Book Image

Implementing Azure Solutions - Second Edition

By : Florian Klaffenbach, Markus Klein, Sebastian Hoppe, Oliver Michalski, Jan-Henrik Damaschke
Book Image

Implementing Azure Solutions - Second Edition

By: Florian Klaffenbach, Markus Klein, Sebastian Hoppe, Oliver Michalski, Jan-Henrik Damaschke

Overview of this book

<p>Microsoft Azure offers numerous solutions that can shape the future of any business. However, the major challenge that architects and administrators face lies in implementing these solutions. </p><p>Implementing Azure Solutions helps you overcome this challenge by enabling you to implement Azure Solutions effectively. The book begins by guiding you in choosing the backend structure for your solutions. You will then work with the Azure toolkit and learn how to use Azure Managed Apps to share your solutions with the Azure service catalog. The book then focuses on various implementation techniques and best practices such as implementing Azure Cloud Services by configuring, deploying, and managing cloud services. As you progress through the chapters, you’ll learn how to work with Azure-managed Kubernetes and Azure Container Services. </p><p>By the end of the book, you will be able to build robust cloud solutions on Azure.</p>

Related Content you might be interested in

Current Title:

Small book image
Implementing Azure Solutions - Second Edition
Florian Klaffenbach | Markus Klein | Sebastian Hoppe | Oliver Michalski | Jan-Henrik Damaschke
Oct, 2018 | 556 pages
Small book image
Implementing Azure Cloud Design Patterns
Oliver Michalski | Stefano Demiliani
Jan, 2018 | 300 pages
Small book image
Multi-Cloud for Architects
Florian Klaffenbach | Markus Klein | Suresh Sundaresan
Jan, 2019 | 302 pages
Small book image
Building Hybrid Clouds with Azure Stack
Susan Roesner | Markus Klein
Aug, 2017 | 380 pages
Table of Contents (14 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
Free Chapter
1
Getting Started with Azure Implementation
Getting Started with Azure Implementation
Technical requirements
Service models
Deployment models
Cloud characteristics
Multi-cloud characteristics and models
Cloud brokering
Best of breed
Microsoft Azure
Azure services overview
Azure basics
Azure Resource Manager (ARM)
Resources
Azure regions
Microsoft data center and backbone
Azure portal
Azure automation
Azure automation tools
REST APIs
Summary
Questions
Further reading
2
Azure Resource Manager and Tools
Azure Resource Manager and Tools
Technical requirements
Understanding ARM
Functionalities provided by ARM
Working with ARM
Creating an Azure resource group
Adding a resource to a resource group
First approach – adding a storage account to your resource group
Second approach – adding a storage account to your resource group
Tagging in ARM
Locking Azure resources
Azure resource locks
Working with ARM templates
Exporting a deployment as an ARM template (for IT pros)
Example 1 – exporting a resource group to an ARM template
Example 2 – exporting a resource (classic) to an ARM template
Modifying an ARM template
Authoring an ARM template
Creating your own ARM template (for developers)
Summary
Questions
Further reading
3
Deploying and Synchronizing Azure Active Directory
Deploying and Synchronizing Azure Active Directory
Azure AD
Azure AD options
Azure AD free
Azure AD basic
Azure AD premium P1
Deploying a custom Azure AD
Adding accounts and groups to Azure AD
Installing Azure AD Connect – prerequisites
Installing a basic Azure AD Connect environment
Azure AD Connect highly available infrastructure
Azure AD conditional access
Azure AD DS
Summary
Questions
Further reading
4
Azure Managed Applications
Azure Managed Applications
Technical requirements
Azure managed applications overview
History and purpose of Azure managed applications
Scenarios of Azure managed application publishing
Azure managed applications architecture
Elements of an Azure managed application
Security and access of an Azure managed application
Creating a managed application definition
The file mainTemplate.json
The file createUiDefinition.json
The UI definition outline
The basics step
Additional steps in the steps section
The outputs section
Testing and validation of our template files
Testing and validating the mainTemplate.json file
Validation and testing against Azure
Validation and testing with local scripts
Testing and validating the createUiDefinition.json file
Validation and testing against Azure
Validation and testing with local scripts
Publishing a managed application to the internal service catalog
Creating the service catalog managed application definition
The basics section
The package section
The authentication and lock level section
Deploying a managed application from the internal service catalog
The deployment process
The managed resource group
Publishing a managed application to the Azure marketplace
Technical and business requirements
Summary
Questions
Further reading
5
Implementing Azure Networks
Implementing Azure Networks
Azure networking limits
Azure networking components
Azure virtual networks (VNet)
VNet peering and global VNet peering
VNet service endpoints
Azure VPN gateways
Azure local gateway
Azure virtual WAN
Azure ExpressRoute
Route filter
ExpressRoute Direct
ExpressRoute Global Reach
Azure connections
Azure route
Azure Firewall
Azure third-party network devices
Azure load balancer
Hash-based distribution
Port forwarding
Automatic reconfiguration
Service monitoring
Source NAT
Azure Application Gateways and Web Application Firewall
Web Application Firewall
Azure Traffic Manager
Azure DNS
Azure DDoS
Setting up Azure networks
Setting up Azure VNet
Setting up Azure virtual network site-to-site VPN
Configuring local network gateway
