Crash Course

For more visit:

http://devops.egyan.space
Microsoft Azure 5
Azure HA: 6
Fault Domains : 6
Update Domain : 6
Availability Zone: 6
Availability Set 6
Monitor a VM: 7
Setting up Virtual Machine Scale Sets VMSS: 7

Setup 7

Setting a Budget 7

VM 7
Cloud Concepts: 8

Subscriptions & resources 8

Azure VMS 10
High Availability - Options 11

Azure VM Monitoring 13

Azure VMSS - Virtual Machine Scale Sets 13

Dedicated Hosts & Host Groups 13

Powershell 14
Creating a VM In powershell 15

Automated Deployment of VMs 15

ARM Templates 15

Encrypt a VM 15

Diagnosting settings on Resources 16

Baseline for Resources 16

Monitoring Alerts: 16
 Create action groups 17
Monitor Cost in Azure 17

Storage Accounts: 17
Add Storage accounts to a Virtual Network 20

Virtual Networks: 24
Create Route Table: 24
Azure-to-azure Virtual Network Gateway 28
Azure VPN 29
ExpressRoute: 30
ExpressRoute Direct: 30
Virtual WAN: 31

Azure Active Directory 32

Azure AD IT protection : 32
Azure Conditional Access: 34
Access Reviews: 35
Hybrid AD: 35

Azure Site Recovery 36

Serverless Computing 37
Azure Event Grid : 42
Service Bus : 43

Load Balancer 44
Application Gateway: 44
Azure Front Door: 45

MFA 45
Verifying Your Identity with MFA: 46
RBAC - Role Based Access Control 47

App services : 51

App services Container App 53

Service Fabric App: 54

Azure Kubernetes Service : AKS 56

Check vCPU Quotas: 56

Data Security 59
Data Storage Encryption: 59
ARM Templates Security: 61
Storing application secrets 61
Certificate Secrets 61

Cosmos DB - No SQL Databases 61

Default Consistency: 62

Relational Databases 62
Azure SQL, SQL Databases 63
Firewall: 63

Message based Integration Architecture 64

Event Grid: 64
Relay Service 64
Notification Hub: 65
Event Hub:A big data streaming platform and event ingestion service 66
Service Bus Queue 67
Microsoft Graph API 67

AutoScaling 67

Azure Architecture Center & Design Patterns 68

Final 68
Live Azure Exam Lab: 68
Memorising Powershell & CLI Commands 69
Amazing Resources: 69
 Microsoft Azure

Azure URL :
[email protected]

Free tier started 29th - Apr. End Date 28th May.

New Account:

https://portal.azure.com

Certification Done: ​Exam Retired:

70-535 Architecting Microsoft Azure Solutions

New in 2019:
 ● Exam AZ-300: Microsoft Azure Architect Technologies
● Exam AZ-301: Microsoft Azure Architect Design

Azure HA:

Fault Domains :
VM will be distributed across different physical hardware .ex 2 domain, so two physically separate machines.
Update Domain :
1-20, schedule rollout of windows/azure fixes etc, in different segments upto 20 , these machines might be rebooted , if machines are in update domains, it
will affect only subset not all .

Availability Zone:
in limited regions
Microsoft has given ability to deploy VM in specific dc in region, which has multiple different locations 1-3,

Availability Set
: An Availability Set is a logical grouping capability for isolating VM resources from each other when they're deployed. Azure makes sure that the VMs you
place within an Availability Set run across multiple physical servers, compute racks, storage units, and network switches

No Load balancing in availability set/zone, need to deploy LB manually

B1s is free for 750 hours

New Account:

● B1s is free for 750 hours

Monitor a VM:

Enable Guels-level Monitoring in Diagnostic setting

Setting up Virtual Machine Scale Sets VMSS:

Allow us to create VMs which can scale from 1-100 when needed.

1st May - Free tier started 29th - Apr. End Date 28th May.

Setup
- Credit valid for 1 month, Most of services are free for 1 year
- https://portal.azure.com/

Setting a Budget
- After 30 days free trial will end and pay-as-you-go will start
- If it is pay-as-you-go, you can set budget to prevent over billing
- Go to Cost-Mgt-Pay-As-You-Go-> Create Budget, Budget details-> Dates all & then budget amount.
- Set alert to receive email when threshold reached as per alert config.

