastructure as required. 55 | - OpEx is particularly appealing if the demand fluctuates or is unknown 56 | - Enables **cloud agility** 57 | - Ability to rapidly change an IT infrastructure to adapt to the evolving needs of the business 58 | - Manage your costs dynamically, optimizing spending as requirements change. 59 | - E.g. service peaks one month => pay more, demand drops next month => pay less 60 | -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/1.1. Design a DevOps Strategy.md: -------------------------------------------------------------------------------- 1 | # Design a DevOps Strategy 2 | 3 | ## Greenfield & Brownfield 4 | 5 | - Greenfield projects 6 | - Brand new, lacks any constraints imposed by prior work. 7 | - Brownfield projects 8 | - Development and deployment of new software systems within the immediate presence of existing (legacy) software applications/services 9 | - Greenfield vs Brownfield Ops 10 | 11 | | Brownfield | Greenfield | 12 | | ------------|------------| 13 | | Slow change, but reliable & scalable | Fast change, innovative and more tolerant of bugs | 14 | | Maintaining workloads across on-premise data centers | Maintaining workloads across externally sourced infrastructures | 15 | | Not cloud platform enabled | Cloud platform enabled | 16 | | Waterfall release cycles | Agile development cycles | 17 | | Legacy, monolithic tools | New, composable tools | 18 | | Legacy, serial processes | New, collaborative processes | 19 | 20 | ## Project Metrics and KPIs 21 | 22 | - Faster Outcomes 23 | - **Deployment Frequency** 24 | - Increasing the frequency of deployments is often a critical driver in DevOps projects. 25 | - **Deployment Speed** 26 | - As well as increasing how often deployments happen, it's important to decrease the time that they take. 27 | - **Deployment Size** 28 | - How many features, stories, and bug fixes are being deployed each time? 29 | - **Lead Time** 30 | - How long does it take from starting on a work item, until it is deployed? 31 | - Efficiency 32 | - **Server to Admin Ratio** 33 | - Are the projects reducing the number of administrators required for a given number of servers? 34 | - **Staff Member to Customers Ratio** 35 | - Is it possible for less staff members to serve a given number of customers? 36 | - **Application Usage** 37 | - How busy is the application? 38 | - **Application Performance** 39 | - Is the application performance improving or dropping? (Based upon application metrics)? 40 | - Quality and Security 41 | - **Deployment Failure Rates** 42 | - How often do deployments (and/or applications) fail? 43 | - **Application Failure Rates** 44 | - How often do application failures occur, such as configuration failures, performance timeouts, etc? 45 | - **Mean Time to Recover** 46 | - How quickly can you recover from a failure? 47 | - **Bug Report Rates** 48 | - You don't want customers finding bugs in your code. 49 | - Is the amount they are finding increasing or decreasing? 50 | - **Test Pass Rates** 51 | - How well is your automated testing working? 52 | - **Defect Escape Rate** 53 | - What percentage of defects are being found in production? 54 | - **Availability** 55 | - What percentage of time is the application truly available for customers? 56 | - **SLA Achievement** 57 | - Are you meeting your service level agreements (SLAs)? 58 | - **Mean Time to Detection** 59 | - If there is a failure, how long does it take for it to be detected? 60 | - Culture 61 | - **Employee Morale** 62 | - Are employees happy with the transformation and where the organization is heading? 63 | - Are they still willing to respond to further changes? 64 | - **Retention Rates** 65 | - Is the organization losing staff? 66 | - Lead time vs. cycle time 67 | -------------------------------------------------------------------------------- /AZ-304 Microsoft Azure Architect Design/3.1.2. Storage - StorSimple.md: -------------------------------------------------------------------------------- 1 | # StorSimple 2 | 3 | - A physical device. 4 | - Creates workflows for migrating data to a cloud storage center or back on premise. 5 | - Combination of service device management tools. 6 | - On-premises hybrid storage array 7 | - Manages communication with cloud storage 8 | - Helps to ensure the security and confidentiality of data 9 | - Includes 10 | - Solid state drives (SSDs) 11 | - Hard disk drives (HDDs) 12 | - Support for clustering and automatic failover. 13 | - Shared processor, shared storage, and two mirrored controllers 14 | - You can alternatively use StorSimple to create a virtual device that replicates the architecture and capabilities of the actual hybrid storage device. 15 | - The StorSimple virtual device (also known as the ***StorSimple Virtual Appliance***) runs on a single node in an Azure virtual machine. 16 | - StorSimple provides a web-based user interface (the StorSimple Manager service), or you can use PowerShell CLI. 17 | - Security through encryption algorithms to protect data stored in or traveling between the components of StorSimple solution. 18 | 19 | ## Transparent integration 20 | 21 | - 📝 Uses Internet Small Computer System Interface (iSCSI) protocol to invisibly link data storage facilities. 22 | - iSCSI (Small Computer System Interface) 23 | - Storage networking standard for linking data storage facilities over TCP/IP 24 | - Data that's stored in the cloud, in the data center, or on remote servers, appears to be stored at a single location. 25 | 26 | ## Reduced storage costs 27 | 28 | - Compression 29 | - **Deduplication** 30 | - 📝 Eliminates redundant versions of the same data *(deduplication)* 31 | 32 | ## Simplified storage management 33 | 34 | - Provides system administration tools that you can use to configure and manage data: 35 | - Backup and restore functions from a *Microsoft Management Console (MMC)* snap-in. 36 | - Separate, optional interface to extend StorSimple management and data protection services to content stored on SharePoint servers. 37 | 38 | ## Improved disaster recovery and compliance 39 | 40 | - Does not require extended recovery time. Instead, it restores data as it is needed. 41 | - Regular operations can continue with minimal disruption. 42 | - You can configure policies to specify backup schedules and data retention. 43 | 44 | ## Data mobility 45 | 46 | - Data uploaded to Microsoft Azure cloud services can be accessed from other sites for e.g. recovery and migration purposes. 47 | - You can use StorSimple to configure StorSimple virtual devices on virtual machines (VMs) running in Microsoft Azure. 48 | - The VMs can then use virtual devices to access stored data for test or recovery purposes. 49 | 50 | ## Data Tiering 51 | 52 | - Automatically tiers and classifies your data. 53 | - Based on how often you access it. 54 | - Data is always being shuffled between tiers as the mechanism learns about your usage patterns. 55 | - To enable quick access, it stores hot data 56 | - On SSD. 57 | - Locally 58 | - It stores occasionally used (warm data) data 59 | - on HDDs in the device or on servers at the data center. 60 | - Inactive data 61 | - Automatically migrates to the cloud. 62 | - Rearranges data and storage assignments as usage patterns change 63 | -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/4.3. Azure Security Center.md: -------------------------------------------------------------------------------- 1 | # Azure Security Center 2 | 3 | - Monitoring service that provides threat protection across all services 4 | - both in Azure, and on-premises. 5 | - Gives security recommendations based on your configurations, resources, and networks. 6 | - Part of [https://www.cisecurity.org/cis-benchmarks/](https://www.cisecurity.org/cis-benchmarks/) 7 | - Automatic security assessments through continuous monitoring to identify potential vulnerabilities before they can be exploited. 8 | - Just-in-time access control for ports through [Azure Defender](#azure-defender) 9 | - Analyzes & identifies identify potential inbound attacks 10 | - then helps to investigate threats and any post-breach activity that might have occurred. 11 | - Control apps 12 | - Only the apps you validate are allowed to execute. 13 | - Uses machine learning to detect and block malware from being installed on services 14 | - Helps with [compliance](2.7.%20Compliance%20in%20Azure.md#azure-security-center) through continous assesments & recommendations. 