Please enable JavaScript.

Coggle requires JavaScript to display documents.

Azure Developer - OLD - Coggle Diagram

- - - - Free
        Assessments + recommendations
      - Standard
        JIT VM access + threat detection ...
  - - - Service Certificates
        Used by cloud services
      - Management Certificates
        Authentication with Management API's
  - - - Rest - Disk encryption (default)
      - Process
      - Transit -
        Protect using P2S VPN, S2S VPN, TLS, ExpressRoute
    - - Time-based retention
      - Legal-hold policy - read-only until hold released
    - - Region pairs
  - - - Hardware Protected Keys
        Secured using a HSM
      - Software Protected Keys
        Protected using software generated keys
    - - Use RBAC to control access
      - Store certificates in Key Vault
      - Enable soft-delete (90 day retention)
      - Limit Contributor access - can grant themselves
        Instead use 'Key Vault Contributor' role - no data access
      - Do not store user data,
        only store server data
      - Developers - need get / list access
        Senior Dev - full access
        Applications - need get access
      - Restrict networks / IP's can be access from
    - - Get-AzureRmKeyVault
        List vaults
      - Get-AzKeyVaultSecret
        Get stored secrets
    - - Self-signed
      - App generated CSR
      - Integrated CA CSR
- - - - Consumption - Isolated, auto-scale, no AAD integration, no vnet
      - Developer - private, 1 scale unit, no SLA, vnet
      - Basic - private, 2 scale units, no AAD integration
      - Standard - private, 4 scale units
      - Premium - private, 10+ scale units, vnet, multi-region
    - - Promotes micro-service architecture - Decouple backend
      - Micro-services may reside different IP / domain
      - Apply consistent rules and standards e.g. authentication
      - Masks backend service layer
  - - - Queue Storage
        Choose if:
        
        Need simple queue solution
        
        Need audit trails - retain messages
        
        Queue size > 80gb
        
        Track queue progress
      - Service Bus
        Choose if:
        
        Need At-Most-Once or FIFO delivery
        
        Transaction support
        
        Receive messages without polling the queue- Role-based access
        
        Larger messages - upto 256KB (standard) or 1MB (premium)
        
        Queue size is < 80gb- Publish / consume batches of messages
        
        Queue
        Only 1 subscriber receives message
        Pricing based on queue size + number of operations
        Available in v1 or v2 storage only, not blob storage
        
        Authorisation
        
        Azure Active Directory
        
        Shared Key
        
        Shared Access Signature (SAS)
        
        Choose if:
        
        Need At-Most-Once or FIFO delivery
        
        Transaction support
        
        Receive messages without polling the queue
        
        Role-based access
        
        Larger messages - upto 256KB (standard) or 1MB (premium)
        
        Queue size is < 80gb
        
        Publish / consume batches of messages
        
        Azure Storage Client Library - .NET
        
        CloudStorageAccount - Azure storage account
        
        CloudQueueClient - Azure queue storage
        
        CloudQueue - queue instance
        CreateIfNotExistsAsync, AddMessageAsync, GetMessageAsync, DeleteMessageAsync
        
        CloudQueueMessage - message
        
        JavaScript API
        QueueClient class - SendAsync, RegisterMessageHandler, CompleteAsync
        
        Topic
        All subscribers receive message
        
        Microsoft.Azure.ServiceBus NuGet package
        TopicClient class - SendAsync, RegisterMessageHandler, CompleteAsync
        
        Relay
        Component that performs synchronous, two-way communication between applications across network boundaries
      - Benefits
        
        Reliability
        
        Message delivery
        guarantees
        
        At-Least-Once-Delivery
        Message delivered to at least 1 subscriber
        
        At-Most-Once-Delivery
        Only delivered once, never more
        
        FIFO
        
        Transactional support (group messages)
    - - Event Grid
        Built on Azure Service Fabric
        Choose if need simple pub-sub solution
        Events sent from sources to the Event Grid and forwarded to subscribers
        
        Concepts
        
        Event
        What happened?
        
