AZ-900.md

Cracking the Azure. Preparation and Overview guide for Azure trainings and certifications

Table of content and description

• Cracking the Azure. Preparation and Overview guide for Azure trainings and certifications
  • Table of content and description
    • AZ-900 overview
  • Key concepts of Cloud Computing
    • Public, Private, Hybrid clouds
  • Core Azure Services
    • Regions
    • Azure Compute
    • Azure Network Services
    • Azure Storage Services
    • Azure Database Services
    • Other Popular Azure Solutions
    • Azure Management tools
  • Azure Security / Privacy / Compliance / Trust
    • Identity and Tools
    • Network Security
    • Azure Governance Methodologies, Monitoring and Reporting
    • Monitor and Reporting
  • Pricing & Support
    • Pricing
      • Billing
      • Ways to minimize costs
    • Azure support
      • Azure Service Level Agreement (SLA)
        • Azure preview features and Azure products lifecycle
        • General availability (GA)
    • General Terms and difference between them

AZ-900 overview

• Understand cloud concepts
• Understand core azure services
• Understand azure prices
• Understand security, privacy, compliance and trust
• Understand azure support policy

Key concepts of Cloud Computing

I suggest to read at least once General terms and difference between them in the end of this chapter.

Public, Private, Hybrid clouds

Private (On-premises environments) - Your own servers (or your own datacenter) you responsible for everything: hardware, infrastructure, building, temperature, security, personal, etc. (networking, storage, servers, virtualization, OS, middleware, runtime environment, data, applications). In short, you manage all of this locally. It is as your own house, you responsible for everything, even grass outside. Owned and operated only by (in most cases single) organization that uses resources. Full control as advantage, but you need more workers to manage all of it. Only CapEx.

Public - You share hardware and network with other users of the cloud, it is like a rented apartment: you responsible only for furniture inside (depends on type of services) and your stuff, but does not care about everything outside and landlord take care about servicing of equipment inside flat. Owned by cloud services, which provides resources to multiple organizations and users. Typical access via secure, but internet connection. No CapEx, only OpEx.

Hybrid - combines public and private to allow application use resources in most appropriate way. On-prem env can be connected to Public in specific way and application will operate for both, private and public cloud. For example, it is as condo, you have flat inside multi-flat building, you are owner of the flat, but other things inside or outside building is not your responsibility, you don't need to buy elevator for yourself or postbox or central door with lock for the building, it is included.

CapEx - Capital Expenditure (Expenses) - upfront costs. and predictable fixed costs. value decrease over time. resources can be a loss. In other words, spend on physical infrastructure up front. From accounting side of view like investments in the company (whole company cost grows)

OpEx - Operational Expenditure - ongoing billing costs, pay as you use it. test before committing. fantastic for agile and small business. resource can be deleted. In other words, spend on services as needed and get billed immediately. From accounting side of view like operational expenses and non-investments (company just spend the money). Consumption based model - only pay for what is used, no upfront costs. You consume - you pay.

Azure Stack - Azure and Azure Stack is not the same. They looks similar, but it is not. Azure stack is not good idea without Azure. Example: You have ship without internet, but you need to collect metrics while cruise. You buy Azure Stack and mount it on that ship, and only when it in dock (port), you connect that Azure Stack from the ship to Azure and collect all the data in the cloud. Azure stack without Azure itself will be waste of money and resources. Read more here.

