Az-900 2020 Nov
Az-900 2020 Nov
Az-900 2020 Nov
Fundamentals
Scott Duffy, Instructor
© 2021 Scott Duffy, softwarearchitect.ca… get the course for these slides at:
http://sjd.ca/az900
Nov 2020 update
Microsoft Azure Fundamentals
“foundational level knowledge of cloud services and how those services are
provided with Microsoft Azure”
Microsoft Azure Fundamentals
Unlimited Storage
Databases
Queues
Media Services
Machine Learning
Chat Bots
Cognitive Services
1000+
Azure Service options
AZ-900 Microsoft Azure
Fundamentals
Scott Duffy, Instructor
© 2021 Scott Duffy, softwarearchitect.ca… get the course for these slides at:
http://sjd.ca/az900
Describe Cloud Concepts
(20-25%)
2021A
Benefits of Cloud Computing
Benefits
Cost savings - both real and accounting
Agility
Availability
Security
Global reach
Range of tools
Cost Savings
Cost Savings - Real
Economies of scale
Max capacity
User
demand
Agility
The ability to change rapidly
based on changes to market
or environment
Disaster Recovery
The ability of a system to
recover from failure within a
period of time, and how
much data is lost
Capital Expenditure (CapEx) and
Operational Expenditure (OpEx)
CapEx is money invested in
assets (like computers) that
return investment over time
OpEx is money spent every
day on operating expenses
Consumption-Based Model
Pay per minute
Pay per hour
Pay per execution
AZ-900 Microsoft Azure
Fundamentals
Scott Duffy, Instructor
© 2021 Scott Duffy, softwarearchitect.ca… get the course for these slides at:
http://sjd.ca/az900
Infrastructure-as-a- Service (IaaS)
Virtual machines, networking,
load balancers, firewalls
Platform-as-a-Service (PaaS)
Upload code packages and
have them run, without access
to the hardware
Software-as-a-Service (SaaS)
Access to configuration only
Shared Responsibility Model
Serverless
There are still
servers… you just
don’t ever have to
deal with them
Even less access to
the server than
PaaS
Even with PaaS, you
have to choose an
App Service Plan
With PaaS, scaling is
your responsibility
Serverless means
not worrying about
choosing the right
plan
Serverless means
not worrying about
scaling
Serverless means
you might pay $0 if
you don’t use the
service
Azure Serverless Offers
Compute - Azure Functions
© 2021 Scott Duffy, softwarearchitect.ca… get the course for these slides at:
http://sjd.ca/az900
Public cloud
Azure owns the hardware,
on their network and
infrastructure
Private cloud
Looks and acts like a cloud,
except customer owns or
leases or has exclusive
access to the hardware
Hybrid cloud
Combination of public and
private clouds; scale private
infrastructure to the cloud
Compare and Contrast
Public vs private vs hybrid
AZ-900 Microsoft Azure
Fundamentals
Scott Duffy, Instructor
© 2021 Scott Duffy, softwarearchitect.ca… get the course for these slides at:
http://sjd.ca/az900
Describe Core Azure Services
(15-20%)
2021A
Core Azure architectural
components
Regions
60+
Regions - not all accessible by everyone
Region Pairs
What are Paired Regions?
