(2024 UPDATE LINK IN DESCRIPTION) - AZ-900 Azure Fundamentals Certification Exam Cram -
Summary
TLDRLa vidéo guide les téléspectateurs à travers une préparation au test des Fondamentaux d'Azure (AZ900), en abordant des concepts essentiels comme les modèles de cloud, les services Azure, et la gestion des coûts. Elle discute de la sécurité, des niveaux de service, et des différents outils à utiliser pour réussir l’examen. Le cours examine également les services d'identité d'Azure tels que l'Active Directory, les modèles de dépenses (comme les réservations de capacité et le pricing spot), et explique l'utilisation d'outils comme le calculateur de prix Azure. Le formateur insiste sur l'importance de comprendre les concepts et les niveaux techniques tout en décrivant les procédures de mise à disposition et les niveaux de vie des services Azure.
Takeaways
- ☁️ Azure Fundamentals est conçu pour nouveaux aux concepts cloud.
- 🔑 Comprendre les concepts cloud comme IaaS, PaaS, et SaaS est essentiel.
- 🔍 Le modèle de responsabilité partagée est fondamental à connaître.
- 🔐 Azure sécurité inclut la sécurité multicouche et les options avancées de conformité.
- 💡 Optimiser les coûts implique de comprendre les options comme les réservations d’instances.
- 📊 Azure Advisor aide à gérer et optimiser les ressources existantes.
- 📅 Il est vital de comprendre les cycles de vie des services Azure: prévisualisation et disponibilité générale.
- 🛠️ Utiliser les outils comme le Portail Azure et CLI pour gérer les ressources.
- 💼 La gestion et le respect des politiques sont essentiels à une utilisation efficace d'Azure.
- 🎓 Le cours propose un survol rapide mais approfondi des concepts pour réussir l'examen.
Timeline
- 00:00:00 - 00:05:00
Le cours commence en expliquant que l'examen Azure Fundamentals (AZ900) peut être intimidant pour ceux qui débutent, et l'instructeur s'engage à optimiser le temps de préparation en couvrant les éléments des domaines objectifs de l'examen.
- 00:05:00 - 00:10:00
L'examen AZ900 est divisé en six domaines : concepts de cloud, services Azure de base, solutions et outils de gestion de base, sécurité, identité, gouvernance, confidentialité et conformité, et enfin la gestion des coûts et les accords de niveau de service.
- 00:10:00 - 00:15:00
L'instructeur rappelle que l'examen se concentre sur la compréhension et la description des modèles de cloud tels que IaaS, PaaS et SaaS, ainsi que sur les modèles de cloud privé, hybride et public.
- 00:15:00 - 00:20:00
Les modèles de cloud ainsi que le modèle de responsabilité partagée sont expliqués, soulignant comment les responsabilités sont partagées entre Microsoft et l'utilisateur en fonction du service utilisé.
- 00:20:00 - 00:25:00
Il est précisé que l'économie de coût et la souplesse opérationnelle sont des avantages majeurs du cloud public et hybride, permettant d'optimiser la gestion entre legacy et modernité.
- 00:25:00 - 00:30:00
Les services comme Azure Virtual Machines (IaaS), Azure App Services (PaaS), et les services SaaS comme Office 365 sont détaillés avec l'importance de la configuration et de l'orchestration.
- 00:30:00 - 00:35:00
La capacité d'évolution, l'élasticité, l'agilité, et les économies d'échelle sont discutées comme des caractéristiques fondamentales du cloud computing, notamment en termes de gestion des coûts.
- 00:35:00 - 00:40:00
Des éléments clés tels que la tolérance aux pannes, la haute disponibilité, et la récupération après sinistre sont définis, expliquant comment Azure offre des solutions pour assurer la continuité des services.
- 00:40:00 - 00:45:00
Les concepts d'Azure comme les régions géographiques, les paires de régions, et les zones de disponibilité sont introduits expliquant leur importance dans la gestion des ressources.
- 00:45:00 - 00:50:00
La structure des groupes de gestion d'Azure est clarifiée, expliquant comment elle permet d'organiser les abonnements, les groupes de ressources et les ressources elles-mêmes.
- 00:50:00 - 00:55:00
Les composants du réseau Azure tels que les Virtual Networks et l'importance de VPN Gateway, et l'Express Route pour les connexions de réseau sécurisé sont présentés.
- 00:55:00 - 01:00:00
Les divers types de stockage dans Azure - Blob, File, Disk, et les niveaux d'accès aux données (chaud, frais et archive) sont expliqués en termes d'utilisation et de coût.
- 01:00:00 - 01:05:00
Les services de base de données Azure, notamment Cosmos DB pour NoSQL, SQL Azure pour SQL Server, et d’autres services de base de données sont décrits pour mieux comprendre leur application.
- 01:05:00 - 01:10:00
Les outils de gestion et d'optimisation disponibles comme l'Azure Pricing Calculator et le TCO Calculator sont introduits pour aider à la planification et à la gestion des coûts.
- 01:10:00 - 01:15:00
L'approche de DevOps avec Azure DevOps et Github est abordée pour expliquer comment l'intégration CI/CD favorise le développement agile en continu.
- 01:15:00 - 01:20:00
Les solutions IoT d'Azure, telles que l'IoT Hub, sont présentées en expliquant leur fonctionnalité de communication bidirectionnelle pour la gestion des appareils IoT.
- 01:20:00 - 01:25:00
Les fonctionnalités de sécurité d'Azure, notamment Azure Security Center et Azure Sentinel, sont soulignées pour expliquer comment gérer et surveiller la sécurité des ressources.
- 01:25:00 - 01:30:00
Les concepts clés liés à la gouvernance comme les rôles et les accès sont introduits pour démontrer comment la politique Azure et les blueprints renforcent la conformité structurelle.
- 01:30:00 - 01:35:00
Les fonctionnalités d'identité et de sécurisation des accès Azure Active Directory sont explicitées, notamment l'authentification conditionnelle et le MFA pour sécuriser l'accès aux ressources.
- 01:35:00 - 01:40:00
Les engagements de Microsoft en matière de conformité sont discutés, en soulignant la transparence des pratiques de sécurité des données et l'importance des certifications de conformité Azure.
- 01:40:00 - 01:45:00
Les modèles de tarification et de gestion des coûts d'Azure sont décrits, y compris les modèles de tarification réservée et les bénéfices de l'utilisation hybride pour maximiser les économies.
- 01:45:00 - 01:58:23
Finalement, les accords de niveau de service et le cycle de vie des services Azure sont abordés pour expliquer comment assurer la disponibilité et comprendre les termes de service Azure.
Mind Map
Frequently Asked Question
Qu'est-ce qu'Azure ?
Azure est une plateforme de cloud computing proposant divers services comme le calcul, le stockage, et les réseaux.
Que teste l'examen AZ900 ?
C'est un examen qui certifie les connaissances générales sur les services cloud et les concepts Azure.
Quels facteurs influencent les coûts d'Azure ?
Cela peut être influencé par le type de service choisi, l'usage, et la région géographique.
Quelles fonctions principales fournit Azure Advisor ?
Elle propose des recommandations pour optimiser la sécurité, la performance, et les coûts des ressources Azure.
Comment Azure gère-t-il la haute disponibilité ?
Ce sont des modèles qui assurent une haute disponibilité et tolèrent les pannes en utilisant des paires de régions et zones de disponibilité.
Qu'est-ce qu'Azure IoT Hub ?
C'est une plateforme gérée permettant des communications bidirectionnelles entre appareils IoT et applications.
À quoi sert la protection DDoS en Azure ?
Elle protège les ressources réseau Azure des attaques DDoS en fournissant des capacités de mitigation avancées.
Comment Azure assure-t-il la sécurité et la conformité ?
La sécurité d’Azure est assurée par des niveaux de sécurité multicouches et les certifications de conformité.
Que permet de faire le portail Azure ?
Il fournit une interface graphique pour gérer les ressources Azure et suivre l'utilisation des services.
Quels sont les services d'identité principaux d'Azure AD ?
Cela inclut l'authentification unique, l'accès conditionnel et l'authentification multi-facteurs.
View more video summaries
Julius Sumner Miller Lesson 6: Concerning Falling Bodies & Projectiles
College Student Proves Oregon is a Lost Cause
Clean Code - Uncle Bob / Lesson 2
Ultimate Beginners Guide to Black Desert Online 2024
Victim Impact Panel Class M.A.D.D. - Nevada DUI Court Online VIP Class - 123 DUI Online
Common Law Tradition
- 00:00:01if the azure fundamentals exam is your
- 00:00:02first azure certification it can be a
- 00:00:04bit intimidating and difficult to dial
- 00:00:07in your focus as you prepare
- 00:00:09so if you want to get ready for az900
- 00:00:11without wasting time
- 00:00:12and money this is the place and in this
- 00:00:15exam cram course i'm going to optimize
- 00:00:17your prep time by touching on each item
- 00:00:19in the skills measured document
- 00:00:20and by sharing unique characteristics of
- 00:00:23the azure concepts and services
- 00:00:25that will help you more effectively pick
- 00:00:27the right answer on exam day
- 00:00:29if you stick around to the end of the
- 00:00:30session i have another surprise
- 00:00:32to help you prepare
- 00:00:34[Music]
- 00:00:41the azure fundamentals exam is comprised
- 00:00:43of six
- 00:00:44areas of knowledge called objective
- 00:00:46domains all of which we'll cover in this
- 00:00:47course
- 00:00:48so let's take just a few seconds to
- 00:00:50touch on those and then we'll get right
- 00:00:52into module one
- 00:00:53domain one is cloud concepts which will
- 00:00:56test your understanding
- 00:00:58of a number of cloud terms and your
- 00:01:01understanding of cloud computing models
- 00:01:03followed by core azure services this is
- 00:01:06really going to focus on some
- 00:01:07foundational components of the azure
- 00:01:09platform
- 00:01:10followed by core solutions and
- 00:01:12management tools which will drill down
- 00:01:13into the services
- 00:01:15and tools within azure followed by
- 00:01:17security and module 4
- 00:01:19talking about general security and
- 00:01:23network security features module 5 is
- 00:01:26going to drill down on identity and
- 00:01:27governance which are more technical
- 00:01:29topics as well as privacy and compliance
- 00:01:31which
- 00:01:32in this case will be less technical and
- 00:01:35the final domain is cost management and
- 00:01:39service level agreements and since this
- 00:01:40is a fundamentals
- 00:01:42exam you want to make sure you're
- 00:01:44focused on the right technical level so
- 00:01:46you'll notice
- 00:01:47that the verb in each of these domains
- 00:01:51is the word describe so when we see
- 00:01:55described there that tells us that we
- 00:01:56need to be able to
- 00:01:58to explain concepts and services and
- 00:02:00identify the use cases where they apply
- 00:02:05so i just want to cover off comparing
- 00:02:07cloud
- 00:02:08models and services with you and and
- 00:02:11this is an area where i think you can
- 00:02:12expect a fair bit of focus this is up in
- 00:02:14in
- 00:02:15objective domain one but let's uh let's
- 00:02:18dig in here
- 00:02:25so the services we're talking about here
- 00:02:27are infrastructure platform and software
- 00:02:29as a service so the
- 00:02:31as a service offerings in the cloud and
- 00:02:34then your cloud models
- 00:02:35which are private hybrid and public now
- 00:02:38all of these are going to
- 00:02:40to be tied together in a discussion
- 00:02:42around the shared
- 00:02:43responsibility model which you're
- 00:02:45expected to understand
- 00:02:46so let's start by covering the shared
- 00:02:49responsibility model and then we'll dig
- 00:02:51into the cloud
- 00:02:52models and services so when you're on
- 00:02:55prem
- 00:02:57you are the responsible party this is a
- 00:02:59hundred percent yours you own the stack
- 00:03:01you are the customer in blue the cloud
- 00:03:04service provider is the csp that will
- 00:03:07show up in gray now as we move into
- 00:03:09cloud
- 00:03:10with infrastructure as a service you see
- 00:03:12the csp
- 00:03:13microsoft in this case takes ownership
- 00:03:16of some of the stacks so they're
- 00:03:17providing you the underlying
- 00:03:19networking storage server and
- 00:03:21virtualization layers you're managing
- 00:03:23your virtual machines they're patching
- 00:03:25the applications you're running on them
- 00:03:27when we move into platform as a service
- 00:03:30as your web app for example or azure sql
- 00:03:33you're managing
- 00:03:34data and applications but microsoft is
- 00:03:36providing
- 00:03:38additional functions here so you're not
- 00:03:39worried about operating systems or
- 00:03:41runtime or a sql server instance
- 00:03:44microsoft is managing a lot of that
- 00:03:46middleware for you and then in the world
- 00:03:49of software as a service you're
- 00:03:50basically configuring
- 00:03:51features you are a consumer of a service
- 00:03:54that is owned lock stock and barrel by
- 00:03:57microsoft and managed by them end to end
- 00:04:03and what you notice here is that the csp
- 00:04:04responsibility
- 00:04:06is greater as we move to the right so
- 00:04:08that's the
- 00:04:09shared responsibility model so so in the
- 00:04:11world of is just know that you're taking
- 00:04:13care of a little bit more
- 00:04:15than you would be in the world to pass
- 00:04:17and then even less so in sas so you have
- 00:04:19to think about that as an operational
- 00:04:20consideration for sure
- 00:04:22so let's break down the cloud model so
- 00:04:25infrastructure as a service
- 00:04:29microsoft provides you the the building
- 00:04:31blocks network storage
- 00:04:32compute virtualization they're
- 00:04:35staffing the data center they're
- 00:04:37managing the hardware
- 00:04:38they're managing the people so really
- 00:04:41you're using
- 00:04:43the uh the stack that they give you
- 00:04:45there
- 00:04:48azure virtual machines is where this
- 00:04:50factors if you if you come from the
- 00:04:51world of amazon ec2
- 00:04:53from google gcp compute engine if you
- 00:04:57if you're coming to us to azure from one
- 00:04:59of those other platforms
- 00:05:01that's what you'd be dealing with so
- 00:05:03let's talk about platform
- 00:05:04as a service so in the the paths option
- 00:05:07here
- 00:05:09responsible for deployment and
- 00:05:11management of your app so that's you
- 00:05:13know in a web app scenario or an azure
- 00:05:15azure um sql scenario you're dealing
- 00:05:18with code and data
- 00:05:20and microsoft is dealing with the
- 00:05:23underlying
- 00:05:24configuration hardware operating system
- 00:05:27and
- 00:05:28to a fair degree the provisioning
- 00:05:29details under the hood
- 00:05:33so azure sql api management azure app
- 00:05:36service all
- 00:05:37great examples of platform as a service
- 00:05:40in the microsoft stack
- 00:05:42so let's talk about software as a
- 00:05:44service now
- 00:05:45so in the world of sas you're really
- 00:05:48configuring
- 00:05:49features microsoft is giving you a
- 00:05:51service that they
- 00:05:53manage they're responsible for
- 00:05:54management operation and availability
- 00:05:56of the stack a great example there is
- 00:06:00office 365. so in the the world of
- 00:06:03third-party sas you might be familiar
- 00:06:04with service servicenow or salesforce
- 00:06:06just to give you
- 00:06:07a basis of comparison okay so let's talk
- 00:06:11through
- 00:06:11cloud computing in terms of benefits and
- 00:06:14then we'll get into the uh
- 00:06:15the private hybrid and public cloud
- 00:06:17models here and i'm going to use some of
- 00:06:19that
- 00:06:20word association to help you lock some
- 00:06:22terminology in your mind as we move
- 00:06:24forward through
- 00:06:26some concepts here in the next couple of
- 00:06:27tips so benefit to cloud computing
- 00:06:31it's global it's secure it's scalable
- 00:06:33it's cost effective
- 00:06:34it doesn't require substantial capital
- 00:06:37expenditure outlays
- 00:06:39uh it typically lowers the skills bar
- 00:06:43for us at least when we're dealing with
- 00:06:44with public cloud as an example
- 00:06:48so let's dig into public cloud so with
- 00:06:50public cloud we're running everything on
- 00:06:51our provider's hardware
- 00:06:53and we expect scale and agility or built
- 00:06:57in our ability to react
- 00:06:59is greater there's a reduced need for
- 00:07:01maintenance our skills
- 00:07:04within our it department can be lower
- 00:07:06and we can we can still
- 00:07:08move into the cloud we can leverage our
- 00:07:12cloud service providers knowledge
- 00:07:13microsoft's knowledge and experience in
- 00:07:15this
- 00:07:16case so with private cloud
- 00:07:20it's really just a cloud environment in
- 00:07:23your own data center
- 00:07:24so in terms of advantages you know if
- 00:07:26you need legacy support or you need
- 00:07:28control or you have specific
- 00:07:30regulatory compliance needs the private
- 00:07:32cloud is under your control so you
- 00:07:34can you can manage
- 00:07:38all of these scenarios you can
- 00:07:39accommodate all of these scenarios where
- 00:07:41public cloud
- 00:07:42is not going to be so straightforward in
- 00:07:44that respect because a cloud
