Cloud computing is a service delivery model over the internet like storage, compute power, networking, analytics and many more.
Compute power meaning servers such as windows, linux, hosting environment etc
Storage like files and/or databases
Networking in azure but also outside when connecting to your company network
Analytics services for visualization and telemetry data
Cloud computing characteristics:
Scalability
Elasticity
Agility
Fault Tolerance
Disaster Recovery
High Availability
Scalability:
Scalability is the ability to scale. Scaling is a process of allocating(adding) or deallocating(removing) resources. Increasing/decreasing size of the resource is called vertical scaling (scaling up/scaling down) Adding/removing amount of resources is called horizontal scaling (scaling out/scaling in)
Elasticity
Elasticity is the ability to scale dynamically
Agility
Agility is the ability to react fast (scale quickly). Requesting resources at cloud my take seconds, minutes or hours.
Fault Tolerance
Fault tolerance is the ability to maintain system uptime while physical and service component failures happen
Disaster Recovery
Disaster recovery is the process and design principle which allows a system to recovers from natural or human induced disasters
High Availability
High availability is the agreed level of operational uptime for the system. It is a simple calculation of system uptime versus the whole lifetime of the system. availability = uptime/(uptime + downtime)
Principles of economics of scale
Principles which explain the cost of Azure services. Cost per unit(service) lowers as the size of the company grows.
CapEx VS OpExp:
Capital expenditure means buying your own infrastructure. It needs the big initial investment. Operational expenditure means renting infrastructures or buying services. Cloud perfectly fits with this model.
Cap Exp
OpExp
Up front cost
Significant
None
Ongoing cost
Low
Based on usage
Tax Deduction
Over time
Same year
Early Termination
No
Anytime
Maintenance
Significant
Low
Value over time
Lowers
No change
Consumption Based Model
The consumption-based model is a pricing model used in the cloud so that customers are only charged based on their resource usage.
No associated upfront cost
No wasted resources as such no charges are incurred for unused resources
Software-as-a-Service (SaaS) (Application and data) (Ex: One Drive, Outlook, Skype, all business application)
Service Model Responsibilities:
Software layer consists the application (application code and set) & the application data
Platform layer means all the supporting software and the operating system required to host the application
Infrastructure layer consists hardware the infrastructure and virtualization required to host the platform
Cloud Deployment Models
Cloud Deployment Model is simple a separation which describes where are the company resources deployed. Whenever this is in public cloud provider environment or private datacenter.
Public Cloud
Key Characteristics
Everything runs on cloud provider hardware
No local hardware
Some services share hardware with other customers
Advantages
No CapEx (No initial investment)
High Availability
Agility
Pay as you Go (PAYG) pricing
No hardware maintenance
No deep technical skills required
Disadvantages
Not all security and compliance policies can be met
No ownership over the physical infrastructure
Rare specific scenarios can’t be done
Private Cloud
Key Characteristics
Everything runs on your own datacenter
Self-service should be provided
You maintain the hardware
Advantages
Can support any scenario
Total control over security and infrastructure
Can meet any security and compliance policy
Disadvantages
Initial investment is required (CapEx)
Limited agility constrained by server capacity and team skills
Very dependent on IT skills & expertise
Hybrid Cloud
Key Characteristics
Combines both Public & Private cloud
Advantages
Great flexibility
You can run any legacy apps in private cloud
Can utilize existing infrastructure
Meet any security& compliance requirements
Can take advantage of all public cloud benefits
Disadvantages
Can be more expensive
Complicated to manage due to larger landscape
Most dependent on IT skills & expertise from all three models
Geographies, Regions & Availability Zones
Data Center
Physical facility that holds the servers
Hosting for group of networked servers
Own power, cooling & networking infrastructure
Region
Geographical area on the planet
One or more datacenters connected with low-latency network (<2 milliseconds)
Location for your services
Some services are available only in certain regions
Some services are global services, as such are not assigned/deployed in specific region
Globally available with 50+ regions
Special government regions (US DoD Central, US Gov Virginia, etc.)
