2. What is Cloud Computing?
Cloud computing is the on-demand delivery of compute power, database
storage, applications, and other IT resources through a cloud services
platform via the internet with pay-as-you-go pricing.
3. Since 2000, cloud computing has come into existence.
In August 2006, Amazon introduced its Elastic Compute Cloud.
In April 2008, Google released Google App Engine in beta.
In early 2008, NASA's OpenNebula, enhanced in the RESERVOIR European Commission-funded
project, became the first open-source software for deploying private and hybrid clouds, and for
the federation of clouds.
In February 2010, Microsoft released Microsoft Azure, which was announced in October 2008.
On March 1, 2011, IBM announced the IBM SmartCloud framework to support Smarter Planet.
On June 7, 2012, Oracle announced the Oracle Cloud.
History of Cloud Computing
4. Why use cloud computing?
• Reduce capex costs and improve the predictability of on-going operating expenses
• Enable your employees to work from anywhere
• Manipulate and configure the application online at any time.
Benefits
Applications as
utilities over internet
Manipulate &
configure apps online
No Software
Required
Online development
& deployment tools
High efficiency,
reliability & flexibility
Cost Effective
On-demand self
service Resources available
on Network
5. Cloud computing services delivered over the internet
Did you know?
There are many ways
that you may come
across cloud computing
in everyday life, without
realizing it.
560,000,000 user
accounts
2,000,000,000 videos
Viewed daily
360,000,000
Hotmail accounts
150,000,000
Gmail addresses
6. Models of Cloud
Cloud computing is typically classified in two models:
1. Service Models
2. Deployment Models
7. Public cloud:
In Public cloud the computing infrastructure is hosted by the cloud
vendor. The customer has no visibility and control over where the computing
infrastructure is hosted. The computing infrastructure is shared between any
organizations.
Private cloud:
The computing infrastructure is dedicated to a particular organization
and not shared with other organizations. Some experts consider that private
clouds are not real examples of cloud computing. Private clouds are more
expensive and more secure when compared to public clouds. Private clouds
are of two types: On-premise private clouds and externally hosted private
clouds.
Deployment Models
Cloud computing is typically classified in the following four deployment
models:
8. Deployment Models (Cont…)
Hybrid cloud:
Organizations may host critical applications on private clouds and
applications with relatively less security concerns on the public cloud. The usage
of both private and public clouds together is called hybrid cloud. A related term is
Cloud Bursting. In Cloud bursting organization use their own computing
infrastructure for normal usage, but access the cloud using services
like Salesforce cloud computing for high/peak load requirements. This ensures
that a sudden increase in computing requirement is handled gracefully.
Community cloud:
Involves sharing of computing infrastructure in between organizations of
the same community. For example all Government organizations within the state
of California may share computing infrastructure on the cloud to manage data
related to citizens residing in California.
9. Service Models
• Infrastructure as a service (IaaS): involves offering hardware
related services using the principles of cloud computing.
These could include some kind of storage services (database
or disk storage) or virtual servers. Leading vendors that
provide Infrastructure as a service are Amazon EC2, Amazon
S3, Rackspace Cloud Servers and Flexi scale.
• Platform as a Service (PaaS ): involves offering a development
platform on the cloud. Platforms provided by different
vendors are typically not compatible. Typical players in PaaS
are Google Application Engine, Microsoft Azure,
salesforce.com force.com.
10. Software as a service (SaaS): includes a
complete software offering on the cloud. Users
can access a software application hosted by
the cloud vendor on pay-per-use basis. This is a
well-established sector. The pioneer in this
field has been Salesforce.com offering in the
online Customer Relationship Management
(CRM) space. Other examples are online email
providers like Google Gmail and
Microsoft Hotmail, Google docs and Microsoft
online version of office called BPOS (Business
Productivity Online Standard Suite).
Service Models (cont..)
13. Azure vs. AWS
Organizations all over the world recognize Microsoft Azure over Amazon Web
Services (AWS) as the most trusted cloud for enterprise and hybrid infrastructure.
Pay less with Azure
AWS is 5 times more expensive than Azure for Windows Server and SQL Server.
Get more value from your existing Microsoft investment
Extend your organization's existing knowledge and a consistent experience across
your on-premises and cloud technologies through full integration with Office 365
and Active Directory.
14. Only Azure offers these pricing advantages
• Savings through existing licenses
• Free extended security updates
More than 95 percent of Fortune 500 companies use
Azure
Business and organizations – small and large, old and
new – rely on Azure to provide
trusted cloud services.
Azure vs. AWS (Cont..)
15. Why Azure is the right choice
• Productive - Reduce marketing cycles by delivering features faster with
more than 100 end-to-end services.
• Hybrid - Develop and deploy where you want, with the only consistent
hybrid cloud on the market. Extend Azure on-premises with Azure Stack.
• Intelligent - Create intelligent apps using powerful data and artificial
intelligence services.
• Trusted - Join start-ups, governments, and 95 percent of Fortune 500
businesses who run on the Microsoft Cloud today.
16. Azure regions
• Azure has more global regions than any other cloud provider—offering the
scale needed to bring applications closer to users around the world,
preserving data residency, and offering comprehensive compliance and
resiliency options for customers.
