Microsoft Azure Fundamentals

Get Started. It's Free
or sign up with your email address
Microsoft Azure Fundamentals by Mind Map: Microsoft Azure Fundamentals

1. IaaS

1.1. Virtual Machines

1.1.1. Status Running The VM is on and running normally Stopped The VM is stopped, but it is still consuming compute resources within Azure Stopped (Deallocated) The VM is stopped, and it is not consuming compute resources within Azure

1.1.2. Tiers Basic Well suited for workloads that do not require load balancing or the ability to autoscale Standard Support all Azure Virtual Machines configurations and features

1.1.3. Disks OS disk Persisted in Azure blob storage Windows machines get a 127 GB C: drive Temporary disk Physical disk located within the chassis of the server Referred to as the D drive for Windows VMs This is a variable size disk, illustrated rather confusingly as “disk size” on the pricing site, that is for non-persistent data. The drive is local on the Azure host and is not guaranteed to be there over time. On Windows machines, the paging file is on this D: drive and some DBAs might choose to store TempDB caching databases there (see D- and G-Series virtual machines). Data disk Maximum size of 1 TB Often used for storing application data Need to be formatted Where do you store data? Caching Data disks have caching disable by default

1.1.4. Endpoints The Azure Load Balancer exposes endpoints for an Azure cloud service. It is the configuration of the Azure Load Balancer that controls how requests from the Internet reach a specific port using a related protocol (such as TCP or UDP) on the VM As the Azure platform and Azure virtual machines continue to develop, endpoints will be deprecated by the Network Security Groups (NSG)

1.2. Azure Storage

1.2.1. Microsoft-managed service that provides durable, scalable, and redundant storage

1.2.2. Types Blob service The word blob is an acronym for binary large object Blobs are basically files like those that you store on your computer (or tablet, mobile device, etc.). They can be pictures, Microsoft Excel files, HTML files, virtual hard drives (VHDs)—pretty much anything. The Azure Blob service gives you the ability to store files and access them from anywhere in the world by using URLs, the REST interface, or one of the Azure SDK storage client libraries. Two kinds of blob File Share service Highly available network file shares that can be accessed by using the SMB protocol. This means that multiple virtual machines can share the same files with both read and write access. Table service Azure Table storage is a scalable NoSQL data store that enables you to store huge amounts of semistructured, nonrelational data. It does not allow you to do complex joins, use foreign keys, or execute stored procedures. Each table has a single clustered index that can be used to query the data quickly. You also can access the data by using LINQ queries and OData with the WCF Data Service .NET libraries. A common use of table storage is for diagnostics logging How to use Table Storage Queue service Used to store and retrieve messages Azure Storage Queue vs Azure Service Bus Queue

1.2.3. Microsoft Azure Storage Explorer

1.3. Virtual Networks

1.3.1. Overview Used in Azure to provide a layer of security and isolation to your services. VMs and services that are part of the same virtual network can access each other. By default, services outside the virtual network cannot connect to services within the virtual network Services that talk to each other within a virtual network do not travel through the Azure Load Balancer, which gives you better performance You can add a Virtual Network Gateway to a virtual network and use it to connect your on-premises network to Azure, effectively making the virtual network in Azure an extension of your on-premises network Complex features multisite VPNs in-region VNet-to-VNet cross-region VNet-to-VNet

1.3.2. Definitions Virtual network address spaces Topology of the virtual network, including the available address spaces and subnets If the virtual network is to be connected to other virtual networks, you should select address ranges that are not overlapping Subnets Used to reak up your network into more manageable sections Example By default, there is no security boundary between subnets, so services in each of these subnets can talk to one another DNS servers Used to refer to your VMs instances by host name or fully qualified domain name (FQDN) directly, rather than using an IP address and port number If you create the DNS after the VMS, you will have to reboot all of the VMs in the virtual network because the DNS server information is injected into the settings at startup Options If you have two VMs located on the same virtual network and you want them to be able to communicate by host name, you will need your own DNS server solution

1.4. Cross-premises connection options

1.4.1. site-to-site VPN Must set up a VPN gateway Lets you connect securely from your on-premises network to your virtual network in Azure You have to have a public-facing IPv4 IP address and a compatible VPN device or Routing and Remote Access (RRAS) running on Windows Server 2012 For a list of valid devices and the configuration thereof, please refer to:

1.4.2. point-to-site VPN Overview Must set up a VPN gateway Point-to-site VPN enables you to connect from your local machine over a Secure Socket Tunneling Protocol (SSTP) tunnel to your virtual network in Azure This uses certificate authentication between the client machine and the virtual network in Azure. This means you have to create some certificates and install them in the right places It is recommended that you create a separate client certificate for each client that is going to access the point-to-site network and keep track of the certificate’s thumbnail and on which machine it was installed. If you do this, and you later need to turn off access for one person, you can do that by invalidating the client certificate You can connect up to 128 clients to the virtual network in Azure The maximum bandwidth is 80 MBPS per gateway Setup Create a virtual network with point-to-site connectivity enabled Deploy a VM into the virtual network Create a network gateway Create a self-signed root certificate Create a self-signed client certificate from the root certificate Export the client certificate from the certificate store Upload the root authentication certificate to Azure Install the client certificate on the client machine to authenticate to the virtual network Install the client VPN package Establish and verify the VPN connection

1.4.3. private VPN (ExpressRoute) This is called private because the network traffic occurs over your network provider and does not go across the public Internet as it does with both site-to-site and point-to-site connectivity This capability ensures that applications with privacy requirements can be developed and run on Azure Using ExpressRoute also gives you increased reliability and speed and lower latency

1.5. Databases

2. PaaS

3. SaaS