Please enable JavaScript.
Coggle requires JavaScript to display documents.
Azure - Coggle Diagram
Azure
Organizing the Account
- Resource
Resources are instances of services that you create, like virtual machines, storage, or SQL databases
- Resource Group
Resources are combined into resource groups, which act as a logical container into which Azure resources like web apps, databases, and storage accounts are deployed and managed
All resources must be in a resource group, and a resource can only be a member of a single resource group.
Many resources can be moved between resource groups with some services having specific limitations or requirements to move
If you delete a resource group, all resources contained within it are also deleted.
-
- Subscription
A subscription groups together user accounts and the resources that have been created by those user accounts.
Subscription Boundaries
- Billing boundary
This subscription type determines how an Azure account is billed for using Azure.
- Access control boundary
Azure applies access-management policies at the subscription level
-
- Management Groups
These groups help you manage access, policy, and compliance for multiple subscriptions.
-
- Region
A region is a geographical area on the planet that contains at least one but potentially multiple datacenters that are nearby and networked together with a low-latency network
- Availability Zones
Availability zones are physically separate datacenters within an Azure region. Each availability zone is made up of one or more datacenters equipped with independent power, cooling, and networking.
- Region Pairs
Each Azure region is always paired with another region within the same geography (such as US, Europe, or Asia) at least 300 miles away. This approach allows for the replication of resources (such as VM storage) across a geography that helps reduce the likelihood of interruptions
- Resource Manager
Azure Resource Manager is the deployment and management service for Azure.
-
Deploy, manage, and monitor all the resources for your solution as a group, rather than handling these resources individually
-
-
Clarify your organization's billing by viewing costs for a group of resources that share the same tag.
Azure compute services
Azure Virtual Machines
With Azure Virtual Machines, you can create and use VMs in the cloud. Virtual Machines provides infrastructure as a service (IaaS) and can be used in different ways.
1.Total control over the operating system (OS).
- The ability to run custom software.
- To use custom hosting configurations.
-
-
Dependent Resources:
- Storage account for the disks
- Virtual network
- Network interface
- Network Security Group
- Public Internet address
Workload Options
General-purpose VMs are designed to have a balanced CPU-to-memory ratio. Ideal for testing and development, small to medium databases, and low to medium traffic web servers.
Compute optimized VMs are designed to have a high CPU-to-memory ratio. Suitable for medium traffic web servers, network appliances, batch processes, and application servers.
Memory optimized VMs are designed to have a high memory-to-CPU ratio. Great for relational database servers, medium to large caches, and in-memory analytics.
Storage optimized VMs are designed to have high disk throughput and IO. Ideal for VMs running databases.
GPU VMs are specialized virtual machines targeted for heavy graphics rendering and video editing. These VMs are ideal options for model training and inferencing with deep learning.
High performance compute is the fastest and most powerful CPU virtual machines with optional high-throughput network interfaces.
The VM size can be changed while the VM is running, as long as the new size is available in the current hardware cluster the VM is running on
Changing a running VM size will automatically reboot the machine to complete the request.
If you stop and deallocate the VM, you can then select any size available in your region since this removes your VM from the cluster it was running on.
Storage for the VM
Azure virtual machines will have at least two virtual hard disks (VHDs). The first disk stores the operating system, and the second is used as temporary storage.
-
-
-
-
Azure App Service :
With Azure App Service(PaaS), you can quickly build, deploy, and scale enterprise-grade web, mobile, and API apps running on any platform
-
- Deployment and management are integrated into the platform.
- Endpoints can be secured.
- Sites can be scaled quickly to handle high traffic loads.
- The built-in load balancing and traffic manager provide high availability.
- Web apps
- API apps
- WebJobs
- Mobile apps
Azure Functions
Functions are ideal when you're concerned only about the code running your service and not the underlying platform or infrastructure. T
-
-
Hosting Plans
Consumption plan
-
Billing is based on number of executions, execution time, and memory used
Premium plan
Automatically scales based on demand using pre-warmed workers which run applications with no delay after being idle, runs on more powerful instances, and connects to virtual networks
Benifits
-
-
Unlimited execution duration, with 60 minutes guaranteed.