- 00:07:45public cloud is always up to date and
- 00:07:47will have
- 00:07:49limited concern for legacy scenarios and
- 00:07:52may not
- 00:07:53address all of your compliance scenarios
- 00:07:55if they are
- 00:07:56less less common now do bear in mind
- 00:08:01that you will be tested on
- 00:08:04on some of those compliant elements and
- 00:08:06microsoft
- 00:08:08azure has more certifications than any
- 00:08:12other
- 00:08:12cloud provider out there so you'll find
- 00:08:14that microsoft can accommodate a lot of
- 00:08:16compliance but
- 00:08:17maybe not all of them so in a hybrid
- 00:08:20cloud scenario
- 00:08:21this combines the public scenario and
- 00:08:24the private cloud scenario allowing
- 00:08:26you to run your apps in the location
- 00:08:29that
- 00:08:29best suits so the real advantage here is
- 00:08:32flexibility
- 00:08:33if i have the need for legacy support or
- 00:08:36some odd compliance scenario
- 00:08:39i can go to my private cloud if i'm
- 00:08:42prioritizing on scalability and agility
- 00:08:44i can
- 00:08:45go the public option so hybrid just
- 00:08:47gives me the advantage
- 00:08:49of choosing where i want to go and of
- 00:08:50course with microsoft we have great
- 00:08:52capability to
- 00:08:54connect our private and public clouds in
- 00:08:56that hybrid scenario we can use
- 00:08:59azure ad connect we can use a site to
- 00:09:01cite vpn
- 00:09:03we can establish what we call the
- 00:09:05synchronized identity model which is the
- 00:09:07most
- 00:09:08common identity model out there
- 00:09:11so the microsoft azure is a great
- 00:09:14supporter
- 00:09:15of of hybrid cloud is your frontline
- 00:09:18support struggling with too many
- 00:09:20microsoft cloud portals
- 00:09:22now they can manage office 365 users and
- 00:09:25devices directly from microsoft teams
- 00:09:27using simon the ai-powered chatbot for
- 00:09:31the microsoft cloud
- 00:09:32a link with more info in the video
- 00:09:35description
- 00:09:42so cloud concepts so there are some some
- 00:09:45concepts that you're expected to be
- 00:09:47familiar with and i want to call them
- 00:09:49out here
- 00:09:50and and again associate some terms to to
- 00:09:53some concepts to help you lock these
- 00:09:55into your mind uh more quickly as you're
- 00:09:58preparing
- 00:09:59for az900 so scalability is one that
- 00:10:02comes up and scalability
- 00:10:04generally for refers to growth the
- 00:10:06ability of a system to handle growth if
- 00:10:09that's users or work
- 00:10:13elasticity may come up so
- 00:10:16when a system is elastic
- 00:10:19it can grow and shrink based on our app
- 00:10:22demand so on premises
- 00:10:23we typically have to provision for our
- 00:10:26spike right for our peak so when we
- 00:10:28provision a sharepoint farm on prem
- 00:10:30our servers on the front end are sized
- 00:10:32for our peak
- 00:10:34that sort of thing is not necessary in
- 00:10:36the cloud by and large because the cloud
- 00:10:38is elastic and services that we
- 00:10:39provision can generally grow and shrink
- 00:10:42based on app demand and that's
- 00:10:44particularly true when we look
- 00:10:46in the past space
- 00:10:49agility so this is the ability to react
- 00:10:53quickly to changes in demand so
- 00:10:55provisioning additional capacity
- 00:10:57quickly without manual intervention and
- 00:11:00the cloud also enables
- 00:11:01agility in terms of going to market so
- 00:11:03as environment or market conditions
- 00:11:06change the the cloud makes us more agile
- 00:11:09generally speaking because we can
- 00:11:10respond
- 00:11:11to those changes more quickly you know
- 00:11:13than if we had to order additional
- 00:11:15server infrastructure go
- 00:11:16go get the budget approval for that
- 00:11:20spin up a big project for all that
- 00:11:21deployment
- 00:11:24economies of scale bottom line when
- 00:11:27you're working with a cloud provider
- 00:11:28like
- 00:11:29microsoft they have lower per unit cost
- 00:11:32than you could achieve
- 00:11:34on your own because they are operating
- 00:11:36at a larger scale at a global scale so
- 00:11:38they are achieving what we call
- 00:11:40an economy of scale
- 00:11:44capital expenditure you're generally
- 00:11:46going to hear this simply called capex
- 00:11:48and this is
- 00:11:48spending of money on physical
- 00:11:51infrastructure up front so so when
- 00:11:53you're buying servers that's an example
- 00:11:54of capex
- 00:11:56when you're buying infrastructure for
- 00:11:57your private cloud
- 00:12:00operational expenditure typically just
- 00:12:02called opex
- 00:12:04is spending money on services or
- 00:12:06products
- 00:12:07now and being billed as you go
- 00:12:10so that's really where the cloud comes
- 00:12:12in so the cloud means we're we're
- 00:12:13trading capex
- 00:12:15for opex typically it doesn't mean that
- 00:12:17we're necessarily spending less money in
- 00:12:19all cases it simply means that the
- 00:12:21nature of our spending is different
- 00:12:23we're trading capex robex when we move
- 00:12:25to cloud
- 00:12:28and a consumption based model that's
- 00:12:30simply paying for what we use when we
- 00:12:32pay for a virtual machine we're paying
- 00:12:35for increments of time as we run that
- 00:12:37virtual machine
- 00:12:38when we work with azure functions with
- 00:12:40logic apps
- 00:12:41we may be paying by execution when we're
- 00:12:44working with
- 00:12:45different flavors of azure storage we
- 00:12:47might be paying by gigabyte
- 00:12:49and and you know paying a different
- 00:12:51price depending on how long we retain
- 00:12:53that data so pay for what you use
- 00:12:57typically based on per unit of time or
- 00:13:00capacity so
- 00:13:01minutes gigabytes executions etc
- 00:13:05including but not limited to those
- 00:13:07models
- 00:13:11so for tip number five i've broken some
- 00:13:14concepts
- 00:13:15out separately because they all fall
- 00:13:17into that area of high availability and
- 00:13:19disaster recovery so i want to help you
- 00:13:22kind of sort these out in terms of their
- 00:13:24scope so the first term
- 00:13:26is fault tolerance so this is the
- 00:13:28ability of a system to handle
- 00:13:30faults like a power failure a network
- 00:13:32failure a hardware failure typically
- 00:13:34when you're dealing with fault tolerance
- 00:13:35you're talking about component level
- 00:13:37failures
- 00:13:38so that's the scope we're typically
- 00:13:40dealing with
- 00:13:41when it comes to high availability
- 00:13:43that's the ability of a system to keep
- 00:13:45that's the ability to keep services up
- 00:13:47and running for long periods of time so
- 00:13:50when we're thinking about high
- 00:13:51availability we're often talking about
- 00:13:53service level failures
- 00:13:55often we're talking about within a
- 00:13:57single data center we're not talking
- 00:13:59about site failure but but we could be
- 00:14:01we're talking about
- 00:14:02service level failures though when we
- 00:14:04think about it in the cloud
- 00:14:06context and then disaster recovery
- 00:14:10is our ability to recover from an event
- 00:14:12which is taken down a cloud service so
- 00:14:15that could be any
- 00:14:16number of things like a
- 00:14:19data center failure which you know in
- 00:14:21the case of azure would be exceedingly
- 00:14:23rare
- 00:14:24in the case of virtual machines we can
- 00:14:26use azure site recovery
- 00:14:27to replicate those vms and bring them up
- 00:14:30quickly
- 00:14:31in the event that we lose those vms for
- 00:14:33any reason
- 00:14:34and if we had a service fail in a
- 00:14:36particular region say azure sql
- 00:14:38failed in a particular region if we're
- 00:14:40replicating that database we can bring
- 00:14:41it up in another region so so disaster
- 00:14:43recovery comes in many
- 00:14:45many shapes and sizes and forms in the
- 00:14:48cloud
- 00:14:49but because the cloud is global we don't
- 00:14:51have to worry about
- 00:14:53spinning up multiple remote data centers
- 00:14:56to make sure that our service is always
- 00:14:57available
- 00:14:59in the event we have a localized outage
- 00:15:01at a data center for example
- 00:15:04in a traditional sense in in
- 00:15:08you know on-premises compute in private
- 00:15:10cloud we always
- 00:15:11would think of disaster recovery as
- 00:15:14recovery in the event of a site failure
- 00:15:16but really in the cloud context this is
- 00:15:19a service failure
- 00:15:20or a site failure it's not not
- 00:15:22exclusively a site
- 00:15:24event
- 00:15:27now we're going to move into the second
- 00:15:28area of knowledge which is describing
- 00:15:30core
- 00:15:30azure services and there are two
- 00:15:32sections to this objective domain the
- 00:15:35first is
- 00:15:35core architectural components and the
- 00:15:38other
- 00:15:38is core resources available in azure so
- 00:15:41let's start with
- 00:15:43architectural components you'll notice
- 00:15:45that the verb here is described so it's
- 00:15:46the same theme we talked about in terms
- 00:15:48of technical depth
- 00:15:50and we're going to look at regions and
- 00:15:51region pairs availability zones resource
- 00:15:54groups
- 00:15:55subscriptions management groups and
- 00:15:57azure
- 00:15:58resource manager and all of these are
- 00:16:02describe
- 00:16:02the benefits and usage of i just
- 00:16:04abbreviated for us there and then we'll
- 00:16:06finish this section up with
- 00:16:08explain azure resources
- 00:16:11so in the area of core architecture
- 00:16:13components let's start at the very top
- 00:16:14and work our way
- 00:16:16down in terms of scope so at the highest
- 00:16:19level we have an azure geography which
- 00:16:20is a discrete market that contains two
- 00:16:23or more regions
- 00:16:24that preserves our data residency and
- 00:16:27compliance
- 00:16:28boundaries and if i just look
- 00:16:31at a map here geographies would be
- 00:16:34laid out something like this so you've
- 00:16:36got you know the us you have europe you
- 00:16:38have uh
- 00:16:39australia china
- 00:16:44there's africa south america
- 00:16:48and then within a geography of regions
- 00:16:51and a region
- 00:16:52is a set of data centers deployed within
- 00:16:54a latency defined
- 00:16:56perimeter and they're connected in a
- 00:16:59dedicated regional low-latency network
- 00:17:01so it's fast connectivity amongst this
- 00:17:03set of data
- 00:17:04centers so in a region like
- 00:17:08azure us east for example you're going
- 00:17:11to have
- 00:17:12fast connectivity between a number of
- 00:17:16data centers in a tight footprint
- 00:17:18so multiple data centers small area so
- 00:17:21the same would be true of east us-2
- 00:17:22south central
- 00:17:23central u.s west central etc
- 00:17:27now i want to take just a minute and
- 00:17:29look at geographies and regions together
- 00:17:31with you
- 00:17:32in context here so so when i look at a
- 00:17:34geography like asia pacific for example
- 00:17:36i can see the regions
- 00:17:37contained in the asia-pacific geography
- 00:17:40south america has two
- 00:17:42data centers in brazil two data centers
- 00:17:45in canada several more in the u.s
- 00:17:47there's
- 00:17:48europe with data centers in countries
- 00:17:50throughout europe
- 00:17:51uh followed by africa and the middle
- 00:17:54east so pretty intuitive in that respect
- 00:17:57now beneath regions we have the concept
- 00:18:00of
- 00:18:00region pairs so this is a relationship
- 00:18:03between two
- 00:18:04azure regions within the same geographic
- 00:18:06region
- 00:18:07for disaster recovery purposes so the
- 00:18:09region pairs will be specific to the
- 00:18:11geography
- 00:18:13so let's take the u.s for example the
- 00:18:16east
- 00:18:16u.s region has a region pair
- 00:18:20and its partner is the west u.s so
- 00:18:24the region pairs are chosen by microsoft
- 00:18:26you don't get to choose these these are
- 00:18:28pre-defined and wherever possible they
- 00:18:30are selected
- 00:18:32as a pair with more than 300 miles
- 00:18:35between them
- 00:18:37there are a small number of cases where
- 00:18:39that's not possible but generally
- 00:18:40speaking you're going to have
- 00:18:42300 miles between your your regions
- 00:18:45in the region pair and your azure
- 00:18:48services that are highly available that
- 00:18:50you also configure
- 00:18:51highly available will have failover
- 00:18:54protocols that kick in
- 00:18:56when when a region fails but a region
- 00:18:58pair is designed to address
- 00:19:00a failure of a given region
- 00:19:04so then we have availability zones so
- 00:19:06availability zones are unique
- 00:19:09physical locations within a region with
- 00:19:12independent power network and cooling so
- 00:19:14within a region is the key there right
- 00:19:17so this is
- 00:19:18uh the scope of availability zones is to
- 00:19:20deal with failures within
- 00:19:22an azure region it's comprised of one or
- 00:19:25more data centers so
- 00:19:26so us east as a region for example will
- 00:19:29have
- 00:19:30multiple data centers in a a footprint
- 00:19:33and it adds tolerance to data center
- 00:19:36failures via redundancy and isolation so
- 00:19:39just looking at
- 00:19:40an example here i have a web farm with a
- 00:19:42sql backend
- 00:19:43and i would have availability zones
- 00:19:47for each of my front ends and back in
- 00:19:49there so i can
- 00:19:51tolerate a failure within a data center
- 00:19:55and my load balancer is going to be zone
- 00:19:57redundant which is a special phrase you
- 00:19:59will want to just park in the back of
- 00:20:01your mind and zone redundant comes up in
- 00:20:03special cases like with the load
- 00:20:05balancer so
- 00:20:05a single ip address in a load balancer
- 00:20:07scenario here can survive a failure
- 00:20:10across any of those availability zones
- 00:20:13so the idea with zone redundancy is that
- 00:20:15a single front-end ip address would
- 00:20:17survive
- 00:20:19a zone failure now we'll look at some
- 00:20:21logical architecture components
- 00:20:25so let's dive in here so we have at the
- 00:20:27highest level management groups
- 00:20:29then subscriptions resource groups and
- 00:20:32resources so let's take a look at how
- 00:20:34these fit
- 00:20:36together
- 00:20:40so at the the highest level in these
- 00:20:43architectural components we have the
- 00:20:44management group
- 00:20:45which can contain one or more
- 00:20:48subscriptions
- 00:20:51we then have resource groups and a
- 00:20:53resource
- 00:20:54group belongs to exactly one
- 00:20:56subscription a subscription will
- 00:20:57typically contain multiple resource
- 00:20:59groups
- 00:21:00and then the resources themselves
- 00:21:04so starting with management groups
- 00:21:05management groups
- 00:21:07provide a level of scope above a
- 00:21:09subscription so we can bring those
- 00:21:11subscriptions together
- 00:21:13into a single boundary for management so
- 00:21:16each directory
- 00:21:17is given a single top level management
- 00:21:19group called
- 00:21:21the root so all of your subscriptions
- 00:21:23belong to that root
- 00:21:24by default
- 00:21:28however we can create management groups
- 00:21:30that contain
- 00:21:32a subset of our subscriptions as we like
- 00:21:34so we can use that as a boundary for
- 00:21:36management
- 00:21:38then we have subscriptions so a
- 00:21:40subscription is a logical container used
- 00:21:42to provision resources in azure
- 00:21:45and why would i create multiple
- 00:21:46subscriptions well there are a few
- 00:21:48reasons
- 00:21:49so when subscription limits are reached
- 00:21:51and every sub
- 00:21:52every service in the subscription has
- 00:21:55certain limits and sometimes those
- 00:21:57limits are set
- 00:21:58beneath the maximum and we can increase
- 00:22:00those but
- 00:22:01at some level you're going to hit a
- 00:22:03subscription level limit so
- 00:22:04if you have a a level of very high scale
- 00:22:07you may need multiple
- 00:22:08subscriptions to achieve your scale to
- 00:22:11use different payment methods
- 00:22:13you know maybe i have one group that
- 00:22:14wants to pay with a credit card another
- 00:22:17that pays in a different way or maybe
- 00:22:20we're doing it
- 00:22:20so we can isolate resources between
- 00:22:23departments and projects and sometimes
- 00:22:25these last two go hand in hand we want
- 00:22:27to isolate
- 00:22:28our resources between departments and
- 00:22:30projects uh from a security
- 00:22:32perspective from a scale perspective but
- 00:22:34also from
- 00:22:36a cost tracking perspective so so
- 00:22:38payment and isolation can go
- 00:22:40hand in hand in that respect now a
- 00:22:43resource
- 00:22:44group is a container that holds the
- 00:22:46resources that are related
- 00:22:48to an azure solution so a great example
- 00:22:50of this
- 00:22:51is an azure virtual machine we can use a
- 00:22:53resource group to group the resources
- 00:22:55that share a common