• 60+ -regions worldwide & Available in 150+ countries
• Up to 1.6 Pbps of bandwidth in a region
• Region - A region is a set of datacentres deployed within a latency-defined
perimeter and connected through a dedicated regional low-latency network.
• With more global regions than any other cloud provider, Azure gives
customers the flexibility to deploy applications where they need to.
17. Azure regions
• Availability Zones - Availability Zones are physically separate locations
within an Azure region. Each Availability Zone is made up of one or more
datacentres equipped with independent power, cooling, and networking.
18. Azure Portal
Build, manage and monitor everything from simple web apps to complex cloud applications in a single,
unified console
• View one portal, manage all your apps
• Personalise your experience
• Use fine-grained access control
• Combine services to create amazingly powerful applications
https://portal.azure.com
19. Azure Cloud Shell
Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure
resources. It provides the flexibility of choosing the shell experience that best suits the way you work,
either Bash or PowerShell.
Cloud Shell enables access to a browser-based command-line experience built with Azure management
tasks in mind. Leverage Cloud Shell to work untethered from a local machine in a way only the cloud
can provide.
20. Azure PowerShell
Azure PowerShell is basically an extension of Windows PowerShell. It lets Windows PowerShell users
control Azure’s robust functionality. From the command line, Azure PowerShell programmers use preset
scripts called cmdlets to perform complex tasks like provisioning virtual machines (VMs) or creating
cloud services.
To use Azure PowerShell, users first need to install the system
21. Azure Command-Line Interface (CLI)
The Azure command-line interface (Azure CLI) is a set of commands used to create and manage Azure
resources. The Azure CLI is available across Azure services and is designed to get you working quickly
with Azure, with an emphasis on automation.
The Azure CLI is available to install in Windows, macOS and Linux environments. It can also be run in a
Docker container and Azure Cloud Shell.
For Windows:
https://aka.ms/installazurecliwindows
22. Azure Resource Manager
Azure Resource Manager is the deployment and management service for Azure. It provides a
management layer that enables you to create, update, and delete resources in your Azure account. You
use management features, like access control, locks, and tags, to secure and organize your resources
after deployment.
23. Benefits of using Resource Manager
• Manage your infrastructure through declarative templates rather than scripts.
• Deploy, manage, and monitor all the resources for your solution as a group, rather than handling these
resources individually.
• Redeploy your solution throughout the development lifecycle and have confidence your resources are
deployed in a consistent state.
• Define the dependencies between resources so they're deployed in the correct order.
• Apply access control to all services because Role-Based Access Control (RBAC) is natively integrated into
the management platform.
• Apply tags to resources to logically organize all the resources in your subscription.
• Clarify your organization's billing by viewing costs for a group of resources sharing the same tag.
24. Resource Manager
There are some important factors to consider when defining your resource group:
• All the resources in your group should share the same lifecycle. You deploy, update, and delete them together. If
one resource, such as a database server, needs to exist on a different deployment cycle it should be in another
resource group.
• Each resource can only exist in one resource group.
• Some resources can exist outside of a resource group. These resources are deployed to
the subscription, management group, or tenant. Only specific resource types are supported at these scopes.
• You can add or remove a resource to a resource group at any time.
• You can move a resource from one resource group to another group. For more information, see Move resources to
new resource group or subscription.
• A resource group can contain resources that are located in different regions.
• A resource group can be used to scope access control for administrative actions.
• A resource can interact with resources in other resource groups. This interaction is common when the two
resources are related but don't share the same lifecycle (for example, web apps connecting to a database).
25. Azure Resource Locks
As an administrator, you may need to lock a subscription, resource group, or resource to prevent
other users in your organization from accidentally deleting or modifying critical resources. You can
set the lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-
only respectively.
• CanNotDelete means authorized users can still read and modify a resource, but they can't delete
the resource.
• ReadOnly means authorized users can read a resource, but they can't delete or update the
resource. Applying this lock is similar to restricting all authorized users to the permissions granted
by the Reader role.
When you apply a lock at a parent scope, all resources within that scope inherit the same lock. Even
resources you add later inherit the lock from the parent. The most restrictive lock in the inheritance
takes precedence.
26. ARM Templates
• To implement infrastructure as code for your Azure solutions, use Azure Resource Manager
(ARM) templates.
• The template is a JavaScript Object Notation (JSON) file that defines the infrastructure and
configuration for your project.
• The template uses declarative syntax, which lets you state what you intend to deploy without
having to write the sequence of programming commands to create it.
• In the template, you specify the resources to deploy and the properties for those resources.
Quickstart Templates:
https://azure.microsoft.com/resources/templates
27. Virtual Machines Planning
• Start with the network
• Name of Virtual Machine
• Determine location for the Virtual Machine
• Determine size of the Virtual Machine
• Understand the pricing model
• Consider storage types for the Virtual Machine
• Choose Operating System
28. Virtual Machines Types
VM Types Sizes Purpose
General
Purpose
B, Dsv3, Dv3, DSv2, Dv2,
Av2, DC
Testing and development, small to medium databases and low to
medium traffic web server
Compute
Optimized
Fsv2, Fs, F
Medium Traffic web servers, network appliances, batch processes and
application servers
Memory
Optimized
ESv3, EV3, M, GS, G,
DSv2, Dv2
Relational Database servers, medium to large caches, in-memory
analytics
Storage
Optimized LSv2, Ls Ideal for VM’s running database
GPU
Nv, NVv2, NC, NCv2,
NCv3, ND, NDv2
(Preview)
Ideal for model training and inferencing with deep learning
High
Performance
Compute
H Fastest and more powerful CPU virtual machines with optional high-
throughput network interfaces
29. Virtual Machines Extensions
• Azure virtual machine (VM) extensions are small applications that provide post-deployment
configuration and automation tasks on Azure VMs.
