(2024 UPDATE LINK IN DESCRIPTION) - AZ-900 Azure Fundamentals Certification Exam Cram -

01:58:23
https://www.youtube.com/watch?v=gH3pwWO0Q9Y

Summary

TLDRLa vidéo guide les téléspectateurs à travers une préparation au test des Fondamentaux d'Azure (AZ900), en abordant des concepts essentiels comme les modèles de cloud, les services Azure, et la gestion des coûts. Elle discute de la sécurité, des niveaux de service, et des différents outils à utiliser pour réussir l’examen. Le cours examine également les services d'identité d'Azure tels que l'Active Directory, les modèles de dépenses (comme les réservations de capacité et le pricing spot), et explique l'utilisation d'outils comme le calculateur de prix Azure. Le formateur insiste sur l'importance de comprendre les concepts et les niveaux techniques tout en décrivant les procédures de mise à disposition et les niveaux de vie des services Azure.

Takeaways

  • ☁️ Azure Fundamentals est conçu pour nouveaux aux concepts cloud.
  • 🔑 Comprendre les concepts cloud comme IaaS, PaaS, et SaaS est essentiel.
  • 🔍 Le modèle de responsabilité partagée est fondamental à connaître.
  • 🔐 Azure sécurité inclut la sécurité multicouche et les options avancées de conformité.
  • 💡 Optimiser les coûts implique de comprendre les options comme les réservations d’instances.
  • 📊 Azure Advisor aide à gérer et optimiser les ressources existantes.
  • 📅 Il est vital de comprendre les cycles de vie des services Azure: prévisualisation et disponibilité générale.
  • 🛠️ Utiliser les outils comme le Portail Azure et CLI pour gérer les ressources.
  • 💼 La gestion et le respect des politiques sont essentiels à une utilisation efficace d'Azure.
  • 🎓 Le cours propose un survol rapide mais approfondi des concepts pour réussir l'examen.

Timeline

  • 00:00:00 - 00:05:00

    Le cours commence en expliquant que l'examen Azure Fundamentals (AZ900) peut être intimidant pour ceux qui débutent, et l'instructeur s'engage à optimiser le temps de préparation en couvrant les éléments des domaines objectifs de l'examen.

  • 00:05:00 - 00:10:00

    L'examen AZ900 est divisé en six domaines : concepts de cloud, services Azure de base, solutions et outils de gestion de base, sécurité, identité, gouvernance, confidentialité et conformité, et enfin la gestion des coûts et les accords de niveau de service.

  • 00:10:00 - 00:15:00

    L'instructeur rappelle que l'examen se concentre sur la compréhension et la description des modèles de cloud tels que IaaS, PaaS et SaaS, ainsi que sur les modèles de cloud privé, hybride et public.

  • 00:15:00 - 00:20:00

    Les modèles de cloud ainsi que le modèle de responsabilité partagée sont expliqués, soulignant comment les responsabilités sont partagées entre Microsoft et l'utilisateur en fonction du service utilisé.

  • 00:20:00 - 00:25:00

    Il est précisé que l'économie de coût et la souplesse opérationnelle sont des avantages majeurs du cloud public et hybride, permettant d'optimiser la gestion entre legacy et modernité.

  • 00:25:00 - 00:30:00

    Les services comme Azure Virtual Machines (IaaS), Azure App Services (PaaS), et les services SaaS comme Office 365 sont détaillés avec l'importance de la configuration et de l'orchestration.

  • 00:30:00 - 00:35:00

    La capacité d'évolution, l'élasticité, l'agilité, et les économies d'échelle sont discutées comme des caractéristiques fondamentales du cloud computing, notamment en termes de gestion des coûts.

  • 00:35:00 - 00:40:00

    Des éléments clés tels que la tolérance aux pannes, la haute disponibilité, et la récupération après sinistre sont définis, expliquant comment Azure offre des solutions pour assurer la continuité des services.

  • 00:40:00 - 00:45:00

    Les concepts d'Azure comme les régions géographiques, les paires de régions, et les zones de disponibilité sont introduits expliquant leur importance dans la gestion des ressources.

  • 00:45:00 - 00:50:00

    La structure des groupes de gestion d'Azure est clarifiée, expliquant comment elle permet d'organiser les abonnements, les groupes de ressources et les ressources elles-mêmes.

  • 00:50:00 - 00:55:00

    Les composants du réseau Azure tels que les Virtual Networks et l'importance de VPN Gateway, et l'Express Route pour les connexions de réseau sécurisé sont présentés.

  • 00:55:00 - 01:00:00

    Les divers types de stockage dans Azure - Blob, File, Disk, et les niveaux d'accès aux données (chaud, frais et archive) sont expliqués en termes d'utilisation et de coût.

  • 01:00:00 - 01:05:00

    Les services de base de données Azure, notamment Cosmos DB pour NoSQL, SQL Azure pour SQL Server, et d’autres services de base de données sont décrits pour mieux comprendre leur application.

  • 01:05:00 - 01:10:00

    Les outils de gestion et d'optimisation disponibles comme l'Azure Pricing Calculator et le TCO Calculator sont introduits pour aider à la planification et à la gestion des coûts.

  • 01:10:00 - 01:15:00

    L'approche de DevOps avec Azure DevOps et Github est abordée pour expliquer comment l'intégration CI/CD favorise le développement agile en continu.

  • 01:15:00 - 01:20:00

    Les solutions IoT d'Azure, telles que l'IoT Hub, sont présentées en expliquant leur fonctionnalité de communication bidirectionnelle pour la gestion des appareils IoT.

  • 01:20:00 - 01:25:00

    Les fonctionnalités de sécurité d'Azure, notamment Azure Security Center et Azure Sentinel, sont soulignées pour expliquer comment gérer et surveiller la sécurité des ressources.

  • 01:25:00 - 01:30:00

    Les concepts clés liés à la gouvernance comme les rôles et les accès sont introduits pour démontrer comment la politique Azure et les blueprints renforcent la conformité structurelle.

  • 01:30:00 - 01:35:00

    Les fonctionnalités d'identité et de sécurisation des accès Azure Active Directory sont explicitées, notamment l'authentification conditionnelle et le MFA pour sécuriser l'accès aux ressources.

  • 01:35:00 - 01:40:00

    Les engagements de Microsoft en matière de conformité sont discutés, en soulignant la transparence des pratiques de sécurité des données et l'importance des certifications de conformité Azure.

  • 01:40:00 - 01:45:00

    Les modèles de tarification et de gestion des coûts d'Azure sont décrits, y compris les modèles de tarification réservée et les bénéfices de l'utilisation hybride pour maximiser les économies.

  • 01:45:00 - 01:58:23

    Finalement, les accords de niveau de service et le cycle de vie des services Azure sont abordés pour expliquer comment assurer la disponibilité et comprendre les termes de service Azure.

Show more

Mind Map

Mind Map

Frequently Asked Question

  • Qu'est-ce qu'Azure ?

    Azure est une plateforme de cloud computing proposant divers services comme le calcul, le stockage, et les réseaux.

  • Que teste l'examen AZ900 ?

    C'est un examen qui certifie les connaissances générales sur les services cloud et les concepts Azure.

  • Quels facteurs influencent les coûts d'Azure ?

    Cela peut être influencé par le type de service choisi, l'usage, et la région géographique.

  • Quelles fonctions principales fournit Azure Advisor ?

    Elle propose des recommandations pour optimiser la sécurité, la performance, et les coûts des ressources Azure.

  • Comment Azure gère-t-il la haute disponibilité ?

    Ce sont des modèles qui assurent une haute disponibilité et tolèrent les pannes en utilisant des paires de régions et zones de disponibilité.

  • Qu'est-ce qu'Azure IoT Hub ?

    C'est une plateforme gérée permettant des communications bidirectionnelles entre appareils IoT et applications.

  • À quoi sert la protection DDoS en Azure ?

    Elle protège les ressources réseau Azure des attaques DDoS en fournissant des capacités de mitigation avancées.

  • Comment Azure assure-t-il la sécurité et la conformité ?

    La sécurité d’Azure est assurée par des niveaux de sécurité multicouches et les certifications de conformité.

  • Que permet de faire le portail Azure ?

    Il fournit une interface graphique pour gérer les ressources Azure et suivre l'utilisation des services.

  • Quels sont les services d'identité principaux d'Azure AD ?

    Cela inclut l'authentification unique, l'accès conditionnel et l'authentification multi-facteurs.

