Azure Administrator Associate (AZ-104) Certification Course!

Setting up Azure free account:

An Azure Free Account is Microsoft’s way of letting you try its cloud services without paying upfront, giving you credits, free services, and a safe environment to learn or test projects.

1. Creating the Free Azure account

2. Go to Microsoft azure portal

3. Click on “Start for free” button.

You will be redirected to a sign-in form.

An Azure account budget is a tool in Cost Management that helps you plan, track, and manage your cloud spending by setting spending limits and triggering alerts when those limits are approached or exceeded. Budgets can be created for different scopes like a management group, subscription, or resource group and help you proactively monitor costs without stopping your services.

Key features of Azure budgets

• Cost tracking: Budgets allow you to track your actual and forecasted spending against a predefined monetary limit for a specific time period.

• Configurable alerts: You can set thresholds to trigger notifications (like emails) when a certain percentage of your budget is met. For example, you can set an alert for when 80% of the budget is reached.

• Automated actions: For certain scopes like subscription or resource group budgets, you can configure alerts to trigger an Azure Action Group to take automated actions to reduce or stop further spending.

• Scope flexibility: Budgets can be set at various levels, including management groups, subscriptions, and resource groups, giving you control over different aspects of your spending.

• Proactive cost management: By monitoring spending and getting alerts, you can take action before unexpected costs become unmanageable.

How to use budgets

1. Navigate to Cost Management: Access the Cost Management section in the Azure portal.

2. Set the scope: Choose the scope for which you want to create the budget (e.g., a specific subscription).

3. Create a new budget: Go to the "Budgets" section and click to create a new one.

4. Configure the budget: Provide a name, set the budget amount, and define the reset period (e.g., monthly).

5. Set up alerts: Configure alert thresholds (e.g., 50%, 75%, 100%) and specify the recipients for the notifications.

6. Save: Review the configuration and save the budget.

Azure Core Services:

1. Virtual Machines

2. Virtual Networking

3. Storage

Virtual Machines : Linux or Windows:

You can deploy Linux or Windows virtual machines and connect them using RDP /SSH .

Windows : RDP , Linux : SSH

You can install third party software , patches , updates, load banacers etc.

VMs can be deployed through Azure batch,VM scale sets, Azure kubernetes services , Service fabric

APP Servcies: . Net, Core.Net, Java, ruby etc

Azure Virtual Networking :

1. Virtual Network

2. Expresssroute _: WAN Faster way of encrypted transmission (high cost)

3. VPN Gateway – VPN encrypted Gateway

4. Azure DNS: Public/ Private Domain Name

5. Peering: Network Connection between one region to other region

6. Bastion: Allows RDP without RDP port/ software

Network Security :

1. Network Security group (NSG) – Access control

2. Azure Private link

3. Distributed Denial of Service( DDOS)

4. Azure Firewall

5. Web App Firewall (WAF)

6. Virtual End Points

7. Network Delivery

8. Content Delivery Network (CDN)

Azure Storage:

Managed Disk storage are managed by Microsoft Azure and you don't need any storage account while created new disk.

Unmanaged Disk storage, you must create a storage account in resources to hold the disks (VHD files) for your Virtual Machines

You can create Azure storage up to 5PB . Each blobs ,queues,tables,fiels replicates local to global ( 2 copies of files).

There are 3 types of storage tyres: Hot , Cool , Archive

1. Hot: Most recent using /usable files

2. Cool: Rarely usable files

3. Archive: The files that can be archived

DB’s Used: MangoDB, Maria DB, SQL DB…

MicroServices: Microservices are built in Azure application that can be used as a template.

Programming and Scripting in Azure:

There are 2 types of scripting being used in Azure:

1. Powershell

2. Bash /CLI

Powershell: Example:

Get-AzVm

New-AzVm

Get-AzVirtualNetwork

New-AzVirtualNetwork

Remove-AzVirtualNetwork

BASH /CLI Commands Example:

• az vm list

• az vm create

• az vm delete

• az keyvault create

• az keyvault delete

• az network vnet list

• az network vnet create

• az network vnet delete

• az network vnet subnet list

• az network vnet subnet create

• az network vnet subnet delete

Attached is the Chapter 1_Reference Document

Manage Azure Active Directory:

AD Licensing:

Azure AD licensing refers to the different subscription tiers of Microsoft Entra ID (formerly Azure Active Directory) that determine what identity and access management features you get in Azure and Microsoft 365

1. Free Licensing

2. Office 365 apps

3. Premium P1

4. Premium P2

Active Directory Accounts/ Users:

1. Creating an AD in Azure

2. Switch between Azure AD tenants

3. Add Custom Domain

4. Azure AD Administrative Units

5. Creating New User in AD

6. Bulk Upload/ Download in Azure AD

Role-Based Access Control (RBAC) is a security method that restricts system access to authorized users by assigning them permissions based on their defined roles, rather than granting access directly. This approach simplifies access management by grouping users into roles (like "administrator" or "editor") and assigning specific permissions to each role, ensuring users only have the access necessary for their job function, a principle known as least privilege.

How RBAC works

• Roles: These are job functions or titles within an organization, such as "HR Manager," "Security Analyst," or "Sales Representative".

• Permissions: These define the specific actions a user can perform, like "view," "edit," or "delete" files, or access certain data.

• Users: Individuals are assigned to one or more roles, and they inherit the permissions associated with those roles.

• Example: In a healthcare setting, a "doctor" role might have permission to view and update patient records, while a "receptionist" role can only view patient contact details and appointment schedules, with no access to sensitive medical information.

Key benefits of RBAC

• Enhanced security: It limits user access to only what is necessary for their role, which reduces the risk of unauthorized access, data breaches, and misuse of sensitive information.

• Simplified administration: It makes it easier for IT administrators to manage access for many users. Instead of managing permissions for each individual, they can manage permissions for roles, and users can be added or removed from roles as their responsibilities change.

• Scalability: RBAC is flexible and can easily adapt as an organization grows or its structure changes.

• Compliance: It helps organizations meet regulatory requirements, such as HIPAA in healthcare or GDPR, by providing a clear and organized way to manage access to sensitive data.

Please refer to the reference document attached at the end of this chapter

Attached is the Chapter 2_Reference Document

Manage Subscriptions and Governance in Azure

Managing subscriptions and governance in Microsoft Azure involves organizing, securing, and controlling cloud resources across an organization to ensure efficient operations, compliance, and cost optimization. Azure provides several built-in tools and frameworks that help enterprises implement a structured governance model and maintain consistency at scale.

1. Subscriptions Management

An Azure subscription is a logical container used to provision and manage Azure resources such as virtual machines, storage accounts, and databases. Each subscription is linked to a billing account, enabling organizations to track usage and costs.