Special partnered regions (China East, China North)
“Azure speed test” to check service speed based on your location
“Products available by region” can compare different region available services
Availability Zone
Regional feature, logical groupings over data centers
Grouping of physically separate facilities
Designed to protect from data center failures
If zone goes down others continue working
Two service categories
Zonal services (Virtual Machines, Disks, etc.)
Zone-redundant services (SQL, Storage, etc.)
Notall regions are supported
Supported region has three or more zones
A zone is one or more data centers
Region Pair
Each region is paired with another region making it a region pair
Region pairs are static and cannot be chosen
Each pair resides within the same geography*
Exception is Brazil South
Physical isolation with at least 300 miles distance (when possible)
Some services have platform-provided replication
Planned updates across the pairs
Data residency maintained for disaster recovery
REGION PAIR A
REGION PAIR B
East US
West US
UK West
UK South
North Europe (Ireland)
West Europe (Netherlands)
East Asia (Hong Kong)
Southeast Asia (Singapore)
Geographies
Discrete market
Typically contains two or more regions
Ensures data residency, sovereignty, resiliency, and compliance requirements are met
Fault tolerant to protect from region wide failures
Broken up into areas like Americas, Europe, Asia Pacific, MiddleEast and Africa
Each region belongs only to one Geography
Resources, Resource Groups & Resource Manager
Azure Resource
Object used to manage services in Azure
Represents service lifecycle
Saved as JSON definition (Four common properties is Type. APIVersion, Name and Location)
Resource Groups
Logical Grouping of resources
Holds logically related resources
Typically organizing by
Type
Lifecycle (app, environment)
Department
Billing,
Location or
combination of those
Resource Manager
Management Layer for all resources and resource groups
Unified language
Controlsaccess and resources
Additional Info
Each resource must be in one, and only one resource group
Resource groups have their own location assigned
Resources in the resource groups can reside in a different locations
Resources can be moved between the resource groups
Resource groups can’t be nested
Organize based on your organization needs but consider
Billing
Security and access management
Application Lifecycle
“Azure Resource Explorer” will show the details about resources.
Compute Services
Category of on-demand services used to run cloud based applications. Azure compute services includes…
Virtual Machines
Virtual Machine Scale Sets
Container Instances (ACI)
Kubernetes Service (AKS)
App Services
Functions
Virtualization (Definition)
Emulation of physical machines
Different virtual hardware configuration per machine/app
Different operating systems per machine/app
Total separation of environments like file systems, services, ports, middleware, configuration.
1. Virtual Machines
Infrastructure as a Service (IaaS)
Total control over the operating system and the software
Supports marketplace and custom images
No auto scaling feature
Best suited for
Custom software requiring custom system configuration
Lift-and-shift scenarios
Can run any application/scenario
web apps & web services,
databases,
desktop applications,
jumpboxes,
gateways, etc.
2. Virtual Machine Scale Sets
Infrastructure as a Service (IaaS)
Set of identical virtual machines
Built-in auto scaling features
Designed for manual and auto-scaled workloads like web services, batch processing, etc.
Containers (Definition)
Use host’s operating system
Emulate operating system (VMs emulate hardware)
Lightweight (no O/S)
Development Effort
Maintenance
Compute & storage requirements
Respond quicker to demand changes
Designed for almost any scenario
3. Azure Container Instances
Simplest and fastest way to run a container in Azure
Platform as a Service (PaaS)
Not mandatorily exposed to users if needed
Treated as Serverless Containers
No auto scaling feature
Designed for
Small and simple web apps/services
Background jobs
Scheduled scripts
4. Azure Kubernetes Service (AKS)
Open-source container orchestration platform
Platform as a Service (PaaS)
Highly scalable and customizable
Designed for high scale container deployments (anything really!)