View more video summaries

Get instant access to free YouTube video summaries powered by AI!
Subtitles
en
Auto Scroll:
  • 00:00:01
    if the azure fundamentals exam is your
  • 00:00:02
    first azure certification it can be a
  • 00:00:04
    bit intimidating and difficult to dial
  • 00:00:07
    in your focus as you prepare
  • 00:00:09
    so if you want to get ready for az900
  • 00:00:11
    without wasting time
  • 00:00:12
    and money this is the place and in this
  • 00:00:15
    exam cram course i'm going to optimize
  • 00:00:17
    your prep time by touching on each item
  • 00:00:19
    in the skills measured document
  • 00:00:20
    and by sharing unique characteristics of
  • 00:00:23
    the azure concepts and services
  • 00:00:25
    that will help you more effectively pick
  • 00:00:27
    the right answer on exam day
  • 00:00:29
    if you stick around to the end of the
  • 00:00:30
    session i have another surprise
  • 00:00:32
    to help you prepare
  • 00:00:34
    [Music]
  • 00:00:41
    the azure fundamentals exam is comprised
  • 00:00:43
    of six
  • 00:00:44
    areas of knowledge called objective
  • 00:00:46
    domains all of which we'll cover in this
  • 00:00:47
    course
  • 00:00:48
    so let's take just a few seconds to
  • 00:00:50
    touch on those and then we'll get right
  • 00:00:52
    into module one
  • 00:00:53
    domain one is cloud concepts which will
  • 00:00:56
    test your understanding
  • 00:00:58
    of a number of cloud terms and your
  • 00:01:01
    understanding of cloud computing models
  • 00:01:03
    followed by core azure services this is
  • 00:01:06
    really going to focus on some
  • 00:01:07
    foundational components of the azure
  • 00:01:09
    platform
  • 00:01:10
    followed by core solutions and
  • 00:01:12
    management tools which will drill down
  • 00:01:13
    into the services
  • 00:01:15
    and tools within azure followed by
  • 00:01:17
    security and module 4
  • 00:01:19
    talking about general security and
  • 00:01:23
    network security features module 5 is
  • 00:01:26
    going to drill down on identity and
  • 00:01:27
    governance which are more technical
  • 00:01:29
    topics as well as privacy and compliance
  • 00:01:31
    which
  • 00:01:32
    in this case will be less technical and
  • 00:01:35
    the final domain is cost management and
  • 00:01:39
    service level agreements and since this
  • 00:01:40
    is a fundamentals
  • 00:01:42
    exam you want to make sure you're
  • 00:01:44
    focused on the right technical level so
  • 00:01:46
    you'll notice
  • 00:01:47
    that the verb in each of these domains
  • 00:01:51
    is the word describe so when we see
  • 00:01:55
    described there that tells us that we
  • 00:01:56
    need to be able to
  • 00:01:58
    to explain concepts and services and
  • 00:02:00
    identify the use cases where they apply
  • 00:02:05
    so i just want to cover off comparing
  • 00:02:07
    cloud
  • 00:02:08
    models and services with you and and
  • 00:02:11
    this is an area where i think you can
  • 00:02:12
    expect a fair bit of focus this is up in
  • 00:02:14
    in
  • 00:02:15
    objective domain one but let's uh let's
  • 00:02:18
    dig in here
  • 00:02:25
    so the services we're talking about here
  • 00:02:27
    are infrastructure platform and software
  • 00:02:29
    as a service so the
  • 00:02:31
    as a service offerings in the cloud and
  • 00:02:34
    then your cloud models
  • 00:02:35
    which are private hybrid and public now
  • 00:02:38
    all of these are going to
  • 00:02:40
    to be tied together in a discussion
  • 00:02:42
    around the shared
  • 00:02:43
    responsibility model which you're
  • 00:02:45
    expected to understand
  • 00:02:46
    so let's start by covering the shared
  • 00:02:49
    responsibility model and then we'll dig
  • 00:02:51
    into the cloud
  • 00:02:52
    models and services so when you're on
  • 00:02:55
    prem
  • 00:02:57
    you are the responsible party this is a
  • 00:02:59
    hundred percent yours you own the stack
  • 00:03:01
    you are the customer in blue the cloud
  • 00:03:04
    service provider is the csp that will
  • 00:03:07
    show up in gray now as we move into
  • 00:03:09
    cloud
  • 00:03:10
    with infrastructure as a service you see
  • 00:03:12
    the csp
  • 00:03:13
    microsoft in this case takes ownership
  • 00:03:16
    of some of the stacks so they're
  • 00:03:17
    providing you the underlying
  • 00:03:19
    networking storage server and
  • 00:03:21
    virtualization layers you're managing
  • 00:03:23
    your virtual machines they're patching
  • 00:03:25
    the applications you're running on them
  • 00:03:27
    when we move into platform as a service
  • 00:03:30
    as your web app for example or azure sql
  • 00:03:33
    you're managing
  • 00:03:34
    data and applications but microsoft is
  • 00:03:36
    providing
  • 00:03:38
    additional functions here so you're not
  • 00:03:39
    worried about operating systems or
  • 00:03:41
    runtime or a sql server instance
  • 00:03:44
    microsoft is managing a lot of that
  • 00:03:46
    middleware for you and then in the world
  • 00:03:49
    of software as a service you're
  • 00:03:50
    basically configuring
  • 00:03:51
    features you are a consumer of a service
  • 00:03:54
    that is owned lock stock and barrel by
  • 00:03:57
    microsoft and managed by them end to end
  • 00:04:03
    and what you notice here is that the csp
  • 00:04:04
    responsibility
  • 00:04:06
    is greater as we move to the right so
  • 00:04:08
    that's the
  • 00:04:09
    shared responsibility model so so in the
  • 00:04:11
    world of is just know that you're taking
  • 00:04:13
    care of a little bit more
  • 00:04:15
    than you would be in the world to pass
  • 00:04:17
    and then even less so in sas so you have
  • 00:04:19
    to think about that as an operational
  • 00:04:20
    consideration for sure
  • 00:04:22
    so let's break down the cloud model so
  • 00:04:25
    infrastructure as a service
  • 00:04:29
    microsoft provides you the the building
  • 00:04:31
    blocks network storage
  • 00:04:32
    compute virtualization they're
  • 00:04:35
    staffing the data center they're
  • 00:04:37
    managing the hardware
  • 00:04:38
    they're managing the people so really
  • 00:04:41
    you're using
  • 00:04:43
    the uh the stack that they give you
  • 00:04:45
    there
  • 00:04:48
    azure virtual machines is where this
  • 00:04:50
    factors if you if you come from the
  • 00:04:51
    world of amazon ec2
  • 00:04:53
    from google gcp compute engine if you
  • 00:04:57
    if you're coming to us to azure from one
  • 00:04:59
    of those other platforms
  • 00:05:01
    that's what you'd be dealing with so
  • 00:05:03
    let's talk about platform
  • 00:05:04
    as a service so in the the paths option
  • 00:05:07
    here
  • 00:05:09
    responsible for deployment and
  • 00:05:11
    management of your app so that's you
  • 00:05:13
    know in a web app scenario or an azure
  • 00:05:15
    azure um sql scenario you're dealing
  • 00:05:18
    with code and data
  • 00:05:20
    and microsoft is dealing with the
  • 00:05:23
    underlying
  • 00:05:24
    configuration hardware operating system
  • 00:05:27
    and
  • 00:05:28
    to a fair degree the provisioning
  • 00:05:29
    details under the hood
  • 00:05:33
    so azure sql api management azure app
  • 00:05:36
    service all
  • 00:05:37
    great examples of platform as a service
  • 00:05:40
    in the microsoft stack
  • 00:05:42
    so let's talk about software as a
  • 00:05:44
    service now
  • 00:05:45
    so in the world of sas you're really
  • 00:05:48
    configuring
  • 00:05:49
    features microsoft is giving you a
  • 00:05:51
    service that they
  • 00:05:53
    manage they're responsible for
  • 00:05:54
    management operation and availability
  • 00:05:56
    of the stack a great example there is
  • 00:06:00
    office 365. so in the the world of
  • 00:06:03
    third-party sas you might be familiar
  • 00:06:04
    with service servicenow or salesforce
  • 00:06:06
    just to give you
  • 00:06:07
    a basis of comparison okay so let's talk
  • 00:06:11
    through
  • 00:06:11
    cloud computing in terms of benefits and
  • 00:06:14
    then we'll get into the uh
  • 00:06:15
    the private hybrid and public cloud
  • 00:06:17
    models here and i'm going to use some of
  • 00:06:19
    that
  • 00:06:20
    word association to help you lock some
  • 00:06:22
    terminology in your mind as we move
  • 00:06:24
    forward through
  • 00:06:26
    some concepts here in the next couple of
  • 00:06:27
    tips so benefit to cloud computing
  • 00:06:31
    it's global it's secure it's scalable
  • 00:06:33
    it's cost effective
  • 00:06:34
    it doesn't require substantial capital
  • 00:06:37
    expenditure outlays
  • 00:06:39
    uh it typically lowers the skills bar
  • 00:06:43
    for us at least when we're dealing with
  • 00:06:44
    with public cloud as an example
  • 00:06:48
    so let's dig into public cloud so with
  • 00:06:50
    public cloud we're running everything on
  • 00:06:51
    our provider's hardware
  • 00:06:53
    and we expect scale and agility or built
  • 00:06:57
    in our ability to react
  • 00:06:59
    is greater there's a reduced need for
  • 00:07:01
    maintenance our skills
  • 00:07:04
    within our it department can be lower
  • 00:07:06
    and we can we can still
  • 00:07:08
    move into the cloud we can leverage our
  • 00:07:12
    cloud service providers knowledge
  • 00:07:13
    microsoft's knowledge and experience in
  • 00:07:15
    this
  • 00:07:16
    case so with private cloud
  • 00:07:20
    it's really just a cloud environment in
  • 00:07:23
    your own data center
  • 00:07:24
    so in terms of advantages you know if
  • 00:07:26
    you need legacy support or you need
  • 00:07:28
    control or you have specific
  • 00:07:30
    regulatory compliance needs the private
  • 00:07:32
    cloud is under your control so you
  • 00:07:34
    can you can manage
  • 00:07:38
    all of these scenarios you can
  • 00:07:39
    accommodate all of these scenarios where
  • 00:07:41
    public cloud
  • 00:07:42
    is not going to be so straightforward in
  • 00:07:44
    that respect because a cloud
  • 00:07:45
    public cloud is always up to date and
  • 00:07:47
    will have
  • 00:07:49
    limited concern for legacy scenarios and
  • 00:07:52
    may not
  • 00:07:53
    address all of your compliance scenarios
  • 00:07:55
    if they are
  • 00:07:56
    less less common now do bear in mind
  • 00:08:01
    that you will be tested on
  • 00:08:04
    on some of those compliant elements and
  • 00:08:06
    microsoft
  • 00:08:08
    azure has more certifications than any
  • 00:08:12
    other
  • 00:08:12
    cloud provider out there so you'll find
  • 00:08:14
    that microsoft can accommodate a lot of
  • 00:08:16
    compliance but
  • 00:08:17
    maybe not all of them so in a hybrid
  • 00:08:20
    cloud scenario
  • 00:08:21
    this combines the public scenario and
  • 00:08:24
    the private cloud scenario allowing
  • 00:08:26
    you to run your apps in the location
  • 00:08:29
    that
  • 00:08:29
    best suits so the real advantage here is
  • 00:08:32
    flexibility
  • 00:08:33
    if i have the need for legacy support or
  • 00:08:36
    some odd compliance scenario
  • 00:08:39
    i can go to my private cloud if i'm
  • 00:08:42
    prioritizing on scalability and agility
  • 00:08:44
    i can
  • 00:08:45
    go the public option so hybrid just
  • 00:08:47
    gives me the advantage
  • 00:08:49
    of choosing where i want to go and of
  • 00:08:50
    course with microsoft we have great
  • 00:08:52
    capability to
  • 00:08:54
    connect our private and public clouds in
  • 00:08:56
    that hybrid scenario we can use
  • 00:08:59
    azure ad connect we can use a site to
  • 00:09:01
    cite vpn
  • 00:09:03
    we can establish what we call the
  • 00:09:05
    synchronized identity model which is the
  • 00:09:07
    most
  • 00:09:08
    common identity model out there
  • 00:09:11
    so the microsoft azure is a great
  • 00:09:14
    supporter
  • 00:09:15
    of of hybrid cloud is your frontline
  • 00:09:18
    support struggling with too many
  • 00:09:20
    microsoft cloud portals
  • 00:09:22
    now they can manage office 365 users and
  • 00:09:25
    devices directly from microsoft teams
  • 00:09:27
    using simon the ai-powered chatbot for
  • 00:09:31
    the microsoft cloud
  • 00:09:32
    a link with more info in the video
  • 00:09:35
    description
  • 00:09:42
    so cloud concepts so there are some some
  • 00:09:45
    concepts that you're expected to be
  • 00:09:47
    familiar with and i want to call them
  • 00:09:49
    out here
  • 00:09:50
    and and again associate some terms to to
  • 00:09:53
    some concepts to help you lock these
  • 00:09:55
    into your mind uh more quickly as you're
  • 00:09:58
    preparing
  • 00:09:59
    for az900 so scalability is one that
  • 00:10:02
    comes up and scalability
  • 00:10:04
    generally for refers to growth the
  • 00:10:06
    ability of a system to handle growth if
  • 00:10:09
    that's users or work
  • 00:10:13
    elasticity may come up so
  • 00:10:16
    when a system is elastic
  • 00:10:19
    it can grow and shrink based on our app
  • 00:10:22
    demand so on premises
  • 00:10:23
    we typically have to provision for our
  • 00:10:26
    spike right for our peak so when we
  • 00:10:28
    provision a sharepoint farm on prem
  • 00:10:30
    our servers on the front end are sized
  • 00:10:32
    for our peak
  • 00:10:34
    that sort of thing is not necessary in
  • 00:10:36
    the cloud by and large because the cloud
  • 00:10:38
    is elastic and services that we
  • 00:10:39
    provision can generally grow and shrink
  • 00:10:42
    based on app demand and that's
  • 00:10:44
    particularly true when we look
  • 00:10:46
    in the past space
  • 00:10:49
    agility so this is the ability to react
  • 00:10:53
    quickly to changes in demand so
  • 00:10:55
    provisioning additional capacity
  • 00:10:57
    quickly without manual intervention and
  • 00:11:00
    the cloud also enables
  • 00:11:01
    agility in terms of going to market so
  • 00:11:03
    as environment or market conditions
  • 00:11:06
    change the the cloud makes us more agile
  • 00:11:09
    generally speaking because we can
  • 00:11:10
    respond
  • 00:11:11
    to those changes more quickly you know
  • 00:11:13
    than if we had to order additional
  • 00:11:15
    server infrastructure go
  • 00:11:16
    go get the budget approval for that
  • 00:11:20
    spin up a big project for all that
  • 00:11:21
    deployment
  • 00:11:24
    economies of scale bottom line when
  • 00:11:27
    you're working with a cloud provider
  • 00:11:28
    like
  • 00:11:29
    microsoft they have lower per unit cost
  • 00:11:32
    than you could achieve
  • 00:11:34
    on your own because they are operating
  • 00:11:36
    at a larger scale at a global scale so
  • 00:11:38
    they are achieving what we call
  • 00:11:40
    an economy of scale
  • 00:11:44
    capital expenditure you're generally
  • 00:11:46
    going to hear this simply called capex
  • 00:11:48
    and this is
  • 00:11:48
    spending of money on physical
  • 00:11:51
    infrastructure up front so so when
  • 00:11:53
    you're buying servers that's an example
  • 00:11:54
    of capex
  • 00:11:56
    when you're buying infrastructure for
  • 00:11:57
    your private cloud
  • 00:12:00
    operational expenditure typically just
  • 00:12:02
    called opex
  • 00:12:04
    is spending money on services or
  • 00:12:06
    products
  • 00:12:07
    now and being billed as you go
  • 00:12:10
    so that's really where the cloud comes
  • 00:12:12
    in so the cloud means we're we're
  • 00:12:13
    trading capex
  • 00:12:15
    for opex typically it doesn't mean that
  • 00:12:17
    we're necessarily spending less money in
  • 00:12:19
    all cases it simply means that the
  • 00:12:21
    nature of our spending is different
  • 00:12:23
    we're trading capex robex when we move
  • 00:12:25
    to cloud
  • 00:12:28
    and a consumption based model that's
  • 00:12:30
    simply paying for what we use when we
  • 00:12:32
    pay for a virtual machine we're paying
  • 00:12:35
    for increments of time as we run that
  • 00:12:37
    virtual machine
  • 00:12:38
    when we work with azure functions with
  • 00:12:40
    logic apps
  • 00:12:41
    we may be paying by execution when we're
  • 00:12:44
    working with
  • 00:12:45
    different flavors of azure storage we
  • 00:12:47
    might be paying by gigabyte
  • 00:12:49
    and and you know paying a different
  • 00:12:51
    price depending on how long we retain
  • 00:12:53
    that data so pay for what you use
  • 00:12:57
    typically based on per unit of time or
  • 00:13:00
    capacity so
  • 00:13:01
    minutes gigabytes executions etc
  • 00:13:05
    including but not limited to those
  • 00:13:07
    models
  • 00:13:11
    so for tip number five i've broken some
  • 00:13:14
    concepts
  • 00:13:15
    out separately because they all fall
  • 00:13:17
    into that area of high availability and
  • 00:13:19
    disaster recovery so i want to help you
  • 00:13:22
    kind of sort these out in terms of their
  • 00:13:24
    scope so the first term
  • 00:13:26
    is fault tolerance so this is the
  • 00:13:28
    ability of a system to handle
  • 00:13:30
    faults like a power failure a network
  • 00:13:32
    failure a hardware failure typically
  • 00:13:34
    when you're dealing with fault tolerance
  • 00:13:35
    you're talking about component level
  • 00:13:37
    failures
  • 00:13:38
    so that's the scope we're typically
  • 00:13:40
    dealing with
  • 00:13:41
    when it comes to high availability
  • 00:13:43
    that's the ability of a system to keep
  • 00:13:45
    that's the ability to keep services up
  • 00:13:47
    and running for long periods of time so
  • 00:13:50
    when we're thinking about high
  • 00:13:51
    availability we're often talking about
  • 00:13:53
    service level failures
  • 00:13:55
    often we're talking about within a
  • 00:13:57
    single data center we're not talking
  • 00:13:59
    about site failure but but we could be
  • 00:14:01
    we're talking about
  • 00:14:02
    service level failures though when we
  • 00:14:04
    think about it in the cloud
  • 00:14:06
    context and then disaster recovery
  • 00:14:10
    is our ability to recover from an event
  • 00:14:12
    which is taken down a cloud service so
  • 00:14:15
    that could be any
  • 00:14:16
    number of things like a
  • 00:14:19
    data center failure which you know in
  • 00:14:21
    the case of azure would be exceedingly
  • 00:14:23
    rare
  • 00:14:24
    in the case of virtual machines we can
  • 00:14:26
    use azure site recovery
  • 00:14:27
    to replicate those vms and bring them up
  • 00:14:30
    quickly
  • 00:14:31
    in the event that we lose those vms for
  • 00:14:33
    any reason
  • 00:14:34
    and if we had a service fail in a
  • 00:14:36
    particular region say azure sql
  • 00:14:38
    failed in a particular region if we're
  • 00:14:40
    replicating that database we can bring
  • 00:14:41
    it up in another region so so disaster
  • 00:14:43
    recovery comes in many
  • 00:14:45
    many shapes and sizes and forms in the
  • 00:14:48
    cloud
  • 00:14:49
    but because the cloud is global we don't
  • 00:14:51
    have to worry about
  • 00:14:53
    spinning up multiple remote data centers
  • 00:14:56
    to make sure that our service is always
  • 00:14:57
    available
  • 00:14:59
    in the event we have a localized outage
  • 00:15:01
    at a data center for example
  • 00:15:04
    in a traditional sense in in
  • 00:15:08
    you know on-premises compute in private
  • 00:15:10
    cloud we always
  • 00:15:11
    would think of disaster recovery as
  • 00:15:14
    recovery in the event of a site failure
  • 00:15:16
    but really in the cloud context this is
  • 00:15:19
    a service failure
  • 00:15:20
    or a site failure it's not not
  • 00:15:22
    exclusively a site
  • 00:15:24
    event
  • 00:15:27
    now we're going to move into the second
  • 00:15:28
    area of knowledge which is describing
  • 00:15:30
    core
  • 00:15:30
    azure services and there are two
  • 00:15:32
    sections to this objective domain the
  • 00:15:35
    first is
  • 00:15:35
    core architectural components and the
  • 00:15:38
    other
  • 00:15:38
    is core resources available in azure so
  • 00:15:41
    let's start with
  • 00:15:43
    architectural components you'll notice
  • 00:15:45
    that the verb here is described so it's
  • 00:15:46
    the same theme we talked about in terms
  • 00:15:48
    of technical depth
  • 00:15:50
    and we're going to look at regions and
  • 00:15:51
    region pairs availability zones resource
  • 00:15:54
    groups
  • 00:15:55
    subscriptions management groups and
  • 00:15:57
    azure
  • 00:15:58
    resource manager and all of these are
  • 00:16:02
    describe
  • 00:16:02
    the benefits and usage of i just
