Az 900
Az 900
Az 900
> Instead of owning physical servers or infrastructure, users can access these resources
remotely from cloud service providers.
Cloud providers :
Cloud providers are companies that offer cloud computing services and infrastructure to
businesses and individuals. Here are some of the major cloud providers:
//Definition: Cloud computing means using remote servers hosted on the internet to store,
manage, and process data, instead of using local servers or personal computers.
2. Scalability: Cloud services offer the ability to scale resources up or down quickly based
on demand, enabling organizations to adapt to changing needs without investing in
additional hardware.
3.
4. Accessibility: Cloud resources can be accessed from anywhere with an internet
connection, enabling remote work and collaboration among teams.
5. Reliability: Cloud providers typically offer high availability, redundancy, and disaster
recovery features to ensure continuous operation and data protection.
6. Innovation: Cloud computing provides access to a wide range of services and tools for
developing, deploying, and managing applications, enabling faster innovation and time-
to-market for businesses.
1. Application Hosting: Hosting web applications, mobile apps, and APIs in the cloud for easy
access and scalability.
2. Data Storage and Backup: Storing and backing up data in the cloud to ensure
accessibility, redundancy, and disaster recovery.
3. Development and Testing: Building, testing, and deploying applications in cloud
environments to streamline the development process.
4. Disaster Recovery: Using cloud services for backup and disaster recovery to ensure
business continuity in case of data loss or system failures.
Service
Model Description Example Providers
Provides virtualized computing resources (servers, storage, AWS EC2, Azure Virtual Machines,
IaaS networking) over the internet. Google Compute Engine
PaaS Offers a platform for building, deploying, and managing Heroku, Google App Engine, Azure
Service
Model Description Example Providers
applications without managing the infrastructure. App Service
Delivers software applications over the internet on a
SaaS subscription basis. Gmail, Office 365, Salesforce
1. Public cloud : In a public cloud deployment model, cloud services are provided over
the internet by third-party service providers.
>The term 'public' indicates that these services are accessible PUBLICLY over the internet.
EX : Amazon aws, Microsoft Azure, Google Cloud Platform, and IBM Cloud.
3. Hybrid cloud :
The hybrid cloud deployment model is a way of organizing computing resources where a
company uses a combination of both private and public clouds to run its applications and store
its data.
Hybrid cloud lets you mix and match, so you can use your own space for important stuff and
rent extra space or tools when you need them. It's like having the best of both worlds.
AVAILABILITY OPTIONS :
These options aim to minimize downtime, maintain service reliability, and maximize uptime.
Some common availability options include:
High Availability: This ensures that applications remain accessible even if one component or
region fails.
1. Fault Domain:
A fault domain is a logical grouping of hardware within a data center or availability zone
that shares a common power source, cooling, and network connectivity.
The purpose of fault domains is to minimize the impact of hardware failures or
maintenance events on the availability of services.
By distributing resources across fault domains, applications can remain available even if
a fault affects one of the domains.
In Azure, for example, when deploying virtual machines, you can specify the number of
fault domains to which the VMs should be spread to ensure high availability.
2. Update Domain:
An update domain is a logical grouping of resources that are updated or patched together
during maintenance operations.
The purpose of update domains is to minimize the risk of service interruptions during
updates or maintenance activities.
By dividing resources into update domains, updates can be rolled out gradually across the
infrastructure, ensuring that only a subset of resources is affected at any given time.
This helps maintain the availability and reliability of services during maintenance
windows.
In Azure, for example, when deploying virtual machine scale sets, you can specify the
number of update domains to control the rolling updates of VM instances.
In summary, fault domains and update domains are mechanisms used to improve the availability
and reliability of services in cloud environments by ensuring that resources are distributed and
managed in a way that minimizes the impact of hardware failures and maintenance operations.
Fault Tolerance:
The goal of fault tolerance is to ensure that the system remains operational and provides
uninterrupted service to users, even if individual components, such as hardware, software, or
network devices, experience failures.