15 | 16 | ## Tiers 17 | 18 | ### Free 19 | 20 | - Available as part of any Azure subscription 21 | - Limited to assessments and recommendations of Azure resources only. 22 | 23 | ### Azure Defender 24 | 25 | - Formerly known as **Azure security center standard edition** 26 | - Provides a full suite of security-related services including 27 | - continuous monitoring 28 | - threat detection 29 | - just-in-time access control for ports 30 | - $15 per node per month, 30-day free trial available 31 | - ❗ To upgrade to the Standard tier, you must be assigned the role of *Subscription Owner*, *Subscription Contributor*, or *Security Admin*. 32 | 33 | ## Use-cases 34 | 35 | ### Incident response 36 | 37 | - 💡Have an incident response plan in place before an attack occurs. 38 | 39 | #### Incident response stages 40 | 41 | - ![Incident response stages](./img/incident-response-stages.png) 42 | - You can use Security Center during the [detect](#detect), [assess](#assess), and [diagnose](#diagnose) stages. 43 | 44 | ##### Detect 45 | 46 | - Review the first indication of an event investigation. 47 | - E.g. you can use the Security Center dashboard to review the initial verification that a high-priority security alert was raised. 48 | 49 | ##### Assess 50 | 51 | - Perform the initial assessment to obtain more information about the suspicious activity. 52 | - E.g. obtain more information about the security alert. 53 | 54 | ##### Diagnose 55 | 56 | - Conduct a technical investigation and identify containment, mitigation, and workaround strategies. 57 | - E.g., follow the remediation steps described by Security Center in that particular security alert. 58 | 59 | ### Recommendations to enhance security 60 | 61 | #### Security policy 62 | 63 | - Set of controls that are recommended for resources within that specified subscription or resource group 64 | - You can reduce the chances of a significant security event by configuring a security policy 65 | 66 | #### Recommendations 67 | 68 | - Based on security policies for potential vulnerabilities. 69 | - Guide you through the process of configuring the needed security controls. 70 | - E.g. if you have workloads that do not require the Azure SQL Database Transparent Data Encryption (TDE) policy, turn off the policy at the subscription level and enable it only in the resources groups where SQL TDE is required. 71 | -------------------------------------------------------------------------------- /AZ-303 Microsoft Azure Architect Technologies/2.4.2. Virtual Machines - Azure Backup & Azure Site Recovery & Snapshots.md: -------------------------------------------------------------------------------- 1 | # Backups 2 | 3 | ## Azure Backup 4 | 5 | - Managed service for back-ups. 6 | - Use for production workloads. 7 | - Creates recovery points that are stored in geo-redundant recovery vaults. 8 | - Allows you to restore whole VM or specific files later on. 9 | 10 | ### Setting up 11 | 12 | 1. Create a recovery services vault 13 | - It stores your back-ups and recovery points. 14 | - Choose between geo-redundant (default) or locally redundant. 15 | 2. Define the backup in vault. 16 | - Snapshots (recovery points) are stored in the vault. 17 | - You can restore VM from any recovery point. 18 | - Create new back-up 19 | - Set backup goal with 20 | - Source: From where (Azure/on-premises/Azure Stack) 21 | - Object: What e.g. VM, SQL (depended on source) 22 | - 💡 In Site recovery the action is called **protection goal** 23 | - Configure back-up policy: 24 | - Frequency (retention range): How often? Ex. once a day, weekly, yearly etc. 25 | - When exactly? (ex. 11:00 AM Sunday) 26 | - You can back-up directly with "Back-up Now" 27 | 3. Back-up virtual machine 28 | - Azure VM Agent must be installed on VM, they're already installed for VMs from gallery. 29 | - Backing up VMs is a within region. 30 | - ❗ You cannot back up VMs from one region to a Recovery Services vault in another region. 31 | - ❗ For every Azure region that has VMs to be backed up, at least one Recovery Services vault must exist in that region. 32 | - For on-premises, you need to install VM agent 33 | 34 | ### Restoring 35 | 36 | 1. You can choose to restore only files. 37 | - Restore types: [Three Ways to Restore Azure IaaS VMs](https://newsignature.com/articles/three-ways-restore-azure-iaas-vms/): 38 | 1. **Create a virtual machine** 39 | - Basic settings such as VNet,subnet and storage account. 40 | - ❗ Does not support advanced settings such as e.g. VMs under load balancer, multiple reserved IPs or multiple NICs. 41 | 2. **Restore disks** 42 | - Copies VHDs into a storage account you specify. 43 | - You can then create a new VM using these disks or attach existing VM to the disk disk. 44 | 3. **Direct File Recovery** 45 | - Select recovery point -> Download script to mount VM disks so you can browse them -> Once you restore files, unmount the drives. 46 | 2. Create a new VM 47 | 3. Create a new store disk (copies VHDs). 48 | 4. Replace existing VM 49 | - ❗ Only supported for unencrypted managed VMs from marketplace). 50 | 51 | ## Azure Site Recovery 52 | 53 | - Protects from a major disaster scenario when a whole region experiences an outage. 54 | - E.g. due to major natural disaster or widespread service interruption. 55 | - You can replicate to an Azure region of your choice. 56 | - You can set up easily on Portal => VM => Disaster recovery with target region. 57 | - Explained more [here](./2.6.2.%20Azure%20Site%20Recovery%20Service.md). 58 | 59 | ## Snapshots 60 | 61 | - Read only-copies of managed disks. 62 | - Provide a quick and simple option for backing up VMs. 63 | - Snapshot for consistency requires you to stop VM, Azure backup handles it via en extension 64 | - Can be used to rebuild VM / create new managed disks as they exist independently. 65 | - Billed based on the used portion of the disk (not whole disk capacity). 66 | -------------------------------------------------------------------------------- /AZ-303 Microsoft Azure Architect Technologies/2.5.2. Virtual Networks - Virtual Network Interface.md: -------------------------------------------------------------------------------- 1 | # Virtual Network Interface 2 | 3 | - Groups & manages public + private IP. 4 | - The address for each NIC are within the same subnet. 5 | - Associations: 6 | - A VM must have at least one network interface attached to it. 7 | - It can have ***network security group*** associated with it. 8 | - It has a ***VNet*** and ***subnet*** associated with it. 9 | - 💡 Adding an virtual network interface does not cause any downtime. 10 | 11 | ## Multiple NICs 12 | 13 | - Best practice recommended by Microsoft. 14 | - Needed for many network virtual appliances. 15 | - 💡 Having different front-end and back-end NIC(s) makes administration/management easier 16 | - ***Primary NIC*** is first NIC attached, ***secondary NIC(s)*** are the others. 17 | - By default outbound traffic is sent by IP from primary NIC and Load Balancer pool uses primary NIC IP. 18 | - ❗ Limitations 19 | - VM size limits how many NICs can be attached. 20 | - Only one NIC can have public IP. 21 | - The order *(names)* of the NICs inside the VM will be random or can be changed after Azure updates etc, but IP and MAC addresses stay the same. 22 | - In an availability set for each VM must use either multiple NICs or single. 23 | - You cannot mix. 24 | - Single NIC <=> Multiple NIC(s) configuration requires VM to be re-deployed. 25 | 26 | ## IP addressing 27 | 28 | - **Prefix**: e.g. 10.1.0.0/24 29 | - ❗ Dynamic <=> static switch requires NIC to be restarted. 30 | - Effects subnet configuration. 31 | - Azure best practice is to manage subnets separately. 32 | - Subnet for static IPs and subnet for dynamic IPs. 33 | - E.g. in multi-tier application web servers and load balancers will have public IPs but internal web application data layers won't have public IPs. 34 | - E.g. in big infrastructure where they have one or two jump boxes that have public IPs for the purpose of doing administration. 35 | - A box you can RDP to and then from there access other systems inside the implementation versus giving everything a public IP. 36 | - Default gateway is completely managed by Azure. You cannot modify. 37 | - You can set custom DNS server. 38 | - DNS server of VM is inherited from VNet, not IP address. 39 | 40 | ## Public IP 41 | 42 | - Used for external internet communication. 