Azure Essentials

Welcome to the course, Azure Essentials!

In this course, we will explore the broad range of services offered by Azure and deep dive into
few of services that you can use for your applications.

Azure Essentials is the first of the series of courses on Azure. Have a great learning!

Please note that this course has been curated using the materials/resources received through our
partnership with Microsoft. Hence, you could see that the content for this course has been taken
from Mic

What is Microsoft Azure?

Microsoft Azure is a set of unified cloud services, which help IT professionals and developers to
build, deploy and manage applications through the global network of Azure data centers.

Watch this video to get a big picture of Window Azure!

Overview of Azure Services

Azure provides cloud services that can be used to design and implement your customized cloud
solution and infrastructure. They allow you to:

 Migrate on-premises datacenter to Azure cloud

 Deploy cloud-based applications

 Host workload in the Azure cloud

 Integrate Azure cloud services with an on-premises infrastructure

Azure cloud services can be categorized as Compute, Network, Data and Storage, App Services,
etc. These are few to name and there are much more to help with Identity and Access
Management, Automation, Security, Availability, etc.

Azure as IaaS (Infrastructure as a Service)

Allows the user to access, manage and monitor the data centers. Thus, giving complete control
of the OS and the application platform stack to the developers.

 The virtual machine can be completely modified to meet business requirements.

 IaaS facilitates efficient design time portability. Hence an application can be migrated to
Microsoft Azure without rework.
  IaaS allows a quick transition of services to cloud, which helps the vendors to offer
services to their clients easily.

IaaS is perfect for the applications where complete control is required.

Azure as PaaS (Platform as a Service)

The client is provided with the platform to develop and deploy software, without having to think
about hardware and infrastructure. It takes cares of most of the OS, servers and networking
issues.

PaaS is fast with less hassle for developers; applications can go from idea to availability more
quickly.

PaaS is cost-effective with lower upfront investment and less admin / management work
for organizations.

PaaS lowers risk as platform is upto date with latest technology stack and tools for
automation.

Azure as SaaS (Software as a Service)

Software as a service (SaaS) allows users to connect to and use cloud-based apps over the
Internet, such as Office365.

SaaS customers use the software running on the provider’s infrastructure. SaaS is also referred as
software delivered over the web.

Advantages:

 Gained access to sophisticated enterprise applications

 Pay only for what you use
 Use free client software
 Mobilise your workforce easily
 Access app data from anywhere

Azure Datacenters

Azure is backed by a global network of data centers that aims to meet global customer needs,
ensure high application performance and maintain availability.

Accessing Azure

Azure can be accessed and managed through:

  Azure Classic Portal

 Azure ARM portal

 Azure Resource Manager

 Client Tools like

o PowerShell

o Azure CLI

o Visual Studio with Azure SDK for .NET

Azure Classic Portal

This was the first portal in Azure that was being used before the launch of Azure Resource
Manager (ARM). It was based on the Service Management model and provides limited Role-
Based Access Control (RBAC) support.

Azure Resources Manager

Azure Resources manager (ARM portal) is now the default portal for Azure cloud services
management. It supports new features like:

 Templates based deployments

 Role-based Access Control (RBAC)
 Customized dashboards to view key resources

Client Tools

While Azure portals provide a GUI for managing your Azure subscriptions and services, in some
scenarios, these portals may not offer the most optimal management capabilities.

For teams that want to perform service management in an automated fashion by using REST
API and creating scripts for repetitive or cumbersome administrative tasks, Azure offers options
like:

 Azure PowerShell modules - to run scripts from Windows.

  Azure command-line interface (CLI) - to run scripts on all operating systems like
Windows, Linux, and macOS.

Azure Network Services

Microsoft Azure Network Services offer the foundation for developing hybrid cloud solutions
with the help of following essential resources.

 Azure Virtual Network: Isolated network within the Microsoft Azure cloud.

 Azure Traffic Manager: Controls how user traffic is distributed between geographies in
cloud services.

 Name Resolution Service: For internal hostname resolution within a cloud service.

 Azure ExpressRoute: Extend on-premises networks into the virtual network over a
dedicated private connection facilitated by a connectivity provider.