5. App Service (Web App)
Designed as enterprise grade web application service
Platform as a Service (PaaS)
Supports multiple programming languages and containers
6. Azure Functions (Function Apps)
Platform as a Service
Serverless
Two hosting/pricing models
Consumption-based plan
Dedicated plan
Designed for micro/nano-services
Summary
Virtual Machines (IaaS) – Custom software, custom requirements, very specialized, high degree of control
VM Scale Sets (IaaS) – Auto-scaled workloads for VMs
Container Instances (PaaS) – Simple container hosting, easy to start
Kubernetes Service (PaaS) – Highly scalable and customizable * container hosting platform
App Services (PaaS) – Web applications, a lot of enterprise web * hosting features, easy to start
Functions (PaaS) (Function as a Service) (Serverless) – micro/nano-services, excellent consumption-based pricing, easy to start
Azure Networking Services
Azure Networking Capability
Connect cloud and on-premises resources
On-premise networking functionality
Protect and monitor services
Help with application delivery
Allows to draw a diagram of your full infrastructure (Using Diagram)
Products available for Networking is given below….
Virtual Network,
Load Balancer,
VPN Gateway,
Application Gateway and
Content Delivery Network
1. Azure Virtual Network
Emulation of physical networking infrastructure
Logically isolated networking components
Segmented into one or more subnets
Subnets are discrete sections used for effective address allocation and network filtering via Network Security Groups(NSG) or Application Security Groups(ASG)
Enable communication of resources with each-other, internet and on-premises
Scoped to a single region
VNet Peering allow cross region communication (Also use VPN Gateway)
Designed for Isolation, Segmentation, Communication, Filtering, Routing between resources
2. Azure Load Balancer
Even traffic distribution among multiple resources (Non-Web traffic)
Supports both inbound and outbound scenarios
High-availability scenarios
Both TCP (transmission control protocol) and UDP (user datagram protocol) applications
Internal and External traffic
Port Forwarding
High scale with up to millions of flows
3. VPN Gateway
Specific type of virtual network gateway for on-premises to azure traffic over the public internet (Encrypted)
Cross regional communication of azure virtual networks
4. Application Gateway
Web traffic load balancer (HTTP traffic) (Design to support only web traffic)
Web application firewall
Redirection
Session affinity
URL Routing
SSL termination
5. Content Delivery Network (CDN)
Define and deliver web content to users (JavaScript, CSS, Static Page, Images)
Minimize latency (User will connect with closest location of the content)
POP (points of presence) with many locations
Azure Storage Services
Data Types
Structured: Data that can be represented using tables with very strict schema. Each row must follow defined schema. Some tables have defined relationships between them. Typically used in relational databases.
Semi-structured: Data that can be represented using tables but without strict defined schema. Rows must only have unique key identifier.
Unstructured: Any files in any format. Like binary files, application files, images, movies, etc.
Storage Account
Group of services which include
Blob storage, Storage tiers
Queue storage,
Table storage, and
File storage
Disk storage
Used to store
files,
messages, and
semi-structured data
Highly scalable (up to petabytes of data)
Highly durable (99.999999999% – 11 nines, up to 16 nines)
Cheapest per GB storage
1. Azure Blob Storage
BLOB – Binary Large Object – file
Designed for storage of files of any kind (Unstructured data)
Three storage tiers
Hot – frequently accessed data
Cool – infrequently accessed data (lower availability, high durability)
Archive – rarely (if-ever) accessed data
Many programming interfaces and SDKs
2. Azure Queue Storage
Storage for small pieces of data (messages)
Designed for scalable asynchronous processing (Application multiple task output is stored at queue which is picked up by other process)
3. Azure Table Storage
Storage for semi-structured data (NoSQL)
No need for foreign joins, foreign keys, relationships or strict schema
Designed for fast access
Many programming interfaces and SDKs
4. Azure File Storage
Similar to azure blob storage but it works as a remote drive at local machine