Each region has one other region which is treated as it’s “pair”
The data connection between region pairs is the highest speed available
Software rollouts are deployed to one region of a pair and the other is not touched
© 2021 Scott Duffy, softwarearchitect.ca… get the course for these slides at:
http://sjd.ca/az900
Core resources in Azure
Getting Deep into the Technical
● Compute services
● Networking services
● Storage services
● Database services
● Azure Marketplace
Compute services covered
● Virtual Machines (VM)
● App services (Web apps)
● Azure Container Instances (ACI)
● Azure Kubernetes Service (AKS)
● Windows Virtual Desktop
Compute -
“Executing code” in
the cloud
Virtual Machines
Infrastructure as a service - IaaS
Take an existing machine from your environment into the cloud - a copy
Number of CPU cores, CPU speed, RAM size, temporary disk size, IOPS, etc
App Services
A new paradigm for running code in the cloud
Give your code and configuration to Azure, and they will run it
Can even see your desktop on iOS and Android, or from any web browser
Runs on Azure
Networking Services Covered
Virtual Networks
VPN Gateway
VNet Peering
ExpressRoute
Types of Networking Services
● Connectivity Services
● Protection Services
● Delivery Services
● Monitoring Services
Connectivity
Virtual Network - emulating a physical network
Virtual Private Network (VPN) - connecting two networks as if they were on the
same network, uses a Network Gateway
Azure Firewall
Private Link
Delivery - Not on the Exam
Load Balancer - distribute traffic evenly between multiple backend servers
Content Delivery Network (CDN) - stores common static files on the edge, closer
to the users for (perceived) improved performance
Azure Front Door Service - a load balancer, CDN and firewall all-in-one
Monitoring - Management Tools Section of the
Course
Network Watcher
ExpressRoute Monitor
Azure Monitor
Storage Services Covered
Container (Blob) Storage
Disk Storage
File Storage
Storage Tiers
Storage - one of the
foundational
technologies on
which much is built
Container (Blob) and File Storage
The Azure Storage account
Location
Redundancy / Replication
Failover options
Disk Storage
Azure Virtual Machine Disks
Managed Disks
Designed for modern applications such as mobile video games, social networks,
and things requiring thousands of global replication
NoSQL Storage
Multi-modal
Relational DB
Database as a service
Easy to replicate
Easy to scale
Common open-source DB
Wordpress uses it
Azure Database for PostgreSQL
Managed PostgreSQL database
Open-source DB
Has better support for clusters and more complex server setups
Always up-to-date
Azure Marketplace
AZ-900 Microsoft Azure
Fundamentals
Scott Duffy, Instructor
© 2021 Scott Duffy, softwarearchitect.ca… get the course for these slides at:
http://sjd.ca/az900
Describe Core Solutions and
Management Tools (10-15%)
2021A
IoT Central
Azure Sphere
Azure Sphere
A platform designed to work with connected devices
Includes:
HDInsight
Azure Databricks
Artificial Intelligence (AI)
Azure Machine Learning
Cognitive Services
Serverless
Azure Functions
Logic Apps
Event grid
2020A
DevOps Solutions
Azure DevOps
GitHub
GitHub Actions
© 2021 Scott Duffy, softwarearchitect.ca… get the course for these slides at:
http://sjd.ca/az900
2020A
Azure Tools
Azure CLI
PowerShell
Azure Portal
Management layer that allows you to create, update, and delete resources called
“deployments”
All actions that you take to manage your Azure resources goes through the ARM
layer
Azure Monitor
Azure Service Health
AZ-900 Microsoft Azure
Fundamentals
Scott Duffy, Instructor
© 2021 Scott Duffy, softwarearchitect.ca… get the course for these slides at:
http://sjd.ca/az900
Describe General and Network
Security Features (10-15%)
Azure Security Center
Azure Security Center
Unified infrastructure security management system that monitors and protects
your systems inside and outside of Azure
● Strengthen security
● Protect against threats
● Get secure faster
Key Vault
Central, secure repository for
your secrets, certificates and
keys
Azure Sentinel
What is Sentinel?
Centralizes all the log files from various resources
Investigate an incident
© 2021 Scott Duffy, softwarearchitect.ca… get the course for these slides at:
http://sjd.ca/az900
Defense in Depth
Security Layers
● Data - i.e. virtual network endpoint
● Application - i.e. API Management
● Compute - i.e. Limit Remote Desktop access, Windows Update
● Network - i.e. NSG, use of subnets, deny by default
● Perimeter - i.e. DDoS, firewalls
● Identity & access - i.e. Azure AD
● Physical - i.e. Door locks and key cards
Network Security Group (NSG)
Azure Firewall
Azure DDoS Protection
AZ-900 Microsoft Azure
Fundamentals
Scott Duffy, Instructor
© 2021 Scott Duffy, softwarearchitect.ca… get the course for these slides at:
http://sjd.ca/az900
Describe Identity, Governance,
Privacy, and Compliance Features
(20-25%)
What is “Identity”?