43 | - Azure ARM object with a globally unique name. 44 | - Used in: • VMs • load balancer • VPN gateway • Application Gateway. 45 | - Can be static or dynamic. 46 | - Static IP do not change and is good for: 47 | - DNS name resolution. 48 | - IP address-based security 49 | - SSL certificates linked to an IP 50 | - Firewall rules 51 | - Role-based VMs such as domain controllers and DNS servers 52 | - 📝 SKUs 53 | - Basic 54 | - Can be assigned to any Azure resource 55 | - Assigned to a zone and not zone redundant. 56 | - Standard 57 | - Always static. 58 | - ❗ Can only be assigned to: NICs, public standard load balancers 59 | - Zone redundant by default. 60 | 61 | ## Private IP 62 | 63 | - Used within VNet and subnets. 64 | - Can be used on-premises with VPN gateway or ExpressRoute. 65 | - Can be static or dynamic 66 | - Resources: in VMs, Load balancers and Application gateway. 67 | 68 | ## IP Forwarding 69 | 70 | - Modifies IP address to reach right target. 71 | - Allows transient flows. E.g. NIC3 lets a NIC1 trying to communicate with NIC2 that it has no route to but only to NIC3 by IP forwarding during routing. 72 | -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/3.1. Azure Boards.md: -------------------------------------------------------------------------------- 1 | # Azure Boards 2 | 3 | - Allows teams to follow an agile project management approach. 4 | - Has native support for Scrum & Kanban type projects 5 | - Has customizable dashboards 6 | - Has integrating reporting 7 | 8 | ## Terminology 9 | 10 | - **Work item** 11 | - Track your project features & requirements 12 | - Track your code defects or bugs 13 | - **User stories** 14 | - Helps define the application requirements 15 | - Product owners who will define & rank user stories. 16 | - **Boards** 17 | - Collaborate with others 18 | - Kanban board: Add, update & review the work items as cards. 19 | - **Sprints** 20 | - Used working with scrum 21 | - Schedule work items & update them as required. 22 | - **Queries** 23 | - Helps you list or search for work items based on specific criteria. 24 | 25 | ## 📝 Choose a process 26 | 27 | | Name | When to choose | Hierarchy | Separate items | 28 | | -- | -- | -- | -- | 29 | | Basic Process | Need for the simplest model | Epic (in Portfolio backlog) 🠚 issue (in Product backlog) 🠚 task | ␀ | 30 | | Agile Process | Need for an agile process e.g. Scrum, can track user stories, bugs, development, test activities | Epic (in Portfolio backlog) 🠚 feature 〖🠚 user story (in Backlog) 🠚 task (in Backlog)〗 OR 〖bug (in Backlog) 🠚 task (in Backlog)〗 | issue | 31 | | Scrum process | Need to align with Scrum | Same as agile but product backlog item instead of user story | impediment for issue & bug tracking | 32 | | CMMI Process | Need to follow more formal project process | Same as agile but feature instead of user story | change request, issue, review, risk | 33 | 34 | - 🤗 Capability Maturity Model Integration (CMMI) is framework to move towards an more agile approach. 35 | - defines the following maturity levels for processes: Initial, Managed, Defined, Quantitatively Managed, and Optimizing. 36 | 37 | ## Flow 38 | 39 | - Log in to [dev.azure.com](https://dev.azure.com) with your Microsoft account 40 | - You create an **organization** or use default organization for your user name. 41 | - Create a **project** 42 | - You have 43 | - Boards 44 | - Boards: Create work items 45 | - Backlogs: See all items from backlog 46 | - Sprints: you see also tasks inside work items 47 | - Can create new sprints with start & end date 48 | - You assign work-items as part of sprints 49 | - Queries 50 | - Repos, Pipelines, Test plans, Artifacts 51 | - You can create **work items** 52 | - Can be **issue**, **issue** or **task** 53 | - In boards you have columns such as *to-do*, *doing*, *done* 54 | - They are customizable 55 | - You can move work items between them 56 | - You can create **tasks** inside a work item. 57 | 58 | ## Connecting to GitHub 59 | 60 | - Enables linking between 61 | - GitHub commits, pull requests, and issues to work items 62 | - Steps 63 | 1. [Add connection](https://docs.microsoft.com/en-us/azure/devops/boards/github/connect-to-github?view=azure-devops) 64 | - Project settings => Boards => GitHub connections 65 | - Add a new connection 66 | - To authenticate you can use 67 | - Username + Password 68 | - or PAT (Personal Access token) 69 | - or OAuth (only for GitHub Enterprise Server) 70 | - Add GitHub repositories to use with Azure Boards once the connection is established 71 | 2. [Install Azure Boards app for GitHub](https://docs.microsoft.com/en-us/azure/devops/boards/github/install-github-app?view=azure-devops) 72 | -------------------------------------------------------------------------------- /AZ-304 Microsoft Azure Architect Design/3.5. Data Analysis (Azure Analysis Services, HDInsight, Azure Data Catalog).md: -------------------------------------------------------------------------------- 1 | # Data Analysis 2 | 3 | ## Azure Analysis Services 4 | 5 | - PaaS 6 | - Integrated with Azure data platform services. 7 | - You can mashup and combine data from multiple sources, define metrics, and secure your data in a single, trusted semantic data model. 8 | - Handles 9 | - Security 10 | - In-memory cache 11 | - Data modeling 12 | - Lifecycle management 13 | - Business logic & metrics 14 | - Compatible with many features already in *SQL Server Analysis Services Enterprise Edition* 15 | - Supports tabular models at the 1200 and 1400 compatibility levels 16 | - Partitions, row-level security, bi-directional relationships, and translations are all supported. 17 | - In-memory and DirectQuery modes are also available for fast queries over massive and complex datasets. 18 | 19 | ### Integrations 20 | 21 | - Data Sources 22 | - **Cloud**: E.g. SQL Database, Azure Synapse Analytics, Data Lake, HDInsights/Spark… 23 | - **On-premises*:* E.g. SQL Server / Oracle… 24 | - Client tools 25 | - **Cloud**: Power BI 26 | - **On-premises**: Third-Party. Power BI Desktop. Excel 27 | 28 | ### Tabular Object Model (TOM) 29 | 30 | - Client library for SQL to describe model objects for developers. 31 | - Exposed in JSON through the Tabular Model Scripting Language (TMSL) and the AMO data definition language. 32 | - TOM is built on AMO. 33 | - ***Analysis Management Objects (AMO)*** is a library of programmatically accessed objects that enables an application to manage an Analysis Services instance. 34 | - E.g. AMO has data mining classes 35 | - Has classes for models, relationship, roles, annotations, cultures etc. to manage SQL analysis objects. 36 | - Structured in a tabular form. 37 | - Arranges data elements in vertical columns and horizontal rows. Each cell is formed by the intersection of a column and row. 38 | 39 | ## HDInsight 40 | 41 | - Common use: 42 | 1. Create HDInsight 43 | 2. Schedule Jobs 44 | 3. Delete HDInsight Cluster 45 | - Azure distribution of Apache Hadoop components 46 | - Framework for processing and analysis of big data sets on clusters. 47 | - Including Apache Hive, HBase, Spark, Kafka, Storm, R and many others. 48 | - Apache Spark is an open-source parallel processing framework that supports in-memory processing to boost the performance of big-data analytic applications. 49 | - Built on top of Azure Storage 50 | 51 | ## Azure Data Catalog 52 | 53 | - A single, central place for all of an organization's users to contribute their knowledge and build a community and culture of data. 54 | - It includes a crowdsourcing model of metadata and annotations. 55 | - Descriptive metadata supplements the structural metadata (such as column names and data types) that's registered from the data source. 56 | - The data remains in its existing location, but a copy of its metadata is added to Data Catalog, along with a reference to the data-source location. 57 | - The metadata is also indexed to make each data source easily discoverable via search and understandable to the users who discover it. 58 | - Any user (analyst, data scientist, or developer) can discover, understand, and consume data sources. 59 | - Users can contribute to the catalog by tagging, documenting, and annotating data sources that have already been registered. 60 | - They can also register new data sources, which can then be discovered, understood, and consumed by the community of catalog users. 