• For example, if a virtual machine requires software installation, anti-virus protection, or to run a
script inside of it, a VM extension can be used. Azure VM extensions can be run with the Azure
CLI, PowerShell, Azure Resource Manager templates, and the Azure portal.
• Extensions can be bundled with a new VM deployment, or run against any existing system.
30. Azure Storage Services
• Azure Blobs: A massively scalable object store for text and binary data. Also includes support for
big data analytics through Data Lake Storage Gen2.
• Azure Files: Managed file shares for cloud or on-premises deployments.
• Azure Queues: A messaging store for reliable messaging between application components.
• Azure Tables: A NoSQL store for schemaless storage of structured data.
• Azure Disks: Block-level storage volumes for Azure VMs
31. Azure Storage Types (Performance Tier)
• Standard Storage (HDD)
• Premium (SSD)
• General-purpose v2 accounts: Basic storage account type for blobs, files, queues, and tables.
Recommended for most scenarios using Azure Storage.
• General-purpose v1 accounts: Legacy account type for blobs, files, queues, and tables. Use general-
purpose v2 accounts instead when possible.
• BlockBlobStorage accounts: Storage accounts with premium performance characteristics for block
blobs and append blobs. Recommended for scenarios with high transactions rates, or scenarios that
use smaller objects or require consistently low storage latency.
• FileStorage accounts: Files-only storage accounts with premium performance characteristics.
Recommended for enterprise or high performance scale applications.
• BlobStorage accounts: Legacy Blob-only storage accounts. Use general-purpose v2 accounts instead
when possible.
32. Redundancy
Redundancy options for a storage account include:
• Locally redundant storage (LRS): A simple, low-cost redundancy strategy. Data is copied
synchronously three times within the primary region.
• Zone-redundant storage (ZRS): Redundancy for scenarios requiring high availability. Data is
copied synchronously across three Azure availability zones in the primary region.
• Geo-redundant storage (GRS): Cross-regional redundancy to protect against regional outages.
Data is copied synchronously three times in the primary region, then copied asynchronously to
the secondary region. For read access to data in the secondary region, enable read-access geo-
redundant storage (RA-GRS).
• Geo-zone-redundant storage (GZRS) (preview): Redundancy for scenarios requiring both high
availability and maximum durability. Data is copied synchronously across three Azure availability
zones in the primary region, then copied asynchronously to the secondary region. For read access
to data in the secondary region, enable read-access geo-zone-redundant storage (RA-GZRS).
33. Azure Storage Explorer
Microsoft Azure Storage Explorer is a standalone app that makes it easy to work with Azure Storage
data on Windows, macOS, and Linux.
To download
https://azure.microsoft.com/en-us/features/storage-explorer/
34. Blob Storage
Azure Blob storage is Microsoft's object storage solution for the cloud. Blob storage is optimized for
storing massive amounts of unstructured data. Unstructured data is data that doesn't adhere to a
particular data model or definition, such as text or binary data.
Blob storage is designed for:
• Serving images or documents directly to a browser.
• Storing files for distributed access.
• Streaming video and audio.
• Writing to log files.
• Storing data for backup and restore, disaster recovery, and archiving.
• Storing data for analysis by an on-premises or Azure-hosted service.
35. Blob Containers
Blob storage offers three types of resources:
• The storage account
• A container in the storage account
• A blob in a container
A container organizes a set of blobs, similar to a directory in a file system. A storage account can
include an unlimited number of containers, and a container can store an unlimited number of blobs.
36. Blob Types
Azure Storage supports three types of blobs:
Block blobs store text and binary data, up to about 4.7 TB. Block blobs are made up of blocks of data
that can be managed individually.
Append blobs are made up of blocks like block blobs, but are optimized for append operations.
Append blobs are ideal for scenarios such as logging data from virtual machines.
Page blobs store random access files up to 8 TB in size. Page blobs store virtual hard drive (VHD) files
and serve as disks for Azure virtual machines.
37. Access Tiers of Blob Storage
The available access tiers are:
The Hot access tier. This tier is optimized for frequent access of objects in the storage account.
Accessing data in the hot tier is most cost-effective, while storage costs are higher. New storage
accounts are created in the hot tier by default.
The Cool access tier. This tier is optimized for storing large amounts of data that is infrequently
accessed and stored for at least 30 days. Storing data in the cool tier is more cost-effective, but
accessing that data may be more expensive than accessing data in the hot tier.
The Archive tier. This tier is available only for individual block blobs. The archive tier is optimized for
data that can tolerate several hours of retrieval latency and that will remain in the archive tier for at
least 180 days. The archive tier is the most cost-effective option for storing data. However, accessing
that data is more expensive than accessing data in the hot or cool tiers.