Organizations often use multiple subscriptions to separate environments (Development, Testing, Production), departments, or business units. Subscriptions can be grouped under Management Groups, allowing unified policy and access control.

2. Governance Framework

Azure Governance ensures that resources are deployed securely and in compliance with organizational standards. It includes tools and services to establish control and visibility across the cloud environment.

Key Governance Components:

• Management Groups – Provide a hierarchical structure for organizing multiple subscriptions. Policies and access permissions applied at a management group level automatically inherit to child subscriptions.

• Azure Policy – Enforces rules and compliance requirements by automatically auditing and remediating non-compliant resources. Examples include enforcing tagging, restricting regions, or limiting VM sizes.

• Role-Based Access Control (RBAC) – Manages who has access to Azure resources and what actions they can perform, following the principle of least privilege.

• Azure Blueprints / Deployment Stacks – Define repeatable governance environments that include role assignments, policies, and resource templates.

• Resource Groups – Logical containers within subscriptions that group related resources for easier management, deployment, and monitoring.

3. Cost and Compliance Management

Azure provides tools like Cost Management + Billing and Azure Advisor to track spending, optimize resource utilization, and receive recommendations for cost savings. Governance also involves defining naming conventions, tagging strategies, and budget alerts to enhance accountability and transparency.

4. Security and Identity Governance

Access and identity governance are enforced through Azure Active Directory (Azure AD) and Privileged Identity Management (PIM) to control and monitor administrative privileges and enable just-in-time access. Conditional Access policies can enforce multi-factor authentication and device compliance requirements.

5. Monitoring and Reporting

Azure offers centralized visibility through Azure Monitor, Log Analytics, and Defender for Cloud, helping organizations track performance, detect anomalies, and maintain security compliance.

Please refer to the reference document attached at the end of this chapter

An Azure storage account is a container in Azure that holds a set of Azure Storage data objects, such as blobs, files, queues, and tables. It provides a unique namespace for your data, accessible from anywhere in the world via HTTP or HTTPS. A storage account is the parent namespace for all storage services in a subscription, and all data within it is managed as a group and deleted if the account is deleted.

Import and Export Data to Azure

Importing and exporting data to Azure enables organizations to securely transfer large volumes of data between on-premises environments and Azure cloud storage. This process is essential for data migration, backup, disaster recovery, and analytics workloads.

Azure provides multiple methods and services to move data efficiently, depending on data size, transfer frequency, and network capacity.

1. Importing Data to Azure

Importing data refers to transferring files, databases, or workloads from on-premises or external sources into Azure. This can be done using several tools and services:

a. Azure Import/Export Service

• A secure offline method for transferring large datasets using physical hard drives.

• Organizations ship encrypted drives to a Microsoft data center.

• Data is directly uploaded to Azure Blob Storage or Azure Files.

• Ideal for migrating terabytes (TB) or petabytes (PB) of data when network transfer is impractical.

b. Azure Storage Explorer / AzCopy

• Azure Storage Explorer: A GUI-based tool to upload, download, and manage data in storage accounts.

• AzCopy: A command-line utility designed for high-performance data transfers to and from Azure Blob, File, and Table storage.

c. Azure Data Box

• A physical device solution that securely transfers large data sets to Azure.

• Variants include Data Box, Data Box Disk, and Data Box Heavy, supporting different capacities.

• Provides encrypted drives and integrates directly with Azure Storage and Azure Data Factory.

d. Azure Data Factory

• A cloud-based data integration service that orchestrates and automates data movement and transformation.

• Supports copy activities between on-premises systems, SaaS applications, and Azure data stores (e.g., Azure Synapse Analytics, Azure SQL Database, Blob Storage).

e. Network-based Transfers

• Using ExpressRoute, VPN, or the public internet, data can be continuously streamed or synced to Azure for analytics and processing.

2. Exporting Data from Azure

Exporting data involves moving information from Azure back to on-premises or external locations. This may be needed for backups, analytics, compliance, or archival purposes.

a. Azure Export Jobs (Import/Export Service)

• Allows organizations to request the export of large datasets.

• Microsoft copies the selected data to encrypted hard drives and ships them securely.

b. AzCopy or Storage Explorer

• Download specific containers, files, or blobs directly from Azure Storage.

• Suitable for smaller-scale or selective data retrieval.

c. Data Factory / Synapse Pipelines

• Automate regular data exports from Azure SQL, Data Lake, or Synapse to external databases or storage platforms.

d. APIs and SDKs

• Developers can use Azure REST APIs or SDKs (Python, .NET, Java, etc.) to programmatically extract data from Azure services.

3. Security and Compliance

• All data transfers use encryption (AES-256) both in transit and at rest.

• Data Box and Import/Export devices are tamper-proof and secure.

• Azure complies with global standards (ISO, GDPR, HIPAA), ensuring data privacy and integrity.

Please refer to the reference document attached at the end of this chapter

AzCopy: Upload and Download Files from or to Azure Storage

To upload and download files using AzCopy, you will need to download and install the utility, then authenticate your access to Azure Storage. A Shared Access Signature (SAS) token is a common way to grant access for automated scripts.

AzCopy is a command-line utility provided by Microsoft that enables fast and reliable data transfer between local systems and Azure Storage accounts. It supports uploading, downloading, and synchronizing files and blobs to and from Azure Blob Storage, File Storage, and Table Storage.

AzCopy is optimized for performance, allowing parallel and resumable data transfers. It is ideal for scenarios such as data backup, migration, and automation. With simple commands, users can efficiently move large datasets to Azure or retrieve data from the cloud with minimal effort.

Please refer to the reference document attached at the end of this chapter

Azure Backup and Recovery is Microsoft's suite of services designed to protect your data and applications and keep them running during outages. It primarily consists of two core components, Azure Backup and Azure Site Recovery, which provide distinct but complementary services for business continuity and disaster recovery (BCDR).

Azure Virtual Machines

Azure Virtual Machines (VMs) are scalable, on-demand computing resources provided by Microsoft Azure that allow users to deploy and manage virtualized servers in the cloud. They support a wide range of operating systems, including Windows and Linux, and can run various workloads such as development, testing, applications, or databases.

Azure VMs offer flexibility in size, performance, and pricing, enabling users to choose configurations that fit their needs. They integrate with Azure services for backup, monitoring, and security, making them a key component of cloud infrastructure for both hybrid and fully cloud-based environments.

Please refer to the reference document attached at the end of this chapter

Attached is the Chapter 3_Reference Document

Monitoring CPU and Memory Utilization in Azure
The best way to monitor CPU and memory utilization in Azure is by using Azure Monitor, the platform's core monitoring service. For virtual machines specifically, you can use built-in metrics or enable VM Insights for a more comprehensive view.

Method 1: Using Metrics in the Azure Portal (Simple and Quick)

This approach is suitable for a quick overview of a single VM without extra setup.

1. Navigate to your VM: In the Azure portal, find and select your Virtual Machine.

2. Select the Metrics pane: In the left-hand navigation menu, under the "Monitoring" section, select Metrics.

3. Create a chart:

   • Scope: Your VM will be pre-selected as the scope.

   • Metric Namespace: Choose Virtual Machine Host to see the percentage of the host's CPU used by your VM.

   • Metric: For CPU, select Percentage CPU.

   • Aggregation: For a summary, choose an aggregation like Avg, Max, or Min.

   • Time range: Use the time picker to set the period for the chart, from the last hour to up to 93 days.

4. Monitor memory (Guest OS metric): To get memory metrics, you must first enable the Guest OS diagnostics settings on your VM.

   • Go to your VM's settings, select Diagnostic settings, and enable it.

   • Return to the Metrics blade and select the Virtual Machine Guest namespace.

   • Choose a memory metric, such as Memory Available Bytes.

Method 2: Using VM Insights (Comprehensive and Advanced)

VM Insights offers a more detailed performance view, including process-level data and dependencies.

1. Enable VM Insights: On your VM's page in the Azure portal, navigate to the Insights tab under "Monitoring" and click Enable. This installs the Azure Monitor Agent on your VM and collects guest OS data.

2. View performance charts: Once enabled, the Insights > Performance tab will show a suite of predefined charts for CPU utilization and available memory, among other metrics.

3. Analyze dependencies: The Insights > Map feature can help you visualize processes running on your VM and their dependencies on other resources, which is useful for troubleshooting.

4. Use Log Analytics for deep analysis: VM Insights stores its data in an Azure Log Analytics workspace.

   • You can run powerful Kusto Query Language (KQL) queries to get specific performance data, such as a month's worth of average memory usage across multiple VMs.

   • For example, a query could look like: Perf | where ObjectName == "Memory" | summarize AvgMemoryUsage = avg(CounterValue) by bin(TimeGenerated, 1h).

Proactive monitoring with alerts

You can configure alerts in Azure Monitor to notify you when CPU or memory usage exceeds a certain threshold.

1. Create an alert rule: On your VM's Alerts page, click Create > Alert Rule.

2. Set the condition: Choose a signal name like Percentage CPU.

3. Configure thresholds: Define the threshold (e.g., greater than 80%) and frequency of the alert.

4. Assign an action group: Create or select an action group to specify how you want to be notified (e.g., email, SMS, or webhook).

Autoscale for an Azure Virtual Machine Scale Set (VMSS) automatically adjusts the number of identical virtual machine instances based on demand. This allows your applications to maintain performance during peak loads and reduce costs during periods of low activity.

How autoscale works

Azure Monitor is the service that drives autoscaling for a VMSS. You configure a profile with rules that tell Azure how and when to scale, based on:

• Metric-based rules: This is the most common approach and reacts to the performance of your application. You can create "scale out" and "scale in" rules using metrics like:

  • CPU usage: If the average CPU across all VMs in the set exceeds 70% for 10 minutes, a rule might trigger a "scale out" action to add more VMs.

  • Memory usage: You can set a rule to add instances if memory usage is consistently high or remove them if it's consistently low.

• Schedule-based rules: This method is used for predictable spikes or dips in demand. For example, you can set a rule to:

  • Scale out to 10 instances every weekday morning at 9:00 AM.

  • Scale in to 3 instances every weekday evening at 6:00 PM.

• Predictive autoscale: An advanced feature that uses machine learning to forecast future CPU load based on historical usage patterns. This allows your scale set to proactively scale out before a traffic surge occurs, rather than reactively.

Key concepts

• Scale out: The process of adding extra VM instances to the scale set to handle increased demand.

• Scale in: The process of removing unnecessary VM instances from the scale set when demand decreases, which reduces costs.

• Instance limits: For any autoscale profile, you define the minimum, maximum, and default number of VM instances. This prevents you from incurring excessive costs or having an insufficient number of running instances.

• Cooldown period: A delay after a scaling event before the next one can occur. This allows the system to stabilize and prevents rapid, unnecessary scaling actions known as "flapping".

• Scale-in policy: When scaling in, you can configure which VMs are removed first. Options include:

  • Default: Balances instances across Availability Zones and Fault Domains, then deletes the VM with the highest instance ID.

  • NewestVM: Deletes the most recently created VM.

  • OldestVM: Deletes the oldest VM.

How it benefits your applications

• High availability: Spreads identical VM instances across multiple fault domains, so if one VM fails, others can continue processing requests.

• Cost efficiency: Scales down the number of instances during off-peak hours, so you only pay for the resources you need.

• Improved management: Simplifies the management of large groups of VMs by treating them as a single resource.

• Consistent configuration: All VMs in the scale set are created from the same base image and configuration, ensuring consistency.

Auto-stop Virtual Machines based on CPU utilization is an automation strategy in Azure that helps reduce costs by automatically shutting down virtual machines (VMs) that have low or idle CPU usage for a specified duration. This is more intelligent than a fixed-schedule shutdown, as it can respond dynamically to your actual resource usage.

How it works

This cost-saving method uses a combination of Azure Monitor and Azure Automation.

1. Metric alert: An Azure Monitor metric alert is configured to continuously track the average CPU usage of one or more VMs.

2. Trigger condition: You define a rule that sets a threshold for low CPU usage (e.g., average CPU is less than 5% for 30 minutes).

3. Action group: When the alert is triggered by the idle CPU condition, it activates an action group.

4. Automation runbook: The action group is configured to execute an Azure Automation runbook. A pre-built "Stop VM" runbook is a common choice for this purpose.

5. Shutdown: The runbook performs the final action, deallocating the idle VM. A deallocated VM does not incur compute charges, though you will still be billed for the associated storage.

Benefits

• Dynamic cost savings: The main advantage is that it saves money on compute costs by not running VMs when they are not being used, which is more efficient than a simple time-based schedule.

• Automated operation: Once configured, the process is fully automated, eliminating the need for manual intervention to manage idle VMs.

• Scalable: The same logic can be applied to multiple VMs, resource groups, or entire subscriptions, making it a scalable solution for larger environments.

• Notifications: You can also configure the action group to send email or other notifications to administrators when a VM is shut down, providing visibility into the process.

Limitations

• Setup complexity: Setting up this dynamic automation is more complex than the built-in, fixed-schedule auto-shutdown feature.

• Does not auto-start: This solution only addresses stopping idle VMs. To automatically start them again, you need to configure a separate, often schedule-based, solution using Azure Automation or Azure Functions

Azure Cost Analysis is a free, built-in tool within the Azure portal that provides comprehensive visibility into your cloud spending. It is a component of the Azure Cost Management + Billing suite, and its primary purpose is to help you analyze, manage, and optimize your costs.