1. Redundancy : This redundancy ensures that if one component fails, another identical
component can seamlessly take over its functions without disrupting the system's
operation. Redundancy can be implemented at various levels, including hardware
redundancy (e.g., duplicate servers), software redundancy (e.g., redundant processes or
services), and data redundancy (e.g., data replication).
2. Failure Detection and Recovery:
Fault-tolerant systems include mechanisms for detecting failures and initiating recovery
procedures automatically. These mechanisms continuously monitor the system's health
and performance, and if a failure is detected, they trigger appropriate actions to restore
normal operation. Recovery procedures may involve restarting failed components,
switching to backup resources, or rerouting traffic to alternative paths.
3. Isolation and Containment: Fault-tolerant systems isolate failures to prevent them from
spreading and affecting other parts of the system. Isolation mechanisms ensure that
failures are contained within the affected components or subsystems, minimizing the
impact on the overall system's availability and performance. Isolation techniques may
include using fault domains, partitioning resources, or implementing isolation
boundaries.
4. Continuous Monitoring and Adaptation:
These capabilities enable the system to dynamically adjust its configuration, resources,
and behavior in real-time to mitigate risks, optimize performance, and maintain
resilience in the face of new challenges or failure scenarios.
>DAY _2….
USERS : "users" typically refers to individuals or entities that interact with Azure
services and resources to perform various tasks and operations.
GROUPS : "groups" typically refer to collections of users that are managed together
for ease of access control and permissions management.
ADMINISTRATIVE UNITS : administrative units are like smaller teams within a larger
organization, each with its own set of administrators and permissions.
Blobs are optimized for storing large, unstructured data, images, videos, HTML
documents etc..
while files are suitable for storing structured data in a file share format. EX :Tables,
Xlsheet, json files etc..
Blobs are accessed directly via HTTP/HTTPS URLs,
while files are accessed using standard SMB protocols.[ Server Message Block (SMB) used
for accessing files, printers, and other resources on a network.]
Blobs are commonly used for media storage, backups, and content distribution,
files are used for shared file storage and application data.
Compute: [provides the compute power like memory and processor] Azure offers
various compute services, including Virtual Machines (VMs), Azure App Service, Azure
Functions, and Azure Kubernetes Service (AKS), for running applications and workloads.
Storage: Azure provides scalable and durable storage solutions like Blob Storage, File
Storage, Queue Storage, and Table Storage for storing data in the cloud.
Scalability: which means you can easily increase or decrease the amount of resources you use
based on your needs.
Pay-Per-Use Pricing: where you only pay for the resources you consume. This makes it
cost-effective because you don't have to pay for unused capacity.
Reliability and Availability: This ensures that your applications and data are always accessible
and protected.
Security:
Azure Policy: Azure Policy is like a set of rules or guidelines for managing and controlling your
resources in the Azure cloud. Azure Policy helps you keep your cloud environment in order.
1. Require Tagging: You can create a policy that requires all resources to have specific
tags, such as "Environment" or "Owner", to help with organization and cost tracking.
2. Restrict Resource Types: You might want to limit the types of resources that users can
deploy, for example, allowing only specific types of virtual machines or storage
accounts.
3. Enforce Encryption: A policy can ensure that all storage accounts or databases are
encrypted to protect sensitive data from unauthorized access.
4. Limit Regions: You can restrict resource deployment to specific Azure regions to ensure
compliance with data sovereignty or regulatory requirements.
5. Budget Controls: Policies can enforce budget limits to prevent overspending, for
example, by automatically shutting down or scaling back resources when costs exceed a
certain threshold.
6. Network Security: You can enforce network security rules, such as blocking inbound
traffic from specific IP ranges or requiring the use of virtual network peering for
communication between resources.
7. Identity and Access Management (IAM): Policies can enforce role-based access
control (RBAC) rules to ensure that users have the appropriate permissions to access
and manage resources.
8. Backup Requirements: You might create a policy that ensures all critical resources have
regular backups configured to prevent data loss.
9. Compliance Checks: Policies can check for compliance with regulatory standards, such
as PCI DSS or GDPR, by verifying resource configurations against predefined rules.
