AZ-900

Module 1: Cloud concepts

1. Cloud Characteristics

• High Availability: 少downtime
• Scalability
  • Vertical Scaling (up/down) 可加減cpu, ram, disk
  • Horizontal Scaling (in/out) 可加減vm數量
• Elasticity: 實時按使用調節資源
• Agility: 可立即加設備, 而On-Premise要等數日
• Fault Tolerance: 壞電壞碟唔驚
• Disaster Recovery: 一邊地震, 還有另一邊沒事

2. Principle of economies of scale: 如團購, cloud愈大愈平

3. CapEx vs OpEx

• CapEx, Capital Expenditure, On-Premise企業做project比大量錢買大機
• OpEx, Operational Expenditure, Cloud, 用幾多比幾多

4. Consumption-based Model, 你用乜(vm, storage, app), 用幾多比幾多

5. IaaS vs PaaS vs SaaS cloud service models

	On-Premise	IaaS	PaaS	SaaS
Applications [Data, Apps]	Own	Own	Own	MS
Runtime [IIS, Docker]	Own	Own	MS	MS
Middleware [Software]	Own	Own	MS	MS
OS [Windows, Linux]	Own	Own	MS	MS
Virtualization [VM]	Own	MS	MS	MS
Servers [Mem, CPU]	Own	MS	MS	MS
Network [Router, Switch, Internet]	Own	MS	MS	MS
Storage [HDD, SSD]	Own	MS	MS	MS
Usage		自己起VM	自己起AI, business analytic, SQL, APP service	只用而不起 One drive, Outlook, SKYPE

6. Public, Private & Hybrid cloud deployment models

• Public Cloud: AWS, Azure, GCP
• Private Cloud: On-Premise
• Hybrid Cloud: Both

Module 2: Core Azure services

7. Geographies, Regions & Availability Zones

• Data Centre
• Availability Zones
  • 同一Region內, 不同DC互連
  • 最少3個DC
  • Zonal Services 客人可揀3個DC中用其中2個作HA
  • Zone-redundant 客人可揀不同Zone
• Regions: 國家, 內有很多DC
• Region Pairs, 只一孖Region做HA, MS定實了
• Geographies, 如Americas, Europe, Asia Pacific, Middle East & Africa

8. Resources, Resource Groups & Azure Resource Manager

• Resource Manager
  • 以PORTAL/REST/POWER SHELL/CLI/SDKs控制
  • 可連AD
  • 目的去管理SQL/WEB/VM
  • Azure Resource Manager template 如Blueprint
• Resource (Service明細清單)
  • 買了服務, Resource便跟隨, 取消服務Resource便消失
  • 即是json config檔 (Type, ApiVersion, Name, Location)
• Resource Groups
  • 可以是一堆SQL/WEB為一group
  • 可以是一套SQL+WEB+VM+Storage為一group
  • 可以是以PROD/DEV 分group

9. Compute Services | VMs, VM Scale Set, App Service, Functions, ACI, AKS

• VMs, laaS
• VM Scale Sets, laaS, 一堆VMs在load-balance
• Azure Container Instances (ACI), PaaS
  • 如VM, 但沒自己OS, 用host OS
  • 比VM細, 可裝APP, 好方便
• Azure Kubernetes Service (AKS)
  • 如container, 生一個個node, 一個node裝一個container, 可做loadbalancer
• App Services, PaaS
  • Developer整一個WEB APP/ WEB SERVICE 的 Package / 整個container, 放入APP Service生成多個APP node給user用
• Functions, PaaS
  • 同APP Service一樣, 但只行一段function

10. Networking Services

• Virtual Network
  • 在Virtual Network內的VM可有subnet
  • Virtual Network之間要用VNET PEERING或VPN Gateway打通
  • Subnet可做network filtering 如(Network/Application Security Groups)

• VPN Gateway
  • 可打通Virtual Network及 On-Premises
• Load Balancer
  • 在VM之間做Load Balancer
• Application Gateway
  • 如果只提供WEB TRAFFIC(HTTP), 可由Load Balancer改用APP Gateway
• Content Delivery Network
  • 正在Web放在APP Service再放在一個DC, 太遠的國家上Web時要load大量JS, Images, CSS, html
  • CDN幫你分配App Service去不同國家, user連最近的POP就好

11. Azure Storage Services

• Blob storage, Binary Large Object
  • 專處理Unstructured data (PNG, MOV, EXE, TXT)
  • 一個又一個container裝Blobs, Blob storage裝這些container
    • Tiers (Hot, Cool, Archive)
• File storage
  • 如Blob, 一個又一個share裝files, File storage裝這些share
• Table storage
  • 儲一堆Semi-Structure data table (NoSQL)
• Queue storage
  • 儲小data (messages)
  • Run in Background
  • 預給scalable asynchronous processing
• Disk storage
  • 可整share drive, mount上local PC
  • Unmanaged: 客人自己manage, BLOB 內放 vHD
  • Managed: MS幫你管理, Disk內放Data

12. Database Services

• Cosmos DB
  • Semi-structured (NoSQL)
  • Geo distribution
  • 和Table DB一樣, 但取名不同
• SQL Database, PaaS/DBaaS
  • Structure
  • SQL Server
    • SQL Database (Database)
    • Power BI (Reporting Services SSRS)
    • Data Factory (Integration Services SSIS), 可起pipeline去copy data
    • Analysis Services (Analysis Services SSAS)
• Database for MySQL, Open Source
• Database for PostgreSQL, Open Source
• SQL Managed Instance, PaaS
  • 貴
  • Fully Fledged SQL Server
• SQL Data Warehouse, PaaS (Synapse), Big Data, 可visualized by MS Power BI
• SQL on VM, IaaS

13. Azure Marketplace

• Commercial Marketplace
  • Microsoft App Source
    • Azure
    • Power BI
    • Dynamics 365
    • Microsoft 365
  • Azure Marketplace
    • Azure

14. Azure IoT Services

• IoT Hub, PaaS
  • 可連一堆物件
  • 做Insights
  • Monitoring
  • APPS
  • Used by developer
  • Bi-directional communication between IoT device and cloud
• IoT Central (SaaS)
  • IoT Hub加強版
  • 可連一堆物件
  • APPS
  • Industry specific templates
• Azure Sphere
  • Set of component
  • MS提供MCUs chips給洗衣機
  • Azure Sphere Security Service管理chips

15. Azure Big Data & Analytics Services

正常處理Data流程:

• Azure Synapse Analytics, PaaS, Datawarehouse 進化
  • Studio
    • Synapse Pipelines
      • Developer 入Data
    • Apache Spark
      • Analytics and transformation Big Data
    • Synapse SQL
      • 可SQL Query 儲Data
  • Azure Data Lake Storage GEN2, 可儲不常用的data, 可visualized by MS Power BI
• Azure HDInsight
  • Big Data Clusters
    • Provide Open-Source BigData Technology
      • Hive, Spark, Storm, HBASE, Kafka, Hadoop, Machine Learning
• Azure Databricks (PaaS)
  • 像HDInsight
  • Spark
    • Data transformation
    • Collaboration Platform, 可在內起notebook處理sql bigdata

16. Azure Artificial Intelligence (AI)

• Azure Machine Learning Service (PaaS)
  • Notebook with Python, R
  • Designer, drag and drop the flow
  • Compute
  • Auto ML, score the best data
  • Pipelines 一tool包以上所有功能
• Azure Machine Learning Studio
  • Web portal for end-2-end development
  • Manage Machine Learning Workspace with web portal interface
• Machine Learning Workspace
  • Top-level Azure resource for management of Azure Machine Learning

17. Azure Serverless Computing Services

• Azure Functions
  • 只出一個coding function服務
• Logic Apps (PaaS)
  • Workflow, if yes to A, no to B, Loop, 可send email
• Event Grid (routing)
  • Blob, Azure, Event hubs, custom, 發topics event 去 Event grid
  • 然後發Subscribers去Function, Logic apps, Webhooks, Queue Storage