 Application Gateway: works at the application layer and acts as a reverse-proxy service,
terminating the client connection and forwarding requests to back-end endpoints.

What is Virtual Network?

Virtual Network, also known as a VNet constitutes a logical boundary defined by a private IP
address space that you designate. You can distribute IP address space into one or more subnets.
This makes it functionally equivalent to on-premises networks.

VNets are similar to AWS VPC (Virtual Private Cloud), offering various networking features
like the ability to customize inter-VM connectivity, Virtual Private Networks (VPN), access
control, DNS, routing, and DHCP blocks.

Why Virtual Network?

Azure Virtual Network allows to securely connect cloud infrastructure to your on-premises
datacenter.

 Virtual Networks allow to set up a virtual lab in the cloud by enabling connectivity to on-
premises resources with the help of Point-To-Site and Site-to-Site VPN connections.

 Virtual Network also acts as a DHCP server, which allows configuring a DNS server to
be leased out when a virtual machine is a spin up in the cloud.

VNet Capabilities
  Isolation - VNets are isolated from one another. One can create separate VNets for
development, testing, and production that use the same CIDR address blocks.

 Internet Connectivity - By default, all Azure Virtual Machines (VM) and Cloud
Services role instances are connected to a VNet and have access to the Internet.

 VNet Connectivity - VNet to VNet gateway needs to be configured to establish a

connection between VNets.

 On-premises Connectivity - VNets can be connected to on-premises networks through

point to site, site to site.

VNet Capabilities...

 Azure Resource Connectivity - Azure resources such as Cloud Services and VMs can
be connected to the same VNet. These ***resources can connect to each other using
private IP addresses***, even if they are on separate subnets.

Azure offers default routing between subnets, VNets, and on-premises networks, thus avoiding
the need to configure and manage routes.

 Traffic Filtering - VM and Cloud Services role instance network traffic can be
filtered outbound and inbound by destination IP address and port, source IP address and
port, and protocol.
 Routing - Azure allows User-defined routes and BGP routes.
 Load balancing and traffic direction - Load balances traffic to servers.

VNet Components - Subnets

A subnet is a range of IP addresses in the VNet. We can divide a VNet into multiple subnets
for organization and security.

Additionally, we can configure VNet routing tables and Network Security Groups (NSG) to a
subnet.

VNet Components - IP Addresses

There are two types of IP addresses that can be assigned to an Azure resource:

 Public IP Address is used for internet/public-facing communication.

 Private IP Address is used for communication within a VNet, and when using VPN
gateway or ExpressRoute.

Both Public and Private IP Address can be assigned through DHCP (Dynamic Host
Configuration Protocol).
  Dynamic IP is allocated by default to the VM from the subnet via DHCP. When VM is
started/stopped, the IP may be released/renewed based on the DHCP lease.

 Static IP can be allocated to a VM, which is only released when the VM is deleted.

VNet Components - NSGs

Network Security Groups (NSGs) allow or deny traffic (through a rule base), to either a network
interface or a subnet. By default the outbound and inbound rules include an implied deny
all .

NSGs are stateful, meaning that the TCP sequence numbers are checked in addition to checking
if the connection is already established.

Network Services - Load balancing

Azure provides three different load balancing solutions:

 Azure Traffic Manager: DNS is used to direct traffic to the necessary destination. There
are three destination selection methods - failover, performance or round robin.

 Azure Load Balancer: Performs L4 load balancing within a Virtual Network. Currently
only supports round robin distribution.

 Azure Application Gateway: Performs L7 load balancing. Supports HTTP request

based load balancing, SSL Termination, and cookie-based persistence.

Network Services - DNS and Routing Tables

 DNS name resolution - Built-in (default) and support for custom (customer-owned)
DNS.

 Routing Tables - Azure provides user defined routes and forced tunneling methods.

Intersite Connectivity - Methods

There are two types of gateways.

 VPN - Traffic is encrypted within the endpoints by the following modes:

o Site-to-Site - Traffic is secured using IPSEC/IKE between two VPN gateways,

for example between Azure and an on-premise firewall.

o Point-to-Point - Via a VPN client, a user connects to Azure, and traffic is

encrypted using TLS (Transport Layer Security).
 o VNet-to-VNet - Traffic is secured between two Virtual Networks using
IPSEC/IKE.