39. Azure Files
Azure Files offers fully managed file shares in the cloud that are accessible via the industry
standard Server Message Block (SMB) protocol. Azure file shares can be mounted concurrently by
cloud or on-premises deployments of Windows, Linux, and macOS. Additionally, Azure file shares
can be cached on Windows Servers with Azure File Sync for fast access near where the data is being
used.
Azure file shares can be used to:
• Replace or supplement on-premises file servers
• "Lift and shift" applications
• Simplify cloud development
• Fully managed
• Shared access
40. Azure Virtual Network
Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure.
VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely
communicate with each other, the internet, and on-premises networks. VNet is similar to a
traditional network that you'd operate in your own data center, but brings with it additional benefits
of Azure's infrastructure such as scale, availability, and isolation.
VNet concepts
• Address space
• Subnets
• Regions
• Subscription
41. IP Address Types in Azure
You can assign IP addresses to Azure resources to communicate with other Azure resources, your on-
premises network, and the Internet. There are two types of IP addresses you can use in Azure:
• Public IP addresses: Used for communication with the Internet, including Azure public-facing
services.
• Private IP addresses: Used for communication within an Azure virtual network (VNet), and your
on-premises network, when you use a VPN gateway or ExpressRoute circuit to extend your
network to Azure.
42. Virtual Network Service Endpoints
• Virtual Network (VNet) service endpoints extend your virtual network private address space.
• The endpoints also extend the identity of your VNet to the Azure services over a direct
connection.
• Endpoints allow you to secure your critical Azure service resources to only your virtual networks.
• Traffic from your VNet to the Azure service always remains on the Microsoft Azure backbone
network.
43. Domains and Custom Domains
• Every new Azure AD tenant comes with an initial domain
name, <domainname>.onmicrosoft.com.
• You can't change or delete the initial domain name, but you can add your organization's names.
• Adding custom domain names helps you to create user names that are familiar to your users,
such as abc@contoso.com.
44. Azure DNS Zones
• The Domain Name System is a hierarchy of domains.
• The hierarchy starts from the 'root' domain, whose name is simply '.'. Below this come top-level
domains, such as 'com', 'net', 'org', 'uk' or 'jp'. Below these are second-level domains, such as
'org.uk' or 'co.jp’.
• The domains in the DNS hierarchy are globally distributed, hosted by DNS name servers around
the world.
• A DNS zone is used to host the DNS records for a particular domain. To start hosting your domain
in Azure DNS, you need to create a DNS zone for that domain name. Each DNS record for your
domain is then created inside this DNS zone.
• For example, the domain 'contoso.com' may contain several DNS records, such as
'mail.contoso.com' (for a mail server) and 'www.contoso.com' (for a web site).
45. DNS Record Types
Record Type Description
A Points to host’s IP address
MX Domain Mail Server
NS Host’s Name Server
CNAME Canonical Naming allows alias to a host
SOA Start of Authority
SRV Service record
PTR Pointer Records
RP Responsible Person
HINFO Host information record includes CPU type and OS
TXT Unstructured Text Record
46. Private DNS Zones
• Azure Private DNS provides a reliable, secure DNS service to manage and resolve domain names
in a virtual network without the need to add a custom DNS solution.
• By using private DNS zones, you can use your own custom domain names rather than the Azure-
provided names available today.
• The records contained in a private DNS zone are not resolvable from the Internet. DNS resolution
against a private DNS zone works only from virtual networks that are linked to it.
47. Network Security Group (NSG)
• Azure network security group is used to filter network traffic to and from Azure resources in an
Azure virtual network.
• A network security group contains security rules that allow or deny inbound network traffic to, or
outbound network traffic from, several types of Azure resources.
• For each rule, you can specify source and destination, port, and protocol.
48. Azure Bastion Host
• Azure Bastion is a fully managed PaaS service that provides secure and seamless RDP and SSH
access to your virtual machines directly through the Azure Portal.
• Azure Bastion is provisioned directly in your Virtual Network (VNet) and supports all VMs in your
Virtual Network (VNet) using SSL without any exposure through public IP addresses.
49. VNet Peering
• Virtual network peering enables you to seamlessly connect networks in Azure Virtual Network.
• The traffic between virtual machines uses the Microsoft backbone infrastructure.
• Like traffic between virtual machines in the same network, traffic is routed through
Microsoft's private network only.
Azure supports the following types of peering:
• Virtual network peering: Connect virtual networks within the same Azure region.
• Global virtual network peering: Connecting virtual networks across Azure regions.
50. Virtual Network Gateway
• A virtual network gateway is composed of two or more VMs that are deployed to a specific
subnet you create called the gateway subnet.
• Virtual network gateway VMs contain routing tables and run specific gateway services.
• These VMs are created when you create the virtual network gateway.
• You can't directly configure the VMs that are part of the virtual network gateway.
51. VNet to VNet Connectivity
• Connects VNets with a VNet –to-VNet VPN Connection
• Requires a VPN Gateway (Virtual Network Gateway) in each virtual Network
• A secure IPSec/IKE tunnel provides the communication
• Use when VNet Peering is not an option
• Never Deploy other resources (for example, additional VMs) to the gateway subnet
• Avoid associating a NSG with the gateway subnet
52. Express Route
• ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private
connection facilitated by a connectivity provider.
