Wilson Mar bio photo

Wilson Mar

Hello. Hire me!

Email me Calendar Skype call 310 320-7878

LinkedIn Twitter Gitter Google+ Instagram Youtube

Github Stackoverflow Pinterest

Challenger becomes a leader


Overview

This article contains higher and practical level details about Microsoft Azure, but with less confusing grandiose marketing generalizations.

Cloud Computing Terms Dictionary

  • “Data estate” refers to all the data an organization owns, regardless of where it is stored.

Naming conventions for Azure resources

Microsoft’s Azure cloud was first announced in 2008 and released in 2010.

Why?

  • Money Cost (OpEx vs. CapEx)
  • Time - Speed (Quick provisioning)
  • Global scale
  • Productivity
  • Performance (reduced network latency and greater economies of scale)
  • Reliability (data backup, disaster recovery, and business continuity easier and less expensive because data can be mirrored at multiple redundant sites on the cloud provider’s network)

Web services

The big picture of Azure services: azure-big-picture-1923x1083-160564.jpg Click diagram for full-frame pop-up

This is missing some new services such as DevOps.

Visual Studio Dev Essentials provides a list of tools and ecosystem.

Architectural components


End-Users buy SaaS (Software as a Service) online with only an internet browser (and a credit card):

  • Office 365
  • Skype
  • Dynamics CRM
  • Salesforce
  • Lucid Charts to draw diagrams

Developers interact with a platforms as a service (PaaS) for “Rapid Development”:

  • Service Fabric apps
  • Power (BI) apps
  • Web apps
  • Mobile apps (Xamarin)

  • Media Services
  • Stream Analytics

Operations people interact with Infrastructure as a service (IaaS) components for “High Control”:

  • Azure Service Fabric
  • Azure Batch
  • Define Virtual Machines
  • Define VM Scale Sets
  • VM Extensions
  • Azure Container Service that uses Docker Swarm
  • Cloud Foundry
  • Open Shift
  • Kubernetes
  • Apprenda
  • Jelastic

Azure Stack runs Azure runs within a private data center.

Logging

azure-log-analytics-711x306-35708

  • Azure Monitor (pane of glass for monitoring on Azure),
  • Azure Log Analytics (log ingestion and IaaS monitoring), and
  • Application Insights (application performance monitoring including availability, performance, and exception information)

Learn Module: Handle transient errors in your app

Plan

Module: Overview of the Microsoft Cloud Operating Model covers business, people, and technology strategies to identify where an organization is in the digital transformation journey, identify triggers and opportunities for cloud migration, and recognize these components needed to develop a digital transformation strategy.

A. Meet business requirements B. Assess organization maturity C. Strategize business impact D. Upgrade business processes E. Identify skills gap F. Identify migration portfolio G. Perform migration H. Modernize the business

Microsoft Learning Account

After getting a Learning account:

  1. PROTIP: Take this sequence:

    Azure fundamentals learning path of 12 modules prepares you to pass the $99 AZ900 Microsoft Azure Fundamentals Exam.

    Learn the business value of Microsoft Azure learning path

    Azure Security Center is available in free and paid tiers. The Free subscription assesses Azure resources only. The “Standard” tier provides a full suite of security-related services including continuous monitoring, threat detection, just-in-time access control for ports, and more. After a free 60-day free trial, it’s $15 per node per month.

Architecting

Architect great solutions in Azure consists of 5 pillars, similar to the “Well Architected” series from AWS:

  • Design for security

  • Design for performance and scalability: Azure SQL Data Sync between regions. Azure SQL Database geo-replication allows for read-replicas. Azure Cosmos DB globally distributes NOSQL datab for reads and writes regardless of region. Azure Cache for Redis to minimize high-latency calls to remote databases to read frequently accessed data. Polyglot persistence to use different storage technologies for different data.

  • Design for efficiency and operations

  • Design for availability and recoverability

Based on: Pillars of a great Azure architecture

Cloud scale analytics:

azure-dataw-648x239-10988

Azure account and dashboard

  1. At the Azure portal:

    https://portal.azure.com

    Regions & Affinity Groups

  2. Select Resource group physical and logical network-isolated instances of Azure / Regions)

    • In the Americas: westus2, centralus, southcentralus, eastus, brazilsouth
    • In Europe: westeurope (there’s also France Central and North Europe)
    • In Asia Pacific: southeastasia, japaneast, australiasoutheast, centralindia
    • In Middle East and Africa

    PROTIP: Bolded are the only regions that support Availability Zones: Central US, North Europe, and SouthEast Asia.