 Express Route - It provides a dedicated peered connection into Azure.

Intersite Connectivity Detailed

 VNet to VNet Connectivity - VPN can be used to connect two or more Azure VNets.
Such connections are termed VNet-to-VNet VPNs.
 A Point-to-Site VPN - connects a single computer to a VNet. To create this connection,
you must configure each on-premises computer that you want to use, with the resources
in the VNet.
 A Site-to-Site VPN - connects an on-premises network and all its computers to a VNet.
To create this connection, you must configure a gateway and IP routing in the on-
premises network. But it is not necessary to configure individual on-premises
computers.
 ExpressRoute Connectivity - An ExpressRoute connection is a dedicated server that
does not connect to the public Internet. By using ExpressRoute, you can increase
security, reliability, and bandwidth.

Azure Compute Services

Microsoft Azure Compute Services offer the processing power for running cloud
applications.

The Microsoft Azure Compute Service can run many different kinds of applications. A principal
goal of this platform, however, is to support applications that have a substantial number of
simultaneous users.

Compute Options in Azure

 Virtual Machines is an IaaS service that allows you to deploy and manage VMs inside a
VNet.

 App Service is a managed service to host mobile app backends, web apps, RESTful
APIs, or automated business processes.

 Service Fabric is known as a distributed systems platform that operates in numerous

environments. Service Fabric is an orchestrator of microservices across a cluster of
machines.

 Azure Batch is called a managed service for operating large-scale parallel and high-
performance computing (HPC) applications.
  Cloud Services is a managed service for operating cloud applications and utilizes a PaaS
hosting model.

Resource Groups

Resource groups are containers that are automatically created for VMs, DBs, and other assets
that are required for your solution or only the resources that you want to manage as a group.

They provide a way to monitor, control access, provision and manage billing for collections of
assets that are required to run an application.

Resource Groups - Points to Remember

 All the resources in a group should share the same lifecycle i.e. deploy, update, and
delete them together.

 If a resource (e.g. DB server), needs to exist on a different deployment cycle, it should be

in another resource group.

 A resource can only exist in one resource group. It can be added, moved and deleted
from a resource group at any time.

 A resource group can include resources that reside in different regions.

 A resource group can be used to control access.

 A resource can interact with resources in different resource groups. (Scenarios where
two resources are related but do not share the same lifecycle).

What is Azure VM?

It is a general-purpose computing environment that lets you create, deploy, and manage VMs
running in the Microsoft Azure cloud.

Azure VM's can be used in following ways:

 Development and test - Azure VMs provide a fast and effortless way to create a
computer with particular configurations needed to code and test an application.

 Extended datacenter - VMs in an Azure virtual network can easily be connected to

organization’s network.

 Applications in the cloud - since the demand for an application can fluctuate, it might
create economic sense to operate it on a VM in Azure. Thus one has to pay for additional
VMs only when required and shut them down when they don’t.

Different Ways to Create VM

  Azure CLI - used to create and manage Azure resources from the command line or by
using scripts.

 Azure Portal - provides a browser-based user interface for creating and configuring
virtual machines and all related resources.

 Azure PowerShell - used to create and manage Azure resources from the PowerShell
command line or scripts.

 Resource Manager template - a JSON file is used to define one or more resources to be
deployed to a resource group and define the dependencies between the deployed
resources. This template can be used to deploy the resources consistently and
repeatedly.

VM Size

The VM size is determined by the workload that you want to run. The size then determines
factors such as processing power, memory, and storage capacity.

Following VM sizes are available:

 A-series: is basic with no load balancing or auto-scaling support.

 D-series: offers faster CPUs and local Hyper-V host SSD (temporary disk).

 Dv2 series: provides largest VMs with configuration up to 448 GB of RAM and 64 data
disks. CPU is 35% faster than D-series.

 DS, DSv2, and GS series: Support for Premium Storage (SSD for operating system and
data disks).

VM Availability

To ensure high availability of an application, Azure places VMs into a logical grouping called
an Availability Set.

