Azure Fundamentals Notes
Cloud Computing
Metered - charged for service
Characteristics
All characteristics must be met in order to be considered cloud - simply having a VM is not a
cloud
Resource Pooling - CSP (cloud service provider) sets up equipment/infrastructure
Broad Access - Uses any/many types of devices
Metered Usage - billed based on usage
Rapid Elasticity - expand available tech rapidly
Horizontal - adding more virtual machines to a pool
Vertical - scaling virtual machines performance
Self-Provisioning - The client manages their own needs
Virtualization
Hypervisor - software solution for OS virtualization
Type 1 Hypervisor - OS running on bare metal hardware (bare metal hypervisor) examples
being MS HyperV or VMware ESXI designed to manage multiple virtual machines hosting
Type 2 Hypervisor - App running on existing operating system. Limited in scope by OS
(non-mission critical)
Application Virtualizations (app streaming)
Application containers - Sends a bit of the platform necessary for an application, not the whole
OS
Software - Defined networking (SDN) - Client can configure networking communication without
impacting physical networking equipment of the cloud provider
Dedicated Virtual Machine Hosting - Client rents entire physical host
VM Sprawl - Expanding use of VMs than what is necessary. Microsoft Azure Advisor informs
you of misused resources.
Azure Pricing Calculator - Used to estimate services you might use and what the cost might be
Economies of Scale - Suggests that providers save money by building large networks. On the
client side, you only pay for what you’re using.
Capex - Capital Expenditures - provided by the CSP (cloud service provider)
MS offers compute capacity around the world in off hours.
Spot VMs allow you to run more compute power.
Homogeneous data center configurations.
Public Clouds
Vs
Other Types of Clouds
Public Clouds
Has the same characteristics
Resource Pooling
Broad Access - variety of devices
Metered Usage - Pay for crowd resources
Rapid Elasticity - Provision/Deprovision to expand or contact as needed.
Self Provision - Done by client
Microsoft offerings might be available based on specific regions
Private Clouds
Vs
Other Types of Clouds
Same characteristics but broad access limited to a single organization
On premise security
Capex - Capital expenses
Opex - operating expenses
Azure Stack
Virtual Machines
Azure App Service
Azure Active Directory
Azure Functions
You can reach out to public cloud when your resources are finite, after government allowance
Hybrid Clouds
Combines both private and public characteristics
Community Cloud
Community Members that share a common computing needs
Often Government, Pharmaceutical, Financial Services
Often that shared computing need is security
Regulatory Compliance may apply to community clouds, such as HIPAA, GDPR, PCI DSS
Azure US Government Cloud - 8 different regions are a part of that cloud
Germany has 4
Azure China has 4 regions
Azure IaaS - Infrastructure as a Service
Deploying managing network configurations, network security, storage, compute, and the
service level agreement for guaranteed uptime
Availability zone - AZ 1 or more data center within a region
They have redundancy in power network, and physical security
CSP responsible for hypervisor, network equipment, physical storage arrays
Tenant - responsible for VM deployment mgmt, vnets, and storage provisioning.
Azure IaaS examples - Storage Account, Vnets, virtual machines, azure firewall,
Benefits - accessible anywhere, less provisioning time, shared mgmt responsibility
Management through GUI management, Azure CLI, Azure PowerShell, Programmatic API calls,
and templates.
