Book Image

Learn Azure Administration

By : Kamil Mrzygłód

Book Image

Learn Azure Administration

By: Kamil Mrzygłód

Overview of this book

Microsoft Azure is one of the upcoming cloud platforms that provide cost-effective solutions and services to help businesses overcome complex infrastructure-related challenges. This book will help you scale your cloud administration skills with Microsoft Azure. Learn Azure Administration starts with an introduction to the management of Azure subscriptions, and then takes you through Azure resource management. Next, you'll configure and manage virtual networks and find out how to integrate them with a set of Azure services. You'll then handle the identity and security for users with the help of Azure Active Directory, and manage access from a single place using policies and defined roles. As you advance, you'll get to grips with receipts to manage a virtual machine. The next set of chapters will teach you how to solve advanced problems such as DDoS protection, load balancing, and networking for containers. You'll also learn how to set up file servers, along with managing and storing backups. Later, you'll review monitoring solutions and backup plans for a host of services. The last set of chapters will help you to integrate different services with Azure Event Grid, Azure Automation, and Azure Logic Apps, and teach you how to manage Azure DevOps. By the end of this Azure book, you'll be proficient enough to easily administer your Azure-based cloud environment.

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Section 1: Understanding the Basics

Section 1: Understanding the Basics

Free Chapter

Getting Started with Azure Subscriptions

Getting Started with Azure Subscriptions

Technical requirements

Getting an Azure subscription

Enterprise Agreement

Understanding different subscription models

Implementing subscription policies

Getting started with Azure Policy

Policy validation results

Examples of Azure policies

Using Azure Blueprints for repeatable deploy and update operations

Getting started with Blueprint assignment

Assigning an Azure blueprint

Checking usage and managing quotas

Cost monitoring and analysis

Implementing management automation

Further reading

Managing Azure Resources

Managing Azure Resources

Technical requirements

Managing resource providers

Managing resource groups

Browsing resource groups

Listing the available resources

Moving resources

Understanding resource providers

Performing deployments using ARM with templates

Writing a template from scratch

Automation scripts

Implementing resource locks

Subscription locks

Resource group locks

Automating resource group management with Azure Event Grid

Creating an event subscription

Analyzing the gathered data

Implementing proper resource naming conventions

Configuring and Managing Virtual Networks

Configuring and Managing Virtual Networks

Technical requirements

Creating and configuring VNet peering

The Azure portal

Creating and configuring VNet-to-VNet connection

Multiple regions

Connecting the networks

The same resource group

Different resource groups

Creating and configuring subnets

Creating a VNet

Creating a subnet

Understanding subnet configuration

Securing critical Azure services with service endpoints

Creating a VNet and Azure Storage account

Creating a service endpoint

Configuring a service endpoint

Configuring a naming resolutions

Creating a DNS zone

Configuring the DNS within a VNet

Creating and configuring network security groups (NSGs)