When deployed with a service, Azure ensures that the VMs in the Availability set are arranged
across Fault Domains on different Racks. In case of a maintenance event or failure of one fault
domain, at least one VM keeps running.

Along with Load balancers, availability sets can provide up to 99.95% SLA for VMs.

A fault domain is a set of hardware components (rack of resources like servers, power, etc.) that
share a single point of failure. Web, worker and Virtual Machines are arranged in this hardware.

Azure deploys an application or service across multiple fault domains.

Update domain in Azure means, that all physical servers in one update domain will get host
updates like firmware, drivers and OS updates at the same time.

In the Illustration UD#1 is getting updated but the user can access the content from UD#2.

It provides Web or Worker role (within rack) instances with high availability by ensuring that
only one of the Instances is down for an update at one time.

Scalability is known as the ability of a process, network, or system to accommodate fluctuating

workload/demand.

 Vertical scaling, also known as scale up and scale down, involves increasing or
decreasing virtual machine (VM) sizes in response to the workload, without creating
additional VMs.

 Horizontal scaling also known as scaling out and in, involves adding or removing
instances of a resource. The application continues operating without interruption as new
resources are provisioned.

o Once provisioning process is complete, the solution is deployed on the additional

resources.

o If demand drops, additional resources can be shut down cleanly and deallocated.

Below are the latest 50 odd questions on azure. These are multiple choice questons

(1)When using Azure Resource Manager, you can use a _______________ for

deployment, which can build identical environments for different work scenarios

such as testing, staging, and production.

Answer:-Template

(2)If you have to replace your current on-premise services in the form of virtual

machines, then you can use Microsoft Azure cloud categorized as ____________.
Answer:-IAAS

(3)Which cloud offering focuses on the consumption of services?

Answer:-SaaS

(4)High available applications are ____________.

Answer:-All the options mentioned

(5)Which of the following statements are correct?

Answer:-Are below are true
With Azure’s architecture, an application can run locally, run in the cloud, or some
combination of both.
Windows Azure serves as a cloud operating system.
Windows Azure Platform allows a developer to modify his application so it can run

in the cloud on virtual machines hosted in Microsoft datacenters.

(6)You can view the latest data center map and Pay as You Go subscription

information in (the) ________?

Answer:-Azure Dash Board

(7)In which operating system, we can use Azure PowerShell?

Answer:-Windows OS

(8)The new Azure Portal is accessed using ___________.

Answer:-https:\\portal.azure.com------

(9)Which of the following is the older service management model, where cloud

services contain your cloud resources?

Answer:-Classic Portal

(10)ExpressRoute connections enable access to the _________.

Answer:-Below are the answer
Microsoft Dynamics 365
Microsoft Office 365 services
Microsoft Azure services

(11)Microsoft uses industry standard _______________ dynamic routing protocol

to exchange routes between your on-premises network, your instances in Azure, and

Microsoft public addresses.

Answer:-EGP

(12)_______________ is used to route the traffic between virtual machines inside

your private virtual network.

Answer:-Azure Internal Load Balancers

(13)Azure supports both .vhd and .vhdx file formats for Virtual Machines.
Answer:-False

(14)To how many resource groups can a resource be added?

Answer:-1

(15)You need to deploy a virtual machine on Azure with a low memory entry level
requirement. Which virtual machine sizes should you consider choosing?
Answer:-Basic_A0- Basic_A4

(16)Azure Virtual Machines only support VM's running Microsoft Windows

operating system.
Answer:-False

(17)To delegate administrative tasks for specific resource groups in Azure which

functionality should be used?

Answer:-Role based access control

(18)A VM can have multiple associated IP addresses. Which of the following are

possible IP addresses associated with a VM?

Answer:- Below are the answer
Static public IP
Public virtual IP
Static private IP
Dynamic private IP

(19)Which of the following services allow creation and management of virtual

machines that serve either in a Web role and a Worker role?

Answer:-Compute

(20)SQL Azure is a cloud-based relational database service that is based on

_________.
Answer:-SQL Server

(21)The smallest recommended virtual machine size in Azure for a production

environments is ____.
Answer:-A1

(22) A subnet is a range of IP addresses in a _________.