VM
- Create VM with windows 2016 datacenter, Admin Account: anuj/nailbyter@123
- Enable RDP 3389 port in inbound ports
- Create container in bash shell:
- az group create --name resGrp2-0105 --location eastus
- az container create --resource-group resGrp2-0105 --name democontainer --os-type Windows
--image mcr.microsoft.com/windows/servercore/iis:nanoserver --dns-name-label azdemo --ports 80
- az container delete --resource-group resGrp2-0105 --name democontainer
 - 54 regions & present in 140 countries.
- Public Cloud:​ ~28 regions , 6 regions that have restrictions.
Data respects Nations boundaries (“​geos​”) like canada data in canada, india in india etc.
- US Govt. Cloud​: Govt only, 8 Regions as of now.
- Private Cloud:​ Internal or Corporate cloud, Azure Stack (Download & install on prem)
- Hybrid Cloud​: Mix of on Prem, public cloud.

Cloud Concepts:
- Availability
- HA
- Scalability
- Elasticity - capacity can grow/degrow as per traffic.
- Auto-Scaling
- Faults
- Disaster Recovery

Delete resource group:

az group delete --name <resGRPName>
az resource list - list all resource

Subscriptions & resources

- Level at which billing happens
- Get Subscription either from Microsoft directly or get from some other provider.
- Management Groups can be nested.
-

Azure Blueprints:
Simplify large scale Azure deployments by packaging key environment artifacts, such as Azure Resource Manager templates, role-based access controls and
policies, in a single blueprint definition. Easily apply the blueprint to new subscriptions and environments and fine-tune control and management through
versioning.
Azure VMS
- General Purpose: Balanced CPU-to-Memory Ratio
- B,D,DS,A,DC series
- Compute Optimized - High CPU-to-memory ratio
- F,FS
- Memory Optimized
- E,ES,M,G,GS,D*,DS*
- Storage Optimized
- LS (S means usually SSDs)
 - GPU VMs
- NV,NC,ND
- High performance Compute - Fastest & most powerful
- H

LAB:
- Create a Windows 2016 VM,

High Availability - Options

- Availability Set:
- The availability set can only be configured when creating a virtual machine. You must recreate the virtual machine to move it in or out of an
availability set.
- Fault Domains​ - so that power outage doesn’t take down your app., without this your both VMs might have gone down if the same
power source was powering them.

- Update Domains​ - scheduled maintenance - total 20 segments, 1 at a time, so if you select 10 domains, your machine will be available
under many domains ensuring HA

- Availability Zone- Might not be available under all regions.

- Under that region, VM will be deployed.
- No Load balancing, in either zone/set. Need separate LB
 -

Availability SLA wikipedia downtime

 Azure VM Monitoring
Azure Monitoring collects host-level metrics – like CPU utilization, disk and network usage – for all virtual machines without any additional software. For
more insight into this virtual machine, you can collect guest-level metrics, logs, and other diagnostic data using the Azure Diagnostics agent

- Enable Guest Level Monitoring under VM->Diagnostic Settings

Azure VMSS - Virtual Machine Scale Sets

- Search in All services for VMSS
- Scale out / Scale in as per the load CPU utilization in particular time.
- Traffic is load balanced b/w VMs in the Scale set

Dedicated Hosts & Host Groups

Dedicated Hosts:
Azure dedicated hosts provides physical servers that host one or more Azure virtual machines. Your server is dedicated to your organisation and workloads
capacity is not shared with other customers; this host level isolation helps address compliance requirements. As you provision The Host you gain visibility into
the server infrastructure and you determine the host’s maintenance policies.

Host Groups:

- Host group is a resource that represents a collection of dedicated hosts. you create a host group in a region and an availability zone, and add host to it
- Host is a resource map to a physical server in Azure data centre
 - Each host can host multiple VM’S, they should be of the same size series.
- Host group is created in one availability zone

Powershell
- Install Latest powershell from website
- On PowerShell CLI
- Check Version
- $PSVersionTable.PSVersion
- Get-InstalledModule​ -Name​ Az​ -AllVersions​ | select Name,Version
- Connect to account
- Connect-AzAccount - it will prompt to enter code in URL to have you logged in CLI.