Azure PaaS - Platform as a Service
Responsible for infrastructure
Provisioning is done by the CSP
Referred to as a “managed service”
So the CSP might set up the network, server, and the database software, and as the tenant we
just manage the databases on it or configure access
Azure PaaS examples
● Azure Active Directory
Azure AD doesn’t support OUs, Group Policy,
So you have to deploy Azure as IaaS for full access
● Azure SQL Database
You don’t have to deploy hardware or update software
● Windows Virtual Desktop
Select a bundle, which is a combo of hardware and software
Manage PaaS through
GUI, CLI, PowerShell, API calls, and templates
Azure SaaS - Software as a service
You may need to do your own security outside of SaaS
Benefits include Accessibility from anywhere, No installation requirement, and user familiarity
Examples
Microsoft 365, Customized line of businesses apps
Web clouds
On Prem
● Owned and used by a single
organization
● Configuration Flexibility
● More complex to set up and maintain
compliance for security and data
governance
Public Cloud
● CSP data centers
● Less Flexibility
● Easier set up and maintenance
because it’s CSP responsibility
On Prem can be off site, but accessible to
only 1 org
Hardware
● Acquisition and shipping
● Configuration
● Ongoing Management
● Firmware Updates
● Decommissioning
Software
● Acquisition/licensing
● Configuration
● Ongoing Management
● Software Updates
● Decommissioning
Disaster Recovery
● Store on alternate site
● Redirect users to different dns
● Store duplicates in clouds
Hardware
● All of this is managed by the CSP
Software
● All of this managed by Azure/MSFT
Opex - Operating Expenses
Azure Includes a TCO calculator to determine
costs
CSP take advantage of economies of scale
CSP also has security accreditations
CapEx - Uses Capital Expenses
Migrating to the Cloud
Moving Physical Servers to VM, and then considering moving VMs to Azure cloud
Migrating On Prem Data
Data Migrating Over the Internet
1st thing to think about.
● Do we have a comparable system on the cloud that allows us to map data from local to
cloud
● Ensure security standards are being adhered to. And while transferring data you may
need to set up a VPN tunnel
● How much workload will you need to gain access to systems in the cloud
Lift and Shift Migration - Moving to the cloud with little to no change
Azure Migrate Service
Discover and migrate assessment of on-premises IT workloads
Detects on premises IT system dependences
Cost Determination on prem vs azure
Can discover VMs, VDI, Databases, Web Apps, Data (Azure Data Box)
You can have a physical data box sent to you to load data up to Azure
Azure Migration Service Steps
1. Create project
2. On Premises collector VM
3. Gathered data is sent to the Azure project
4. Organize discovered VMs into groups
5. View or download assessment
Microsoft Cloud Adoption Framework for Azure
It’s a guided template/tool/knowledge base for moving from On Prem to Azure Cloud
Naming and tagging conventions tracking template - Used to properly name things so that it
reduces complexity when migrating to cloud
Best Practices for Azure Readiness - Has readiness documents and templates such as guides
on how to set up the network
Migrate - Assess Workloads - Shows you how to use Server Migration Project
Managing Azure Services
Azure Data Centers - Microsoft created and secured data centers hosting azure in over 140
countries.
They are thoroughly physically secured
Physical protections, cameras, mantraps, scheduled visits, limited access, locations aren’t
publicized.
HVAC enabled
Racks are Locked
Customers can get access to Hypervisor servers, storage arrays, Network, Security, and UPS
devices
Networks on azure data centers use data layer connectivity/security among regions
60+ regions in 140+ countries
Azure region pairs - Replicated services in roughly adjacent regions
Pick region when deploying
Services vary between regions
Vm sizes
3rd party firewall appliance offerings
Consider regions offerings, data speed
Deploy VMs to same regions because VNETs don’t span Azure Regions
Sovereign Regions
Azure has specialized clouds and regions for government
Az cloud list --output table
Command line that shows various clouds
Make sure you’re being compliant with laws when picking azure sovereign regions
Azure Availability Zone - high availability within a Region
example
Clients connect to load balancer, with 3 VMs supporting the app available in 3 AZ zones (or 3
different data centers)
When creating a VM in AZ it asks you how many availability zones you want to use.
Resources that support AZ
● VMs
● Storage Accounts
○ Redundant
○ Zone Redundant Storage (stored across up to 3 AZ)
● Public IP Addresses
● Managed Disks
AZ vs Availability Sets
AZ
Redundancy within a region
Protection against failures related to an entire data center
Availaiblity Set
Redundancy within a Data Center
UPS, extra networks,
You can’t change AZ after creating the resource
You can add multitiered web apps in multiple AZs
VMs can only use managed disks from a single AZ
Data centers use Access control vestibules where outer door must be closed before inner door
opens
Azure Mobile App
Install on Android
Log In
VMs
Select a VM if one exists
From there you can see Stats, expand resources, access connectivity stuff or Connect to it.
