Part 2 : Passed AZ-900. With a Score over 900. Section 1, 2 and 3
In my previous blog I discussed the various sources from where I got my references to prepare to enter Azure Fundamentals. Link is available below
Passed AZ-900 with score above 900.
As the heading suggests. I passed AZ-900 and I am super ecstatic to share my learning experience because let me tell…
And My YouTube Video with complete walk-through is here
That was what to study from. This article is to describe the premise of What is most important for the exam and azure fundamentals. Too much content to cover docs.msdn and learning paths but not all are for let’s just say handy in terms of situational analysis.
I attended March 2nd — 4th 2021 Microsoft Ignite. They did confirm that the test is not just reading and learning but also experience. This is true for all certs, not just AZ-900.
This blog is also a refresher for me to what I prepared with a month ago. And knowledge shared for you. I believe in sharing and learning. This is how I learnt and I encourage the practice as well.
The content of this exam was updated on November 9, 2020.
- Describe cloud concepts (20–25%)
- Describe core Azure services (15–20%)
- Describe core solutions and management tools on Azure (10–15%)
Sections covered in my YouTube video are below
- Describe general security and network security features (10–15%)
- Describe identity, governance, privacy, and compliance features (20–25%)
- Describe Azure cost management and Service Level Agreements (10–15%)
It’s explained in the video why the above three were chosen over the former 3. I highly recommend VILT for all Microsoft certs. MS-Learn and VILT are the foundation to build upon.
Having said that; let me proceed with the content to study.
Describe cloud concepts (20–25%)
Tip : This section has the most verbose questions from my experience in practice tests. Watch out for dis-tractors, questions with specific justification can only have the right answer. So subset or even 1st guess is always right.
IaaS — (Infrastructure as a Service) — Data center, firewalls, Servers and Storage
PaaS — (Platform as a Service) — OS, DevTools, DBMS,Business Analytics,etc
SaaS — (Software as a Service) — Hosted Apps (outlook, onedrive, skype, etc)
Advantages of Cloud Computing
- High Availability — No downtime
- HA = (Uptime/(Uptime + Downtime)) * 100
- Depends on SLA for each service
- Increase HA by running workloads on multiple Availability Zones
- Load Balancer — Evenly distributed traffic to multiple servers in one or more data centers. Routes the traffic to only available data centers with servers.
- Vertical — Increase computing capacity by adding RAM or CPU to one Virtual machine.
- Horizontal — increase computing capacity by adding instances of resources i.e virtual machines to your configuration.
- Auto-scaling so applications always have the resources they need.
- Automatically increase or decrease capacity based on traffic, memory and computing power.
- Deploy and configure quickly
- to indicate done via APIs and demand
- Data centers around the globe
- Backup services, data replication and geo distribution.
- Power outages, network failures, natural disaster, etc
- This is to do with Uptime in case of faults in any model, how resilient is the system.
Consumption based Model
- End users only pay for the resources they use, based on real time constraints on billing
CapEx vs OpEx
- Capital Expenditure
The upfront spending cost on physical infrastructure; and then deducting that upfront expense overtime.
- Own Infrastructure
- Big Initial Investment
- Lot of maintenance
- There is no upfront cost as you Pay-As-You-Go for a service or product as you use it.
- Rent Infrastructure
- No initial investment
- Operational team maintenance
- Eliminating the need to manage infrastructure.
- Tip: remember PSM. Provisions, Scales and Manages the infrastructure required to run the code.
- Invisible to the developer
Types of Cloud Computing
Public Cloud -Servers and storage are owned and operated by a third party cloud service provider and delivered over the internet
Private cloud -
- Used exclusively by users from one business or organization. Either on-premises data centers or 3rd party providers.
Hybrid cloud -
- Combines public & private cloud by allowing data and application to be shared between them.
Exam Tip : Read up as much as you can. This is such a section where questions come from any and all corners.
Describe core Azure services (15–20%)
- Azure Compute is an on-demand computing service for running cloud-based applications.
- Examples are Azure VMs, Azure Container Instances, App Service and Azure Functions.
Azure Virtual Machines (AVMs)
Tip: VP-MSN- short for Virtual Processor, Memory Storage and Networking resources.
Virtual Machine Scale sets designed to support Autoscale. (Vertical and/or Horizontal). Machines are identical and Load Balanced vMs.