- Change Subscription
- Get-AzSubscription
- Change to another one
- $context = Get-AzSubscription -SubscriptionID 913a274d-722b-422e-8c74-2e657a575b19
 - Set-AzContext $context
-
Creating a VM In powershell
- Get-AzResourceGroup - list of existing ResourceGroups
- New-AzResourceGroup -Name resGRP0405 -Location EastUS
- New-AzVM -ResourceGroupName "resGRP0405" -Name "vm0405" -Location "EastUS" -VirtualNetworkName
"vnet0405" -SubnetName "default" -SecurityGroupName "secGRP0405" -PublicIpAddressName "myipaddr"
-OpenPorts 80,443,3389
- It will ask for a password for the VM which you want to set, provide the same.
- Stop-AzVM -ResourceGroupName "resGRP0405" -Name "vm0405"
- Start-AzVM -ResourceGroupName "resGRP0405" -Name "vm0405"

Automated Deployment of VMs

ARM Templates
- Check Templates from ResourceGroup->Export Template->Resources->
Or
ResourceGrp->Settings->Deployments->viewTemplate->Download
- Main sections in Template.json
- Parameters
- Variables
- Resources
- Parameters.json - 1 section only called
- Parameters
- You can update the image reference section to deploy linux using the same ARM template.

Encrypt a VM
Using Bitlocker to encrypt storage in VM
- Marketplace - Key vault
- Create a new keyvault
- Keyvault can contain either
 - Keys
- Secrets
- Certificates
- KeyVault/VMs etc should be in the same region.
- New in 2020: Create Disk Encryption Set, add the key - all should be in same region
- While creating VM, attach disk with customer managed key & select the disk encryption set created in prev. Step. - VM should be in the same regions
too else u won’t see that “Disk Encryption Set”.
Src: ​https://docs.microsoft.com/en-in/azure/virtual-machines/linux/disk-encryption

Diagnosting settings on Resources

Dashboard -> ​Resource groups -> r​ esGRPName->​| Diagnostic settings

- On VM enable diagnostics

Baseline for Resources

- Store all Azure resources as script in CLI or some template as backup.
- E.g as ARM template in github
- From ResGrp-> Deployments-> Add to library for the deployment which you may want to save for future(which was the main action which created all the
resources)
- To view Template:
- Home->Templates->Template Name
- You can also create a powershell script as well for the same using sample script from documentation .
-

Monitoring Alerts:
You can create alerts, set action groups to send e-mail etc. when alert threshold is reached, example VM is down

Dashboard -> ​Resource groups -> R

​ esGrp - >​| Alerts

Create & test metrics - To create reports & can pin to Dashboard to persist them.
Create action groups
Dashboard - >​Monitor | Alerts-> Manage Actions

Monitor Cost in Azure

​ ubscriptions -​ ​Free Trial | Cost analysis
All services -​ S

Use different scopes for more details: cost by resource or service etc.

All services​- ​c​ost Management + Billing | Billing scopes ​- ​Cost Management + Billing

Storage Accounts:
Premium[SSD] vs Standard[HDD]

Replication options

LRSL:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy#:~:text=LRS%20is%20the%20lowest%2Dcost,durability%20compared%20to
%20other%20options.&text=To%20mitigate%20this%20risk%2C%20Microsoft,%2Dredundant%20storage%20(GZRS).

Data in an Azure Storage account is always replicated three times in the primary region. Azure Storage offers two options for how your data is replicated in
the primary region:
● Locally redundant storage (LRS) copies your data synchronously ​three times​ within a ​single physical location in the primary region​. LRS is the least
expensive replication option, but is not recommended for applications requiring high availability.
● Zone-redundant storage (ZRS) copies your data synchronously across ​three Azure availability zones in the primary region​. For applications requiring high
availability, Microsoft recommends using ZRS in the primary region, and also replicating to a secondary region.
● Geo-redundant storage (GRS) copies your data synchronously ​three times​ within a ​single physical location in the primary region using LRS​. It then copies
your data asynchronously to a ​single physical location in the secondary region​.
● geo-zone-redundant storage​ (GZRS)​, which uses ZRS in the primary region and also geo-replicates your data to a secondary region.
Geo-zone-redundant storage (GZRS) copies your data synchronously across three Azure availability zones in the primary region using ZRS. It then
copies your data asynchronously to a single physical location in the secondary region.

With GRS or GZRS, the data in the secondary location isn't available for read or write access unless there is a failover to the secondary region. For read access
to the secondary location, configure your storage account to use read-access geo-redundant storage (RA-GRS) or read-access geo-zone-redundant
storage (RA-GZRS). If the primary region becomes unavailable, you can choose to fail over to the secondary region. After the failover has completed, the
secondary region becomes the primary region, and you can again read and write data.