        Event Source
        Where the event took place
        Responsible for sending events to the grid
        
        Azure Subscriptions & Resource Groups
        
        Container Registry
        
        Event Hub
        
        Service Bus
        
        Storage Account
        
        Media Services
        
        IoT Hub
        
        Custom Events
        Generated via REST API, or Azure SDK
        
        Event Topic
        Endpoint where events are sent
        System vs custom topics
        
        Event Subscription
        Defines events on a topic an event handler wants to receive
        
        Event Handler
        App or service reacting to an event
        
        Azure Functions
        
        Webhooks
        
        LogicApps
        
        Power Automate
      - Event Hub
        
        Client filtering
        
        Unlimited client end points
        
        Retries delivery upto 24 hours - events stored in buffers (aka partitions)
        
        Pay per event
        
        1MB max message size
        
        Choose if:
        
        Higher throughput over Event Grid
        
        Can pipeline events to Data Lake or Azure Blob Storage
        
        Event publishers are authenticated, issued token
        
        Perform aggregation or analytics on events
        
        Reliability of messaging
        
        Publisher requirements - HTTPS or Advanced Message Queuing Protocol (AMQP) 1.0
        Subscriber requirements - EventHubReceiver or EventProcessorHost
        
        Plans
        
        Basic
        
        Standard
        
        Longer term retention
        
        Create >1 consumer group
        
        Kafka integration
        
        Forward to Data Lake or blob storage
- - - - Registry containing the image
      - Image - item in repo
      - Tags - Specifies version of image to use
      - Startup file
- - - - Timer
      - HTTP
      - Blob
      - Cosmos DB
      - Event Grid
      - MS Graph
      - Queue
      - Service Bus
    - - 5 min timeout - max 10 mins
      - HTTP Requests are restricted to 2.5 mins
      - Continuous function calls can be more costly than VMs
      - New instance every 10 seconds
      - Max 200 instances
    - - Consumption
      - App Service Plan - hosted on VM, runs continously
      - Premium - Pre-warmed consumption plan
    - - Function - Function specific key
      - Admin - Global master key
      - Anonymous - No authentication required
    - - Inputs - provided as params to function
      - Outputs - provided as params to function
    - - Types
        
        Input
        Connection to a data source
        
        Output
        Connection to a data destination
      - Properties
        
        Mandatory
        
        Type
        
        Direction
        
        Name
        
        Optional
        
        Connection
      - Expressions
        
        % - Reference an App setting variable
    - - Commands
        
        func init - Create new functions project
        
        func new - Add a new function to the project
        
        func start - Run function
        
        func azure functionapp publish <APP_NAME> - Publish app to azure
        
        func settings - Amend local settings
        
        func azure functionapp logstream - Display stream of debug logs
      - Configuration
        
        host.json
        Shared config when run either locally or in Azure
        
        local.settings.json
        Local configuration when run in Core Tools
      - Platform - Function Host
    - - az functionapp create - Create new Function App project
    - - VS
      - Zip file - Azure CLI or Azure API - az functionapp deployment source config-zip
      - GIT
      - az webapp up
  - - - Retry policy control
  - - - Client Function
        Entry point for durable function
      - Orchestrator Function
        Orchestrates execution of Activity functions
      - Activity Function
        Performs a specific task
      - Entity Function
        Manages stateful entities
    - - Function Chaining
      - Fan Out / Fan In
      - Async jobs
      - Monitoring
      - Human Interaction
- - - - Azure Active Directory
      - SQL authentication
        Username / password
    - - Data discovery & classification
        Discovering, classifying, labelling & protecting the sensitive data
      - Vulnerability assessment
        Discover, track, and remediate database vulnerabilities e.g. poor passwords
      - Advanced Threat Protection
        Detects anomalous activities e.g. SQL Injection, unusual access etc.
    - - Server-level
        
        Allow access to Azure services
        
        IP address
        
        Virtual network
      - Database-level
        recommended
        Configured using Stored Procs
        
        IP address
  - - - Blobs
        
        Block Blobs
        Best for all general scenarios
        
        Page Blobs
        Optimised for random access - VHD's
        
        Append Blobs
        Append operations only e.g. log streaming
      - Files
      - Queues
      - Table Storage
    - - Gen v1
      - Gen v2 (legacy)
      - Blob Storage (legacy)
    - - CloudStorageAccount
      - CloudBlobClient
      - CloudBlobContainer
  - - - Core (SQL)
      - Cassandra
      - Azure Table
      - Gremlin (Graph)
    - - Strong -
        Guaranteed read of latest write, worst performance
      - Bounded Staleness
        Guaranteed read of latest write within agreed window
      - Session
        Guaranteed read for specific client session, in order
      - Consistent Prefix
        Reads are consistent to point in time
      - Eventual
        Out of order reads. Weakest consistency, best performance
        E.g. counting tweets, likes
- - - - Multiple Node
      - Premium
        Persist data, snapshots, backups etc.
      - Single Node