Storage for files accessed via shared drive protocols (SMB)
Designed to extend on-premise file shares or implement lift-and-shift scenarios
5. Disk Storage
Disk emulation in the cloud
Persistent storage for Virtual Machines
Different
sizes,
types (SSD, HDD)
performance tiers
Disk can be unmanaged or managed
Azure Database Services
Azure Databases
Azure Cosmos DB
Azure SQL Database
Azure Database for MySQL
Azure Database for PostgreSQL
Azure SQL Managed Instance
Azure SQL on VM
Azure SQL Datawarehouse(DW)
Azure Cosmos DB
Globally distributed NoSQL (semi-structured data) Database service
Highly responsive (real time) applications with super low latency responses <10ms
Multi-regional applications
Azure SQL Database
Relational database service in the cloud (PaaS) (DBaaS – Database as a Service)
Structured data service defined using schema and relationships
Rich Query Capabilities (SQL)
High-performance, reliable, fully managed and secure database for building – applications
Azure SQL product family
Azure SQL Database – Reliable relational database based on SQL Server
Azure Database for MySQL – Azure SQL version for MySQL database engine
Azure Database for PostgreSQL – Azure SQL version for PostgreSQL database engine
Azure SQL Managed Instance – Fully fledged SQL Server managed by cloud provider
Azure SQL on VM – Fully fledged SQL Server on IaaS
Azure SQL Data Warehouse(DW) (Synapse) – Massively Parallel Processing (MPP) version of SQL Server
Azure IoT Services
What is Internet of Things?
Internet of Things (IoT) is a network of internet connected devices (IoT Devices) embedded in everyday objects enabling sending and receiving data such as settings and telemetry.
Service Includes:
Azure IoT Hub
Azure IoT Central
Azure Sphere
Azure IoT Hub
Managed service for bi-directional communication
Platform as a Service (PaaS)
Highly secure, scalable and reliable
Integrates with a lot of Azure Services
Programmable SDKs for popular languages (C, C#, Java, Python, Node.js)
Multiple protocols (HTTPS, AMQP, MQTT)
Azure IoT Central
IoT App Platform (IoT Central)- Software as a Service (SaaS)
Industry specific app templates
No deep technical knowledge required
Service for connecting, management and monitoring IoT devices
Highly secure, scalable and reliable
Built on top of the IoT Hub service and 30+ other services
Azure Sphere
Set of components allowing you to build secure IoT application. Hardware vendor creates sphere chips based on custom specification, Azure sphere provides OS and then build your application on top of that.
Secure end-2-end IoT Solutions
Azure Sphere certified chips (microcontroller units – MCUs)
Azure Sphere OS based on Linux
Azure Security Service trusted device-to-cloud communication
Azure Big Data & Analytics Services
What is Big Data?
Big Data is a field of technology that helps with the extraction, processing and analysis of information that is too large or complex to be dealt with by traditional software.
Service Includes:
Azure Synapse Analytics
Azure HDInsight
Azure Databricks
The three V’s rule
Big data typically has one of the following characteristics
Velocity – how fast the data is coming in or how fast we are processing it
Batch
Periodic
Near Real Time
Real Time
Volume – how much data we are processing
Megabytes
Gigabyte
Terabytes
Petabytes
Variety – how structured/complex the data is
Tables
Databases
Photo, Audio
Video, Social Media
Azure Synapse Analytics
Big data analytics platform (PaaS)
Multiple components
Apache Spark
Synapse SQL
SQL pools (dedicated – pay for provisioned performance)
SQL on-demand (ad-hoc – pay for TB processed)
Synapse Pipelines (Data Factory – ETL)
Synapse Studio (unified experience)
Modern workspace for end-2-end enterprise data warehousing & analytics with lot of integrated tools like Data Factory, Spark, SQL etc.
Azure HDInsight
Flexible multi-purpose big data platform (PaaS)
Provide big data clusters including existing open source technologies
Fully managed open source analytics service with a lot of supported frameworks and tools.
Azure Databricks
Big data collaboration platform (PaaS)
Unified workspace for notebook, cluster, data, access management and collaboration
Based on Apache Spark only.
Integrates very well with common Azure data services
Apache spark based analytics platform for data transformation and collaboration.
