Microsoft Azure Architect Technologies(AZ 303) - amitbhilagude/userfullinks GitHub Wiki

Azure Monitoring Tools
1. Azure Monitor
  1. Free tool for monitoring Azure services and creates different dashboard.
  2. Cost is only associated with Data which will be stored into Storage
2. Azure Advisor
  1. Provides are recommendation on Security, performance, High availability cost.
3. Azure Service Health
  1. Monitors Health of Azure Regions
  2. Can notify to Regional incidents
4. Azure Security Center
  1. Central Dashboard for Azure Security Tool
  2. Has Free tier and Paid Tier
  3. Advanced Threat protections for VMs
5. Cost Management
  1. Provides usage
  2. Provides forecast for the month
  3. Set Budget
Azure Storage
1. Managed Storage and UnManaged Storage
  1. Managed storage which is managed by us and not Microsoft .e.g. Buy additional space into Hard disk and which will have fixed cost
  2. Unmanaged storage which is managed by Microsoft and it is charged based on GB per month and Read/Write transactions
2. Authentication with Storage
  1. Access Keys
  2. Shared Access Signature
  3. Role Based Access Control(RBAC)
  4. Deploy them into vnet so that only accessible in private space.
3. Replication and Failover
  1. Replicate data into multiple region for better throughput
  2. Replicate data into primary secondary region for disaster recovery
Virtual Machines
1. Supports Windows and Linux
2. Different plans available like General(CPU and Memory balanced), Memory optimized, Computing optimized, GUI optimized, Storage optimized and High Performance computing
3. High availability and Second point failure: Load balancing, Availability Set and Availability Zone.
  1. Availiblity Set: In Same data center/building with different physical infrastructure/harware
  2. Availiblity Zone: In different data center of same region.
4. SLA: Only available for premium or standards plans. Need to consider always for production workload.
5. Dedicated host: If there is requirement to dedicated infrastructure for VMs only for you and this is the options. If we don't use these options then infrastructure is always shared with VMs/Customers etc.
6. Disks are encrypted by default so it can only decrypted using Keys
7. VMSS: Good for autoscaling and load balancing. There is a utility provided by the Azure team to manage updates for VMSSes. It's a Python-based utility that can be downloaded from https://github.com/gbowerman/vmssdashboard. It makes REST API calls to Azure to manage scale sets. This utility can be used to start, stop, upgrade, and reimage VMs on in an FD or group of VMs.
  1. Three types of Updates requires on VMs.
    1. Application updates: Should be automated way. DSC is one tool. Need to explore more.
    2. Guest OS Updates: Manual activity and Azure is not taking care of it. There is one preview when you can set automatic updates.
    3. Image Updates: Changing the image URL.
  2. Best practices
    1. Choose scale out
    2. Choose dormant instances vs new instances. Dormant instances will image with all apps setup
    3. Autoscaling man and max limit.
    4. Use the async pattern always so that VM will not be blocked and available for updates
    5. Stateless application design
    6. N+1 Design pattern. e.g. Keep additional Vms or storage ready always
8. ARM templates: Deployment Automation
9. Azure Automations: It used for automating some of tasks in Azure. Create the set of instructions of powershell in runbook and schedule it.
Active Directory
1. Authorisation and Authentication
2. Set custom domain to change onmicrosoft.com to corporate name
3. Identity Protection on any suspicious activity detection
4. Free and Premium plan
5. Multiple Azure Tenants in one subscription
Hybrid Identities
1. AD Connect: Tool to sync On-prem Identities to the Azure AD. Also provide features like password writeback and so on.
Azure Migration
1. VM migration assistance: Assistance of VM Migrations.
2. DB Migration Assistance: Assistance of DB migration
3. Storage Migration Assistance with Azure Data box: External device provided by Microsoft where you can copy all data and send over to Microsoft and they will take care of restoring into Cloud
Load Balancing
1. Standard Load Balancer vs Application gateway
  1. Application Gateway is an L7 load balancer that can route traffic based on HTTP/HTTPS, session affinity, Cookie, SSL offloading, URL-based routing, etc. The Standard load balancer(Internal\Public) is an L4 load balancer that can route traffic based on TCP protocol, IPs or Port.
2. Traffic Manager vs Azure Front door
  1. Azure Front door is a new service that has similar features to Traffic Manager for multi regions.with Additional features like WAF, and CDN. The traffic manager works on DNS-based routing and takes a decision based on the health endpoint. It routing options based on priority, weightage, Geographic, and Subnet(Based on IP range configuration). Azure Front door does all things as an application gateway but it is a global load balancer and supports routing methods like Priority, Weightage, Session affinity, and latency.
Azure Firewall
Azure Basten Service
1. Helps to avoid exposing RDP ports for VMs. We can use this service. Login to this service and then access networks directly.
Azure Policies
1. Out-of-the-box policies available and can be created at the multiple level like at subscription, resource group etc level
2. You can create custom policies as well
App Services and Azure Functions
Logic Apps
Containers
noSQL database
1. No SQL database specifically designed for high scale and through put and they are not relational databases
2. noSQL DBs
  1. Azure Table Storage: Cheapest option but not a good performance
  2. Cosmos DB: First choice for noSQL. Good option with better performance
SQL
1. SQL Server on VMs
2. SQL Server Instances
3. SQL Server DBs
  1. Platform as Service: Fixed price billing
  2. Serverless: Pay as go per usage