Book Image

Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond

By : Brett Hargreaves
Book Image

Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond

By: Brett Hargreaves

Overview of this book

The AZ-304 exam tests an architect's ability to design scalable, reliable, and secure solutions in Azure based on customer requirements. Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond offers complete, up-to-date coverage of the AZ-304 exam content to help you prepare for it confidently, pass the exam first time, and get ready for real-world challenges. This book will help you to investigate the need for good architectural practices and discover how they address common concerns for cloud-based solutions. You will work through the CloudStack, from identity and access through to infrastructure (IaaS), data, applications, and serverless (PaaS). As you make progress, you will delve into operations including monitoring, resilience, scalability, and disaster recovery. Finally, you'll gain a clear understanding of how these operations fit into the real world with the help of full scenario-based examples throughout the book. By the end of this Azure book, you'll have covered everything you need to pass the AZ-304 certification exam and have a handy desktop reference guide.

Related Content you might be interested in

Current Title:

Small book image
Exam Ref AZ-304 Microsoft Azure Architect Design Certification and Beyond
Brett Hargreaves
Jul, 2021 | 520 pages
Small book image
Implementing Microsoft Azure Architect Technologies: AZ-303 Exam Prep and Beyond
Brett Hargreaves | Sjoukje Zaal
Dec, 2020 | 548 pages
Small book image
Microsoft Azure Architect Technologies: Exam Guide AZ-300
Sjoukje Zaal
Jan, 2020 | 540 pages
Small book image
Azure Architecture Explained
Brett Hargreaves | David Rendoacuten
Sep, 2023 | 446 pages
Table of Contents (30 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
1
Section 1: Exploring Modern Architecture
Section 1: Exploring Modern Architecture
Free Chapter
2
Chapter 1: Architecture for the Cloud
Chapter 1: Architecture for the Cloud
Introducing architecture
Exploring the transition from monolithic to microservices
Migrating to the cloud from on-premises
Understanding infrastructure and platform services
Moving from Waterfall to Agile projects
Summary
3
Chapter 2: Principles of Modern Architecture
Chapter 2: Principles of Modern Architecture
Architecting for security
Architecting for resilience and business continuity
Architecting for performance
Architecting for deployment
Architecting for monitoring and operations
Summary
Further reading
4
Section 2: Identity and Security
Section 2: Identity and Security
5
Chapter 3: Understanding User Authentication
Chapter 3: Understanding User Authentication
Differentiating authentication from authorization
Introducing Azure AD
Integrating AD
Understanding conditional access, MFA and security defaults
Using external identities
Summary
Exam scenario
6
Chapter 4: Managing User Authorization
Chapter 4: Managing User Authorization
Technical requirements
Understanding Azure roles
Managing users with hierarchies
Controlling access with PIM
Managing risk with Identity Protection
Summary
Exam solution
7
Chapter 5: Ensuring Platform Governance
Chapter 5: Ensuring Platform Governance
Technical requirements
Applying tagging
Understanding Azure policies
Using Azure Blueprints
Summary
Exam scenario
Further reading
8
Chapter 6: Building Application Security
Chapter 6: Building Application Security
Technical requirements
Introducing Azure Key Vault
Working with security principals
Using managed identities
Summary
Exam Scenario
Further reading
9
Section 3: Infrastructure and Storage Components
Section 3: Infrastructure and Storage Components
10
Chapter 7: Designing Compute Solutions
Chapter 7: Designing Compute Solutions
Technical requirements
Understanding different types of compute
Automating virtual machine management
Architecting for containerization and Kubernetes
Summary
Exam scenario
Further reading
11
Chapter 8: Network Connectivity and Security
Chapter 8: Network Connectivity and Security
Technical requirements
Understanding Azure networking options
Understanding IP addressing and DNS in Azure
Implementing network security
Connectivity
Load balancing and advanced traffic routing
Summary
Exam scenario
Further reading
12
Chapter 9: Exploring Storage Solutions
Chapter 9: Exploring Storage Solutions
Technical requirements
Understanding storage types
Designing storage security
Using storage management tools
Summary
Exam scenario
Further reading
13
Chapter 10: Migrating Workloads to Azure
Chapter 10: Migrating Workloads to Azure
Technical requirements
Assessing on-premises systems
Understanding migration options
Migrating virtual machines and databases
Monitoring and optimizing your migration
Summary
Exam scenario
14
Section 4: Applications and Databases
Section 4: Applications and Databases
15
Chapter 11: Comparing Application Components
Chapter 11: Comparing Application Components
Technical requirements
Working with web applications
Managing APIs with Azure API Gateway
Understanding microservices
Using messaging and events
Summary
Exam scenario
Further reading
16
Chapter 12: Creating Scalable and Secure Databases
Chapter 12: Creating Scalable and Secure Databases
Technical requirements
Selecting a database platform
Understanding database service tiers
Designing scalable databases
Securing databases with encryption
Summary
Exam scenario
Further reading
17
Chapter 13: Options for Data Integration
Chapter 13: Options for Data Integration
Technical requirements
Understanding data flows
Comparing integration tools
Exploring data analytics
Summary
Exam scenario
Further reading
18
Chapter 14: High Availability and Redundancy Concepts
Chapter 14: High Availability and Redundancy Concepts
Technical requirements
Understanding virtual machine availability
Understanding Azure storage resiliency options
Understanding SQL database availability
Understanding Cosmos DB availability
Summary
Exam scenario
Further reading
19
Section 5: Operations and Monitoring
Section 5: Operations and Monitoring
20
Chapter 15: Designing for Logging and Monitoring
Chapter 15: Designing for Logging and Monitoring
Technical requirements
Understanding logs and storage options
Exploring monitoring tools
Understanding security and compliance
Using cost management and reporting
Summary
Exam scenario
Further reading
21
Chapter 16: Developing Business Continuity
Chapter 16: Developing Business Continuity
Technical requirements
Understanding recovery solutions
Planning for Azure Backup
Planning for Site Recovery
Planning for database backups
Understanding the data archiving options
Summary
Exam scenario
Further reading
22
Chapter 17: Scripted Deployments and DevOps Automation
Chapter 17: Scripted Deployments and DevOps Automation
Technical requirements
Exploring provisioning options
Looking at the Azure REST API
Choosing between PowerShell and the Azure CLI
Understanding ARM templates
Looking at Azure DevOps
Summary
Exam scenario
Further reading
23
Section 6: Beyond the Exam
Section 6: Beyond the Exam
24
Chapter 18: Engaging with Real-World Customers
Chapter 18: Engaging with Real-World Customers
Working with customers
Exploring common goals
Mapping requirements
Getting feedback
Summary
Further reading
25
Chapter 19: Enterprise Design Considerations
Chapter 19: Enterprise Design Considerations
Understanding your customer
Optimizing costs
Creating landing zones
Building with continual iteration
Summary
Further reading
26
Mock Exam
Mock Exam
27
Mock Answers
Mock Answers
28
Assessments
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Chapter 14
Chapter 15
Chapter 16
Chapter 17
Why subscribe?
29
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Leave a review - let other readers know what you think

