Book Image

Microsoft Azure Fundamentals Certification and Beyond

By : Steve Miles
Book Image

Microsoft Azure Fundamentals Certification and Beyond

By: Steve Miles

Overview of this book

This is the digital and cloud era, and Microsoft Azure is one of the top cloud computing platforms. It’s now more important than ever to understand how the cloud functions and the different services that can be leveraged across the cloud. This book will give you a solid understanding of cloud concepts and Microsoft Azure, starting by taking you through cloud concepts in depth, then focusing on the core Azure architectural components, solutions, and management tools. Next, you will understand security concepts, defense-in-depth, and key security services such as Network Security Groups and Azure Firewall, as well as security operations tooling such as Azure Security Center and Azure Sentinel. As you progress, you will understand how identity, governance, privacy, and compliance are managed in Azure. Finally, you will get to grips with cost management, service-level agreements, and service life cycles. Throughout, the book features a number of hands-on exercises to support the concepts, services, and solutions discussed. This provides you with a glimpse of real-world scenarios, before finally concluding with practice questions for AZ-900 exam preparation. By the end of this Azure book, you will have a thorough understanding of cloud concepts and Azure fundamentals, enabling you to pass the AZ-900 certification exam easily.

Related Content you might be interested in

Current Title:

Small book image
Microsoft Azure Fundamentals Certification and Beyond
Steve Miles
Jan, 2022 | 424 pages
Small book image
Administering Windows Server Hybrid Core Infrastructure AZ-800 Exam Guide
Steve Miles
Dec, 2022 | 502 pages
Small book image
Azure Security Cookbook
Steve Miles
Mar, 2023 | 372 pages
Small book image
Azure Strategy and Implementation Guide,
Greg Leonardo | Jason Milgram | Peter De Tender
Jun, 2020 | 162 pages
Table of Contents (21 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Section 1: Cloud Concepts
Section 1: Cloud Concepts
Free Chapter
2
Chapter 1: Introduction to Cloud Computing
Chapter 1: Introduction to Cloud Computing
Where has the cloud computing model evolved from?
What is the Shared Responsibility model?
What are the cloud computing delivery models?
What are the cloud computing service models?
Summary
Further reading
Skills check
3
Chapter 2: Benefits of Cloud Computing
Chapter 2: Benefits of Cloud Computing
Why cloud computing?
Cloud computing as a digital transformation enabler
Cloud computing's target audience
Cloud computing hierarchy of needs
Cloud computing operations model
The economics of cloud computing
Thought exercise
Summary
Further reading
Skills check
4
Section 2: Core Azure Services
Section 2: Core Azure Services
5
Chapter 3: Core Azure Architectural Components
Chapter 3: Core Azure Architectural Components
Azure global infrastructure
Azure resource management
Hands-on exercises
Summary
Further reading
Skills check
6
Chapter 4: Core Azure Resources
Chapter 4: Core Azure Resources
Technical requirements
Azure resources
Azure Marketplace
Azure compute services
Azure network services
Azure storage services
Azure database services
Hands-on exercises
Summary
Additional information and study references
Skill check
7
Section 3: Core Solutions and Management Tools
Section 3: Core Solutions and Management Tools
8
Chapter 5: Core Azure Solutions
Chapter 5: Core Azure Solutions
Technical requirements
Serverless computing solutions
Artificial intelligence solutions
Internet of Things solutions
Big data and analytics solutions
DevOps solutions
Thought exercise
Hands-on exercises
Summary
Further reading
Skills check
9
Chapter 6: Azure Management Tools
Chapter 6: Azure Management Tools
Technical requirements
Azure portal
Azure PowerShell
The Azure CLI
Azure Cloud Shell
Terraform on Azure
Azure mobile app
Azure Advisor
Azure Monitor
Azure Service Health
Thought exercise
Hands-on exercise
Summary
Further reading
Skill check
10
Section 4: Security
Section 4: Security
11
Chapter 7: Azure Security
Chapter 7: Azure Security
Technical requirements
Threat modeling
Zero Trust
Defense in depth
Network and application protection
Azure Key Vault
Azure Dedicated Host
Azure Sentinel
Azure Security Center
Other protection solutions
Hands-on exercise
Summary
Additional information and study references
Skills check
12
Section 5: Identity, Governance, Privacy, and Compliance
Section 5: Identity, Governance, Privacy, and Compliance
13
Chapter 8: Azure Identity Services
Chapter 8: Azure Identity Services
Technical requirements
Azure AD
Authentication and authorization
Single sign-on
MFA and Conditional Access
Hands-on exercises
Summary
Further reading
Skills check
14
Chapter 9: Azure Governance
Chapter 9: Azure Governance
Technical requirements
Resource tags
Resource locks
Role-based access control
Azure Policy
Azure Blueprints
The Cloud Adoption Framework for Azure
Hands-on exercises
Summary
Further reading
Skills check
15
Chapter 10: Azure Privacy and Compliance
Chapter 10: Azure Privacy and Compliance
Technical requirements
Core security, privacy, and compliance tenets
Trust Center
Microsoft Privacy Statement
The Product Terms site
Data Protection Addendum
Azure compliance documentation
Azure Sovereign Regions
Thought exercise
Hands-on exercise
Summary
Additional information and study references
Skills check
16
Section 6: Cost Management and Service-Level Agreements
Section 6: Cost Management and Service-Level Agreements
17
Chapter 11: Azure Cost Planning and Management
Chapter 11: Azure Cost Planning and Management
Technical requirements
Factors that affect costs
Reducing and controlling costs
Azure Cost Management
Azure Pricing calculator
TCO calculator
Hands-on exercises
Summary
Further reading
Skills check
18
Chapter 12: Azure Service-Level Agreements
Chapter 12: Azure Service-Level Agreements
Technical requirements
Azure SLAs
Azure service life cycle
Thought exercise
Hands-on exercise
Summary
Additional information and study references
Skills check
19
Chapter 13: Exam Preparation Practice Tests
Chapter 13: Exam Preparation Practice Tests
Test questions
Test answers
Summary
Additional information and study references
Why subscribe?
20
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

What are the cloud computing delivery models?

Cloud computing generally has three deployment models: public cloud, private cloud, and hybrid cloud:

  • Public cloud, in a nutshell, is a shared entity (multi-tenant) computing model. Hardware and resources such as compute, storage, and networking are owned by the cloud provider and shared with other tenants on the platform, known as multi-tenant or multi-tenancy. Think of this as an apartment block, where you are a tenant that shares the building with other tenants; you pay rent to a landlord for your apartment. In cloud computing, this is the service provider.
  • Private cloud, in a nutshell, is a dedicated entity (single-tenant) computing model. Hardware and resources such as compute, storage, and networking are dedicated to your organization use only; this is single-tenant. Think of this as a house as opposed to an apartment block; you are the single tenant, and you do not share the building with any other tenants. You either own the building or you rent the property and pay a landlord; that is, a private cloud can be hardware that you own in your facility or a third-party hosting provider, colocation data center facilities provider. Alternatively, this could be their hardware that they dedicate to you, which is traditional dedicated server hosting.
  • Hybrid cloud, in a nutshell, is a combination of a shared entity (multi-tenant) computing model and a dedicated entity (single-tenant) computing model. Some computing resources you choose to have running in your private cloud environment and some resources you choose to have running in a public cloud environment based on your needs. This model offers the most agility and flexibility to changes in demand and business requirements:
Figure 1.4 – Cloud computing delivery models

Figure 1.4 – Cloud computing delivery models

This illustration aims to outline some key aspects of the three delivery models of public, private, and hybrid cloud.

In the following section, we will compare each of these delivery models and look at the characteristics of each model in more detail.

Comparing the cloud computing delivery models

From the last section, we can now define what the delivery models are. This section looks at the characteristics of each model in more detail to help you understand when you may choose one over the other.

Each delivery model has several characteristics. The most appropriate model is defined by how much you want (or need/have mandated) to control, secure, and manage your resources, for example, your apps, code, data, networks, security, and so on.

The deployment model defines what control you have over your cloud computing resources, for example, your apps, data, networks, security, and so on. It describes what resources you share or have dedicated for your organization's use.

We use the terms multi-tenant and single-tenant to differentiate between models that share resources or have dedicated resources.

We could analogize this to a house versus a hotel; with a house, you have your private and dedicated front door, stairs, kitchen, TV/movie subscription service, and more, whereas with a hotel, you have a private room dedicated to you for your sole use, but you share a front door, stairs, kitchen/restaurant, TV/movie subscription service, and so on:

Figure 1.5 – Comparing cloud computing delivery models

Figure 1.5 – Comparing cloud computing delivery models

Now that we have a basic understanding of the delivery models, this next section will cover the characteristics of each delivery model in more depth.

Characteristics of public cloud computing resources

To recap, a public cloud is a shared entity (multi-tenant) computing model.

The following are the characteristics of public cloud computing resources:

  • Metered pricing and consumption-based billing and pay-as-you-go monthly usage costs; you only pay for the resources you use, which can allow cost control and cost management.
  • Almost unlimited resources are available.
  • Performance, scalability, and elasticity. Rapid, on-demand, and automated provisioning and de-provisioning computing resources are required.
  • Availability, reliability, fault tolerance, and redundancy.
  • Computing resources access is available anywhere, typically via the internet and a private managed network such as Microsoft's ExpressRoute service.
  • Self-service management, typically through a web browser or a command-line interface.
  • Least control over security, protection, and compliance; you do not have complete control over security and compliance with the public cloud model.
  • Access to computing resources can be provided by Azure Active Directory as the identity and authentication layer and traditional Windows Server Active Directory when you synchronize the directories.
  • Physical hardware is not/cannot be deployed to public cloud computing platforms; virtual servers are provided. However, some cloud providers allow physical hardware to be dedicated to an organization's use.
  • May allow on-premises facilities hosting computing resources to be decommissioned.
  • Expenditure model; move from a CapEx model to an OpEx model. No CapEx on hardware.

The following giants are use case examples of public cloud platforms: Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).

Characteristics of private cloud computing resources

To recap, a private cloud is a dedicated entity (single-tenant) computing model.

The following are the characteristics of private cloud computing resources:

  • Computing resources created on-premises at the organization's facility or could be provided at a third party's hosting facility; resources only available within the capacity provisioned.
  • It requires a CapEx expenditure model for computing resources.
  • Computing hardware (physical servers/virtualization platforms and so on) is implemented for the organization's sole use. The hardware/physical resources must be supported; failed hardware must be replaced.
  • Required to provide systems and data availability, fault tolerance, scalability, security, protection, update management, maintenance, and support.
  • May allow on-premises facilities hosting computing resources to be decommissioned.
  • Computing resources access is available via a local/private network and typically will have an internet connection. The private cloud resources, however, may be disconnected from the internet or have intermittent access in scenarios such as cruise ships, construction sites, and Formula One teams on the trackside; while some other scenarios, such as regulated or high-security facilities such as medical, research, scientific, defense, and manufacturing, may not permit internet access and so are disconnected from the internet. Being connected or disconnected from the internet is not a defining characteristic of private clouds.
  • The same self-service management functionality and creation of resources is provided as with the public cloud computing model, but you remain in complete control of the security and governance; and you are also entirely responsible for the purchase, implementation, maintenance, and support of the hardware and computing resources you provide from the private cloud platform.
  • You do have complete control over hardware, physical resources, security, and compliance with the private cloud model.
  • Traditional Windows Server Active Directory can provide access to computing resources as the primary identity and authentication layer; Azure Active Directory can also be utilized when connecting to public cloud computing resources through a hybrid model by using directory synchronization as the link between the two identity providers for a consistent, common, or same-sign-on experience.
  • Physical servers can be deployed with the private cloud model.

The following are examples of private cloud platforms: Azure Stack or VMware VCloud.

Characteristics of hybrid cloud computing resources

To recap, a hybrid cloud is a combination of a shared entity (multi-tenant) computing model and a dedicated entity (single-tenant) computing model.

The following are the characteristics of hybrid cloud computing resources:

  • The greatest flexibility in choosing the most appropriate location of computing resources and computing model.
  • The hybrid cloud model provides a choice of creating some computing resources created in the service providers' public cloud computing platforms; some resources are created in your on-premises private cloud platform; both these resources are connected via the internet or a private managed network such as Microsoft's ExpressRoute service.
  • It allows bursting or extend computing resource capacity to a public cloud.
  • Computing hardware (physical servers/virtualization platforms and so on) is implemented for the organization's sole use as part of the private cloud resources. These hardware/physical resources must be supported; failed hardware must be replaced. For public cloud resources, the hardware and physical resources are provided and supported by the service provider of the public cloud resources.
  • It provides the greatest flexibility of access to computing resources via the internet or private networks.
  • Private clouds are not necessarily disconnected from public cloud resources; access may be provided by a private managed network such as ExpressRoute to allow a hybrid cloud approach, a computing model where an organization uses some public cloud resources connected to some private cloud resources.
  • It provides the greatest flexibility of control of security, protection, and compliance.
  • Traditional Windows Server Active Directory can provide access to computing resources as the primary identity and authentication layer; Azure Active Directory can also be utilized when connecting to public cloud computing resources through a hybrid model by using directory synchronization as the link between the two identity providers for a consistent, common, or single-sign-on experience.
  • Physical servers can be deployed within the private cloud and public cloud, but you cannot own these servers in the public cloud; they can only be rented.
  • It provides the greatest flexibility of expenditure model, that is, the ability to choose CapEx or OpEx, whichever is most appropriate for the computing resources.

The following is an example of a hybrid cloud platform: Azure Stack connected to Azure – this scenario could have on-premises virtual machines backing up to Azure or an Azure web app connecting to an on-premises SQL Server, for example.

In this section, we saw the different cloud computing delivery models, how they compare, and the characteristics of each. Now we will take the same approach to look at the cloud computing service models.

Previous Section
End of Section 4
Next Section