Wilson Mar bio photo

Wilson Mar

Hello. Hire me!

Email me Calendar Skype call 310 320-7878

LinkedIn Twitter Gitter Instagram Youtube

Github Stackoverflow Pinterest

Challenger becomes a leader

Español (Spanish)   Français (French)   Deutsch (German)   Italiano   Português   Cyrillic Russian   中文 (简体) Chinese (Simplified)   日本語 Japanese   한국어 Korean

Overview

This article contains higher and practical level details about Microsoft Azure, but with less confusing grandiose marketing generalizations.

Cloud Computing Terms Dictionary

  • “Data estate” refers to all the data an organization owns, regardless of where it is stored.

Naming conventions for Azure resources

Microsoft’s Azure cloud was first announced in 2008 and released in 2010.

Why?

  • Money Cost (OpEx vs. CapEx)
  • Time - Speed (Quick provisioning)
  • Global scale
  • Productivity
  • Performance (reduced network latency and greater economies of scale)
  • Reliability (data backup, disaster recovery, and business continuity easier and less expensive because data can be mirrored at multiple redundant sites on the cloud provider’s network)

Web services

The big picture of Azure services: azure-big-picture-1923x1083-160564.jpg Click diagram for full-frame pop-up

This is missing some new services such as DevOps.

Visual Studio Dev Essentials provides a list of tools and ecosystem.

Architectural components


End-Users buy SaaS (Software as a Service) online with only an internet browser (and a credit card):

  • Office 365
  • Skype
  • Dynamics CRM
  • Salesforce
  • Lucid Charts to draw diagrams

Developers interact with a platforms as a service (PaaS) for “Rapid Development”:

  • Service Fabric apps
  • Power (BI) apps
  • Web apps
  • Mobile apps (Xamarin)

  • Media Services
  • Stream Analytics

Operations people interact with Infrastructure as a service (IaaS) components for “High Control”:

  • Azure Service Fabric
  • Azure Batch
  • Define Virtual Machines
  • Define VM Scale Sets
  • VM Extensions
  • Azure Container Service that uses Docker Swarm
  • Cloud Foundry
  • Open Shift
  • Kubernetes
  • Apprenda
  • Jelastic

Azure Stack runs Azure runs within a private data center.

Logging

azure-log-analytics-711x306-35708

  • Azure Monitor (pane of glass for monitoring on Azure),
  • Azure Log Analytics (log ingestion and IaaS monitoring), and
  • Application Insights (application performance monitoring including availability, performance, and exception information)

Learn Module: Handle transient errors in your app

Plan

Module: Overview of the Microsoft Cloud Operating Model covers business, people, and technology strategies to identify where an organization is in the digital transformation journey, identify triggers and opportunities for cloud migration, and recognize these components needed to develop a digital transformation strategy.

A. Meet business requirements B. Assess organization maturity C. Strategize business impact D. Upgrade business processes E. Identify skills gap F. Identify migration portfolio G. Perform migration H. Modernize the business

Microsoft Learning Account

After getting a Learning account:

Microsoft’s Azure fundamentals class provides a learning path of 12 modules prepares you to pass the $99 for 50 questions over 60-minute AZ900 Microsoft Azure Fundamentals Exam taken at a testing center or at home with a video camera. (see LinuxAcademy video course released May 2019, include the “Book of Basics” interactive diagrams with tabs associated with major sections of the exam:

  • cloud concepts (15-20%)
    • Cloud Services: Benefits and Considerations
    • Infrastructure as a Service (IaaS),
    • Platform as a Service (PaaS),
    • Software as a Service (SaaS) - Salesforce & Office 365
    • Cloud Models: Public, Private, and Hybrid
  • core Azure services (30-35%)
    • Azure Architecture
    • Azure Products and Services
    • Azure Solutions
    • Azure Management Tools
  • security, privacy, compliance, and trust (20-35%)
    • Network Security in Azure
    • Azure Identity Services
    • Azure Security Tools and Features
    • Azure Governance
    • Monitoring and Reporting in Azure
    • Azure Privacy, Compliance, and Data Protection Standards
  • Azure pricing and support (20-35%)
    • Subscriptions
    • Planning and Managing Azure Costs
    • Support Options
    • Service Level Agreements (SLAs)
    • The Azure Service Lifecycle

Learn the business value of Microsoft Azure learning path

Azure Security Center is available in free and paid tiers. The Free subscription assesses Azure resources only. The “Standard” tier provides a full suite of security-related services including continuous monitoring, threat detection, just-in-time access control for ports, and more. After a free 60-day free trial, it’s $15 per node per month.