18. Azure Serverless Computing Services

Azure DevOps (前身TFS/VSTS)

Development and Operations, shorter development life cycle by providing continuous integration and delivery (CI/CD)

• Boards
  • 可track work, progress across team members, work status
• Pepos
  • 可儲code及version control
• Pipelines
  • Automate code, build, deploy to multiple environment (CI/CD)
• Artifacts (software)
  • Create host and share packages, software如7-zip
• Test Plans
  • Track testing progress
• Azure DevTest Labs (PaaS)
  • Sandbox, 比Developers tester去起vm去試不同環境

19. Azure Tools

• Portal, Web-based interface
• PowerShell, Teminal
• CLI, 可用Python
• Cloud Shell, 唔洗用自己電腦

20. Azure Advisor

起SQL, WEB, VM時, Advisor提供best practice.

• 建議包括
  • Cost
  • Performance
  • Reliability
  • Security
  • Operational Excellence

Module 3: Security, Privacy, Compliance, and Trust

21. Azure Security Groups

• Network Security Groups (NSG)
  • 在Subnet上set ACL
• Application Security Groups (ASG), 用在NSG rule內
  • 在Web/APP/DB 組上set ACL

22. User-defined Routes (UDR) with Route Tables

NVA, Network Virtual Appliance, Firewall

一般VM 有齊所有internal, default route, 但可用user defined routes去改route

23. Azure Firewall (PaaS, support FQDN)

24. Azure DDoS Protection

• Two tiers
  • Basic 版預設有
  • Standard版可monitor加緩和DDoS

25. Azure Identity Services

• Identity management
  • 可以是人with password
  • 可以是app/servers with secret keys or certifications
• Access management
  • Authentication & authorization
    • 授權給某某進入
• Azure Active Directory

26. Azure Security Center

• Scan
  • SQL, WEB, VM
  • 提供recommendation
  • 可在On-premise裝
  • 提供advisor
  • Two tiers
    • Azure Defender OFF
      • Actionable security recommendations
    • Azure Defender ON
      • Hybrid security, threat protection alerts, vulnerability scanning, Just-in-time (JIT) VM access

27. Azure Key Vault

• 存VM Keys, 防止別人拿走VM disk decrypt data
• 存Secrets (ip, username, pw)
• 存Certs
• Access policies
  • 邊d server用邊d keys, secrets, certs

28. Azure Role-based Access Control (RBAC)

Role Assignment 就是設定以下3項, what actions to Who to Where?

29. Azure Resource Locks

• User 有Owner role可delete VM
  • 可上lock防止delete VM
  • 可以Lock Scopes

30. Azure Resource Tags, 在每組Resource Group/ Resource 加tag

31. Azure Policy

Role-based Access Control (RBAC) 控制user可做什麼

Policy則控制Azure resource properties, 睇你咩國家/web or app/ SKU? 可防止你在某國家data centre起vm

• Effect
  • Deny
  • Audit 照行, 但提你not compliant
  • Append, Admin 可在事件實行之前改
  • Modify, Admin 可在事件實行之前改

Initiative = A group of policies

32. Azure Blueprints

每次都開同一樣Resource group, role assignment, resources, policy assignments太麻煩, 不如儲在Blueprint, 方便日後即起。