- 00:22:56resource life cycle and
- 00:23:00the resources themselves that can be any
- 00:23:03entity that's managed by azure like a
- 00:23:05virtual machine or a virtual network or
- 00:23:08a storage account so just to cement
- 00:23:12that concept i want to have a look
- 00:23:15at a resource group and the resources it
- 00:23:17contains with you now
- 00:23:20i'm going to switch over to the azure
- 00:23:22portal and i'm at portal.azure.com
- 00:23:24if i click on resource groups it's going
- 00:23:26to bring me to this interface and i have
- 00:23:29pre uh searched pre-filtered down to the
- 00:23:32resource group i'd like to show you so i
- 00:23:33mentioned a resource group as a
- 00:23:34container that contains related
- 00:23:36resources that share a common life cycle
- 00:23:38so in this case
- 00:23:39i have a resource group that contains a
- 00:23:41virtual machine
- 00:23:43and here i see all of the resources
- 00:23:45related
- 00:23:46to that virtual machine i see the public
- 00:23:49i p address a network security group an
- 00:23:51interface a disk a virtual network
- 00:23:55so all of these elements are related to
- 00:23:57my virtual machine and when this virtual
- 00:23:59machine's life cycle comes to an end
- 00:24:01i would typically want to delete all of
- 00:24:04those related resources as a unit so i
- 00:24:06can simply delete
- 00:24:08the resource group and all of these
- 00:24:10resources will be deleted as
- 00:24:12a result it also
- 00:24:16bears mentioning that i could use this
- 00:24:17resource group as a boundary for
- 00:24:19assigning permissions you see access
- 00:24:21control here i could apply
- 00:24:22permissions at the resource group level
- 00:24:24to give certain
- 00:24:25people or groups within my organization
- 00:24:28permissions
- 00:24:29to that resource
- 00:24:33so i want to visualize this last set of
- 00:24:35architecture components a different way
- 00:24:37and and make a few additional points and
- 00:24:39recap what we've covered here so
- 00:24:40starting at that management group that's
- 00:24:43that highest level logical container we
- 00:24:45can use management groups to aggregate
- 00:24:47policy and initiative assignments an
- 00:24:49initiative as a group of policies we're
- 00:24:51going to talk about
- 00:24:52policies and initiatives later in the
- 00:24:54governance section
- 00:24:56it can contain multiple subscriptions
- 00:24:58and
- 00:24:59all new subscriptions will be placed
- 00:25:01under the root management group by
- 00:25:02default that would contain
- 00:25:04all subscriptions but you can create a
- 00:25:06management group that contains
- 00:25:07the subset of subscriptions you would
- 00:25:09like to
- 00:25:10manage via policy as a unit
- 00:25:14so then beneath our management group we
- 00:25:16have subscriptions
- 00:25:19that's a unit of of management billing
- 00:25:21and scale so a unit of management we get
- 00:25:23but it's also a unit of billing and
- 00:25:25scale because our subscription has
- 00:25:27scalability limits this serves as
- 00:25:30a management boundary for assigning
- 00:25:32policy you know governance and isolation
- 00:25:35as well
- 00:25:35so we get a degree of isolation here we
- 00:25:37can apply
- 00:25:38policies at this level so so it's
- 00:25:40another management boundary
- 00:25:42and our subscriptions will contain one
- 00:25:46or more
- 00:25:47resource groups so the resource group is
- 00:25:49that container
- 00:25:50that holds resources with a common life
- 00:25:52cycle as we saw in
- 00:25:53the demo earlier but that common life
- 00:25:57cycle is the key there it
- 00:25:58also makes it easy for us to delete
- 00:26:01items
- 00:26:02to delete resources as a unit when the
- 00:26:04life cycle comes to an end and then of
- 00:26:05course
- 00:26:06the resources are contained within a
- 00:26:09resource group and to be crystal clear
- 00:26:11there
- 00:26:12resources can be a member of exactly one
- 00:26:14resource group and a resource group can
- 00:26:16be a member of exactly
- 00:26:18one subscription so the resource group
- 00:26:20is contained within a specific
- 00:26:21subscription
- 00:26:22and the resources contained within a
- 00:26:24specific resource
- 00:26:26group now we're going to dive into the
- 00:26:31second half
- 00:26:32of objective domain 2 and this is
- 00:26:34describing some of the core resources
- 00:26:36available in azure so this
- 00:26:38section is going to focus on compute
- 00:26:39network storage
- 00:26:41and database far from the only services
- 00:26:43we'll cover
- 00:26:44but there's quite a lot of material in
- 00:26:46this particular
- 00:26:48subsection so let's just get into it
- 00:26:50we'll start
- 00:26:51with compute so we'll talk about virtual
- 00:26:53machines azure app services
- 00:26:55container instances kubernetes
- 00:26:58particularly in particular the azure
- 00:26:59kubernetes service and windows virtual
- 00:27:01desktop
- 00:27:02and then we'll look at networks
- 00:27:07vpn peering and express route
- 00:27:10so basically compute and network so
- 00:27:12let's just get right into it
- 00:27:14so on the compute side we have azure vms
- 00:27:17we have
- 00:27:18app service where we'd run web services
- 00:27:21we have azure container instance
- 00:27:23azure kubernetes services and windows
- 00:27:26virtual desktop so we really want to
- 00:27:29break these down in such a way that you
- 00:27:30know a bit about
- 00:27:31each service but you can spot where it
- 00:27:34fits into a use case on the exam
- 00:27:37so let's start with azure vms one of the
- 00:27:39basics here so
- 00:27:40this is server virtualization this is
- 00:27:42spinning up compute on demand without
- 00:27:44the need for a hardware purchase we
- 00:27:46don't have to buy
- 00:27:47a hyper-v host we can spin up a virtual
- 00:27:50machine quickly and easily
- 00:27:52so app service is an http based service
- 00:27:55for hosting
- 00:27:56web applications so think hosting
- 00:27:59websites or web apps rest apis mobile
- 00:28:01backend
- 00:28:02and of course since it's http based
- 00:28:05you'd secure that with
- 00:28:07with tls transport layer security or ssl
- 00:28:09using a certificate
- 00:28:12as your container instance so this is
- 00:28:14running docker containers on demand
- 00:28:17in a managed serverless environment
- 00:28:19you're quite literally just spinning up
- 00:28:21a container and and you don't worry
- 00:28:23about anything else now
- 00:28:24the catch here is with aci with azure
- 00:28:26container instance
- 00:28:28it's a solution for any scenario where
- 00:28:29you need to run an isolated container
- 00:28:32without orchestration which means we
- 00:28:34don't have the benefit of a kubernetes
- 00:28:36cluster
- 00:28:38in this case and you'll see
- 00:28:41aci come up in you know truly an
- 00:28:43isolated scenario where you need to run
- 00:28:46where you need to run a container
- 00:28:48containerized application without
- 00:28:49orchestration but it can also
- 00:28:51function as a burst mechanism for an
- 00:28:54azure kubernetes
- 00:28:55uh service instance so so you could
- 00:28:58burst out into aci but but generally
- 00:29:00speaking what you want to focus on here
- 00:29:01isolated containers without
- 00:29:03orchestration right there's no
- 00:29:05orchestrator here like you have
- 00:29:07in a kubernetes cluster so azure
- 00:29:10kubernetes service is a
- 00:29:11hosted kubernetes service where azure
- 00:29:14handles the critical tasks like health
- 00:29:16monitoring and maintenance
- 00:29:17for you the cluster itself is managed
- 00:29:20for you and that being said aks is free
- 00:29:23you basically pay for the agent nodes
- 00:29:25you pay for the virtual machines where
- 00:29:27the workloads run within your cluster
- 00:29:30not for what they call the masters or
- 00:29:32managers
- 00:29:34effectively
- 00:29:37you know that piece is managed for you
- 00:29:41windows virtual desktop is a desktop and
- 00:29:44app virtualization service that runs in
- 00:29:46azure so
- 00:29:47so it pros and managed service providers
- 00:29:49can spin up
- 00:29:50windows 10 virtual desktops in azure at
- 00:29:54high scale this has been a really
- 00:29:55popular solution
- 00:29:57in the work from home revolution
- 00:30:02and in particular what's been brought on
- 00:30:04in 2020
- 00:30:05with uh with with pandemic work from
- 00:30:09home
- 00:30:09requirements really
- 00:30:13so now we're going to talk about network
- 00:30:16services in azure so we'll talk about
- 00:30:17virtual networks
- 00:30:18about vpn gateways about vpn
- 00:30:22in particular v-net peering and i'll
- 00:30:25share a little secret as to why
- 00:30:27v-net peering is actually necessary and
- 00:30:30we'll cover
- 00:30:30express route and how you can spot
- 00:30:34questions where express route is the
- 00:30:36answer on the exam so let's talk about
- 00:30:37virtual networks so this is a logical
- 00:30:39representation of your
- 00:30:41you know ip-based network in azure uh
- 00:30:44you'll often see a virtual network
- 00:30:46referred to simply as a v-net
- 00:30:49two two ways to reference the same thing
- 00:30:51a v-net contains
- 00:30:53one or more ip subnets subnets are where
- 00:30:57your where your virtual machines and
- 00:30:58your other
- 00:30:59uh components are actually connected
- 00:31:01within that virtual network so i can
- 00:31:03have one
- 00:31:04subnet or multiple subnets
- 00:31:07v-nets provide logical isolation and
- 00:31:10azure dedicated
- 00:31:11to your subscription so it's your
- 00:31:13network
- 00:31:14think of it as a dedicated private
- 00:31:16cloud-only network
- 00:31:18we can connect it to our on-premises
- 00:31:20network
- 00:31:21by configuring a site to site vpn for
- 00:31:23example so i can extend
- 00:31:25the network in my data center to azure
- 00:31:27and i can route traffic to and from
- 00:31:29my azure subscription across that site
- 00:31:31to site vpn
- 00:31:34this enables hybrid cloud scenarios
- 00:31:38in fact one other thing you want to
- 00:31:41remember are vms
- 00:31:42in different virtual networks cannot
- 00:31:46communicate by default
- 00:31:49so v-nets within the same subnet can
- 00:31:52communicate but when
- 00:31:53the the virtual machines are in
- 00:31:55different v-nets in different virtual
- 00:31:57networks they cannot
- 00:31:58communicate so a vpn gateway
- 00:32:02is what sends encrypted traffic between
- 00:32:05an azure v-net and an on-premises
- 00:32:07location
- 00:32:08over
- 00:32:11the internet this is a core component of
- 00:32:16hybrid cloud we're connecting our
- 00:32:17on-premises network to the internet
- 00:32:19uh a site-to-site vpn the traffic on a
- 00:32:22site-to-site vpn
- 00:32:23actually traverses the internet that's
- 00:32:25important to know it's it's encrypted of
- 00:32:27course but it's
- 00:32:28traveling across the internet now v-net
- 00:32:31peering
- 00:32:33is how we can connect two virtual
- 00:32:36networks two or more virtual networks
- 00:32:38really seamlessly in azure so that would
- 00:32:40allow us to connect
- 00:32:42our virtual network so our virtual
- 00:32:44machines can
- 00:32:45communicate so we can direct traffic
- 00:32:48between those so two networks then
- 00:32:49function as
- 00:32:50one in terms of connectivity gives us a
- 00:32:53way to
- 00:32:54to route traffic in complex environments
- 00:32:58express route is a solution that extends
- 00:33:02our on-premises networks into azure over
- 00:33:05a private connection
- 00:33:07with the help of a connectivity provider
- 00:33:08so a a telecom
- 00:33:10provider so express route
- 00:33:14is the same concept as site-to-site vpn
- 00:33:18in that it connects azure to our
- 00:33:20on-premises
- 00:33:21you know data center network however the
- 00:33:24traffic does
- 00:33:25not traverse the internet therefore it
- 00:33:27is generally speaking faster
- 00:33:29it is therefore uh generally speaking
- 00:33:32considered
- 00:33:33more secure
- 00:33:36that is not to imply that site-to-site
- 00:33:38vpn is not secure i'm simply saying
- 00:33:41express route because it does not
- 00:33:42traverse the internet because it is a
- 00:33:44private connection
- 00:33:45is more secure so if you see questions
- 00:33:48on the exam that talk about connecting
- 00:33:50your data center to azure
- 00:33:52and security and eliminating latency are
- 00:33:55high priorities
- 00:33:57express route is going to be a great way
- 00:33:58to do that bear in mind that
- 00:34:00site-to-site vpn is generally speaking
- 00:34:02going to be less expensive than express
- 00:34:04route
- 00:34:05which probably doesn't surprise you
- 00:34:08and while it's not super important i
- 00:34:09want to take a quick look with you at
- 00:34:11a v-net and a subnet in an azure
- 00:34:14subscription here so i'll just
- 00:34:16click on my resource group that contains
- 00:34:19the virtual machine
- 00:34:20i showed you earlier and i have a v-net
- 00:34:22in here so here's a virtual network
- 00:34:24you'll see that it says the type is
- 00:34:26virtual network and when i click on that
- 00:34:27virtual network
- 00:34:29i can see in here connected devices so i
- 00:34:32can see the virtual machine
- 00:34:33that's connected right by its network
- 00:34:35interface and there's its ip address
- 00:34:38i can see the subnet that was created
- 00:34:40and in fact
- 00:34:41when you create a virtual network the
- 00:34:43the subnet you create is going to be
- 00:34:46named default unless you give it another
- 00:34:48name but i can then click this and
- 00:34:50create more subnet so i can have
- 00:34:53multiple subnets within my v-net
- 00:34:55but within that virtual network
- 00:34:59my virtual machines on my subnets there
- 00:35:01can communicate now when i put virtual
- 00:35:03machines or anything else
- 00:35:05in different virtual networks they
- 00:35:06cannot communicate by default that's
- 00:35:08where v-net peering comes in real handy
- 00:35:12continuing on the second objective
- 00:35:14domain we're still talking core azure
- 00:35:16services we're going to move into
- 00:35:17discussing storage in azure
- 00:35:20as well as the many database offerings
- 00:35:23in azure so starting with storage let's
- 00:35:26first look
- 00:35:27at blob storage disk storage
- 00:35:31file storage and storage
- 00:35:34tiers so blob storage
- 00:35:37blob storage is optimized for storing
- 00:35:39massive amounts of unstructured data and
- 00:35:41unstructured data is a fancy way of
- 00:35:43saying
- 00:35:44not a database you might use blob
- 00:35:46storage to store
- 00:35:48image data or video data that's
- 00:35:50accessible via your website or your
- 00:35:53mobile app
- 00:35:54or for log files
- 00:35:57so azure file storage are fully managed
- 00:35:59file shares
- 00:36:00that are accessible in azure via smb or
- 00:36:03nfs so smb is server message block
- 00:36:06widely used in the windows world and
- 00:36:09nfs's network file system
- 00:36:11commonly used on the linux platform
- 00:36:15disk storage refers to managed disks
- 00:36:18which are block level volumes managed by
- 00:36:20azure and used with azure vms
- 00:36:22they're just like physical disks that
- 00:36:24you would use in servers on premises
- 00:36:26they're just virtualized
- 00:36:28and really you just configure a bit of
- 00:36:31information about the type pick a size
- 00:36:33and provision
- 00:36:34so so simplified storage really
- 00:36:38thank you cloud and storage tier so
- 00:36:41azure includes hot cool and archive
- 00:36:45access tiers to store blob object data
- 00:36:48in a
- 00:36:49cost effective way so
- 00:36:52the hot data is data that's frequently
- 00:36:54accessed and then your infrequently
- 00:36:56accessed data is going to be in the cool
- 00:36:58tier
- 00:36:59for at least 30 days and then your
- 00:37:02archived tier
- 00:37:03is stored data that's
- 00:37:07rarely accessed and it's going to be the
- 00:37:09highest latency to get
- 00:37:11uh that data back for uh for visibility
- 00:37:15so retrieving
- 00:37:16that archive data is not going to be an
- 00:37:18instant operation but storing
- 00:37:20data in the archived tier is going to be
- 00:37:22very inexpensive and you can use
- 00:37:24lifecycle management policies to
- 00:37:26automate
- 00:37:27uh how the data shows up in these tiers
- 00:37:30i don't expect that you're going to see
- 00:37:32anything about lifecycle management
- 00:37:33policies on the exam but i wanted to
- 00:37:35throw that out there
- 00:37:36because that is a pretty common question
- 00:37:38i hear can i automate
- 00:37:39which tier the the data shows up in and
- 00:37:42the
- 00:37:43short answer is yes so that's not it
- 00:37:46when it comes to
- 00:37:47storage in azure so we also have table
- 00:37:50storage
- 00:37:52and queue storage that are worth
- 00:37:53discussing for sure
- 00:37:55so table storage allows us to store
- 00:37:58structured nosql data in azure
- 00:38:01including a schemas key