61 | -------------------------------------------------------------------------------- /AZ-104 Microsoft Azure Administrator/1.2. Management - Resources & Costs.md: -------------------------------------------------------------------------------- 1 | # Subscriptions 2 | 3 | ## Resource tagging 4 | 5 | - 💡Always tag! 6 | - Tags are additional metadata that can be assigned to resources/resource groups. 7 | - ❗ Child resources do not inherit resource groups tags 8 | - ❗ Max 15 tag name/value pairs. 9 | - E.g. `CostCenter = YHZ` 10 | - Why? 11 | - Organize 12 | - Search 13 | - View 14 | - Billing & cost managements 15 | - On Portal 16 | - You can search for Tags and see filtered lists. 17 | - ❗ Resources are tagged **after** resource is created as opposed to PowerShell/CLI. 18 | 19 | ## Resource Tagging and Cost Center Spending Limits 20 | 21 | ### Spending Limits 22 | 23 | - Applies to *free trial subcriptions*, *MSDN* and *Visual Studio subscriptions*. 24 | - If spending limit is exceeded: 25 | 1. Email message is sent 26 | 2. Deployed resources are disabled in next billing cycle. 27 | 3. Databases and storage accounts become read-only 28 | - Free trials can be upgraded to Pay-as-you-go 29 | - Do not apply to *support plans*, *pay-as-you-go*, *Enterprise Dev/Test* 30 | 31 | ### ARM Consumption API 32 | 33 | - Returns usage details 34 | - ❗ Supported only in *Enterprise enrollments* and *Web Direct subscriptions* 35 | - Available through CLI and different SDKs. 36 | - Consumption APIs 37 | - Enterprise customers only: *Price Sheet*, *Budgets*, *Balance* 38 | - Reserved VMs: *Reservation Summaries API*, *Reservation Details API*, *Reservation recommendations API* 39 | - Others: *Marketplace charges*, *usage details* 40 | 41 | ### Azure Pricing Calculator 42 | 43 | - Estimates monthly costs 44 | - See [online](https://azure.microsoft.com/en-us/pricing/calculator/) 45 | 46 | ### Azure Advisor Cost Recomendations 47 | 48 | - Identifies wastage 49 | - E.g. idle VMs, SQL DBs. 50 | - Can configure automatic shutdown 51 | - Auto-shutdown option in VM. 52 | - Recommendations about: 53 | - High availability 54 | - Security 55 | - Performance 56 | - Cost recommendations, e.g.: 57 | - Virtual machine reserved instances to reduce costs. 58 | - VM resizing: Scale up / down 59 | - Remove unprovisioned ExpressRoute circuits. 60 | - Configure rule: 61 | - E.g. Average CPU Utilization < 5% 62 | 63 | ### Subscription blade 64 | 65 | - In *Cost analysis* you can filter by *Tag*s. 66 | - Invoices 67 | - **Manage** in Subscription blade 68 | - Manage payment methods 69 | - 💡 Adding one allows you to remove subscription limits. 70 | - Download usage details 71 | - Transfer/cancel subscription 72 | - Set-up billing alerts 73 | - E.g. e-mail if billing total is $150 74 | 75 | ### Optimizing VM costs 76 | 77 | - 📝 Use VM Reserved Instances 78 | - You can create one in *Reservations* blade 79 | - 📝 Set-up auto shutdown in VMs 80 | - *Auto-shutdown* blade in VM. 81 | 82 | ## Microsoft Azure Resource Providers 83 | 84 | - Enables Azure features. 85 | - Many are registered automatically 86 | - E.g. `Microsoft.Compute` that handles VMs, `Microsoft.Network`, `Microsoft.Sql`, `Microsoft.Storage` 87 | - Some are not registered automatically 88 | - E.g. `Microsoft.PolicyInsights`, `Microsoft.AzureActiveDirectory`, `Microsoft.AzureStack`, `Microsoft.Botservice` 89 | - Custom providers can be registered with subscription. 90 | - Requires the `Contributor` or `Owner` roles. 91 | - In most cases providers are registered automatically when you deploy resources that uses the providers. 92 | - You can register, unregister, re-register through Subscription → Resource providers in Portal 93 | -------------------------------------------------------------------------------- /AZ-303 Microsoft Azure Architect Technologies/3.5.2. Authorization.md: -------------------------------------------------------------------------------- 1 | # Authorization 2 | 3 | - Act of verifying if someone has access to a certain operation/subsystem. 4 | - What can you do? 5 | - Authorization in past 6 | - Protocols like LDAP or tools like AD DS. 7 | - Application queried database whenever a user attempted to access an application. 8 | - Today 9 | - Identity is managed by 3rd parties (Azure AD, Facebook, Google) 10 | - Information needs to be shared in a standardized way to applications. 11 | - Simplest solution 12 | - Once users are logged in, ID provider is trusted by application and can share claims. 13 | 14 | ## Claims-based authorization 15 | 16 | - To grant or deny access is based on arbitrary logic that uses data available in claims to make the decision 17 | - Claim 18 | - Name/value pair that represents what the subject is and not what the subject can do 19 | - E.g. `DateOfBirth = June 8, 1970` 20 | - Implementation in .NET 21 | - Claim-based authorization checks are ***declarative*** 22 | - Embedded in code against an action/controller, specifying claims required for current user, and optionally values of claims. 23 | - Claims requirements are defined in policies. 24 | - Define policies in `Startup.ConfigureServices`. 25 | - Require claim(s) 26 | 27 | ```C# 28 | services.AddAuthorization(options => options.AddPolicy("EmployeeOnly", policy => policy.RequireClaim("EmployeeNumber"))); 29 | ``` 30 | 31 | - Require claim values 32 | 33 | ```C# 34 | services.AddAuthorization(options => options.AddPolicy("Founders", policy => policy.RequireClaim("EmployeeNumber", "1", "2", "3", "4", "5"))); 35 | ``` 36 | 37 | - Apply policies on action/controller using `[Authorize(Policy = "EmployeeOnly")]` 38 | - 💡 Action overrides controller. 39 | 40 | ## Role-based access control (RBAC) authorization 41 | 42 | - An identity can belong to one or more roles. 43 | - Access is granted or denied based on roles. 44 | - ❗ RBAC is built in ARM so classic deployment cannot use it 45 | - 💡 Grant users/team least privileges to get their work done. 46 | 47 | ### Setting up RBAC in ASP .NET 48 | 49 | - Authorize per role `[Authorize(Roles = "HRManager")]` or `[Authorize(Roles = "HRManager,Finance")]` 50 | - 💡 Actions overrides controller declarations. 51 | - For only authenticating, you can use `[Authorize]` and `[AllowAnonymous]` 52 | - You can declare policies based on roles. 53 | - In `Startup.ConfigureServices` 54 | - Require single role: `options.AddPolicy("RequireAdministratorRole", policy => policy.RequireRole("Administrator"))` 55 | - Require multiple roles: `options.AddPolicy("ElevatedRights", policy =>policy.RequireRole("Administrator", "PowerUser", "BackupAdministrator"));` 56 | - On actions and controllers you can then use `[Authorize(Policy = "RequireAdministratorRole")]` 57 | 58 | ### Role assignment 59 | 60 | - Granting access by assigning a **Security Principal**, a **Role** at a **Scope** 61 | - **Security principal**. User, group or service principal. 62 | - **Role** : Built-in or custom role 63 | - Roles are specific to level, app type (VM, storage) 64 | - **Scope** : Subscription, resource group or resource 65 | 66 | ### Azure built-in roles 67 | 68 | - Azure has 70 built-in roles. 69 | - Fundamental roles that apply all resource types: 70 | - **Owner**: Root, can delegate, can be scoped. 71 | - **Contributor**: Creates & manages but cannot delegate. 72 | - **Reader**: Read only access 73 | - **User access administrator**: Manages user access to Azure resources 74 | -------------------------------------------------------------------------------- /AZ-304 Microsoft Azure Architect Design/5.3. Azure VM Scale Sets.md: -------------------------------------------------------------------------------- 1 | # Azure VM Scale Sets 2 | 3 | - Allows a virtual machine to deploy [up to 1000](#large-vm-scale-sets) times in the same subnet. 4 | - Allow accurate auto-scaling 5 | - Provides high degree of control like IaaS, but manages networking/storage/compute/load balancing like PaaS. 6 | - Requires no pre-provisioning, automatically configures and manages: 7 | - Network 8 | - Load balancer 9 | - Network Address Translation (NAT) 10 | - Handles resource creations, dependencies and configurations. 