Azure Fundamentals- Beginners Guide, Part-2
Guide to clear Azure Fundamentals AZ-900 certification exam.
This is part 2 of Azure Fundamentals, it will help you to clear the AZ-900 Exam.
Link of part 1
2.2 Azure Core Services- Networking
2.2.1 Virtual Network
When we create a virtual machine in Azure it has to be a part of the virtual network. An azure virtual network is a home for your virtual machines, in the virtual network we specify the range of IP address and VMs gets the IP address as per our defined IP address range.
We can also do the subnetting of IP address range, subnetting is a logical separation of resources that we can have in a virtual network. Refer the image below for more detailed info.
Each subnet would have an address range which is a subset of your virtual network’s address range.
A private IP address is used for internal communication of VMs within a virtual network and public IP address is used for accessing the VM over the internet.
We can create a virtual network in azure by following the simple navigation and by filling in asked details. We can add subnets and address spaces later as well in the Azure virtual network.
2.2.2 Network Security Groups
Network Security groups are used for controlling the flow into and out of our virtual machines. It’s a kind of firewall that controls the traffic that comes and goes to VMs.
Network security group either get attached to VM’s Network Interface card or to the whole subnet. It means if it is attached to one VM then it will affect the VM only. If it attached to the subnet then it will control all VM’s within that subnet.
It consists of Inbound & Outbound security rules, as the name does imply inbound rules controls the traffic coming to the NSG and vice versa.
When we create inbound & outbound rules we need to fill a few things like priority, name, port, and a few other things.
There are few default rules which we can’t change or edit in inbound and outbound rules. That is used for internal communication of VMs also for the load balancers. Highlighted ones are default inbound rules which we can’t edit.
So if any application running on port 80 and if you want to allow connection to it, you need to create an inbound rule for the same.
If we want to restrict internet access of any VM then we need to create an outbound rule which will restrict the access.
2.2.3 Application Security Groups
Application security groups can be applied with the help of Network Security Groups.
Let’s say we have Application Servers and Database Servers for both of these servers network configuration will be different because the Application will be exposed to the internet but not the IP address of the Database servers. This can be achieved by subnetting or applying NSG to each server.
So instead of subnetting or assigning NSG to each VM, we create an Application Group and assign the VM to the appropriate group. Like Database Servers can be assigned to Group called Database and Application Servers can be assigned to Webservers.
So we can say Application Security Group is a logical separation of our Infrastructure, it also helps us to control the network traffic to our infra.
2.3 Azure Storage
2.3.1 Creating a Storage account
An Azure Storage account contains all your Azure Storage data items: blobs, files, queues, tables, and disks. You can create your storage account by following the simple navigation and by filling in all asked basic details.
2.3.2 Types of Storage Accounts
When we create our storage account we can see different types of accounts are available.
General Purpose V2- Recommended for most scenarios, it provides different services like blog, file, queue, and table.
General Purpose V1- Older version also provides the same features as V2.
BlockBobStorage Account- This is especially for premium performance for storing block blobs and append blobs.
FileStorage Account- This is especially for when we want premium performance for File-Only storage.
BlobStorage Account- This is a legacy storage account.
2.3.3 Service offered by Storage Accounts
Azure Storage account which helps us to store the data related to your application. It also has different types of services available to store your data.
1. Blob Storage- Object-level storage, any type of objects which we want to store. It is also used for storing disk files of VM’s which we create in Azure. It can be called as Virtual Hard Disk or VHD.
2. Table- When an application needs to store NoSQL data or table-like data, we can store it in Table type storage service.
3. File Service- It’s file share in a storage account, it could be accessed by different users or VM. It uses SMB protocol and it could be mount to different machines.
4. Queue- Queue service is used for receiving and sending messages for VMs. Or if we want to exchange messages between components of your application
2.3.4 Azure Storage Accounts- Replications
LRS (locally redundant storage)- It’s by default, here data is replicated synchronously 3 times within a physical location in the primary region. All data is within the same data center.
ZRS(Zone Redundant Storage)- Here data is replicated synchronously across 3 Azure Availability zones in the primary region. It means in 3 different data centers your data is replicated.
GRS(Geo Redundant Storage)- Here data is replicated synchronously across 3 data centers in the primary region same as ZRS. An additional thing is it also replicates asynchronously in the secondary region. The secondary region is only for disaster recovery solutions when the primary goes down secondary region comes into action.
RA-GRS(Read Access Geo Redundant Storage)- Same functionality as GRS, only difference is secondary region data is available for Reading access. Whereas in GRS secondary region data isn’t available until disaster.
General Purpose V2 offered most of the service and recommended to use. All these account types, services and replication more can be found here.
2.3.5 Access Tiers
There are different types of Access Tiers available.
Hot- Storing data that is accessed frequently. It can be set at the account level.
Cool- Storing data that is accessed infrequently. It can be set at the account level.