10. Resource Cleanup: A policy can automatically delete or archive resources that have
been inactive for a specified period to reduce clutter and optimize costs.
Azure Role-Based Access Control (RBAC): RBAC enables you to control access to
Azure resources by assigning roles to users, groups, and applications based on their
permissions.
From portal
Owner
Grants full access to manage all resources, including the ability to assign roles in Azure RBAC.
Contributor
Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage
assignments in Azure Blueprints, or share image galleries.
Access Review Operator Service Role
Lets you grant Access Review System app permissions to discover and revoke access as needed by the
access review process.
Role Based Access Control Administrator
Manage access to Azure resources by assigning roles using Azure RBAC. This role does not allow you to
manage access using other ways, such as Azure Policy.
User Access Administrator
Lets you manage user access to Azure resources.
IAM often refers to the management of user identities and access permissions within cloud
platforms such as Azure, AWS, or Google Cloud Platform.
1. Guest Inviter: This role allows users to invite guests to collaborate with the organization's
Azure AD tenant. Users assigned this role can send invitations to external users to access
resources within the organization.
2. Member: Guest users can be assigned the Member role to grant them access to specific
resources or applications within the organization. The Member role provides basic access
permissions to resources based on the permissions granted by the resource owner.
3. Contributor: The Contributor role grants guest users the ability to manage and modify Azure
resources within specific resource groups. Guest users with the Contributor role can create,
update, and delete resources, but they cannot grant access to other users.
4. Reader: The Reader role provides guest users with read-only access to view Azure resources
within specific resource groups or subscriptions. Guest users assigned the Reader role can view
resource configurations, but they cannot make any changes.
5. Owner: The Owner role grants guest users full control over Azure resources within specific
resource groups or subscriptions. Guest users with the Owner role can create, update, delete, and
manage resources, as well as grant access to other users.
6. Custom Roles: Organizations can create custom roles with specific permissions tailored to their
collaboration requirements. Guest users can be assigned custom roles with permissions to
perform specific actions on Azure resources based on their collaboration needs.
These are some of the common roles that can be assigned to guest users in Azure AD. The
specific roles available may vary depending on the Azure AD configuration and the permissions
required for collaboration activities within the organization. It's important to carefully consider
the permissions granted to guest users to ensure that they have the appropriate level of access for
their collaboration activities while maintaining security and compliance requirements.
1. Global Administrator :
Role Definition: The Global Administrator role in Azure Active Directory (AAD) has full
access to manage all aspects of Azure services, including access to all resources and
administrative privileges within Azure AD.
Responsibilities: Global Administrators can manage user accounts, assign
administrative roles, configure access policies, and perform administrative tasks across
the entire Azure environment.
Scope: This role is typically assigned to individuals who need unrestricted access to
Azure services and resources, such as IT administrators or system administrators
responsible for managing Azure environments.
2. Service Administrator:
Role Definition: The Service Administrator role is similar to the Global Administrator
role but has administrative access limited to Azure subscription management.
Responsibilities: Service Administrators can manage Azure subscriptions, including
creating, modifying, and deleting subscriptions, as well as managing billing, resource
groups, and support requests.
Scope: This role is usually assigned to individuals responsible for managing Azure
subscriptions and billing within an organization.
3. Owner:
Role Definition: The Owner role in Azure Resource Manager (ARM) allows users to
manage all aspects of Azure resources within a subscription, including creating,
modifying, and deleting resources.
Responsibilities: Owners have full control over all resources within a subscription,
including the ability to grant access permissions to other users and assign roles to
resources.
Scope: Owners are typically individuals responsible for managing specific projects or
environments within an organization and have full control over the resources associated
with those projects.
4. Co-administrator:
Role Definition: The Co-administrator role is an older role-based access control (RBAC)
assignment in Azure that grants full administrative access to all resources within a
subscription.
Responsibilities: Co-administrators have the same privileges as Owners, allowing them
to manage resources, assign roles, and perform administrative tasks within a
subscription.