- 00:38:04attribute store so i see table storage
- 00:38:06used in a case where
- 00:38:08one might normally use a sql database
- 00:38:11but
- 00:38:12the relational aspect of sql isn't
- 00:38:15required where you just need
- 00:38:16a table of of you know keys and values
- 00:38:22and what's great about table storage in
- 00:38:24that respect is it's it's
- 00:38:25relatively cheap and it's fast and easy
- 00:38:28to manage at that point
- 00:38:31so let's talk about queue storage so
- 00:38:34this is a service restoring large
- 00:38:36numbers of
- 00:38:37messages that are accessible from
- 00:38:38anywhere via authenticated
- 00:38:41http or https calls
- 00:38:47and because q storage will scale way
- 00:38:49into the millions of messages
- 00:38:50this this shows up in in applications
- 00:38:53many times so
- 00:38:55cq storage talked about a lot in an
- 00:38:57application development context
- 00:39:01but the key word here is messages
- 00:39:05so you might wonder how how much like
- 00:39:08you know on-premises physical disks are
- 00:39:11disks in azure so i'm just going to flip
- 00:39:13over to
- 00:39:14my portal here quickly and i'll click on
- 00:39:17that
- 00:39:18resource group we looked at earlier in
- 00:39:20the course and i'm looking at the
- 00:39:21properties of my virtual machine here
- 00:39:22and i'm going to click on its
- 00:39:24disk so just as you would in a
- 00:39:27virtualization
- 00:39:28environment on-premises if you needed to
- 00:39:32examine disk performance you'll see that
- 00:39:34i can
- 00:39:35look at disk operations here so
- 00:39:38immediately i have some metrics that are
- 00:39:40available to me
- 00:39:42so i can assess my disk performance and
- 00:39:45if i find
- 00:39:46that my disk isn't performing at the
- 00:39:48level i need
- 00:39:49i can come in here and resize my disk
- 00:39:58so now let's transition to databases
- 00:40:01so quite a few options here we'll talk
- 00:40:02about cosmos db
- 00:40:04my sequel postgresql
- 00:40:09microsoft sql and sql managed
- 00:40:12instance so i'll point out
- 00:40:16some differentiating factors of each of
- 00:40:18these offerings where they fit so you
- 00:40:20know how to pick them out
- 00:40:22in the questions on the exam
- 00:40:27so let's start with cosmos db so cosmos
- 00:40:30db is a fully managed
- 00:40:32nosql database designed for modern
- 00:40:36application development it features
- 00:40:39ultra low response latency anywhere in
- 00:40:43the world it has
- 00:40:43apis for several popular languages and
- 00:40:46database platforms so essentially it can
- 00:40:49function
- 00:40:50as many other types of databases like
- 00:40:53uh sql mongodb gremlin
- 00:40:57cassandra spark i've used cosmos db for
- 00:41:00
- 00:41:01db myself using the api for so my
- 00:41:04mongodb
- 00:41:05queries can work against cosmos db and
- 00:41:07because it's a global
- 00:41:09platform the ultra low response latency
- 00:41:13those are those are keywords you want to
- 00:41:15remember for the exam and know
- 00:41:16that really cosmos features fast
- 00:41:20global access and data convergence in
- 00:41:22fact when you set up
- 00:41:23cosmos you can figure how it's going to
- 00:41:26behave and and where it's going to be
- 00:41:27available so setting up cosmos
- 00:41:30in a global configuration is actually
- 00:41:33not that difficult
- 00:41:35so microsoft sql so azure sql this is a
- 00:41:39fully managed pass database engine that
- 00:41:42handles most of the manage functions
- 00:41:44management functions for you like
- 00:41:46upgrading patching backups
- 00:41:48and monitoring
- 00:41:51in fact i'll show you an azure sql
- 00:41:53instance in just a moment
- 00:41:55we'll have a quick look so continuing
- 00:41:58here
- 00:41:59postgresql very similar it's a
- 00:42:01relational database service
- 00:42:03in the in the cloud based on postgresql
- 00:42:06community edition
- 00:42:07uh when you look at it in the azure
- 00:42:09portal it is a paths database offering
- 00:42:12it looks very much like
- 00:42:14microsoft sql in in the azure sql
- 00:42:16offering it's it's
- 00:42:18simply a different platform under the
- 00:42:20hood
- 00:42:21um mysql uh same thing based on my sql
- 00:42:26mysql
- 00:42:27community edition another paths
- 00:42:30relational database service
- 00:42:32and many of those functions handled in
- 00:42:34azure sql
- 00:42:35also handled in my sequel so and
- 00:42:38in fact when you look at these services
- 00:42:40they are three distinct services but
- 00:42:42they look
- 00:42:43very similar in the azure portal and in
- 00:42:47terms of their features
- 00:42:51in fact let's just pop over to the azure
- 00:42:52portal right quick and have a quick look
- 00:42:54at an azure
- 00:42:56sql instance so you'll notice here that
- 00:42:58you see the little sql icon it says sql
- 00:43:00server this is my
- 00:43:02azure sql server and if i click on that
- 00:43:05server
- 00:43:06i can come in here and see my sql
- 00:43:09databases and so there's my database
- 00:43:14and as i mentioned many of the functions
- 00:43:16the management functions are handled for
- 00:43:18you in this service so if i go to manage
- 00:43:20backups this is a great example because
- 00:43:22you'll see this across all three of
- 00:43:23those services across
- 00:43:25the microsoft azure sql and my sql and
- 00:43:28the postgresql offering is
- 00:43:31that you have a backup capability and
- 00:43:32you can configure retention here
- 00:43:35and you'll notice here i can go
- 00:43:38and i can do point in time restores uh
- 00:43:41all the way up to 35 days i can
- 00:43:44configure
- 00:43:45my retention so
- 00:43:48similar capabilities across my sequel
- 00:43:50and post post sql
- 00:43:53sql as well
- 00:43:57so closing out our database discussion
- 00:44:00we have sql managed instance so this is
- 00:44:02a cloud database service that combines
- 00:44:04the broadest sql service database engine
- 00:44:08compatibility with all the benefits of
- 00:44:12a platform as a service offering but
- 00:44:14broadest compatibility
- 00:44:16is the key here so you'll see this come
- 00:44:18up pretty typically in situations where
- 00:44:20we want to migrate an
- 00:44:21on-premises db to the cloud and
- 00:44:24compatibility is key because the
- 00:44:26database
- 00:44:27and and perhaps the application aren't
- 00:44:29quite ready
- 00:44:30for the cloud yet so sql managed
- 00:44:32instance solves for that problem
- 00:44:35and closing out this section the azure
- 00:44:38marketplace so this is a catalog
- 00:44:40of more than 17 000
- 00:44:43certified apps and services as of today
- 00:44:45that's growing no doubt
- 00:44:47essentially you can seamlessly deploy
- 00:44:50applications from the and services from
- 00:44:52the catalog it simplifies billing
- 00:44:54because you can have
- 00:44:55a single bill so so remember in terms of
- 00:44:58benefits simplifying billing single bill
- 00:45:01for all your microsoft and third party
- 00:45:04offerings in fact if i just switch over
- 00:45:06to the azure portal
- 00:45:09i'll just switch over to the azure
- 00:45:11portal and you'll see there's a
- 00:45:12marketplace icon there
- 00:45:14and that opens up the marketplace where
- 00:45:16i see
- 00:45:17a list of many offers and
- 00:45:20i can search here for whatever it is
- 00:45:24that i would like to purchase i can
- 00:45:26search by keyword or i can search down
- 00:45:28for specific
- 00:45:30solutions so as we move into objective
- 00:45:33domain three on az 900 i want to point
- 00:45:36out
- 00:45:36an important fact here and that's uh in
- 00:45:38the skills measured document for
- 00:45:40every azure certification exam i have
- 00:45:42ever looked at you're going to find
- 00:45:44right
- 00:45:44up near the the top under skills
- 00:45:47measured the following
- 00:45:48statement this list is not definitive or
- 00:45:52exhaustive meaning that there are
- 00:45:54elements related to the skills measured
- 00:45:57that may not be called out explicitly on
- 00:46:00the list of skills measured that may
- 00:46:02still appear on the exam that will
- 00:46:03become
- 00:46:04very apparent in a couple of key areas
- 00:46:07in
- 00:46:07objective domain three where i will call
- 00:46:10out some elements i think you may well
- 00:46:11see on the exam
- 00:46:12in spite of the fact that they are not
- 00:46:14called out explicitly in the skills
- 00:46:16measured
- 00:46:17in part because there are some
- 00:46:19components i know to be important
- 00:46:21commonly used and in part because i have
- 00:46:24seen those components called out
- 00:46:26explicitly
- 00:46:26in previous versions of az 900
- 00:46:30we're not going to waste a lot of time
- 00:46:31on it but they'll be called out so you
- 00:46:33have awareness going into that exam so
- 00:46:37objective domain 3 is divided into two
- 00:46:39parts there is describe
- 00:46:41core solutions available in azure and
- 00:46:43describe
- 00:46:44azure management tools
- 00:46:47so core solutions we'll touch on the
- 00:46:50following themes where you'll need to
- 00:46:52describe the benefits and usage
- 00:46:54of the core solutions iot
- 00:46:58synapse analytics hdinsight and azure
- 00:47:00data bricks are in the data warehouse
- 00:47:03category and then in machine learning
- 00:47:06and ai
- 00:47:07followed by serverless computing
- 00:47:09solutions that include azure functions
- 00:47:11and logic apps
- 00:47:12but are not limited to those two
- 00:47:15components
- 00:47:16and in the theme of devops we'll talk
- 00:47:18about azure devops github
- 00:47:21github actions and azure devtest
- 00:47:24lab so let's get right into it we'll
- 00:47:26talk about iot first and let's look at
- 00:47:28iot hub
- 00:47:30so iot hub is a central message hub for
- 00:47:32bi-directional communication
- 00:47:34between your iot app and the devices it
- 00:47:37manages
- 00:47:38so bi-directional is a key element here
- 00:47:42sometimes iot hub is compared to azure
- 00:47:46event hub and a key difference between
- 00:47:48iot hub and event hub is that the iot
- 00:47:52hub
- 00:47:52is bi-directional and in fact the event
- 00:47:55hub
- 00:47:56was used in iot scenarios before iot hub
- 00:47:59was released but that's one of the key
- 00:48:03capabilities that iot hub brought to the
- 00:48:06party so remember that
- 00:48:07when you see questions around iot hub if
- 00:48:10you see bi-directional show up there
- 00:48:12anywhere
- 00:48:13iot hub is bidirectional event hub is
- 00:48:15not
- 00:48:16iot central an iot application
- 00:48:20platform that simplifies the creation
- 00:48:23of iot solutions and helps to reduce
- 00:48:26the burden and cost of iot management
- 00:48:29operations and development
- 00:48:32this really points to the the core
- 00:48:35mission of iot
- 00:48:37central so iot central was developed to
- 00:48:40simplify the iot management process to
- 00:48:44reduce
- 00:48:45the the burden and the knowledge level
- 00:48:47required for organizations trying to
- 00:48:49manage iot
- 00:48:50in fact iot central is a fully managed
- 00:48:54sas solution so it's really lowering the
- 00:48:57bar by bringing
- 00:48:58some native management and monitoring
- 00:49:01functionality for your iot devices so
- 00:49:04those will be key elements you want to
- 00:49:05watch for in questions related to iot
- 00:49:08when you're trying to
- 00:49:09find the right solution so azure sphere
- 00:49:13is a secure high level application
- 00:49:16platform
- 00:49:17created by microsoft with built-in
- 00:49:19communication and security features for
- 00:49:21internet connected devices
- 00:49:23essentially it's a linux based operating
- 00:49:26system
- 00:49:26and a cloud-based security service that
- 00:49:29provides
- 00:49:30continuous security it was actually
- 00:49:33created by microsoft
- 00:49:35to run on an azure sphere certified chip
- 00:49:37and to connect
- 00:49:39with the azure sphere security service
- 00:49:42so definitely a purpose purpose-built
- 00:49:44operating system so
- 00:49:49let's talk about data warehouse if you
- 00:49:52see data lake
- 00:49:53synapse analytics hd insight or
- 00:49:56data bricks mentioned
- 00:50:00that all refers to something related to
- 00:50:03data warehouse now data lake didn't show
- 00:50:05up
- 00:50:06explicitly in that list i have seen data
- 00:50:08lake on
- 00:50:09az 900 exam descriptions previously
- 00:50:12so just keep an eye out for that so any
- 00:50:14of these four elements
- 00:50:16really would fall into common data
- 00:50:20warehouse scenarios so let's break these
- 00:50:22down
- 00:50:23and talk about how each fits so data
- 00:50:26lake the one
- 00:50:27not mentioned this is a technology that
- 00:50:29enables big data analytics
- 00:50:31and artificial intelligence it provides
- 00:50:35really less expensive
- 00:50:38storage than a relational database
- 00:50:41and it will store data from a variety of
- 00:50:45systems so it'll store data from
- 00:50:46business systems or other databases but
- 00:50:50most importantly here it will store
- 00:50:52diverse types of data relational
- 00:50:54and non-relational from diverse sources
- 00:50:57so data lake is a place where we can
- 00:51:00store
- 00:51:01large volumes of data inexpensively even
- 00:51:04if the data
- 00:51:05is not all of the same type and it's a
- 00:51:08place where we can leave data that
- 00:51:10will not be accessed constantly
- 00:51:13so synapse analytics is an integrated
- 00:51:15analytics service
- 00:51:17that basically gives us off-the-shelf
- 00:51:21insight into data warehouses and big
- 00:51:24data systems
- 00:51:25most importantly perhaps is that synapse
- 00:51:28analytics was formerly known as azure
- 00:51:30sql data
- 00:51:31warehouse so this is the core solution
- 00:51:35when it comes to data warehousing
- 00:51:38hdinsight
- 00:51:39will show up in discussions around
- 00:51:43hadoop so it's a cloud distribution of
- 00:51:46hadoop
- 00:51:47that makes processing massive amounts of
- 00:51:50data
- 00:51:51quickly much easier and it supports a
- 00:51:53number of open source frameworks so if
- 00:51:54you see
- 00:51:55hadoop spark hive kafka storm
- 00:51:58or any of those mentioned hdinsight may
- 00:52:02well be the answer that you are looking
- 00:52:04for
- 00:52:05so those open source frameworks are are
- 00:52:07key
- 00:52:08i think when it comes to hadoop and then
- 00:52:11databricks
- 00:52:12which is another analytics platform
- 00:52:15optimized for
- 00:52:17the azure platform and it offers two
- 00:52:20environments
- 00:52:21for developing data intensive
- 00:52:24applications so so keep that phrase in
- 00:52:26mind
- 00:52:27they have uh the databricks sql
- 00:52:30analytics and the databricks workspace
- 00:52:32but when you think about developing data
- 00:52:34intensive applications keep that phrase
- 00:52:36in mind
- 00:52:37when you're thinking about data bricks
- 00:52:40so let's move into
- 00:52:42machine learning and ai so there is
- 00:52:44azure machine learning
- 00:52:46cognitive services and the azure bot
- 00:52:48service so we'll start
- 00:52:50with azure machine learning so this is a
- 00:52:53cloud-based
- 00:52:54environment you can use to train deploy
- 00:52:56automate
- 00:52:57manage and track machine learning models
- 00:53:01this is where you're going to bring your
- 00:53:04models and
- 00:53:05cognitive services are cloud-based
- 00:53:08services with
- 00:53:09rest apis and client library sdks
- 00:53:13that help you to build cognitive
- 00:53:15intelligence
- 00:53:16into your application so the keywords
- 00:53:18there build in applications
- 00:53:22and it provides cognitive understanding
- 00:53:26in five main pillars vision speech
- 00:53:29language decision and search
- 00:53:33so just some defining characteristics
- 00:53:35for you there and again we have to
- 00:53:37describe these components right so this
- 00:53:39is really
- 00:53:40about your being able to identify uh
- 00:53:43which components
- 00:53:44fit into a solution and
- 00:53:47azure bot service is a managed bot
- 00:53:50development service that helps you
- 00:53:52connect your users via popular channels
- 00:53:54it's really a purpose-built
- 00:53:56environment for bot development so
- 00:53:58pretty easy to spot but
- 00:54:00those are the defining characteristics
- 00:54:01there that will help you pick the right
- 00:54:02answer
- 00:54:03on some of those exam questions now
- 00:54:07serverless so logic apps and functions
- 00:54:10were mentioned on that list it said
- 00:54:13including
- 00:54:14logic app and function so i've added
- 00:54:16event grid here which also falls
- 00:54:18into the serverless category again the
- 00:54:20list is not exhaustive it only takes a
- 00:54:22minute to mention it
- 00:54:23so i want to put it in front of you it's
- 00:54:25important
- 00:54:26so let's start with logic app a cloud
- 00:54:29service that helps you schedule automate
- 00:54:31and orchestrate tasks
- 00:54:33business processes and workflows