11 | 12 | ## Virtual Machines vs. Virtual Machine Scale Sets 13 | 14 | | Functionality | Scale set | VM | 15 | | ------------- | :-----------: | :---: | 16 | | Azure Autocale | 👍 | 👎 | 17 | | Availability zones | 👍 | 👍 | 18 | | Reimaging | 👍 | 👎 | 19 | | Overprovisioning | 👍 Automatically increase reliability and faster deployment | 👎 Custom code is required | 20 | | Upgrade policy | 👍 Can upgrade all VMs in scale | 👎 Must be orchestrated | 21 | | Attach data disks | 👍 Applies to all instances in data sets | 👍 | 22 | | Attach non-empty data disks | 👎 | 👍 | 23 | | Snapshot | 👎 | 👍 | 24 | | Capture image | 👎 | 👍 | 25 | | Migrate to use managed disks | 👎 | 👍 | 26 | | Assign public IP addresses | 👎 Requires load balancer | 👍 Possible on NIC | 27 | 28 | ## Connecting to a VM Scale Set instance VM 29 | 30 | - Done by accessing Load balancer inbound NAT rules and using the correct IP address and custom port. 31 | - You can see & set it in Load Balancer -> Inbound NAT Rules. 32 | 33 | ## Continuous Delivery in VMSS 34 | 35 | - By default, the pipeline builds code, and updates VM scale set with the latest version of your application. 36 | - Can be done by two ways: 37 | 1. **Immutable Deployment** 38 | - Create a custom image that already contains the OS and application in a single VHD. 39 | - **Advantages** 40 | - Predictability 41 | - Any new versions of the application can be tested on a similar VM Scale set and then deployed directly into the production instances without any downtime. 42 | - Easy to scale 43 | - Easy to roll-back 44 | - Faster to scale (no code to install on each VM as it is deployed) 45 | - Can use toolset from Visual Studio Team Services 46 | 2. Use of VM extensions to install software to each instance at deployment time. 47 | - Customs script VM extension to install/update your application on VM scale set 48 | 49 | ## Large VM Scale Sets 50 | 51 | - ❗ Scale sets created from Azure Marketplace images can scale up to 1,000 VMs. 52 | - ❗ Scale sets created from custom images can scale up to 300 VMs. 53 | - Layer-7 load balancing with the Azure Application Gateway is supported for all scale sets. 54 | - Scale sets are defined with a single subnet: 55 | - 💡 Ensure subnet is large enough to handle all potential VM instances. 56 | 57 | ### Large scale set: can scale beyond 1000 VMs 58 | 59 | - Requires `singlePlacementGroup = false` property setting. 60 | - Layer-4 load balancing with scale sets composed of multiple placement groups requires Azure Load Balancer Standard SKU. 61 | - [**Fault Domains** and **Update Domains**](./5.2.%20VM%20Availability%20(SLA,%20Availability%20Sets,%20Availability%20Zones).md#update-and-fault-domains) relate to a single placement group, to maintain high availability ensure there are at least two VM instances in each Fault Domain and Update Domain. 62 | - ❗Large scale sets require Azure Managed Disks. 63 | - Ensure your compute limits are high enough, the requirement for compute cores will prevent a successful deployment if not. 64 | -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/1.1. Benefits of Cloud Computing.md: -------------------------------------------------------------------------------- 1 | # Benefits of Cloud Computing 2 | 3 | - Not an all-or-nothing service 4 | - You can gradually move to cloud, called also ***lift and shift*** 5 | - You're able to spend more time on what matters and less time managing the underlying details. 6 | 7 | ## Cost effective 8 | 9 | - Provides **pay-as-you-go** or **consumption-based** pricing model. 10 | - No upfront infrastructure costs 11 | - No need to purchase and manage costly infrastructure/hardware that you may not use to its fullest 12 | - The ability to pay for additional resources only when they are needed 13 | - The ability to stop paying for resources that are no longer needed 14 | - Enables better cost predictions using pricing of individual resources/services. 15 | - You can analyze future growth using historical data. 16 | 17 | ## Scalable 18 | 19 | - Increase or decrease the resources and services used based on the demand or workload at any given time 20 | - Cloud computing supports both: 21 | - **Horizontal scaling** 22 | - Scaling "out" 23 | - Adding more servers that function together as one unit 24 | - **Vertical scaling** 25 | - Scaling "up" 26 | - Adding resources to increase the power of an existing server 27 | - e.g.Add more CPUs, or add more memory 28 | - Scaling can be done manually or automatically based on e.g. 29 | - specific triggers such as CPU utilization 30 | 31 | ## Elastic 32 | 33 | - Cloud computing system can automatically add & remove resources to meet the current demand. 34 | - E.g. 35 | - Add resources for the peak operating hours during which most people access the application 36 | - Only pay for increased resources during those hours 37 | - Remove the resources when the traffic normalizes 38 | - Do not pay anymore 39 | 40 | ## Current 41 | 42 | - Eliminates the burdens of maintaining software patches, hardware setup, upgrades, and other IT management tasks 43 | - automatically done 44 | - The computer hardware is maintained and upgraded by the cloud provider 45 | - e.g. if a disk fails it'll be replaced by the cloud provider 46 | 47 | ## Reliable 48 | 49 | - Cloud provider offers data backup, disaster recovery, and data replication services 50 | - Redundancy is often built into cloud services architecture 51 | - so if one component fails, a backup component takes its place 52 | - this is referred to as **fault tolerance** and it ensures that your customers aren't impacted when a disaster occurs. 53 | 54 | ## Global 55 | 56 | - Fully redundant datacenters located in various regions all over the globe. 57 | - Enables local presence close to your customers to give them the best response time 58 | - Replicate your services into multiple regions for redundancy and locality 59 | - Select a specific region to ensure you meet data-residency and compliance laws for your customers. 60 | 61 | ## Secure 62 | 63 | - You have: 64 | - **Physical security** 65 | - Who can access the building, who can operate the server racks, and so on 66 | - Walls, cameras, gates, security personnel, employees have access only to those resources that they've been authorized to manage. 67 | - **Digital security** 68 | - Who can connect to your systems and data over the network. 69 | - E.g. only authorized users to be able to log into virtual machines or storage systems running in the cloud 70 | - Have tools to mitigate security threats that you can use. 71 | - Broad set of policies, technologies, controls, and expert technical skills 72 | - can provide better security than most organizations can otherwise achieve 73 | -------------------------------------------------------------------------------- /AZ-104 Microsoft Azure Administrator/5.3 Compute - Virtual machines (VMs) - VM Scale Sets (VMMS).md: -------------------------------------------------------------------------------- 1 | # VM Scale Sets (VMSS) 2 | 3 | - Group that holds identically configured VMs 4 | - Used for 5 | - Need to create and manage multiple VMs 6 | - Centrally create and manage multple VMs (Windows Server or Linux) 7 | - Need for high availability and app resiliency 8 | - Horizontal scaling, scaling up and down based on spikes 9 | - Need for large (1000) scale 10 | - E.g. Azure Batch uses scale sets under the hood 11 | - Need for IaaS autoscale 12 | - Scale out and in based on metrics based autoscale 13 | 14 | ## PaaS Scaling vs IaaS Scaling 15 | 16 | - Azure App Service 17 | - High agility at the expense of administrative power 18 | - The underlying Hyper-V Vms are almost totally abstracted from you 19 | - Easy manual, scheduled, or automatic scale out and scale back 20 | - Virtual Machine Scale Set (VMSS) 21 | - Maximum administrative power at the expense of agility 22 | - VMSS represents Azure's approach to IaaS horizontal scaling 23 | 24 | ## Deploying a VM Scale Set 25 | 26 | - Create virtual machine scale set 27 | - Availability zone 28 | - Scale scale sets across one and more availability zones 29 | - ❗ All regions do not support availability zone 30 | - Instance count & instance set 31 | - Low priority 32 | - Take advantage of unutilized capacity 33 | - Compute power that customers/Microsoft is not using 34 | - Save costs 35 | - Good for workloads that can handle interruption 36 | - Stateless workloads 37 | - VMs in the scale set may be evicted at any time 38 | - You set eviction policy: 39 | - Stop / Deallocate 40 | - Delete 41 | - Use manage/unmanaged disks 42 | - ❗ Managed disks are not supported with availability zones 43 | - Networking 44 | - Application Gateway 45 | - 💡 Useful if your scale sets are web servers 46 | - ❗ Do not support RDP 47 | - Load Balancer 48 | - Supports RDP 49 | - You set public IP address name and domain name label (`domain-name.region.cloudapp.azure.com`) 50 | - You can also use ARM template e.g. *Deploy a Windows VM Scale Set with a Custom Script Extension* that deploys VMs, load balancer and a powershell script to be executed after deployment. 