Within the secondary location, data is always replicated synchronously three times using LRS. LRS in the secondary region protects your data against
hardware failures.
GZRS is recommended for mission critical apps
 Blog Storage: helpful if you are just going to share those files through some website, hotlink kind of

Under networking either y​ou can allow access from public facing, or only within the virtual network like below :

Add Storage accounts to a Virtual Network

Add a existing or create new virtual Network then.
Add containers : under blob service.
Access Keys in storage account - 2 keys in case apps are using , so u can refresh one keys while apps are using other & vice versa
Shared access signature: Using access keys u can generate diff URLs for secure access with granular permissions.
Using the URLs and access token you can access those areas using API or browser also.

Log Analytics:

IAM access:
Assign roles to users:
Later On you can change replication type under storage-account->Configuration - > change to GRS then see under geo-replication

For failover scenario: using Read access GRS so we have a secondary endpoint to be used in case primary location goes down.
Example: storageaccount->Properties: same name as primary except it appends-secondary to the name.
Outage:
 Virtual Networks:

Basically 20 will be 1 so not changeable, & zeros will be ip range, so 4096 IPs in total in that range.
You create subnets mainly to distinguish b/w firewalls,DMZs/frontends/backends etc. - CIDR

You can create a Public IP too and can create a IPv6 also which u can use with some LB
DNSNameLabel

Create Route Table:

Under Routes:
Create a route in route tables. :
Above a route in route table
Under route-table->subnets associate route table with existing subnet backend
Traffic that flows through this subnet has to follow this route table.

Application Security Groups:

In a security Group you can place all your different resources.

I installed a ubuntu VM, used the same public ip which i created earlier. And was able to access default page afer installing apache on ubuntu ,
sudo apt install apache2

In that VM, under Networking -> application security groups, link with the application security grp which you created. And then under Inbound port rules-
Add rule - in destination select that security group.

Once added, all inbound traffic will be allowed on resources/vms which are part of that ASG - Application security group.
Peering :
Connection b/w two virtual networks
Peering is created both ways.
 Create a Test3 peering with test1 in west India to test global peering - but in earlier we already have test2-test1 so what happens ?
Answer is chaining peering.i.e configure forwarded traffic setting - enable this in peering test1->test2 so that test3->test1->test2.
There is pricing for peering for bandwidth inbound as well as outbound.

Azure-to-azure Virtual Network Gateway

- Under test1 virtual network add a gateway subnet
- Then create a new under services in ​Virtual Network Gateways​ &
use that Gateway subnet, it will automatically populate if you select that
virtual network. It will take lot of time to create 15-20 min
- Create other one in other region like india/japan
- Once created go in that virtual network gateway-> ​Connections
- Add new - Vnet-to-Vnet ,
- As you can see now you have a connection from Test1-test3 in
another region.- pic below
- Site-to-site to connect from your network example VPN from
enterprise.

A ​virtual network gateway​ is the software VPN device for

your Azure ​virtual network​. Use this with a ​connection ​to
set up a site-to-site VPN connection between an Azure
virtual network​ and your local ​network​, or a VNet-to-VNet
VPN connection between two Azure ​virtual networks​.
Azure VPN

Different VPN options:

-WFH

-From office
ExpressRoute:
ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection facilitated by a connectivity provide
ExpressRoute connections do not go over the public Internet

ExpressRoute Direct:

Connect directly to the global microsoft without need to third party partner edge:
ExpressRoute Direct gives you the ability to connect directly into Microsoft’s global network at peering locations strategically distributed across the world.
 Speeds upto 100gbps for massive data ingestion , Main features :
● Massive Data Ingestion into services like Storage and Cosmos DB
● Physical isolation for industries that are regulated and require dedicated and isolated connectivity like: Banking, Government, and Retail
● Granular control of circuit distribution based on business unit

Virtual WAN:
Azure Virtual WAN is a networking service that brings many networking, security, and routing functionalities together to provide a single operational
interface. These functionalities include branch connectivity (via connectivity automation from Virtual WAN Partner devices such as SD-WAN or VPN CPE),
Site-to-site VPN connectivity, remote user VPN (Point-to-site) connectivity, private (ExpressRoute) connectivity, intra-cloud connectivity (transitive
connectivity for virtual networks), VPN ExpressRoute inter-connectivity, routing, Azure Firewall, and encryption for private connectivity.
Connect multiple offices together basically using WAN.
 Azure Active Directory
You can create Groups & roles for new users:
Groups like :
Customer
Tech Leaders
Business Leaders etc.

Roles:

Add a custom domain names instead of default ones.

Add an entry like above in namecheap or any to verify your domain.