Common as a Service classification:

• IaaS - infrastructure as a service - most basic category of cloud computing services, which uses computer services, that hosted on cloud provider. Service provider is responsible for everything, except: (Your responsibility): OS, middleware, runtime environment, data, applications. Hence, you rent IT infrastructure. Most flexible due to pay-as-you-go basis.
• PaaS - platform as a service - PaaS is designed to make it easier for developers to quickly create web or mobile apps, without worrying about setting up or managing the underlying infrastructure of servers, storage, network, and databases needed for development. So, you are responsible only for your application and data. Provider will take care about infrastructure, os, management and backups, etc. Provides better productivity, as you focus only on your app.
• SaaS - software as a service - is a method for delivering software applications over the Internet. Cloud providers host and manage the software application and underlying infrastructure, and handle any maintenance, like software upgrades and security patching. Users connect to the application over the Internet, usually with a web browser on their phone, tablet, or PC. Example: MS teams, office 365, GMail, etc. In most cases on-demand and pay only for subscription.
• BaaS - backup as a service - an approach to backing up data that involves purchasing backup and recovery services from an online data backup provider. Possible for all types of clouds.
• DaaS (DBaaS) - database as a service. Self-explaining. You just uses connection string to database.
• IDaaS - identity as a service. Comprises cloud-based solutions for identity and access management (IAM) functions, such as single sign-on (SSO).
• Serverless - Overlapping with PaaS, serverless computing focuses on building app functionality without spending time continually managing the servers and infrastructure required to do so. The cloud provider handles the setup, capacity planning, and server management for you. Serverless architectures are highly scalable and event-driven, only using resources when a specific function or trigger occurs.

Core Azure Services

Regions

Region is a geographical area on the planet containing at least one, but potentially multiple datacenters that are in close proximity and networked together with a low-latency network. Different regions has different price per virtual machine, traffic, etc.

Five geographies: Americas, Europe, Asia Pacific, Middle East, Africa

Each geography has Region pair of region data center: Data resides in the same geography, for example Canada East and Canada Center.

Datacenters in Azure can be Public or Special. Special regions:

• US Government (North America, DoD - Department of Defense)
• China 21 Vianet (East and North)
• Germany T-Systems data trustee (Central and NorthEast)

Some global Azure services do not require you to select a region, such as Microsoft Azure Active Directory, Microsoft Azure Traffic Manager, or Azure DNS.

Availability zones (Region pairs): facilities, which physically separates location within an Azure region Each zone has independent cooling, power and networking. Three zones per region. It helps with protection against datacenter failures, service interruptions, disasters or network/power outages. It is also an optional service.

Availability Sets is a metadata of your resources (like VM) and which helps Azure to allocate your resources in way that ensures that a virtual machine is online during maintenance or failure and meets Azure SLA. A virtual machine is assigned to an Update Domain and Fault Domain. Only one Update Domain would be updated at a time. Fault Domain provide physical isolation of data center.

Update Domain (UD) - scheduled maintenance or update, sequenced through update domain. (default 5, but can be increased up to 20 domains)

Fault Domain (FD) - provide physical isolation of workloads across different hardware in data center. (up to 3 (?))

For a given availability set, five non-user-configurable update domains are assigned by default. When more than five virtual machines are configured within a single availability set, the sixth virtual machine is placed into the same update domain as the first virtual machine, the seventh in the same update domain as the second virtual machine, and so on.

How to understand which region is better to you (from your host):

• azurespeed.com
• azurespeedtest

Round trip between Azure regions

Price for one type of resource in different location will differ, hence choose Region based on latency and price, use Price calculator for Region comparison.

Azure Resource Manager (ARM) provides you a management layer in which resource groups and all the resources within it are created, configured, managed and deleted. With that Azure Resource Manager we can manage your resources, such as: virtual machines, web apps, storages, databases, etc. Resource Manager can be accessed using: Azure portal, Azure PowerShell, Azure Command Line Interface (CLI) or REST Clients.

ARM Template - is a JSON file that defines the infrastructure and configuration for your project. A way to have infrastructure as code. You can download prepared ARM template on the step of creation resource, VM for example.

Hierarchy has the following levels (on each level you can manage permissions, which will be inherited and accumulated from top to bottom layers):

• Azure account
  • Management groups
    • Subscriptions (one or more)
      • Resource groups (one or more)
        • Resources (one or more)

Resource group - another core component as unit of management for resources in Azure. The following are true for Resource group:

• Aggregates resources into single unit.
• Allow to deploy, manage and monitor resources in a group.
• Resources in the same resource group should be the same lifespan, like one application.
• Resource can only exist in a single resource group.
• Not all, but most of the resources can be moved across/between resource groups.
• A resource group can contain resources that are located in different regions.
• Deleting of resource group will also delete all associated resources.
• It helps also to group resources or/and give access only to certain resource group.
• You can manage it with Azure Resource Manager.