51 | 52 | ## Connecting to VMs 53 | 54 | - In portal: Choose VM → Settings → Instances you can see all the instances 55 | - To connect to individual instances you need load balancer and NAT (network address translation) 56 | - You can't RDP/SSH into individual instances directly 57 | - You can connect to load balancer IPs 58 | - In portal: Load Balancer → Inbound NAT rules 59 | - NAT maps different VMs on different ports. 60 | 61 | ## Configuring Autoscale 62 | 63 | - ***Manual***: Through Portal/SDK/CLI/PowerShell 64 | - Autoscale 65 | - ***Scheduled***: If you know when the load will be high you can plan for that and scale with time triggers 66 | - ***Metrics***: Use various metrics from various sources to determine when to scale in/out 67 | - Manage in VMSS → Scaling → 68 | - Enable auto-scaling 69 | - Select scale-mode 70 | - **Scale based on metric** 71 | - Add rule 72 | - E.g. increase instance count by 1 when CPU percentage above 70% 73 | - 💡 You should also create scale mode that bring down the scale count 74 | - Properties 75 | - Duration: Good to not be confused when scaling out/in, so set a duration to e.g. 10 minutes 76 | - Cooldown: Waits after scale operation before new scale operation 77 | - **Scale to specific instance count** 78 | - Time-based scaling 79 | - Set start and end date 80 | -------------------------------------------------------------------------------- /AZ-400 Microsoft Azure DevOps Solutions/6.1. Azure Artifacts.md: -------------------------------------------------------------------------------- 1 | # Azure Artifacts 2 | 3 | - Service that allows you to organize and control access to packages 4 | - **Upstream sources** 5 | - Stores your produced packages and proxies & caches packages form remote feeds 6 | - Remote feeds can be one of the official public sources or a private source. 7 | - **Package Graph** 8 | - Ensure that any dependencies of your package are also available in your feed 9 | - You can 10 | - republish them directly (not recommended) 11 | - or consume them from an upstream source. 12 | - ❗ Packages are immutable: You cannot replace / update existing version. 13 | - [Permissions](https://docs.microsoft.com/en-us/azure/devops/artifacts/feeds/feed-permissions?view=azure-devops#feed-permissions-overview) 14 | 15 | | Permission | Reader | Collaborator | Contributor | Owner | 16 | | ---------- |:------:|:------------:|:-----------:|:------:| 17 | | List and restore/install packages | ✓ | ✓ | ✓ | ✓ | 18 | | Save packages from upstream sources | | ✓ | ✓ | ✓ | 19 | | Push packages | | | ✓ | ✓ | 20 | | Unlist/deprecate packages | | | ✓ | ✓ | 21 | | Delete/unpublish package | | | | ✓ | 22 | | Edit feed permissions | | | | ✓ | 23 | 24 | ## Feeds 25 | 26 | - Developers download & use packages from feeds itself 27 | - You can create multiple feeds 28 | - Each feed can have its own set of packages 29 | - **Public feeds** (project-scoped) 30 | - If the project is private, the feed will be private; 31 | - If the project is public, the feed will be public e.g. accessible by everyone on internet. 32 | - **Private feeds** (organization-scoped or project-scoped) 33 | - Can be accessed by whole organization or specific selected people in the organization. 34 | - Consumers need Personal Access Token with read access to packaging to download packages. 35 | - Feeds can proxy public sources such as NuGet, npm, Maven and Python. 36 | - You need to create Personal Access Token with write access to packaging to push packages. 37 | - **Feed permissions**: Levels of access: *Owners*, *Contributors*, *Collaborators*, and *Readers*. 38 | 39 | ### Feed views 40 | 41 | - Default: `@local`, `@prerelease`, `@release`, you can add more & delete (except `@local`) 42 | - The default URI of the feed points to `@local` that contains: 43 | - all packages published directly to the feed e.g. by `npm publish` 44 | - packages saved from upstream resources 45 | - You can promote packages to them 46 | - They get URL like `...feed@view/nuget/...` 47 | 48 | ## Best practices 49 | 50 | - **Creating packages as part of a build** 51 | - Each repository should only reference one feed 52 | - On package creation, automatically publish packages back to the feed. 53 | - Enable retention policies to automatically cleanup old package versions 54 | - Promote your package to the correct view (have good quality in `@release` view) 55 | - If external teams are consuming your package, ensure that your `@release` view and `@prerelease` view are visible across the organization and/or organization 56 | - **Consuming packages from public and internal sources as part of a build** 57 | - Each repository should have a unique feed 58 | - Configure upstream sources for public and internal sources 59 | - Sources not in your organization but in the same AAD tenant should be added using the feed locator 60 | - Ensure that the order of the sources matches your desired package resolution order 61 | - The feed will check each upstream in order, returning the package from the first source that has it. 62 | - To avoid confusion, place any public upstreams FIRST in your resolution order 63 | -------------------------------------------------------------------------------- /AZ-900 Microsoft Azure Fundamentals/1.4. Cloud Compliance.md: -------------------------------------------------------------------------------- 1 | # Cloud Compliance 2 | 3 | - Provider can help you comply with regulations and standards 4 | - Think about: 5 | - How compliant is the cloud provider when it comes to handling sensitive data? 6 | - How compliant are the services offered by the cloud provider? 7 | - How can I deploy my own cloud-based solutions to scenarios that have accreditation or compliance requirements? 8 | - What terms are part of the privacy statement for the provider? 9 | 10 | ## Some compliance offerings 11 | 12 | ### CJIS 13 | 14 | - CJIS = Criminal Justice Information Services 15 | - Any US state or local agency that wants to access the FBI's CJIS database is required to adhere to the CJIS Security Policy 16 | - Microsoft Azure adheres to the same requirements that law enforcement and public safety entities must meet. 17 | 18 | ### CSA STAR Certification 19 | 20 | - CSA = Cloud Security Alliance 21 | - Independent third-party assessment of a cloud provider's security posture 22 | - Ensures: 23 | - ISO/IEC 27001 certification is achieved 24 | - Criteria specified in the Cloud Controls Matrix (CCM) are met 25 | - Also assesed against the STAR Capability Maturity Model for the management of activities in CCM control areas. 26 | 27 | ### GDPR 28 | 29 | - 📝 GDPR = General Data Protection Regulation, european privacy law 30 | - Imposes rules for collecting & analyzing data tied to EU residents. 31 | - The GDPR applies no matter where you are located. 32 | 33 | ### EU Model Clauses 34 | 35 | - EU Standard Contractual Clauses 36 | - Guarantees around transfers of personal data outside of the EU. 37 | - Ensures customers can use cloud service to move data freely through cloud from Europe to the rest of the world. 38 | 39 | ### HIPAA 40 | 41 | - HIPAA = Health Insurance Portability and Accountability Act 42 | - US federal law that regulates patient Protected Health Information (PHI) 43 | - HIPAA Business Associate Agreement (BAA) 44 | - Adheres o certain security and privacy provisions in HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act. 45 | - Azure offers BAA as contract addendum to assist customers individual compliance. 46 | 47 | ### ISO/IEC 27018 48 | 49 | - 📝 ISO/IEC 27018 = International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) 27018 50 | - Covers the processing of personal information by cloud service providers 51 | 52 | ### MTCS Singapore 53 | 54 | - MTCS = Multi-Tier Cloud Security (MTCS) Singapore 55 | - MTCS 584:2013 asses for IaaS & PaaS & SaaS service classifications. 56 | 57 | ### SOC 1, 2, and 3 58 | 59 | - SOC = Service Organization Controls 60 | - Cloud services audited at least annually against the SOC report framework by independent third-party auditors. 61 | - Audit covers controls for data security, availability, processing integrity, and confidentiality 62 | - as applicable to in-scope trust principles for each service. 