Attached is the Chapter 4_Reference Document

Virtual Network Peering and VNet-to-VNet VPN gateway connection

Virtual Network Peering:

Virtual network peering is used to connect two or more Virtual Networks in Azure. Once the Virtual networks are connected using peering it will appear as one network. The traffic between VM is routed through Microsoft infrastructure through private IP addresses only.

Types of Virtual network peering:

1. Virtual network peering: Connect virtual networks within the same Azure region.

2. Global virtual network peering: Connecting virtual networks across Azure regions.

The two methods, Azure Virtual Network (VNet) peering and VNet-to-VNet VPN gateway connections, both connect virtual networks, but they are used for different purposes and offer different capabilities.

Virtual Network Peering

VNet peering is a non-transitive, high-bandwidth connection that links two virtual networks, treating them as a single network for connectivity.

Key characteristics

1. High performance: Peering provides a low-latency, high-bandwidth connection since traffic is routed directly through the private Microsoft backbone network, not through a gateway or the public internet.

2. Encrypted traffic: The traffic is not encrypted by default but can be optionally encrypted with the Virtual Network encryption feature.

3. Simplified routing: When you peer VNets, the network appears as one for connectivity purposes. This simplifies routing without the need for complex gateway configurations.

4. Supports global peering: You can peer VNets within the same region (local peering) or across different Azure regions (global peering).

5. Non-transitive: If VNet A is peered with VNet B, and VNet B is peered with VNet C, VNet A and VNet C cannot communicate directly. You must explicitly peer them.

Best for

1. Workloads that require low latency and high throughput, such as cross-region data replication, database failovers, or multi-tier applications within a region.

2. Connecting VNets across different Azure subscriptions or Microsoft Entra tenants.

VNet-to-VNet VPN Gateway connection

A VNet-to-VNet VPN gateway connection creates a secure, encrypted tunnel over a public IP endpoint to send traffic between Azure virtual networks.

Key characteristics

1. Encrypted traffic: The connection uses IPsec/IKE encryption, which is ideal for scenarios with strict security or compliance requirements.

2. Lower performance: Traffic travels over a public endpoint and through gateways, resulting in higher latency and lower bandwidth compared to peering.

3. Automatic routing updates: For connections in the same subscription, Azure automatically populates and updates the route information for the connected VNets.

4. Transitive routing: With BGP enabled, VNet-to-VNet connections can achieve transitive routing, allowing traffic to pass through multiple gateways to reach other connected VNets.

5. Overlapping address spaces: VPN gateways can be used to connect VNets with overlapping IP address ranges by implementing Network Address Translation (NAT) rules.

Best for

1. Scenarios where you need to connect VNets and require data encryption, especially for traffic that might be sensitive.

2. Connecting VNets across different subscriptions or tenants when high bandwidth is not the primary concern.

3. Enabling transit connectivity through a central "hub" network, allowing other peered "spoke" VNets to also access on-premises networks.

Azure App Service is a fully managed Platform-as-a-Service (PaaS) for building, deploying, and scaling web apps and APIs. It supports various programming languages and is a cost-effective solution for running web, mobile, and API applications.

Key features

• Built-in security: Provides built-in HTTPS, TLS/SSL certificates, authentication with providers like Microsoft Entra ID, and static IP restrictions. It is also integrated with Microsoft Defender for Cloud.

• Scalability: App Service can scale out (add more VM instances) or scale up (get more CPU, memory, and disk space) depending on your needs. Scaling can be done manually, automatically based on metrics like CPU usage, or on a schedule.

• Deployment slots: Allows you to create separate environments for testing new versions of your app before swapping them into production. This enables zero-downtime deployments and simplified rollbacks.

• DevOps integration: Supports continuous integration and continuous deployment (CI/CD) with tools like GitHub Actions and Azure Pipelines. You can deploy applications from various sources, including Git and container registries.

• Support for multiple stacks: You can run apps built with .NET, Java, Node.js, Python, or PHP. It also supports deploying containerized applications.

• High availability: Guarantees high availability and automatically handles load balancing and patching of the underlying OS and frameworks.

App Service plans

The App Service Plan is the underlying set of compute resources that your App Service runs on. The plan determines the features and scaling capabilities available to your app. Tiers include:

• Free and Shared: For trials, learning, and testing, with limited resources.

• Basic: For low-traffic applications that require dedicated resources but not advanced scaling.

• Standard: Includes features like autoscaling and deployment slots, suitable for production workloads.

• Premium: Offers enhanced performance with faster processors, SSD storage, and more memory.

• Isolated: Provides complete network isolation within a dedicated virtual network (App Service Environment) for mission-critical applications.

Common App Service use cases

• Web Apps: Hosting web applications and websites, from simple company websites to complex, multi-tiered enterprise applications.

• API Apps: Developing, hosting, and deploying RESTful APIs for internal or external consumption, with features for API management and security.

• Mobile Apps: Creating a backend for mobile applications that provides authentication, offline data sync, and push notifications.

• Container Apps: Running single Docker containers or containerized web apps.

"Create a web app" refers to the process of building, deploying, and hosting a web application. In Azure, the primary service for this task is Azure App Service, a fully managed Platform-as-a-Service (PaaS) that simplifies the entire process. Instead of managing underlying infrastructure, you can focus on building your application's code.

Key components for creating a web app in Azure

• App Service Plan: The plan defines the underlying compute resources that run your web app, including the OS (Windows or Linux), geographical region, size, and pricing tier (from Free to Isolated).

• Resource Group: A logical container for your Azure resources. A best practice is to group related resources, like your web app and its database, in the same resource group for easier management.

• Unique App Name: Your web app will be given a unique URL, which must be unique across all of Azure.

• Runtime Stack: You choose the technology stack your app uses, such as .NET, Java, Node.js, Python, or PHP. You can also deploy a Docker container.

Process for creating a web app

1. Log in to the Azure portal and search for "App Services".

2. Click "Create" and select "Web App".

3. Fill in the necessary details on the Basics tab, including your subscription, resource group, app name, and runtime stack.

4. Configure other settings based on your needs, such as deployment options (GitHub, Azure DevOps), monitoring (Application Insights), and networking.

5. Review and create the web app. Once deployed, you can navigate to the app's default URL to see the default landing page.

6. Deploy your code to the new web app. You can use various methods, including GitHub Actions for CI/CD, Visual Studio's "Publish" function, or FTP.

Scaling web apps refers to adjusting the resources allocated to a web application to maintain or improve its performance, reliability, and cost-efficiency as user demand and traffic change. A web app that can handle increased load without slowing down or crashing is considered scalable.

In Azure App Service, there are two primary methods for scaling:

1. Vertical scaling (Scale up)

Vertical scaling, or "scaling up," means increasing the resources of the virtual machine running your application. You do this by changing the App Service plan to a higher pricing tier, which provides more CPU, memory, and disk space.

• Best for: Moderate increases in traffic or for workloads that cannot be easily distributed across multiple instances.

• Limitations: There is a physical limit to how powerful a single machine can be. Once you reach the highest tier, you cannot scale up further.

• Downtime: Vertical scaling may require a restart of the app, causing brief downtime.

2. Horizontal scaling (Scale out)

Horizontal scaling, or "scaling out," involves increasing the number of virtual machine instances that run your application. An Azure load balancer automatically distributes incoming traffic across all the instances.

• Best for: Handling large, unpredictable traffic spikes and for building highly available, fault-tolerant systems.

• Flexibility: It allows you to scale almost limitlessly by adding more instances to your resource pool.

• Zero-downtime: Instances can be added or removed without impacting the user experience, making it ideal for continuous availability.

How to manage horizontal scaling in Azure App Service

• Manual scaling: You can manually adjust the instance count as needed. This gives you full control but requires constant monitoring.

• Autoscaling (recommended): With Azure Monitor, you can configure automatic scaling based on a set of rules, ensuring your application responds dynamically to demand.

  • Metric-based rules: Scale out (add instances) when a metric like average CPU usage exceeds a threshold, and scale in (remove instances) when it falls back down.

  • Schedule-based rules: Scale the instance count based on time of day or day of the week to prepare for predictable traffic patterns.

Factors to consider when scaling

• Cost: Horizontal scaling can be more cost-effective in the long run because you only pay for the extra instances when you need them. Vertical scaling involves a higher fixed cost for the more powerful machine.

• Application architecture: Horizontal scaling works best with stateless applications (where no data is stored on the server), as requests can be sent to any instance. For stateful apps, you may need a hybrid approach

"Backup Web apps" refers to the process of creating a secure copy of your web application's files, configuration, and associated databases. The goal is to be able to restore your web app quickly in case of data loss, corruption, or a disaster.

In Azure, this is managed with the built-in Backup and Restore feature for App Service.

What is included in a web app backup?

When you back up an App Service web app, the backup file includes:

• App configuration: All your web app's settings and configurations.

• File content: All the files located in your app's directory. For example, in a WordPress site, this would include themes, plugins, and media uploads.

• Databases: You can also include supported databases that are linked to your app with connection strings, such as Azure SQL Database, Azure Database for MySQL, and PostgreSQL.

Key backup methods and features

Azure App Service offers several ways to back up your web app, depending on your App Service plan (Standard, Premium, or Isolated).

• Manual backups: Trigger a backup at any time through the Azure portal. Manual backups are retained indefinitely until you delete them.

• Custom scheduled backups: Configure a schedule for automatic backups, specifying the frequency (hourly or daily) and retention period.

• Partial backups: Choose to back up only specific folders and files by creating a _backup.filter file. This is useful for large apps or for excluding non-essential data like log files.

• Automatic backups: For certain plans, automatic hourly backups are created and stored for 30 days. However, these are not stored in your storage account and are not recommended for disaster recovery planning.

How the backup process works

1. Configure storage: You select an existing Azure Storage account and container within the same subscription to store your backup files.

2. Back up data: Azure App Service compresses the app configuration, files, and database into a single .zip file and stores it in your designated storage account.

3. Restore: You can restore the app to its original state, to a new app, or to a deployment slot. You also have the option to restore only the files or the entire app, including its configuration.

Best practices

• Automate your backups: Set up a custom schedule to ensure regular backups, aligning with your Recovery Point Objective (RPO) and Recovery Time Objective (RTO).

• Secure your backups: Encrypt your storage account and ensure access controls are in place to protect your backup files.

• Test your restore process: Regularly restore your backups to a test environment to ensure they are valid and that your recovery process works as expected.

• Use native database backups for critical data: Starting in 2028, custom backups will no longer include linked databases. For mission-critical data, use the native backup features of your database service for more robust protection

"Backup Web apps" refers to the process of creating a secure copy of your web application's files, configuration, and associated databases. The goal is to be able to restore your web app quickly in case of data loss, corruption, or a disaster.

In Azure, this is managed with the built-in Backup and Restore feature for App Service.

What is included in a web app backup?

When you back up an App Service web app, the backup file includes:

• App configuration: All your web app's settings and configurations.

• File content: All the files located in your app's directory. For example, in a WordPress site, this would include themes, plugins, and media uploads.

• Databases: You can also include supported databases that are linked to your app with connection strings, such as Azure SQL Database, Azure Database for MySQL, and PostgreSQL.

Key backup methods and features

Azure App Service offers several ways to back up your web app, depending on your App Service plan (Standard, Premium, or Isolated).

• Manual backups: Trigger a backup at any time through the Azure portal. Manual backups are retained indefinitely until you delete them.

• Custom scheduled backups: Configure a schedule for automatic backups, specifying the frequency (hourly or daily) and retention period.

• Partial backups: Choose to back up only specific folders and files by creating a _backup.filter file. This is useful for large apps or for excluding non-essential data like log files.

• Automatic backups: For certain plans, automatic hourly backups are created and stored for 30 days. However, these are not stored in your storage account and are not recommended for disaster recovery planning.

How the backup process works

1. Configure storage: You select an existing Azure Storage account and container within the same subscription to store your backup files.

2. Back up data: Azure App Service compresses the app configuration, files, and database into a single .zip file and stores it in your designated storage account.

3. Restore: You can restore the app to its original state, to a new app, or to a deployment slot. You also have the option to restore only the files or the entire app, including its configuration.

Best practices

• Automate your backups: Set up a custom schedule to ensure regular backups, aligning with your Recovery Point Objective (RPO) and Recovery Time Objective (RTO).

• Secure your backups: Encrypt your storage account and ensure access controls are in place to protect your backup files.

• Test your restore process: Regularly restore your backups to a test environment to ensure they are valid and that your recovery process works as expected.

• Use native database backups for critical data: Starting in 2028, custom backups will no longer include linked databases. For mission-critical data, use the native backup features of your database service for more robust protection

Azure Kubernetes Service (AKS) is a managed Kubernetes offering from Microsoft Azure. It simplifies the process of deploying, managing, and scaling containerized applications by offloading the management of the underlying Kubernetes control plane to Azure. This allows developers to focus on building applications rather than managing complex infrastructure.

Key features of AKS

• Reduced operational overhead: Azure manages the critical tasks of Kubernetes, including monitoring, maintenance, patching, and upgrades, so you only need to manage and pay for the worker nodes.

• Scalability: AKS can automatically scale your cluster's pods and nodes based on demand, using tools like the Horizontal Pod Autoscaler (HPA) and the cluster autoscaler.

• Integration with Azure services: AKS integrates with other Azure services to provide a complete solution, including:

  • Azure Container Registry (ACR) for storing and managing your container images.

  • Azure Monitor for gathering metrics and logs from your cluster.

  • Azure Policy for enforcing security and governance policies.

  • Azure Backup for backing up and restoring persistent volumes.

• Security and compliance: AKS is integrated with Microsoft Entra ID (formerly Azure Active Directory) for role-based access control (RBAC), allowing you to secure access to your cluster. It also meets various compliance standards, such as SOC, ISO, PCI DSS, and HIPAA.

• Support for diverse workloads: You can run a wide range of workloads on AKS, including microservices, data streaming, and machine learning models. It also supports both Linux and Windows containers.

• Hybrid capabilities: Azure Arc can extend AKS to run in on-premises datacenters or other cloud environments, allowing for consistent management across hybrid and multi-cloud environments.

How AKS simplifies Kubernetes

In a self-managed Kubernetes deployment, you are responsible for maintaining the control plane, which includes the API server, scheduler, and etcd. This requires significant expertise and can be a major operational burden.

With AKS, Azure takes on that responsibility, providing you with a managed control plane at no cost. You only need to manage the worker nodes that run your containerized applications. This simplifies operations and allows you to leverage the benefits of Kubernetes without the associated management complexity.

What is Azure Firewall

Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. As a fully stateful firewall as a service (PaaS), it provides built-in high availability and unrestricted cloud scalability, removing the need for you to manage the underlying infrastructure.

Key features

Azure Firewall offers several key features, including centralized management for network and application connectivity policies, often used in a hub and spoke network topology. It uses Microsoft Threat Intelligence for real-time alerts and filtering of malicious traffic. The service also provides built-in scalability to handle varying traffic demands automatically.

Azure Firewall is available in three tiers: Basic, Standard, and Premium. The Premium tier is designed for sensitive environments, Standard includes features like L3-L7 filtering and threat intelligence, and Basic is a cost-effective option for smaller businesses.

Core capabilities

Core capabilities include outbound filtering based on FQDN, IP address, port, and protocol, and inbound filtering for non-HTTP/S protocols. It also supports Network Address Translation (NAT), including SNAT and DNAT. For enhanced threat protection, the Premium SKU offers IDPS and TLS inspection. All events are integrated with Azure Monitor for logging and analysis

Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. It enables various Azure resources, like Virtual Machines (VMs), App Services, and databases, to communicate securely with each other, the internet, and your on-premises networks.

A VNet provides a secure, isolated environment for your resources, offering the benefits of cloud infrastructure like scale and availability, combined with the networking concepts you'd find in a traditional data center.

Key components of Azure Virtual Networking

• Address space: When creating a VNet, you define a custom private IP address space using either public or private IP ranges. Azure automatically assigns private IP addresses from this space to the resources you deploy in the VNet.

• Subnets: A VNet can be segmented into one or more subnets, which are logical divisions of the VNet's address space. Subnets allow you to logically group and isolate resources, and you can apply network security controls to each subnet.

• Network Security Groups (NSGs): These act as a firewall, allowing you to filter network traffic to and from resources within a VNet. NSGs use security rules to define access based on source and destination IP addresses, ports, and protocols.

• Routing: Azure provides default routing for traffic within a VNet, between subnets, and to the internet. You can also create custom route tables to control where traffic is routed.

• Virtual Network Peering: This feature allows you to seamlessly connect two or more VNets, enabling resources in different VNets to communicate with each other over the Microsoft backbone network.

• VPN Gateway: A VPN Gateway is used to connect your VNet to your on-premises network or to another Azure VNet over an encrypted connection.

• ExpressRoute: For a more reliable and private connection, ExpressRoute extends your on-premises network to Azure over a private connection with a connectivity provider.

• Private Endpoint: This feature uses a private IP address from your VNet to access Azure services (PaaS) like Azure Storage and Azure SQL Database securely, without needing to go over the public internet.

Common uses of Azure VNet

• Isolating cloud resources: You can build a fully isolated network for your applications, allowing your resources to communicate privately and securely.

• Creating hybrid solutions: You can securely extend your on-premises data center to the cloud by connecting your corporate network to your VNet.

• Filtering and controlling traffic: Using NSGs and route tables, you can implement fine-grained control over network traffic for better security.

• Deploying dedicated services: Some Azure services can be deployed directly into a VNet for increased security and network control.

Load balancing is the process of distributing network traffic and computational workloads across multiple servers, or a "server farm". This prevents a single server from being overwhelmed by requests, thereby improving an application's performance, reliability, and availability.

How a load balancer works

A load balancer acts as a "traffic cop," sitting in front of a group of servers and directing incoming client requests to the most appropriate server. The basic process involves these steps:

1. Incoming request: A user's request first reaches the load balancer, not a specific server.

2. Health check: The load balancer continuously monitors the health of all backend servers. It only forwards requests to servers that are healthy and available.

3. Traffic distribution: Based on a chosen algorithm, the load balancer selects a server to handle the request and forwards it. This ensures that no single server is overworked.

4. Response: The selected server processes the request and sends the response back to the client, often through the load balancer, hiding the internal server structure.

Key benefits

• High availability and fault tolerance: If one server fails, the load balancer automatically redirects traffic to the remaining healthy servers, preventing service interruptions.

• Scalability: By distributing traffic, load balancing enables horizontal scaling. This means you can add more servers to handle increased traffic, rather than upgrading a single, more expensive server.

• Improved performance: Distributing the workload evenly prevents server bottlenecks, which leads to faster response times for users.

• Efficient resource utilization: Load balancing ensures that all servers share the workload efficiently, preventing some from being underutilized while others are overloaded.

Types of load balancing

Load balancing can be categorized in several ways, primarily based on the layer of the network where it operates:

• Layer 4 (Transport Layer): Distributes traffic based on network information like IP addresses and ports.

• Layer 7 (Application Layer): Distributes requests based on the actual application content, such as HTTP headers, URLs, or cookies.

Common load balancing algorithms

The algorithm a load balancer uses determines how it distributes traffic. Some common algorithms include:

• Round Robin: Distributes requests sequentially to each server in a rotating manner.

• Least Connections: Directs new requests to the server with the fewest active connections, which is useful for situations with varying request times.

• Weighted Round Robin: Assigns different weights to servers based on their capacity. Servers with higher weights receive more traffic.

• IP Hash: Uses the client's source IP address to determine which server to route the request to. This ensures a client's requests consistently go to the same server

Attached is the Chapter 5_Reference Document

Monitoring and troubleshooting Azure virtual networking involves using native Azure tools to track network health, diagnose connectivity problems, and analyze traffic patterns. The primary service for these tasks is Azure Network Watcher.

Key tools for monitoring and troubleshooting

1. Azure Network Watcher
This suite of tools is essential for diagnosing, monitoring, and enabling logs for virtual network resources.

• Connection Monitor: Provides end-to-end, continuous monitoring of network connectivity. It helps you visualize network performance, track latency and packet loss, and set alerts for connectivity issues between Azure and hybrid endpoints.

• IP Flow Verify: Allows you to check if a packet is permitted or denied to or from a VM. It's useful for detecting traffic filtering issues caused by Network Security Group (NSG) rules.

• NSG Diagnostics: Similar to IP Flow Verify, this tool helps you validate NSG rules on a VM, scale set, or application gateway.

• Next Hop: Determines the next hop for traffic from a VM to a destination IP. It's crucial for diagnosing routing problems caused by misconfigured route tables.

• VPN Troubleshoot: Diagnoses and troubleshoots common issues with VPN gateways and their connections, such as shared key mismatches or configuration problems.

• Packet Capture: Remotely initiates packet capture sessions on a VM to capture and analyze network traffic.

2. Azure Monitor
Azure Monitor is a comprehensive solution that collects metrics and logs from every component of your system.

• Metrics: You can analyze platform metrics for virtual networks, such as traffic throughput and usage.

• Activity Logs: Provides information on subscription-level events, such as creating or deleting a VNet or making configuration changes.

• Alerts: Configure alerts to proactively notify you when specific conditions occur, such as a connection failing or network traffic exceeding a threshold.

3. Traffic Analytics and NSG Flow Logs

• NSG Flow Logs: Capture IP traffic information flowing through an NSG and store it in an Azure Storage account.

• Traffic Analytics: A cloud-based solution that analyzes NSG flow logs to provide insights into traffic patterns, top talkers, security threats, and network hotspots.

Common virtual network issues and troubleshooting steps

1. Connectivity between two Azure VMs fails

• Check NSG rules: Use Network Watcher's IP Flow Verify or NSG Diagnostics to check for restrictive rules on both the source and destination VM.

• Check host firewall: Ensure that the OS-level firewall (e.g., Windows Firewall or ufw on Linux) isn't blocking traffic.

• Test connectivity: Use tools like tcping from one VM to another to test connectivity on specific ports.

2. Unable to connect to a VPN gateway

• Verify shared key: Ensure the pre-shared keys match exactly on both the Azure VPN gateway and your on-premises device.

• Check peer IPs: Confirm that the IP address definitions in Azure's Local Network Gateway match your on-premises device's IP.

• Run VPN Troubleshoot: Use Network Watcher's VPN Troubleshoot to run diagnostics and get specific error details.

3. App Service cannot connect to a VNet resource

• Verify integration: Use the Network Troubleshooter in the App Service portal to confirm that VNet integration is configured correctly and has a private IP.

• Check DNS: Use nameresolver.exe in the App Service's Kudu console to confirm that DNS resolution is working.

• Check NSGs: Ensure that NSG rules don't block traffic from the App Service's integration subnet to the destination.

4. Routing issues

• Use Next Hop: In Network Watcher, run the Next Hop tool to determine if traffic is being routed to the correct destination.

• Review route tables: Examine your User-Defined Routes (UDRs) to ensure they are configured correctly and not overriding system routes unexpectedly

Azure Monitor is a comprehensive service that provides full-stack observability for your applications and the Azure resources they depend on. It helps you maximize the availability and performance of your applications by collecting, analyzing, and acting on telemetry from your cloud and on-premises environments.

How Azure Monitor works

Azure Monitor automatically collects two fundamental types of monitoring data and stores them in a shared data platform:

• Metrics: Numerical values that describe some aspect of a system at a particular point in time, such as CPU usage or network traffic.

• Logs: Records of events that happen over time, containing different kinds of data, like resource logs and traces.

Key monitoring capabilities

1. Data analysis and visualization

• Metrics Explorer: A tool in the Azure portal for creating charts to visualize metrics over time.

• Log Analytics: A powerful query engine that uses the Kusto Query Language (KQL) to run complex queries and analyze log data.

• Workbooks and dashboards: Customizable reports and visualizations that can combine text, metrics, and log queries from multiple data sources into a single pane.

2. Proactive alerting and automation

• Alerts: Configure alerts to proactively notify you when specific conditions are met, based on either metrics or logs.

• Action groups: Define reusable sets of actions (like sending emails, SMS, or webhooks) that are triggered when an alert fires.

• Autoscale: Automatically adjust the number of instances for resources like Virtual Machine Scale Sets or App Services to handle changes in application load.

3. Deeper insights

• Application Insights: An Application Performance Monitoring (APM) feature that collects detailed telemetry from your web apps, including request rates, dependencies, and exceptions.

• VM Insights: Monitors the performance and health of your Windows and Linux virtual machines, identifying processes and dependencies.

• Container Insights: Collects logs and metrics from containers deployed in Azure Kubernetes Service (AKS).

4. Specialized monitoring features

• Activity log: Provides a record of subscription-level events, showing who did what and when for management operations.

• Diagnostic settings: Enable and route detailed resource logs and metrics to a Log Analytics workspace, storage account, or event hub for further analysis and retention.

• Integrations: Azure Monitor integrates with many other Azure services (like Microsoft Sentinel and Azure Policy) and third-party tools (like Grafana and ServiceNow) for a more comprehensive monitoring solution.

Attached is the Chapter 6_Reference Document

Azure Update Manager is a unified, cloud-native service for managing and governing software updates across your fleet of machines. It allows you to monitor and apply updates to both Windows and Linux machines in Azure, on-premises, and on other cloud platforms via Azure Arc. Unlike its predecessor, it has no dependencies on Azure Automation or Log Analytics.

Key features

• Unified management: A single dashboard gives you central visibility into the update compliance of all your servers, no matter where they are located.

• Zero-onboarding experience: The service is natively integrated into Azure, eliminating the need for a complex onboarding process for Azure VMs.

• Flexible patching: Choose from various patching options to fit your workflow:

  • On-demand updates: Apply critical patches instantly when needed.

  • Scheduled updates: Configure custom maintenance windows for recurring updates based on your business requirements.

  • Automatic VM guest patching: Automatically install updates during off-peak hours for supported Azure VMs.

• Dynamic scoping: Group machines based on Azure tags, resource groups, or other criteria to apply updates at scale.

• Extended Security Updates (ESUs): Manage and apply ESUs for supported resources, such as Windows Server 2012/2012 R2, through Azure Arc.

• Enhanced security and reporting: Track update compliance and security status for your machines. You can also build custom dashboards and configure alerts to notify you of update statuses.