Azure Batch — High Performance Computing batch jobs.
Containers and Kubernetes
Multiple instances of a containerized application on a single host machine.
- Triggers used to perform response to an event (via REST request), timer or message.
- Choose the amount of memory & duration.
Azure App Service
- Build, deploy & Scale enterprise-grade apps.
- It is a PaaS
- It offers automatic scaling and high availability.
Web Apps, Api Apps, Web Jobs, Mobile Apps
- Azure VPN Gateway
Type of interconnected network
- Site-to-site connection (vNET to data center)
- Point-to-Site connection (device to vNET)
- Network-to-Network connection (vNET to vNET)
- Policy based VPNs
Statically the IP address of packets should be encrypted through each tunnel.
Support only IKEv1
Static routing (source and destination declared in policy)
Route based VPNs
- IPSec tunnels are modelled as network interface or virtual tunnel interface. To be used when
- Connection between vNETs
- Point to site connections
- Multiple connections
- Co-existence with Azure Express Route gateway.
Any-to-any (wild card) traffic selectors
Dynamic routing protocols change in IPSec tunnels
IKE — Internet Key Exchange — version 1 or 2
Agreement of encryption between 2 endpoints
IPSec — Internet Protocol Security
Encrypts & decrypts data packets in VPN tunnel.
- For On-premise
- VPN device
- Public facing (internal-routable) IPv4 address
- Azure Express Route
50Mbps to 10Gbps
Point-to-Point, Ethernet, any-to-any (IPVPN), etc
2 layer of Open System Interconnection (OSI model)
Layer 2 — DataLink Layer — node to node communication
Layer 3 — Network Layer — node to multi-node network
- Microsoft Cloud Services
- MS Dynamics 365
- Azure Compute services such as VMs
- Azure Cloud services such as Azure CosmosDB and Azure Storage.
- Connectivity Models
Azure Virtual Network (vNET)
Resources communicate with each other.
Isolation and Segmentation
Divide private IP address space into subnets
Name resolution (internal or external DNS)
Enable incoming connections from the internet by defining a public IP address or public load balancer.
Communication between Azure resources
Virtual Networks not only VMs but PowerApps, AKS, VMSS, etc
Service endpoints to SQL databases, storage accounts.
Communication with on-premises resources
Link on-prem with Azure Subscription
Point-to-Site virtual private networks
Client computer initiates an encrypted VPN connection to Azure to connect to the Azure Virtual Network.
On-prem VPN or gateway to Azure VPN gateway in vNET.
Azure Express Route
Dedicated private connectivity to Azure that doesn’t travel over the internet.
Route network traffic
Connection/traffic between vNET, On-premises and/or internet
Route tables — define rules
Border Gateway Protocol (BGP) -> Azure VPN gateway or Express Route for the protocol.
Filter network traffic
Network Security Groups
inbound/Outbound rules to block/allow based on IP, Port and Protocol.
Network virtual appliances
Appliance for function firewall or Wide Area Network Optimization.
Virtual Network Peering
Peering — enables resources in each virtual network to communicate with each other.
UDR — User Defined Routing — control over routing tables of (Subnets & vNETs)
MIND MAP for vNET
Architectural Components and Service Guarantees
Region — A region is a geographical area on the planet containing at least on, but also multiple data centers that are nearby and networked together with a low-latency network;
Azure Global Services that do not require region
Microsoft Azure Active Directory
Microsoft Azure Traffic Manager
Special Regions — Network isolated instances of Azure
- US DoD Central, US Government Virginia, US Government Iowa, etc
- China East, China North, etc — Partnership with Microsoft 21vianet.
- T-Systems German data trustee German Central & German Northeast.
Overall Azure has 60+ regions in 140 Countries
- Asia Pacific
- Middle east
- Central US
- East US2
- West US2
- West Europe
- France Central
- North Europe
- Southeast asia
- AZ are physically separate data centers within an Azure region.
- AZ is primarily for VMs, managed disks, load balancers and SQL databases.
AZ Zonal services
Pin resources to a particular region.
Zonal redundant services
Replicates across zones.
Azure region must have at least 3 AZs
What is region-pair
- Each Azure region is always paired with another region within same geography at least 300 miles away
Physical network outages
Services would fail over to other regions in region-pair.
- Fundamental element of Azure platform
- Logical container for resources deployed on Azure.
- All resources must be in a resource group and resource can only be a member of a single resource group.
- Based on usage, type or location.
Life Cycle — If you delete a resource group all the resources contained within are also deleted.
Authorization — Resource groups are also a scope for applying role-based access control (RBAC) permissions.
Azure Resource Manager
- It is a management layer.
- Create, update, delete, organize, manage, control and tag resources in AZ Subscription.
- Accessing using Azure Portal, Azure Powershell, Azure CLI, REST Clients.
- Management Groups — These groups help you manage access, policy and compliance for multiple subscriptions. All subscriptions in the management group automatically inherit the conditions applied to the management group.
You organize subscriptions into containers called management groups.
All subscriptions within a single management group must trust the same Azure AD tenant.
Unit of Azure Service
Links to AZ account via Azure Active Directory or directory that Azure AD trusts.
- Billing boundary
- Access control boundary
Resources — Azure resource is a manageable item that’s available through Azure Virtual Machines (VMs), storage accounts, web apps, databases and virtual networks are all examples of resources.
- Storage account — 500 TB. 2PB for US & Europe
- IaaS or/and PaaS
- SLA is upto 11 nines to 16 nines
- Storage Account -> Container -> Blob
Disk storage — Attached virtual hard disk
SSD — Solid State Drives
HDD — Hard Disk Drives
- Standard — less critical
- Premium — Mission Critical
- Ultra — Data intensive
Blob storage — Object Serverless Storage
- Binary or text data in massive amounts
- Audio, Video, Images of 8TB
Azure Files (Shared Volumes)
- Accessed via Server Message Block (SMB) and Network File System protocols.
- Shared Access Signature (SAS) token and SAS URI
Blob Access Tiers
- Hot -access tier — frequent access
- Cool — access tier — At Least 30 days
- Archive access tier — At Least 180 days
Describe core solutions and management tools on Azure (10–15%)
Azure CosmosDB is a globally distributed, multi-model database service.
Supports schema-less data “Always On”
Lowest level Azure Cosmos DB stores data in atom-record-sequence (ARS) format.
DB can be SQL, MongoDB, Cassandra, Tables and Gremlin — Data is abstracted and projected as an aPI.
SLA is 99.999% and less than 10ms.
- Relational database based on MS SQL server database engine.
- PaaS (DBaaS — Structured)
- It enables both relational and non-relational structure such as graphs, JSON, spatial and XML.
- Migrations can be done via Azure Database Migration Service via Microsoft Data Migration Assistant.
Azure SQL Managed Instance
- Scalable cloud data service that provides the broadcast.
- It is PaaS
- SLA is 99.99% uptime.
- SQL DB does not have Cyrillic characters support but SQL Managed Instance does.
- Migration Process flow Discover -> Assess-> Migrate->CutOvers->Optimize
Azure database for MySQL
- LAMP — Linux Apache MySQL PHP
- Relational database service based on MySQL Community Edition database engine version 5.6, 5.7 & 8.0.
- SLA 99.99%
- Point in time restore to recover a server to an earlier state as far back as 35 days.
Azure Database for PostgreSQL
- Relational Database service based on community version of the open-source PostgreSQL database engine.
- High Availability
- Simple & Flexible Pricing
- Scale up or down as needed within seconds.
- Adjustable automatic backups and point-in-time restore for upto 35 days.
- Enterprise grade security of data at-rest (encryption on disk) and in-motion SSL encryption b/w client & server.
3 pricing tiers
Single Server and Hyperscale (Citus)
Azure Synapse Analytics (formerly Azure SQL Data Warehouse)
- Data warehousing + Big data analytics
- You query data on your terms by using either serverless or provisioned resources at scale.
- Big data analytics
- Massively Parallel Processing (MPP) of SQL Server data.
- Pipelines, Studio, Spark, Synapse SQL, Azure data lake Storage Gen 2
- Extraction Transformation and Loading (ETL), data warehousing, machine learning and IoT.
- Apache Hadoop, Apache Kafka, Apache Storm and Machine Learning services.
- Open source
- Apache Spark based analytics
- Unlock insights from all your data and build artificial solutions
- Supports Python, Scala, R, Java and SQL. Also Tensor flow, PyTorch and scikit-learn.