Azure Artificial Intelligence (AI) Services
What is Artificial Intelligence:
Artificial Intelligence (AI) is the simulation of human intelligence & capabilities by computer software.
What is Machine Learning:
Machine Learning is a subcategory of AI where a computer software is “taught” to draw conclusions and make predictionsfrom data. The process of teaching the software is called Building a Model.
Azure Machine Learning
Cloud-based platform for creating, managing and publishing machine learning models
Platform as a Service (PaaS)
Machine Learning Workspace – top level resource
Machine Learning Studio – web portal for end-2-end development
Features / Tools
Notebooks – using Python and R
Automated ML – run multiple algorithms/parameters combinations, choose the best model
Designer – graphical interface for no-code development
Data & Compute – management of storage and compute resources
Pipelines – orchestrate model training, deployment and management tasks
Azure Serverless Computing Services
What is Serverless?
Serverless computing is cloud-hosted execution environment that allows customers to run their applications in the cloud while completely abstracting underlying infrastructure. Service includes…
Azure Functions
Logic Apps
Event Grid
Azure Functions (Function Apps)
Serverless coding platform (Functions as a Service, FaaS) (Serverless compute resource)
Designed for nano-service architectures and event-based applications
Scales up and down very quickly
Highly scalable
Supports popular languages and frameworks (.NET & .NET Core, Java, Node.js, Python, PowerShell, etc.)
Application development platform for nano services and event based applications using popular languages
Azure Logic Apps
Serverless enterprise integration service (PaaS)
200+ connectors for popular services
Designed for orchestration of
business processes,
integration workflows for applications, data, systems and services
No-code solution
Enterprise integration services for orchestration of business and application workflows using visual interface.
Azure Event Grid
Fully managed serverless event routing service (Routing messages)
Uses publish-subscribe model
Designed for event-based and near-real time applications
Supports dozen of built-in events from most common Azure services
Services send custom events/message (Topics) to Event Grid and Event Grid has lot of other services (Subscriber of topics) to deliver this message.
Azure DevOps Solutions
What is DevOps?
DevOps is a set of practices that combine both development (Dev) and operations (Ops).
DevOps aims to shorten the development life cycle by providing continuous integration and delivery (CI/CD) capabilities while ensuring high quality of deliverables.
Azure DevOps
Collection of services for building solutions using DevOps practices
Services included
Boards – tracking work
Pipelines – building CI/CD workflows (build, test and deploy apps)
Repos – code collaboration and versioning with Git
Test Plans – manual and exploratory testing
Artifacts – manage project deliverables
Extensible with Marketplace – over 1000 of available apps
Evolved from TFS (Team Foundation Server), through VSTS (Visual Studio Team Services)
Azure DevTest Labs
Service for creation of sandbox environments for developers/testers (PaaS)
Quick setup of self-managed virtual machines
Preconfigured templates for VMs
Plenty of additional artifacts (tools, apps, custom actions)
Lab policies (quotas, sizes, auto-shutdowns)
Share and automate labs via custom images
Premade plugins/API/tools for CI/CD pipeline automation
Azure Tools
Azure Portal
Public web-based interface for management of Azure platform
Designed for self-service
Customizable
Simple tasks
Azure PowerShell
PowerShell and module
Designed for automation
Multi-platform with PowerShell Core
Simple to use
Connect-AzAccount – log into Azure
Get-AzResourceGroup – list resource groups
New-AzResourceGroup – create new resource group
New-AzVm – create virtual machine
Azure CLI
Command Line Interface for Azure
Designed for automation
Multi-platform (Python)
Simple to use
az login – log into Azure
az group list – list resource groups
az group create – create new resource group
az vm create – create virtual machine
Native OS terminal scripting
Azure Cloud Shell
Cloud-based scripting environment
Completely free
Supports both Azure PowerShell and Azure CLI
Dozen of additional tools
Multiple client interfaces
Azure Portal integration (portal.azure.com)
Shell Portal (shell.azure.com)
Visual Studio Code Extension
Windows Terminal
Azure Mobile App
Microsoft Docs integration
Azure Advisor
Personalized consultant service
Designed to provide recommendations and best practices for
Location Factor – “Somewhere you are”, ex. GPS location
Supported by Azure AD by default (simple on-off switch)
Azure Security Center
Centralized/unified infrastructure and platform security management service
Continuously scan active services and helps to protect azure environment.