  • 00:16:04
    abbreviated for us there and then we'll
  • 00:16:06
    finish this section up with
  • 00:16:08
    explain azure resources
  • 00:16:11
    so in the area of core architecture
  • 00:16:13
    components let's start at the very top
  • 00:16:14
    and work our way
  • 00:16:16
    down in terms of scope so at the highest
  • 00:16:19
    level we have an azure geography which
  • 00:16:20
    is a discrete market that contains two
  • 00:16:23
    or more regions
  • 00:16:24
    that preserves our data residency and
  • 00:16:27
    compliance
  • 00:16:28
    boundaries and if i just look
  • 00:16:31
    at a map here geographies would be
  • 00:16:34
    laid out something like this so you've
  • 00:16:36
    got you know the us you have europe you
  • 00:16:38
    have uh
  • 00:16:39
    australia china
  • 00:16:44
    there's africa south america
  • 00:16:48
    and then within a geography of regions
  • 00:16:51
    and a region
  • 00:16:52
    is a set of data centers deployed within
  • 00:16:54
    a latency defined
  • 00:16:56
    perimeter and they're connected in a
  • 00:16:59
    dedicated regional low-latency network
  • 00:17:01
    so it's fast connectivity amongst this
  • 00:17:03
    set of data
  • 00:17:04
    centers so in a region like
  • 00:17:08
    azure us east for example you're going
  • 00:17:11
    to have
  • 00:17:12
    fast connectivity between a number of
  • 00:17:16
    data centers in a tight footprint
  • 00:17:18
    so multiple data centers small area so
  • 00:17:21
    the same would be true of east us-2
  • 00:17:22
    south central
  • 00:17:23
    central u.s west central etc
  • 00:17:27
    now i want to take just a minute and
  • 00:17:29
    look at geographies and regions together
  • 00:17:31
    with you
  • 00:17:32
    in context here so so when i look at a
  • 00:17:34
    geography like asia pacific for example
  • 00:17:36
    i can see the regions
  • 00:17:37
    contained in the asia-pacific geography
  • 00:17:40
    south america has two
  • 00:17:42
    data centers in brazil two data centers
  • 00:17:45
    in canada several more in the u.s
  • 00:17:47
    there's
  • 00:17:48
    europe with data centers in countries
  • 00:17:50
    throughout europe
  • 00:17:51
    uh followed by africa and the middle
  • 00:17:54
    east so pretty intuitive in that respect
  • 00:17:57
    now beneath regions we have the concept
  • 00:18:00
    of
  • 00:18:00
    region pairs so this is a relationship
  • 00:18:03
    between two
  • 00:18:04
    azure regions within the same geographic
  • 00:18:06
    region
  • 00:18:07
    for disaster recovery purposes so the
  • 00:18:09
    region pairs will be specific to the
  • 00:18:11
    geography
  • 00:18:13
    so let's take the u.s for example the
  • 00:18:16
    east
  • 00:18:16
    u.s region has a region pair
  • 00:18:20
    and its partner is the west u.s so
  • 00:18:24
    the region pairs are chosen by microsoft
  • 00:18:26
    you don't get to choose these these are
  • 00:18:28
    pre-defined and wherever possible they
  • 00:18:30
    are selected
  • 00:18:32
    as a pair with more than 300 miles
  • 00:18:35
    between them
  • 00:18:37
    there are a small number of cases where
  • 00:18:39
    that's not possible but generally
  • 00:18:40
    speaking you're going to have
  • 00:18:42
    300 miles between your your regions
  • 00:18:45
    in the region pair and your azure
  • 00:18:48
    services that are highly available that
  • 00:18:50
    you also configure
  • 00:18:51
    highly available will have failover
  • 00:18:54
    protocols that kick in
  • 00:18:56
    when when a region fails but a region
  • 00:18:58
    pair is designed to address
  • 00:19:00
    a failure of a given region
  • 00:19:04
    so then we have availability zones so
  • 00:19:06
    availability zones are unique
  • 00:19:09
    physical locations within a region with
  • 00:19:12
    independent power network and cooling so
  • 00:19:14
    within a region is the key there right
  • 00:19:17
    so this is
  • 00:19:18
    uh the scope of availability zones is to
  • 00:19:20
    deal with failures within
  • 00:19:22
    an azure region it's comprised of one or
  • 00:19:25
    more data centers so
  • 00:19:26
    so us east as a region for example will
  • 00:19:29
    have
  • 00:19:30
    multiple data centers in a a footprint
  • 00:19:33
    and it adds tolerance to data center
  • 00:19:36
    failures via redundancy and isolation so
  • 00:19:39
    just looking at
  • 00:19:40
    an example here i have a web farm with a
  • 00:19:42
    sql backend
  • 00:19:43
    and i would have availability zones
  • 00:19:47
    for each of my front ends and back in
  • 00:19:49
    there so i can
  • 00:19:51
    tolerate a failure within a data center
  • 00:19:55
    and my load balancer is going to be zone
  • 00:19:57
    redundant which is a special phrase you
  • 00:19:59
    will want to just park in the back of
  • 00:20:01
    your mind and zone redundant comes up in
  • 00:20:03
    special cases like with the load
  • 00:20:05
    balancer so
  • 00:20:05
    a single ip address in a load balancer
  • 00:20:07
    scenario here can survive a failure
  • 00:20:10
    across any of those availability zones
  • 00:20:13
    so the idea with zone redundancy is that
  • 00:20:15
    a single front-end ip address would
  • 00:20:17
    survive
  • 00:20:19
    a zone failure now we'll look at some
  • 00:20:21
    logical architecture components
  • 00:20:25
    so let's dive in here so we have at the
  • 00:20:27
    highest level management groups
  • 00:20:29
    then subscriptions resource groups and
  • 00:20:32
    resources so let's take a look at how
  • 00:20:34
    these fit
  • 00:20:36
    together
  • 00:20:40
    so at the the highest level in these
  • 00:20:43
    architectural components we have the
  • 00:20:44
    management group
  • 00:20:45
    which can contain one or more
  • 00:20:48
    subscriptions
  • 00:20:51
    we then have resource groups and a
  • 00:20:53
    resource
  • 00:20:54
    group belongs to exactly one
  • 00:20:56
    subscription a subscription will
  • 00:20:57
    typically contain multiple resource
  • 00:20:59
    groups
  • 00:21:00
    and then the resources themselves
  • 00:21:04
    so starting with management groups
  • 00:21:05
    management groups
  • 00:21:07
    provide a level of scope above a
  • 00:21:09
    subscription so we can bring those
  • 00:21:11
    subscriptions together
  • 00:21:13
    into a single boundary for management so
  • 00:21:16
    each directory
  • 00:21:17
    is given a single top level management
  • 00:21:19
    group called
  • 00:21:21
    the root so all of your subscriptions
  • 00:21:23
    belong to that root
  • 00:21:24
    by default
  • 00:21:28
    however we can create management groups
  • 00:21:30
    that contain
  • 00:21:32
    a subset of our subscriptions as we like
  • 00:21:34
    so we can use that as a boundary for
  • 00:21:36
    management
  • 00:21:38
    then we have subscriptions so a
  • 00:21:40
    subscription is a logical container used
  • 00:21:42
    to provision resources in azure
  • 00:21:45
    and why would i create multiple
  • 00:21:46
    subscriptions well there are a few
  • 00:21:48
    reasons
  • 00:21:49
    so when subscription limits are reached
  • 00:21:51
    and every sub
  • 00:21:52
    every service in the subscription has
  • 00:21:55
    certain limits and sometimes those
  • 00:21:57
    limits are set
  • 00:21:58
    beneath the maximum and we can increase
  • 00:22:00
    those but
  • 00:22:01
    at some level you're going to hit a
  • 00:22:03
    subscription level limit so
  • 00:22:04
    if you have a a level of very high scale
  • 00:22:07
    you may need multiple
  • 00:22:08
    subscriptions to achieve your scale to
  • 00:22:11
    use different payment methods
  • 00:22:13
    you know maybe i have one group that
  • 00:22:14
    wants to pay with a credit card another
  • 00:22:17
    that pays in a different way or maybe
  • 00:22:20
    we're doing it
  • 00:22:20
    so we can isolate resources between
  • 00:22:23
    departments and projects and sometimes
  • 00:22:25
    these last two go hand in hand we want
  • 00:22:27
    to isolate
  • 00:22:28
    our resources between departments and
  • 00:22:30
    projects uh from a security
  • 00:22:32
    perspective from a scale perspective but
  • 00:22:34
    also from
  • 00:22:36
    a cost tracking perspective so so
  • 00:22:38
    payment and isolation can go
  • 00:22:40
    hand in hand in that respect now a
  • 00:22:43
    resource
  • 00:22:44
    group is a container that holds the
  • 00:22:46
    resources that are related
  • 00:22:48
    to an azure solution so a great example
  • 00:22:50
    of this
  • 00:22:51
    is an azure virtual machine we can use a
  • 00:22:53
    resource group to group the resources
  • 00:22:55
    that share a common
  • 00:22:56
    resource life cycle and
  • 00:23:00
    the resources themselves that can be any
  • 00:23:03
    entity that's managed by azure like a
  • 00:23:05
    virtual machine or a virtual network or
  • 00:23:08
    a storage account so just to cement
  • 00:23:12
    that concept i want to have a look
  • 00:23:15
    at a resource group and the resources it
  • 00:23:17
    contains with you now
  • 00:23:20
    i'm going to switch over to the azure
  • 00:23:22
    portal and i'm at portal.azure.com
  • 00:23:24
    if i click on resource groups it's going
  • 00:23:26
    to bring me to this interface and i have
  • 00:23:29
    pre uh searched pre-filtered down to the
  • 00:23:32
    resource group i'd like to show you so i
  • 00:23:33
    mentioned a resource group as a
  • 00:23:34
    container that contains related
  • 00:23:36
    resources that share a common life cycle
  • 00:23:38
    so in this case
  • 00:23:39
    i have a resource group that contains a
  • 00:23:41
    virtual machine
  • 00:23:43
    and here i see all of the resources
  • 00:23:45
    related
  • 00:23:46
    to that virtual machine i see the public
  • 00:23:49
    i p address a network security group an
  • 00:23:51
    interface a disk a virtual network
  • 00:23:55
    so all of these elements are related to
  • 00:23:57
    my virtual machine and when this virtual
  • 00:23:59
    machine's life cycle comes to an end
  • 00:24:01
    i would typically want to delete all of
  • 00:24:04
    those related resources as a unit so i
  • 00:24:06
    can simply delete
  • 00:24:08
    the resource group and all of these
  • 00:24:10
    resources will be deleted as
  • 00:24:12
    a result it also
  • 00:24:16
    bears mentioning that i could use this
  • 00:24:17
    resource group as a boundary for
  • 00:24:19
    assigning permissions you see access
  • 00:24:21
    control here i could apply
  • 00:24:22
    permissions at the resource group level
  • 00:24:24
    to give certain
  • 00:24:25
    people or groups within my organization
  • 00:24:28
    permissions
  • 00:24:29
    to that resource
  • 00:24:33
    so i want to visualize this last set of
  • 00:24:35
    architecture components a different way
  • 00:24:37
    and and make a few additional points and
  • 00:24:39
    recap what we've covered here so
  • 00:24:40
    starting at that management group that's
  • 00:24:43
    that highest level logical container we
  • 00:24:45
    can use management groups to aggregate
  • 00:24:47
    policy and initiative assignments an
  • 00:24:49
    initiative as a group of policies we're
  • 00:24:51
    going to talk about
  • 00:24:52
    policies and initiatives later in the
  • 00:24:54
    governance section
  • 00:24:56
    it can contain multiple subscriptions
  • 00:24:58
    and
  • 00:24:59
    all new subscriptions will be placed
  • 00:25:01
    under the root management group by
  • 00:25:02
    default that would contain
  • 00:25:04
    all subscriptions but you can create a
  • 00:25:06
    management group that contains
  • 00:25:07
    the subset of subscriptions you would
  • 00:25:09
    like to
  • 00:25:10
    manage via policy as a unit
  • 00:25:14
    so then beneath our management group we
  • 00:25:16
    have subscriptions
  • 00:25:19
    that's a unit of of management billing
  • 00:25:21
    and scale so a unit of management we get
  • 00:25:23
    but it's also a unit of billing and
  • 00:25:25
    scale because our subscription has
  • 00:25:27
    scalability limits this serves as
  • 00:25:30
    a management boundary for assigning
  • 00:25:32
    policy you know governance and isolation
  • 00:25:35
    as well
  • 00:25:35
    so we get a degree of isolation here we
  • 00:25:37
    can apply
  • 00:25:38
    policies at this level so so it's
  • 00:25:40
    another management boundary
  • 00:25:42
    and our subscriptions will contain one
  • 00:25:46
    or more
  • 00:25:47
    resource groups so the resource group is
  • 00:25:49
    that container
  • 00:25:50
    that holds resources with a common life
  • 00:25:52
    cycle as we saw in
  • 00:25:53
    the demo earlier but that common life
  • 00:25:57
    cycle is the key there it
  • 00:25:58
    also makes it easy for us to delete
  • 00:26:01
    items
  • 00:26:02
    to delete resources as a unit when the
  • 00:26:04
    life cycle comes to an end and then of
  • 00:26:05
    course
  • 00:26:06
    the resources are contained within a
  • 00:26:09
    resource group and to be crystal clear
  • 00:26:11
    there
  • 00:26:12
    resources can be a member of exactly one
  • 00:26:14
    resource group and a resource group can
  • 00:26:16
    be a member of exactly
  • 00:26:18
    one subscription so the resource group
  • 00:26:20
    is contained within a specific
  • 00:26:21
    subscription
  • 00:26:22
    and the resources contained within a
  • 00:26:24
    specific resource
  • 00:26:26
    group now we're going to dive into the
  • 00:26:31
    second half
  • 00:26:32
    of objective domain 2 and this is
  • 00:26:34
    describing some of the core resources
  • 00:26:36
    available in azure so this
  • 00:26:38
    section is going to focus on compute
  • 00:26:39
    network storage
  • 00:26:41
    and database far from the only services
  • 00:26:43
    we'll cover
  • 00:26:44
    but there's quite a lot of material in
  • 00:26:46
    this particular
  • 00:26:48
    subsection so let's just get into it
  • 00:26:50
    we'll start
  • 00:26:51
    with compute so we'll talk about virtual
  • 00:26:53
    machines azure app services
  • 00:26:55
    container instances kubernetes
  • 00:26:58
    particularly in particular the azure
  • 00:26:59
    kubernetes service and windows virtual
  • 00:27:01
    desktop
  • 00:27:02
    and then we'll look at networks
  • 00:27:07
    vpn peering and express route
  • 00:27:10
    so basically compute and network so
  • 00:27:12
    let's just get right into it
  • 00:27:14
    so on the compute side we have azure vms
  • 00:27:17
    we have
  • 00:27:18
    app service where we'd run web services
  • 00:27:21
    we have azure container instance
  • 00:27:23
    azure kubernetes services and windows
  • 00:27:26
    virtual desktop so we really want to
  • 00:27:29
    break these down in such a way that you
  • 00:27:30
    know a bit about
  • 00:27:31
    each service but you can spot where it
  • 00:27:34
    fits into a use case on the exam
  • 00:27:37
    so let's start with azure vms one of the
  • 00:27:39
    basics here so
  • 00:27:40
    this is server virtualization this is
  • 00:27:42
    spinning up compute on demand without
  • 00:27:44
    the need for a hardware purchase we
  • 00:27:46
    don't have to buy
  • 00:27:47
    a hyper-v host we can spin up a virtual
  • 00:27:50
    machine quickly and easily
  • 00:27:52
    so app service is an http based service
  • 00:27:55
    for hosting
  • 00:27:56
    web applications so think hosting
  • 00:27:59
    websites or web apps rest apis mobile
  • 00:28:01
    backend
  • 00:28:02
    and of course since it's http based
  • 00:28:05
    you'd secure that with
  • 00:28:07
    with tls transport layer security or ssl
  • 00:28:09
    using a certificate
  • 00:28:12
    as your container instance so this is
  • 00:28:14
    running docker containers on demand
  • 00:28:17
    in a managed serverless environment
  • 00:28:19
    you're quite literally just spinning up
  • 00:28:21
    a container and and you don't worry
  • 00:28:23
    about anything else now
  • 00:28:24
    the catch here is with aci with azure
  • 00:28:26
    container instance
  • 00:28:28
    it's a solution for any scenario where
  • 00:28:29
    you need to run an isolated container
  • 00:28:32
    without orchestration which means we
  • 00:28:34
    don't have the benefit of a kubernetes
  • 00:28:36
    cluster
  • 00:28:38
    in this case and you'll see
  • 00:28:41
    aci come up in you know truly an
  • 00:28:43
    isolated scenario where you need to run
  • 00:28:46
    where you need to run a container
  • 00:28:48
    containerized application without
  • 00:28:49
    orchestration but it can also
  • 00:28:51
    function as a burst mechanism for an
  • 00:28:54
    azure kubernetes
  • 00:28:55
    uh service instance so so you could
  • 00:28:58
    burst out into aci but but generally
  • 00:29:00
    speaking what you want to focus on here
  • 00:29:01
    isolated containers without
  • 00:29:03
    orchestration right there's no
  • 00:29:05
    orchestrator here like you have
  • 00:29:07
    in a kubernetes cluster so azure
  • 00:29:10
    kubernetes service is a
  • 00:29:11
    hosted kubernetes service where azure
  • 00:29:14
    handles the critical tasks like health
  • 00:29:16
    monitoring and maintenance
  • 00:29:17
    for you the cluster itself is managed
  • 00:29:20
    for you and that being said aks is free
  • 00:29:23
    you basically pay for the agent nodes
  • 00:29:25
    you pay for the virtual machines where
  • 00:29:27
    the workloads run within your cluster
  • 00:29:30
    not for what they call the masters or
  • 00:29:32
    managers
  • 00:29:34
    effectively
  • 00:29:37
    you know that piece is managed for you
  • 00:29:41
    windows virtual desktop is a desktop and
  • 00:29:44
    app virtualization service that runs in
  • 00:29:46
    azure so
  • 00:29:47
    so it pros and managed service providers
  • 00:29:49
    can spin up
  • 00:29:50
    windows 10 virtual desktops in azure at
  • 00:29:54
    high scale this has been a really
  • 00:29:55
    popular solution
  • 00:29:57
    in the work from home revolution
  • 00:30:02
    and in particular what's been brought on
  • 00:30:04
    in 2020
  • 00:30:05
    with uh with with pandemic work from
  • 00:30:09
    home
  • 00:30:09
    requirements really
  • 00:30:13
    so now we're going to talk about network
  • 00:30:16
    services in azure so we'll talk about
  • 00:30:17
    virtual networks
  • 00:30:18
    about vpn gateways about vpn
  • 00:30:22
    in particular v-net peering and i'll
  • 00:30:25
    share a little secret as to why
  • 00:30:27
    v-net peering is actually necessary and
  • 00:30:30
    we'll cover
  • 00:30:30
    express route and how you can spot
  • 00:30:34
    questions where express route is the
  • 00:30:36
    answer on the exam so let's talk about
  • 00:30:37
    virtual networks so this is a logical
  • 00:30:39
    representation of your
  • 00:30:41
    you know ip-based network in azure uh
  • 00:30:44
    you'll often see a virtual network
  • 00:30:46
    referred to simply as a v-net
  • 00:30:49
    two two ways to reference the same thing
  • 00:30:51
    a v-net contains
  • 00:30:53
    one or more ip subnets subnets are where
  • 00:30:57
    your where your virtual machines and
  • 00:30:58
    your other
  • 00:30:59
    uh components are actually connected
  • 00:31:01
    within that virtual network so i can
  • 00:31:03
    have one
  • 00:31:04
    subnet or multiple subnets
  • 00:31:07
    v-nets provide logical isolation and
  • 00:31:10
    azure dedicated
  • 00:31:11
    to your subscription so it's your
  • 00:31:13
    network
  • 00:31:14
    think of it as a dedicated private
  • 00:31:16
    cloud-only network
  • 00:31:18
    we can connect it to our on-premises
  • 00:31:20
    network
  • 00:31:21
    by configuring a site to site vpn for
  • 00:31:23
    example so i can extend
  • 00:31:25
    the network in my data center to azure
  • 00:31:27
    and i can route traffic to and from
  • 00:31:29
    my azure subscription across that site
  • 00:31:31
    to site vpn
  • 00:31:34
    this enables hybrid cloud scenarios
  • 00:31:38
    in fact one other thing you want to
  • 00:31:41
    remember are vms
  • 00:31:42
    in different virtual networks cannot
  • 00:31:46
    communicate by default
  • 00:31:49
    so v-nets within the same subnet can
  • 00:31:52
    communicate but when
  • 00:31:53
    the the virtual machines are in
  • 00:31:55
    different v-nets in different virtual
  • 00:31:57
    networks they cannot
  • 00:31:58
    communicate so a vpn gateway
  • 00:32:02
    is what sends encrypted traffic between
  • 00:32:05
    an azure v-net and an on-premises
  • 00:32:07
    location
  • 00:32:08
    over
  • 00:32:11
    the internet this is a core component of
  • 00:32:16
    hybrid cloud we're connecting our
  • 00:32:17
    on-premises network to the internet