- 00:54:40and you can choose from a gallery
- 00:54:43of hundreds of pre-built connectors both
- 00:54:46microsoft connectors and connectors for
- 00:54:48third-party services this is really one
- 00:54:50of the defining characteristics
- 00:54:52of logic app in fact power automate
- 00:54:54previously known
- 00:54:56as flow is built on top
- 00:54:59of logic app so actually let me just
- 00:55:01switch over and show you the list
- 00:55:04of logic app connectors
- 00:55:07there's actually a page that lists them
- 00:55:08here there are hundreds of these
- 00:55:10connectors
- 00:55:12many for microsoft services many for a
- 00:55:14third party services but
- 00:55:16300 plus last i i checked count
- 00:55:21and you can you can leverage these
- 00:55:24you know alone or in in conjunction with
- 00:55:27one another there's no rule against
- 00:55:29having
- 00:55:30a workflow and logic app with multiple
- 00:55:32connectors involved
- 00:55:34so it's a pretty exciting capability
- 00:55:40so let's talk about azure functions this
- 00:55:43is an event driven
- 00:55:44compute on demand experience as
- 00:55:47microsoft calls it that extends the
- 00:55:49existing
- 00:55:50azure application platform with
- 00:55:52capabilities to implement
- 00:55:54code triggered events uh occurring in
- 00:55:57azure as well as in on-premises systems
- 00:56:00but but
- 00:56:00code triggered events is key here
- 00:56:04i want you to pay special attention to
- 00:56:06that phrase triggered by events that
- 00:56:08means
- 00:56:09that the functions are only running when
- 00:56:11they are triggered that is a
- 00:56:13hallmark of serverless we'll dig into
- 00:56:15the difference between platform as a
- 00:56:17service
- 00:56:18and serverless in just a moment but
- 00:56:21remember
- 00:56:22that when we're thinking about functions
- 00:56:23and event grid enables you to
- 00:56:26manage events across many different
- 00:56:28azure services
- 00:56:30and applications let me just show you
- 00:56:32here so so really event grid allows us
- 00:56:35to
- 00:56:35take events from a number of different
- 00:56:38sources all the sources are on the left
- 00:56:40here
- 00:56:41and we can trigger the event grid and
- 00:56:44push those over
- 00:56:45to handler so it's what we call a pub
- 00:56:47sub model
- 00:56:48also uh it's really an
- 00:56:52app or a service reacting to an event
- 00:56:54sometimes you'll
- 00:56:55hear it described as reactive
- 00:56:58uh programming so bottom line
- 00:57:03the way i think of it is is you know it
- 00:57:05enables you to easily
- 00:57:07push events to the configured
- 00:57:10destination as opposed to the much less
- 00:57:16the much less efficient pull model
- 00:57:20across serverless architecture in a pull
- 00:57:22model you have to set up a a
- 00:57:23subscription and there's a polling that
- 00:57:25happened so the push
- 00:57:27model eliminates the need for the
- 00:57:30the the destination to do a a polling
- 00:57:32operation for the for the pull so
- 00:57:35that really makes event grid a bit of a
- 00:57:37game changer in that
- 00:57:38respect okay so now
- 00:57:42the million dollar question that i
- 00:57:44promised you we would answer
- 00:57:46how is serverless different from
- 00:57:49platform as a service in terms of
- 00:57:51responsibility and really in terms
- 00:57:54of functionality
- 00:57:58so let's have a look so we have on one
- 00:58:01hand platform as a service and on the
- 00:58:03other hand
- 00:58:03serverless now they do have some common
- 00:58:05elements here so there's some overlap
- 00:58:07number one your devs have to write code
- 00:58:08in azure
- 00:58:10functions you're going to write code in
- 00:58:13c sharp or powershell or
- 00:58:16python or what have you uh serverless
- 00:58:19same
- 00:58:20scenario there's no server management
- 00:58:22you know with platform as a service
- 00:58:24and and serverless both uh you're
- 00:58:26relieved of managing
- 00:58:28the underlying infrastructure that's
- 00:58:30great now here's
- 00:58:31where the two differ so platform as a
- 00:58:34service does give you more
- 00:58:36control over the deployment environment
- 00:58:39so think
- 00:58:40about azure app service it's where we
- 00:58:42can host
- 00:58:43web applications i can configure a
- 00:58:46number of
- 00:58:48settings a wide variety of settings in
- 00:58:50fact related
- 00:58:51to the the web hosting instance there
- 00:58:55which will control certain aspects of
- 00:58:57how my application behaves on the
- 00:58:59serverless side you have
- 00:59:00less control over the deployment
- 00:59:03environment
- 00:59:04so think uh logic apps
- 00:59:07uh for is a great example with logic app
- 00:59:10uh
- 00:59:10really you're working in a low code
- 00:59:13scenario i mean there's there's some
- 00:59:15code involved in in logic app certainly
- 00:59:17you're going to be working with
- 00:59:19certain code-ish elements but it's a
- 00:59:21lower code environment and you have
- 00:59:24no control under the over the underlying
- 00:59:27environment it's just there and ready
- 00:59:29for you to use
- 00:59:30on the path side the application has to
- 00:59:33be configured to auto scale
- 00:59:35and on the serverless side the
- 00:59:37application scales automatically it's
- 00:59:38not your problem the scale is built into
- 00:59:40the platform
- 00:59:42and then on the platform as a service
- 00:59:44side the application can take a while to
- 00:59:47spin
- 00:59:47up and i've seen this firsthand in in
- 00:59:50the app service space there there are
- 00:59:52things you can do to make sure your app
- 00:59:55is always awake
- 00:59:56and ready to answer requests but but
- 00:59:58certainly a web app can go to sleep the
- 01:00:00thread can go to sleep when it's not
- 01:00:02executed for a certain number of minutes
- 01:00:04when there are no calls coming in right
- 01:00:06with serverless the application code
- 01:00:09only executes when it's invoked we're
- 01:00:10not worried about spinning up
- 01:00:12an azure function executes when it is
- 01:00:16triggered it's code triggered by events
- 01:00:19uh and that's another key
- 01:00:22difference
- 01:00:25so serverless has some small
- 01:00:28performance advantages and it relieves
- 01:00:30us of certain responsibilities it just
- 01:00:32adds a bit of additional polish
- 01:00:34in in certain use cases but that's the
- 01:00:38difference
- 01:00:38so so now you'll know for the exam so
- 01:00:40now we're going to move into
- 01:00:42devops so we'll talk about azure devops
- 01:00:44github github
- 01:00:45actions and azure dev test
- 01:00:49labs so azure devops this is a single
- 01:00:53platform for
- 01:00:54implementing devops deploying code using
- 01:00:57the
- 01:00:58the cicd framework that's continuous
- 01:01:01integration
- 01:01:02continuous deployment it's how we
- 01:01:04facilitate agile
- 01:01:06software development and azure devops
- 01:01:09is microsoft's native platform there are
- 01:01:12multiple components within azure devops
- 01:01:15there's
- 01:01:16a get capability called azure repos
- 01:01:19you have your your kanban board
- 01:01:22style functionality and azure boards
- 01:01:25just to name a couple on the other hand
- 01:01:28github
- 01:01:29is a service that microsoft acquired
- 01:01:33not too long ago it's a web-based git
- 01:01:36repository
- 01:01:37hosting service for source code
- 01:01:39management and distributed revision
- 01:01:41control now azure boards provides that
- 01:01:42sort of capability but github
- 01:01:45is a very widely used service across the
- 01:01:48internet
- 01:01:49by you know many people that don't
- 01:01:52necessarily use
- 01:01:53microsoft technology even it offers all
- 01:01:56the functionality of git for your source
- 01:01:57code management but it has a number of
- 01:01:59its own
- 01:02:00features github actions helps you
- 01:02:03automate
- 01:02:04your software development workflows from
- 01:02:06within github so it
- 01:02:07provides some similar functionality to
- 01:02:10what we would see in
- 01:02:11the ci cd uh scenario in azure
- 01:02:15devops but that's really what it's
- 01:02:16helping facilitate there is cicd the
- 01:02:19continuous integration
- 01:02:20and continuous deployment
- 01:02:23and you can build test package released
- 01:02:25or deploy an application
- 01:02:28or project on github with a workflow
- 01:02:33but cicd is the the acronym that comes
- 01:02:36up frequently in devops that's uh
- 01:02:37continuous integration
- 01:02:39continuous deployment or sometimes
- 01:02:42continuous delivery depending on who you
- 01:02:45ask
- 01:02:47then there's azure dev test labs which
- 01:02:50provides a self-service sandbox
- 01:02:52environment so you can quickly create
- 01:02:53dev test environments so you're
- 01:02:56minimizing the waste of deploying
- 01:02:58virtual machines that sit around running
- 01:02:59wasting your funds
- 01:03:01makes it easier to control your cost
- 01:03:03essentially so
- 01:03:04sandbox is the key keyword there and
- 01:03:08and the focus on minimizing waste
- 01:03:11controlling cost right it's about saving
- 01:03:13saving money and being more efficient in
- 01:03:15our dev test process
- 01:03:18if you're anything like me you don't
- 01:03:19like to waste money running your azure
- 01:03:20lab vms 24 7
- 01:03:22and that's where the resource scheduler
- 01:03:24for microsoft azure can help
- 01:03:26it's got a simple web ui making it an
- 01:03:28easy way to set up those vm run
- 01:03:29schedules
- 01:03:30and it comes with a free lifetime sub
- 01:03:33for 10 vms or less
- 01:03:34and you can find it in the azure
- 01:03:36marketplace
- 01:03:37you'll find a link in this video's
- 01:03:40description
- 01:03:41now we're going to move into the second
- 01:03:43half of objective domain
- 01:03:443 which will focus on describing azure
- 01:03:48management tool so look at the
- 01:03:49functionality
- 01:03:50and usage of azure portal powershell
- 01:03:53azure cli
- 01:03:54cloud shell and azure mobile app we'll
- 01:03:56talk about azure advisor
- 01:03:59azure resource manager or arm
- 01:04:02templates a great deployment capability
- 01:04:04will touch on azure monitor
- 01:04:06and azure service health all
- 01:04:10in that azure management bucket so
- 01:04:14when we think about interacting with our
- 01:04:15azure sub we have the azure portal which
- 01:04:17we can go to in any browser
- 01:04:19we have azure cloud shell which actually
- 01:04:21gives us access
- 01:04:22to the azure cli or azure powershell
- 01:04:25in a browser very exciting capability
- 01:04:28very convenient
- 01:04:29we have azure powershell which we you
- 01:04:31know typically access on a windows or
- 01:04:33linux system
- 01:04:34and then the azure mobile app which we
- 01:04:36can access from any ios or android
- 01:04:38device
- 01:04:39and finally azure cli which is going to
- 01:04:42be your
- 01:04:43your bash type your bash style command
- 01:04:45line
- 01:04:46also accessible both on windows and
- 01:04:49linux distros
- 01:04:54and and to be thorough you know azure
- 01:04:56you know powershell and azure cli both
- 01:04:58been tested on mac os
- 01:04:59so so it's not just windows and and
- 01:05:02linux
- 01:05:03so bear that in mind but azure portal
- 01:05:05that's our web-based unified console
- 01:05:07portal.azure.com where we can manage our
- 01:05:09azure subscription using
- 01:05:11a web-based gui it's our graphical ui
- 01:05:14the cloud shell
- 01:05:15is an interactive authenticated browser
- 01:05:18accessible shell
- 01:05:19for managing your azure resources if
- 01:05:21you've not gone through any of the
- 01:05:23the ms learn content related to az 900
- 01:05:26or looked at any of the examples on the
- 01:05:28microsoft site frequently you will find
- 01:05:31quick start tutorials that leverage
- 01:05:33azure cloud shell
- 01:05:34to deploy the capability that you're
- 01:05:37going to work with in that tutorial
- 01:05:40in fact let me just show you the cloud
- 01:05:42shell quickly
- 01:05:47so here in the azure portal there are
- 01:05:49two couple of ways i can get to the
- 01:05:50cloud shell so number one at
- 01:05:52portal.azure.com i can simply hit the
- 01:05:54cloud shell icon here which is going to
- 01:05:56switch me over to the cloud shell and
- 01:05:58there i have
- 01:05:59you'll see the bash version of the cloud
- 01:06:02shell so if i use azure cli
- 01:06:04syntax here i'll do a z account list
- 01:06:07and i get a list of my azure
- 01:06:11subscriptions now i can also go to
- 01:06:15shell.azure.com and that's going to do a
- 01:06:18redirect over to
- 01:06:19start the cloud shell for me as well
- 01:06:23and you notice there that we have a
- 01:06:24couple of flavors right we have bash or
- 01:06:26powershell so you can pick your
- 01:06:28preferred
- 01:06:28language i tend to to use
- 01:06:31azure cli so i use the bash version but
- 01:06:34uh the powershell version equally
- 01:06:38valid here so i'll just flip over to the
- 01:06:41powershell version and we'll have a look
- 01:06:44here that took a minute to come up but
- 01:06:46there we have our powershell version of
- 01:06:48the command shell so i can then just
- 01:06:50type powershell commandlets so i'll do
- 01:06:52the same
- 01:06:52operation but in powershell speaks a get
- 01:06:54dash az
- 01:06:56subscription and i can list my
- 01:06:58subscription so
- 01:07:00you can pick your language any browser
- 01:07:01which means you can really take this to
- 01:07:03any
- 01:07:03client operating system where you you
- 01:07:05have a browser you can work with so very
- 01:07:07handy
- 01:07:08in that respect but it includes both
- 01:07:11those options
- 01:07:13and now azure powershell so this is a
- 01:07:18set of commandlets for managing azure
- 01:07:19resources directly from
- 01:07:21the powershell command line so you'd use
- 01:07:23this on
- 01:07:25your windows 10 client for example or
- 01:07:28a linux system or even a recent build a
- 01:07:32mac os
- 01:07:33the azure mobile app is an app for ios
- 01:07:36and android that enables manage
- 01:07:38managing tracking health and status and
- 01:07:40troubleshooting your azure resources i
- 01:07:42tend to use the mobile app
- 01:07:44for quick operations if i need to start
- 01:07:46a virtual machine for example if there's
- 01:07:48something small that i'd like to look
- 01:07:49into i'm not a big fan of working
- 01:07:51on small screens but the azure mobile
- 01:07:54app has come a long way
- 01:07:56over the years and and there's a lot of
- 01:07:58capability
- 01:07:59that at your fingertips there from the
- 01:08:02phone
- 01:08:06and the azure cli so this is the command
- 01:08:10line interface uh abbreviated as your
- 01:08:13cli actually so this is a set of
- 01:08:15commands used to create and manage azure
- 01:08:17resources
- 01:08:19this is where we we work at the the bash
- 01:08:23command line so i find azure cli is very
- 01:08:26friendly to
- 01:08:27open source developers who work in the
- 01:08:30world of linux who who maybe don't use
- 01:08:32powershell today azure cli is very
- 01:08:34friendly to the
- 01:08:35the other side of the house as i
- 01:08:37sometimes refer to them
- 01:08:38but it's available on windows mac os
- 01:08:40linux docker
- 01:08:42and azure cloud shell so you can get to
- 01:08:44it everywhere
- 01:08:47azure advisor so azure advisor scans
- 01:08:51your azure configuration and it
- 01:08:52recommends changes to optimize
- 01:08:54deployments
- 01:08:56increase security and save you money
- 01:09:00but it analyzes the configuration of the
- 01:09:03resources
- 01:09:04present in the azure subscription
- 01:09:08so already present meaning existing
- 01:09:10resources right this isn't uh
- 01:09:12isn't taking place on new deployments
- 01:09:14that aren't yet deployed it's focusing
- 01:09:16on
- 01:09:17four areas again high availability
- 01:09:19security performance
- 01:09:20and costs of those existing deployments
- 01:09:23in fact you get a prompt sometimes when
- 01:09:25you log into the portal that azure
- 01:09:26advisor would like to
- 01:09:28help you out now we're going to talk
- 01:09:32about azure resource
- 01:09:33manager templates or arm templates for
- 01:09:35short
- 01:09:36so an arm template is a json file that
- 01:09:39describes the infrastructure and
- 01:09:41configuration for our project it's how
- 01:09:43we describe
- 01:09:44to azure what we would like to deploy
- 01:09:48and generally speaking arm templates are
- 01:09:50the preferred
- 01:09:51deployment methodology in azure and
- 01:09:54there's a good reason for that
- 01:09:56that's because in part arm templates use
- 01:10:00a declarative syntax declarative means
- 01:10:03that we
- 01:10:04describe our desired end result
- 01:10:07in that json document without spelling
- 01:10:10out
- 01:10:10the exact steps that are required the
- 01:10:13exact step-by-step process
- 01:10:15required to achieve that end result so
- 01:10:17we save a lot of time
- 01:10:19writing out step-by-step code