Natively embedded in Azure services
Integrated with Azure Advisor
Two tiers
Free (Azure Defender OFF) – included in all Azure services, provides continuous assessments, security score, and actionable security recommendations
Paid (Azure Defender ON) – hybrid security, threat protection alerts, vulnerability scanning, just in time (JIT) VM access, etc.
Azure Key Vault
All the stored data at disk is encrypted using keys. So that if some one get the disk, they are not able to decrypt the information. All the keys are stored at azure key vault.
Managed service for securing sensitive information (application/platform) (PaaS)
Secure storage service for
Keys,
Secrets and
Certificates
Highly integrated with other Azure services (VMs, Logic Apps, Data Factory, Web Apps, etc.)
Centralization (Multiple services can store their application secret in a single place)
Access monitoring and logging
Can create custom keys and get that keys from different application.
Azure Role-based Access Control (RBAC)
What is a Role?
Role (role definition) is a collection of actions that the assigned identity will be able to perform.
Role definition is an answer to a question “What can be done?”
What is a Security Principal?
Security Principal is an Azure object (identity) that can be assigned to a role (ex. users, groups or applications).
Security Principal assignment is an answer to a question “Who can do it?”
What is a Scope?
Scope is one or more Azure resources that the access applies to.
Scope assignment is an answer to a question “Where can it be done?”
What is a Role Assignment?
Role assignment is a combination of the role definition, security principal and scope.
Azure Role-based Access Control (RBAC)
Authorization system built on Azure Resource Manager (ARM)
Designed for fine-grained access management of Azure Resources
Role assignment is combination of
Role definition – list of permissions like create VM, delete SQL, assign permissions, etc.
Security Principal – user, group, service principal and managed identity and
Scope – resource, resource groups, subscription, management group
Hierarchical
Management Groups > Subscriptions > Resource Groups > Resources
Built-in and Custom roles are supported
Azure Resource Locks
What is an Azure Resource Lock?
Designed to prevent accidental deletion and/or modification
Used in conjunction with RBAC
Two types of locks
Read-only (ReadOnly) – only read actions are allowed
Delete (CanNotDelete) – all actions except delete are allowed
Scopes are hierarchical (inherited)
Subscriptions > Resource Groups > Resources
Management Groups can’t be locked
Only Owner and User Access Administrator roles can manage locks (built-in roles)
Azure Resource Tags
Tags are simple Name (key) – Valuepairs
Designed to help with organization of Azure resources (No way to rename resource group)
Allows you to add extra information to your resources
Used for resource governance, security, operations management, cost management, automation, etc.
Typical tagging strategies
Functional – mark by function ( ex: environment = production )
Classification – mark by policies used ( ex: classification = restricted )
Finance/Accounting – mark for billing purposes ( ex: department = finance )
Partnership – mark by association of users/groups ( ex: owner = adam )
Applicable for resources, resource groups and subscriptions
NOT inherited by default
Azure Policy
Create policy(policy definition) which will check certain azure properties before creating a resource.
Designed to help with resource governance, security, compliance, cost management, etc.
Policies focus on resource properties (RBAC focused on user actions)
Policy definition – Defines what should happen
Define the condition (if/else) and the effect (deny, audit, append, modify, etc.)
Choose first project to validate your strategy (Proof of concept – POC) based on
Business Criteria
Currently operating
Dedicated owner
Strong motivation to move
Technical Criteria
Minimum dependencies and assets
Plan
Digital Estate (INVENTORY OF ASSETS)
Review current landscape and list all projects/solutions (digital assets)
Choose one of the five (5) R’s of rationalization
Rehost – move as is; typically into containers or IaaS (virtual machines)
Refactor – make small code changes and move to PaaS (ex. Azure SQL, Azure App Service, etc.)