63 | 64 | ### NIST CSF 65 | 66 | - 📝 NIST CSF = National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 67 | - NIST is agency of United States Department of Commerce. 68 | - Voluntary framework that defines security guidelines, and best practices to manage cybersecurity-related risks. 69 | - Azure have undergone independent, third-party Federal Risk and Authorization Management Program (FedRAMP) Moderate and High Baseline audits & is certified 70 | - Also validated by the Health Information Trust Alliance (HITRUST) 71 | - a leading security and privacy standards development and accreditation organization 72 | 73 | ### UK Government G-Cloud 74 | 75 | - Cloud computing certification for services used by government entities in UK. 76 | - Azure has received official accreditation from the UK Government Pan Government Accreditor. 77 | -------------------------------------------------------------------------------- /AZ-304 Microsoft Azure Architect Design/2.1. SaaS services in Azure - Cognitive Services.md: -------------------------------------------------------------------------------- 1 | # Cognitive Services 2 | 3 | - Set of APIs, SDKs and services available to developers to make their applications more intelligent, engaging and discoverable. 4 | - Expands on Microsofts machine learning APIs and enables developers to easily add intelligent features *– such as emotion and video detection; facial, speech and vision recognition; and speech and language understanding –* into their applications. 5 | - E.g. 6 | - ***Agent***: Cortana 7 | - ***Applications***: Microsoft 365, Dynamics 365, SwiftKey, Pix, Customer Service and Support 8 | - ***Services***: Bot Framework, Cognitive Services, Cortana Intelligence, Cognitive Toolkit 9 | - ***Infrastructure***: Azure Machine Learning, Azure N Series, FPGA 10 | 11 | ## Bing APIs 12 | 13 | - **Bing Web Search** 14 | - Similar to `Bing.com/search` 15 | - The results include Web pages and may also include images, videos, and more. 16 | - **Bing Image Search** 17 | - Similar to `Bing.com/images` 18 | - Returns images 19 | - **Bing Autosuggest** 20 | - Lets you send a partial search query term to Bing and get back a list of suggested queries that other users have searched on. 21 | 22 | ## LUIS 23 | 24 | - **Intent detection**: Receive user input in natural language and extract meaning from it. 25 | - You can start with a prebuilt domain model, build your own domain specific model, or blend pieces of a prebuilt domain with your own custom information 26 | - Once the intentions are identified (e.g. *Book Flight* or *Contact Help Desk*), you supply example phrases called utterances for the intents. Then you label the utterances with any specific details you want LUIS to pull out of the utterance. 27 | - **Flow** : Create your own LU model => Train by providing examples => Deploy to an HTTP endpoint and activate on any device => Maintain model 28 | 29 | ### Intents 30 | 31 | - Purpose or goal expressed in a user's input. 32 | - E.g. booking a flight, paying a bill, or finding a news article. 33 | - You define and name intents that correspond to these actions. 34 | 35 | ### Utterances 36 | 37 | - An utterance is text input from the user that your app needs to understand. 38 | - E.g. "Book a ticket to Paris", or a fragment of a sentence, like "Booking" or "Paris flight." 39 | - 💡 Utterances aren't always well-formed, and there can be many utterance variations for a particular intent. 40 | 41 | ### Entities 42 | 43 | - An entity represents detailed information that is relevant in the utterance. 44 | - E.g. in the utterance *"Book a ticket to Paris."*, "Paris" is a location. 45 | - By recognizing and labeling the entities that are mentioned in the user's utterance, LUIS helps you choose the specific action to take to answer a user's request. 46 | 47 | ## Cognitive APIs 48 | 49 | - **Text Analytics API**: Natural language processing over raw text. 50 | - Sentiment analysis 51 | - Key phrase extraction 52 | - Language detection 53 | - **Speaker Recognition API**: algorithms for speaker verification and speaker identification. 54 | - **Content Moderator API**: tracks, flags, assesses, and filters out offensive and unwanted content that creates risk for applications. 55 | - **Face API** 56 | - Face verification, finding similar faces, face grouping, and person identification. 57 | - Image can be specified by file in bytes or valid URL. 58 | - The API returns a face rectangle (left, top, width and height) indicating the face location in the image is returned along with each detected face. 59 | - Optionally, face detection extracts a series of face related attributes such as pose, gender, age, head pose, facial hair and glasses. 60 | - Face recognition is widely used in many scenarios including security, natural user interface, image content analysis and management, mobile apps, and robotics. 61 | -------------------------------------------------------------------------------- /AZ-104 Microsoft Azure Administrator/5.1. Compute - Virtual machines (VMs) - High Availability.md: -------------------------------------------------------------------------------- 1 | # High Availability 2 | 3 | - High Availability = Redundancy 4 | - Layers of availability 5 | 1. Hardware-level availability 6 | - Handled by Azure 7 | 2. Server-level availability 8 | - **Availability Sets** 9 | - Ensures 99.95% SLA for VMs in availability set 10 | - Provides server level fault tolerance within a single data center within a single region. 11 | - Availability sets are containers/racks that's called Fault Domains. 12 | - 2 VMs in same Availability Sets = Azure places those in different availability sets. 13 | - Update domains are different domains in different availability sets (fault Domains) and your VMs are set in different update domains as well. 14 | - Protects availability against VM shutdowns because of update failures / hardware shutdowns. 15 | - ❗ Must assign availability set at VM deployment 16 | - ❗ Scaling (resizing) requires stopping all VMs in the availability set. 17 | - For single VM not in availability set you have 99.9% availability if you use premium storage. 18 | 3. Datacenter-level 19 | - **Availability Zones** 20 | - Allows you to place redundant VMs in different regions. 21 | - Provides data center level tolerance. 22 | - Load balancers are availability zone aware on standard SKU 23 | - ❗ You have to use managed disks 24 | 4. Region-level 25 | - You need recovery service vault (storage for back-ups/replications) 26 | - **VM backup** 27 | - Ad-hoc or scheduled 28 | - Includes all disks and configurations 29 | - **Azure Site Recovery** 30 | - **Failover recovery** 31 | - 15 minute RPO (recovery point objective) 32 | - **Azure-to-Azure (A2A) ASR Architecture** 33 | - Directly available in VM blade 34 | - All storage data, VMs, disks (managed and unmanaged), subnets etc. 35 | - Prepared and ready to go in another region. 36 | - In sync 37 | - ❗ May require configuration with IP addresses 38 | - You can failover to it and/or failback 39 | - Configure in VM blade -> Disaster recovery 40 | - Allows you to configure disaster recovery for single VM 41 | - For workloads including multiple VMs you should configure it directly from Site Recovery 42 | - You can choose to automate what happens using Automation runbooks. 43 | - You can then view recovery status in same blade 44 | - Replication health 45 | - Recovery points 46 | - Crash-consistent: 47 | - Least preferable 48 | - As if VM is replicate while it was powered off, no guarantees 49 | - App-consistent 50 | - Preferable point to recover 51 | - Data and OS back 52 | - Commit -> Finalizes the failover 53 | - Re-protected -> Creates new recovery environment from old recovery environment (which becomes source environment) 54 | - **Migration to Azure** 55 | - On-premises to Azure 56 | - AWS to Azure 57 | 58 | ## Azure Advisor 59 | 60 | - Gives recommendation regarding high availability 61 | - E.g.: 62 | - Add more virtual machines for improved fault tolerance *(medium impact)* 63 | - Enable VM backup to protect your data from corruption and accidental deletion *(medium impact)* 64 | - Create an Azure service health alert *(low impact)* 65 | 66 | ## VM Events 67 | 68 | - Planned maintenance events 69 | - Unexpected downtime events 70 | - Notification 71 | - In Azure support webpage, status webpage, twitter account 72 | - Administrators get e-mail notifications 73 | -------------------------------------------------------------------------------- /AZ-303 Microsoft Azure Architect Technologies/2.5.1. Virtual Networks - Virtual Network Connectivity.md: -------------------------------------------------------------------------------- 1 | # Virtual Network Connectivity 2 | 3 | ## Communicate between Azure resources 4 | 5 | - ***Through virtual network service endpoints*** 6 | - Endpoints allow you to secure your critical Azure service resources to only your virtual networks. 