  • 00:32:19
    uh a site-to-site vpn the traffic on a
  • 00:32:22
    site-to-site vpn
  • 00:32:23
    actually traverses the internet that's
  • 00:32:25
    important to know it's it's encrypted of
  • 00:32:27
    course but it's
  • 00:32:28
    traveling across the internet now v-net
  • 00:32:31
    peering
  • 00:32:33
    is how we can connect two virtual
  • 00:32:36
    networks two or more virtual networks
  • 00:32:38
    really seamlessly in azure so that would
  • 00:32:40
    allow us to connect
  • 00:32:42
    our virtual network so our virtual
  • 00:32:44
    machines can
  • 00:32:45
    communicate so we can direct traffic
  • 00:32:48
    between those so two networks then
  • 00:32:49
    function as
  • 00:32:50
    one in terms of connectivity gives us a
  • 00:32:53
    way to
  • 00:32:54
    to route traffic in complex environments
  • 00:32:58
    express route is a solution that extends
  • 00:33:02
    our on-premises networks into azure over
  • 00:33:05
    a private connection
  • 00:33:07
    with the help of a connectivity provider
  • 00:33:08
    so a a telecom
  • 00:33:10
    provider so express route
  • 00:33:14
    is the same concept as site-to-site vpn
  • 00:33:18
    in that it connects azure to our
  • 00:33:20
    on-premises
  • 00:33:21
    you know data center network however the
  • 00:33:24
    traffic does
  • 00:33:25
    not traverse the internet therefore it
  • 00:33:27
    is generally speaking faster
  • 00:33:29
    it is therefore uh generally speaking
  • 00:33:32
    considered
  • 00:33:33
    more secure
  • 00:33:36
    that is not to imply that site-to-site
  • 00:33:38
    vpn is not secure i'm simply saying
  • 00:33:41
    express route because it does not
  • 00:33:42
    traverse the internet because it is a
  • 00:33:44
    private connection
  • 00:33:45
    is more secure so if you see questions
  • 00:33:48
    on the exam that talk about connecting
  • 00:33:50
    your data center to azure
  • 00:33:52
    and security and eliminating latency are
  • 00:33:55
    high priorities
  • 00:33:57
    express route is going to be a great way
  • 00:33:58
    to do that bear in mind that
  • 00:34:00
    site-to-site vpn is generally speaking
  • 00:34:02
    going to be less expensive than express
  • 00:34:04
    route
  • 00:34:05
    which probably doesn't surprise you
  • 00:34:08
    and while it's not super important i
  • 00:34:09
    want to take a quick look with you at
  • 00:34:11
    a v-net and a subnet in an azure
  • 00:34:14
    subscription here so i'll just
  • 00:34:16
    click on my resource group that contains
  • 00:34:19
    the virtual machine
  • 00:34:20
    i showed you earlier and i have a v-net
  • 00:34:22
    in here so here's a virtual network
  • 00:34:24
    you'll see that it says the type is
  • 00:34:26
    virtual network and when i click on that
  • 00:34:27
    virtual network
  • 00:34:29
    i can see in here connected devices so i
  • 00:34:32
    can see the virtual machine
  • 00:34:33
    that's connected right by its network
  • 00:34:35
    interface and there's its ip address
  • 00:34:38
    i can see the subnet that was created
  • 00:34:40
    and in fact
  • 00:34:41
    when you create a virtual network the
  • 00:34:43
    the subnet you create is going to be
  • 00:34:46
    named default unless you give it another
  • 00:34:48
    name but i can then click this and
  • 00:34:50
    create more subnet so i can have
  • 00:34:53
    multiple subnets within my v-net
  • 00:34:55
    but within that virtual network
  • 00:34:59
    my virtual machines on my subnets there
  • 00:35:01
    can communicate now when i put virtual
  • 00:35:03
    machines or anything else
  • 00:35:05
    in different virtual networks they
  • 00:35:06
    cannot communicate by default that's
  • 00:35:08
    where v-net peering comes in real handy
  • 00:35:12
    continuing on the second objective
  • 00:35:14
    domain we're still talking core azure
  • 00:35:16
    services we're going to move into
  • 00:35:17
    discussing storage in azure
  • 00:35:20
    as well as the many database offerings
  • 00:35:23
    in azure so starting with storage let's
  • 00:35:26
    first look
  • 00:35:27
    at blob storage disk storage
  • 00:35:31
    file storage and storage
  • 00:35:34
    tiers so blob storage
  • 00:35:37
    blob storage is optimized for storing
  • 00:35:39
    massive amounts of unstructured data and
  • 00:35:41
    unstructured data is a fancy way of
  • 00:35:43
    saying
  • 00:35:44
    not a database you might use blob
  • 00:35:46
    storage to store
  • 00:35:48
    image data or video data that's
  • 00:35:50
    accessible via your website or your
  • 00:35:53
    mobile app
  • 00:35:54
    or for log files
  • 00:35:57
    so azure file storage are fully managed
  • 00:35:59
    file shares
  • 00:36:00
    that are accessible in azure via smb or
  • 00:36:03
    nfs so smb is server message block
  • 00:36:06
    widely used in the windows world and
  • 00:36:09
    nfs's network file system
  • 00:36:11
    commonly used on the linux platform
  • 00:36:15
    disk storage refers to managed disks
  • 00:36:18
    which are block level volumes managed by
  • 00:36:20
    azure and used with azure vms
  • 00:36:22
    they're just like physical disks that
  • 00:36:24
    you would use in servers on premises
  • 00:36:26
    they're just virtualized
  • 00:36:28
    and really you just configure a bit of
  • 00:36:31
    information about the type pick a size
  • 00:36:33
    and provision
  • 00:36:34
    so so simplified storage really
  • 00:36:38
    thank you cloud and storage tier so
  • 00:36:41
    azure includes hot cool and archive
  • 00:36:45
    access tiers to store blob object data
  • 00:36:48
    in a
  • 00:36:49
    cost effective way so
  • 00:36:52
    the hot data is data that's frequently
  • 00:36:54
    accessed and then your infrequently
  • 00:36:56
    accessed data is going to be in the cool
  • 00:36:58
    tier
  • 00:36:59
    for at least 30 days and then your
  • 00:37:02
    archived tier
  • 00:37:03
    is stored data that's
  • 00:37:07
    rarely accessed and it's going to be the
  • 00:37:09
    highest latency to get
  • 00:37:11
    uh that data back for uh for visibility
  • 00:37:15
    so retrieving
  • 00:37:16
    that archive data is not going to be an
  • 00:37:18
    instant operation but storing
  • 00:37:20
    data in the archived tier is going to be
  • 00:37:22
    very inexpensive and you can use
  • 00:37:24
    lifecycle management policies to
  • 00:37:26
    automate
  • 00:37:27
    uh how the data shows up in these tiers
  • 00:37:30
    i don't expect that you're going to see
  • 00:37:32
    anything about lifecycle management
  • 00:37:33
    policies on the exam but i wanted to
  • 00:37:35
    throw that out there
  • 00:37:36
    because that is a pretty common question
  • 00:37:38
    i hear can i automate
  • 00:37:39
    which tier the the data shows up in and
  • 00:37:42
    the
  • 00:37:43
    short answer is yes so that's not it
  • 00:37:46
    when it comes to
  • 00:37:47
    storage in azure so we also have table
  • 00:37:50
    storage
  • 00:37:52
    and queue storage that are worth
  • 00:37:53
    discussing for sure
  • 00:37:55
    so table storage allows us to store
  • 00:37:58
    structured nosql data in azure
  • 00:38:01
    including a schemas key
  • 00:38:04
    attribute store so i see table storage
  • 00:38:06
    used in a case where
  • 00:38:08
    one might normally use a sql database
  • 00:38:11
    but
  • 00:38:12
    the relational aspect of sql isn't
  • 00:38:15
    required where you just need
  • 00:38:16
    a table of of you know keys and values
  • 00:38:22
    and what's great about table storage in
  • 00:38:24
    that respect is it's it's
  • 00:38:25
    relatively cheap and it's fast and easy
  • 00:38:28
    to manage at that point
  • 00:38:31
    so let's talk about queue storage so
  • 00:38:34
    this is a service restoring large
  • 00:38:36
    numbers of
  • 00:38:37
    messages that are accessible from
  • 00:38:38
    anywhere via authenticated
  • 00:38:41
    http or https calls
  • 00:38:47
    and because q storage will scale way
  • 00:38:49
    into the millions of messages
  • 00:38:50
    this this shows up in in applications
  • 00:38:53
    many times so
  • 00:38:55
    cq storage talked about a lot in an
  • 00:38:57
    application development context
  • 00:39:01
    but the key word here is messages
  • 00:39:05
    so you might wonder how how much like
  • 00:39:08
    you know on-premises physical disks are
  • 00:39:11
    disks in azure so i'm just going to flip
  • 00:39:13
    over to
  • 00:39:14
    my portal here quickly and i'll click on
  • 00:39:17
    that
  • 00:39:18
    resource group we looked at earlier in
  • 00:39:20
    the course and i'm looking at the
  • 00:39:21
    properties of my virtual machine here
  • 00:39:22
    and i'm going to click on its
  • 00:39:24
    disk so just as you would in a
  • 00:39:27
    virtualization
  • 00:39:28
    environment on-premises if you needed to
  • 00:39:32
    examine disk performance you'll see that
  • 00:39:34
    i can
  • 00:39:35
    look at disk operations here so
  • 00:39:38
    immediately i have some metrics that are
  • 00:39:40
    available to me
  • 00:39:42
    so i can assess my disk performance and
  • 00:39:45
    if i find
  • 00:39:46
    that my disk isn't performing at the
  • 00:39:48
    level i need
  • 00:39:49
    i can come in here and resize my disk
  • 00:39:58
    so now let's transition to databases
  • 00:40:01
    so quite a few options here we'll talk
  • 00:40:02
    about cosmos db
  • 00:40:04
    my sequel postgresql
  • 00:40:09
    microsoft sql and sql managed
  • 00:40:12
    instance so i'll point out
  • 00:40:16
    some differentiating factors of each of
  • 00:40:18
    these offerings where they fit so you
  • 00:40:20
    know how to pick them out
  • 00:40:22
    in the questions on the exam
  • 00:40:27
    so let's start with cosmos db so cosmos
  • 00:40:30
    db is a fully managed
  • 00:40:32
    nosql database designed for modern
  • 00:40:36
    application development it features
  • 00:40:39
    ultra low response latency anywhere in
  • 00:40:43
    the world it has
  • 00:40:43
    apis for several popular languages and
  • 00:40:46
    database platforms so essentially it can
  • 00:40:49
    function
  • 00:40:50
    as many other types of databases like
  • 00:40:53
    uh sql mongodb gremlin
  • 00:40:57
    cassandra spark i've used cosmos db for
  • 00:41:00
  • 00:41:01
    db myself using the api for so my
  • 00:41:04
    mongodb
  • 00:41:05
    queries can work against cosmos db and
  • 00:41:07
    because it's a global
  • 00:41:09
    platform the ultra low response latency
  • 00:41:13
    those are those are keywords you want to
  • 00:41:15
    remember for the exam and know
  • 00:41:16
    that really cosmos features fast
  • 00:41:20
    global access and data convergence in
  • 00:41:22
    fact when you set up
  • 00:41:23
    cosmos you can figure how it's going to
  • 00:41:26
    behave and and where it's going to be
  • 00:41:27
    available so setting up cosmos
  • 00:41:30
    in a global configuration is actually
  • 00:41:33
    not that difficult
  • 00:41:35
    so microsoft sql so azure sql this is a
  • 00:41:39
    fully managed pass database engine that
  • 00:41:42
    handles most of the manage functions
  • 00:41:44
    management functions for you like
  • 00:41:46
    upgrading patching backups
  • 00:41:48
    and monitoring
  • 00:41:51
    in fact i'll show you an azure sql
  • 00:41:53
    instance in just a moment
  • 00:41:55
    we'll have a quick look so continuing
  • 00:41:58
    here
  • 00:41:59
    postgresql very similar it's a
  • 00:42:01
    relational database service
  • 00:42:03
    in the in the cloud based on postgresql
  • 00:42:06
    community edition
  • 00:42:07
    uh when you look at it in the azure
  • 00:42:09
    portal it is a paths database offering
  • 00:42:12
    it looks very much like
  • 00:42:14
    microsoft sql in in the azure sql
  • 00:42:16
    offering it's it's
  • 00:42:18
    simply a different platform under the
  • 00:42:20
    hood
  • 00:42:21
    um mysql uh same thing based on my sql
  • 00:42:26
    mysql
  • 00:42:27
    community edition another paths
  • 00:42:30
    relational database service
  • 00:42:32
    and many of those functions handled in
  • 00:42:34
    azure sql
  • 00:42:35
    also handled in my sequel so and
  • 00:42:38
    in fact when you look at these services
  • 00:42:40
    they are three distinct services but
  • 00:42:42
    they look
  • 00:42:43
    very similar in the azure portal and in
  • 00:42:47
    terms of their features
  • 00:42:51
    in fact let's just pop over to the azure
  • 00:42:52
    portal right quick and have a quick look
  • 00:42:54
    at an azure
  • 00:42:56
    sql instance so you'll notice here that
  • 00:42:58
    you see the little sql icon it says sql
  • 00:43:00
    server this is my
  • 00:43:02
    azure sql server and if i click on that
  • 00:43:05
    server
  • 00:43:06
    i can come in here and see my sql
  • 00:43:09
    databases and so there's my database
  • 00:43:14
    and as i mentioned many of the functions
  • 00:43:16
    the management functions are handled for
  • 00:43:18
    you in this service so if i go to manage
  • 00:43:20
    backups this is a great example because
  • 00:43:22
    you'll see this across all three of
  • 00:43:23
    those services across
  • 00:43:25
    the microsoft azure sql and my sql and
  • 00:43:28
    the postgresql offering is
  • 00:43:31
    that you have a backup capability and
  • 00:43:32
    you can configure retention here
  • 00:43:35
    and you'll notice here i can go
  • 00:43:38
    and i can do point in time restores uh
  • 00:43:41
    all the way up to 35 days i can
  • 00:43:44
    configure
  • 00:43:45
    my retention so
  • 00:43:48
    similar capabilities across my sequel
  • 00:43:50
    and post post sql
  • 00:43:53
    sql as well
  • 00:43:57
    so closing out our database discussion
  • 00:44:00
    we have sql managed instance so this is
  • 00:44:02
    a cloud database service that combines
  • 00:44:04
    the broadest sql service database engine
  • 00:44:08
    compatibility with all the benefits of
  • 00:44:12
    a platform as a service offering but
  • 00:44:14
    broadest compatibility
  • 00:44:16
    is the key here so you'll see this come
  • 00:44:18
    up pretty typically in situations where
  • 00:44:20
    we want to migrate an
  • 00:44:21
    on-premises db to the cloud and
  • 00:44:24
    compatibility is key because the
  • 00:44:26
    database
  • 00:44:27
    and and perhaps the application aren't
  • 00:44:29
    quite ready
  • 00:44:30
    for the cloud yet so sql managed
  • 00:44:32
    instance solves for that problem
  • 00:44:35
    and closing out this section the azure
  • 00:44:38
    marketplace so this is a catalog
  • 00:44:40
    of more than 17 000
  • 00:44:43
    certified apps and services as of today
  • 00:44:45
    that's growing no doubt
  • 00:44:47
    essentially you can seamlessly deploy
  • 00:44:50
    applications from the and services from
  • 00:44:52
    the catalog it simplifies billing
  • 00:44:54
    because you can have
  • 00:44:55
    a single bill so so remember in terms of
  • 00:44:58
    benefits simplifying billing single bill
  • 00:45:01
    for all your microsoft and third party
  • 00:45:04
    offerings in fact if i just switch over
  • 00:45:06
    to the azure portal
  • 00:45:09
    i'll just switch over to the azure
  • 00:45:11
    portal and you'll see there's a
  • 00:45:12
    marketplace icon there
  • 00:45:14
    and that opens up the marketplace where
  • 00:45:16
    i see
  • 00:45:17
    a list of many offers and
  • 00:45:20
    i can search here for whatever it is
  • 00:45:24
    that i would like to purchase i can
  • 00:45:26
    search by keyword or i can search down
  • 00:45:28
    for specific
  • 00:45:30
    solutions so as we move into objective
  • 00:45:33
    domain three on az 900 i want to point
  • 00:45:36
    out
  • 00:45:36
    an important fact here and that's uh in
  • 00:45:38
    the skills measured document for
  • 00:45:40
    every azure certification exam i have
  • 00:45:42
    ever looked at you're going to find
  • 00:45:44
    right
  • 00:45:44
    up near the the top under skills
  • 00:45:47
    measured the following
  • 00:45:48
    statement this list is not definitive or
  • 00:45:52
    exhaustive meaning that there are
  • 00:45:54
    elements related to the skills measured
  • 00:45:57
    that may not be called out explicitly on
  • 00:46:00
    the list of skills measured that may
  • 00:46:02
    still appear on the exam that will
  • 00:46:03
    become
  • 00:46:04
    very apparent in a couple of key areas
  • 00:46:07
    in
  • 00:46:07
    objective domain three where i will call
  • 00:46:10
    out some elements i think you may well
  • 00:46:11
    see on the exam
  • 00:46:12
    in spite of the fact that they are not
  • 00:46:14
    called out explicitly in the skills
  • 00:46:16
    measured
  • 00:46:17
    in part because there are some
  • 00:46:19
    components i know to be important
  • 00:46:21
    commonly used and in part because i have
  • 00:46:24
    seen those components called out
  • 00:46:26
    explicitly
  • 00:46:26
    in previous versions of az 900
  • 00:46:30
    we're not going to waste a lot of time
  • 00:46:31
    on it but they'll be called out so you
  • 00:46:33
    have awareness going into that exam so
  • 00:46:37
    objective domain 3 is divided into two
  • 00:46:39
    parts there is describe
  • 00:46:41
    core solutions available in azure and
  • 00:46:43
    describe
  • 00:46:44
    azure management tools
  • 00:46:47
    so core solutions we'll touch on the
  • 00:46:50
    following themes where you'll need to
  • 00:46:52
    describe the benefits and usage
  • 00:46:54
    of the core solutions iot
  • 00:46:58
    synapse analytics hdinsight and azure
  • 00:47:00
    data bricks are in the data warehouse
  • 00:47:03
    category and then in machine learning
  • 00:47:06
    and ai
  • 00:47:07
    followed by serverless computing
  • 00:47:09
    solutions that include azure functions
  • 00:47:11
    and logic apps
  • 00:47:12
    but are not limited to those two
  • 00:47:15
    components
  • 00:47:16
    and in the theme of devops we'll talk
  • 00:47:18
    about azure devops github
  • 00:47:21
    github actions and azure devtest
  • 00:47:24
    lab so let's get right into it we'll
  • 00:47:26
    talk about iot first and let's look at
  • 00:47:28
    iot hub
  • 00:47:30
    so iot hub is a central message hub for
  • 00:47:32
    bi-directional communication
  • 00:47:34
    between your iot app and the devices it
  • 00:47:37
    manages
  • 00:47:38
    so bi-directional is a key element here
  • 00:47:42
    sometimes iot hub is compared to azure
  • 00:47:46
    event hub and a key difference between
  • 00:47:48
    iot hub and event hub is that the iot
  • 00:47:52
    hub
  • 00:47:52
    is bi-directional and in fact the event
  • 00:47:55
    hub
  • 00:47:56
    was used in iot scenarios before iot hub
  • 00:47:59
    was released but that's one of the key
  • 00:48:03
    capabilities that iot hub brought to the
  • 00:48:06
    party so remember that
  • 00:48:07
    when you see questions around iot hub if
  • 00:48:10
    you see bi-directional show up there
  • 00:48:12
    anywhere
  • 00:48:13
    iot hub is bidirectional event hub is
  • 00:48:15
    not
  • 00:48:16
    iot central an iot application
  • 00:48:20
    platform that simplifies the creation
  • 00:48:23
    of iot solutions and helps to reduce
  • 00:48:26
    the burden and cost of iot management
  • 00:48:29
    operations and development
  • 00:48:32
    this really points to the the core
  • 00:48:35
    mission of iot
  • 00:48:37
    central so iot central was developed to
  • 00:48:40
    simplify the iot management process to
  • 00:48:44
    reduce
  • 00:48:45
    the the burden and the knowledge level
  • 00:48:47
    required for organizations trying to
  • 00:48:49
    manage iot
  • 00:48:50
    in fact iot central is a fully managed
  • 00:48:54
    sas solution so it's really lowering the
  • 00:48:57
    bar by bringing
  • 00:48:58
    some native management and monitoring
  • 00:49:01
    functionality for your iot devices so
  • 00:49:04
    those will be key elements you want to
  • 00:49:05
    watch for in questions related to iot
  • 00:49:08
    when you're trying to
  • 00:49:09
    find the right solution so azure sphere
  • 00:49:13
    is a secure high level application
  • 00:49:16
    platform
  • 00:49:17
    created by microsoft with built-in
  • 00:49:19
    communication and security features for
  • 00:49:21
    internet connected devices
  • 00:49:23
    essentially it's a linux based operating
  • 00:49:26
    system
  • 00:49:26
    and a cloud-based security service that
  • 00:49:29
    provides
  • 00:49:30
    continuous security it was actually
  • 00:49:33
    created by microsoft
  • 00:49:35
    to run on an azure sphere certified chip
  • 00:49:37
    and to connect
  • 00:49:39
    with the azure sphere security service
  • 00:49:42