Azure AD IT protection :
With premium subscription you can protect suspicious user logins etc. Under risk policies.
Password Reset - part of premium:
Azure Conditional Access:
In Azure AD Conditional Access & more fine grained access
Access Reviews:
under Identity Governance - Azure Active Directory (Azure AD) access reviews enable organizations to efficiently manage group memberships, access to
enterprise applications, and role assignments. User's access can be reviewed on a regular basis to make sure only the right people have continued
access.

Needs premium P2 license to access:

Hybrid AD:
Azure AD + On prem identity provider(Windows server AD or another directory)

Azure AD Connect
Manage your on-premises resources, authentication configurations, and on-premises infrastructure using Azure AD hybrid services.
You can search for it from services or it will be available under Active Directory TAb :

Download Azure AD connect setup install & then synchronize on premise with Azure AD

Federation : Azure will check with On-prem for auth status, no password sync

Seamless Single Sign on : if person is already on computer, to use that auth for other
cloud apps.

Pass through: without password sync, seamless login

This feature is an alternative to ​Azure AD Password Hash Synchronization​, which
provides the same benefit of cloud authentication to organizations. However, certain
organizations wanting to enforce their on-premises Active Directory security and
password policies, can choose to use Pass-through Authentication
Azure Active Directory (Azure AD) Pass-through Authentication allows your users to sign
in to both on-premises and cloud-based applications using the same passwords. This
feature provides your users a better experience
Azure Site Recovery
- Recovery Service Vaults:
A Recovery Services vault is a storage entity in Azure that houses data. The data is typically copies of data, or configuration information for virtual machines
(VMs), workloads, servers, or workstations. You can use Recovery Services vaults to hold backup data for various Azure services such as IaaS VMs (Linux
or Windows) and Azure SQL databases. Recovery Services vaults support System Center DPM, Windows Server, Azure Backup Server, and more.
Recovery Services vaults make it easy to organize your backup data, while minimizing management overhead.
Using this you can have failover easily either from azure failed region or from on prem too.
- Download backup software on on-prem VMs or Azure VMs,
- In Azure under VM - > Backup select the recovery vault,
- Or under the recovery vault also you can select that VM to backup.
-

For replication under vault you need to prepare on-prem site recovery
first.

Serverless Computing
In the Marketplace you can have apps like wordpress/Joomla/kubernetes/apache-mesos etc. as a service instead of creating everything from scratch.
Function Apps:

Create a function app, which lets you group functions as a logical unit for easier management, deployment and sharing of resources. Functions lets you
execute your code in a serverless environment without having to first create a VM or publish a web application.

Plan type consumption(Serverless) vs App service plan(choose server)

In VS code, installed varoups extensions and npm etc to develop locally then connected to azure & deployed to azure :

Using below URL was able to test the function :

http://anikatomar.azurewebsites.net/api/HttpTrigger1?code=4J3JpsYTUvtxzjXhHj5NBa/cPBng0/V2p8eYoZFayj5oCVDwH8LpAg==&&name=anuj

Was Able to test from azure portal also like below :

Any additional setting in local.settings.json u might need to add same under azure also under : configurations:
Logic Apps:
Example with above function :
 Additionally a file was created with passed parameter as part of the usual function HTTPTrigger

Azure Event Grid :

 Check and add resource provider in your subscription : Microsoft.EventGrid

Check Event subscription :

Created a resource group event gid subscription under resource groups , then endpoint for that mentioned as our logic app as a webhook which we created
earlier, need to provide that URL as endpoint so that if anything deleted in that resource group that will be called, it can be anything

Service Bus :

Create a service Bus Namespace with basic subscription which is cheapest, Create a Queue then u will get a queue URL:
 Load Balancer
Basic vs Standard:
Basic - health probes only TCP/HTTP only & backend endpoints in single availability set or VMSS, upto 100
Standard, Health probe - above + https, any VM in single virtual network, mix of VMs , availability sets, VMSS sets etc., upto 1000, HA

- Created a LB, either create individual VMs without public IP, should be in same vnet, region, or using a availability set or VMSS also u can add a pool,
backend pool should not have mix of different VMs or VMSS using different vnet NIC else it will give conflicts.
- Health probes - add to TCP - port or HTTP to any health.html file
- Add two public IPs for lets say different apps under frontend applications:
- Then using those two frontend public IPs one can go to apache and other to tomcat , you can configure accordingly. Many diff apps.
- Only after adding inbound rules, LB IP worked : for tomcat/apache both

-
- Need to check how we can more securely define or constraint the same. ?
Application Gateway:
Using this you can add even IP addresses apart from usual which we added above. Which means you can use it with any provider like on Prem or AWS etc .