Answer:-VNet

(23)Which Azure networking component is the core unit from which administrators

can have full control over IP address assignments, name resolution, security settings,

and routing rules?

Answer:-Virtual Networks

(24)When should you use a static IP address?

Answer:-For VMs within a Vnet
(25)Which of the following helps Azure maintain high availability and fault tolerance when deploying and
upgrading applications?
Answer:-Availability set

(26)In which type of storage replication, data is not replicated across multiple datacenters?
Answer:-Locally Redundant Storage(LRS)

(27)In which Operating System, we can use Azure CLI?

Answer:-Below are the answer
OS X
Linux
Windows OS

(28)Which connection configuration offers faster speeds, higher security, lower latencies and higher
reliability?
Answer:-ExpressRoute

(29)What VPN types are supported by Azure?

Answer:-Below are the Answer
Point-to-Site
Site-to-Site
VNet-to-VNet
Multi-set

(30)Which of the following is a non-relational storage system for large-scale storage?

Answer:-Data Lake store

(31)SQL Azure is a cloud based relational database that is based on ________.

Answer:-SQL Server

(32)Is it possible to create a custom domain name, or use your organisation's domain name such as
eduforum.in, in Azure Active Directory?
Answer:-True

(33)What's the maximum bandwidth provided my ExpressRoute?

Answer:-10 Gbps

(34) The VM size determines the number of _________.

Answer:-Nic

(35)What is the format of an Azure Resource template?

Answer:-JSON

(36)Which of the following are methods Traffic Manager uses to pick endpoints?
Answer:-Below are the answer
Round-robin
Performance
Failover
(37)Geo-Redundancy is to provide high availability in ________.
Answer:-Geographically

(38) Azure is Microsoft’s ___________ as a Service Web hosting service.

Answer:- Infrasturcture

(39) When using Azure Resource Manager, you can use a _______________ for deployment, which can build
identical environments for different work scenarios such as testing, staging, and production.
Answer:- Template

(40)Which one of the following serives is a NoSQL datastore?

Answer:- Tables

(41). If you have to replace your current on-premise services in the form of virtual machines, then you can use
Microsoft Azure cloud categorized as ____________.
Answer:- IAAS

(42) You can view the latest data center map and Pay as You Go subscription information in (the) ________?
Answer:- Azure Dash Board

(43) In which operating system, we can use Azure PowerShell?

Answer:- Windows OS

(44)Which cloud offering focuses on the consumption of services?

Answer:- SaaS

(45)Which of the following is the older service management model, where cloud services contain your cloud
resources?
Answer:- Classic Portal

(46)Which Azure networking component is the core unit from which administrators can have full control over
IP address assignments, name resolution, security settings, and routing rules?
Answer:- Virtual Networks (VNETs)

(47)Which connection configuration offers faster speeds, higher security, lower latencies and higher
reliability?
Answer:- ExpressRoute

(48)When should you use a static IP address?

Answer:- DNS Server

(49) A subnet is a range of IP addresses in a

Answer:- VNet

(50)Default Private IP address allocation method is _________.

Answer:- dynamic

1) ___is used to route the traffic between virtual machines inside your pirvate virtual network.
Answer:- Azure Internal Load Balancers
(2) The smallest recommended virtual machine size in Azure for a production environment is
Answer:- A1

(3)You can estimate costs you will incur on Azure by using which tool
Answer:- Pricing Calculator

(4)Which of the following Windows Server roles is not supported on Azure Virtual Machines
Answer:- Hyper-v

(5)Most types of resource can be moved to a different resource group at

Answer:- Anytime

(6)Which of the following helps Azure maintain high availability and fault tolerance when deploying and
upgrading applications.
Answer:- Availability set

(7)Azure supports both .vhd and .vhdx file formats for Virtual Machines.
Answer:- False

(8)Azure Virtual Machines only support VM's running Microsoft Windows operating system.
Answer:- False

(9)The VM size determines the number of __________.

Answer:- Nic

(10) Which type of storage offering uses SSDs and is intended for use with Virtual machines
Answer:- Premium

(11) Geo Redundancy is to provide high availability in ________.