Understanding infrastructure and platform services

One of the big differences between IaaS and PaaS is about how the responsibility of components shifts.

The simplest examples of this are with websites and Structured Query Language (SQL) databases. Before we look at IaaS, let's consider an on-premise implementation.

When hosted in your own data center, you might have a server running IIS, upon which your website is hosted, and a database server running SQL. In this traditional scenario, you own full responsibility for the hardware, Basic Input/Output System (BIOS) updates, operating system (OS) patching, security updates, resilience, inbound and outbound traffic—often via a centralized firewall—and all physical security.

IaaS

The first step in migrating to cloud might be via a lift-and-shift approach using virtual networks (VNETs) and VMs—again, running IIS and SQL. Because you are running in Microsoft's data centers, you no longer need to worry about the physical aspects of the underlying hardware.

Microsoft ensures their data centers have all the necessary physical security systems, including personnel, monitoring, and access processes. They also worry about hardware maintenance and BIOS updates, as well as the resilience of the underlying hypervisor layer that all the VMs run on.

You must still, however, maintain the software and operating systems of those VMs. You need to ensure they are patched regularly with the latest security and improvement updates. You must architect your solution to provide application-level resilience, perhaps by building your SQL database as a failover cluster over multiple VMs; similarly, your web application may be load-balanced across a farm of IIS servers.

Microsoft maintains network access in general, through its networking and firewall hardware. However, you are still responsible for configuring certain aspects to ensure only the correct ports are open to valid sources and destinations.

A typical example of this split in responsibility is around access to an application. Microsoft ensures protection around the general Azure infrastructure, but it provides the relevant tools and options to allow you to set which ports are exposed from your platform. Through the use of network security groups (NSGs) and firewall appliances, you define source and destination firewall rules just as you would with a physical firewall device in your data center. If you misconfigure a rule, you're still open to attack—and that's your responsibility.

PaaS

As we move toward PaaS, accountability shifts again. With Azure SQL databases and Azure web apps, Microsoft takes full responsibility for ensuring all OS-level patches are applied; it ensures the platforms that run Azure SQL databases and Azure web apps are resilient against hardware failure.

Your focus now moves toward the configuration of these appliances. Again, for many services, this includes setting the appropriate firewalls. However, depending on your corporate governance rules, this needs to be well planned.

By default, communications from a web app to a backend Azure SQL database are over the public network. Although it is, of course, contained within Microsoft's network, it is technically open. To provide more secure connectivity, Azure provides the option to use service connections—direct communication over its internal backbone—but this needs specifically configuring at the web app, the SQL service, and the VNET level.

As the methods of those who wish to circumvent these systems become increasingly sophisticated, further controls are required. For web applications, the use of Web Application Firewall (WAF) is an essential part of this—as the architect, you must ensure they are included in your designs and configured correctly; they are not included by default.

Important note

Even though Microsoft spends billions of dollars a year on securing the Azure platform, unless you carefully architect your solutions, you are still vulnerable to attack. Making an incorrect assumption about where your responsibility lies leads to designing systems that are exposed—remember, many cloud platforms' networking is open by default; it has to be, and you need to ensure you fully understand where the lines are drawn.

Throughout this chapter, we have covered how changing technologies have significantly impacted how we design and build solutions; however, so far, the discussion has been around the technical implementation.

As software and infrastructure become closely aligned, teams implementing solutions have started to utilize the same tools as developers, which has changed the way projects are managed.

This doesn't just affect the day-to-day life of an architect; it has yet another impact on the way we design those solutions as well.

Previous Section
End of Section 5
Next Section