Scope: This role was commonly used in older versions of Azure for managing
subscriptions but has largely been replaced by more granular RBAC roles.
5. Custom Role:
Role Definition: A Custom Role in Azure RBAC allows you to define granular access
permissions tailored to specific job responsibilities or requirements.
Responsibilities: Custom Roles enable organizations to create fine-grained access
control policies that align with their security and compliance requirements, allowing
them to restrict access to only the necessary resources and actions.
Scope: Custom Roles are highly flexible and can be created and assigned at the
subscription, resource group, or individual resource level, providing precise control over
access permissions within Azure environments.
Owner: Owners have full access to all resources and can manage access to
resources, create and delete resources, and manage all aspects of the Azure
subscription.
Contributor: Contributors can create and manage all types of Azure resources,
but they cannot grant access to others or manage access control for resources.
Reader: Readers can view resources and resource-related properties within the
Azure subscription, but they cannot make any changes to resources.
User Access Administrator: User Access Administrators can manage user access
to Azure resources, including assigning roles to users and groups within the
subscription.
Service Administrator: The Service Administrator role is specific to the Azure
subscription and grants administrative privileges for managing services within the
subscription. This role includes managing billing, support tickets, and service
health.
Global Administrator (Azure AD): Global Administrators have full access to
manage users, groups, applications, and settings in Azure Active Directory (Azure
AD). This role is separate from Azure subscription roles but is often involved in
managing access to Azure resources.
Security Administrator (Azure AD): Security Administrators can view and
manage security-related configurations in Azure AD, such as conditional access
policies, identity protection, and security alerts.
Compliance Administrator (Azure AD): Compliance Administrators can view
and manage compliance-related configurations in Azure AD, such as data
governance policies and compliance reports.
These are some of the common administrative roles in Azure that help organizations
manage and secure their Azure resources effectively. Each role has specific permissions
and responsibilities, and assigning roles appropriately ensures that users have the access
they need to perform their tasks while maintaining security and compliance.
1. Manage Users:
To manage user properties, click on "Users" under "Manage."
Select the user you want to manage from the list.
You can then edit various properties such as display name, username, job title,
department, contact information, group memberships, and more.
2. Manage Groups:
To manage group properties, click on "Groups" under "Manage."
Select the group you want to manage from the list.
You can then edit group properties such as name, description, membership, and
group owners.
A custom domain is a personalized web address that you own and control, like
'yourcompany.com'. It allows you to create professional email addresses and use them for
authentication purposes across various online services. You can also customize websites and
login pages to match your brand, enhancing your organization's online identity and
professionalism."
Azure Resource Manager (ARM): ARM allows you to manage and organize Azure
resources by grouping them into resource groups and deploying them using templates.
import java.util.Scanner;
?🤔?
Hey bro its not for you
scanner.close();
reversedOutput += words[i];
// Append a space after each word (except for the last word)
if (i > 0) {
Serverless Computing: like an image cropping and editing and image> it is a single task. runs
without server
IAAS > Infrastructure as a Service (IaaS) provides virtualized computing resources over the
internet, including virtual servers, storage, networking, and virtual machines (VMs), among other
components. Users can provision and manage these resources on-demand, scaling them up or
down based on their requirements without needing to invest in and maintain physical hardware.
PAAS> Platform as a Service (PaaS) provides a cloud-based platform with tools and
services that developers can use to build, deploy, and manage applications without
worrying about the underlying infrastructure. PaaS offerings typically include
programming languages, development frameworks, databases, middleware, and other
tools needed for application development and deployment.
With PaaS, developers can focus on writing code and building applications without the
need to manage the underlying hardware, operating systems, or software infrastructure.
SAAS> Software as a Service (SaaS) platforms often provide applications that allow users to
store and manage data efficiently. These applications are hosted and maintained by the SaaS
provider, and users can access them over the internet without needing to install or maintain any
software locally.
**********************************************************************
IAAS> infrastructure as a service. [provides cloud base services like [storage, networking
resources over the internet
IaaS: Provides users with virtualized computing resources over the internet. Users have the most
control over these resources, including virtual machines, storage, and networking.