33. Cloud Adoption Framework for Azure 教你點由on-premise搬去cloud

• Strategy (了解點解要上cloud)
  • Motivation (Why move?)
    • Migration
      • 想慳On-premise成本?
      • 想減少On-premise複雜性?
      • 想減少Operation成本?
      • 想加強起機敏捷度?
    • Innovation
      • 想全球性?
      • 想客戶有良好體驗?
      • 想轉營或加強競爭力?
  • Business Outcome (What to measure?) 用什麼指標去量度轉雲是成功?
    • Revenue
    • Profit
    • Cost
    • Global access
    • New markets
  • Business Justification 商業理由 (What is my return of investment?)
    • 起一個financial model來支持Motivation及Business Outcome, 利用以下工具
    • Azure TCO (Total Cost of Ownership) Calculator 比較自己On-premise 及 在cloud成本
    • Azure Pricing Calculator 計算預計在cloud用幾多錢
    • Azure Cost Management 用cloud後一直監測成本
  • First Project 搵個輕鬆的project搬上cloud體驗一下先
    • Business Criteria 現在運行中, 有特定owner, 有搬雲意願
    • Technical Criteria 運行中,但對自己on-premise中沒高度dependence
• Plan (根據現行On-premise環境, 揀個搬雲plan)
  • Digital Estate (Inventory of assets)
    • Rehost 直接搬現有on-premise去IaaS VM
    • Refactor 改少少code就可以搬現有on-premise去IaaS VM
    • Rearchitect 因不相容, 要大改code才可以搬現有on-premise去IaaS VM
    • Rebuild 在cloud重起算
    • Replace 睇下cloud有乜現有的, 可改用, 同email轉用outlook
  • Initial Organization Alignment 和不同team一起夾
  • Skills Readiness Plan 各人員向公司報自己skillset, 因cloud都有不同範疇
  • Cloud Adoption Plan 綜合以上3項
• Ready (準備一下)
  • Azure Setup Guide ,睇guide
  • Azure Landing Zone 準備一下Code base, 方便之後redeploy
  • Extend Landing Zone
  • Best Practices, 望回Landing zone, 要有best practices, 日後難改
• Adopt (上雲了, 想migrate定創新)
  • Migrate
    • First migration (small Project)
    • Migration Scenarios (搬不同類別方法都不同VM, APP, DB, Other)
    • Best Practices
    • Process Improvements
  • Innovation
    • Business Value Consensus, 客戶需要和Cloud的策略要一致
    • Innovation Guide 睇cloud有咩工具可成為mvp, 最小可行產品
    • Best Practices
    • Process Improvements
• Governance (Comply, security standard) and Maintenance (Operations)

34. Core tenets of Security, Privacy, Compliance

• Documents & Websites
  • Microsoft Privacy Statement, 個人資料收集用途
  • Online Services Terms (OST), 法律條文, 叫公司機構用bing map/office時遵守
  • Data Protection Addendum (DPA) (Amendment), 如何保護你及你客戶資料
  • Trust Centre, 一站式網站, 提你Security, Compliance, Privacy, Policies, Practices
  • Azure compliance documentation, 和Trust Center一樣, 但專講Azure
• Azure Sovereign Regions
  • Azure Government cloud service, separated lifecycle and security requirement, 如美國國防部用的Azure
  • Azure China cloud services, 在中國要行雲, 一定要在中國register的公司, 而且外國股份少於50%, operated by 中國的21VIANET

Module 4: Azure cost management and Service Level Agreements

35. Cost Affecting Factors

• Resource types
  • VM(CPU,RAM,Uptime)
  • SQL(Storage)
  • Functions(Executions)
• Services
  • WEB DIRECT (Visual Studio, Azure Free)
  • Enterprise形式合作
  • Cloud Solution Provider形式
• Locations
• Ingress and egress traffic
  • Bandwidth 進入Azure免費, 流出Azure收費

36. Cost Reduction Methods

• Reservations
  • 一年/三年Plan
  • Pay as you go 貴
• Spot pricing, 你平常VM無用緊的resource, 給MS借來用, 會有折
• Hybrid use benefit, Windows VM會收埋Windows license費, 如你已有Windows license, 可減去費用

38. SLA and Composite SLA in Azure

• A promise of service’s availability (uptime & connectivity)
• Composite SLA, 所有SLA加埋
• Different service tiers都有影響
  • SKUs (Standard, Premium, Business Critical)

39. Service Lifecycle in Azure

• Development, MS起埸
• Public Preview, MS公測SQL/APP
• General Availability, SQL/APP 上線