If you connect it’ll send you back to the play store to install Remote Desktop 8
When you go back and tap connect again, you can add a vm, by pasting the hostname or public
IP
Web Apps
For web apps, you can monitor them and see their resources and performance.
Browse allows you to browse the app
Access Control (IAM)
You can add and manage control of apps by users/groups
Resource Group
A pay as you go resource group of everything you provided to a particular resource grouping
Cloud Shell
Command line access
Azure Command Line Interface (CLI)
Can install on Windows/Linux/macOS
Can be run in azure cloud shell online portal
You can use CLI to automate management
Installing Azure CLI
On Windows - use an MSI
On Linux use a package manager command such as apt, yum, zipper, or through script
installation
macOS - Homebrew package manager
How to Authenticate
On the cloud shell - it uses your initial login credentials
Use COMMAND
az login (it’ll open up a web browser to log in.)
Service principal
Like a dummy account with assigned permissions
az --version
Tells you the version of the CLI you have (always use the latest cli version)
Az --help
Lists commands you can use in azure cli
Example
Az vm
Manages vms
Az vm --help
Shows a list of the next set of commands you can do for the subgroup “vm”
Example
Create a Linux VM using CLI
(Look up what full line continuation means, I think it means just a hard return
Maybe the \ allows you to do a hard line return?)
az vm create \ (Creates a vm)
--image UbuntuLTS \ (uses a linux image)
--admin-username user1 \ (specifies user1 as the admin)
--ssh-key-value ~/.ssh/id_rsa.pub \ specifying a public key file for public
authentication
(you store the linux key on the machine that you’ll be managing the Linux VM from)
--resource-group RG1 \ specifies a resource group you’re putting the machine into
--location canadaeast \ specifies the region (in this example canada east)
--name Ubuntu1 names the VM
Installing Azure CLI
Download the Azure CLI
Run, accept terms, install, approve changes
Get-command az
Finds the commands for Azure CLI and also shows the source of the cmd file
You can press the up arrow to redo the last command typed
Get-command az | select source (the | key is piping you to specific details. In this case it
shows the full path of the command files source file location
CLI supports python because the CLI is built in python
az - flips through all the commands you can do from the next level of hierarchy after typing the
az command
cls - clears the screen
If you’re running CLI in Azure portal, you default to Windows Powershell, but you can run it as a
Bash (linux style) command window
az storage account list - shows your storage accounts. If you used the Azure Portal CLI it
prompted you to create a storage account, and thus at the very least it should show that one.
Az storage account list --query [].name
Az - azure command
Storage - pulls up the storage sub command
Account - pulls up account subcommand to storage
List - lists storage accounts
--query - does a search and returns specified results
[] - give you the ability to select anything, kind of like a wildcard?