Azure Marketplace - it is not a core component - there are customers can provide custom solutions and get royalty for using of their product in marketplace. ISV - Independent Software Vendor.

Azure Compute

Azure Compute - core product, which includes:

• VMs - IaaS. self-explained.
• VM Scale Sets (VMSS) - IaaS. for automatic scale of identical VMs (running at the same time). Internal load balancer will be created with round-robin algorithm and health-check probe at level 4 (ISO/OSI), or you can select application gateway, which will be on 7th level of OSI Model as application where you can do more conditions of your redirects, balancing or whatever you need, based on headers and other input parameters. VMSS provides HA, automatic scalability and load balancing. Frequently used in large scale instances, season events (black friday, sport events, etc.)
• Azure App Service - PaaS. offer to build, deploy and scale web, mobile or API apps.
• Serverless Computing (Azure Functions) - PaaS. is an event driven, compute-on-demand experience that extends the existing Azure application platform with capabilities to implement code triggered by events occurring in Azure or third party service as well.
• Container - PaaS. Allows to upload yor containers, which Azure will run for you.
• Kubernetes service - PaaS. Container Orchestration service for huge amount of containers.

Azure Compute provides an on-demand service for running cloud-based apps. Common resources are Disk, Processor, Memory, OS, Networking. Resources available in minutes or seconds. Pay per use.

Azure Network Services

• Azure Virtual Network - IaaS. Fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks.
• Azure Load Balancer - Help to scale identical VMs in automatic way. Works for either, public or internal networks.
• VPN Gateway - PaaS. To connect private and public clouds, for example.
• Application Gateway - Balancer on application level, can separate requests based on cookies, headers, URLs, etc, etc.
• CDN (Content Delivery Network) - helps to cache your content for specific region, closer to clients.

Azure Storage Services

Stores files, messages and tables. Massively scalable, Durable and High available, secure. Supports Structured data, semi-structured data, unstructured data.

• Structured data:
  • Has a schema, rigid format, relational data, uses keys to relate row in one table to a row in another table. Typical use - Database
• Semi-structured data:
  • Ad-hoc schema
  • Nonrelational format
  • Known as NoSQL data
  • Uses tags for data location
  • Typical usage: tab-delimited, files, .csv, XML, JSON
• Unstructured data:
  • No schema or data structure: PDF, Doc, JPG, AVI, etc.

Storage Types in Azure: Blob, Disk, File, Archive.

• Blob - used for unstructured data, highly scalable, recommended for most scenarios. Common use case: streaming audio, video, store backups, images, docs. No restrictions on the kind of data it can hold.
• Disk - persistent storage for VM. Storage for OS and Storage for Data (two disks in sum). You must attach your data disk to your Virtual machine and to not store data at temporary disks. In short: provides disks for VMs, Apps and other services which required disks. Can be connected only to one resource.
• File storage - file share in the cloud. accessed using SMB. Shares can be mounted to a system providing direct access to the files of the cloud. Even from your laptop. Support multiple connections.
• Archive - for long-term backups or data, which is required infrequently. stored offline. low storage costs. required more time to access.

Azure Storage Account contains all of your Azure Storage data objects: blobs, files, queues, tables, and disks. The storage account provides a unique namespace for your Azure Storage data that is accessible from anywhere in the world over HTTP or HTTPS. Data in your Azure storage account is durable and highly available, secure, and massively scalable.