7 | - Available for: • Azure Storage • Azure SQL • PostgreSQL • MySQL • Cosmos DB • Key Vault • Service Bus • Event Hubs 8 | - ***Through a virtual network*** 9 | - Some resources can be deployed directly to a virtual network. 10 | - E.g. Redis, Azure Kubernetes Service, App Service Environment... 11 | 12 | ## Communicate with on-premises resources or intersite connectivity 13 | 14 | ### VPN Gateway Connections 15 | 16 | - Gateway to gateway connections. 17 | - Requires shared key that both parts know. 18 | - Azure VPN gateways provide secure tunnel using IPSec/IKE. 19 | - You can see & verify established connections in VNet → Gateway → Connections blade as "Status: Connected" 20 | 21 | #### VNet <=> VNet 22 | 23 | - Works across regions, subscriptions, deployment models, cloud/on-prem. 24 | - 💡 Use one VNet as gateway and peer other ones on Azure. Gateways on every VNet is costly & slow! 25 | - On Azure the connection does not go over the internet. 26 | - Deploy Gateway on each VNet. 27 | - Set-up connection in VNet1 gateway to VNet2 28 | - Set-up connection in VNet2 gateway to VNet1 29 | 30 | ##### Site-to-site (S2S) 31 | 32 | - If one VNet is on-prem it's called **Site-to-site (S2S)** 33 | - On-premises VPN device <=> Azure VPN Gateway 34 | - The local gateway is configured manually 35 | - Problem: All users download VPN client to connect Azure. 36 | - Easier: Have a hardware device as jumpbox and use it as gateway through secure ip tunneling. 37 | - Even easier: ExpressRoute. 38 | 39 | #### VNet <=> Device (with VPN Gateway) 40 | 41 | - Or **Point-to-site virtual private network** (VPN) 42 | - Configure => 43 | - IP address space for clients. 44 | - Configure virtual gateway 45 | - Create root and client certificates & upload to azure 46 | - Install VPN client configuration created by Azure 47 | - Connect to VPN 48 | 49 | #### Azure ExpressRoute 50 | 51 | - Private connection that does not go over the internet. 52 | - BDP is the only routing way. 53 | - Reliable => Circuits consist of two connection to Microsoft Enterprise Edge. 54 | - Facilitated by a connectivity provider (e.g. Telia, Tele2) 55 | 56 | ### Virtual Network peering 57 | 58 | - The virtual networks you connect are across subscriptions and regions. 59 | - All traffic is routed over Azure internal networks, handled by Azure infrastructure. 60 | - Faster & easer to setup than VPN 61 | - No public IP required 62 | - No downtime when creating/configuring peering. 63 | - Regional network peering => In same VNet 64 | - Global network peering => Cross region VNets (in preview) 65 | - Requirements: 66 | - Public clouds (not Azure national clouds) 67 | - Resources in one VNet cannot communicate with load balancer in the peered VNet. Load balancer and resources that communicate with it must be in same VNet. 68 | - ❗ Limitations: 69 | - Not transitive. 70 | - E.g.: VNet1<=>VNet2 and VNet2<=>VNet3 does not mean VNet1<=>VNet3 71 | - No overlapping address spaces 72 | - Any address space changing => Destroy peering re-deploy 73 | 74 | #### Virtual Network peering settings 75 | 76 | - **Allow forwarded traffic** 77 | - Allows traffic not originated from within peer VNet to VNet. 78 | - **Allow gateway transit** 79 | - Peer VNet uses your network gateway. 80 | - Allows you to have single gateway, instead of gateway per VNet (called hub-spoke topology) 81 | - Examples: 82 | - Site-to-site VPN <=> On-prem network 83 | - VNet-to-VNet <=> Another VNet 84 | - Point-to-site VPN <=> Connect client 85 | - **Use remote gateways** 86 | - Uses peer's virtual gateway. 87 | -------------------------------------------------------------------------------- /AZ-304 Microsoft Azure Architect Design/4.3. Migration strategies.md: -------------------------------------------------------------------------------- 1 | # Migration strategies 2 | 3 | ## On-premises lift and shift 4 | 5 | - Benefits of pay as you go computing 6 | - No need to rewrite application code to fit a cloud application pattern. 7 | 8 | ### Cloud Maturity 9 | 10 | 1. **On-premises** monolithic architecture 11 | 2. **Lift and shift**: No re-architect, no code changes 12 | - Cloud infrastructure-ready monolithic architecture 13 | - Cloud DevOps ready monolithic architecture 14 | 3. **Architected for the cloud**, might require new code 15 | - Cloud optimized full PaaS & cloud-native with monolithic and microservices architectures. 16 | 17 | ### Azure Migrate services 18 | 19 | - Discovery and assessment tool 20 | - Assesses suitability for migration and ensures that sizing is correct for the performance of the VM 21 | - Estimates of the cost of running an VM in Azure 22 | - Visualize dependencies of a specific VM or for all VMs in a group 23 | - ❗ Limitations 24 | - Provides assessment for only VMWare VMs 25 | - If you want to assess Hyper-VMs and physical servers, use the **Azure Site Recovery Deployment Planner** for Hyper-V, and our partner tools for physical machines. 26 | - Only supports managed disks for migration assessment. 27 | - All regions are not supported 28 | 29 | ## Classic (Azure Service Manager) migration to ARM 30 | 31 | - From Azure Service Manager (ASM) model to Azure Resource Manager (ARM) deployment. 32 | - Supported services: • Virtual Machines • Availability Sets • Cloud Services • Storage Accounts • Virtual Networks • VPN Gateways • Express Route gateways • Network Security Groups • Route Tables • Reserved IPs 33 | 34 | ## Cloud to Platform-as-a-Service (PaaS) 35 | 36 | - From cloud services to a PaaS solution 37 | - Necessary to consider the difference between VMs, workloads, and applications in each model. 38 | 39 | ### Azure Cloud Services 40 | 41 | - Platform as a service (PaaS) in Classic Model (not ARM) 42 | - A cloud service deploys applications as VMs; code is connected to a VM instance which might be a Web role or a worker role 43 | - **Web role**: Automatically deploys and hosts your app through IIS. 44 | - **Worker role**: Does not use IIS, and runs your app standalone 45 | 46 | #### Scaling and management 47 | 48 | - To scale the application, more VMs are deployed. 49 | - You don't create virtual machines. Instead, you provide a XML configuration file that tells Azure how many of each you'd like, such as "three web role instances" and "two worker role instances." 50 | - You still choose what size those backing VMs should be. 51 | 52 | #### The deployment package 53 | 54 | - Contains the **web role** and **worker role** definition 55 | - Specifies the instance count for each role; an instance is a VM hosting that role. 56 | 57 | #### Migrating a cloud service Service Fabric 58 | 59 | - Cloud Services with **Worker Role**s can be migrated to Service Fabric Cluster with Stateless Service 60 | - Migrating a cloud service to Service Fabric switches to deploying applications to VMs that are already running Service Fabric either on Windows or Linux. 61 | - The applications or services that are deployed are entirely unrelated to the VM infrastructure. 62 | - The service fabric application platform hides the VM layer from the application. 63 | 64 | ##### Handling dependencies 65 | 66 | - A cloud service application will typically have external dependencies. 67 | - E.g. services that manage the data and state of an application and the method of communicating between web and worker roles. 68 | - Such as Azure Redis, Storage Queue, Service Bus. 69 | - A Service fabric application can also rely on the same external service dependencies. 70 | - The quickest and easiest way to migrate a Cloud Service application to service fabric: 71 | - Convert the Web roles and worker roles to stateless services whilst keeping the architecture the same. 72 | - If the aim is to remove the external dependencies and take full advantage of the ability to unify deployment, management and upgrade models, then state-full services would be required which will mean full code and application rewrites. 73 | --------------------------------------------------------------------------------