    NOTE: Some services or virtual machine features are only available in certain regions, such as specific virtual machine sizes or storage types.

    Additionally, Azure has specialized regions for compliance or legal purposes:

    • US DoD Central, US Gov Virginia, US Gov Iowa, and more are for US government agencies and partners. These datacenters are operated by screened US persons and include additional compliance certifications.

    • China East, China North and more: These regions are available through a unique partnership between Microsoft and 21Vianet, whereby Microsoft does not directly maintain the datacenters.

    Each region is paired with another region (West US paired with East US, and SouthEast Asia paired with East Asia, etc.). Such Region pairs are at least 300 miles apart.

    A regional Affinity Group is defined to create a virtual network to define the data center (region). All services within an affinity group are located in the same data center. Azure groups services use Affinity Groups to optimize performance.

    WARNING: Affinity groups in Azure is a higher-level concept of data centers than the facility of the same name within AWS, which refers to affinity between servers on the same subnet.

    Availability Zones are specified for VMs, managed disks, load balancers, and SQL databases. AZs are physically separate datacenters within an Azure region. Each Availability Zone is made up of one or more datacenters equipped with power, cooling, and networking independent of other AZs so that each is set up to be an isolation boundary. If one zone goes down, the other continues working. Availability Zones are connected through high-speed, private fiber-optic networks.

    Network Security Groups (NSGs) inside a virtual network (VNet) are defined for communication between virtual machines to restrict unnecessary communication.

  3. Options include the classic ASM (Azure Service Manager) and newer ARM (Azure Resource Manager):

    • Apps Services
    • Virtual machines (classic)
    • Virtual machines
    • SQL databases
    • Cloud services (classic)
    • Security Center

    • Active Directory
    • Storage
    • Messaging
    • Networking
    • Management

    Each drill-down into ARM creates an additional pane? to the right.

  • Create a virtual machine (for 60 minutes). PROTIP: Use Firefox browser. Don’t use Brave browser.

    azure-cloud-shell-364x199-11637

    PROTIP: naming conventions:

    • Size
    • Region
    • Network
    • Resource groups

  • Get VM information with queries

    az vm show \
    --resource-group 7f3943f2-f179-42ba-9823-ba71c7ba7824 \
    --name myVM \
    --query "hardwareProfile" \
    --output tsv
     
  • Set environment variables from CLI output
  • Creating a new VM on the existing subnet
  • Cleanup

https://docs.microsoft.com/en-us/learn/modules/design-for-efficiency-and-operations-in-azure/2-maximize-efficiency-of-cloud-spend

Module: Store Data in Azure

An example of imperative declaration:

az group create --name storage-resource-group \
        --location eastus
az storage account create --name mystorageaccount \
        --resource-group storage-resource-group \
        --kind BlobStorage \
        --access-tier hot

Declarative automation is done using Azure Resource Manager templates such as this:

{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "name": {
            "type": "string"
        },
        "location": {
            "type": "string"
        },
        "accountType": {
            "type": "string",
            "defaultValue": "Standard_RAGRS"
        },
        "kind": {
            "type": "string"
        },
        "accessTier": {
            "type": "string"
        },
        "httpsTrafficOnlyEnabled": {
            "type": "bool",
            "defaultValue": true
        }
    },
    "variables": {
    },
    "resources": [
        {
            "apiVersion": "2018-02-01",
            "name": "[parameters('name')]",
            "location": "[parameters('location')]",
            "type": "Microsoft.Storage/storageAccounts",
            "sku": {
                "name": "[parameters('accountType')]"
            },
            "kind": "[parameters('kind')]",
            "properties": {
                "supportsHttpsTrafficOnly": "[parameters('httpsTrafficOnlyEnabled')]",
                "accessTier": "[parameters('accessTier')]",
                "encryption": {
                    "services": {
                        "blob": {
                            "enabled": true
                        },
                        "file": {
                            "enabled": true
                        }
                    },
                    "keySource": "Microsoft.Storage"
                }
            },
            "dependsOn": []
        }
    ],
    "outputs": {
        "storageAccountName": {
            "type": "string",
            "value": "[parameters('name')]"
        }
    }
}
   

Module: Deploy a website to Azure with Azure App Service

azure-loadbal-615x424-31664

Azure Traffic Manager provides global DNS load balancing among DNS endpoints within or across Azure regions. Traffic manager also detects and removes failed endpoints.