- 01:10:22in a script for example so it's very
- 01:10:25efficient in that respect
- 01:10:26arm templates are also idempotent which
- 01:10:29means we can deploy that
- 01:10:31template as many times as we want and we
- 01:10:33get the same resources and the same
- 01:10:35state as an end result so if i would
- 01:10:38like to deploy one virtual machine
- 01:10:40behind an azure firewall attached to a
- 01:10:42virtual network if i run that template
- 01:10:45five times at the end of the day i will
- 01:10:48still have
- 01:10:49in that template for vm1 after five runs
- 01:10:52i will have a single virtual machine
- 01:10:54named vm1
- 01:10:55configured as that template defined
- 01:11:00and that property of being idempotent or
- 01:11:04or idempotent
- 01:11:05means that when we have a situation
- 01:11:08where maybe our environment has been
- 01:11:10changed by
- 01:11:10unauthorized manual changes in some way
- 01:11:14i can rerun that deployment template
- 01:11:17and bring my environment up to
- 01:11:20the component and the state the same
- 01:11:22resources and state
- 01:11:24that i desire so very handy in that
- 01:11:27respect you'll you'll often hear arm
- 01:11:28templates
- 01:11:30used in the same sentence as the phrase
- 01:11:32infrastructure as code that's really
- 01:11:34what we're doing here
- 01:11:37and i can deploy arm templates
- 01:11:41from azure powershell azure cli
- 01:11:44and azure devops in the azure portal i
- 01:11:46can use them everywhere really the
- 01:11:48ability to use arm templates is
- 01:11:49ubiquitous
- 01:11:51throughout my my azure tooling in that
- 01:11:54respect
- 01:11:55all right so azure monitor is a service
- 01:11:57that collects
- 01:11:58monitoring telemetry from from a variety
- 01:12:02of ad not only azure sources but
- 01:12:04on-premises sources we can use
- 01:12:06an agent to gather data
- 01:12:09and management tools like azure security
- 01:12:12center also push
- 01:12:13log data to azure monitor in fact azure
- 01:12:17monitor aggregates and stores this
- 01:12:19telemetry in an azure log
- 01:12:22analytics instance so so that log
- 01:12:25analytics instance is the back end
- 01:12:27data store
- 01:12:31and finally azure service health this
- 01:12:33notifies us
- 01:12:34about azure service incidents and plan
- 01:12:37maintenance
- 01:12:38so we can take action to mitigate
- 01:12:40downtime
- 01:12:42very simple all about notification
- 01:12:46and now we're moving into objective
- 01:12:48domain 4 which is describe
- 01:12:51general security and network security
- 01:12:53features
- 01:12:54and if we look at the skills measured
- 01:12:57here
- 01:12:58objective domain 4 is broken into a
- 01:13:00couple of parts there's
- 01:13:02describe azure security features and
- 01:13:04describe
- 01:13:05azure network security so let's dive
- 01:13:09right in so the first part here
- 01:13:11describing security features we'll talk
- 01:13:13about
- 01:13:14azure security center including
- 01:13:16functionality within
- 01:13:18security center like policy compliance
- 01:13:20security alerts secure score and
- 01:13:21resource
- 01:13:22hygiene describing the functionality and
- 01:13:26usage of key vault
- 01:13:28functionality around azure sentinel
- 01:13:30microsoft security information
- 01:13:33an event management solution and then
- 01:13:35finally
- 01:13:36functionality and usage of azure
- 01:13:38dedicated
- 01:13:39hosts so let's get right to it so
- 01:13:43we have security center key vault azure
- 01:13:46sentinel and dedicated host so we'll
- 01:13:47start
- 01:13:48with security center so this is a
- 01:13:51unified
- 01:13:51infrastructure security management
- 01:13:53system that basically
- 01:13:56strengthens our security posture
- 01:14:01through security guidance so security
- 01:14:04center
- 01:14:04will provide guidance around compute
- 01:14:08data network storage apps and other
- 01:14:12services i think the best way to
- 01:14:15tell you about this is to simply show
- 01:14:16you so let's take a quick look
- 01:14:18at security center
- 01:14:22i'll switch over to my azure portal and
- 01:14:25from
- 01:14:26the left menu here i can click on
- 01:14:28security center and bring up
- 01:14:29my security center overview page so
- 01:14:32amongst
- 01:14:32some of the features mentioned in the
- 01:14:34skills measured i see my secure score
- 01:14:36here which
- 01:14:37shows me my current score relative to
- 01:14:40the maximum score with a link
- 01:14:42with options to improve my score that
- 01:14:44link will actually take me to the
- 01:14:46recommendations
- 01:14:47and in here we will see some of the
- 01:14:50the recommendations around resource
- 01:14:52hygiene the recommendations are listed
- 01:14:55in
- 01:14:55descending order based on their
- 01:14:57potential to increase
- 01:14:59my score so for example
- 01:15:02enabling mfa across all accounts with
- 01:15:04owner permissions and it shows me the
- 01:15:06subscriptions where i need to do that
- 01:15:08red means work needs to be done green
- 01:15:12would be healthy and we'll see the
- 01:15:16security alerts
- 01:15:18capability here so alerts are just
- 01:15:19surfaced in the uh the
- 01:15:22right here in the portal if anything has
- 01:15:24uh has arisen
- 01:15:26uh i can look at pricing and settings
- 01:15:27and here's where i can see some
- 01:15:29difference between
- 01:15:30the free tier and the paid tier or the
- 01:15:32standard tier
- 01:15:33of security center you're also going to
- 01:15:35notice here that it mentions azure
- 01:15:36defender so
- 01:15:38at microsoft ignite uh the big
- 01:15:40conference in in
- 01:15:41late 2020 there was a rebranding of
- 01:15:44microsoft security products bringing
- 01:15:46them all under the microsoft defender
- 01:15:48family and security center
- 01:15:51comes under the azure defender moniker
- 01:15:54so this is really just a bit of branding
- 01:15:56here the the functionality uh whether
- 01:15:57it's security center or listed as azure
- 01:15:59defender
- 01:16:00uh is the same uh that's merely a
- 01:16:03branding chain
- 01:16:04so there's actually a link to a related
- 01:16:08video
- 01:16:08in the video description here that will
- 01:16:11walk you through
- 01:16:12those branding changes that happened at
- 01:16:14microsoft ignite but i wanted to bring
- 01:16:16you here to show you that
- 01:16:18we can see here the difference between
- 01:16:19the free tier of security center and the
- 01:16:21paid tier so in the free tier we get the
- 01:16:23continuous assessment we get the
- 01:16:25resource
- 01:16:25hygiene and the security recommendations
- 01:16:27we get the secure score but what we're
- 01:16:29missing
- 01:16:30are advanced features like just-in-time
- 01:16:32vm access uh regulatory compliance
- 01:16:35uh any sort of advanced threat
- 01:16:38protection the elements that
- 01:16:39that add uh advanced functionality or
- 01:16:42intelligence as i like to call them many
- 01:16:43times are missing
- 01:16:44and when i turn azure defender on when i
- 01:16:47go to that standard tier i can come down
- 01:16:49here and turn
- 01:16:50defender defender on security center on
- 01:16:53for specific workloads you see here that
- 01:16:56servers and app service and azure sql
- 01:16:59and kubernetes and key vault they're all
- 01:17:01of these workloads are split out i can
- 01:17:02see the pricing very clearly
- 01:17:04i could even use policy to
- 01:17:08exclude certain instances if i didn't
- 01:17:11want to
- 01:17:12to pay for a hundred percent of my
- 01:17:14servers or a hundred percent of my azure
- 01:17:16sql databases i can certainly break
- 01:17:18those resources off into separate
- 01:17:19subscriptions but even
- 01:17:21at the subscription level i could get in
- 01:17:23here and
- 01:17:24configure that with a little more
- 01:17:26granularity but
- 01:17:27point being you get some free
- 01:17:29functionality here that gives you the
- 01:17:30basics to
- 01:17:31to help improve the security of your
- 01:17:33environment
- 01:17:34really important feature very likely to
- 01:17:37come up
- 01:17:38on the exam azure key vault is a place
- 01:17:42where
- 01:17:42we can securely store and access
- 01:17:46secrets and this cloud service allows us
- 01:17:48to store
- 01:17:49anything that we want to tightly control
- 01:17:51access to whether it's an api key a
- 01:17:53password
- 01:17:54a a an ssl certificate a certificate
- 01:17:57we'd use for secure http
- 01:17:59communication for example or cryptogear
- 01:18:02cryptographic keys and i can access
- 01:18:06key vault from a variety
- 01:18:09of methods so i can access the key vault
- 01:18:14from
- 01:18:14the azure portal i can access it from
- 01:18:17azure devops from my
- 01:18:19arm templates from powershell azure cli
- 01:18:23programmatically via api so
- 01:18:27really ubiquitous in terms of how i can
- 01:18:30access my secrets during the you know
- 01:18:33various
- 01:18:34deployment options that i have for azure
- 01:18:36now azure sentinel
- 01:18:38is microsoft's cloud native security
- 01:18:41information event
- 01:18:42management solution which comes with the
- 01:18:45additional
- 01:18:46functionality known as soar security
- 01:18:48orchestration automated
- 01:18:50response so not only can we
- 01:18:53ingest data from
- 01:18:56our many services in azure and our third
- 01:18:59party
- 01:19:01services that have security information
- 01:19:03to provide us like firewalls and network
- 01:19:05devices for example
- 01:19:07but azure sentinel can provide
- 01:19:11orchestrated automated response where
- 01:19:14necessary an azure sentinel has
- 01:19:19built-in ai uh there's a feature called
- 01:19:22fusion that's enabled by default so so
- 01:19:24ai
- 01:19:25comes in azure sentinel right out of the
- 01:19:27box and microsoft is always working to
- 01:19:29improve that capability
- 01:19:31uh but but azure sentinel is quite easy
- 01:19:33to set up because
- 01:19:34you're by and large enabling a broad
- 01:19:37range of connectors uh you know for for
- 01:19:40everything from
- 01:19:41azure active directory logs to office
- 01:19:43365 connectors
- 01:19:45to which don't require much beyond
- 01:19:47pushing a couple of buttons to
- 01:19:50connectors that do require some
- 01:19:51configuration such as ingesting syslog
- 01:19:54or common event format data from
- 01:19:56your network devices
- 01:20:00and dedicated hosts azure dedicated
- 01:20:02hosts are
- 01:20:03just what they probably sound like to
- 01:20:05you it's a dedicated physical server
- 01:20:06that's able to host
- 01:20:08you know one or more virtual machines in
- 01:20:09a single azure subscription so a host
- 01:20:11that you are not
- 01:20:13sharing and and i can definitely think
- 01:20:15of a few
- 01:20:16very high security
- 01:20:19uh scenarios life and death situations
- 01:20:23where having
- 01:20:24a dedicated host for security and or
- 01:20:27performance
- 01:20:28may well be desirable such as if
- 01:20:31life or death human safety were involved
- 01:20:34so we're going to finish out objective
- 01:20:36domain 4 by looking at
- 01:20:38the last half of that domain which is uh
- 01:20:40azure network security so we'll talk
- 01:20:42about defense and depth network security
- 01:20:44groups azure firewall
- 01:20:46azure distributed denial of service
- 01:20:50protection so why don't we start with
- 01:20:51defense and depth this is a concept
- 01:20:54that espouses that promotes a layered
- 01:20:58approach to security basically not
- 01:21:00relying on one method to completely
- 01:21:02protect our environment but layering in
- 01:21:04multiple tools to provide
- 01:21:06better security posture a pretty
- 01:21:09widely uh adopted concept in the world
- 01:21:12of cyber security
- 01:21:14a network security group is a construct
- 01:21:17that contains security rules that allow
- 01:21:19or deny
- 01:21:20inbound traffic network traffic to
- 01:21:24a component a service or outbound
- 01:21:26traffic from
- 01:21:27several types of azure resources for
- 01:21:30each
- 01:21:31rule in a network security group you can
- 01:21:33specify a source and a destination
- 01:21:35important protocol
- 01:21:36and an allow or deny and
- 01:21:39you can apply network security groups to
- 01:21:42a subnet or on a vm we can even attach
- 01:21:44it to a network adapter
- 01:21:46in fact why don't i just show you a
- 01:21:49network security group right quick so
- 01:21:50i'll switch over to my azure portal i'm
- 01:21:52going to click on the
- 01:21:53resource group for the virtual machine
- 01:21:55we looked at earlier in the course
- 01:21:57and there's a network security group
- 01:21:59created automatically when you deploy an
- 01:22:01azure vm and so for a windows
- 01:22:03vm when i look at my network security
- 01:22:05group
- 01:22:06i will see inbound security rules and
- 01:22:09outbound security
- 01:22:10rules so the the last rule in terms of
- 01:22:13priority on the inbound is deny all
- 01:22:16inbound so it's any port any protocol
- 01:22:18any source any destination
- 01:22:20so the only thing i have coming from any
- 01:22:22source which would include the internet
- 01:22:24is i have an allow rule here that allows
- 01:22:26remote desktop protocol so i can use rdp
- 01:22:29to attach to this vm and you see the
- 01:22:31little warning symbol there just
- 01:22:32alerting me that hey you have a
- 01:22:34port open to the internet i could
- 01:22:37protect this
- 01:22:38using the just in time vm access feature
- 01:22:43in azure security center in in azure
- 01:22:45defender
- 01:22:46if i wanted but that gives you a good
- 01:22:49idea of the default it feels a little
- 01:22:51bit like a firewall
- 01:22:52uh but but it's not so so it's really um
- 01:22:56something a bit different in in that
- 01:22:58respect but uh
- 01:23:01network adapter by the way you know you
- 01:23:03may see that referred to as
- 01:23:05nick in some questions so if you're not
- 01:23:07super technical and
- 01:23:08you haven't heard of nick um network
- 01:23:11adapter and nick are
- 01:23:12two ways to refer to the same thing
- 01:23:16all right azure firewall so this is a
- 01:23:19managed
- 01:23:20cloud-based network security service
- 01:23:21that protects your azure virtual network
- 01:23:24resources and it's a fully
- 01:23:27stable firewall as a service it's called
- 01:23:30it has built-in high availability
- 01:23:34and unrestricted cloud
- 01:23:37scalability
- 01:23:40so among the many interesting things
- 01:23:42about azure firewall is i don't have to
- 01:23:45deploy multiple virtual network
- 01:23:47appliances for
- 01:23:48that high availability and scalability
- 01:23:51it's built into the service for me so
- 01:23:54aha
- 01:23:54comes out of the box by default
- 01:23:58then finally azure ddos so this is a
- 01:24:02service that
- 01:24:02provides enhanced distributed denial of
- 01:24:06service mitigation features to defend
- 01:24:08against
- 01:24:09distributed denial of service or ddos
- 01:24:12attacks
- 01:24:13do bear in mind there is a basic tier
- 01:24:18of azure ddos so the standard tier
- 01:24:21provides
- 01:24:22enhanced ddos mitigation and that
- 01:24:25enhanced
- 01:24:26tier that standard tier we call it
- 01:24:28includes logging alerting
- 01:24:30and telemetry that you don't get in the
- 01:24:31free basic tier that's present
- 01:24:33everywhere by default you don't have to
- 01:24:34do anything
- 01:24:36for the basic tier now we're going to
- 01:24:39move into objective domain 5 where we'll
- 01:24:41talk about
- 01:24:42identity governance privacy and
- 01:24:44compliance features
- 01:24:45in azure and this objective domain
- 01:24:49is broken up into a few parts so we have
- 01:24:51described core azure identity services
- 01:24:54describe azure governance features and
- 01:24:57describe
- 01:24:58privacy and compliance resources so
- 01:25:01let's start with azure identity services
- 01:25:04we'll talk about the difference between
- 01:25:06authentication and authorization
- 01:25:08we'll talk about azure active directory
- 01:25:11and what is azure ad
- 01:25:13exactly and finally we'll
- 01:25:16touch on some related concepts that pop
- 01:25:19up in azure active directory discussions
- 01:25:22specifically conditional access
- 01:25:23multi-factor authentication and
- 01:25:26single sign-on so let's start
- 01:25:30with authentication and authorization
- 01:25:34which we we also call authen and auth
- 01:25:36z so authentication is the process of
- 01:25:38proving
- 01:25:39that you are who you say you are
- 01:25:42and then authorization is the act of
- 01:25:45granting
- 01:25:46that authenticated party permission
- 01:25:49to do something so i kind of think of
- 01:25:53this as identity and access really if
- 01:25:54i'm
- 01:25:55breaking it down into plain english now
- 01:25:57azure active directory which is azure ad
- 01:26:00for short is microsoft's cloud-based
- 01:26:03identity
- 01:26:04and access management service it helps
- 01:26:07our employees sign