Answer:- Geographically

(12)What type of storage account is backed by magnetic drives and provides the lowest cost per GB
Answer:- Standard

(13)Premium storage disks for virtual machines support up to 64 TBs of storage

Answer:- True

(14)If you choose this redundancy strategy, you cannot convert to another redundancy strategy without
creating a new storage account and copying the data to the account.
Answer:- ZRS

(15)Geo-replication is enabled by default in Windows Azure Storage

Answer:- Yes

(16)The maximum size for a file share is 5 TBs.

Answer:- True

(17)Your Azure storage account is always replicated to ensure durability and high availability. By default,
which of the following replications schemes is used?
Answer:- RA-GRS

(18)You add a data disk to an Azure virtual machine. What drive type is created?
Answer:- SCSI

(19)Is it possible to create a custom Domain name, or use your organizations domain name, such as
fresco.com, in Azure Active Directory?
Answer:- True

(20) Microsoft Azure Active Directory can be integrated with on-premises Active Directory to allow single
sign-on.
Answer:- True

(21)Which of the following individual components are included on HDInsight clusters

Answer:- Spark

(22)Which of the following is also known as Compute

Answer:- Set of virtual machine instances

(23)Which of the following is a worldwide content caching and delivery system for Windows Azure blob
content
Answer:- CDN

(24)Microsoft and Hortonworks joined their forces to make Hadoop available on ___________ for on-premise
deployments
Answer:- Windows Server

(25)The connection between storage and Microsoft’s CDN (Content Delivery Network) is stated to be at least
_______ percent available
Answer:- 99.9

(26)Azure Storage plays the same role in Azure that ______ plays in Amazon Web Services.
Answer:- S3

(27)What’s the maximum bandwidth provided by ExpressRoute?

Answer:- 10 Gbps

(28)What is the format of an Azure Resource Template?

Answer:- JSON

(29)Azure data is replicated ________ times for data protection and writes are checked for consistency.
Answer:- Three

(30)Which of the following standard does Azure use ?

Answer:-Below are the answer
REST
XML
HTML
(31)Point out the wrong statement:
a) An Amazon Machine Image can be provisioned with an operating system, an enterprise application, or
application stack
b) AWS is a deployment enabler
c) Google Apps lets you create a scalable cloud-based application
d) None of the mentioned
Answer:-None of the mentioned

(40)What does IPsec in Azure platform refers to ?

Answer:- Internet Protocol Security protocol suite

(41)Some true about azure

a) The Windows Azure service it The Windows Azure Platform allows a developer to modify his application
so it can run in the cloud on virtual machines hosted in Microsoft datacenters
b) Windows Azure serves as a cloud operating system
c) With Azure’s architecture, an application can run locally, run in the cloud, or some combination of both
Answer:- All above are correct

(42)A _________ role is a virtual machine instance running Microsoft IIS Web server that can accept and
respond to HTTP or HTTPS requests.
Answer:- Web

(43)Which of the following element allows you to create and manage virtual machines that serve either in a
Web role and a Worker role ?
Answer:- Compute

(44)Which of the following element is a non-relational storage system for large-scale storage ?
Answer:- Storage

(45)Azure Storage plays the same role in Azure that ______ plays in Amazon Web Services.
Answer:- S3

(46)Which of the following element in Azure stands for management service ?

Answer:- config

(47)Which of the following standard does Azure use ?

Answer:-Below are the answer
a) REST
b) XML
c) HTML

(48)True about the Azure

a) An Amazon Machine Image can be provisioned with an operating system, an enterprise application, or
application stack
b) AWS is a deployment enabler
c) Google Apps lets you create a scalable cloud-based application
Answer:-All above are true
(49)What does IPsec in Azure platform refers to ?
Answer:- Internet Protocol Security protocol suite

(50)A _________ role is a virtual machine instance running Microsoft IIS Web server that can accept and
respond to HTTP or HTTPS requests.
Answer:- Web

(51)Which of the following element allows you to create and manage virtual machines that serve either in a
Web role and a Worker role ?
Answer:- Compute

(52) Which of the following element is a non-relational storage system for large-scale storage ?
Answer:- Storage

(53)Azure Storage plays the same role in Azure that ______ plays in Amazon Web Services.
Answer:- S3