PAAS >platform as a service. [ provides tools [like various programming languages] over
the internet ]
PaaS: While users have control over the applications and data they develop and deploy, the
cloud provider manages the underlying infrastructure, including servers, storage, and
networking.
access to software applications hosted and managed by a third-party provider. Users have the
least control as they only interact with the software application through a web browser or API.
The provider manages all aspects of the application, including infrastructure, middleware,
application software, and data.
All three services are delivered over the internet from a cloud provider's servers to users and
businesses, allowing for scalability, flexibility, and accessibility from anywhere with an internet
connection.
EXAMPLE : G-mail
This means that the entire email infrastructure, including servers, storage,
networking, and software, is maintained and managed by Google.
Users don't need to install or maintain email server software: Unlike traditional
email setups where organizations would need to set up and maintain their own
email servers, with Gmail, Google takes care of all the backend infrastructure
management.
Users can access Gmail through a web browser or dedicated mobile app:
Accessibility from anywhere with internet access:
Public cloud
Private cloud
Hybrid cloud
1. Public cloud deployment model : you only pay for what you use,
2. In a public cloud deployment model, cloud services are provided over the
internet by third-party service providers.
3. "I understand that in a public cloud deployment model, the infrastructure and
services are managed and maintained by third-party providers like AWS, Azure,
or Google Cloud. These providers offer a wide range of services, including
servers, storage, virtual machines, and networking infrastructure. The term 'public'
indicates that these services are accessible to a broad audience over the internet.
This accessibility and the variety of services offered make public cloud
deployments a popular choice for businesses and organizations looking for
scalability, flexibility, and cost-effectiveness in their IT infrastructure."
4. Private cloud deployment model : a private cloud deployment model offers
organizations greater control, security, and customization over their cloud
infrastructure compared to public clouds. However, it comes with higher costs
and requires careful planning and investment to ensure a successful deployment.
Organizations must weigh the benefits and drawbacks of private cloud
deployment against their specific business requirements and budget constraints.
Cloud Computing
1. Service Models:
Infrastructure as a Service (IaaS)
Platform as a Service (PaaS)
Software as a Service (SaaS)
2. Deployment Models:
Public Cloud
Private Cloud
Hybrid Cloud
Community Cloud
Service Models:
1. Infrastructure as a Service (IaaS):
Virtual Machines (VMs)
Storage (e.g., object storage, block storage)
Networking (e.g., virtual networks, load balancers)
Containers as a Service (CaaS)
2. Platform as a Service (PaaS):
Web Hosting Platforms
Application Development Platforms
Database Services
Messaging Services
Serverless Computing
3. Software as a Service (SaaS):
Productivity Applications (e.g., email, office suites)
Customer Relationship Management (CRM) Software
Enterprise Resource Planning (ERP) Software
Collaboration Tools
Content Management Systems (CMS)
Deployment Models:
1. Public Cloud:
Multi-tenant environment
Services accessible over the internet
Managed by cloud provider
2. Private Cloud:
Dedicated infrastructure for single organization
Managed by organization or third-party provider
Offers greater control and customization
3. Hybrid Cloud:
Combination of public and private clouds
Allows workload portability and data sharing
Provides flexibility and scalability
4. Community Cloud:
Shared infrastructure for specific community or industry
Collaborative effort among multiple organizations
Offers shared benefits and resources
Region pair : for availability during worst scenario.
Microsoft create a paired zone to protect data during the disaster occurs.
AVAILABILITY OPTIONS :
These options aim to minimize downtime, maintain service reliability, and maximize uptime.
Some common availability options include:
High Availability: This ensures that applications remain accessible even if one component or
region fails.
update domains in Azure play a crucial role in managing updates, maintaining high availability,
and minimizing disruptions to applications deployed in the cloud. They provide a mechanism for
controlled and gradual updates, ensuring the reliability and resilience of cloud-hosted services.
Fault Tolerance:
The goal of fault tolerance is to ensure that the system remains operational and provides
uninterrupted service to users, even if individual components, such as hardware, software, or
network devices, experience failures.