In computing,
“identity” is a
representation of a
person, application
or device
Examples of Identity
John Henry Doe
Client App
Server
Web Browser
Web Site
Mobile App
User ID , Password
DB
Traditionally,
companies have
written their own
code to handle this
Some of the more
famous “hacks”
have been on
custom created
identity systems
Hacks
Some companies were storing the password in “plain text”
Some companies were storing the “salt” along with the data
Active Directory
Traditional AD does
not work with
Internet protocols
Azure AD provides
“identity as a
service”
Instead of having to
write code to
handle users,
passwords,
password reset
The AAD Model
Identity Provider
User ID , Password trust,
key
signed
token
Client App
Server
Browser
Web Server
Mobile App
signed
token
SAML
OpenID
WS Federation
Benefits of Azure AD
Security
Reduced
development time,
easier support
More features
Centralized
administration
Only one user ID
and password
- Single Sign-On
Integration with
other Azure
services
The difference between
Authentication and Authorization
Authentication is a user
proving who they are -
user id and password
Authorization is ensuring
that a user is permitted to
perform an action
Move away from all
authenticated users
having admin
access
Azure Active Directory
Microsoft’s
preferred solution for
identity management
Azure AD Powers Other Microsoft Services
Azure
Skype
Outlook
OneDrive
Xbox
© 2021 Scott Duffy, softwarearchitect.ca… get the course for these slides at:
http://sjd.ca/az900
Role-Based Access Control
(RBAC)
Microsoft’s
preferred solution
for access control
Create roles that
represent the
common tasks of
the job
Accountant
Developer
Business Lead
Assign granular
permissions to that
role
Assign users to
that role
Do not assign
granular permissions
to an individual
Reader
Contributor
Owner
Locks
Read Only
Can Not Delete
Using RBAC, you
can restrict who
has access to locks
Resource Tags
Can add metadata
to Azure resources
Helps with billing
and support issues
Azure Policy
Governance
Create rules across
all of your Azure
resources
Evaluate
compliance to
those rules
Examples of Built-In Policies
● Require SQL Server 12.0
● Allowed Storage Account SKUs
● Allowed Locations
● Allowed Virtual Machine SKUs
● Apply tag and its default value
● Not allowed resource types
Can create custom
policies using JSON
definition
2020A
Azure Blueprints
Azure Subscription
templates with
Roles and Policies
already defined
Cloud Adoption Framework for
Azure
Set of
documentation,
guidance, tools
Best practices for
succeeding in the
cloud
AZ-900 Microsoft Azure
Fundamentals
Scott Duffy, Instructor
© 2021 Scott Duffy, softwarearchitect.ca… get the course for these slides at:
http://sjd.ca/az900
Core Tenets of Security, Privacy
and Compliance
Azure: Trusted Cloud
● Security
● Privacy
● Compliance
● Resiliency
● Intellectual Property (IP) protection
Security
● Azure is built with security in mind
● Azure delivers tools and technologies to help organizations protect
applications and data
● Azure uses encryption
● Azure offers advanced tools to detect and defend against security threats
Privacy
● You own all your data in Azure
● Microsoft will not mine your data or use it for marketing
● You control where the data is located and who has access
● You can access your own data at any time for any reason
● Microsoft follows a specific policy for government and law enforcement
requests
● Microsoft follows a specific policy to remove data if you
discontinue using their service
Compliance
Microsoft follows international standards and helps customers to follow those
standards too if they wish
Azure can help with standards in more than 35 industries like health care,
government, finance, etc.
Reliability and Resiliency
● High availability
● Disaster recovery
● Backup
Protecting IP
You can build your solutions on top of Azure’s products and services
Azure China
2020A
Separate account
2020A
Data remains in
China
AZ-900 Microsoft Azure
Fundamentals
Scott Duffy, Instructor
© 2021 Scott Duffy, softwarearchitect.ca… get the course for these slides at:
http://sjd.ca/az900
2020A
Logic Apps
Outbound bandwidth
Outbound data, $0.08 to $0.12 / GB for Zone 2 (Asia, Africa and Oceania)
Tier
Subscription Type
Support Options
Dev/Test Pricing
Export and share
the estimate
Total Cost of Ownership (TCO)
calculator
The cost of a server
is more than just
the cost of the
hardware
Other costs
● Electricity
● Cooling
● Internet connectivity
● Rack space
● Setup labor
● Maintenance labor
● Backup
https://azure.microsoft.com/en-ca/pricing/tco/calculator/
Azure Cost Management
Another free tool
inside Azure to
analyze spending
Analyze spending
over time
Tracking against
budgets
Schedule reports
AZ-900 Microsoft Azure
Fundamentals
Scott Duffy, Instructor
© 2021 Scott Duffy, softwarearchitect.ca… get the course for these slides at:
http://sjd.ca/az900
Service Level Agreement (SLA)
https://azure.microsoft.com/en-ca/support/legal/sla/
Preview features
Preview features
are for “testing” and
not production use
Could change
significantly before
it goes live
May not go live
Public and Private Preview
Public preview
available to
everyone
Private Preview
requires registration
General Availability (GA)
AZ-900 Microsoft Azure
Fundamentals
Scott Duffy, Instructor
© 2021 Scott Duffy, softwarearchitect.ca… get the course for these slides at:
http://sjd.ca/az900
Thank you and best of luck!
Grab Your Free Resources
Located at the end of the course: