cost optimisation
consumption cost model
Azure Functions
Azure App logic
SQL Server - serverless tier
Azure API management
take advantage of the unused capacity in Azure
suitable for workloads that can handle interruption
reserved instances
can reduce resource costs up to 72%
managed services where possible
Azure SQL DB
Azure App services
cost monitoring and management
cost management
Azure advisor - cost component
alerts based on spending
Operational excellence
Azure DevOps
GitHUB
Azure Pipelines
Azure Pipelines is a cloud service you can use to automatically build and test your code project and make it available to others
GiHub actions
With GitHub Actions, you can build workflows that are custom automated processes to build, test, package, release, and deploy code
monitoring to gain operational insights
core monitoring
deep infrastructure monitoring
deep application monitoring
activity logging
health of services
metrics and diagnostics
recommendation on best practices
IaC
imperative automation
declarative automation
Azure CLI or Azure PowerShell
ARM templates
automation
testing
canary testing : risk mitigation
blue green deployment : minimise downtime
A/B testing : effectiveness
Network Performance
use CDN to deliver content closest to the users
use Azure Traffic Manager(dns based load balancer)to return the most available end point
this can also be used to cache dynamic content
use ExpressRoute between Azure and OnPremise
storage performance
vm disks
std hdd
std ssd
premium ssd
local ssd
temporary storage
only suitable for specific VMs
disk striping
increases throughput and IOPS by spreading disk activity across multiple disks
Azure High availability
Availability sets
Availability zones
Load balancing
PaaS HA capabilities
update domains UD
Fault domains FD
aligns to the physical sections of the DC
minimum of 3 zones (DCs with independent cooling and power)
mutually exclusive with availability sets
disaster recovery
data replication
active replication : updates to take place on multiple replicas simultaneously, guaranteeing consistency at the cost of throughput.
passive replication : replication performs synchronization in the background, removing replication as a constraint on application performance, but increasing RPO
Azure Site Recovery
Covers VMs, Physical Servers and Individual workloads
security
Zero trust model
principles (CIA)
confidentiality : that access is only via explicit grant
integrity : that the data is not tampered with
availability : that the information and systems are available
Security layers
data > app > compute > network > perimeter > Identity & Access > Physical
Identity management
Azure AD Proxy
Infrastructure security
used for providing access to internal apps from outside the Organisation firewalls
uses Azure AD and a connector agent
RBAC - Roles are collection of access permissions
Privileged Identity Management (PIM)
Management groups
data encryption
symmetric
asymmetric
paired keys public and private key
single key
used for TLS
encrypt databases
Azure SQL uses TDE - transparent data encryption
On-prem SQL DB - has always encrypt feature
make use of symmetric keys
encrypt virtual hard disks VHD
uses Azure disk encryption (ADE)
uses Bit Locker for windows and DM-Crypt for Linux
encrypts OS and data disks
Network security
perimeter security
Azure Application Gateway with WAF
WAF provides advanced security to HTTP based services
WAF is based on OWASP
provides protection from XSS and SQL Injection
set policy to either deallocate or delete virtual machines