IoT Hub, IoT Central & Sphere
- IoT enables devices to gather and then relay information
- Smart devices are equipped with sensors that collect data.
IoT Hub is a message hub for communication between IoT applications and devices Bi directional communication.
Command and Control
Cloud-to-device — manual or automated remote control.
Examples. Cloud 2 device, device 2 cloud Telemetry, files uploaded from devices, request reply methods.
SaaS on top of IoT Hub
UI starter templates which in turn use device template (you can connect to device without server side coding)
Azure Sphere — Hardware and OS of the device to secure message sending.
- 3 parts
Azure Sphere micro-controller unit for processing OS and signals from sensors.
Customized Linux OS that handles communication with the security service and can run on vendor’s software.
Azure Sphere Security Service (AS3) certificate based authentication to check devices are not tampered with.
Azure Machine Learning, Cognitive Services and Bot service
- Deep Learning — modeled on a neutral network of the human mind, enabling it to discover learning and grow through experience.
- Machine Learning — data science technique using existing data to train a model, test it and then apply to model to forecast future outcomes.
Create a process to obtain data.
Train & Evaluate predictive models.
Deploy the best performing algorithm as an api to an endpoint.
Azure Cognitive Services
- Pre-trained models easily included by few lines of code to API.
- 4 categories
Azure Bot Service
- Bot Service is for a use case Virtual agents to communicate.
- Via text, speech and or interactive cards.
Azure DevOps, Github and GitHub Actions
Azure Boards (Kanban)
Azure Pipelines CI/CD
Azure Test plans
- GitHub — Git is a decentralized source code management tool and Github is a hosted version of Git that serves as a remote.
- Toolchain — output of 1 tool is input to the next in the tool chain.
Azure DevTest Labs
- Anything you can deploy in Azure via a ARM template and pre-provisioned through Dev/Test Labs.
Azure Advisor — provides recommendations on
Reliability (High availability)
It is a free product.
- Logs & Metrics — Application, OS, Resource, Subscription Tenant, Custom services and Real Time alerts.
Azure Service Health
- Health of Azure services, regions and resources
- Only major issues all small & big issues, & provides Root Cause Analysis
- Service issues, Planned Maintenance, Health advisories.
Azure Portal — web based, unified console — build, manage and monitor
New features in Azure can be seen in Preview, Beta and Other pre-releases.
Preview features at preview.azure.com
Stable and production ready features in portal.azure.com
Azure Powershell — built on top of .NET Common Language Runtime (CLR)
A set of cmdlets processed or inputted via powershell.
Azure Cloud shell is browser based accessible shell Batch or Powershell.
Azure CLI — can be installed on Windows, Mac & Linux.
Create, update, delete and view resources.
ARM Templates — JSON format templates are verified before any code is executed to ensure resources will be created correctly and connected correctly. Then orchestrates the operation in parallel.
Azure Functions (nano service & event-based)
- Service you may host a single method or function by using programming in the cloud that runs in response to an event.
- Atomic in nature
- AF scale automatically and changes occur only when triggered.
Stateless — restarted every time it responds to an incoming event.
Stateful — function is connected to Azure Storage account.
Durable functions — orchestration of tasks by using extensions.
Azure Logic Apps (PaaS)
- Low-code / no-code
- Enterprise Application Integration (EAI) with Azure logic apps you can choose connectors from galleries such as Salesforce, SAP, OracleDB and File Share.
- 200+ connectors
- Difference between Azure Functions and Azure Logic Apps
- AF pricing is based on the number of executions and running time of each execution.
- ALA pricing is based on the number of executions and the type of connectors that it utilizes.
Final Tip for the exam : Most verbose theory can be remembered via diagrams. Nothing beats whiteboarding. I used Pencil sketches and handwritten block diagrams to simplify workings. Paper and pen provide the freedom no tool ever will. IMHO
Having said that Architecture/Concept then features and most keywords to describe those features. And that’s it.
I like to include DDD or Flowcharts along with simple models using the said work. Mix and match everything is and can be used with one another And Why Not!!
The purpose of Practice is to perform when the need arises.
Conclusion lets just say BEST OF LUCK. See you on the other side after you cross this bridge.
Let me know in the comments if anything.
Until next time!!