• With ExpressRoute, you can establish connections to Microsoft cloud services, such as Microsoft
Azure and Office 365.
• Connectivity can be from an any-to-any (IP VPN) network, a point-to-point Ethernet network, or a
virtual cross-connection through a connectivity provider at a co-location facility.
• ExpressRoute connections do not go over the public Internet.
53. Availability Sets
• An Availability Set is a logical grouping capability that you can use in Azure to ensure that the VM
resources you place within it are isolated from each other when they are deployed within an
Azure datacenter.
• Azure ensures that the VMs you place within an Availability Set run across multiple physical
servers, compute racks, storage units, and network switches.
• If a hardware or Azure software failure occurs, only a subset of your VMs are impacted, and your
overall application stays up and continues to be available to your customers.
• Availability Sets are an essential capability when you want to build reliable cloud solutions.
54. Virtual Machine Scale Sets
• Azure virtual machine scale sets let you create and manage a group of identical, load balanced VMs.
• The number of VM instances can automatically increase or decrease in response to demand or a
defined schedule.
• Scale sets provide high availability to your applications, and allow you to centrally manage, configure,
and update a large number of VMs.
• With virtual machine scale sets, you can build large-scale services for areas such as compute, big data,
and container workloads.
• Scale sets support up to 1,000 VM instances. If you create and upload your own custom VM images,
the limit is 600 VM instances.
55. Load Balancer
• Load balancing refers to evenly distributing load (incoming
network traffic) across a group of backend resources or servers.
• Azure Load Balancer operates at layer four of the Open Systems
Interconnection (OSI) model.
• It's the single point of contact for clients.
• Load Balancer distributes inbound flows that arrive at the load
balancer's front end to backend pool instances.
• These flows are according to configured load balancing rules
and health probes.
• The backend pool instances can be Azure Virtual Machines or
instances in a virtual machine scale set.
56. Types of Load Balancer
A public load balancer can provide outbound connections for virtual machines (VMs) inside your virtual
network. These connections are accomplished by translating their private IP addresses to public IP
addresses. Public Load Balancers are used to load balance internet traffic to your VMs.
An internal (or private) load balancer is used where private IPs are needed at the frontend only. Internal
load balancers are used to load balance traffic inside a virtual network. A load balancer frontend can be
accessed from an on-premises network in a hybrid scenario.
57. Traffic Manager
• Azure Traffic Manager is a DNS-based traffic load balancer that enables you to distribute traffic
optimally to services across global Azure regions, while providing high availability and responsiveness.
• Traffic Manager uses DNS to direct client requests to the most appropriate service endpoint based on
a traffic-routing method and the health of the endpoints.
• An endpoint is any Internet-facing service hosted inside or outside of Azure.
• Traffic Manager provides a range of traffic-routing methods and endpoint monitoring options to suit
different application needs and automatic failover models.
• Traffic Manager is resilient to failure, including the failure of an entire Azure region.
59. • Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual
Network resources. It's a fully stateful firewall as a service with built-in high availability and
unrestricted cloud scalability.
• You can centrally create, enforce, and log application and network connectivity policies across
subscriptions and virtual networks. Azure Firewall uses a static public IP address for your virtual
network resources allowing outside firewalls to identify traffic originating from your virtual network.
The service is fully integrated with Azure Monitor for logging and analytics.
Azure Firewall
60. • Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your
web applications. Traditional load balancers operate at the transport layer (OSI layer 4 - TCP and
UDP) and route traffic based on source IP address and port, to a destination IP address and port.
• Application Gateway can make routing decisions based on additional attributes of an HTTP request,
for example URI path or host headers. For example, you can route traffic based on the incoming URL.
So if /images is in the incoming URL, you can route traffic to a specific set of servers (known as a
pool) configured for images. If /video is in the URL, that traffic is routed to another pool that's
optimized for videos.
• This type of routing is known as application layer (OSI layer 7) load balancing. Azure Application Gateway can do
URL-based routing and more.
Azure Application Gateway
61. Azure Activity Logs
• The Azure Activity Log provides insight into subscription-level events that have occurred in Azure.
• Provides insight into the operations on each Azure resource in the subscription from the outside (the
management plane) in addition to updates on Service Health events.
• Use the Activity Log, to determine the what, who, and when for any write operations (PUT, POST, DELETE) taken
on the resources in your subscription.
• You can also understand the status of the operation and other relevant properties.
• There is a single Activity log for each Azure subscription.
62. Azure Monitor
Azure Monitor maximizes the availability and performance of your applications and services by delivering
a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-
premises environments. It helps you understand how your applications are performing and proactively
identifies issues affecting them and the resources they depend on.
Just a few examples of what you can do with Azure Monitor include:
• Detect and diagnose issues across applications and dependencies with Application Insights.
• Correlate infrastructure issues with Azure Monitor for VMs and Azure Monitor for Containers.
• Drill into your monitoring data with Log Analytics for troubleshooting and deep diagnostics.
• Support operations at scale with smart alerts and automated actions.
• Create visualizations with Azure dashboards and workbooks.
64. Azure Alerts using Monitor
• Activity log alerts are the alerts that get activated when a new activity log event occurs that matches
the conditions specified in the alert.
