Book Image

Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond

By : Brett Hargreaves
Book Image

Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond

By: Brett Hargreaves

Overview of this book

The AZ-304 exam tests an architect's ability to design scalable, reliable, and secure solutions in Azure based on customer requirements. Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond offers complete, up-to-date coverage of the AZ-304 exam content to help you prepare for it confidently, pass the exam first time, and get ready for real-world challenges. This book will help you to investigate the need for good architectural practices and discover how they address common concerns for cloud-based solutions. You will work through the CloudStack, from identity and access through to infrastructure (IaaS), data, applications, and serverless (PaaS). As you make progress, you will delve into operations including monitoring, resilience, scalability, and disaster recovery. Finally, you'll gain a clear understanding of how these operations fit into the real world with the help of full scenario-based examples throughout the book. By the end of this Azure book, you'll have covered everything you need to pass the AZ-304 certification exam and have a handy desktop reference guide.

Related Content you might be interested in

Current Title:

Small book image
Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond
Brett Hargreaves
Jul, 2021 | 520 pages
Small book image
Implementing Microsoft Azure Architect Technologies: AZ-303 Exam Prep and Beyond
Brett Hargreaves | Sjoukje Zaal
Dec, 2020 | 548 pages
Small book image
Microsoft Azure Architect Technologies: Exam Guide AZ-300
Sjoukje Zaal
Jan, 2020 | 540 pages
Small book image
Azure Architecture Explained
Brett Hargreaves | David Rendoacuten
Sep, 2023 | 446 pages
Table of Contents (30 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
1
Section 1: Exploring Modern Architecture
Section 1: Exploring Modern Architecture
Free Chapter
2
Chapter 1: Architecture for the Cloud
Chapter 1: Architecture for the Cloud
Introducing architecture
Exploring the transition from monolithic to microservices
Migrating to the cloud from on-premises
Understanding infrastructure and platform services
Moving from Waterfall to Agile projects
Summary
3
Chapter 2: Principles of Modern Architecture
Chapter 2: Principles of Modern Architecture
Architecting for security
Architecting for resilience and business continuity
Architecting for performance
Architecting for deployment
Architecting for monitoring and operations
Summary
Further reading
4
Section 2: Identity and Security
Section 2: Identity and Security
5
Chapter 3: Understanding User Authentication
Chapter 3: Understanding User Authentication
Differentiating authentication from authorization
Introducing Azure AD
Integrating AD
Understanding conditional access, MFA and security defaults
Using external identities
Summary
Exam scenario
6
Chapter 4: Managing User Authorization
Chapter 4: Managing User Authorization
Technical requirements
Understanding Azure roles
Managing users with hierarchies
Controlling access with PIM
Managing risk with Identity Protection
Summary
Exam solution
7
Chapter 5: Ensuring Platform Governance
Chapter 5: Ensuring Platform Governance
Technical requirements
Applying tagging
Understanding Azure policies
Using Azure Blueprints
Summary
Exam scenario
Further reading
8
Chapter 6: Building Application Security
Chapter 6: Building Application Security
Technical requirements
Introducing Azure Key Vault
Working with security principals
Using managed identities
Summary
Exam Scenario
Further reading
9
Section 3: Infrastructure and Storage Components
Section 3: Infrastructure and Storage Components
10
Chapter 7: Designing Compute Solutions
Chapter 7: Designing Compute Solutions
Technical requirements
Understanding different types of compute
Automating virtual machine management
Architecting for containerization and Kubernetes
Summary
Exam scenario
Further reading
11
Chapter 8: Network Connectivity and Security
Chapter 8: Network Connectivity and Security
Technical requirements
Understanding Azure networking options
Understanding IP addressing and DNS in Azure
Implementing network security
Connectivity
Load balancing and advanced traffic routing
Summary
Exam scenario
Further reading
12
Chapter 9: Exploring Storage Solutions
Chapter 9: Exploring Storage Solutions
Technical requirements
Understanding storage types
Designing storage security
Using storage management tools
Summary
Exam scenario
Further reading
13
Chapter 10: Migrating Workloads to Azure
Chapter 10: Migrating Workloads to Azure
Technical requirements
Assessing on-premises systems
Understanding migration options
Migrating virtual machines and databases
Monitoring and optimizing your migration
Summary
Exam scenario
14
Section 4: Applications and Databases
Section 4: Applications and Databases
15
Chapter 11: Comparing Application Components
Chapter 11: Comparing Application Components
Technical requirements
Working with web applications
Managing APIs with Azure API Gateway
Understanding microservices
Using messaging and events
Summary
Exam scenario
Further reading
16
Chapter 12: Creating Scalable and Secure Databases
Chapter 12: Creating Scalable and Secure Databases
Technical requirements
Selecting a database platform
Understanding database service tiers
Designing scalable databases
Securing databases with encryption
Summary
Exam scenario
Further reading
17
Chapter 13: Options for Data Integration
Chapter 13: Options for Data Integration
Technical requirements
Understanding data flows
Comparing integration tools
Exploring data analytics
Summary
Exam scenario
Further reading
18
Chapter 14: High Availability and Redundancy Concepts
Chapter 14: High Availability and Redundancy Concepts
Technical requirements
Understanding virtual machine availability
Understanding Azure storage resiliency options
Understanding SQL database availability
Understanding Cosmos DB availability
Summary
Exam scenario
Further reading
19
Section 5: Operations and Monitoring
Section 5: Operations and Monitoring
20
Chapter 15: Designing for Logging and Monitoring
Chapter 15: Designing for Logging and Monitoring
Technical requirements
Understanding logs and storage options
Exploring monitoring tools
Understanding security and compliance
Using cost management and reporting
Summary
Exam scenario
Further reading
21
Chapter 16: Developing Business Continuity
Chapter 16: Developing Business Continuity
Technical requirements
Understanding recovery solutions
Planning for Azure Backup
Planning for Site Recovery
Planning for database backups
Understanding the data archiving options
Summary
Exam scenario
Further reading
22
Chapter 17: Scripted Deployments and DevOps Automation
Chapter 17: Scripted Deployments and DevOps Automation
Technical requirements
Exploring provisioning options
Looking at the Azure REST API
Choosing between PowerShell and the Azure CLI
Understanding ARM templates
Looking at Azure DevOps
Summary
Exam scenario
Further reading
23
Section 6: Beyond the Exam
Section 6: Beyond the Exam
24
Chapter 18: Engaging with Real-World Customers
Chapter 18: Engaging with Real-World Customers
Working with customers
Exploring common goals
Mapping requirements
Getting feedback
Summary
Further reading
25
Chapter 19: Enterprise Design Considerations
Chapter 19: Enterprise Design Considerations
Understanding your customer
Optimizing costs
Creating landing zones
Building with continual iteration
Summary
Further reading
26
Mock Exam
Mock Exam
27
Mock Answers
Mock Answers
28
Assessments
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Chapter 14
Chapter 15
Chapter 16
Chapter 17
Why subscribe?
29
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Leave a review - let other readers know what you think