Azure Database Services

PaaS. Fully managed databases, High Available. Databases:

• Cosmos DB
  • Globally distributed database service (NoSQL)
  • Supports MongoDB, Cassandra and other APIs
  • Scaled across azure regions
  • Highly responsive (less than 10 ms) and HA (99.999%)
  • Automatically replicate data closes to the user
  • Typical usage in web, mobile, gaming or IoT apps
• SQL Database
  • Relational Database Service (DaaS, like PaaS)
  • Fully managed SQL database and HA with automatic backups
  • Based on latest stable version of MSSQL Server
  • Typical usage as corporate database
• Azure Database Migration Service (DMS)
  • Migrate database to Azure with minimal downtime
  • Uses the Data Migration Assistant to provide reports and guides to step you into migration

Other Popular Azure Solutions

• Internet of Things (IoT):
  • IoT Hub: Central message hub for bidirectional communication between IoT Devices and the application.
  • IoT Central - Globally managed SaaS solution to monitor and manage IoT devices, good for prototyping.
• Big Data and Analytics:
  • HDInsight - Service for open-source analytics (under the hood) such as Apache Spark or Apache Hadoop, cost-effective to process massive amounts of data.
  • Data Lake Analytics - On-demand analytics job service, no hardware required.
  • SQL Warehouse - Uses massively parallel processing (MPP) and runs complex queries on petabytes of data.
• Artificial Intelligence (AI):
  • Azure Machine Learning Service - Build, train, deploy, manage and track models. Models, created in ML Studio, can not be deployed or managed via ML Service.
  • Azure Machine Learning Studio - Collaborative drag-and-drop visual workspaces where you can build, test and deploy machine learning solutions without needing to write code.
• Serverless computing - Runs code only on the host. Respond to an Event, such as trigger from IoT Device. Typically used for processing incoming data.
  • Logic Apps - Automate tasks, like workflow automation, processes and more for integration with other services, apps, data, system and devices. No code required. Integrate on cloud or with on-prem solutions. Example: photo uploaded to storage -> check for content on photo -> send alert in case of match condition.
  • Event grid - Event routing service. Take an event source (IoT Hub or Storage for example) and sends to event handler for processing.
• Azure DevOps:
  • DevOps Services - Provides development collaboration tools, pipelines, git repositories, task boards and cloud-based load testing.
  • DevTest Labs - Allows you to quickly create Azure environment (from prepared VM templates for example) with minimal waste and controlling cost. For students, as example.

Azure Management tools

• Azure Portal - Web-based portal, accessed via web-browser and allow you to manage your Azure resources.
• PowerShell - Command shell scripting language.
• CLI - Command-line scripting application, support cross-platform (win, linux, mac)
• Azure Cloud Shell - is Browser-based scripting env: bash or powershell. launched from the portal and required storage account.
• Advisor - recommendations about your Azure applications, costs, performance, also security and other tips and tricks. Advise report can be exported.

Azure Security / Privacy / Compliance / Trust

In cloud you and your provided have shared responsibility for security, different levels depends on type of service (IaaS, PaaS, etc)

Identity and Tools

• Azure Identity service:
  • Authentication (who you. like vehicle license/driver permit)
  • Authorization (what, when and where you can drive, what type of vehicle). (tip: non-authorized means don't have permission right now, but we know who you are)
• Azure Active Directory: This is not classical AD. It is Cloud-based identity and access management service. Provides Authentication, SSO (Single sign-on), App management, B2B (pay per user(?)) and B2C (pay per authentication(?)) identity services, Device management.
• Azure Multi-factor Authentication: two or more elements for full authentication. Something you know (password), you have (phone), you are (fingerprint).
• Azure Security Center: Security monitoring service and management system for both, cloud and on-premises workloads. Evaluates the security of current resources. Provide recommendations and threat detection alerts. Automatically applies your security policies to any new resource or service you provision.
• Azure Key Vault: Central Repository to store applications secrets. Supports tokens, passwords, certs, and etc. Create and Control encryption keys. Provision, manage and deploy public and private SSL/TSL Certs. Storing secrets backed by hardware security modules (HSMs).
• Azure Information Protection (AIP): Organize and classify documents and e-mails by applying labels (confidential for internal use only, etc.). Automatic when using rules with conditions. Also can be applied manually for users.
• Azure Advanced Threat Protection (ATP): Identify compromised identities, advanced threats, insider actions, malicious attacks, etc. Brute force or Like you logged in 100 times from different countries for last five seconds and similar suspicious actions in Azure.
  • ATP Portal helps monitor and respond to suspicious activity
  • ATP Sensors installed directly in your domain controller
  • ATP Cloud service runs on Azure infrastructure