.name - is a property of a thing, in this case the account names
So this whole command lists storage account names and nothing else
In Bash type clear to clear the screen
You aren’t automatically authorized to use CLI when you run it on prem
az cloud list - Shows any clouds that are available
Az cloud list --output table - changes the output information into a table
format
az vm list - Lists all info regarding vms
When you look at that, check the names in quotes to help you select output
fields
Az vm list --query [].osProfile.computerName
So computerName is a subheading of the osProfile, which is separated by
periods. The open and closed brackets defin an array, in this case with no
parameter, it suggests everything within that array
These parameters are case sensitive
Az interactive - Sets the mode of the command shell to one that prompts you
with possible entries it seems
Using the %% before an az command takes you to that so that you don’t have to
keep typing from the beginning
Example
%%storage - starts you off in the storage command so that you don’t have to
keep typing az storage before each next command
Exit - exits interactive mode
Commandlets - groups of commands attached to a function
Azure Powershell
- around since 2006 use power shell to run commands or cli
You can install that locally via an MSI
In powershell on your pc, you can run an install of the Azure powershell by
typing
Install-module - name az
connect-AzAccount - connects your AZ account to powershell locally
Get-Command - list of commands, Get Help - detailed info about a specific
command
Get-Command *azvm* gives you a list of Azure Virtual Machine commands
Get -Command *azvm* -module Az.Compute | more
Gets a list of commands for Azure Virtual machines that relate to the
Computer module, and the pipe more limits the search to whatever shows up on
the first screen
Get-module -list *az* gets all modules (groups of commandlets) related to
Azure
-AllowClobber Overrides conflict messages
Get-command -module az.compute | more
Gets commandlets and lists them from a the az.compute module
You can also use Powershell in Docker (self contained program)
If you grab the script for Powershell install from MS it will prompt you to
get rid of AzureRM if it exists (old AZ)
Create a virtual machine in powershell
First get credentials
$creds=Get-Credential
$ before variables
Get-Credential gets a credential for access
So in this case you’re assigning a variable the act of getting credentials.
It’ll prompt you for the username/password and store it in that variable
New-AzVm ` The ` (backtick) allows you to put another line
-ResourceGroupName “Rg1” -Name Winsrv2016-1” ` Assigns to a resource
group and names the virtual machine
-Location “CanadaCentral” -VirtualNetworkName “VNet1” ` Assigns a
location and virtual network
-SubnetName “Subnet1” -SecurityGroupName “winsrv-nsg” ` Assign to a
subnet within the vnet, also assigns it to a security group which
controls traffic to the vm.
-PublicIpAddressName “winsrv2016-1-pubIP” ` Applies a public IP address
retainer to it
-Image “MicrosoftWindowsServer:WindowsServer:2016-Datacenter:latest”
=OpenPorts 3389 -Credential $creds
Specify the image, opens a port and assigns the credentials.
Power Shell Script files have a ps1 script file extension
Get-azvm lists vms
Get-azvm | get-member -type property
Shows all the properties associated with azvm
Once you have the list of properties, you could use that to help determine
the exact property you want such as
Get-azvm | select name which just shows the name of your vms
New-azadgroup -displayname WestGroup1 -mailnickname WestGroup1
Creates an Azure AD group called WestGroup1
Remove-azadgroup removes a group
Azure Resource Groups
Organize Related Resources as a single entity
Then you can manage all the resources within that group as a whole
In creating an az resource group
Tie to a subscription and select a resource
What can you do to a AZ resource group
View resource
Assign policies
Role based access control - used to grant other admins limited access
View Charges / Budget Alerts
You can move objects between resource groups, as well as move resource groups
themselves
In portal, create resource. Search resource group, or go through navigation
bar and select resource groups
BASH does CLI, but Powershell does Powershell and CLI
Type CODE to edit files directly from the Azure Powershell
Subscriptions and ARM Templates
Azure Accounts are globally unique
Azure charges are tied to subscription
Tied to one account
Can be monitored at Resource Level, and can be monitored through budget alerts
If you’re going to apply such simplistic
mathematics to a such complex
problem: why not just wish everyone was half their size?
Azure Resource Manager (ARM) Templates can be used to manage and deploy resources in
azure.
Infrastructure as Code (IaC)
Uses JSON syntax
Examples of resources you can manage
Storage accounts, app services, VMs, databases, load balancers
After you create a resource, you can download the template based on the selections you made,
in order to use that template to do other resources
Examples of ARM syntax
“Parameters”:
{“virtualMachines_vm1_name”:
{“defaultValue”:”MyVM”, “type”:”String”},
…
“Location”:”canadaeast”,
“Properties”:
{“hardwareProfile”:
{“vmSize”:”Standard_B1s”
...
You can download templates for resources, resource groups, and vms (from the
properties > export template)
Deploy templates using Azure Portal, CLI, or Powershell