Architecting

Architect great solutions in Azure consists of 5 pillars, similar to the “Well Architected” series from AWS:

  • Design for security

  • Design for performance and scalability: Azure SQL Data Sync between regions. Azure SQL Database geo-replication allows for read-replicas. Azure Cosmos DB globally distributes NOSQL datab for reads and writes regardless of region. Azure Cache for Redis to minimize high-latency calls to remote databases to read frequently accessed data. Polyglot persistence to use different storage technologies for different data.

  • Design for efficiency and operations

  • Design for availability and recoverability

Based on: Pillars of a great Azure architecture

Cloud scale analytics:

azure-dataw-648x239-10988

Azure account and dashboard

  1. At the Azure portal:

    https://portal.azure.com

    Regions & Affinity Groups

  2. Select Resource group physical and logical network-isolated instances of Azure / Regions)

    • In the Americas: westus2, centralus, southcentralus, eastus, brazilsouth
    • In Europe: westeurope (there’s also France Central and North Europe)
    • In Asia Pacific: southeastasia, japaneast, australiasoutheast, centralindia
    • In Middle East and Africa

    PROTIP: Bolded are the only regions that support Availability Zones: Central US, North Europe, and SouthEast Asia.

    NOTE: Some services or virtual machine features are only available in certain regions, such as specific virtual machine sizes or storage types.

    Additionally, Azure has specialized regions for compliance or legal purposes:

    • US DoD Central, US Gov Virginia, US Gov Iowa, and more are for US government agencies and partners. These datacenters are operated by screened US persons and include additional compliance certifications.

    • China East, China North and more: These regions are available through a unique partnership between Microsoft and 21Vianet, whereby Microsoft does not directly maintain the datacenters.

    Each region is paired with another region (West US paired with East US, and SouthEast Asia paired with East Asia, etc.). Such Region pairs are at least 300 miles apart.

    A regional Affinity Group is defined to create a virtual network to define the data center (region). All services within an affinity group are located in the same data center. Azure groups services use Affinity Groups to optimize performance.

    WARNING: Affinity groups in Azure is a higher-level concept of data centers than the facility of the same name within AWS, which refers to affinity between servers on the same subnet.

    Availability Zones are specified for VMs, managed disks, load balancers, and SQL databases. AZs are physically separate datacenters within an Azure region. Each Availability Zone is made up of one or more datacenters equipped with power, cooling, and networking independent of other AZs so that each is set up to be an isolation boundary. If one zone goes down, the other continues working. Availability Zones are connected through high-speed, private fiber-optic networks.

    Network Security Groups (NSGs) inside a virtual network (VNet) are defined for communication between virtual machines to restrict unnecessary communication.

  3. Options include the classic ASM (Azure Service Manager) and newer ARM (Azure Resource Manager):

    • Apps Services
    • Virtual machines (classic)
    • Virtual machines
    • SQL databases
    • Cloud services (classic)
    • Security Center

    • Active Directory
    • Storage
    • Messaging
    • Networking
    • Management

    Each drill-down into ARM creates an additional pane? to the right.

  • Create a virtual machine (for 60 minutes). PROTIP: Use Firefox browser. Don’t use Brave browser.

    azure-cloud-shell-364x199-11637

    PROTIP: naming conventions:

    • Size
    • Region
    • Network
    • Resource groups

  • Get VM information with queries

    az vm show \
    --resource-group 7f3943f2-f179-42ba-9823-ba71c7ba7824 \
    --name myVM \
    --query "hardwareProfile" \
    --output tsv
     
  • Set environment variables from CLI output
  • Creating a new VM on the existing subnet
  • Cleanup

https://docs.microsoft.com/en-us/learn/modules/design-for-efficiency-and-operations-in-azure/2-maximize-efficiency-of-cloud-spend

Module: Store Data in Azure

An example of imperative declaration:

az group create --name storage-resource-group \
        --location eastus
az storage account create --name mystorageaccount \
        --resource-group storage-resource-group \
        --kind BlobStorage \
        --access-tier hot

Declarative automation is done using Azure Resource Manager templates such as this:

{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "name": {
            "type": "string"
        },
        "location": {
            "type": "string"
        },
        "accountType": {
            "type": "string",
            "defaultValue": "Standard_RAGRS"
        },
        "kind": {
            "type": "string"
        },
        "accessTier": {
            "type": "string"
        },
        "httpsTrafficOnlyEnabled": {
            "type": "bool",
            "defaultValue": true
        }
    },
    "variables": {
    },
    "resources": [
        {
            "apiVersion": "2018-02-01",
            "name": "[parameters('name')]",
            "location": "[parameters('location')]",
            "type": "Microsoft.Storage/storageAccounts",
            "sku": {
                "name": "[parameters('accountType')]"
            },
            "kind": "[parameters('kind')]",
            "properties": {
                "supportsHttpsTrafficOnly": "[parameters('httpsTrafficOnlyEnabled')]",
                "accessTier": "[parameters('accessTier')]",
                "encryption": {
                    "services": {
                        "blob": {
                            "enabled": true
                        },
                        "file": {
                            "enabled": true
                        }
                    },
                    "keySource": "Microsoft.Storage"
                }
            },
            "dependsOn": []
        }
    ],
    "outputs": {
        "storageAccountName": {
            "type": "string",
            "value": "[parameters('name')]"
        }
    }
}
   

Module: Deploy a website to Azure with Azure App Service

azure-loadbal-615x424-31664

Azure Traffic Manager provides global DNS load balancing among DNS endpoints within or across Azure regions. Traffic manager also detects and removes failed endpoints.

Azure Application Gateway (AppGW) provides Layer 7 (URL-based) load-balancing such as round-robin distribution of incoming traffic, cookie-based session affinity, URL path-based routing, and the ability to host multiple websites behind a single application gateway. Application Gateway monitors the health of resources in its back-end pool and automatically removes any resource considered unhealthy from the pool. Health probes continue until instances are healthy again and added back.

Azure Load Balancer is a layer 4 load balancer. TCP and HTTP health-probing options to manage service availability are optional.

“Availability sets”

https://docs.microsoft.com/en-us/learn/modules/explore-azure-infrastructure/ Core Cloud Services - Azure architecture and service guarantees

From Learn Path: Administer containers in Azure

QUESTION: How to use https://raw.githubusercontent.com/wilsonmar/Dockerfiles/master/azure-node/Dockerfile

https://docs.microsoft.com/en-us/learn/modules/run-docker-with-azure-container-instances/ Azure Container Instances (ACI).

Container restart policies:

  • Always restart for long-running tasks such as a web server, so it’s the default.
  • Never for run one-time only.
  • OnFailure only when the process short-lived tasks terminates with a nonzero exit code.

Management Certificates

Azure uses Management (x509 v3) Certificates (.cer file containing a public key) to access resources in an Azure Subscription.

There is a limit of 100 Management certs per Azure subscription (administrator).

  • Development
  • Test
  • Pre-prod (Staging)
  • Prod

Professional certifications

Exam AZ-103: Microsoft Azure Administrator supercedes exams AZ-100 and AZ-101 which have been retired.

Installers

Commands

https://docs.microsoft.com/en-us/learn/modules/welcome-to-azure/4-create-a-vm?pivots=linux-cloud

Install Commands

Each resource group defines scope access control for administrative actions.

Tags are used for all other organization of resources.

Azure PowerShell Login

Login-AzureRmAccount

Type your credentials and press OK.

A sample response:

   Environment           : AzureCloud
   Account               : ???@hotmail.com
   TenantId              : ????????-5f96-4d36-a89b-5ea0f7614e72
   SubscriptionId        : ????????-cf54-443f-b0f1-bcc5e78e9c27
   CurrentStorageAccount :
   

Azure Resource Groups

Every resource is in only one group, listed here by stack:

  • Web Apps
  • SQL
  • Storage
  • VMs
  • NICs
  • Virtual Networks

A resource group can contain resources residing in different regions.

Get-AzureRmResourceProvider

Azure Container Service (ACS)

Microsoft created and maintains the Azure Container Service with Mesosphere.com

with standard Docker tooling and API.

Streamlined provisioning of DC/OS Clusters

and Docker Swarm support

Mesos-DNS for service discovery and registration (no health checks)

DC/OS Marathon load balancer support of dcos cli commands needs to be installed. Backed up as a HA Proxy.

“Minuteman” provides virtual IPs stored in IP tables synced across the cluster.

Azure Service Fabric


Azure Service Fabric enables you to talk to a cluster of machines as if they were one.

An Azure Service Fabric agent runs on each machine – in Amazon or private cloud as well.