- 01:26:08in and access resources uh internal
- 01:26:11resources such as
- 01:26:12apps on our corporate network or custom
- 01:26:14cloud apps
- 01:26:15or external resources like microsoft 365
- 01:26:19and the azure portal and many
- 01:26:21sas apps that show up in the catalog
- 01:26:24or that i integrate or federate with my
- 01:26:26azure ad instance
- 01:26:30so let's touch on single sign-on
- 01:26:33multi-factor authentication and
- 01:26:35conditional access and we'll have a look
- 01:26:38at azure ad in a moment so we can tie
- 01:26:41all of these concepts together
- 01:26:43and and just solidify in your mind what
- 01:26:45we're talking about here conceptually so
- 01:26:47single sign-on
- 01:26:48means a user doesn't have to sign into
- 01:26:50every application they use
- 01:26:52uh essentially the user logs in once and
- 01:26:54that credential is is reused
- 01:26:57for multiple apps but but the
- 01:27:00logging in once is the the key there and
- 01:27:04single sign-on based authentication
- 01:27:07systems are
- 01:27:08often called modern authentication
- 01:27:12the multi-factor authentication works by
- 01:27:14essentially requiring
- 01:27:16two or more authentication methods so
- 01:27:19beyond just entering a password
- 01:27:21um mfa would would take something you
- 01:27:24know like a pin or a password and couple
- 01:27:26that with
- 01:27:26something you have like a trusted device
- 01:27:30uh and or or something that you are like
- 01:27:33a biometric like
- 01:27:34uh using your face uh or a fingerprint
- 01:27:38so
- 01:27:38something you have a trusted device with
- 01:27:40the authenticator app is is typically
- 01:27:43how
- 01:27:44we we see folks authenticating to azure
- 01:27:47active directory
- 01:27:50and the the whole idea of authentication
- 01:27:53and authorization the concepts we're
- 01:27:54talking about here the the
- 01:27:56rabbit hole runs really deep you you can
- 01:27:58expect that you won't
- 01:27:59get into too much depth on the az900
- 01:28:02exam
- 01:28:03uh thankfully conditional access
- 01:28:06uh is used by azure active directory to
- 01:28:08bring signals together to make decisions
- 01:28:11and enforce
- 01:28:12organizational policies in scenarios
- 01:28:16where a user attempts to access
- 01:28:18resources so essentially
- 01:28:20a user when they when they attempt to
- 01:28:22log in
- 01:28:23a conditional access policy is going to
- 01:28:25look at their location the device
- 01:28:27the application they're trying to log
- 01:28:30in with and then real-time risk are they
- 01:28:34coming from a strange ip address for
- 01:28:36example
- 01:28:38and and based on that we'll
- 01:28:41verify the access attempt and allow
- 01:28:43access or if there's some risk require
- 01:28:46multi-factor authentication or if
- 01:28:48there's
- 01:28:48extreme risk you know block access
- 01:28:50altogether
- 01:28:51and if the user gets past these gates
- 01:28:55they can get to the resource they are
- 01:28:57requesting access to
- 01:29:00so let me just switch over to the azure
- 01:29:02portal and show you around
- 01:29:03conditional access in azure ad briefly
- 01:29:06so we'll just switch over to
- 01:29:08portal.azure.com and i've actually
- 01:29:10clicked on
- 01:29:10active directory and if i scroll down
- 01:29:12under security
- 01:29:14i can get down here to conditional
- 01:29:16access and we'll just look at a
- 01:29:18conditional access policy i'll really
- 01:29:22just get down into any
- 01:29:23conditional access policy so you can see
- 01:29:25some of the settings so i can
- 01:29:27assign a policy to specific users and
- 01:29:31groups and i can include and exclude
- 01:29:34users based on who they are or the roles
- 01:29:37they're in
- 01:29:38i can assign my policy to be
- 01:29:41effective for specific apps or even all
- 01:29:44apps
- 01:29:45and i can you know put some exclusions
- 01:29:48in here it can be very
- 01:29:49selective so all cloud apps i can
- 01:29:51exclude specific apps
- 01:29:53when i get down to conditions here
- 01:29:54you'll see that i can
- 01:29:56provide other conditions that my policy
- 01:29:59can use to assess
- 01:30:00the access attempt so if i've turned on
- 01:30:04the identity protection feature there's
- 01:30:07which comes in the higher plan two tier
- 01:30:10of azure id i can incorporate risk into
- 01:30:14the process so if the user
- 01:30:16is assessed as being medium or high risk
- 01:30:18based on their circumstances
- 01:30:21maybe they're coming from an unfamiliar
- 01:30:23ip or they've exhibited
- 01:30:24impossible travel we can
- 01:30:27take action based on that we can look at
- 01:30:31sign in risk so the specific risk level
- 01:30:36and which levels this policy will apply
- 01:30:39to
- 01:30:40i can look at device platform so i could
- 01:30:42enable this
- 01:30:44policy to be specific to certain devices
- 01:30:47maybe
- 01:30:48i'm i'm only looking at my mobile
- 01:30:50platforms for this particular
- 01:30:52rule for example or maybe i'm just
- 01:30:54looking at my windows desktops
- 01:30:56i can look at location so just as
- 01:30:59important as providing a second factor
- 01:31:01of authentication
- 01:31:02it's not providing a second factor when
- 01:31:05it's not necessary so for example
- 01:31:08i might want to exclude named
- 01:31:11locations so if i have trusted locations
- 01:31:15like
- 01:31:16my office for example i don't want to
- 01:31:18prompt a user when they're coming from a
- 01:31:19trusted managed device in the office
- 01:31:21that's really just annoying isn't it
- 01:31:24so i might exclude those locations
- 01:31:27but lots of capabilities here and then
- 01:31:30once all my
- 01:31:32settings are met or not i can then
- 01:31:34configure the conditions under which i
- 01:31:36grant access
- 01:31:37so for example i can block access based
- 01:31:40on conditions or i can grant access
- 01:31:42based on
- 01:31:43one or multiple of these items you'll
- 01:31:46notice here i can require multi-factor a
- 01:31:48device to be marked as compliant a
- 01:31:50device to be hybrid azure adjoined
- 01:31:53or using an approved app and you'll
- 01:31:56notice here
- 01:31:57for multiple controls i can require all
- 01:31:59or require only one
- 01:32:01of these items so so a lot of
- 01:32:04flexibility
- 01:32:05in azure ad conditional access and i can
- 01:32:08even able enable a policy to report only
- 01:32:11so i can
- 01:32:12apply a policy in report only mode and
- 01:32:14see
- 01:32:15what the the impact would be so
- 01:32:19pretty exciting functionality really so
- 01:32:21next in
- 01:32:22objective domain five we'll talk about
- 01:32:24azure governance features we'll touch on
- 01:32:26role-based access control
- 01:32:28resource locks using tags
- 01:32:32functionality around azure policy we'll
- 01:32:34touch on blueprints
- 01:32:36and briefly touch on the cloud adoption
- 01:32:40framework
- 01:32:40for azure so governance features we have
- 01:32:44role-based access control so this helps
- 01:32:46us manage
- 01:32:47who has access to azure resources what
- 01:32:49they can do with those resources
- 01:32:51and which areas they have access
- 01:32:55to and this is built on
- 01:32:59azure resource manager it provides
- 01:33:01fine-grained
- 01:33:02access management of azure resources and
- 01:33:05in fact if i look in
- 01:33:08azure active directory there's a roles
- 01:33:10and administrator
- 01:33:11area where i can see pre-defined roles
- 01:33:14that are available to me so i can
- 01:33:16configure a very
- 01:33:18granular role-based access control
- 01:33:20strategy and incidentally i can
- 01:33:22also use the new custom role option here
- 01:33:24to create
- 01:33:25custom roles so i can even further
- 01:33:29target my role-based access control
- 01:33:32strategy so how i delegate permissions
- 01:33:35in my
- 01:33:36environment so resource locks
- 01:33:40allow us to prevent users in our
- 01:33:42organization from accidentally deleting
- 01:33:44or modifying
- 01:33:45critical resources deployed in our azure
- 01:33:48subscription so the lock
- 01:33:49overrides any permissions that the user
- 01:33:52might have
- 01:33:54so it's a preventative measure really
- 01:33:58so let's talk about azure governance
- 01:34:00let's get into
- 01:34:02policy initiatives and blueprints so
- 01:34:05azure policy this is a definition of the
- 01:34:08conditions that we want to
- 01:34:10control or govern in our environment
- 01:34:14so we use azure policy to
- 01:34:18help enforce our standards so i can
- 01:34:21ensure that
- 01:34:22virtual machines are only deployed in
- 01:34:25certain sizes they're only deployed
- 01:34:28to certain regions i can enforce
- 01:34:33naming conventions uh quite a wide
- 01:34:35variety
- 01:34:36and an initiative is a collection
- 01:34:39of azure policy definitions that are
- 01:34:42grouped together to help
- 01:34:43work towards a specific goal and
- 01:34:46way back in objective domain one we
- 01:34:49talked about
- 01:34:50management groups and subscriptions for
- 01:34:53example so management groups are
- 01:34:55really common boundary used to apply
- 01:34:59our policy so we can actually enforce
- 01:35:02our standards across
- 01:35:03multiple subscriptions at the same time
- 01:35:06it's how we
- 01:35:07we can manage we can provide that
- 01:35:09consistency
- 01:35:11at scale so you may
- 01:35:14see blueprint come up somewhere a
- 01:35:16blueprint is a container for composing
- 01:35:19sets of standards patterns and
- 01:35:20requirements for for
- 01:35:22implementation of our our services
- 01:35:24security and design and azure
- 01:35:27blueprint is often used in the same
- 01:35:29sentence as the phrase
- 01:35:30new environment and incidentally
- 01:35:33blueprint was not mentioned on the
- 01:35:35skills measured but
- 01:35:37again going back to that phrase neither
- 01:35:40exhaustive nor definitive i wanted to
- 01:35:43just mention blueprint so you've you've
- 01:35:45got that in your head in case blueprints
- 01:35:47shows up somewhere
- 01:35:51and tags so a tag is a name and a value
- 01:35:55pair
- 01:35:55used to logically organize azure
- 01:35:58resources
- 01:35:58resource groups or subscriptions into a
- 01:36:02logical taxonomy an ordered structure
- 01:36:05that is to say
- 01:36:10so tags are often the basis for applying
- 01:36:12business policies
- 01:36:13or tracking costs for example i might
- 01:36:16have a tag that contains the cost center
- 01:36:19i might have a tag that contains the
- 01:36:21owner of a resource so so i can use it
- 01:36:23for
- 01:36:24for tracking costs or or i may use tags
- 01:36:27in the application of policy enforcing
- 01:36:29my standards
- 01:36:31on an environment and and we can even
- 01:36:35enforce tagging rules within
- 01:36:37our azure policy so we can make sure
- 01:36:38that when resources are deployed the
- 01:36:40appropriate to the required tags that we
- 01:36:43would like applied are in fact applied
- 01:36:47so we don't let resources go into our
- 01:36:48environment without tags which could be
- 01:36:50important in making sure we can always
- 01:36:52track costs
- 01:36:53we can always apply business policies we
- 01:36:55always have an owner of a resource
- 01:36:57should there be a need to contact the
- 01:36:59owner
- 01:37:02you may see questions around the cloud
- 01:37:04adoption framework and you just
- 01:37:06need to understand what the cloud
- 01:37:07adoption framework is for really you're
- 01:37:09not expected to know this at any level
- 01:37:11of technical depth so the cloud adoption
- 01:37:13framework is guidance from microsoft
- 01:37:15designed to help you
- 01:37:16create and implement the the business
- 01:37:19and technology
- 01:37:20strategies uh you want to succeed
- 01:37:24in your azure deployments and i'm
- 01:37:25actually just going to switch over to a
- 01:37:27browser here so the cloud adoption
- 01:37:28framework
- 01:37:30for azure is laid out in the form of
- 01:37:32documentation and tools and if i scroll
- 01:37:35down here
- 01:37:36they they've defined a cloud adoption
- 01:37:39journey
- 01:37:40that starts with strategy we we plan
- 01:37:43uh prepare our environment go through
- 01:37:46the
- 01:37:47migration process there's governance
- 01:37:50section and then
- 01:37:51some guidance around ongoing management
- 01:37:54so so
- 01:37:55it pays before the exam to just read
- 01:37:57through this get a feel
- 01:37:58for the resources available in
- 01:38:01microsoft's cloud adoption framework
- 01:38:04and in the final section of objective
- 01:38:06domain 5 we'll talk about privacy and
- 01:38:08compliance resources so a decidedly less
- 01:38:11technical subject so we'll talk about
- 01:38:14the core tenants of security privacy
- 01:38:16and compliance uh we'll talk through
- 01:38:19briefly the the microsoft privacy
- 01:38:21statement online service terms
- 01:38:24and the data protection amendment
- 01:38:25there's actually a mistake
- 01:38:27in the az 900 skills measured here so
- 01:38:30i'll talk to you about that
- 01:38:32as well we'll talk about the purpose of
- 01:38:34the trust center we'll take a look at
- 01:38:36where you find the azure compliance
- 01:38:37documentation
- 01:38:39and then talk briefly about azure
- 01:38:42sovereign
- 01:38:42region specifically talking about uh
- 01:38:45government and
- 01:38:46and china and we'll throw germany in
- 01:38:49there for good measure
- 01:38:51so let's start with the the tenets of
- 01:38:54security
- 01:38:55privacy and compliance so security is
- 01:38:58about protecting data that's entrusted
- 01:39:01to microsoft using strong encryption and
- 01:39:04access control so this is really about
- 01:39:06how microsoft
- 01:39:08protects our data the data that we
- 01:39:11entrust
- 01:39:12to the the microsoft and their platforms
- 01:39:15and privacy is about
- 01:39:17uh microsoft making meaningful choices
- 01:39:20about how they collect data and why
- 01:39:23that data is being collected and used
- 01:39:26and
- 01:39:27of course informing customers
- 01:39:31that that data is in fact being
- 01:39:33collected
- 01:39:35you know one of the the most admirable
- 01:39:38admirable things about microsoft is how
- 01:39:43transparent they are about our
- 01:39:47privacy versus many big tech companies
- 01:39:50out there today but they're
- 01:39:51microsoft always does their best to tell
- 01:39:53us how they're collecting that data
- 01:39:55why that data is being collected and
- 01:39:58used so we're never in the dark
- 01:40:00about that we're never the product so to
- 01:40:02speak
- 01:40:03and then compliance with regulations is
- 01:40:06critical
- 01:40:06and microsoft aims to ease this task
- 01:40:10for azure customers which in part means
- 01:40:13giving us the ability to see which
- 01:40:16regulatory
- 01:40:17compliance standards out there for which
- 01:40:19azure has been
- 01:40:21certified
- 01:40:24so part of our compliance with
- 01:40:27regulatory standards as a customer would
- 01:40:29be ensuring that our services are
- 01:40:31running
- 01:40:32in an environment that is in fact
- 01:40:34compliant
- 01:40:35with those same standards or at least
- 01:40:37has the controls to allow us to
- 01:40:39configure
- 01:40:40our services in such a way that they are
- 01:40:42compliant
- 01:40:44and the azure compliance documentation
- 01:40:47has been grouped together to make it
- 01:40:49easy to find microsoft groups
- 01:40:50that compliance documentation
- 01:40:53geographically
- 01:40:54and and by industry as well
- 01:41:00and you'll also find template audit
- 01:41:02documents that you can tailor
- 01:41:04to to your needs or to your customers
- 01:41:06needs if if you're a partner
- 01:41:08so let me just switch over to the azure
- 01:41:10portal quickly here
- 01:41:12so if we look at the azure compliance
- 01:41:15documentation area here you'll see that
- 01:41:17the
- 01:41:18compliance offerings are are sorted uh
- 01:41:21based on industry as i mentioned right
- 01:41:24and then you'll also see some regions so
- 01:41:26there are some some standards that are
- 01:41:28global of course but if i scroll down
- 01:41:30here i see
- 01:41:32geographies and industry right so
- 01:41:34there's america's apac
- 01:41:36emea so pretty well documented it's
- 01:41:39searchable here so
- 01:41:41so all of the compliance documentation
- 01:41:43you need to ensure your organization
- 01:41:45complies a legal or regulatory standard
- 01:41:47that's right here so just
- 01:41:49know that's available for the exam and
- 01:41:51how it's it's organized
- 01:41:55all right and let's talk about the
- 01:41:59microsoft privacy statement which
- 01:42:01explains
- 01:42:02what data microsoft processes how
- 01:42:05microsoft processes that data and for
- 01:42:07what purpose
- 01:42:08the data is utilized so the what and the
- 01:42:12how and then really what purpose
- 01:42:14tells us why they are processing that
- 01:42:18data
- 01:42:19online service terms this contains all