    so definitely a purpose purpose-built
  • 00:49:44
    operating system so
  • 00:49:49
    let's talk about data warehouse if you
  • 00:49:52
    see data lake
  • 00:49:53
    synapse analytics hd insight or
  • 00:49:56
    data bricks mentioned
  • 00:50:00
    that all refers to something related to
  • 00:50:03
    data warehouse now data lake didn't show
  • 00:50:05
    up
  • 00:50:06
    explicitly in that list i have seen data
  • 00:50:08
    lake on
  • 00:50:09
    az 900 exam descriptions previously
  • 00:50:12
    so just keep an eye out for that so any
  • 00:50:14
    of these four elements
  • 00:50:16
    really would fall into common data
  • 00:50:20
    warehouse scenarios so let's break these
  • 00:50:22
    down
  • 00:50:23
    and talk about how each fits so data
  • 00:50:26
    lake the one
  • 00:50:27
    not mentioned this is a technology that
  • 00:50:29
    enables big data analytics
  • 00:50:31
    and artificial intelligence it provides
  • 00:50:35
    really less expensive
  • 00:50:38
    storage than a relational database
  • 00:50:41
    and it will store data from a variety of
  • 00:50:45
    systems so it'll store data from
  • 00:50:46
    business systems or other databases but
  • 00:50:50
    most importantly here it will store
  • 00:50:52
    diverse types of data relational
  • 00:50:54
    and non-relational from diverse sources
  • 00:50:57
    so data lake is a place where we can
  • 00:51:00
    store
  • 00:51:01
    large volumes of data inexpensively even
  • 00:51:04
    if the data
  • 00:51:05
    is not all of the same type and it's a
  • 00:51:08
    place where we can leave data that
  • 00:51:10
    will not be accessed constantly
  • 00:51:13
    so synapse analytics is an integrated
  • 00:51:15
    analytics service
  • 00:51:17
    that basically gives us off-the-shelf
  • 00:51:21
    insight into data warehouses and big
  • 00:51:24
    data systems
  • 00:51:25
    most importantly perhaps is that synapse
  • 00:51:28
    analytics was formerly known as azure
  • 00:51:30
    sql data
  • 00:51:31
    warehouse so this is the core solution
  • 00:51:35
    when it comes to data warehousing
  • 00:51:38
    hdinsight
  • 00:51:39
    will show up in discussions around
  • 00:51:43
    hadoop so it's a cloud distribution of
  • 00:51:46
    hadoop
  • 00:51:47
    that makes processing massive amounts of
  • 00:51:50
    data
  • 00:51:51
    quickly much easier and it supports a
  • 00:51:53
    number of open source frameworks so if
  • 00:51:54
    you see
  • 00:51:55
    hadoop spark hive kafka storm
  • 00:51:58
    or any of those mentioned hdinsight may
  • 00:52:02
    well be the answer that you are looking
  • 00:52:04
    for
  • 00:52:05
    so those open source frameworks are are
  • 00:52:07
    key
  • 00:52:08
    i think when it comes to hadoop and then
  • 00:52:11
    databricks
  • 00:52:12
    which is another analytics platform
  • 00:52:15
    optimized for
  • 00:52:17
    the azure platform and it offers two
  • 00:52:20
    environments
  • 00:52:21
    for developing data intensive
  • 00:52:24
    applications so so keep that phrase in
  • 00:52:26
    mind
  • 00:52:27
    they have uh the databricks sql
  • 00:52:30
    analytics and the databricks workspace
  • 00:52:32
    but when you think about developing data
  • 00:52:34
    intensive applications keep that phrase
  • 00:52:36
    in mind
  • 00:52:37
    when you're thinking about data bricks
  • 00:52:40
    so let's move into
  • 00:52:42
    machine learning and ai so there is
  • 00:52:44
    azure machine learning
  • 00:52:46
    cognitive services and the azure bot
  • 00:52:48
    service so we'll start
  • 00:52:50
    with azure machine learning so this is a
  • 00:52:53
    cloud-based
  • 00:52:54
    environment you can use to train deploy
  • 00:52:56
    automate
  • 00:52:57
    manage and track machine learning models
  • 00:53:01
    this is where you're going to bring your
  • 00:53:04
    models and
  • 00:53:05
    cognitive services are cloud-based
  • 00:53:08
    services with
  • 00:53:09
    rest apis and client library sdks
  • 00:53:13
    that help you to build cognitive
  • 00:53:15
    intelligence
  • 00:53:16
    into your application so the keywords
  • 00:53:18
    there build in applications
  • 00:53:22
    and it provides cognitive understanding
  • 00:53:26
    in five main pillars vision speech
  • 00:53:29
    language decision and search
  • 00:53:33
    so just some defining characteristics
  • 00:53:35
    for you there and again we have to
  • 00:53:37
    describe these components right so this
  • 00:53:39
    is really
  • 00:53:40
    about your being able to identify uh
  • 00:53:43
    which components
  • 00:53:44
    fit into a solution and
  • 00:53:47
    azure bot service is a managed bot
  • 00:53:50
    development service that helps you
  • 00:53:52
    connect your users via popular channels
  • 00:53:54
    it's really a purpose-built
  • 00:53:56
    environment for bot development so
  • 00:53:58
    pretty easy to spot but
  • 00:54:00
    those are the defining characteristics
  • 00:54:01
    there that will help you pick the right
  • 00:54:02
    answer
  • 00:54:03
    on some of those exam questions now
  • 00:54:07
    serverless so logic apps and functions
  • 00:54:10
    were mentioned on that list it said
  • 00:54:13
    including
  • 00:54:14
    logic app and function so i've added
  • 00:54:16
    event grid here which also falls
  • 00:54:18
    into the serverless category again the
  • 00:54:20
    list is not exhaustive it only takes a
  • 00:54:22
    minute to mention it
  • 00:54:23
    so i want to put it in front of you it's
  • 00:54:25
    important
  • 00:54:26
    so let's start with logic app a cloud
  • 00:54:29
    service that helps you schedule automate
  • 00:54:31
    and orchestrate tasks
  • 00:54:33
    business processes and workflows
  • 00:54:40
    and you can choose from a gallery
  • 00:54:43
    of hundreds of pre-built connectors both
  • 00:54:46
    microsoft connectors and connectors for
  • 00:54:48
    third-party services this is really one
  • 00:54:50
    of the defining characteristics
  • 00:54:52
    of logic app in fact power automate
  • 00:54:54
    previously known
  • 00:54:56
    as flow is built on top
  • 00:54:59
    of logic app so actually let me just
  • 00:55:01
    switch over and show you the list
  • 00:55:04
    of logic app connectors
  • 00:55:07
    there's actually a page that lists them
  • 00:55:08
    here there are hundreds of these
  • 00:55:10
    connectors
  • 00:55:12
    many for microsoft services many for a
  • 00:55:14
    third party services but
  • 00:55:16
    300 plus last i i checked count
  • 00:55:21
    and you can you can leverage these
  • 00:55:24
    you know alone or in in conjunction with
  • 00:55:27
    one another there's no rule against
  • 00:55:29
    having
  • 00:55:30
    a workflow and logic app with multiple
  • 00:55:32
    connectors involved
  • 00:55:34
    so it's a pretty exciting capability
  • 00:55:40
    so let's talk about azure functions this
  • 00:55:43
    is an event driven
  • 00:55:44
    compute on demand experience as
  • 00:55:47
    microsoft calls it that extends the
  • 00:55:49
    existing
  • 00:55:50
    azure application platform with
  • 00:55:52
    capabilities to implement
  • 00:55:54
    code triggered events uh occurring in
  • 00:55:57
    azure as well as in on-premises systems
  • 00:56:00
    but but
  • 00:56:00
    code triggered events is key here
  • 00:56:04
    i want you to pay special attention to
  • 00:56:06
    that phrase triggered by events that
  • 00:56:08
    means
  • 00:56:09
    that the functions are only running when
  • 00:56:11
    they are triggered that is a
  • 00:56:13
    hallmark of serverless we'll dig into
  • 00:56:15
    the difference between platform as a
  • 00:56:17
    service
  • 00:56:18
    and serverless in just a moment but
  • 00:56:21
    remember
  • 00:56:22
    that when we're thinking about functions
  • 00:56:23
    and event grid enables you to
  • 00:56:26
    manage events across many different
  • 00:56:28
    azure services
  • 00:56:30
    and applications let me just show you
  • 00:56:32
    here so so really event grid allows us
  • 00:56:35
    to
  • 00:56:35
    take events from a number of different
  • 00:56:38
    sources all the sources are on the left
  • 00:56:40
    here
  • 00:56:41
    and we can trigger the event grid and
  • 00:56:44
    push those over
  • 00:56:45
    to handler so it's what we call a pub
  • 00:56:47
    sub model
  • 00:56:48
    also uh it's really an
  • 00:56:52
    app or a service reacting to an event
  • 00:56:54
    sometimes you'll
  • 00:56:55
    hear it described as reactive
  • 00:56:58
    uh programming so bottom line
  • 00:57:03
    the way i think of it is is you know it
  • 00:57:05
    enables you to easily
  • 00:57:07
    push events to the configured
  • 00:57:10
    destination as opposed to the much less
  • 00:57:16
    the much less efficient pull model
  • 00:57:20
    across serverless architecture in a pull
  • 00:57:22
    model you have to set up a a
  • 00:57:23
    subscription and there's a polling that
  • 00:57:25
    happened so the push
  • 00:57:27
    model eliminates the need for the
  • 00:57:30
    the the destination to do a a polling
  • 00:57:32
    operation for the for the pull so
  • 00:57:35
    that really makes event grid a bit of a
  • 00:57:37
    game changer in that
  • 00:57:38
    respect okay so now
  • 00:57:42
    the million dollar question that i
  • 00:57:44
    promised you we would answer
  • 00:57:46
    how is serverless different from
  • 00:57:49
    platform as a service in terms of
  • 00:57:51
    responsibility and really in terms
  • 00:57:54
    of functionality
  • 00:57:58
    so let's have a look so we have on one
  • 00:58:01
    hand platform as a service and on the
  • 00:58:03
    other hand
  • 00:58:03
    serverless now they do have some common
  • 00:58:05
    elements here so there's some overlap
  • 00:58:07
    number one your devs have to write code
  • 00:58:08
    in azure
  • 00:58:10
    functions you're going to write code in
  • 00:58:13
    c sharp or powershell or
  • 00:58:16
    python or what have you uh serverless
  • 00:58:19
    same
  • 00:58:20
    scenario there's no server management
  • 00:58:22
    you know with platform as a service
  • 00:58:24
    and and serverless both uh you're
  • 00:58:26
    relieved of managing
  • 00:58:28
    the underlying infrastructure that's
  • 00:58:30
    great now here's
  • 00:58:31
    where the two differ so platform as a
  • 00:58:34
    service does give you more
  • 00:58:36
    control over the deployment environment
  • 00:58:39
    so think
  • 00:58:40
    about azure app service it's where we
  • 00:58:42
    can host
  • 00:58:43
    web applications i can configure a
  • 00:58:46
    number of
  • 00:58:48
    settings a wide variety of settings in
  • 00:58:50
    fact related
  • 00:58:51
    to the the web hosting instance there
  • 00:58:55
    which will control certain aspects of
  • 00:58:57
    how my application behaves on the
  • 00:58:59
    serverless side you have
  • 00:59:00
    less control over the deployment
  • 00:59:03
    environment
  • 00:59:04
    so think uh logic apps
  • 00:59:07
    uh for is a great example with logic app
  • 00:59:10
    uh
  • 00:59:10
    really you're working in a low code
  • 00:59:13
    scenario i mean there's there's some
  • 00:59:15
    code involved in in logic app certainly
  • 00:59:17
    you're going to be working with
  • 00:59:19
    certain code-ish elements but it's a
  • 00:59:21
    lower code environment and you have
  • 00:59:24
    no control under the over the underlying
  • 00:59:27
    environment it's just there and ready
  • 00:59:29
    for you to use
  • 00:59:30
    on the path side the application has to
  • 00:59:33
    be configured to auto scale
  • 00:59:35
    and on the serverless side the
  • 00:59:37
    application scales automatically it's
  • 00:59:38
    not your problem the scale is built into
  • 00:59:40
    the platform
  • 00:59:42
    and then on the platform as a service
  • 00:59:44
    side the application can take a while to
  • 00:59:47
    spin
  • 00:59:47
    up and i've seen this firsthand in in
  • 00:59:50
    the app service space there there are
  • 00:59:52
    things you can do to make sure your app
  • 00:59:55
    is always awake
  • 00:59:56
    and ready to answer requests but but
  • 00:59:58
    certainly a web app can go to sleep the
  • 01:00:00
    thread can go to sleep when it's not
  • 01:00:02
    executed for a certain number of minutes
  • 01:00:04
    when there are no calls coming in right
  • 01:00:06
    with serverless the application code
  • 01:00:09
    only executes when it's invoked we're
  • 01:00:10
    not worried about spinning up
  • 01:00:12
    an azure function executes when it is
  • 01:00:16
    triggered it's code triggered by events
  • 01:00:19
    uh and that's another key
  • 01:00:22
    difference
  • 01:00:25
    so serverless has some small
  • 01:00:28
    performance advantages and it relieves
  • 01:00:30
    us of certain responsibilities it just
  • 01:00:32
    adds a bit of additional polish
  • 01:00:34
    in in certain use cases but that's the
  • 01:00:38
    difference
  • 01:00:38
    so so now you'll know for the exam so
  • 01:00:40
    now we're going to move into
  • 01:00:42
    devops so we'll talk about azure devops
  • 01:00:44
    github github
  • 01:00:45
    actions and azure dev test
  • 01:00:49
    labs so azure devops this is a single
  • 01:00:53
    platform for
  • 01:00:54
    implementing devops deploying code using
  • 01:00:57
    the
  • 01:00:58
    the cicd framework that's continuous
  • 01:01:01
    integration
  • 01:01:02
    continuous deployment it's how we
  • 01:01:04
    facilitate agile
  • 01:01:06
    software development and azure devops
  • 01:01:09
    is microsoft's native platform there are
  • 01:01:12
    multiple components within azure devops
  • 01:01:15
    there's
  • 01:01:16
    a get capability called azure repos
  • 01:01:19
    you have your your kanban board
  • 01:01:22
    style functionality and azure boards
  • 01:01:25
    just to name a couple on the other hand
  • 01:01:28
    github
  • 01:01:29
    is a service that microsoft acquired
  • 01:01:33
    not too long ago it's a web-based git
  • 01:01:36
    repository
  • 01:01:37
    hosting service for source code
  • 01:01:39
    management and distributed revision
  • 01:01:41
    control now azure boards provides that
  • 01:01:42
    sort of capability but github
  • 01:01:45
    is a very widely used service across the
  • 01:01:48
    internet
  • 01:01:49
    by you know many people that don't
  • 01:01:52
    necessarily use
  • 01:01:53
    microsoft technology even it offers all
  • 01:01:56
    the functionality of git for your source
  • 01:01:57
    code management but it has a number of
  • 01:01:59
    its own
  • 01:02:00
    features github actions helps you
  • 01:02:03
    automate
  • 01:02:04
    your software development workflows from
  • 01:02:06
    within github so it
  • 01:02:07
    provides some similar functionality to
  • 01:02:10
    what we would see in
  • 01:02:11
    the ci cd uh scenario in azure
  • 01:02:15
    devops but that's really what it's
  • 01:02:16
    helping facilitate there is cicd the
  • 01:02:19
    continuous integration
  • 01:02:20
    and continuous deployment
  • 01:02:23
    and you can build test package released
  • 01:02:25
    or deploy an application
  • 01:02:28
    or project on github with a workflow
  • 01:02:33
    but cicd is the the acronym that comes
  • 01:02:36
    up frequently in devops that's uh
  • 01:02:37
    continuous integration
  • 01:02:39
    continuous deployment or sometimes
  • 01:02:42
    continuous delivery depending on who you
  • 01:02:45
    ask
  • 01:02:47
    then there's azure dev test labs which
  • 01:02:50
    provides a self-service sandbox
  • 01:02:52
    environment so you can quickly create
  • 01:02:53
    dev test environments so you're
  • 01:02:56
    minimizing the waste of deploying
  • 01:02:58
    virtual machines that sit around running
  • 01:02:59
    wasting your funds
  • 01:03:01
    makes it easier to control your cost
  • 01:03:03
    essentially so
  • 01:03:04
    sandbox is the key keyword there and
  • 01:03:08
    and the focus on minimizing waste
  • 01:03:11
    controlling cost right it's about saving
  • 01:03:13
    saving money and being more efficient in
  • 01:03:15
    our dev test process
  • 01:03:18
    if you're anything like me you don't
  • 01:03:19
    like to waste money running your azure
  • 01:03:20
    lab vms 24 7
  • 01:03:22
    and that's where the resource scheduler
  • 01:03:24
    for microsoft azure can help
  • 01:03:26
    it's got a simple web ui making it an
  • 01:03:28
    easy way to set up those vm run
  • 01:03:29
    schedules
  • 01:03:30
    and it comes with a free lifetime sub
  • 01:03:33
    for 10 vms or less
  • 01:03:34
    and you can find it in the azure
  • 01:03:36
    marketplace
  • 01:03:37
    you'll find a link in this video's
  • 01:03:40
    description
  • 01:03:41
    now we're going to move into the second
  • 01:03:43
    half of objective domain
  • 01:03:44
    3 which will focus on describing azure
  • 01:03:48
    management tool so look at the
  • 01:03:49
    functionality
  • 01:03:50
    and usage of azure portal powershell
  • 01:03:53
    azure cli
  • 01:03:54
    cloud shell and azure mobile app we'll
  • 01:03:56
    talk about azure advisor
  • 01:03:59
    azure resource manager or arm
  • 01:04:02
    templates a great deployment capability
  • 01:04:04
    will touch on azure monitor
  • 01:04:06
    and azure service health all
  • 01:04:10
    in that azure management bucket so
  • 01:04:14
    when we think about interacting with our
  • 01:04:15
    azure sub we have the azure portal which
  • 01:04:17
    we can go to in any browser
  • 01:04:19
    we have azure cloud shell which actually
  • 01:04:21
    gives us access
  • 01:04:22
    to the azure cli or azure powershell
  • 01:04:25
    in a browser very exciting capability
  • 01:04:28
    very convenient
  • 01:04:29
    we have azure powershell which we you
  • 01:04:31
    know typically access on a windows or
  • 01:04:33
    linux system
  • 01:04:34
    and then the azure mobile app which we
  • 01:04:36
    can access from any ios or android
  • 01:04:38
    device
  • 01:04:39
    and finally azure cli which is going to
  • 01:04:42
    be your
  • 01:04:43
    your bash type your bash style command
  • 01:04:45
    line
  • 01:04:46
    also accessible both on windows and
  • 01:04:49
    linux distros
  • 01:04:54
    and and to be thorough you know azure
  • 01:04:56
    you know powershell and azure cli both
  • 01:04:58
    been tested on mac os
  • 01:04:59
    so so it's not just windows and and
  • 01:05:02
    linux
  • 01:05:03
    so bear that in mind but azure portal
  • 01:05:05
    that's our web-based unified console
  • 01:05:07
    portal.azure.com where we can manage our
  • 01:05:09
    azure subscription using
  • 01:05:11
    a web-based gui it's our graphical ui
  • 01:05:14
    the cloud shell
  • 01:05:15
    is an interactive authenticated browser
  • 01:05:18
    accessible shell
  • 01:05:19
    for managing your azure resources if
  • 01:05:21
    you've not gone through any of the
  • 01:05:23
    the ms learn content related to az 900
  • 01:05:26
    or looked at any of the examples on the
  • 01:05:28
    microsoft site frequently you will find
  • 01:05:31
    quick start tutorials that leverage
  • 01:05:33
    azure cloud shell
  • 01:05:34
    to deploy the capability that you're
  • 01:05:37
    going to work with in that tutorial
  • 01:05:40
    in fact let me just show you the cloud
  • 01:05:42
    shell quickly
  • 01:05:47
    so here in the azure portal there are
  • 01:05:49
    two couple of ways i can get to the
  • 01:05:50
    cloud shell so number one at
  • 01:05:52
    portal.azure.com i can simply hit the
  • 01:05:54
    cloud shell icon here which is going to
  • 01:05:56
    switch me over to the cloud shell and
  • 01:05:58
    there i have
  • 01:05:59
    you'll see the bash version of the cloud
  • 01:06:02
    shell so if i use azure cli
  • 01:06:04
    syntax here i'll do a z account list
  • 01:06:07
    and i get a list of my azure
  • 01:06:11
    subscriptions now i can also go to
  • 01:06:15
    shell.azure.com and that's going to do a
  • 01:06:18
    redirect over to
  • 01:06:19
    start the cloud shell for me as well
  • 01:06:23
    and you notice there that we have a
  • 01:06:24
    couple of flavors right we have bash or
  • 01:06:26
    powershell so you can pick your
  • 01:06:28
    preferred
  • 01:06:28
    language i tend to to use
  • 01:06:31
    azure cli so i use the bash version but
  • 01:06:34
    uh the powershell version equally
  • 01:06:38
    valid here so i'll just flip over to the
  • 01:06:41
    powershell version and we'll have a look
  • 01:06:44
    here that took a minute to come up but
  • 01:06:46
    there we have our powershell version of
  • 01:06:48
    the command shell so i can then just
  • 01:06:50
    type powershell commandlets so i'll do