• These alerts are for Azure resources and can be created by using an Azure Resource Manager
template.
• They also can be created, updated, or deleted in the Azure portal.
• Typically, you create activity log alerts to receive notifications when specific changes occur to
resources in your Azure subscription.
• Alerts are often scoped to particular resource groups or resources.
65. Azure Network Watcher
• Azure Network Watcher provides tools to monitor, diagnose, view metrics, and enable or disable logs
for resources in an Azure virtual network.
• Network Watcher is designed to monitor and repair the network health of IaaS (Infrastructure-as-a-
Service) products which includes Virtual Machines, Virtual Networks, Application Gateways, Load
balancers, etc.
• It is not intended for and will not work for PaaS monitoring or Web analytics.
66. Azure SQL Server
• High-performing, unified SQL platform built on the industry-leading SQL Server engine—with limitless
scalability and intelligent performance and security.
• Migrate without needing to redesign your apps, improve performance of existing apps and build
highly scalable cloud services by switching to Azure—the best cloud destination for your mission-
critical SQL Server workload
67. Azure SQL Server
SQL Server on Azure Virtual Machines vs. AWS EC2
Switch to SQL Server on Azure Virtual Machines and get better performance and price-performance than
other cloud providers. Azure SQL Virtual Machines meet your mission-critical requirements and is up to
3.4 times faster and 87 percent cheaper than Amazon Web Services
Azure SQL Database vs. AWS RDS
Switch to Azure SQL Database and get better price-performance than other cloud providers. Azure SQL
Database meets your mission-critical requirements while costing up to 86 percent less than the
competition
Source: https://azure.microsoft.com/en-in/services/sql-database/campaign/#pricing
68. Azure Content Delivery Network
• A content delivery network (CDN) is a distributed network of servers that can efficiently deliver web
content to users. CDNs store cached content on edge servers in point-of-presence (POP) locations that
are close to end users, to minimize latency.
• Azure Content Delivery Network (CDN) offers developers a global solution for rapidly delivering high-
bandwidth content to users by caching their content at strategically placed physical nodes across the
world.
• Azure CDN can also accelerate dynamic content, which cannot be cached, by leveraging various
network optimizations using CDN POPs. For example, route optimization to bypass Border Gateway
Protocol (BGP).
69. Azure Content Delivery Network
The benefits of using Azure CDN to deliver web site assets include:
• Better performance and improved user experience for end users, especially when using applications in
which multiple round-trips are required to load content.
• Large scaling to better handle instantaneous high loads, such as the start of a product launch event.
• Distribution of user requests and serving of content directly from edge servers so that less traffic is
sent to the origin server.
70. Azure Data Box
• The Azure Data Box family offers products of differing storage capacities to help send terabytes (TB) of
data to Azure in a quick, inexpensive, and reliable way.
• Microsoft accelerates secure data transfer by shipping you proprietary storage devices that enable
offline or over the network data transfer.
• Offline data transfer
For limited to no network bandwidth
• Online data transfer
Over the network transfer
71. Azure File Sync
• Azure File Sync is used to centralize your organization's file shares in Azure Files, while keeping the
flexibility, performance, and compatibility of an on-premises file server.
• Azure File Sync transforms Windows Server into a quick cache of your Azure file share.
• You can use any protocol that's available on Windows Server to access your data locally, including
SMB, NFS, and FTPS.
• You can have as many caches as you need across the world.
72. Azure Data Protection/Azure Backup
• The Azure Backup service provides simple, secure, and cost-effective solutions to back up your data
and recover it from the Microsoft Azure cloud.
• What can be backed up
• On-premises using MARS
• Azure VMs
• Azure Files shares
• SQL Server in Azure VM
74. Azure Recovery Service Vault
• A Recovery Services vault is a storage entity in Azure that houses data.
• The data is typically copies of data, or configuration information for virtual machines (VMs),
workloads, servers, or workstations.
• Recovery Services vaults can be used to hold backup data for various Azure services such as IaaS VMs
(Linux or Windows) and Azure SQL databases.
• Recovery Services vaults support System Center DPM, Windows Server, Azure Backup Server, and
more.
• Recovery Services vaults make it easy to organize your backup data, while minimizing management
overhead.
• Within an Azure subscription, you can create up to 500 Recovery Services vaults per subscription per
region.
75. Azure Site Recovery
As an organization we need to adopt a business continuity and disaster recovery (BCDR) strategy that
keeps your data safe, and your apps and workloads online, when planned and unplanned outages occur.
Azure Recovery Services contributes to your BCDR strategy:
Site Recovery service: Site Recovery helps ensure business continuity by keeping business apps and
workloads running during outages. Site Recovery replicates workloads running on physical and virtual
machines (VMs) from a primary site to a secondary location. When an outage occurs at your primary site,
you fail over to secondary location, and access apps from there. After the primary location is running
again, you can fail back to it.
Backup service: The Azure Backup service keeps your data safe and recoverable.
76. Azure Active Directory
• Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service,
which helps your employees sign in and access resources in:
• External resources, such as Microsoft Office 365, the Azure portal, and thousands of other SaaS
applications.
• Internal resources, such as apps on your corporate network and intranet, along with any cloud apps
developed by your own organization.
