Becoming a Cloud Expert - Microsoft Azure IaaS - Level 1

Topics

• Cloud computing definition

• Microsoft Azure Cloud

• Azure Infrastructure as a Service (IaaS)

• Global footprint

• Azure Portal Overview

• Azure Resource Manager (ARM)

• Azure RBAC

Cloud Computing is the transformation of computer hardware, software and networks into a utility service just like electric, water or gas services. Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources, that can be rapidly provisioned and released with minimal management effort or service provider interaction.  

Microsoft Azure provides the services to build, manage and deploy applications on a global scale while using multiple data centers connected with a super fast network. The all hardware and software orchestration of the cloud infrastructure is done using a specialized cloud operating system, called “Microsoft Azure” developed by Microsoft.

The cloud services are supposed to be available on a global scale and this is one of the most impressive things about a public cloud provider, like Microsoft Azure, Amazon AWS, or Google cloud. Those players are building and running a huge global infrastructure and every year they announce on additional regions.  

Let's review the Azure web portal at a high level.

As part of the management layer of Azure, there is a central component that is called Azure Resource Manager, or in short ARM. The azure resource manager is used to allocate and deploy resources, organize resources into groups, control access to resources and much more.      

Let's review the Azure ARM inside Microsoft Azure - resources, resource groups, resource providers, accounts and subscriptions and deployment templates.

Access management for resources is a critical function for any group of users or an organization that is using the Azure cloud.  As administrators, the Role-based access control (RBAC) will be used to manage who has access to Azure resources and what they can do with those resources.

Let's create new users and assign them access to specific entities.

Topics

• What is Virtual Network?

• Virtual network setting

• IP Address Types

• VM, NICs and IP Configuration

• Azure Network Security

• Traffic filtering with security rules

• Network Security Group (NSG)

• Application Security Group (ASG) 

A virtual network is basically a private isolated connectivity layer being used to connect between a group of cloud resources.     

In azure a virtual network is a managed entity that users are creating with a group of setting that is configured during the creation process or added later when the virtual network entity is already created. 

Let's review the all process end-to-end for creating virtual network and subnets.

As soon as we have a new virtual network, we can create VMs as resources inside that virtual network or inside a specific subnet. Each resource must be assigned with at least one private IP address from the virtual network address range we allocated to the virtual network. In addition, if we want a resource inside the virtual network to access the outside internet than we will need to use also a public IP address.

We have an IP address, that can be public or private created dynamically or with a static configuration. In Azure, we have a virtual machine, network interfaces and IP configuration profiles. Let’s see how those building blocks are connected and what kind of combination we can create.

Let's review how to create network interfaces, attach them to VMs and create or adjust IP configuration.

All public cloud providers provide an ability to filter traffic and I am planning to present how it is being done in Microsoft Azure. In Microsoft Azure, we can filter network traffic to and from resources in a virtual network with an entity that is called a network security group.

Another useful option in Azure related to traffic filtering is using application security groups. The focus is moving to the function of the applications. We can group VMs based on their function.

Let's review how to configure NSG and ASG.

Topics

• The Power of a Cloud Storage

• Types of Cloud Storage

• Azure Storage Services

• Storage Replication Options

• Storage Accounts

• VMs Disks

• Encryption Data at Rest

Cloud storage is basically the option to store data on the Internet through a cloud computing provider who manages and operates data storage as a service. We talked about it in the introduction course about cloud computing but this is the power of the cloud, it is a public infrastructure enabling companies to build applications that can scale on a global level without the limitation of a single private data center.

There are three main storage types

• Block Storage

• File Storage

• And Object Storage

Storage services provided by public cloud providers are basically a mix of multiple options to fulfill the storage needs of a variety of applications.     

Any type of storage service, like blobs, files, disks, tables, and queues that we would like to use must be allocated inside a logical entity called a storage account. A storage account entity can be created and managed by us or in some cases it will be created and managed by Azure.

One of the most valuable features in a public cloud is high data durability. We know that data can be damaged because of many things like hardware failures, network or power outages, or maybe some massive site disasters. Systems availability is a critical factor and data is a critical component in almost all systems. This is why Microsoft Azure and also other cloud providers are replicating our data and enable us to configure the best replication option for our application.

• Locally-redundant storage

• Zone-redundant storage

• Geo-redundant storage

• Read-access Geo-redundant

Let's review how to create and manage a storage account.

In addition to allocating computing power and setting networking connectivity, we also would like the capability to allocate storage capacity as virtual disks.   

There are three types of azure VM disks:

• Operating System Disk (OS Disk)

• Temporary Disk

• Data Disk/s

Let's review how to create, attach and detach data disks for VMs.

Security is a critical part of any solution, including the storage. Our next topic is encryption data at rest, meaning data that is stored in Microsoft Azure storage services.

• Azure Key Vault

• SSE - Storage Service Encryption 

• Azure Disk Encryption (ADE)

Topics

• Virtualization

• Virtual Machines

• VM Types and Sizes

• Creating Windows\Linux VMs

• VMs Setting

• VMs Operation and Monitoring

At the core technology value of virtualization, we can say that virtualization is a great way to divide and optimize physical IT resources into logical entities or also called virtual resources. It is an abstraction management layer of physical objects into logical objects. Now going back to the cloud, a public cloud environment is all about virtualization but of course in a much larger scale than a single private data center. 

VM as a resource can be allocated on-demand while using the flexibility comes with a cloud environment. We can define the required VM from a variety of VM types and sizes to be used for different application workloads.

Every application or better call it workload will have a different resources consumption profile. Some applications require more CPUs power and less memory capacity and in other cases, it will be the other way around, more memory and less CPU power. So Microsoft Azure provides us with a variety of VM types and sizes that will be more optimized to the resources consumption profile of our application.

Let's review how to create a new VM while following the all process end-to-end.

VMs Setting

• Attaching Network Interfaces

• Attaching Data Disks

• Scaling a VM Size

• Security recommendations

• Adding Extensions

• Configure access control

VMs Operations

• Shutdown/Run a VM

• Configure Auto-shutdown

• Scheduled Backups

• Using Inventory management for installed software components

• Running scripts on a VM

VMs Monitoring

• Analyze activity logs

• Review metrics or KPIs

• Configure alerts

• Configure the diagnostics setting

• Review the Azure Advisor recommendations

Let's recap the main topics we covered in this course.

Thank you for joining and learning this course, let's speak about your next step moving forward as a Cloud Expert.