Migrating to the cloud from on-premises

A new company starting up today can build its IT services as cloud native from day one. These born-in-the-cloud enterprises arguably have a much simpler route.

For existing businesses, especially larger ones, they must consider how any cloud-based service operates with existing applications currently running within their infrastructure.

Even when a corporation chooses to migrate to the cloud, this is rarely performed in a single big-bang approach. Tools exist to perform a lift-and-shift copy of existing servers to VMs, but even this takes time and lots of planning.

For such companies, consideration at each step of the way is crucial. Individual services don't always run on a single piece of hardware—even websites are generally split into at least two tiers: a frontend user interface running on an Internet Information Services (IIS), with a backend database running on a separate SQL server.

Other services may also communicate with each other—a payroll system will most likely need to interface with an HR database. At the very least, many systems share a standard user directory such as Microsoft Active Directory (AD) for user authentication and authorization.

An architect must decide which servers and systems should be migrated together to ensure these communication lines aren't impacted by adverse latency and can move independently with adequate cloud-to-on-premises network links. Should we use dedicated connectivity such as ExpressRoute, or will a virtual private network (VPN) channel running over the internet suffice?

As already discussed, as we move to the cloud, we change from an inherently secure platform whereby services are firewalled off by default, to an open one whereby connectivity is exposed to the internet by default. Any new communication channels from the cloud to your on-premises network, required to support a potentially long drawn-out migration, effectively provide an entry point from the internet back into your corporate system.

To alleviate business concerns, a strong governance and monitoring model must be in place, and this needs to be well designed from the outset. Will additional teams be required to support this? Will these tasks be added to existing teams' responsibilities? What tooling is used? Will it be your current compliance monitoring and reporting software, or will you have a different set for the cloud?

There are many different ways to achieve this, all depending on the answers to these specific questions. However, for those who wish to embrace a cloud-first solution, this may involve the following technologies:

  • Azure Policy and Azure Blueprints for build control
  • Azure Recovery Services
  • Azure Update Management for VM patching
  • Azure Security Center for alerting and compliance reporting
  • Azure Monitor Agent installed on VMs
  • Azure Monitor
  • Azure Log Analytics and Azure Monitor Workbooks

Although these are Azure solutions, they can, however, also be integrated with on-premises infrastructure as well. The following diagram shows an example of this:

Figure 1.6 – Cloud compliance and monitoring tooling

Figure 1.6 – Cloud compliance and monitoring tooling

As you can see, having a well-architected framework in place is crucial for ensuring the health and safety of your platform, and this in turn feeds into your strategies and overall solution design when considering a migration into the cloud.

Once we have decided how our integration with an on-premises system might look, we can then start to consider whether we perform a simple "lift and shift" or take the opportunity to re-platform. Before making these choices, we need to understand the main differences between IaaS and PaaS, and when one might be better than the other.

Previous Section
End of Section 4
Next Section