Creating a VNet with a subnet

Adding an NSG to a subnet

Reviewing NSG rules

Adding an NSG rule

Section 2: Identity and Access Management

Section 2: Identity and Access Management

Identity Management

Identity Management

Technical requirements

Creating users in Azure AD

Getting started with user creation

Creating a user in an Azure Active Directory tenant

Creating a guest user

Describing the user creation process

Assigning a role to a user

Registering an application in Azure AD

Creating a new application

Creating groups

Managing groups

Managing directory roles

Monitoring and auditing users

Enabling MFA authentication

Securing an Azure Service Fabric cluster

Access Management

Access Management

Technical requirements

Creating a custom role

Configuring access to Azure resources

Configuring MSI

Securing Azure App Services

Using and revoking Shared Access Policies

Creating and managing Shared Access Policies

Generating SAS tokens for different services

Managing Virtual Machines

Managing Virtual Machines

Technical requirements

Adding data disks

Creating a data disk

Adding network interfaces

Using Desired State Configuration

Scaling VMs up/out

Scaling caveats

Configuring monitoring

Configuring guest-level monitoring

Extending monitoring capabilities

Enabling connection monitor

Configuring high availability

Browsing the solutions

Deploying resources using various tools

Securing access to VMs

Connecting to a VM

Connecting to a VM

Using RDP and SSH to connect

Section 3: Advanced Topics

Section 3: Advanced Topics

Advanced Networking

Advanced Networking

Technical requirements

Implementing load balancing

Monitoring and diagnosing networks

Effective security rules

VPN troubleshoot, Packet capture, and Connection troubleshoot

Configuring DDoS protection

Enabling VNets in AKS

Enabling VNets for ACI

Enabling VNets in Redis Cache

Implementing Storage and Backup

Implementing Storage and Backup

Technical requirements

Configuring network access for Azure Storage accounts

Enabling monitoring and finding logs for Azure Storage accounts

Managing the replication of Azure Storage accounts

Selecting the replication mode

Setting up Azure file shares

Transferring large datasets with low or no network bandwidth

Understanding your case – low or no bandwidth

Transferring data from on-premises to Azure

Transferring large datasets with medium or high network bandwidth

Understanding your case – medium or high bandwidth

The available options

Exploring periodic data transfer

Enabling security for Azure Storage

High Availability and Disaster Recovery Scenarios

High Availability and Disaster Recovery Scenarios

Technical requirements

Monitoring Azure VMs

Enabling monitoring

Understanding the details

Monitoring Azure Storage services

Monitoring Azure App Service

Exploring capabilities of Azure Application Insights

Implementing Azure SQL backup

Creating our SQL server and database

Backing up your databases

Implementing Azure Storage backup

Backing up your storage account data

Implementing Availability Zones for VMs and HA

Availability Sets versus Availability Zones

Implementing AZs

Understanding how AZs work

Monitoring and managing global routing for web traffic with Azure Front Door

Understanding Azure Front Door

Creating an Azure Front Door instance

Designing backup plans for VMs

Further reading

Automating Administration in Azure

Automating Administration in Azure

Technical requirements

Starting/stopping Azure VMs during off-hours

Getting started with a VM

Creating an Automation account

Monitoring Blob storage with Azure Event Grid

Extending your setup

Monitoring ACR with Azure Event Grid

Integrating ACR with Azure Event Grid

Integrating FTP/SFTP servers with Azure Logic Apps

Creating an Azure Logic App instance

Understanding the setup

Integrating Office 365 with Azure Logic Apps

Integrating Azure SQL Server with Azure Logic Apps

Getting started with Azure Logic Apps

Managing updates for VMs

Getting started with the Update Management feature

Enabling the feature for multiple machines

Tracking changes in VMs

Further reading

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Getting started with Azure Policy

To get started, we will have to actually create a policy. The process of assigning a policy is quite simple and can be covered by the following steps:

Search for the Subscriptions blade—the easiest way to do so is to use the search field at the top of the Azure portal, as shown in the following screenshot:

Figure 1.7 - Searching for the Subscriptions blade

Select the subscription you are interested in. The last thing you need to do is to click on the Policies blade:

FIgure 1.8 - The Policies blade

Click on the Assign policy button, which will display a form where you can define how the policy should work:

Figure 1.9 - The Assign policy button

Assign a policy and configure the appropriate fields as follow: set the Scope of your subscription (in my case, it is Pay-As-You-Go) and leave the exclusions empty and the policy definition as Not allowed resource types. Remember that you can select either a built-in or a custom policy (if you have one).
Initially, the compliance state may be displayed as Not registered as in the following screenshot. Wait a few minutes before proceeding:

Figure 1.10 - Created policies view

If this status is diplayed longer than a few minutes, make sure a proper resource provider for the policies is registered. To do so, go to the Resource providers blade and check the status of the provider:

Figure 1.11 - Subscription resource providers

Once the status is displayed as Registered, you can test the results. Try to perform a forbidden action (such as creating a forbidden resource type). If you do so, you will see a result similar to the following:

Figure 1.12 - Validation error

When a policy is enabled and working, it constantly monitors your resources against configured parameters. Depending on its configuration, it may either block deploying particular services or enforce a specific naming convention. An audit policy can report on non-compliant resources and, with enforcement mode enabled, can deny the creation of resources that don't comply with the policy.

Let's now check what a policy validation result may look like.