So using this i created 1 app gateway, then in backen pool with IP i added above instances 1 in apache pool and 1 in tomcat pool
Then two listeners 80 & tomcat with 8080
Then in rules used these listeners to route request to corresponding pool.u can use path based or simple rules etc.
After this using gateway public IP and context route i was able to go to either apache or tomcat, depending on port .

Azure Front Door:

Azure Front Door Service is Microsoft's highly available and scalable web application acceleration platform and global HTTP(s) load balancer. It provides
built-in DDoS protection and application layer security and caching. Front Door enables you to build applications that maximize and automate
high-availability and performance for your end-users. Use Front Door with Azure services including Web/Mobile Apps, Cloud Services and Virtual
Machines – or combine it with on-premises services for hybrid deployments and smooth cloud migration

Similar to Above, configure frondoor, Backend Pool host then rule, then check that frondoor IP to go to backen pool members

MFA
In AD you can against any user or many users setup MFS, which will then ask user to have 1 separate -phone or Authenticator app apart from the e-mail.

AD->Users-> MFA -> to enable/disable MFA for users

AD->Security -> Conditional Access, MFA

You can set ip ranges also
Fraud Alerts ->

App password in case needed for 2FA : ​nkskbjgsgrdbjkpt - [email protected]

One time Bypass for MFA :

Under AD-> Security->MFA:

Verifying Your Identity with MFA:

For more fine grained MFA settings ;
Under AD-> Security->MFA:-> ​Additional cloud-based MFA settings
RBAC - Role Based Access Control

Add a rule under IAM to provide fine granular access as per roles.
Example read only access to below user on a resource Group:

He will be able to access azure using his AD credential which we set earlier in AD, then he can see only resources in that resource group, but can’t add new.

This way you can provide access to other users to create resources etc, in specific resources like usual corporate structures, DBA, network, Admins etc.
Custom Roles:
Assign Role again to user.
While creating VM, validation was failing, so added a below rule, in Azure Powershell:

Still errors, some settings still needed.

App services :
Quickly build, deploy and scale web apps and APIs on your terms. Work with .NET, .NET Core, Node.js, Java, Python or php, in
containers or running on Windows or Linux. Meet rigorous, enterprise-grade performance, security and compliance requirements
used a trusted, fully managed platform that handles over 40 billion requests per day.

You can have multiple applications on same App service Plan

Under Deployment Slot, you can have CI/CD configured using Deployment center using CI/CD using github

App services Container App

A docker container app with nginx or private or docker hub image.
Again using Deployment center you can configure CI/CD for this

WebJobs - cron jobs like background processes - Available for only Windows OS - available under : Appservice->Settings->WebJobs

Continuous - runs always a services in windows, schedules -> only specific time - scheduled tasks
https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate#create-a-free-certificate-preview
Free Certificate for App services:
You can also map custom domain like anujtomar.com to this app service, Public IP of this app will be mapped to your domain name, but you will need to add
TXT & A-record to verify ownership on your hosting provider like namecheap.

For 1 time deployment you can FTP from FTP details under the manual deployment section in the deployment center.
Manual Deployment (push / sync) -> FTP then using app credentials which you can reset any time anyone can deploy to
webapps/www/root/ under this FTP location for you app to be visible.
In Docker App:
You won’t find a manual option but can provide a local git repo or github, in github the repo must have DockerFile using which it will be deployed in this
container.

Service Fabric App:

Azure Service Fabric is a distributed systems platform that makes it easy to package, deploy, and manage scalable and reliable ​microservices ​and containers

Created using below in Azure powershell BASH:

az sf cluster create --resource-group resGRPSF --location eastus --certificate-output-folder .

--certificate-password anujtomar@123 --certificate-subject-name
"egyanspace.eastus.cloudapp.azure.com" --cluster-name "egyanspace" --cluster-size 2 --os
UbuntuServer1604 --vault-name "egyanspacevault" --vault-resource-group resGRPSF --vm-password
anujtomar@123 --vm-user-name anuj

Download the pfx & pem created in the folder from which you ran above command in bash cli

Import the pfc cert in chrome or firefox under personal certs, then hit the URL

From cli similar to kubectl you can use sfctl, below example selecting cluster before you deploy microservices.

sfctl cluster select --endpoint ​https://egyanspace.eastus.cloudapp.azure.com:19080​ --pem

egyanspaceeastuscloudappazurecom.pem --no-verify
.pem is private key
Stateless - like a web server
Stateful - Use of reliable collections, store some data about users so that can route to available
service.

Reliable Service API - Query the service Fabric System Itself.