  • 01:06:52
    the same
  • 01:06:52
    operation but in powershell speaks a get
  • 01:06:54
    dash az
  • 01:06:56
    subscription and i can list my
  • 01:06:58
    subscription so
  • 01:07:00
    you can pick your language any browser
  • 01:07:01
    which means you can really take this to
  • 01:07:03
    any
  • 01:07:03
    client operating system where you you
  • 01:07:05
    have a browser you can work with so very
  • 01:07:07
    handy
  • 01:07:08
    in that respect but it includes both
  • 01:07:11
    those options
  • 01:07:13
    and now azure powershell so this is a
  • 01:07:18
    set of commandlets for managing azure
  • 01:07:19
    resources directly from
  • 01:07:21
    the powershell command line so you'd use
  • 01:07:23
    this on
  • 01:07:25
    your windows 10 client for example or
  • 01:07:28
    a linux system or even a recent build a
  • 01:07:32
    mac os
  • 01:07:33
    the azure mobile app is an app for ios
  • 01:07:36
    and android that enables manage
  • 01:07:38
    managing tracking health and status and
  • 01:07:40
    troubleshooting your azure resources i
  • 01:07:42
    tend to use the mobile app
  • 01:07:44
    for quick operations if i need to start
  • 01:07:46
    a virtual machine for example if there's
  • 01:07:48
    something small that i'd like to look
  • 01:07:49
    into i'm not a big fan of working
  • 01:07:51
    on small screens but the azure mobile
  • 01:07:54
    app has come a long way
  • 01:07:56
    over the years and and there's a lot of
  • 01:07:58
    capability
  • 01:07:59
    that at your fingertips there from the
  • 01:08:02
    phone
  • 01:08:06
    and the azure cli so this is the command
  • 01:08:10
    line interface uh abbreviated as your
  • 01:08:13
    cli actually so this is a set of
  • 01:08:15
    commands used to create and manage azure
  • 01:08:17
    resources
  • 01:08:19
    this is where we we work at the the bash
  • 01:08:23
    command line so i find azure cli is very
  • 01:08:26
    friendly to
  • 01:08:27
    open source developers who work in the
  • 01:08:30
    world of linux who who maybe don't use
  • 01:08:32
    powershell today azure cli is very
  • 01:08:34
    friendly to the
  • 01:08:35
    the other side of the house as i
  • 01:08:37
    sometimes refer to them
  • 01:08:38
    but it's available on windows mac os
  • 01:08:40
    linux docker
  • 01:08:42
    and azure cloud shell so you can get to
  • 01:08:44
    it everywhere
  • 01:08:47
    azure advisor so azure advisor scans
  • 01:08:51
    your azure configuration and it
  • 01:08:52
    recommends changes to optimize
  • 01:08:54
    deployments
  • 01:08:56
    increase security and save you money
  • 01:09:00
    but it analyzes the configuration of the
  • 01:09:03
    resources
  • 01:09:04
    present in the azure subscription
  • 01:09:08
    so already present meaning existing
  • 01:09:10
    resources right this isn't uh
  • 01:09:12
    isn't taking place on new deployments
  • 01:09:14
    that aren't yet deployed it's focusing
  • 01:09:16
    on
  • 01:09:17
    four areas again high availability
  • 01:09:19
    security performance
  • 01:09:20
    and costs of those existing deployments
  • 01:09:23
    in fact you get a prompt sometimes when
  • 01:09:25
    you log into the portal that azure
  • 01:09:26
    advisor would like to
  • 01:09:28
    help you out now we're going to talk
  • 01:09:32
    about azure resource
  • 01:09:33
    manager templates or arm templates for
  • 01:09:35
    short
  • 01:09:36
    so an arm template is a json file that
  • 01:09:39
    describes the infrastructure and
  • 01:09:41
    configuration for our project it's how
  • 01:09:43
    we describe
  • 01:09:44
    to azure what we would like to deploy
  • 01:09:48
    and generally speaking arm templates are
  • 01:09:50
    the preferred
  • 01:09:51
    deployment methodology in azure and
  • 01:09:54
    there's a good reason for that
  • 01:09:56
    that's because in part arm templates use
  • 01:10:00
    a declarative syntax declarative means
  • 01:10:03
    that we
  • 01:10:04
    describe our desired end result
  • 01:10:07
    in that json document without spelling
  • 01:10:10
    out
  • 01:10:10
    the exact steps that are required the
  • 01:10:13
    exact step-by-step process
  • 01:10:15
    required to achieve that end result so
  • 01:10:17
    we save a lot of time
  • 01:10:19
    writing out step-by-step code
  • 01:10:22
    in a script for example so it's very
  • 01:10:25
    efficient in that respect
  • 01:10:26
    arm templates are also idempotent which
  • 01:10:29
    means we can deploy that
  • 01:10:31
    template as many times as we want and we
  • 01:10:33
    get the same resources and the same
  • 01:10:35
    state as an end result so if i would
  • 01:10:38
    like to deploy one virtual machine
  • 01:10:40
    behind an azure firewall attached to a
  • 01:10:42
    virtual network if i run that template
  • 01:10:45
    five times at the end of the day i will
  • 01:10:48
    still have
  • 01:10:49
    in that template for vm1 after five runs
  • 01:10:52
    i will have a single virtual machine
  • 01:10:54
    named vm1
  • 01:10:55
    configured as that template defined
  • 01:11:00
    and that property of being idempotent or
  • 01:11:04
    or idempotent
  • 01:11:05
    means that when we have a situation
  • 01:11:08
    where maybe our environment has been
  • 01:11:10
    changed by
  • 01:11:10
    unauthorized manual changes in some way
  • 01:11:14
    i can rerun that deployment template
  • 01:11:17
    and bring my environment up to
  • 01:11:20
    the component and the state the same
  • 01:11:22
    resources and state
  • 01:11:24
    that i desire so very handy in that
  • 01:11:27
    respect you'll you'll often hear arm
  • 01:11:28
    templates
  • 01:11:30
    used in the same sentence as the phrase
  • 01:11:32
    infrastructure as code that's really
  • 01:11:34
    what we're doing here
  • 01:11:37
    and i can deploy arm templates
  • 01:11:41
    from azure powershell azure cli
  • 01:11:44
    and azure devops in the azure portal i
  • 01:11:46
    can use them everywhere really the
  • 01:11:48
    ability to use arm templates is
  • 01:11:49
    ubiquitous
  • 01:11:51
    throughout my my azure tooling in that
  • 01:11:54
    respect
  • 01:11:55
    all right so azure monitor is a service
  • 01:11:57
    that collects
  • 01:11:58
    monitoring telemetry from from a variety
  • 01:12:02
    of ad not only azure sources but
  • 01:12:04
    on-premises sources we can use
  • 01:12:06
    an agent to gather data
  • 01:12:09
    and management tools like azure security
  • 01:12:12
    center also push
  • 01:12:13
    log data to azure monitor in fact azure
  • 01:12:17
    monitor aggregates and stores this
  • 01:12:19
    telemetry in an azure log
  • 01:12:22
    analytics instance so so that log
  • 01:12:25
    analytics instance is the back end
  • 01:12:27
    data store
  • 01:12:31
    and finally azure service health this
  • 01:12:33
    notifies us
  • 01:12:34
    about azure service incidents and plan
  • 01:12:37
    maintenance
  • 01:12:38
    so we can take action to mitigate
  • 01:12:40
    downtime
  • 01:12:42
    very simple all about notification
  • 01:12:46
    and now we're moving into objective
  • 01:12:48
    domain 4 which is describe
  • 01:12:51
    general security and network security
  • 01:12:53
    features
  • 01:12:54
    and if we look at the skills measured
  • 01:12:57
    here
  • 01:12:58
    objective domain 4 is broken into a
  • 01:13:00
    couple of parts there's
  • 01:13:02
    describe azure security features and
  • 01:13:04
    describe
  • 01:13:05
    azure network security so let's dive
  • 01:13:09
    right in so the first part here
  • 01:13:11
    describing security features we'll talk
  • 01:13:13
    about
  • 01:13:14
    azure security center including
  • 01:13:16
    functionality within
  • 01:13:18
    security center like policy compliance
  • 01:13:20
    security alerts secure score and
  • 01:13:21
    resource
  • 01:13:22
    hygiene describing the functionality and
  • 01:13:26
    usage of key vault
  • 01:13:28
    functionality around azure sentinel
  • 01:13:30
    microsoft security information
  • 01:13:33
    an event management solution and then
  • 01:13:35
    finally
  • 01:13:36
    functionality and usage of azure
  • 01:13:38
    dedicated
  • 01:13:39
    hosts so let's get right to it so
  • 01:13:43
    we have security center key vault azure
  • 01:13:46
    sentinel and dedicated host so we'll
  • 01:13:47
    start
  • 01:13:48
    with security center so this is a
  • 01:13:51
    unified
  • 01:13:51
    infrastructure security management
  • 01:13:53
    system that basically
  • 01:13:56
    strengthens our security posture
  • 01:14:01
    through security guidance so security
  • 01:14:04
    center
  • 01:14:04
    will provide guidance around compute
  • 01:14:08
    data network storage apps and other
  • 01:14:12
    services i think the best way to
  • 01:14:15
    tell you about this is to simply show
  • 01:14:16
    you so let's take a quick look
  • 01:14:18
    at security center
  • 01:14:22
    i'll switch over to my azure portal and
  • 01:14:25
    from
  • 01:14:26
    the left menu here i can click on
  • 01:14:28
    security center and bring up
  • 01:14:29
    my security center overview page so
  • 01:14:32
    amongst
  • 01:14:32
    some of the features mentioned in the
  • 01:14:34
    skills measured i see my secure score
  • 01:14:36
    here which
  • 01:14:37
    shows me my current score relative to
  • 01:14:40
    the maximum score with a link
  • 01:14:42
    with options to improve my score that
  • 01:14:44
    link will actually take me to the
  • 01:14:46
    recommendations
  • 01:14:47
    and in here we will see some of the
  • 01:14:50
    the recommendations around resource
  • 01:14:52
    hygiene the recommendations are listed
  • 01:14:55
    in
  • 01:14:55
    descending order based on their
  • 01:14:57
    potential to increase
  • 01:14:59
    my score so for example
  • 01:15:02
    enabling mfa across all accounts with
  • 01:15:04
    owner permissions and it shows me the
  • 01:15:06
    subscriptions where i need to do that
  • 01:15:08
    red means work needs to be done green
  • 01:15:12
    would be healthy and we'll see the
  • 01:15:16
    security alerts
  • 01:15:18
    capability here so alerts are just
  • 01:15:19
    surfaced in the uh the
  • 01:15:22
    right here in the portal if anything has
  • 01:15:24
    uh has arisen
  • 01:15:26
    uh i can look at pricing and settings
  • 01:15:27
    and here's where i can see some
  • 01:15:29
    difference between
  • 01:15:30
    the free tier and the paid tier or the
  • 01:15:32
    standard tier
  • 01:15:33
    of security center you're also going to
  • 01:15:35
    notice here that it mentions azure
  • 01:15:36
    defender so
  • 01:15:38
    at microsoft ignite uh the big
  • 01:15:40
    conference in in
  • 01:15:41
    late 2020 there was a rebranding of
  • 01:15:44
    microsoft security products bringing
  • 01:15:46
    them all under the microsoft defender
  • 01:15:48
    family and security center
  • 01:15:51
    comes under the azure defender moniker
  • 01:15:54
    so this is really just a bit of branding
  • 01:15:56
    here the the functionality uh whether
  • 01:15:57
    it's security center or listed as azure
  • 01:15:59
    defender
  • 01:16:00
    uh is the same uh that's merely a
  • 01:16:03
    branding chain
  • 01:16:04
    so there's actually a link to a related
  • 01:16:08
    video
  • 01:16:08
    in the video description here that will
  • 01:16:11
    walk you through
  • 01:16:12
    those branding changes that happened at
  • 01:16:14
    microsoft ignite but i wanted to bring
  • 01:16:16
    you here to show you that
  • 01:16:18
    we can see here the difference between
  • 01:16:19
    the free tier of security center and the
  • 01:16:21
    paid tier so in the free tier we get the
  • 01:16:23
    continuous assessment we get the
  • 01:16:25
    resource
  • 01:16:25
    hygiene and the security recommendations
  • 01:16:27
    we get the secure score but what we're
  • 01:16:29
    missing
  • 01:16:30
    are advanced features like just-in-time
  • 01:16:32
    vm access uh regulatory compliance
  • 01:16:35
    uh any sort of advanced threat
  • 01:16:38
    protection the elements that
  • 01:16:39
    that add uh advanced functionality or
  • 01:16:42
    intelligence as i like to call them many
  • 01:16:43
    times are missing
  • 01:16:44
    and when i turn azure defender on when i
  • 01:16:47
    go to that standard tier i can come down
  • 01:16:49
    here and turn
  • 01:16:50
    defender defender on security center on
  • 01:16:53
    for specific workloads you see here that
  • 01:16:56
    servers and app service and azure sql
  • 01:16:59
    and kubernetes and key vault they're all
  • 01:17:01
    of these workloads are split out i can
  • 01:17:02
    see the pricing very clearly
  • 01:17:04
    i could even use policy to
  • 01:17:08
    exclude certain instances if i didn't
  • 01:17:11
    want to
  • 01:17:12
    to pay for a hundred percent of my
  • 01:17:14
    servers or a hundred percent of my azure
  • 01:17:16
    sql databases i can certainly break
  • 01:17:18
    those resources off into separate
  • 01:17:19
    subscriptions but even
  • 01:17:21
    at the subscription level i could get in
  • 01:17:23
    here and
  • 01:17:24
    configure that with a little more
  • 01:17:26
    granularity but
  • 01:17:27
    point being you get some free
  • 01:17:29
    functionality here that gives you the
  • 01:17:30
    basics to
  • 01:17:31
    to help improve the security of your
  • 01:17:33
    environment
  • 01:17:34
    really important feature very likely to
  • 01:17:37
    come up
  • 01:17:38
    on the exam azure key vault is a place
  • 01:17:42
    where
  • 01:17:42
    we can securely store and access
  • 01:17:46
    secrets and this cloud service allows us
  • 01:17:48
    to store
  • 01:17:49
    anything that we want to tightly control
  • 01:17:51
    access to whether it's an api key a
  • 01:17:53
    password
  • 01:17:54
    a a an ssl certificate a certificate
  • 01:17:57
    we'd use for secure http
  • 01:17:59
    communication for example or cryptogear
  • 01:18:02
    cryptographic keys and i can access
  • 01:18:06
    key vault from a variety
  • 01:18:09
    of methods so i can access the key vault
  • 01:18:14
    from
  • 01:18:14
    the azure portal i can access it from
  • 01:18:17
    azure devops from my
  • 01:18:19
    arm templates from powershell azure cli
  • 01:18:23
    programmatically via api so
  • 01:18:27
    really ubiquitous in terms of how i can
  • 01:18:30
    access my secrets during the you know
  • 01:18:33
    various
  • 01:18:34
    deployment options that i have for azure
  • 01:18:36
    now azure sentinel
  • 01:18:38
    is microsoft's cloud native security
  • 01:18:41
    information event
  • 01:18:42
    management solution which comes with the
  • 01:18:45
    additional
  • 01:18:46
    functionality known as soar security
  • 01:18:48
    orchestration automated
  • 01:18:50
    response so not only can we
  • 01:18:53
    ingest data from
  • 01:18:56
    our many services in azure and our third
  • 01:18:59
    party
  • 01:19:01
    services that have security information
  • 01:19:03
    to provide us like firewalls and network
  • 01:19:05
    devices for example
  • 01:19:07
    but azure sentinel can provide
  • 01:19:11
    orchestrated automated response where
  • 01:19:14
    necessary an azure sentinel has
  • 01:19:19
    built-in ai uh there's a feature called
  • 01:19:22
    fusion that's enabled by default so so
  • 01:19:24
    ai
  • 01:19:25
    comes in azure sentinel right out of the
  • 01:19:27
    box and microsoft is always working to
  • 01:19:29
    improve that capability
  • 01:19:31
    uh but but azure sentinel is quite easy
  • 01:19:33
    to set up because
  • 01:19:34
    you're by and large enabling a broad
  • 01:19:37
    range of connectors uh you know for for
  • 01:19:40
    everything from
  • 01:19:41
    azure active directory logs to office
  • 01:19:43
    365 connectors
  • 01:19:45
    to which don't require much beyond
  • 01:19:47
    pushing a couple of buttons to
  • 01:19:50
    connectors that do require some
  • 01:19:51
    configuration such as ingesting syslog
  • 01:19:54
    or common event format data from
  • 01:19:56
    your network devices
  • 01:20:00
    and dedicated hosts azure dedicated
  • 01:20:02
    hosts are
  • 01:20:03
    just what they probably sound like to
  • 01:20:05
    you it's a dedicated physical server
  • 01:20:06
    that's able to host
  • 01:20:08
    you know one or more virtual machines in
  • 01:20:09
    a single azure subscription so a host
  • 01:20:11
    that you are not
  • 01:20:13
    sharing and and i can definitely think
  • 01:20:15
    of a few
  • 01:20:16
    very high security
  • 01:20:19
    uh scenarios life and death situations
  • 01:20:23
    where having
  • 01:20:24
    a dedicated host for security and or
  • 01:20:27
    performance
  • 01:20:28
    may well be desirable such as if
  • 01:20:31
    life or death human safety were involved
  • 01:20:34
    so we're going to finish out objective
  • 01:20:36
    domain 4 by looking at
  • 01:20:38
    the last half of that domain which is uh
  • 01:20:40
    azure network security so we'll talk
  • 01:20:42
    about defense and depth network security
  • 01:20:44
    groups azure firewall
  • 01:20:46
    azure distributed denial of service
  • 01:20:50
    protection so why don't we start with
  • 01:20:51
    defense and depth this is a concept
  • 01:20:54
    that espouses that promotes a layered
  • 01:20:58
    approach to security basically not
  • 01:21:00
    relying on one method to completely
  • 01:21:02
    protect our environment but layering in
  • 01:21:04
    multiple tools to provide
  • 01:21:06
    better security posture a pretty
  • 01:21:09
    widely uh adopted concept in the world
  • 01:21:12
    of cyber security
  • 01:21:14
    a network security group is a construct
  • 01:21:17
    that contains security rules that allow
  • 01:21:19
    or deny
  • 01:21:20
    inbound traffic network traffic to
  • 01:21:24
    a component a service or outbound
  • 01:21:26
    traffic from
  • 01:21:27
    several types of azure resources for
  • 01:21:30
    each
  • 01:21:31
    rule in a network security group you can
  • 01:21:33
    specify a source and a destination
  • 01:21:35
    important protocol
  • 01:21:36
    and an allow or deny and
  • 01:21:39
    you can apply network security groups to
  • 01:21:42
    a subnet or on a vm we can even attach
  • 01:21:44
    it to a network adapter
  • 01:21:46
    in fact why don't i just show you a
  • 01:21:49
    network security group right quick so
  • 01:21:50
    i'll switch over to my azure portal i'm
  • 01:21:52
    going to click on the
  • 01:21:53
    resource group for the virtual machine
  • 01:21:55
    we looked at earlier in the course
  • 01:21:57
    and there's a network security group
  • 01:21:59
    created automatically when you deploy an
  • 01:22:01
    azure vm and so for a windows
  • 01:22:03
    vm when i look at my network security
  • 01:22:05
    group
  • 01:22:06
    i will see inbound security rules and
  • 01:22:09
    outbound security
  • 01:22:10
    rules so the the last rule in terms of
  • 01:22:13
    priority on the inbound is deny all
  • 01:22:16
    inbound so it's any port any protocol
  • 01:22:18
    any source any destination
  • 01:22:20
    so the only thing i have coming from any
  • 01:22:22
    source which would include the internet
  • 01:22:24
    is i have an allow rule here that allows
  • 01:22:26
    remote desktop protocol so i can use rdp
  • 01:22:29
    to attach to this vm and you see the
  • 01:22:31
    little warning symbol there just
  • 01:22:32
    alerting me that hey you have a
  • 01:22:34
    port open to the internet i could
  • 01:22:37
    protect this
  • 01:22:38
    using the just in time vm access feature
  • 01:22:43
    in azure security center in in azure
  • 01:22:45
    defender
  • 01:22:46
    if i wanted but that gives you a good
  • 01:22:49
    idea of the default it feels a little
  • 01:22:51
    bit like a firewall
  • 01:22:52
    uh but but it's not so so it's really um
  • 01:22:56
    something a bit different in in that
  • 01:22:58
    respect but uh
  • 01:23:01
    network adapter by the way you know you
  • 01:23:03
    may see that referred to as
  • 01:23:05
    nick in some questions so if you're not
  • 01:23:07
    super technical and
  • 01:23:08
    you haven't heard of nick um network
  • 01:23:11
    adapter and nick are
  • 01:23:12
    two ways to refer to the same thing
  • 01:23:16
    all right azure firewall so this is a
  • 01:23:19
    managed
  • 01:23:20
    cloud-based network security service
  • 01:23:21
    that protects your azure virtual network
  • 01:23:24
    resources and it's a fully
  • 01:23:27
    stable firewall as a service it's called
  • 01:23:30
    it has built-in high availability
  • 01:23:34
    and unrestricted cloud
  • 01:23:37
    scalability
  • 01:23:40