Network Security

• Azure DDoS Protection: - Distributed denial access of service. Basic protection included by default and helps to sanitize unwanted network traffic. This service deploys only in Azure network.
• Azure Firewall: - Control access to Azure resources. Firewall as a Service (FaaS). Applies in/outbound traffic filtering rules, unrestricted cloud stability. Uses Azure Monitor for logging.
• NSG: Network Security Groups: Allow or Deny network traffic to and from resources in an Azure VNet subnet. Rules are processed in priority order. Lower processed first. NSG set inbound and outbound rules to filter by source and destination IP, port and protocol.
• ASG: Application Security Group: Group virtual machines across virtual networks. It allows to filter traffic to the virtual machines in the security group, not the network. Allows to segment virtual machines, based on applications, like web server. Allows you to reuse your security policy at scale without manual maintenance of explicit IP addresses. Handles complexity of explicit IP addresses and multiple rule sets.
• WAF: Web Application Firewall. Can be used as internal or external firewall for web apps.

As example, to choose Azure Network Security solution, you need for perimeter layer (outside of your network): Azure DDoS Protection and Azure Firewall. And on networking layer you should use NSG and ASG to permit traffic only between networked resources. You also can combine it: like Azure Firewall + NSG + WAF.

Azure Governance Methodologies, Monitoring and Reporting

• Azure Policies: Policies enforce rules over azure resources, ensures the resource is compliant. Stay compliant with your corporate standards and rules. Azure policies can be described in JSON format. Most of policies can be as: allow action (and mark as compliant), deny action or just audit (log in journal). Already created resources (before policy creation) will be marked as non-compliant resources.
• Initiatives: group of policies, that manages as single unit. It reduces the complexity of multiple policies. Helps to track compliance at greater scope.
• Role-Based Access Control (RBAC): Role based access management control, available for all Azure subscribers without additional cost. Default roles are: Owner, Contributor, Reader. You can create your own custom roles. Like VM Manager or Network Operator with appropriate access permissions only to VM or Network resources. Custom role should be described in JSON file and created over CLI.
• Azure Locks: prevents deletion or modification of a resource. CanNotDelete; ReadOnly. Manage locks at subscription, resource group or at individual resource level.
• Azure Advisor Security Assistance: provide a list of security recommendations, integrates with Azure Security Center, you can see recommendations at Azure Advisor Dashboard. It is just advices, not required actions.
• Azure Blueprints: Allows an engineer or an architect to sketch a project's design parameters, Azure Blueprints enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization's standards, patterns, and requirements. Blueprint contains: role assignment, policy, ARM templates (Azure Resource Manager) and Resource Groups. It also helps with association of blueprints with specific Azure DevOps build artifacts, pipelines, releases, deployments and etc.

Monitor and Reporting

• Azure Monitor: Collect and analyze metrics from cloud or on-premise environments. Helps to monitor availability and performance of resources using metrics and logs. (app monitoring data, guest os metrics, azure resource metrics, etc). Starts collecting data after you add your first resource under your subscription. Activity logs collects all events (add, edit, remove), Metrics measures performance of resources and resource consumption. You can add monitor agent to resource for operational data collecting. You can collect info only about resources inside Azure environment. And act, based on collected info, create rules and do trigger actions for action groups.
• Azure Service Health: Dashboard, which provides insight into Azure and your resources, Azure Status, Azure Service and Resource Health.
• Tags: Group related resources. A Tag is a metadata, which contains a name and pair value. You can organize your resources as logical groups.