Configuring Azure virtual network gateway
Configuring connection between local and virtual network gateways
Setting up Azure virtual network with MPLS and ExpressRoute
Configuring Azure virtual network gateway
Configuring Azure ExpressRoute circuit
Setting up Azure VNet peering
Preparing the deployment
Configuring VNet peering
Configuring custom routes
Common Azure network architectures
Summary
Questions
Further reading
6
Implementing Azure Storage
Implementing Azure Storage
Storage accounts
The Blob storage account
General-purpose storage v1 account
General-purpose storage v2 accounts
Azure File Sync/Storage Sync services
Azure Data Lake
Replication and redundancy
Locally redundant storage (LRS)
Zone-redundant storage (ZRS)
Geo-redundant storage (GRS)
Read-access geo-redundant storage (RA-GRS)
Azure Storage services
Blob storage services
Table storage services
Queue storage services
File storage services
Access keys
Exploring Azure Storage with Azure Storage Explorer
Premium storage accounts
Premium storage requirements
Pricing
How to deploy a storage account?
Summary
Questions
Further reading
7
Virtual Machines in Azure
Virtual Machines in Azure
Azure VM types
A-series VMs
D-series and DS-series VMs
F-series and FS-series VMs
G-series and GS-series VMs
H-series VMs
NV-series and NC-series VMs
NV VMs
NC VMs
Ls-series VMs
B-series VMs
E-series VMs
M-series VMs
SAP HANA Large Instances
VM extensions
Managed disks
Availability sets
Availability Zone (AZ)
Azure Hybrid Use Benefit (HUB)
Azure Reserved Instances (RIs)
Accelerated networking for VMs
VM serial console
Azure Confidential Compute
Deploying a VM in Azure
Accessing a VM in Azure
Changing IP and DNS settings
Common scenarios for VMs
Optimization of Azure-related communication traffic
On-demand usage for calculations
Disaster recovery for on-premises servers
Summary
Questions
Further reading
8
Implementing Azure-Managed Kubernetes and Azure Container Service
Implementing Azure-Managed Kubernetes and Azure Container Service
Technical requirements
Containers – the concept and basics
Microservices – the concept
Workloads to run in containers
Deploying container hosts in Azure
Docker on Linux
Windows Server Container VM
Azure Container Registry (ACR)
ACI
Creating a first container in Azure
Azure Marketplace containers
Creating custom containers
Container orchestration
The concept of container orchestration
Azure Kubernetes Service (AKS)
Summary
Questions
Further reading
9
Implementing Azure Cloud Services
Implementing Azure Cloud Services
Technical requirements
What is an Azure Cloud Service?
Understanding the Cloud Service architecture
Roles
The service endpoint
Going deeper into the Cloud Services
Service definition file
LoadBalancerProbes
WebRole
WorkerRole
NetworkTrafficRules
Service configuration file
Role
NetworkConfiguration
Azure Cloud Services versus other Azure PaaS offerings such as Azure App Services
Selection of a Guest OS and an update level
Selection of an Azure series
series A
series D
series E
series G
series H
In a nutshell
Creating your first Azure cloud service
Part 1
Part 2
Summary
Questions
Further reading
10
Implementing Azure Governance
Implementing Azure Governance
Technical requirements
Organizational governance
Azure hierarchy
Naming standards
Technical governance
Resource groups
Resource tags
Resource locks
Resource auditing
Management groups
Azure Policies
RBAC
Azure tooling
Azure Security Center
Azure Cost Management
Summary
Questions
Further reading
11
Azure Hybrid Data Center Services
Azure Hybrid Data Center Services
Technical requirements
ASDK
Preparing the ASDK host
Identity management configuration
Networking configuration
VM design of Azure Stack (ASDK)
Azure Stack configuration task
Operating Azure Stack
Working with the portals
Working with PowerShell
Working with the CLI
Hybrid cloud patterns
Configure hybrid cloud connectivity
Machine learning solution with Azure Stack
Azure stack staged data analysis
Azure Stack cloud burst scenario
Azure Stack geo-distributed Application
Monitoring Azure Stack
Summary
Questions
Further reading
12
Assessments
Chapter 1:  Getting Started with Azure Implementation
Chapter 2: Azure Resource Manager and Tools
Chapter 3: Deploying and Synchronizing Azure Active Directory
Chapter 4: Azure Managed Applications
Chapter 5: Implementing Azure Networks
Chapter 6: Implementing Azure Storage
Chapter 7: Virtual Machines in Azure
Chapter 8: Implementing Azure-Managed Kubernetes and Azure Container Service
Chapter 9: Implementing Azure Cloud Services
Chapter 10: Implementing Azure Governance
Chapter 11: Azure Hybrid Data Center Services
13
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

RBAC

Azure identity management is set as AAD. All user configuration and permissions rely on directory roles. You can see all enabled roles when looking at the user itself in Azure AD:

Around 70 default directory roles are available and can be enabled easily. This list may vary, depending on the enabled resource provided:

By showing the permissions of a role, you will see all features a role member can fulfill in Azure:

Configuring roles in Azure is quite easy, as you will need to set them up through the Access control (IAM) entry for a resource or resource group. If your requirement for a role is not available in Azure, you have the chance to set up your own role definition as RBAC. For example, if you will need to have a role that is a contributor, not all features that are allowed by default need to be enabled (for instance, deleting a virtual machine). Therefore, setting up the custom role is a configuration need:

The following JSON shows an example for a custom RBAC...

Previous Section
End of Section 13
Next Section