Premium instance sizes: one core, two core, and four core instances.
More predictable pricing, compared with the Consumption plan.
-
the Premium plan, the run duration defaults to 30 minutes and it can be increased to unlimited (60 min guaranteed )
Dedicated plan
When to Consider
You have existing, underutilized VMs that are already running other App Service instances.
-
Hosting Options
App Service Environment
App Service Environment (ASE) is an App Service feature that provides a fully isolated and dedicated environment for securely running App Service apps at high scale.
-
Kubernetes
Kubernetes provides a fully isolated and dedicated environment running on top of the Kubernetes platform.
-
Azure Kubernetes Service
-
Azure Kubernetes Service is a complete orchestration service for containers with distributed architectures and large volumes of containers.
Azure Logic Apps
Logic apps are designed in a web-based designer and can execute logic triggered by Azure services without writing any code.
-
Azure Virtual Desktop
Azure Virtual Desktop on Azure is a desktop and application virtualization service that runs on the cloud. It enables your users to use a cloud-hosted version of Windows from any location.
Azure Batch
Azure Batch enables large-scale parallel and high-performance computing (HPC) batch jobs with the ability to scale to tens, hundreds, or thousands of VMs
-
-
Azure Networking Service
Azure Virtual Network
-
Azure virtual networks enable Azure resources, such as VMs, web apps, and databases, to communicate with each other, with users on the internet, and with your on-premises client computers.
-
-
Design DNS for VNet
Types
Public DNS
The name of the zone must be unique within the resource group, and the zone must not exist already.
-
Where multiple zones share the same name, each instance is assigned different name server addresses.
-
-
Private DNS
Azure DNS Private Zones
Private DNS zones are highly resilient, being replicated to regions all throughout the world
-
-
-
-
-
-
-
Design VNET Peering
Global Peering
When creating a global peering, the peered virtual networks can exist in any Azure public cloud region or China cloud regions, but not in Government cloud regions.
-
Route Tables
System Routes
Azure automatically creates system routes and assigns the routes to each subnet in a virtual network.
System Routes cannot be created, removed or update.
They can be overridden by Custom Routes
Types
Default Routes
-
Routes
- Virtual Network CIDR
- Internet 0.0.0.0/0
- Block routes 10.0.0.0/8 192.168.0.0/16 Reserved for private use in RFC 1918.
- Block 100.64.0.0/10 Reserved in RFC 6598
Optional Routes
Azure adds default system routes for any Azure capabilities that you enable to either specific subnets within the virtual network, or to all subnets within a virtual network.
-
-
Custom Routes
Create custom, or user-defined(static), routes in Azure to override Azure's default system routes, or to add additional routes to a subnet's route table
Additional Routes type like Virtual appliance: can be added to route to virtual application running in VM like firewall.
-
Azure Virtual NAT
Network Address Translation (NAT) is a internal resources on a private network to share routable IPv4 addresses to gain access to external resources on a public network
NAT supports up to 16 public IP addresses, and for each of those, uses port network address translation (PNAT or PAT) to provide up to 64,000 concurrent traffic flows.
Network security group
Network security groups have security rules that enable you to filter the type of network traffic that can flow in and out of virtual network subnets and network interfaces.
Route table
Azure automatically creates a route table for each subnet within an Azure virtual network and adds system default routes to the table.
Azure VPN gateways
-
Azure VPN Gateway instances are deployed in Azure Virtual Network instances
We can deploy only one VPN gateway in each virtual network, but we can use one gateway to connect to multiple locations, which includes other virtual networks or on-premises datacenters.
Pre Requisite
Virtual network
Deploy a virtual network with enough address space for the additional subnet that you'll need for the VPN gateway.