Privacy, Compliance and Data Protection requirements

• Industry Compliance Terms:
  • GDPR: General Data Protection Regulation
  • HIPAA: Health Insurance Portability and Accountability Act
  • CJIS: Criminal Justice Information Services
  • CSA STAR Certification
  • ISO: Information Standards Organization (IEC 27018)
  • NIST CSF: National Institute of Standards and Technology Cyber Security Framework

All Microsoft Azure Compliance Offerings

• Microsoft Privacy Statement: What personal data is collected, How it is processed or used, What it will be used for, including sharing.
• Azure Trust Center: Provides expert, more wide information and resources about legal terms divided by topics and also role-based info for managers, engineers, risk assessors, and compliance officers.
• Service Trust Portal: Compliance-related resource. Contains audit results across multiple Microsoft services, and reports about how Microsoft manages data.
• Compliance Manager: Risk-assessment tool in Trust Portal, that supports your organization's regulatory compliance activities.
• Azure Governance Services: It's separate instances of Azure, physically isolated, accessible only for authorized persons. Such instances of Azure meets security and compliance requirements of government agencies. Audit for such instances is also done in separate way. Examples you can find in Special regions: US, Germany, China.

Pricing & Support

Pricing

Azure Subscriptions: provide to you authenticated and authorized access to Azure and allow to provision resources. The following statements are True about Azure Subscription:

• Allows resources to be created and managed. Links to Azure AD for authentication and authorization.
• One Account can have one or multiple subscriptions that have different billing models and to which you apply different policies.
• Options: Pay-As-You-Go; Free account; Member offers; Enterprise agreement and etc.
• Limits: Service limits for each subscription type. Some Service limits can be increased, some not.
• Subscription Billing Boundary: determines how an Azure account is billing according to billing requirements (different currencies, as example and etc).
• Subscription Access Control Boundary (to organization departments): will apply policies at the subscription level, hence you can create different subscriptions to separate organizational structures.
• Management groups - Group of Azure objects in a collection, like container, which allow you to manage policies, access, and compliance for the entire group. It provide you a further level of classification beyond subscriptions. In short: it's just group of subscription and make sense if you have a lot of it.

Azure Planning and Management Costs:

• Web Direct: Regular customers, which sign up for Azure via Azure website (portal), this method required credit card. Wide-available. Available: Pay-as-you-go with quotas and limits or Reserved instances of resources or services with fixed price.
• Enterprise Agreement: Enterprise company sign agreement with Azure for spending amount of money for Azure services in specific period of time. Annual payments (up-front in most of cases).
• CSP (Cloud Solution Provider): Typically Microsoft partner that build their own specific solutions on top of Azure with it's own billing and payment.

Factors, affecting costs of Azure:

• Resource: Cost of resource depends on it's type, size, limits (quotas), and etc.
• Services: Azure rates and billing for services can differ between type of agreement and subscription: enterprise, web direct, csp and etc.
• Locations: Azure infrastructure distributed globally, so cost of usage same resource or same amount of service (VM or Database, for example) may vary between different locations (regions).

Billing

Billing Zones (mostly about network traffic):

• Don't charge for ingress (inbound in Azure datacenters) traffic.
• But will bill you for Egress (outbound of Azure datacenters) traffic.
• Geographical zones (groups):
  • Zone 1: West US, East US, Europe
  • Zone 2: Australia Central, Japan West, Central India
  • Zone 3: Brazil South Only
  • DE Zone 1: Germany Central and Germany Northeast

Online pricing calculator

TCO Calculator (Total Cost of Ownership): A help tool, which can provide you estimates on cost saving after migration to Azure. It creates report, in which you see cost comparison of on-prem and cloud infrastructure. Azure Cost Management

Ways to minimize costs

• Cost analysis: Azure Pricing and TCO online calculators
• Monitor usage and use Azure Advisor recommendation where it can fit you
• You can set spending limits or quotas to see an Alert when you getting close
• Consider to use Azure reservation option to get discount: reserve and pay in advance to save money (usually for one or three years up-front)
• Choose location appropriate to the price, there is tradeoff between location price and latency
• Use tags to identify most of usage by budget owners if you have a lot of applications in Azure for different departments (Cost Analysis -> Group by tag)
• If it is possible (dev/test env, for example): switch off your VMs for nights or weekends and deallocate it to minimize computing resources consumption. Meanwhile your disks and public static IPs will continue consume resources even if VM is off, because such resources reserved by you.