    so among the many interesting things
  • 01:23:42
    about azure firewall is i don't have to
  • 01:23:45
    deploy multiple virtual network
  • 01:23:47
    appliances for
  • 01:23:48
    that high availability and scalability
  • 01:23:51
    it's built into the service for me so
  • 01:23:54
    aha
  • 01:23:54
    comes out of the box by default
  • 01:23:58
    then finally azure ddos so this is a
  • 01:24:02
    service that
  • 01:24:02
    provides enhanced distributed denial of
  • 01:24:06
    service mitigation features to defend
  • 01:24:08
    against
  • 01:24:09
    distributed denial of service or ddos
  • 01:24:12
    attacks
  • 01:24:13
    do bear in mind there is a basic tier
  • 01:24:18
    of azure ddos so the standard tier
  • 01:24:21
    provides
  • 01:24:22
    enhanced ddos mitigation and that
  • 01:24:25
    enhanced
  • 01:24:26
    tier that standard tier we call it
  • 01:24:28
    includes logging alerting
  • 01:24:30
    and telemetry that you don't get in the
  • 01:24:31
    free basic tier that's present
  • 01:24:33
    everywhere by default you don't have to
  • 01:24:34
    do anything
  • 01:24:36
    for the basic tier now we're going to
  • 01:24:39
    move into objective domain 5 where we'll
  • 01:24:41
    talk about
  • 01:24:42
    identity governance privacy and
  • 01:24:44
    compliance features
  • 01:24:45
    in azure and this objective domain
  • 01:24:49
    is broken up into a few parts so we have
  • 01:24:51
    described core azure identity services
  • 01:24:54
    describe azure governance features and
  • 01:24:57
    describe
  • 01:24:58
    privacy and compliance resources so
  • 01:25:01
    let's start with azure identity services
  • 01:25:04
    we'll talk about the difference between
  • 01:25:06
    authentication and authorization
  • 01:25:08
    we'll talk about azure active directory
  • 01:25:11
    and what is azure ad
  • 01:25:13
    exactly and finally we'll
  • 01:25:16
    touch on some related concepts that pop
  • 01:25:19
    up in azure active directory discussions
  • 01:25:22
    specifically conditional access
  • 01:25:23
    multi-factor authentication and
  • 01:25:26
    single sign-on so let's start
  • 01:25:30
    with authentication and authorization
  • 01:25:34
    which we we also call authen and auth
  • 01:25:36
    z so authentication is the process of
  • 01:25:38
    proving
  • 01:25:39
    that you are who you say you are
  • 01:25:42
    and then authorization is the act of
  • 01:25:45
    granting
  • 01:25:46
    that authenticated party permission
  • 01:25:49
    to do something so i kind of think of
  • 01:25:53
    this as identity and access really if
  • 01:25:54
    i'm
  • 01:25:55
    breaking it down into plain english now
  • 01:25:57
    azure active directory which is azure ad
  • 01:26:00
    for short is microsoft's cloud-based
  • 01:26:03
    identity
  • 01:26:04
    and access management service it helps
  • 01:26:07
    our employees sign
  • 01:26:08
    in and access resources uh internal
  • 01:26:11
    resources such as
  • 01:26:12
    apps on our corporate network or custom
  • 01:26:14
    cloud apps
  • 01:26:15
    or external resources like microsoft 365
  • 01:26:19
    and the azure portal and many
  • 01:26:21
    sas apps that show up in the catalog
  • 01:26:24
    or that i integrate or federate with my
  • 01:26:26
    azure ad instance
  • 01:26:30
    so let's touch on single sign-on
  • 01:26:33
    multi-factor authentication and
  • 01:26:35
    conditional access and we'll have a look
  • 01:26:38
    at azure ad in a moment so we can tie
  • 01:26:41
    all of these concepts together
  • 01:26:43
    and and just solidify in your mind what
  • 01:26:45
    we're talking about here conceptually so
  • 01:26:47
    single sign-on
  • 01:26:48
    means a user doesn't have to sign into
  • 01:26:50
    every application they use
  • 01:26:52
    uh essentially the user logs in once and
  • 01:26:54
    that credential is is reused
  • 01:26:57
    for multiple apps but but the
  • 01:27:00
    logging in once is the the key there and
  • 01:27:04
    single sign-on based authentication
  • 01:27:07
    systems are
  • 01:27:08
    often called modern authentication
  • 01:27:12
    the multi-factor authentication works by
  • 01:27:14
    essentially requiring
  • 01:27:16
    two or more authentication methods so
  • 01:27:19
    beyond just entering a password
  • 01:27:21
    um mfa would would take something you
  • 01:27:24
    know like a pin or a password and couple
  • 01:27:26
    that with
  • 01:27:26
    something you have like a trusted device
  • 01:27:30
    uh and or or something that you are like
  • 01:27:33
    a biometric like
  • 01:27:34
    uh using your face uh or a fingerprint
  • 01:27:38
    so
  • 01:27:38
    something you have a trusted device with
  • 01:27:40
    the authenticator app is is typically
  • 01:27:43
    how
  • 01:27:44
    we we see folks authenticating to azure
  • 01:27:47
    active directory
  • 01:27:50
    and the the whole idea of authentication
  • 01:27:53
    and authorization the concepts we're
  • 01:27:54
    talking about here the the
  • 01:27:56
    rabbit hole runs really deep you you can
  • 01:27:58
    expect that you won't
  • 01:27:59
    get into too much depth on the az900
  • 01:28:02
    exam
  • 01:28:03
    uh thankfully conditional access
  • 01:28:06
    uh is used by azure active directory to
  • 01:28:08
    bring signals together to make decisions
  • 01:28:11
    and enforce
  • 01:28:12
    organizational policies in scenarios
  • 01:28:16
    where a user attempts to access
  • 01:28:18
    resources so essentially
  • 01:28:20
    a user when they when they attempt to
  • 01:28:22
    log in
  • 01:28:23
    a conditional access policy is going to
  • 01:28:25
    look at their location the device
  • 01:28:27
    the application they're trying to log
  • 01:28:30
    in with and then real-time risk are they
  • 01:28:34
    coming from a strange ip address for
  • 01:28:36
    example
  • 01:28:38
    and and based on that we'll
  • 01:28:41
    verify the access attempt and allow
  • 01:28:43
    access or if there's some risk require
  • 01:28:46
    multi-factor authentication or if
  • 01:28:48
    there's
  • 01:28:48
    extreme risk you know block access
  • 01:28:50
    altogether
  • 01:28:51
    and if the user gets past these gates
  • 01:28:55
    they can get to the resource they are
  • 01:28:57
    requesting access to
  • 01:29:00
    so let me just switch over to the azure
  • 01:29:02
    portal and show you around
  • 01:29:03
    conditional access in azure ad briefly
  • 01:29:06
    so we'll just switch over to
  • 01:29:08
    portal.azure.com and i've actually
  • 01:29:10
    clicked on
  • 01:29:10
    active directory and if i scroll down
  • 01:29:12
    under security
  • 01:29:14
    i can get down here to conditional
  • 01:29:16
    access and we'll just look at a
  • 01:29:18
    conditional access policy i'll really
  • 01:29:22
    just get down into any
  • 01:29:23
    conditional access policy so you can see
  • 01:29:25
    some of the settings so i can
  • 01:29:27
    assign a policy to specific users and
  • 01:29:31
    groups and i can include and exclude
  • 01:29:34
    users based on who they are or the roles
  • 01:29:37
    they're in
  • 01:29:38
    i can assign my policy to be
  • 01:29:41
    effective for specific apps or even all
  • 01:29:44
    apps
  • 01:29:45
    and i can you know put some exclusions
  • 01:29:48
    in here it can be very
  • 01:29:49
    selective so all cloud apps i can
  • 01:29:51
    exclude specific apps
  • 01:29:53
    when i get down to conditions here
  • 01:29:54
    you'll see that i can
  • 01:29:56
    provide other conditions that my policy
  • 01:29:59
    can use to assess
  • 01:30:00
    the access attempt so if i've turned on
  • 01:30:04
    the identity protection feature there's
  • 01:30:07
    which comes in the higher plan two tier
  • 01:30:10
    of azure id i can incorporate risk into
  • 01:30:14
    the process so if the user
  • 01:30:16
    is assessed as being medium or high risk
  • 01:30:18
    based on their circumstances
  • 01:30:21
    maybe they're coming from an unfamiliar
  • 01:30:23
    ip or they've exhibited
  • 01:30:24
    impossible travel we can
  • 01:30:27
    take action based on that we can look at
  • 01:30:31
    sign in risk so the specific risk level
  • 01:30:36
    and which levels this policy will apply
  • 01:30:39
    to
  • 01:30:40
    i can look at device platform so i could
  • 01:30:42
    enable this
  • 01:30:44
    policy to be specific to certain devices
  • 01:30:47
    maybe
  • 01:30:48
    i'm i'm only looking at my mobile
  • 01:30:50
    platforms for this particular
  • 01:30:52
    rule for example or maybe i'm just
  • 01:30:54
    looking at my windows desktops
  • 01:30:56
    i can look at location so just as
  • 01:30:59
    important as providing a second factor
  • 01:31:01
    of authentication
  • 01:31:02
    it's not providing a second factor when
  • 01:31:05
    it's not necessary so for example
  • 01:31:08
    i might want to exclude named
  • 01:31:11
    locations so if i have trusted locations
  • 01:31:15
    like
  • 01:31:16
    my office for example i don't want to
  • 01:31:18
    prompt a user when they're coming from a
  • 01:31:19
    trusted managed device in the office
  • 01:31:21
    that's really just annoying isn't it
  • 01:31:24
    so i might exclude those locations
  • 01:31:27
    but lots of capabilities here and then
  • 01:31:30
    once all my
  • 01:31:32
    settings are met or not i can then
  • 01:31:34
    configure the conditions under which i
  • 01:31:36
    grant access
  • 01:31:37
    so for example i can block access based
  • 01:31:40
    on conditions or i can grant access
  • 01:31:42
    based on
  • 01:31:43
    one or multiple of these items you'll
  • 01:31:46
    notice here i can require multi-factor a
  • 01:31:48
    device to be marked as compliant a
  • 01:31:50
    device to be hybrid azure adjoined
  • 01:31:53
    or using an approved app and you'll
  • 01:31:56
    notice here
  • 01:31:57
    for multiple controls i can require all
  • 01:31:59
    or require only one
  • 01:32:01
    of these items so so a lot of
  • 01:32:04
    flexibility
  • 01:32:05
    in azure ad conditional access and i can
  • 01:32:08
    even able enable a policy to report only
  • 01:32:11
    so i can
  • 01:32:12
    apply a policy in report only mode and
  • 01:32:14
    see
  • 01:32:15
    what the the impact would be so
  • 01:32:19
    pretty exciting functionality really so
  • 01:32:21
    next in
  • 01:32:22
    objective domain five we'll talk about
  • 01:32:24
    azure governance features we'll touch on
  • 01:32:26
    role-based access control
  • 01:32:28
    resource locks using tags
  • 01:32:32
    functionality around azure policy we'll
  • 01:32:34
    touch on blueprints
  • 01:32:36
    and briefly touch on the cloud adoption
  • 01:32:40
    framework
  • 01:32:40
    for azure so governance features we have
  • 01:32:44
    role-based access control so this helps
  • 01:32:46
    us manage
  • 01:32:47
    who has access to azure resources what
  • 01:32:49
    they can do with those resources
  • 01:32:51
    and which areas they have access
  • 01:32:55
    to and this is built on
  • 01:32:59
    azure resource manager it provides
  • 01:33:01
    fine-grained
  • 01:33:02
    access management of azure resources and
  • 01:33:05
    in fact if i look in
  • 01:33:08
    azure active directory there's a roles
  • 01:33:10
    and administrator
  • 01:33:11
    area where i can see pre-defined roles
  • 01:33:14
    that are available to me so i can
  • 01:33:16
    configure a very
  • 01:33:18
    granular role-based access control
  • 01:33:20
    strategy and incidentally i can
  • 01:33:22
    also use the new custom role option here
  • 01:33:24
    to create
  • 01:33:25
    custom roles so i can even further
  • 01:33:29
    target my role-based access control
  • 01:33:32
    strategy so how i delegate permissions
  • 01:33:35
    in my
  • 01:33:36
    environment so resource locks
  • 01:33:40
    allow us to prevent users in our
  • 01:33:42
    organization from accidentally deleting
  • 01:33:44
    or modifying
  • 01:33:45
    critical resources deployed in our azure
  • 01:33:48
    subscription so the lock
  • 01:33:49
    overrides any permissions that the user
  • 01:33:52
    might have
  • 01:33:54
    so it's a preventative measure really
  • 01:33:58
    so let's talk about azure governance
  • 01:34:00
    let's get into
  • 01:34:02
    policy initiatives and blueprints so
  • 01:34:05
    azure policy this is a definition of the
  • 01:34:08
    conditions that we want to
  • 01:34:10
    control or govern in our environment
  • 01:34:14
    so we use azure policy to
  • 01:34:18
    help enforce our standards so i can
  • 01:34:21
    ensure that
  • 01:34:22
    virtual machines are only deployed in
  • 01:34:25
    certain sizes they're only deployed
  • 01:34:28
    to certain regions i can enforce
  • 01:34:33
    naming conventions uh quite a wide
  • 01:34:35
    variety
  • 01:34:36
    and an initiative is a collection
  • 01:34:39
    of azure policy definitions that are
  • 01:34:42
    grouped together to help
  • 01:34:43
    work towards a specific goal and
  • 01:34:46
    way back in objective domain one we
  • 01:34:49
    talked about
  • 01:34:50
    management groups and subscriptions for
  • 01:34:53
    example so management groups are
  • 01:34:55
    really common boundary used to apply
  • 01:34:59
    our policy so we can actually enforce
  • 01:35:02
    our standards across
  • 01:35:03
    multiple subscriptions at the same time
  • 01:35:06
    it's how we
  • 01:35:07
    we can manage we can provide that
  • 01:35:09
    consistency
  • 01:35:11
    at scale so you may
  • 01:35:14
    see blueprint come up somewhere a
  • 01:35:16
    blueprint is a container for composing
  • 01:35:19
    sets of standards patterns and
  • 01:35:20
    requirements for for
  • 01:35:22
    implementation of our our services
  • 01:35:24
    security and design and azure
  • 01:35:27
    blueprint is often used in the same
  • 01:35:29
    sentence as the phrase
  • 01:35:30
    new environment and incidentally
  • 01:35:33
    blueprint was not mentioned on the
  • 01:35:35
    skills measured but
  • 01:35:37
    again going back to that phrase neither
  • 01:35:40
    exhaustive nor definitive i wanted to
  • 01:35:43
    just mention blueprint so you've you've
  • 01:35:45
    got that in your head in case blueprints
  • 01:35:47
    shows up somewhere
  • 01:35:51
    and tags so a tag is a name and a value
  • 01:35:55
    pair
  • 01:35:55
    used to logically organize azure
  • 01:35:58
    resources
  • 01:35:58
    resource groups or subscriptions into a
  • 01:36:02
    logical taxonomy an ordered structure
  • 01:36:05
    that is to say
  • 01:36:10
    so tags are often the basis for applying
  • 01:36:12
    business policies
  • 01:36:13
    or tracking costs for example i might
  • 01:36:16
    have a tag that contains the cost center
  • 01:36:19
    i might have a tag that contains the
  • 01:36:21
    owner of a resource so so i can use it
  • 01:36:23
    for
  • 01:36:24
    for tracking costs or or i may use tags
  • 01:36:27
    in the application of policy enforcing
  • 01:36:29
    my standards
  • 01:36:31
    on an environment and and we can even
  • 01:36:35
    enforce tagging rules within
  • 01:36:37
    our azure policy so we can make sure
  • 01:36:38
    that when resources are deployed the
  • 01:36:40
    appropriate to the required tags that we
  • 01:36:43
    would like applied are in fact applied
  • 01:36:47
    so we don't let resources go into our
  • 01:36:48
    environment without tags which could be
  • 01:36:50
    important in making sure we can always
  • 01:36:52
    track costs
  • 01:36:53
    we can always apply business policies we
  • 01:36:55
    always have an owner of a resource
  • 01:36:57
    should there be a need to contact the
  • 01:36:59
    owner
  • 01:37:02
    you may see questions around the cloud
  • 01:37:04
    adoption framework and you just
  • 01:37:06
    need to understand what the cloud
  • 01:37:07
    adoption framework is for really you're
  • 01:37:09
    not expected to know this at any level
  • 01:37:11
    of technical depth so the cloud adoption
  • 01:37:13
    framework is guidance from microsoft
  • 01:37:15
    designed to help you
  • 01:37:16
    create and implement the the business
  • 01:37:19
    and technology
  • 01:37:20
    strategies uh you want to succeed
  • 01:37:24
    in your azure deployments and i'm
  • 01:37:25
    actually just going to switch over to a
  • 01:37:27
    browser here so the cloud adoption
  • 01:37:28
    framework
  • 01:37:30
    for azure is laid out in the form of
  • 01:37:32
    documentation and tools and if i scroll
  • 01:37:35
    down here
  • 01:37:36
    they they've defined a cloud adoption
  • 01:37:39
    journey
  • 01:37:40
    that starts with strategy we we plan
  • 01:37:43
    uh prepare our environment go through
  • 01:37:46
    the
  • 01:37:47
    migration process there's governance
  • 01:37:50
    section and then
  • 01:37:51
    some guidance around ongoing management
  • 01:37:54
    so so
  • 01:37:55
    it pays before the exam to just read
  • 01:37:57
    through this get a feel
  • 01:37:58
    for the resources available in
  • 01:38:01
    microsoft's cloud adoption framework
  • 01:38:04
    and in the final section of objective
  • 01:38:06
    domain 5 we'll talk about privacy and
  • 01:38:08
    compliance resources so a decidedly less
  • 01:38:11
    technical subject so we'll talk about
  • 01:38:14
    the core tenants of security privacy
  • 01:38:16
    and compliance uh we'll talk through
  • 01:38:19
    briefly the the microsoft privacy
  • 01:38:21
    statement online service terms
  • 01:38:24
    and the data protection amendment
  • 01:38:25
    there's actually a mistake
  • 01:38:27
    in the az 900 skills measured here so
  • 01:38:30
    i'll talk to you about that
  • 01:38:32
    as well we'll talk about the purpose of
  • 01:38:34
    the trust center we'll take a look at
  • 01:38:36
    where you find the azure compliance
  • 01:38:37
    documentation
  • 01:38:39
    and then talk briefly about azure
  • 01:38:42
    sovereign
  • 01:38:42
    region specifically talking about uh
  • 01:38:45
    government and
  • 01:38:46
    and china and we'll throw germany in
  • 01:38:49
    there for good measure
  • 01:38:51
    so let's start with the the tenets of
  • 01:38:54
    security
  • 01:38:55
    privacy and compliance so security is
  • 01:38:58
    about protecting data that's entrusted
  • 01:39:01
    to microsoft using strong encryption and
  • 01:39:04
    access control so this is really about
  • 01:39:06
    how microsoft
  • 01:39:08
    protects our data the data that we
  • 01:39:11
    entrust
  • 01:39:12
    to the the microsoft and their platforms
  • 01:39:15
    and privacy is about
  • 01:39:17
    uh microsoft making meaningful choices
  • 01:39:20
    about how they collect data and why
  • 01:39:23
    that data is being collected and used
  • 01:39:26
    and
  • 01:39:27
    of course informing customers
  • 01:39:31
    that that data is in fact being
  • 01:39:33
    collected
  • 01:39:35
    you know one of the the most admirable
  • 01:39:38
    admirable things about microsoft is how
  • 01:39:43
    transparent they are about our
  • 01:39:47
    privacy versus many big tech companies
  • 01:39:50
    out there today but they're
  • 01:39:51
    microsoft always does their best to tell
  • 01:39:53
    us how they're collecting that data
  • 01:39:55
    why that data is being collected and
  • 01:39:58
    used so we're never in the dark
  • 01:40:00
    about that we're never the product so to
  • 01:40:02
    speak
  • 01:40:03
    and then compliance with regulations is
  • 01:40:06
    critical
  • 01:40:06
    and microsoft aims to ease this task
  • 01:40:10
    for azure customers which in part means
  • 01:40:13
    giving us the ability to see which
  • 01:40:16
    regulatory
  • 01:40:17
    compliance standards out there for which
  • 01:40:19
    azure has been
  • 01:40:21
    certified
  • 01:40:24
    so part of our compliance with
  • 01:40:27
    regulatory standards as a customer would
  • 01:40:29
    be ensuring that our services are
  • 01:40:31
    running
  • 01:40:32
    in an environment that is in fact
  • 01:40:34
    compliant
  • 01:40:35
    with those same standards or at least
  • 01:40:37
    has the controls to allow us to
  • 01:40:39
    configure
  • 01:40:40
    our services in such a way that they are
  • 01:40:42
    compliant
  • 01:40:44
    and the azure compliance documentation
  • 01:40:47
    has been grouped together to make it
  • 01:40:49
    easy to find microsoft groups
  • 01:40:50
    that compliance documentation
  • 01:40:53
    geographically
  • 01:40:54
    and and by industry as well
  • 01:41:00
    and you'll also find template audit
  • 01:41:02
    documents that you can tailor
  • 01:41:04
    to to your needs or to your customers
  • 01:41:06
    needs if if you're a partner
  • 01:41:08
    so let me just switch over to the azure