Actors Model - Similar to objects or MVC Controller

Example :User - name, e-mail, phone, preferences

 Azure Kubernetes Service : AKS
All Categories-> Containers -> kubernetes Services -> Create a kubernetes cluster

Code created with AKS in mind can be deployed to most of other vendors like AWS/GCP etc, but same is not true for other services like webapps/Service
Fabric

Check vCPU Quotas:

Pro tip - if you are getting insufficient vCpu for some resource try creating in another region, as the limit of 4 vCPU is specific to region only.

Command for Azure CLI: Powershell

Get-AzVMUsage -Location "East US"

Subscription -> FreeTrial- > Settings -> Usage + Quotas:

-----------------------------------
Connect to AKS using Azure BASH CLI:
az-aks get-credentials --resource-group ​rgCON​ --name ​egyan

kubectl get nodes

Src: ​https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough

- Create a file azure-vote.yml

- Backend is redis which is a caching platform.

For monitor Dashboard:

 - In Ubuntu WSL - install azure CLI
Was getting some errors so had to add repos again and then update.
sudo add-apt-repository universe multiverse
sudo add-apt-repository universe
sudo add-apt-repository multiverse
sudo apt update
#steps to install in Ubuntu 18.04 LTS
sudo apt install azure-cli
az help
az login - will open in chrome login with your account. & all set
az account show
Once done,
az logout

Installing Dashboard: run below command to get kubectl in azure cli in VS code
sudo az aks install-cli
Will be installed under /usr/local/bin/ - add to path if needed

After this run below to browse dashboard in VS code local

az aks browse --resource-group rgCON --name egyan

In case it asks token and even after giving token from ~/.kube/config you get errors in notifications from clusterUser, try below commands:

kubectl delete clusterrolebinding kubernetes-dashboard

kubectl create clusterrolebinding kubernetes-dashboard --clusterrole=cluster-admin
--serviceaccount=kube-system:kubernetes-dashboard --user=clusterUser

PS - a couple of times you will get an error that it exists already, so try 4-5 times .. it worked the 5th time for me. Or maybe wait instead, as delete might be
taking some time ?
 Data Security

Data Storage Encryption:

ARM Templates Security:

ARM templates are JSON files , readable, templates declare resources.

How to provide password in ARM template keeping it secure, ​ANS: keep it in Key Vault as secret.

Storing application secrets

Azure key vault supports two types of objects: Keys or Secrets

- Keys are cryptographic key

- Secrets are text, 25kb max.
Key vault keeps versions of each secret which can be accessed by a URL

Post the secret to the vault, and give it a name, then access the secret in app by name

Certificate Secrets
Key vault can interact with some CAs & can renew automatically if configured. Or bring your own CA.

Cosmos DB - No SQL Databases

Create a globally distributed, multi-model, fully managed database using API of your choice. Or try it for free, up to 20k RU/s, for 30 days with unlimited
renewal.
- Add a DB
 - Add collection under Containers:
- Collection is now called container in 2020 :)

Default Consistency:
under settings ,
Strong​, - Reads available across all as soon as write is done
Bounded Staleness​, Some delay in other regions, best for like stock ticker etc.
Session(Default)​ - Depending on session of User he will get consistency, another session will also see the data but with bit delay/
The "West US 2 writer" and the "West US 2 reader" are using the same session (Session A) so they both read the same data at the same time. Whereas the
"Australia East" region is using "Session B" so, it receives data later but in the same order as the writes.
Consistent Prefix​, - Sync in correct order, A, B, C not B, C, A
​Eventual​. - Order doesn’t matter, like/retweet count etc.

Relational Databases
Azure SQL, SQL Databases
Add a SQL database, it will ask you to create a SQL server also on which this SQL database will reside.
Choose a plan and then create, by default no access to any network. We will put it inside the firewall later.

Under Settings-> Connection Strings - connection string for this DB which you can with various ways: .NET/JDBC/Go/PHP

Geo-Replication
You can select other region as a secondary location for failover etc., it will be read only
You can manually failover too

Firewall:

From DB-> SQL Server-> Firewall & virtual networks

You can add your IP from ADd-IP or any other IPs , range or even vnet from which access will be allowed through the firewall.

You can connect with Azure AD too.

Azure SQL DB-> Query Editor for small updates, etc.

Not that much intuitive so you can use Microsoft SQL server Management Studio too.

Message based Integration Architecture

Event Grid:
Connects a lot of event sources inside azure to log of event handlers. See
previous section

Relay Service
Hybrid Connections vs WCF Relays:

Windows Communication Foundation (WCF) is a framework for building service-oriented

applications(SOA). Using WCF, you can send data as asynchronous messages from one
service endpoint to another.