• You can use the various Microsoft Cloud for Enterprise Architects Series posters to better understand
the core identity services in Azure, Azure AD, and Office 365.
77. Azure Active Directory Licenses/Editions
• Azure Active Directory Free. Provides user and group management, on-premises directory synchronization, basic
reports, self-service password change for cloud users, and single sign-on across Azure, Office 365, and many
popular SaaS apps.
• Azure Active Directory Premium P1. In addition to the Free features, P1 also lets your hybrid users access both
on-premises and cloud resources. It also supports advanced administration, such as dynamic groups, self-service
group management, Microsoft Identity Manager (an on-premises identity and access management suite) and
cloud write-back capabilities, which allow self-service password reset for your on-premises users.
• Azure Active Directory Premium P2. In addition to the Free and P1 features, P2 also offers Azure Active Directory
Identity Protection to help provide risk-based Conditional Access to your apps and critical company data
and Privileged Identity Management to help discover, restrict, and monitor administrators and their access to
resources and to provide just-in-time access when needed.
• "Pay as you go" feature licenses. You can also get additional feature licenses, such as Azure Active Directory
Business-to-Customer (B2C). B2C can help you provide identity and access management solutions for your
customer-facing apps.
For Pricing: https://azure.microsoft.com/en-us/pricing/details/active-directory/
78. Azure AD Connect
Azure AD Connect is the Microsoft tool designed to meet and accomplish your hybrid identity goals. It provides the
following features:
• Password hash synchronization - A sign-in method that synchronizes a hash of a users on-premises AD password
with Azure AD.
• Pass-through authentication - A sign-in method that allows users to use the same password on-premises and in
the cloud, but doesn't require the additional infrastructure of a federated environment.
• Federation integration - Federation is an optional part of Azure AD Connect and can be used to configure a hybrid
environment using an on-premises AD FS infrastructure. It also provides AD FS management capabilities such as
certificate renewal and additional AD FS server deployments.
• Synchronization - Responsible for creating users, groups, and other objects. As well as, making sure identity
information for your on-premises users and groups is matching the cloud. This synchronization also includes
password hashes.
• Health Monitoring - Azure AD Connect Health can provide robust monitoring and provide a central location in the
Azure portal to view this activity.
79. Azure MFA
• Multi-factor authentication is a process where a user is prompted during the sign-in process for an additional form
of identification, such as to enter a code on their cellphone or to provide a fingerprint scan.
• If you only use a password to authenticate a user, it leaves an insecure vector for attack. If the password is weak or
has been exposed elsewhere, is it really the user signing in with the username and password, or is it an attacker?
• When you require a second form of authentication, security is increased as this additional factor isn't something
that's easy for an attacker to obtain or duplicate.
• Available verification methods
• Microsoft Authenticator app
• OATH Hardware token
• SMS
• Voice call
80. Azure Subscriptions
The Azure account is a global unique entity that gets you access to Azure services and your Azure
subscriptions. You can create multiple subscriptions in your Azure account to create separation e.g. for
billing or management purposes. In your subscription(s) you can manage resources in resources groups.
Azure subscription can have a trust relationship with an Azure Active Directory (Azure AD) instance
Types:
• Free: $200 credit to be used within 30 days. Access to some to Azure service for 12 months
• Pay-as-you-go: pay for services and resources used on a monthly basis
• Enterprise Agreement: Purchase cloud services and software licenses under a single agreement
• Student: $100 credit to be used within 12 months
81. Azure Role Based Access Control (Azure RBAC)
• Access management for cloud resources is a critical function for any organization that is using the cloud. Azure
role-based access control (Azure RBAC) helps you manage who has access to Azure resources, what they can do
with those resources, and what areas they have access to.
• Azure RBAC is an authorization system built on Azure Resource Manager that provides fine-grained access
management of Azure resources.
Types of Roles
• Classic subscription administrator roles
• Azure roles
• Azure Active Directory (Azure AD) roles
82. Azure Management Group
• Management groups are containers that help you manage access, policy, and compliance across multiple
subscriptions.
• Create these containers to build an effective and efficient hierarchy that can be used with Azure Policy and Azure
Role Based Access Controls.
• Azure management groups provide a level of scope above subscriptions.
• You organize subscriptions into containers called "management groups" and apply your governance conditions to
the management groups.
• All subscriptions within a management group automatically inherit the conditions applied to the management
group.
83. Azure Policy
• Azure Policy helps to enforce organizational standards and to assess compliance at-scale.
• Through its compliance dashboard, it provides an aggregated view to evaluate the overall state of the
environment, with the ability to drill-down to the per-resource, per-policy granularity.
• It also helps to bring your resources to compliance through bulk remediation for existing resources
and automatic remediation for new resources.
• Common use cases for Azure Policy include implementing governance for resource consistency,
regulatory compliance, security, cost, and management.
• Policy definitions for these common use cases are already available in your Azure environment as
built-ins to help you get started.
• Azure Policy evaluates resources in Azure by comparing the properties of those resources to business
rules.
• These business rules, described in JSON format, are known as policy definitions.
84. App Service Plans
• An App Service plan defines a set of compute resources for a web app to run.
• These compute resources are analogous to the server farm in conventional web hosting.
• One or more apps can be configured to run on the same computing resources (or in the same App
Service plan).