Gateway Subnet
Deploy a subnet called GatewaySubnet for the VPN gateway. Use at least a /27 address mask
Public IP address
This address provides a public-routable IP address as the target for your on-premises VPN device.
Local network gateway
Create a local network gateway to define the on-premises network's configuration, such as where the VPN gateway will connect and what it will connect to.
Azure ExpressRoute
ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection with the help of a connectivity provider.
-
ExpressRoute does provide private connectivity, but it isn't encrypted.
Azure IoT Services
Azure IoT Hub
Azure IoT Hub is a managed service that's hosted in the cloud and that acts as a central message hub for bi-directional communication between your IoT application and the devices it manages.
-
Azure IoT Central
Azure IoT Central builds on top of IoT Hub by adding a dashboard that allows you to connect, monitor, and manage your IoT devices.
Azure Sphere
Azure Sphere creates an end-to-end, highly secure IoT solution for customers that encompasses everything from the hardware and operating system on the device to the secure method of sending messages from the device to the message hub.
Azure Digital Twins
Azure Digital Twins is an Internet of Things (IoT) platform that enables you to create a digital representation of real-world things, places, business processes and people.
Azure IoT Edge
Azure IoT Edge is a fully managed service built on Azure IoT Hub. Deploy your cloud workloads—artificial intelligence, Azure and third-party services or your own business logic—to run on Internet of Things (IoT) edge devices via standard containers
Azure DevOps Services
Azure Repos is a centralized source-code repository where software development, DevOps engineering, and documentation professionals can publish their code for review and collaboration.
Azure Boards is an agile project management suite that includes Kanban boards, reporting, and tracking ideas and work from high-level epics to work items and issues.
-
Azure Artifacts is a repository for hosting artifacts, such as compiled source code, which can be fed into testing or deployment pipeline steps.
Azure Test Plans is an automated test tool that can be used in a CI/CD pipeline to ensure quality before a software release.
-
-
Access and Restriction
-
Resource Locks
Levels
CanNotDelete means authorized people can still read and modify a resource, but they can't delete the resource without first removing the lock.
ReadOnly means authorized people can read a resource, but they can't delete or change the resource. Applying this lock is like restricting all authorized users to the permissions granted by the Reader role in Azure RBAC.
Azure Blueprints
Azure Blueprints enables you to define the set of standard Azure resources that your organization requires.
-
Azure Policy
Azure Policy is a service in Azure that enables you to create, assign, and manage policies that control or audit your resources.
Azure Policy can automatically remediate noncompliant resources and configurations to ensure the integrity of the state of the resources.
Policy Scope:
- Management Groups
- Subscription
- Resource Groups
Azure Storage services
Azure Blob Storage
-
-
Access tiers
-
-
Archive access tier
Appropriate for data that is rarely accessed and stored for at least 180 days, with flexible latency requirements
Azure Files
-
Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block and Network File System (preview) protocols
Any number of Azure virtual machines or roles can mount and access the file storage share simultaneously.
Azure Disk storage
-
-
We can use standard SSD and HDD disks for less critical workloads, premium SSD disks for mission-critical production applications
Azure's AI services
Azure Machine Learning
Azure Machine Learning is a platform for making predictions. It consists of tools and services that allow you to connect to data to train and test models to find one that will most accurately predict a future result.
Azure Cognitive Services
Azure Cognitive Services provides prebuilt machine learning models that enable applications to see, hear, speak, understand, and even begin to reason.
Azure Bot Service
Azure Bot Service and Bot Framework are platforms for creating virtual agents that understand and reply to questions just like a human.
-
-
Azure Messaging Services
Azure Queue Storage
Azure Queue storage is a service that uses Azure Storage to store large numbers of messages. These messages can be securely accessed from anywhere in the world using a simple REST-based interface
Azure Service Bus
Microsoft Azure Service Bus is a fully managed enterprise message broker with message queues and publish-subscribe topics
-