Notification Hub:
Event Hub:A big data streaming platform and event ingestion service

Mainly with Phone apps, car fleets, IOts, fitness bands etc, they don’t need to call apps directly, instead they call event hubs which stores the data.

● Event producers: Any entity that sends data to an event hub. Event publishers can publish events using HTTPS or AMQP 1.0 or Apache Kafka (1.0 and
above)
● Partitions: Each consumer only reads a specific subset, or partition, of the message stream.
● Consumer groups: A view (state, position, or offset) of an entire event hub. Consumer groups enable consuming applications to each have a separate
view of the event stream. They read the stream independently at their own pace and with their own offsets.
● Throughput units: Pre-purchased units of capacity that control the throughput capacity of Event Hubs.
● Event receivers: Any entity that reads event data from an event hub. All Event Hubs consumers connect via the AMQP 1.0 session. The Event Hubs
service delivers events through a session as they become available. All Kafka consumers connect via the Kafka protocol 1.0 and later.
Service Bus Queue
Enterprise Grade messaging service, Supports two different delivery guarantees

Microsoft Graph API

To interact with Office 365 platform, Use graph AIP to create & send messages.

AutoScaling
Grow/Shrink as per demand, saving $$$. Different Patterns for autoscaling:
- On & off
- Adding resources
- Unpredictable autoscaling - on basis of CPU/memory
- Predictable auto scaling - On basis of schedules, like user’s timezone,availability etc.
Turn Off resources when they are not needed.
Only add resources never remove - this is bad, remove when needed,
CPU is unpredictable so check all factors for scaling and not just CPU.
Predictable - by schedule, like christmas or some other event which might give you lot of traffic, M-F 9-5 PM etc.
Azure Architecture Center & Design Patterns
https://docs.microsoft.com/en-us/azure/architecture/

Hub for architects info.

Check Design Patterns for different use case examples and what to use or how to remediate some of the challenges which you might be facing with your app.

Final
Live Azure Exam Lab:
below exams may contain Live labs, Could be 25% of total score, can be of any topic from curriculum.

It is difficult to test something that takes long like more than 30 mins, they want to test mainly initiation of tasks,MS have to be able to easily evaluate the
task as initiated.
Example of a performance test question:
 40-60 questions, 2.5 hours for the exam, no negative markings, more than just multiple choice, some questions can’t be reviewed.

New Question Types:

Performance based testing, presented with live azure portal & a temp account for lab
A set of 7-9 tasks to perform, objective is to complete the tasks not how you go about it.
Graded on the result, tasks not often dependent on each other.
Memorising Powershell & CLI Commands
If you are admin, you should be more comfortable with these commands, bookmark & go through some books to get hold of these
Azure CLI :​ Az vm list/create/delete - usually this is the pattern, eg. az keyvault list/create/delete, az network vnet list/create/delete delete
Powershell: ​Get-AzVM, New-AzVM, remove-AzVM
------------------------------------------------------------------------------------------------------------------------------------------

- Do the assignments/more hands on

- Read documentation from MS
- Do some POCs for CI/CD from scratch
Amazing Resources:
Here are some official Microsoft websites that you really should bookmark when studying for the AZ-300 exam:
Azure Code Samples:
https://azure.microsoft.com/en-us/resources/samples/?sort=0

Official Azure Documentation:

https://docs.microsoft.com/en-us/azure/

Azure Citadel - Labs and Workshops

https://azurecitadel.com/

Azure Hands on Labs

https://www.microsoft.com/handsonlabs/selfpacedlabs

Official Microsoft Azure YouTube Channel

https://www.youtube.com/user/windowsazure

Official Microsoft Developer YouTube Channel

https://www.youtube.com/channel/UCsMica-v34Irf9KVTh6xx-g

Download the Azure SDK's for .NET, PowerShell, CLI and other languages
https://azure.microsoft.com/en-us/downloads/

Official Github Repository for PowerShell Scripts

https://github.com/Azure/azure-powershell

Azure REST API Browser

https://docs.microsoft.com/en-us/rest/api/?view=Azure

*NEW* Azure Architecture Center:

https://docs.microsoft.com/en-us/azure/architecture/

*NEW* Azure Application Architecture Guide:

https://docs.microsoft.com/en-us/azure/architecture/guide

*NEW* Cloud Design Patterns:

https://docs.microsoft.com/en-us/azure/architecture/patterns​/