Azure support

Support options:

• Free Support include:
  • Free billing and subscription support
  • Docs for all in online
  • Open a support request ticket, but not guaranteed ETA or solution
  • Community support channel (Stackoverflow, twitter, msdn forums, etc)
  • Azure knowledge center: searchable portal with troubleshooting cases, scale examples, etc. Another high level over Azure documentation.
• Paid Support plans: (not all support plans are available for all customers)
  • Developer: azure trial and non-prod usage
  • Standard: appropriate for prod usage
  • Professional direct: for organization with critical dependence on Azure
  • Premier: perfect for organizations with dependence of microsoft services, including Azure. Less time to get response (not solution). You can buy support hours up-front.

Azure Service Level Agreement (SLA)

SLA is the Service Level Agreement. It documents specific terms that defines azure performance and stability. Individual SLA levels are available for each Azure product and service. And also contains information on what happens, if the SLA is not met.

Key features about Azure SLA:

• performance, uptime and connectivity guarantees
• target range typically between 99.9 and 99.99
• service credits: percentage of the applicable monthly service fees credited to you if a service fails to meet SLA uptime (you should also prove that to Microsoft) (see example at SLA Details section)

To calculate common SLA (composite SLA) for resources with differ SLA levels, you need to multiply it's SLAs: - 99.95 x 99.99 = 99.94 %

Azure preview features and Azure products lifecycle

With Azure preview you can test beta and pre-release features of Azure: services, resources, softwares and regions. With no guarantees.

• Azure private preview
• Azure public preview

Preview of new services - accessible via Azure Portal, indicated by PREVIEW label on the service Preview of new features - accessible as you deploy, build, config and manage an existing service, for example: new version of Azure Kubernetes cluster solution will be marked as (preview)

Azure also have preview version of portal, which contains future features and it is available for public preview.

General availability (GA)

General availability is the term of software lifecycle. Once product is tested successfully it might be released to customers. Once the feature meets specific criteria - it is released to all Azure customers, and this release is referred to general availability. In short it is prod release and General Availability (GA) features are available as part of Azure's default resource or service. For example: We released a new version of Azure Monitor for VMs in January 2020 ahead of our GA announcement. Customers enabling Azure Monitor for VMs will now receive the GA version, but existing customers using the version of Azure Monitor for VMs from Q4 2019 and earlier will be prompted to upgrade.

Announcements about updates of azure products, services and features can be found on Azure updates portal

Azure Cloud Services - community suggests not to use this service, because it has outdated API, doesn't have appropriate updates and have other legacy-stale solution issues. Just avoid to use it in the future. See more details at stackoverflow and github

General Terms and difference between them

High Availability - is software used to ensure that systems are running and available most of the time. High availability is a high percentage of time that the system is functioning. It can be formally defined as (1 – (down time/ total time))*100%. Although the minimum required availability varies by task, systems typically attempt to achieve 99.999% (5-nines) availability. This characteristic is weaker than fault tolerance, which typically seeks to provide 100% availability, albeit with significant price and performance penalties.

High availability software is measured by its performance when a subsystem fails, its ability to resume service in a state close to the state of the system at the time of the original failure, and its ability to perform other service-affecting tasks (such as software upgrade or configuration changes) in a manner that eliminates or minimizes down time. All faults that affect availability – hardware, software, and configuration need to be addressed by High Availability Software to maximize availability.