  • One call to manage capacity (add and remove nodes at will)
  • Service endpoint discovery
  • Create (immutable) containers
  • Deploy software to containers

  • health reporting
  • Monitoring based on queue length
  • Dynamic resource balancing based on actual resource usage (queue length)
  • Move resources from one node to another

  • coordinate upgrades (select what node to upgrade)
  • Diagnostics in F5

Different services can run on the same machine.

Azure Service Fabric offers a substitute for external storage via its Reliable Collections programming model accessing dictionary entries.

Load Scale sets

Overview Videos

Extentions Marketplace

VIDEO: Windows Azure Marketplace by Joe Kunk Intermediate Dec 19, 2013 1h 56m

https://marketplace.visualstudio.com/azuredevops?noPrompt=true

  1. If you get a pop-up:

  2. Click to be brought to
    https://marketplace.visualstudio.com/items?itemName=ms.vss-code-search

  3. Click the green “Get it free” button.
  4. Select the organization and click “Install”.
  5. Click “Proceed to organization”.

QUESTION: How to automate the above installation on an org?

  1. https://docs.microsoft.com/en-us/azure/devops/project/search/overview?view=azure-devops
  2. https://docs.microsoft.com/en-us/azure/devops/project/search/work-item-search?view=azure-devops
  3. https://docs.microsoft.com/en-us/azure/devops/project/wiki/search-wiki?view=azure-devops

Operations:

Dev

Data:

Mobile:

< 99 25 </td></tr < 95 100 </td></tr ## More on DevOps # This is one of a series on DevOps: 0. [DevOps_2.0](/devops_2.0/) 0. [ci-cd (Continuous Integration and Continuous Delivery)](/ci-cd/) 0. [User Stories for DevOps](/user-stories-for-devops/) 0. [Git and GitHub vs File Archival](/git-and-github-vs-file-archival/) 0. [Git Commands and Statuses](/git-commands-and-statuses/) 0. [Git Commit, Tag, Push](/git-commits/) 0. [Git Utilities](/git-utilities/) 0. [Data Security GitHub](/data-security-github/) 0. [GitHub API](/github-api/) 0. [TFS vs. GitHub](/tfs-vs-github/) 0. [Choices for DevOps Technologies](/devops-choices/) 0. [Java DevOps Workflow](/java-devops-workflow/) 0. [AWS DevOps (CodeCommit, CodePipeline, CodeDeploy)](/aws-devops/) 0. [AWS server deployment options](/aws-server-deploy-options/) 0. [Cloud services comparisons (across vendors)](/cloud-services-comparisons/) 0. [Cloud regions (across vendors)](/cloud-regions/) 0. [AWS Virtual Private Cloud](/aws-vpc/) 0. [Azure Cloud Onramp](/azure-cloud-onramp/) 0. [Azure Cloud](/azure-cloud/) 0. [Azure Cloud Powershell](/azure-cloud-powershell/) 0. [Bash Windows using Microsoft's WSL (Windows Subystem for Linux)](/bash-windows/) 0. [Digital Ocean](/digital-ocean/) 0. [Cloud Foundry](/cloud-foundry/) 0. [Packer](/packer/) automation to build Vagrant images 0. [Terraform](/terraform/) multi-cloud provisioning automation 0. [Hashicorp Vault and Consul](/hashicorp-vault/) to generate and hold secrets 0. [Powershell Ecosystem](/powershell-ecosystem/) 0. [Powershell on MacOS](/powershell-on-mac/) 0. [Powershell Desired System Configuration](/powershell-dsc/) 0. [Jenkins Server Setup](/jenkins-setup/) 0. [Jenkins Plug-ins](/jenkins-plugins/) 0. [Jenkins Freestyle jobs](/jenkins-freestyle/) 0. [Jenkins2 Pipeline jobs using Groovy code in Jenkinsfile](/jenkins2-pipeline/) 0. [Docker (Glossary, Ecosystem, Certification)](/docker/) 0. [Docker Setup](/docker-setup/) 0. [Dockerize apps](/dockerize/) 0. [Maven on MacOSX](/maven-on-macos/) 0. [Ansible](/ansible/) 0. [MySQL Setup](/mysel-setup/) 0. [SonarQube static code scan](/sonarqube/) 0. [API Management Microsoft](/api-management-microsoft/) 0. [API Management Amazon](/api-management-amazon/) 0. [Scenarios for load](/scenarios-for-load/)
ACTUAL MONTHLY UPTIME % SERVICE CREDIT PERCENTAGE
< 99.9 10