Rearchitect – make complex code changes to introduce new features or fix incompatible apps
Rebuild – create a new application using cloud first design
Replace – review available SaaS solutions and replace legacy or unneeded applications
Initial Organization Alignment
Align people so they will support your adoption plan
Map people to capabilities
Skills Readiness Plan
Review current skills and address the gaps
Cloud Adoption Plan – combine everything from steps 1 to 3 into a single cloud adoption plan
Ready
Azure Setup Guide – Review the Azure setup guide to become familiar with the tools and approaches you need to use to create a landing zone.
Azure Landing Zone – Choose an appropriate Azure Subscription type that best suits your needs and establish an initial Azure environment.
Extend Landing Zone – Expand the initial landing zone to fit your business needs.
Best Practices – Review everything and ensure best practices are followed.
Adopt
1. Migrate
First Migration – migrate your first application to familiarize yourself with the cloud, guidelines and tools
Migration Scenarios – review and prepare migration scenarios/guidelines for your company
Virtual Machines – Linux, Windows, etc.
Apps – Java, .NET, NodeJS web apps, etc.
Data – SQL Server, PostreSQL, File Servers, etc.
Other – VMware, Azure Stack, etc.
Best Practices – address common migration needs through the application of consistent best practices.
Process Improvements – important part of this porcess heavy activity is to identify bottlenecks and improve with every migration
2. Innovate
Business Value Consensus (VALUE TO STRATEGY)
Create hypothetical customer need
Decide on solution that solves it
Map this to your strategy
Innovation Guide (TOOLS) – choose available Azure tools that will help your build this application
Best Practices – verify that best practices are followed for all tools in the toolchain
Process Improvements – gather feedback from the users and the customers to improve architectural decisions and future products
3. Govern & Manage
Define governance solutions – Choose solutions to maintain compliance, security and ensure total control of the environment.
Those solutions should focus to
Address Business Needs
Provide Agility
Control Risks
Manage cloud environment (CLOUD OPERATIONS) – Hand over solutions and environment to cloud operations team for maintenance. Team should ensure that stability and costs are always in perfect balance to meet business commitments. Team should allow environment to grow, evolve and adapt to changing business needs.
4. Organize
Ensure that everyone knows what to do and when to do it for every stage in this process. One of the ways to achieve this is via RACI (Responsible, Accountable, Consulted, and Informed) matrix.
Core tenets of Security, Privacy, Compliance
Describe the purpose of the
Document and Websites
Microsoft Privacy Statement,
Online Services Terms (OST)
Data Protection Amendment (DPA) (Amendment)
Trust Center
Azure compliancedocumentation
Azure Sovereign Regions
Azure Government cloud services and
Azure China cloud services
DOCUMENT/WEBSITE
INFO
OFFERS
AUDIENCE
Microsoft Privacy Statement
Collection, Purpose and Usage of Personal Data
All Microsoft offers including services, applications, websites, software, servers, devices
Everyone – end customers or companies
Online Services Terms (OST)
Licensing Terms (legal agreement) – usage rights about Azure services. What can be done and what is forbidden.
Microsoft Online Services like Azure, Microsoft 365 services, Bing Maps, etc.
Organizations – legal teams
Data Protection Addendum
Appending to OST describing obligations by both parties (Microsoft and you) with regards to the processing of customer and personal data
Microsoft Online Services like Azure, Microsoft 365 services, Bing Maps, etc.
Organizations – legal teams, security teams
Trust Center
One stop shop web portal for everything related to security, compliance, privacy, policies, best practices, etc.
Microsoft Online Services like Azure, Microsoft 365 services, Bing Maps, etc.
Organizations – legal teams, security teams, business managers, administrators
Azure Compliance Documentation
Web portal focusing on compliance offerings in Azure, simmilar to the trust center but narrowed down
Azure
Organizations – legal teams, security teams, business managers, Azure administrators
Azure Sovereign Regions
Azure Sovereign Regions provide Azure services in markets with very strict regulatory requirements
Azure Government designed for the US government
Separate instance of Azure (lifecycle, services, portal, etc.)