Scalability - is the ability of a program to scale. For example, if you can do something on a small database (say less than 1000 records), a program that is highly scalable would work well on a small set as well as working well on a large set (say millions, or billions of records). it would have a linear growth of resource requirements. Look up Big-O notation for more details about how programs can require more computation the larger the data input gets. Something parabolic like Big-O(x^2) is far less efficient with large x inputs than something linear like Big-O(x).

Scalability can be achieved in 2 ways:

• Vertical - In this way, you add more hardware like more RAM, processor or more nodes. You also introduce load balancer, which will help in routing the incoming calls to various servers based on the routing algorithm used. The application is now able to handle more load as load is being shared across the servers.
• Horizontal - In horizontal scaling, you architect/design the application in such a way that it can behave well in case of more parallel traffic. You check how you are managing the memory, sessions , cache & state etc. If you are using the session to maintain the user information, under heavy load single server could be more busy managing the servers, so in this case you can check possibility of going stateless. It can also respond to incoming requests from same user in parallel instead serial replies which happens if sessions are being used.

When talking about systems scalability, we usually differentiate between

• "Scale up" - the ability to grow by using stronger hardware
• "Scale out"- the ability to grow by adding more hardware

Scalability and Elasticity are very similar, first mostly about physical opportunities, second about flexible management of resources

Elasticity - the degree to which a system is able to adapt to workload changes by provisioning and de-provisioning resources in an autonomic manner, such that at each point in time the available resources match the current demand as closely as possible. Elasticity is a defining characteristic that differentiates cloud computing from previously proposed computing paradigms, such as grid computing. The dynamic adaptation of capacity, e.g., by altering the use of computing resources, to meet a varying workload is called "elastic computing".

Agility - ability to rapidly develop, test and launch software applications that drive business growth. In cloud computing it is also a cloud provider’s ability to react quickly to changes in the cloud services they offer.

Fault Tolerance - A Fault Tolerant system is extremely similar to HA, but goes one step further by guaranteeing zero downtime. For example, two replicas of service are running simultaneously and if any component fails on the primary replica, application detects the failure and fails over to the secondary replica (failover action)

Disaster Recovery - ability of the system to recover on some existing point and according to prepared and tested plan, in case of disaster, hacking, or just losing part of it's environment. In most cases it is about different and independent regions.

Economies of scale - is the ability to do things more efficiently or at a lower-cost per unit when operating at a larger scale

Container - virtualized environment, but not VM. Container don't include OS, should be lightweight and designed to be created, scaled out and removed dynamically and in short period of time.

---

Examples of something similar to AZ-900 questions (to train yourself):

• Which of the following services from the below list are part of the Azure Compute service offerings?
• Which of the following statements are true about Resource groups?
• Azure Management Groups operate at a level of scope that is ... ?
• Count benefits of using cloud (you can have stage (uat/pre-prod) as the same as prod easier. and etc..)
• Which type of cloud will give you more flexibility
• Which cloud you should choose for legacy app with specific hardware
• Which cloud you should choose for new app with common hardware
• Which cloud type will allow you to management less?
• What is the best way to separate PROD, UAT (Stage), TEST and DEV Environments in Azure?
  • You can separate it at least as different Resource Groups, or better to have different subscription for each environment. It is also depends of resources amount for your application.
• How updates on Azure hardware will affect my VM on it?
  • You will receive notification about planned update with desired date. Due to this date (usually one month+) you should able to login into your portal and move your affected VMs or other resources in different hardware node at what time you prefer (can safely do it). Otherwise, if you will not do that, Microsoft will freeze you VM or other resource during update, without moving it to another node. In some exceptional cases you should contact technical support and discuss with them all the details.
• What you will be able to do and what not while you don't have any free amounts on your subscription?
• What cons of serverless computing?
  • Mostly it is dependency of vendor, because if you have solution and need to move to another vendor, you need to fully re-write all your solution for specifications of new Vendor. Example: Azure Functions -> AWS Lambda.

---