Archive- Rarely accessed, It can be set at the blob level.
2.3.6 Working with the blob service
This is object storage for the cloud, we can store unstructured data here as images, videos, documents, and more.
When we use blob service we need to create a container and this container stores the blob objects.
There are three different types of blobs
Block blobs — This is used for storing text and binary data. Append blobs — This is ideal for logging data. Page blobs — This is used to store virtual hard disk files for Azure virtual machines.
We need to create a container if we want to use blob service we can do this by opening your storage account and click on the container.
When we open our storage account we can see all associated details like Access tier, replication, and account type.
If we want to create a container then click on it and the container will be created within a storage account then you can store your files/data over there. The access level of this container can be modified as well.
Queue storage is used to prompt a message or to take some action before something gets uploaded to storage. In the same way, we can create file shares, tables, and queues within the storage account. Containers are widely used though.
3.1 Azure Load Balancer
An Azure load balancer is a method to distribute the traffic between different VM’s of your application. Let's say your application is deployed across 3 VMs and users accessing only 1 VM then what’s the point of having 3 VMs, so Load balancer distributes the incoming connections to VM.
It uses a 5-tuple (source IP, source port, destination IP, destination port, protocol type). It helps us to increase the smooth availability of your entire application architecture.
The load balancer has different components
1. Backend pool- Set of VMs where traffic distribution is required.
2. Frontend IP- Public IP address which is exposed to the user and same public IP is assigned to load balancer.
3. Health probe- it is used by the load balancer to check whether allocated VMs are healthy are not, whether traffic connections are evenly distributed or not.
4. Balancing rules- Rules which define how a load balancer should behave with VMs, we need to mention the port number, backend pool, health probe, and other.
We need to make few changes before we can apply load balancer to a set of VMs like, we have to remove the public IP address of VM because we want them to be accessed from the load balancer’s IP address.
3.2 Azure Function, Web Apps, and Logic Apps
Web Apps- Azure allows you to host your application on the web, where you don’t need to worry about the underlying infrastructure you can focus on code development.
You can publish your application to the web using visual studio or other tools by providing your azure credentials given you have already created an App in azure.
Azure Functions- This service allows you to run small pieces of code as functions. You only get billed for the amount of time the code is run
Logic Apps- This is a cloud service that helps you schedule, automate and orchestrate tasks, business processes, and workflows.
We need to design a workflow, each workflow starts with a trigger, and these triggers are fired by a specific event.
3.3 Azure Traffic Manager
It’s a DNS-based traffic load balancer that distributes traffic across different Azure regions. It works on the basis of the traffic routing method and directs client requests to the most appropriate service endpoint.
Traffic routing methods work on the basis of priority, weighted, performance, geography, and subnet.
3.4 Azure Kubernetes Service
What is Docker & container
We all are well aware of virtualization, it helps us to create multiple VMs from one physical hardware, and for virtualization, we need hypervisor-based tools such as VMware which creates VMs out of your physical hardware.
We can say Docker and container provide the next level of virtualization, it can create multiple containers from the same VMs. All of these containers are isolated from each other, they also contain OS libraries so they work as an isolated OS where you can deploy your application.
As we require a VMware tool for virtualization in the same way we need a Docker engine on top of VMs to create containers from VM.
What is Kubernetes
Kubernetes is container orchestration software. It helps us to manage all containers and VMs all together. It is open-source software.
How it works
We create one master cluster and create nodes/VMs from this master cluster. Kubectl CLI-based tool which will help to create containers from your VMs.
Kubernetes can provide DNS names to the container, it can also restart the failed cluster.
How to deploy Apps in container
You need to create a container instance in Azure by filling in all the asked details. The most important thing is the selection of image as you can see below, remember containers based out of an image which is available or you can create it.
Docker hub is a place where you can find all available images
Once the container is created you can access it by public ip address or as per the configuration.
3.5 Azure DevOps
DevOps is a complete set of tools that can be used to help teams to plan work, collaborate on code development, and build and deploy applications.
Azure DevOps has the following services
1. Azure Repos- It hosts git repositories. Which could consist of scripts/code.
2. Azure Pipelines- It helps us for CICD, continuous integration continuous deployment.
3. Azure Boards- it helps us to plan and track work items
4. Azure test plan- Tools for testing of application.
5. Azure Artifacts- it helps us to share packages from public and private sources.
How it works
In Azure Boards, we create tasks that we assign to Developers. Developers then write code for assigned tasks and upload it to the Azure Repos. Repos then can trigger an action in Azure pipelines which can build/release the application.
Boards — —>Repos — →Pipelines — →Application build/Released.
There are more things to learn before you give the exam, I have learned all of these topics from Microsoft Learning and made notes out of it.
Note- Don’t rely on Exam Dumps as Microsoft has updated their Exam question on 9th November 2020.