Physically isolated from other Azure regions
Only autorized scanned personel can get access
Azure China designed for the Chinese market
Separate instance of Azure (lifecycle, services, portal, etc.)
Physically isolated from other Azure regions
Operated by a Chinese telecom company called 21Vianet
Cost Affecting Factors
Base Cost
Resource Types – All Azure services (resources) have resource-specific pricing models. Typically consisting of one or more metrics. (Metrics includes CPU, Memory, Storage, Uptime etc.)
Services – Azure specific offers (Enterprise, Web Direct, Cloud Solution Provider(CSP), etc.) have different cost and billing components like prepaids, billing cycles, – discounts, etc.
Location – running Azure services vary between Azure regions
Bandwidth – network traffic when uploading (inbound/ingress) data to Azure or downloading (outbound/egress) from Azure. Inbound is usually free but outbound not.
Savings (next discussion)
Reserved Instances
Hybrid Benefits
Logical objects don’t have any charge like subscription and resource group.
Azure Pricing Calculator allows you to estimate the cost of your azure environment before you purchase services.
Cost Reduction Methods
Azure Reservations
Purchase Azure services for 1 or 3 years in advance with a significant discounts
Reserved instances – Azure Virtual Machines
Reserved capacity – Azure Storage, SQL Database vCores, Databricks DBUs, Cosmos DB RUs
Software plans – Red Hat, Red Hat OpenShift, SUSE Linux, etc.
Reservations are made for 1 or 3 years
Azure Spot VMs
Purchase unused Virtual Machine capacity for significant discount
How it works
Significant discount for Azure VMs
Capacity can be taken away at any time
Customer can set maximum price after discount to keep or evict the machine
Best for interruptible workloads (batch processing, dev/test environments, large compute workloads, non-critical tasks, etc.)
Hybrid use Benefit
Use existing licenses in the cloud
Use existing licenses in the Azure (Using Hybrid Benefit)
Windows Server
Azure VM
RedHat
Azure VM
SUSE Linux
Azure VM
SQL Server
Azure SQL Database
Azure SQL Managed Instance
Azure SQL Server on VM
Azure Data Factory SQL Server Integration Services
Tools
Pricing calculator – estimate the cost of Azure services
Select service
Adjust parameters (usage)
View the price
Total Cost of Ownership (TCO) calculator – estimate and compare the cost of running workloads in datacenter versus Azure
Define your workloads
Adjust assumptions
View the report
Azure Cost Management
Azure Cost Management service (Cost Management + Billing)
A centralized service for reporting usage and billing of Azure environment
Self-service cost exploration capabilities
Budgets & alerts
Cost recommendations
Automated exports
Minimizing Costs in Azure
Azure Pricing Calculator to choose the low-cost region
Good latency
All required services are available
Data sovereignty/compliance requirements
Hybrid use benefit and Azure Reservations
Azure Cost Management monitoring, budgets, alerts and recommendations
Understand service lifecycle and automate environments
Use autoscaling features to your advantage
Azure Monitor to find and scale down underutilized resources
Use tags & policies for effective governance
SLA and Composite SLA in Azure
Service Level Agreement (SLA) is a formal agreement between a service provider and a customer.
SLA is a promise of a service’s availability (uptime & connectivity). Availability is a measure of time that a service remains operational.
Each Service has its own SLA
Ranges from 99% to 99.999%
Free services typically don’t have an SLA
Broken SLA means service credit return (discount)
SLA
MONTHLY DOWNTIME
99%
7h 18m 17s
99.5%
3h 39m 8s
99.9%
43m 49s
99.95%
21m 54s
99.99%
4m 22s
99.999%
26s
Composite SLA:
Composite SLA is a combined SLA of all components in your application
Formulas
Logical AND – adding dependency
Availability of S1 AND S2 = Availability(S1) * Availability(S2)
Comments
Post a Comment