- 01:42:22the terms and conditions for software
- 01:42:24and online services through microsoft
- 01:42:26commercial
- 01:42:27licensing programs and this is an area
- 01:42:30where there's a small
- 01:42:32error in the az 900 skills measure
- 01:42:35because the online
- 01:42:36service terms has been re-named
- 01:42:40consolidated within another document
- 01:42:42called the
- 01:42:43product terms site and and the online
- 01:42:45service terms or ost
- 01:42:48has been archived so uh ost
- 01:42:51and is now contained within product
- 01:42:54terms so
- 01:42:55so i'm not sure which you'll see on the
- 01:42:56exam i just wanted to point that out
- 01:42:58that there's been a change that hasn't
- 01:42:59made its way into the exam
- 01:43:02as of february uh 2021 or at least
- 01:43:06hasn't made its way into the exam skills
- 01:43:08measured area
- 01:43:10let's put it that way but it focuses on
- 01:43:12commercial licensing just
- 01:43:14park that in the back of your head
- 01:43:17you'll also want to know the purpose of
- 01:43:19the
- 01:43:20data protection amendment or dpa as it's
- 01:43:24called out in
- 01:43:25the skills measured so this further
- 01:43:27defines data processing and security
- 01:43:29terms for online services
- 01:43:31uh gives us information around
- 01:43:34compliance
- 01:43:35disclosure security data transfer
- 01:43:38and data retention this is another
- 01:43:42minor typographical error in the skills
- 01:43:46measured for az900 the data protection
- 01:43:48amendment is actually the data
- 01:43:50protection addendum
- 01:43:52so the dpa is data protection addendum
- 01:43:55don't overthink it i just wanted to
- 01:43:56point that out in case
- 01:43:58it shows up in a form different than
- 01:44:01what you see in the skills measured as
- 01:44:03of february
- 01:44:042021 just worth worth having that
- 01:44:07information in hand
- 01:44:09and the trust center this is where you
- 01:44:12can learn about the four
- 01:44:14foundational principles of trust with
- 01:44:16microsoft security
- 01:44:18privacy compliance and transparency so
- 01:44:22the the four principles of trust will be
- 01:44:24the the key to remember
- 01:44:26uh as you go into the exam
- 01:44:29in fact if you just uh in a browser go
- 01:44:31to the the trust center at microsoft
- 01:44:34you can see those four principles called
- 01:44:37out
- 01:44:38uh in their their statement right here
- 01:44:40on the uh the trust center
- 01:44:42home page
- 01:44:46and in fact uh you can get to that trust
- 01:44:49center quite easily it's just
- 01:44:51microsoft.com ford slash
- 01:44:53trust all right
- 01:44:56azure sovereign region so these are
- 01:44:58special
- 01:45:00regions that you might need to consider
- 01:45:03for legal or compliance
- 01:45:04purposes so specifically i'm talking
- 01:45:07about azure government as your uh
- 01:45:09china and germany so so these
- 01:45:12regions have a couple of things in
- 01:45:14common number one they're operated by
- 01:45:17special trustees
- 01:45:20so in the case of uh government
- 01:45:22government that's u.s
- 01:45:23government it's operated by screened
- 01:45:26persons
- 01:45:27uh the china cloud
- 01:45:31in azure is operated by a china-based
- 01:45:35trustee it's a partnership between
- 01:45:38microsoft
- 01:45:39and a company called 21vnet
- 01:45:43and similarly germany has a a trustee
- 01:45:46model
- 01:45:47uh in that situation as well and then uh
- 01:45:50there's physical and logical
- 01:45:51isolation in particular with uh with the
- 01:45:54us
- 01:45:55government cloud it's described
- 01:45:58as a physical and logical network
- 01:46:00isolated instance
- 01:46:04all right we're ready for the big finish
- 01:46:06here so objective domain
- 01:46:08six is described as your cost management
- 01:46:10and service
- 01:46:11level agreement you're almost there
- 01:46:15so in objective domain six we have
- 01:46:18described the methods for planning and
- 01:46:20managing costs
- 01:46:21describe azure service level agreements
- 01:46:24and service life cycles
- 01:46:26so just these two parts let's start with
- 01:46:28part one here we'll talk about
- 01:46:30uh what can affect costs how we can
- 01:46:33reduce costs and then we'll touch on the
- 01:46:35functionality of the pricing calculator
- 01:46:38and the total cost of ownership
- 01:46:40calculator
- 01:46:42and functionality and usage of azure
- 01:46:45cost
- 01:46:46management so cost impact so
- 01:46:49so factors that can affect azure
- 01:46:51resource cost
- 01:46:52include the types of resources we're
- 01:46:54deploying
- 01:46:55are we deploying vms are we deploying
- 01:46:58cosmos db
- 01:47:01the location we're deploying so the the
- 01:47:03cost of resources will vary slightly by
- 01:47:06location and maybe considerably when you
- 01:47:09switch between
- 01:47:11different geographies and ingress and
- 01:47:14egress traffic so so
- 01:47:16ingress traffic is typically free
- 01:47:19in in the azure realm although you don't
- 01:47:21want to count on that always you want to
- 01:47:22look at the the billing model for a
- 01:47:24service
- 01:47:25egress traffic often costs money and
- 01:47:28that's that can be a little bit
- 01:47:30unpredictable so it's an area that you
- 01:47:32want to be very uh
- 01:47:34cognizant uh very aware of as you deploy
- 01:47:37services if you're going to have a large
- 01:47:39amount of egress traffic traffic
- 01:47:41leaving your azure subscription you can
- 01:47:43potentially rack up a lot of a lot of
- 01:47:45cost there that won't be entirely
- 01:47:47transparent to you ahead of time there
- 01:47:50are a few different ways we can reduce
- 01:47:51our cost in azure so
- 01:47:53factors here include reserved instances
- 01:47:57reserved capacity the hybrid use benefit
- 01:48:00and spot pricing so let me break each of
- 01:48:02these down for you so you're familiar
- 01:48:04with how they work and where they apply
- 01:48:07so reserved
- 01:48:08instances allow us to reserve virtual
- 01:48:11machines in advance and save up to 72
- 01:48:13percent compared to pay-as-you-go
- 01:48:15pricing
- 01:48:16by selecting a one year or three year
- 01:48:18commitment the longer
- 01:48:20uh commitment will result in greater
- 01:48:23savings but it's virtual machine
- 01:48:25specific and
- 01:48:26there is a scheme whereby if you you
- 01:48:29can't
- 01:48:30live up to your if you can't uh you see
- 01:48:32out your one year or three year
- 01:48:33commitments you can get some sort of
- 01:48:35prorated refund there it's not a total
- 01:48:37loss if you can't make it to the one or
- 01:48:39three year
- 01:48:39mark so reserved capacity
- 01:48:43uh brings significant savings around
- 01:48:46azure sql database cosmos db synapse
- 01:48:50analytics and azure cash
- 01:48:53for redis and this discount again
- 01:48:56is product specific
- 01:49:00so in these first cases we're talking
- 01:49:02about how how planning
- 01:49:04and reservation can help us save cost
- 01:49:09reserved capacity allows us to more
- 01:49:12easily
- 01:49:14manage costs across both predictable and
- 01:49:18variable workloads basically allowing us
- 01:49:20to optimize our budgeting and our format
- 01:49:22our forecasting but it also includes one
- 01:49:25year and three-year
- 01:49:26options just as we saw with reserved
- 01:49:29instances it's just
- 01:49:31reserved capacity applies to a different
- 01:49:34type of workload right
- 01:49:37okay the hybrid use benefit is a
- 01:49:39licensing benefit this
- 01:49:40allows us to reduce the cost of running
- 01:49:42our workloads in the cloud
- 01:49:47by leveraging some existing licensing so
- 01:49:50essentially it lets
- 01:49:51us use our on-premises software
- 01:49:54assurance-enabled windows server and sql
- 01:49:56server
- 01:49:57licenses running on azure so
- 01:50:00when you couple reserved instances
- 01:50:02together with hybrid use benefits you
- 01:50:04can save up to
- 01:50:0580 percent on your virtual machine
- 01:50:09workload so that's a really a
- 01:50:11significant number
- 01:50:13but it's windows server sql server red
- 01:50:15hat and suse linux
- 01:50:16where where the hybrid use benefit
- 01:50:19applies
- 01:50:20and then there is spot pricing so with
- 01:50:22spot pricing you
- 01:50:24can access unused azure compute capacity
- 01:50:27at very deep discounts
- 01:50:29up to 90 percent in fact
- 01:50:32compared to the the pay as you go
- 01:50:33pricing
- 01:50:36and this applies to azure vms only the
- 01:50:38thing to remember with spot pricing is
- 01:50:40you're using unused capacity and when
- 01:50:42you set up a vm
- 01:50:44on spot pricing you have to define the
- 01:50:47circumstances under which
- 01:50:49your virtual machine workload can be
- 01:50:51evicted
- 01:50:52when microsoft needs to use that
- 01:50:55unused capacity so so when you have
- 01:50:58workloads that aren't mission critical
- 01:50:59where you have some flexibility
- 01:51:02in when it runs and if it's killed
- 01:51:04occasionally
- 01:51:06spot pricing allows you to save a lot of
- 01:51:08money you're just not going to have
- 01:51:10quite the predictability you have with a
- 01:51:12typical production
- 01:51:13workload so fairly new feature in the
- 01:51:16life of azure
- 01:51:18so we then have the pricing calculator
- 01:51:20this is an interactive calculator that
- 01:51:22allows you to estimate azure
- 01:51:24resource costs um you can choose a
- 01:51:28region
- 01:51:28instance tiers you can you can turn the
- 01:51:31knobs to configure the size and
- 01:51:34the settings for your workload to match
- 01:51:36your functionality and budgetary needs
- 01:51:38so you can
- 01:51:39can put a configuration in place and and
- 01:51:42check the pricing and tweak it until you
- 01:51:44get the pricing the the run rate the
- 01:51:46pricing calculator is going to show you
- 01:51:47what it will cost
- 01:51:49uh what the estimate is for running that
- 01:51:51workload
- 01:51:52on a monthly and annual
- 01:51:56basis but this the key is this is going
- 01:51:58to give you pricing
- 01:51:59before you deploy
- 01:52:04and in fact let's just switch over to
- 01:52:06the portal and we'll have a look
- 01:52:11and the same would hold true of the
- 01:52:12total cost of ownership calculator these
- 01:52:15are before you deploy type tools so
- 01:52:17let's just switch over to the azure
- 01:52:18portal
- 01:52:19so the pricing calculator is right here
- 01:52:21so i can pick
- 01:52:22the type of workload that i want to work
- 01:52:24with
- 01:52:25and so if i just click virtual machines
- 01:52:28for example it's going to pull up a
- 01:52:30calculator
- 01:52:31and allow me to configure the settings
- 01:52:34and see my monthly cost it's it's pretty
- 01:52:37straightforward i can i can save my work
- 01:52:39here
- 01:52:40i can do this for a variety of workloads
- 01:52:43to uh to help better estimate my cost
- 01:52:46before i deploy
- 01:52:47now the total cost of ownership
- 01:52:49calculator is a little bit different so
- 01:52:51it's less like a calculator so so when i
- 01:52:53look at the pricing calculator it's very
- 01:52:55much a calculator i'm picking
- 01:52:57the region uh an operating system for my
- 01:53:01vm scenario the tier
- 01:53:04um the the os type the size of the
- 01:53:07instance right and i can see here the
- 01:53:09the settings the virtual machine and
- 01:53:11then configure the
- 01:53:13the hours you know typically we're
- 01:53:14configuring the hours by the month and
- 01:53:16then
- 01:53:17you see here i can pick my reserved
- 01:53:20instance if i like
- 01:53:21i can set the hybrid benefit so i can
- 01:53:23work in all of those money saving
- 01:53:25opportunities in this
- 01:53:27pricing calculator to to get down to a
- 01:53:30fairly
- 01:53:31realistic estimate of what i'm going to
- 01:53:33be paying
- 01:53:34the total cost of ownership calculator
- 01:53:36is a little bit
- 01:53:38different you see this is really helping
- 01:53:40us estimate the cost savings we can
- 01:53:42realize by
- 01:53:42migrating workloads to azure so this is
- 01:53:45a bit more of a survey where we can add
- 01:53:48server workloads databases and storage
- 01:53:50and networking
- 01:53:51to get to an estimate
- 01:53:54of of what we can save our total cost of
- 01:53:58ownership
- 01:53:58running in the cloud so so
- 01:54:02i would suggest before the exam just lay
- 01:54:04your hands on the tco calculator and the
- 01:54:06pricing calculator as well
- 01:54:08bearing in mind that both these
- 01:54:10calculators are before you deploy type
- 01:54:12resources right
- 01:54:13as opposed to azure cost management
- 01:54:17which is a suite of tools provided by
- 01:54:19microsoft that help you analyze manage
- 01:54:21and optimize the costs
- 01:54:23of your workloads so this is more of an
- 01:54:27after you deploy type tool
- 01:54:30so complementary to
- 01:54:33the the calculators in that respect
- 01:54:36so we have guidance before we deploy and
- 01:54:39then
- 01:54:40guidance to help us optimize and
- 01:54:43save after we deploy but make sure
- 01:54:46you're familiar with that fact
- 01:54:48uh for the exam so uh the next section
- 01:54:51of
- 01:54:52objective domain six is describe azure
- 01:54:54slas and service life cycles we're in
- 01:54:56the home stretch here this is the big
- 01:54:59finish so we're going to to talk about
- 01:55:02azure service level agreements actions
- 01:55:05that can impact
- 01:55:06an sla
- 01:55:11we'll talk about the service life cycle
- 01:55:14in azure
- 01:55:15so the purpose of an azure sla it's
- 01:55:19essentially to provide a clear
- 01:55:20explanation of availability and
- 01:55:22sometimes
- 01:55:22performance of an azure service um
- 01:55:27actions that can affect an sla well
- 01:55:30failing to deploy a service
- 01:55:32in a manner that meets sla requirements
- 01:55:34for example
- 01:55:37and really any azure service that you're
- 01:55:39deploying will have
- 01:55:41some specifications around that sla so
- 01:55:45for example the
- 01:55:46sla is not going to you're not going to
- 01:55:48get a 99.9
- 01:55:50uptime sla on an azure vm you deploy
- 01:55:53with spot pricing because that could be
- 01:55:55ejected at any time right
- 01:55:59so you want to make sure that when
- 01:56:00you're
- 01:56:02performing your your cost estimates
- 01:56:04before deployment
- 01:56:05that you're also looking at your
- 01:56:07availability needs and making sure that
- 01:56:09as you're
- 01:56:09working through the numbers to save
- 01:56:11money that you're also bearing in mind
- 01:56:13what your
- 01:56:14availability requirements are for your
- 01:56:16service so you find the right balance
- 01:56:18of cost and availability
- 01:56:21and in terms of the service life cycle
- 01:56:23there are three
- 01:56:25sort of service definitions you want to
- 01:56:26be aware of so there's private
- 01:56:28preview so this is a service that's open
- 01:56:32only to to companies or users that are
- 01:56:34invited or who have applied and have
- 01:56:36been accepted to
- 01:56:37preview a service so this allows you to
- 01:56:40use
- 01:56:41a service in advance of its full
- 01:56:44release so it's really for evaluation
- 01:56:46only you don't run
- 01:56:48private preview services in production
- 01:56:51period full stop there's public preview
- 01:56:54so this
- 01:56:55is open to the public but the preview
- 01:56:58limitations apply which means we're not
- 01:57:00running in
- 01:57:02production and then when a service is
- 01:57:05fully released approved for
- 01:57:08production use it's considered
- 01:57:11generally available and microsoft will
- 01:57:13make an announcement of
- 01:57:15general availability and to wrap things
- 01:57:18up i have a surprise for you
- 01:57:20i'm going to give you free access to
- 01:57:23some practice questions for the az 900
- 01:57:26exam so
- 01:57:26really just to help you assess your
- 01:57:30readiness for the exam one of these
- 01:57:32is a 50 question practice test you don't
- 01:57:35even have to
- 01:57:36to log in to try you can just go to a
- 01:57:38webpage kick it off
- 01:57:39answer the questions get the answer
- 01:57:41explanations and see
- 01:57:43where you land and i also have a set of
- 01:57:46three
- 01:57:47practice exams available with a training
- 01:57:49partner i have links to both
- 01:57:51of these resources in the description
- 01:57:54below this video
- 01:57:55use them with my compliments and
- 01:57:58incidentally when you go to that
- 01:57:59training provider you can sign up for a
- 01:58:01free trial of a few days
- 01:58:03and access those questions without
- 01:58:06any cost and that is it
- 01:58:09for our az900
- 01:58:12exam cram i hope you've enjoyed the
- 01:58:14course best of luck on the exam
- 01:58:17and until next time be well stay safe
- 01:58:21and take care
- AZ900
- Azure
- cloud computing
- sécurité
- gestion des coûts
- services Azure
- certification
- examens Microsoft
- haute disponibilité
- modèles de responsabilité partagée