  • 01:41:10
    portal quickly here
  • 01:41:12
    so if we look at the azure compliance
  • 01:41:15
    documentation area here you'll see that
  • 01:41:17
    the
  • 01:41:18
    compliance offerings are are sorted uh
  • 01:41:21
    based on industry as i mentioned right
  • 01:41:24
    and then you'll also see some regions so
  • 01:41:26
    there are some some standards that are
  • 01:41:28
    global of course but if i scroll down
  • 01:41:30
    here i see
  • 01:41:32
    geographies and industry right so
  • 01:41:34
    there's america's apac
  • 01:41:36
    emea so pretty well documented it's
  • 01:41:39
    searchable here so
  • 01:41:41
    so all of the compliance documentation
  • 01:41:43
    you need to ensure your organization
  • 01:41:45
    complies a legal or regulatory standard
  • 01:41:47
    that's right here so just
  • 01:41:49
    know that's available for the exam and
  • 01:41:51
    how it's it's organized
  • 01:41:55
    all right and let's talk about the
  • 01:41:59
    microsoft privacy statement which
  • 01:42:01
    explains
  • 01:42:02
    what data microsoft processes how
  • 01:42:05
    microsoft processes that data and for
  • 01:42:07
    what purpose
  • 01:42:08
    the data is utilized so the what and the
  • 01:42:12
    how and then really what purpose
  • 01:42:14
    tells us why they are processing that
  • 01:42:18
    data
  • 01:42:19
    online service terms this contains all
  • 01:42:22
    the terms and conditions for software
  • 01:42:24
    and online services through microsoft
  • 01:42:26
    commercial
  • 01:42:27
    licensing programs and this is an area
  • 01:42:30
    where there's a small
  • 01:42:32
    error in the az 900 skills measure
  • 01:42:35
    because the online
  • 01:42:36
    service terms has been re-named
  • 01:42:40
    consolidated within another document
  • 01:42:42
    called the
  • 01:42:43
    product terms site and and the online
  • 01:42:45
    service terms or ost
  • 01:42:48
    has been archived so uh ost
  • 01:42:51
    and is now contained within product
  • 01:42:54
    terms so
  • 01:42:55
    so i'm not sure which you'll see on the
  • 01:42:56
    exam i just wanted to point that out
  • 01:42:58
    that there's been a change that hasn't
  • 01:42:59
    made its way into the exam
  • 01:43:02
    as of february uh 2021 or at least
  • 01:43:06
    hasn't made its way into the exam skills
  • 01:43:08
    measured area
  • 01:43:10
    let's put it that way but it focuses on
  • 01:43:12
    commercial licensing just
  • 01:43:14
    park that in the back of your head
  • 01:43:17
    you'll also want to know the purpose of
  • 01:43:19
    the
  • 01:43:20
    data protection amendment or dpa as it's
  • 01:43:24
    called out in
  • 01:43:25
    the skills measured so this further
  • 01:43:27
    defines data processing and security
  • 01:43:29
    terms for online services
  • 01:43:31
    uh gives us information around
  • 01:43:34
    compliance
  • 01:43:35
    disclosure security data transfer
  • 01:43:38
    and data retention this is another
  • 01:43:42
    minor typographical error in the skills
  • 01:43:46
    measured for az900 the data protection
  • 01:43:48
    amendment is actually the data
  • 01:43:50
    protection addendum
  • 01:43:52
    so the dpa is data protection addendum
  • 01:43:55
    don't overthink it i just wanted to
  • 01:43:56
    point that out in case
  • 01:43:58
    it shows up in a form different than
  • 01:44:01
    what you see in the skills measured as
  • 01:44:03
    of february
  • 01:44:04
    2021 just worth worth having that
  • 01:44:07
    information in hand
  • 01:44:09
    and the trust center this is where you
  • 01:44:12
    can learn about the four
  • 01:44:14
    foundational principles of trust with
  • 01:44:16
    microsoft security
  • 01:44:18
    privacy compliance and transparency so
  • 01:44:22
    the the four principles of trust will be
  • 01:44:24
    the the key to remember
  • 01:44:26
    uh as you go into the exam
  • 01:44:29
    in fact if you just uh in a browser go
  • 01:44:31
    to the the trust center at microsoft
  • 01:44:34
    you can see those four principles called
  • 01:44:37
    out
  • 01:44:38
    uh in their their statement right here
  • 01:44:40
    on the uh the trust center
  • 01:44:42
    home page
  • 01:44:46
    and in fact uh you can get to that trust
  • 01:44:49
    center quite easily it's just
  • 01:44:51
    microsoft.com ford slash
  • 01:44:53
    trust all right
  • 01:44:56
    azure sovereign region so these are
  • 01:44:58
    special
  • 01:45:00
    regions that you might need to consider
  • 01:45:03
    for legal or compliance
  • 01:45:04
    purposes so specifically i'm talking
  • 01:45:07
    about azure government as your uh
  • 01:45:09
    china and germany so so these
  • 01:45:12
    regions have a couple of things in
  • 01:45:14
    common number one they're operated by
  • 01:45:17
    special trustees
  • 01:45:20
    so in the case of uh government
  • 01:45:22
    government that's u.s
  • 01:45:23
    government it's operated by screened
  • 01:45:26
    persons
  • 01:45:27
    uh the china cloud
  • 01:45:31
    in azure is operated by a china-based
  • 01:45:35
    trustee it's a partnership between
  • 01:45:38
    microsoft
  • 01:45:39
    and a company called 21vnet
  • 01:45:43
    and similarly germany has a a trustee
  • 01:45:46
    model
  • 01:45:47
    uh in that situation as well and then uh
  • 01:45:50
    there's physical and logical
  • 01:45:51
    isolation in particular with uh with the
  • 01:45:54
    us
  • 01:45:55
    government cloud it's described
  • 01:45:58
    as a physical and logical network
  • 01:46:00
    isolated instance
  • 01:46:04
    all right we're ready for the big finish
  • 01:46:06
    here so objective domain
  • 01:46:08
    six is described as your cost management
  • 01:46:10
    and service
  • 01:46:11
    level agreement you're almost there
  • 01:46:15
    so in objective domain six we have
  • 01:46:18
    described the methods for planning and
  • 01:46:20
    managing costs
  • 01:46:21
    describe azure service level agreements
  • 01:46:24
    and service life cycles
  • 01:46:26
    so just these two parts let's start with
  • 01:46:28
    part one here we'll talk about
  • 01:46:30
    uh what can affect costs how we can
  • 01:46:33
    reduce costs and then we'll touch on the
  • 01:46:35
    functionality of the pricing calculator
  • 01:46:38
    and the total cost of ownership
  • 01:46:40
    calculator
  • 01:46:42
    and functionality and usage of azure
  • 01:46:45
    cost
  • 01:46:46
    management so cost impact so
  • 01:46:49
    so factors that can affect azure
  • 01:46:51
    resource cost
  • 01:46:52
    include the types of resources we're
  • 01:46:54
    deploying
  • 01:46:55
    are we deploying vms are we deploying
  • 01:46:58
    cosmos db
  • 01:47:01
    the location we're deploying so the the
  • 01:47:03
    cost of resources will vary slightly by
  • 01:47:06
    location and maybe considerably when you
  • 01:47:09
    switch between
  • 01:47:11
    different geographies and ingress and
  • 01:47:14
    egress traffic so so
  • 01:47:16
    ingress traffic is typically free
  • 01:47:19
    in in the azure realm although you don't
  • 01:47:21
    want to count on that always you want to
  • 01:47:22
    look at the the billing model for a
  • 01:47:24
    service
  • 01:47:25
    egress traffic often costs money and
  • 01:47:28
    that's that can be a little bit
  • 01:47:30
    unpredictable so it's an area that you
  • 01:47:32
    want to be very uh
  • 01:47:34
    cognizant uh very aware of as you deploy
  • 01:47:37
    services if you're going to have a large
  • 01:47:39
    amount of egress traffic traffic
  • 01:47:41
    leaving your azure subscription you can
  • 01:47:43
    potentially rack up a lot of a lot of
  • 01:47:45
    cost there that won't be entirely
  • 01:47:47
    transparent to you ahead of time there
  • 01:47:50
    are a few different ways we can reduce
  • 01:47:51
    our cost in azure so
  • 01:47:53
    factors here include reserved instances
  • 01:47:57
    reserved capacity the hybrid use benefit
  • 01:48:00
    and spot pricing so let me break each of
  • 01:48:02
    these down for you so you're familiar
  • 01:48:04
    with how they work and where they apply
  • 01:48:07
    so reserved
  • 01:48:08
    instances allow us to reserve virtual
  • 01:48:11
    machines in advance and save up to 72
  • 01:48:13
    percent compared to pay-as-you-go
  • 01:48:15
    pricing
  • 01:48:16
    by selecting a one year or three year
  • 01:48:18
    commitment the longer
  • 01:48:20
    uh commitment will result in greater
  • 01:48:23
    savings but it's virtual machine
  • 01:48:25
    specific and
  • 01:48:26
    there is a scheme whereby if you you
  • 01:48:29
    can't
  • 01:48:30
    live up to your if you can't uh you see
  • 01:48:32
    out your one year or three year
  • 01:48:33
    commitments you can get some sort of
  • 01:48:35
    prorated refund there it's not a total
  • 01:48:37
    loss if you can't make it to the one or
  • 01:48:39
    three year
  • 01:48:39
    mark so reserved capacity
  • 01:48:43
    uh brings significant savings around
  • 01:48:46
    azure sql database cosmos db synapse
  • 01:48:50
    analytics and azure cash
  • 01:48:53
    for redis and this discount again
  • 01:48:56
    is product specific
  • 01:49:00
    so in these first cases we're talking
  • 01:49:02
    about how how planning
  • 01:49:04
    and reservation can help us save cost
  • 01:49:09
    reserved capacity allows us to more
  • 01:49:12
    easily
  • 01:49:14
    manage costs across both predictable and
  • 01:49:18
    variable workloads basically allowing us
  • 01:49:20
    to optimize our budgeting and our format
  • 01:49:22
    our forecasting but it also includes one
  • 01:49:25
    year and three-year
  • 01:49:26
    options just as we saw with reserved
  • 01:49:29
    instances it's just
  • 01:49:31
    reserved capacity applies to a different
  • 01:49:34
    type of workload right
  • 01:49:37
    okay the hybrid use benefit is a
  • 01:49:39
    licensing benefit this
  • 01:49:40
    allows us to reduce the cost of running
  • 01:49:42
    our workloads in the cloud
  • 01:49:47
    by leveraging some existing licensing so
  • 01:49:50
    essentially it lets
  • 01:49:51
    us use our on-premises software
  • 01:49:54
    assurance-enabled windows server and sql
  • 01:49:56
    server
  • 01:49:57
    licenses running on azure so
  • 01:50:00
    when you couple reserved instances
  • 01:50:02
    together with hybrid use benefits you
  • 01:50:04
    can save up to
  • 01:50:05
    80 percent on your virtual machine
  • 01:50:09
    workload so that's a really a
  • 01:50:11
    significant number
  • 01:50:13
    but it's windows server sql server red
  • 01:50:15
    hat and suse linux
  • 01:50:16
    where where the hybrid use benefit
  • 01:50:19
    applies
  • 01:50:20
    and then there is spot pricing so with
  • 01:50:22
    spot pricing you
  • 01:50:24
    can access unused azure compute capacity
  • 01:50:27
    at very deep discounts
  • 01:50:29
    up to 90 percent in fact
  • 01:50:32
    compared to the the pay as you go
  • 01:50:33
    pricing
  • 01:50:36
    and this applies to azure vms only the
  • 01:50:38
    thing to remember with spot pricing is
  • 01:50:40
    you're using unused capacity and when
  • 01:50:42
    you set up a vm
  • 01:50:44
    on spot pricing you have to define the
  • 01:50:47
    circumstances under which
  • 01:50:49
    your virtual machine workload can be
  • 01:50:51
    evicted
  • 01:50:52
    when microsoft needs to use that
  • 01:50:55
    unused capacity so so when you have
  • 01:50:58
    workloads that aren't mission critical
  • 01:50:59
    where you have some flexibility
  • 01:51:02
    in when it runs and if it's killed
  • 01:51:04
    occasionally
  • 01:51:06
    spot pricing allows you to save a lot of
  • 01:51:08
    money you're just not going to have
  • 01:51:10
    quite the predictability you have with a
  • 01:51:12
    typical production
  • 01:51:13
    workload so fairly new feature in the
  • 01:51:16
    life of azure
  • 01:51:18
    so we then have the pricing calculator
  • 01:51:20
    this is an interactive calculator that
  • 01:51:22
    allows you to estimate azure
  • 01:51:24
    resource costs um you can choose a
  • 01:51:28
    region
  • 01:51:28
    instance tiers you can you can turn the
  • 01:51:31
    knobs to configure the size and
  • 01:51:34
    the settings for your workload to match
  • 01:51:36
    your functionality and budgetary needs
  • 01:51:38
    so you can
  • 01:51:39
    can put a configuration in place and and
  • 01:51:42
    check the pricing and tweak it until you
  • 01:51:44
    get the pricing the the run rate the
  • 01:51:46
    pricing calculator is going to show you
  • 01:51:47
    what it will cost
  • 01:51:49
    uh what the estimate is for running that
  • 01:51:51
    workload
  • 01:51:52
    on a monthly and annual
  • 01:51:56
    basis but this the key is this is going
  • 01:51:58
    to give you pricing
  • 01:51:59
    before you deploy
  • 01:52:04
    and in fact let's just switch over to
  • 01:52:06
    the portal and we'll have a look
  • 01:52:11
    and the same would hold true of the
  • 01:52:12
    total cost of ownership calculator these
  • 01:52:15
    are before you deploy type tools so
  • 01:52:17
    let's just switch over to the azure
  • 01:52:18
    portal
  • 01:52:19
    so the pricing calculator is right here
  • 01:52:21
    so i can pick
  • 01:52:22
    the type of workload that i want to work
  • 01:52:24
    with
  • 01:52:25
    and so if i just click virtual machines
  • 01:52:28
    for example it's going to pull up a
  • 01:52:30
    calculator
  • 01:52:31
    and allow me to configure the settings
  • 01:52:34
    and see my monthly cost it's it's pretty
  • 01:52:37
    straightforward i can i can save my work
  • 01:52:39
    here
  • 01:52:40
    i can do this for a variety of workloads
  • 01:52:43
    to uh to help better estimate my cost
  • 01:52:46
    before i deploy
  • 01:52:47
    now the total cost of ownership
  • 01:52:49
    calculator is a little bit different so
  • 01:52:51
    it's less like a calculator so so when i
  • 01:52:53
    look at the pricing calculator it's very
  • 01:52:55
    much a calculator i'm picking
  • 01:52:57
    the region uh an operating system for my
  • 01:53:01
    vm scenario the tier
  • 01:53:04
    um the the os type the size of the
  • 01:53:07
    instance right and i can see here the
  • 01:53:09
    the settings the virtual machine and
  • 01:53:11
    then configure the
  • 01:53:13
    the hours you know typically we're
  • 01:53:14
    configuring the hours by the month and
  • 01:53:16
    then
  • 01:53:17
    you see here i can pick my reserved
  • 01:53:20
    instance if i like
  • 01:53:21
    i can set the hybrid benefit so i can
  • 01:53:23
    work in all of those money saving
  • 01:53:25
    opportunities in this
  • 01:53:27
    pricing calculator to to get down to a
  • 01:53:30
    fairly
  • 01:53:31
    realistic estimate of what i'm going to
  • 01:53:33
    be paying
  • 01:53:34
    the total cost of ownership calculator
  • 01:53:36
    is a little bit
  • 01:53:38
    different you see this is really helping
  • 01:53:40
    us estimate the cost savings we can
  • 01:53:42
    realize by
  • 01:53:42
    migrating workloads to azure so this is
  • 01:53:45
    a bit more of a survey where we can add
  • 01:53:48
    server workloads databases and storage
  • 01:53:50
    and networking
  • 01:53:51
    to get to an estimate
  • 01:53:54
    of of what we can save our total cost of
  • 01:53:58
    ownership
  • 01:53:58
    running in the cloud so so
  • 01:54:02
    i would suggest before the exam just lay
  • 01:54:04
    your hands on the tco calculator and the
  • 01:54:06
    pricing calculator as well
  • 01:54:08
    bearing in mind that both these
  • 01:54:10
    calculators are before you deploy type
  • 01:54:12
    resources right
  • 01:54:13
    as opposed to azure cost management
  • 01:54:17
    which is a suite of tools provided by
  • 01:54:19
    microsoft that help you analyze manage
  • 01:54:21
    and optimize the costs
  • 01:54:23
    of your workloads so this is more of an
  • 01:54:27
    after you deploy type tool
  • 01:54:30
    so complementary to
  • 01:54:33
    the the calculators in that respect
  • 01:54:36
    so we have guidance before we deploy and
  • 01:54:39
    then
  • 01:54:40
    guidance to help us optimize and
  • 01:54:43
    save after we deploy but make sure
  • 01:54:46
    you're familiar with that fact
  • 01:54:48
    uh for the exam so uh the next section
  • 01:54:51
    of
  • 01:54:52
    objective domain six is describe azure
  • 01:54:54
    slas and service life cycles we're in
  • 01:54:56
    the home stretch here this is the big
  • 01:54:59
    finish so we're going to to talk about
  • 01:55:02
    azure service level agreements actions
  • 01:55:05
    that can impact
  • 01:55:06
    an sla
  • 01:55:11
    we'll talk about the service life cycle
  • 01:55:14
    in azure
  • 01:55:15
    so the purpose of an azure sla it's
  • 01:55:19
    essentially to provide a clear
  • 01:55:20
    explanation of availability and
  • 01:55:22
    sometimes
  • 01:55:22
    performance of an azure service um
  • 01:55:27
    actions that can affect an sla well
  • 01:55:30
    failing to deploy a service
  • 01:55:32
    in a manner that meets sla requirements
  • 01:55:34
    for example
  • 01:55:37
    and really any azure service that you're
  • 01:55:39
    deploying will have
  • 01:55:41
    some specifications around that sla so
  • 01:55:45
    for example the
  • 01:55:46
    sla is not going to you're not going to
  • 01:55:48
    get a 99.9
  • 01:55:50
    uptime sla on an azure vm you deploy
  • 01:55:53
    with spot pricing because that could be
  • 01:55:55
    ejected at any time right
  • 01:55:59
    so you want to make sure that when
  • 01:56:00
    you're
  • 01:56:02
    performing your your cost estimates
  • 01:56:04
    before deployment
  • 01:56:05
    that you're also looking at your
  • 01:56:07
    availability needs and making sure that
  • 01:56:09
    as you're
  • 01:56:09
    working through the numbers to save
  • 01:56:11
    money that you're also bearing in mind
  • 01:56:13
    what your
  • 01:56:14
    availability requirements are for your
  • 01:56:16
    service so you find the right balance
  • 01:56:18
    of cost and availability
  • 01:56:21
    and in terms of the service life cycle
  • 01:56:23
    there are three
  • 01:56:25
    sort of service definitions you want to
  • 01:56:26
    be aware of so there's private
  • 01:56:28
    preview so this is a service that's open
  • 01:56:32
    only to to companies or users that are
  • 01:56:34
    invited or who have applied and have
  • 01:56:36
    been accepted to
  • 01:56:37
    preview a service so this allows you to
  • 01:56:40
    use
  • 01:56:41
    a service in advance of its full
  • 01:56:44
    release so it's really for evaluation
  • 01:56:46
    only you don't run
  • 01:56:48
    private preview services in production
  • 01:56:51
    period full stop there's public preview
  • 01:56:54
    so this
  • 01:56:55
    is open to the public but the preview
  • 01:56:58
    limitations apply which means we're not
  • 01:57:00
    running in
  • 01:57:02
    production and then when a service is
  • 01:57:05
    fully released approved for
  • 01:57:08
    production use it's considered
  • 01:57:11
    generally available and microsoft will
  • 01:57:13
    make an announcement of
  • 01:57:15
    general availability and to wrap things
  • 01:57:18
    up i have a surprise for you
  • 01:57:20
    i'm going to give you free access to
  • 01:57:23
    some practice questions for the az 900
  • 01:57:26
    exam so
  • 01:57:26
    really just to help you assess your
  • 01:57:30
    readiness for the exam one of these
  • 01:57:32
    is a 50 question practice test you don't
  • 01:57:35
    even have to
  • 01:57:36
    to log in to try you can just go to a
  • 01:57:38
    webpage kick it off
  • 01:57:39
    answer the questions get the answer
  • 01:57:41
    explanations and see
  • 01:57:43
    where you land and i also have a set of
  • 01:57:46
    three
  • 01:57:47
    practice exams available with a training
  • 01:57:49
    partner i have links to both
  • 01:57:51
    of these resources in the description
  • 01:57:54
    below this video
  • 01:57:55
    use them with my compliments and
  • 01:57:58
    incidentally when you go to that
  • 01:57:59
    training provider you can sign up for a
  • 01:58:01
    free trial of a few days
  • 01:58:03
    and access those questions without
  • 01:58:06
    any cost and that is it
  • 01:58:09
    for our az900
  • 01:58:12
    exam cram i hope you've enjoyed the
  • 01:58:14
    course best of luck on the exam
  • 01:58:17
    and until next time be well stay safe
  • 01:58:21
    and take care
Tags
  • AZ900
  • Azure
  • cloud computing
  • sécurité
  • gestion des coûts
  • services Azure
  • certification
  • examens Microsoft
  • haute disponibilité
  • modèles de responsabilité partagée