• Each App Service plan defines:
• Region (West US, East US, etc.)
• Number of VM instances
• Size of VM instances (Small, Medium, Large)
• Pricing tier (Free, Shared, Basic, Standard, Premium, PremiumV2, Isolated)
85. App Service Plans
The pricing tier of an App Service plan determines what App Service features you get and how much you
pay for the plan. There are a few categories of pricing tiers:
• Shared compute: Free and Shared, the two base tiers, runs an app on the same Azure VM as other
App Service apps, including apps of other customers. These tiers allocate CPU quotas to each app that
runs on the shared resources, and the resources cannot scale out.
• Dedicated compute: The Basic, Standard, Premium, and PremiumV2 tiers run apps on dedicated
Azure VMs. Only apps in the same App Service plan share the same compute resources. The higher the
tier, the more VM instances are available to you for scale-out.
• Isolated: This tier runs dedicated Azure VMs on dedicated Azure Virtual Networks. It provides network
isolation on top of compute isolation to your apps. It provides the maximum scale-out capabilities.
86. App Service
• Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile back
ends.
• We can develop in your favorite language, be it .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python.
Applications run and scale with ease on both Windows and Linux-based environments.
• App Service not only adds the power of Microsoft Azure to your application, such as security, load
balancing, autoscaling, and automated management.
• We can also take advantage of its DevOps capabilities, such as continuous deployment from Azure
DevOps, GitHub, Docker Hub, and other sources, package management, staging environments,
custom domain, and TLS/SSL certificates.
For Pricing: https://azure.microsoft.com/en-in/pricing/details/app-service/windows/
87. Application Insights
• Application Insights, a feature of Azure Monitor, is an extensible Application Performance Management (APM)
service for developers and DevOps professionals.
• We use it to monitor live applications. It will automatically detect performance anomalies, and includes powerful
analytics tools to help us diagnose issues and to understand what users actually do with our app.
• It's designed to help us continuously improve performance and usability.
• It works for apps on a wide variety of platforms including .NET, Node.js, Java, and Python hosted on-premises,
hybrid, or any public cloud.
• It integrates with your DevOps process, and has connection points to a variety of development tools.
88. Azure Container Instances
• Azure Container Instances offers the fastest and simplest way to run a container in Azure, without
having to manage any virtual machines and without having to adopt a higher-level service.
• Azure Container Instances is a great solution for any scenario that can operate in isolated containers,
including simple applications, task automation, and build jobs.
• Azure Container Instances enables exposing your container groups directly to the internet with an IP
address and a fully qualified domain name (FQDN).
• When you create a container instance, you can specify a custom DNS name label so your application is
reachable at customlabel.azureregion.azurecontainer.io.
89. Azure Kubernetes Service (AKS)
• Azure Kubernetes Service (AKS) makes it simple to deploy a managed Kubernetes cluster in Azure.
• AKS reduces the complexity and operational overhead of managing Kubernetes by offloading much of
that responsibility to Azure.
• As a hosted Kubernetes service, Azure handles critical tasks like health monitoring and maintenance
for us.
• The Kubernetes masters are managed by Azure. We only manage and maintain the agent nodes.
• As a managed Kubernetes service, AKS is free - you only pay for the agent nodes within your clusters,
not for the masters.
• To manage a Kubernetes cluster, you use kubectl, the Kubernetes command-line client.
The kubectl client is pre-installed in the Azure Cloud Shell
90. • Azure Virtual WAN is a networking service that brings many networking, security, and routing
functionalities together to provide a single operational interface.
• These functionalities include branch connectivity (via connectivity automation from Virtual WAN
Partner devices such as SD-WAN or VPN CPE), Site-to-site VPN connectivity, remote user VPN (Point-
to-site) connectivity, private (ExpressRoute) connectivity, intra-cloud connectivity (transitive
connectivity for virtual networks), VPN ExpressRoute inter-connectivity, routing, Azure Firewall, and
encryption for private connectivity.
• We don’t have to have all of these use cases to start using Virtual WAN. We can simply get started
with just one use case, and then adjust your network as it evolves.
• The Virtual WAN architecture is a hub and spoke architecture with scale and performance built in for
branches (VPN/SD-WAN devices), users (Azure VPN/OpenVPN/IKEv2 clients), ExpressRoute circuits,
and virtual networks. It enables a global transit network architecture, where the cloud hosted
network 'hub' enables transitive connectivity between endpoints that may be distributed across
different types of 'spokes'.
Azure Virtual WAN
92. Azure Virtual WAN (Cont.)
Virtual WAN offers the following advantages:
• Integrated connectivity solutions in hub and spoke: Automate site-to-site configuration and
connectivity between on-premises sites and an Azure hub.
• Automated spoke setup and configuration: Connect your virtual networks and workloads to the
Azure hub seamlessly.
• Intuitive troubleshooting: You can see the end-to-end flow within Azure, and then use this
information to take required actions.
Virtual WAN type Hub type Available configurations
Basic Basic Site-to-site VPN only
Standard Standard ExpressRoute
User VPN (P2S)
VPN (site-to-site)
Inter-hub and VNet-to-VNet
transiting through the virtual hub
Azure Firewall
NVA in a virtual WAN