How it works

For Azure VMs and Azure Arc-enabled servers, Update Manager pushes an extension to the machine. This extension works with the local OS update client (Windows Update Agent on Windows or the package manager on Linux) to perform several tasks:

• Assessment: It retrieves the current status of system updates to determine which are missing.

• Installation: It initiates the download and installation of selected updates.

• Reporting: It sends assessment and installation results back to Azure, which are then displayed in the portal.

Common use cases

• Hybrid and multi-cloud environments: Monitor and patch all your servers from a central location, whether they're in Azure, a private data center, or another cloud provider.

• Security and compliance: Ensure critical and security updates are deployed promptly to maintain your security posture and meet compliance requirements.

• Operational efficiency: Automate and schedule patching processes to reduce manual effort and minimize disruptions to business operations.

• Centralized management: Consolidate your patch management tools into a single, unified service within Azure.

Attached is the Chapter 7_Reference Document

Azure Backup for SAP HANA is a managed, zero-infrastructure solution that provides native, Backint-certified backup support for SAP HANA databases running on Azure Virtual Machines. It eliminates the need for you to manage and maintain your own backup infrastructure, allowing for seamless backup and restore operations directly from Azure to a Recovery Services vault.

How it works

1. Zero-infrastructure backup: The solution uses a plugin that is installed on the SAP HANA VM. This plugin communicates with the HANA backup engine via the Backint APIs to stream data directly to a Recovery Services vault in Azure.

2. Backint certification: Azure Backup is certified by SAP to work directly with HANA's native APIs, ensuring application-consistent backups without relying on the underlying disk or VM type.

3. Registration and discovery: To enable backups, you run a preregistration script on the HANA VM to prepare the system and allow Azure Backup to discover the databases. An extension is installed during this process to handle backup and restore operations.

4. Flexible policy and retention: You can define backup policies to set schedules for full, differential, incremental, and log backups. These policies can also specify long-term retention for compliance and audit requirements.

5. Simplified restores: You can perform one-click, point-in-time restores to the original or an alternate HANA server. Azure manages the chaining of backups and catalogs behind the scenes.

Key advantages

• Low Recovery Point Objective (RPO): The solution supports a recovery point objective as low as 15 minutes, ensuring minimal data loss for critical workloads.

• High availability scenarios: Azure Backup supports databases configured with HANA System Replication (HSR), handling failovers automatically without requiring manual intervention.

• Combined backup approach: For a comprehensive strategy, you can use the Backint-certified solution for database-level backup and recovery while also using the standard Azure VM backup solution for the operating system and non-database disks.

• Snapshot-based backups: For very large databases, Azure Backup offers an instant, snapshot-based approach that is integrated with Backint. This improves backup and restore performance by creating snapshots of the managed disks.

Backup and restore process

1. Prerequisites: Create a Recovery Services vault in the same region and subscription as the HANA VM and ensure proper network connectivity.

2. Run preregistration script: On the HANA VM, execute the script to configure the system for backup. This creates a user with necessary permissions and installs the Azure Backup plugin.

3. Discover and configure: In the Azure portal, discover the HANA databases and apply a backup policy that defines the backup schedule and retention settings.

4. Monitor: Track the status of backup jobs and restore operations directly within the Azure portal.

Attached is the Chapter 8_Reference Document

Upgrading a SLES 12 SP5 virtual machine to SLES 15 SP5 in Azure is a managed, offline migration process that requires a planned maintenance window. Unlike minor service pack updates, a major version upgrade is not an online procedure. It requires using a special SUSE migration tool and rebooting the VM to complete the process.

For mission-critical workloads, such as SAP HANA, a clean installation on a new SLES 15 SP5 VM is recommended. An in-place upgrade can cause a disconnection between the VM's data and control planes, impacting features like auto-patching and Update Manager

In SUSE Manager, "De-Register" and "Register" refer to the process of adding or removing a client system from management by the SUSE Manager server. Registering a client enrolls it with the server, while deregistering removes it.

De-Register

Deregistering a client removes its entry from the SUSE Manager server's database and frees up the associated software subscription or entitlement.

Common reasons to deregister:

• Decommissioning a server.

• Migrating a server from one SUSE Manager to another.

• The system was cloned from another registered machine and needs a new, unique ID.

• The client needs a clean slate to resolve a registration issue.

How to deregister:

1. From the SUSE Manager Web UI: Navigate to Systems > System List, select the client you want to remove, and click Delete System.

2. From the client command line: Run the SUSEConnect --de-register command to remove the system from the registration server and its associated repositories. Manual cleanup of packages and configuration files may also be necessary.

Register

Registering a client enrolls it with the SUSE Manager server, enabling it to receive updates, patches, and configurations. The process connects the client's software channels and grants it the ability to be managed remotely by the server.

Common registration methods:

• Web UI: You can initiate the registration process from the SUSE Manager Web UI by providing the client's details and an activation key.

• Bootstrap script: For multiple clients or automation, a bootstrap script is a convenient method. You create a script on the SUSE Manager server and run it on the client to automate the registration process.

• Command line: You can also manually register the client using SUSEConnect, typically with an activation key.

• Re-registration: For clients that were previously registered and removed, you can use a reactivation key to re-register them with the SUSE Manager settings intact

On cloud-init virtual machines, swap space is virtual memory that the operating system uses on a temporary (ephemeral) disk to avoid crashing when physical memory (RAM) is exhausted. When RAM is full, the kernel moves inactive memory pages to the swap space, allowing the system to continue running. It is configured during the VM provisioning process using a cloud-init script.

Where swap is stored in Azure

In Azure, the recommended best practice is to place swap space on the VM's ephemeral disk.

• Performance: The ephemeral disk offers better performance because it is located on the physical server where the VM is hosted.

• Volatility: The data on this temporary storage is not persistent and is lost whenever the VM is deallocated or moved to a new host.

• Separation of concerns: Using the ephemeral disk for swap prevents performance impacts on the OS disk and data disks, which are persistent.

How cloud-init configures swap

Cloud-init uses a YAML configuration file to define how the swap space should be created and where it should be mounted. This process typically involves a few steps:

1. Define disk setup: The disk_setup section of the cloud-init file specifies the ephemeral disk and how it should be partitioned.

2. Format and label: The fs_setup section formats the new partition as a swap partition.

3. Mount and activate: The mounts section adds an entry to /etc/fstab to ensure the swap partition is mounted automatically on boot.

Cloud-init vs. Azure Linux Agent (waagent)

On Linux VMs, both cloud-init and the Azure Linux Agent (waagent) have the ability to create swap space.

• Conflict: Having both agents try to configure swap can lead to issues.

• Best practice: With the widespread use of cloud-init, the recommended approach is to disable the waagent's swap configuration by setting ResourceDisk.EnableSwap=n in /etc/waagent.conf and use a cloud-init script instead.

Attached is the Chapter 9_Reference Document