5. Redundancy : This redundancy ensures that if one component fails, another identical
component can seamlessly take over its functions without disrupting the system's
operation. Redundancy can be implemented at various levels, including hardware
redundancy (e.g., duplicate servers), software redundancy (e.g., redundant processes or
services), and data redundancy (e.g., data replication).
6. Failure Detection and Recovery:
Fault-tolerant systems include mechanisms for detecting failures and initiating recovery
procedures automatically. These mechanisms continuously monitor the system's health
and performance, and if a failure is detected, they trigger a ppropriate actions to restore
normal operation. Recovery procedures may involve restarting failed components,
switching to backup resources, or rerouting traffic to alternative paths.
7. Isolation and Containment: Fault-tolerant systems isolate failures to prevent them from
spreading and affecting other parts of the system. Isolation mechanisms ensure that
failures are contained within the affected components or subsystems, minimizing the
impact on the overall system's availability and performance. Isolation techniques may
include using fault domains, partitioning resources, or implementing isolation
boundaries.
8. Continuous Monitoring and Adaptation:
These capabilities enable the system to dynamically adjust its configuration, resources,
and behavior in real-time to mitigate risks, optimize performance, and maintain
resilience in the face of new challenges or failure scenarios.
By organizing computer resources in this way, cloud providers can ensure reliability, scalability,
and efficient management of services for users around the world.
1. Replicating Data :
Replication in Azure means making copies of your data and storing them in
different places to keep it safe and available.
It's like making backup copies of your important files and storing them in
multiple locations to prevent losing them.
2. Types of Replication:
Azure offers different types of replication for different needs:
Locally Redundant Storage (LRS): Copies data within the same data
center.
Geo-Redundant Storage (GRS): Copies data to a different region for
extra protection against disasters.
Zone-Redundant Storage (ZRS): Copies data across multiple availability
zones within the same region for high availability.
Availability Zones are physically separate data centers within an Azure region, each with
independent power, cooling, and networking infrastructure. Azure provides Availability Zones to
ensure high availability and resiliency for applications and services deployed in the cloud.
Azure Virtual Network (VNet) : VNet is your private space in Azure where you keep your
resources safe, organize them neatly, and connect them securely to the outside world when
needed.
provides a scalable and secure network infrastructure in the cloud, allowing you to create
isolated network environments, connect resources, and control network traffic flow according to
your specific requirements.
Subnets:
Within your VNet, you can create smaller groups called subnets to organize your
resources based on their needs or functions.
Address Space:
You define a range of IP addresses for your VNet, like setting the size of your
network neighborhood.
NSG: Controls traffic in and out of your virtual network based on rules.
Firewall: Monitors and filters traffic at network entry and exit points to block
unauthorized access.
Load Balancer: Distributes incoming traffic across multiple resources to ensure
efficient use and prevent overload.
3. Load Balancer:
A load balancer is like a traffic cop directing cars on a busy road. It distributes
incoming traffic across multiple servers or resources to ensure they're used
efficiently and no single resource gets overloaded.
Imagine a load balancer as a traffic signal that distributes cars to different lanes,
preventing congestion and ensuring smooth traffic flow.
Vertical Scaling:
Horizontal Scaling:
Definition: Horizontal scaling, also known as scaling out or scaling horizontally, involves
adding more instances of servers or virtual machines to distribute the workload across
multiple machines.
Azure Resource Manager (ARM) templates are JSON files that define the infrastructure and
configuration of Azure resources. allow users to automate the deployment and management of
Azure resources.
A Network Interface Card (NIC), often simply referred to as a "network card" or "Ethernet
card," is a hardware component that enables a computer to connect to a network and
communicate with other device.
public ip : Public IP addresses are used for communication between devices over the
internet. They allow devices to send and receive data to and from other devices on the internet.
Private ip : Private IP addresses are used for communication within a local network. They
allow devices within the same network to communicate with each other without being directly
exposed to the internet.
Int
Az-900.