Azure Application Gateway (AppGW) provides Layer 7 (URL-based) load-balancing such as round-robin distribution of incoming traffic, cookie-based session affinity, URL path-based routing, and the ability to host multiple websites behind a single application gateway. Application Gateway monitors the health of resources in its back-end pool and automatically removes any resource considered unhealthy from the pool. Health probes continue until instances are healthy again and added back.

Azure Load Balancer is a layer 4 load balancer. TCP and HTTP health-probing options to manage service availability are optional.

“Availability sets”

https://docs.microsoft.com/en-us/learn/modules/explore-azure-infrastructure/ Core Cloud Services - Azure architecture and service guarantees

From Learn Path: Administer containers in Azure

QUESTION: How to use https://raw.githubusercontent.com/wilsonmar/Dockerfiles/master/azure-node/Dockerfile

https://docs.microsoft.com/en-us/learn/modules/run-docker-with-azure-container-instances/ Azure Container Instances (ACI).

Container restart policies:

  • Always restart for long-running tasks such as a web server, so it’s the default.
  • Never for run one-time only.
  • OnFailure only when the process short-lived tasks terminates with a nonzero exit code.

Management Certificates

Azure uses Management (x509 v3) Certificates (.cer file containing a public key) to access resources in an Azure Subscription.

There is a limit of 100 Management certs per Azure subscription (administrator).

  • Development
  • Test
  • Pre-prod (Staging)
  • Prod

Professional certifications

Exam AZ-103: Microsoft Azure Administrator supercedes exams AZ-100 and AZ-101 which have been retired.

Installers

Commands

https://docs.microsoft.com/en-us/learn/modules/welcome-to-azure/4-create-a-vm?pivots=linux-cloud

Install Commands

Each resource group defines scope access control for administrative actions.

Tags are used for all other organization of resources.

Azure PowerShell Login

Login-AzureRmAccount

Type your credentials and press OK.

A sample response:

   Environment           : AzureCloud
   Account               : ???@hotmail.com
   TenantId              : ????????-5f96-4d36-a89b-5ea0f7614e72
   SubscriptionId        : ????????-cf54-443f-b0f1-bcc5e78e9c27
   CurrentStorageAccount :
   

Azure Resource Groups

Every resource is in only one group, listed here by stack:

  • Web Apps
  • SQL
  • Storage
  • VMs
  • NICs
  • Virtual Networks

A resource group can contain resources residing in different regions.

Get-AzureRmResourceProvider

Azure Container Service (ACS)

Microsoft created and maintains the Azure Container Service with Mesosphere.com

with standard Docker tooling and API.

Streamlined provisioning of DC/OS Clusters

and Docker Swarm support

Mesos-DNS for service discovery and registration (no health checks)

DC/OS Marathon load balancer support of dcos cli commands needs to be installed. Backed up as a HA Proxy.

“Minuteman” provides virtual IPs stored in IP tables synced across the cluster.

Azure Service Fabric


Azure Service Fabric enables you to talk to a cluster of machines as if they were one.

An Azure Service Fabric agent runs on each machine – in Amazon or private cloud as well.

  • One call to manage capacity (add and remove nodes at will)
  • Service endpoint discovery
  • Create (immutable) containers
  • Deploy software to containers

  • health reporting
  • Monitoring based on queue length
  • Dynamic resource balancing based on actual resource usage (queue length)
  • Move resources from one node to another

  • coordinate upgrades (select what node to upgrade)
  • Diagnostics in F5

Different services can run on the same machine.

Azure Service Fabric offers a substitute for external storage via its Reliable Collections programming model accessing dictionary entries.

Load Scale sets

Overview Videos

Extentions Marketplace

VIDEO: Windows Azure Marketplace by Joe Kunk Intermediate Dec 19, 2013 1h 56m

https://marketplace.visualstudio.com/azuredevops?noPrompt=true

  1. If you get a pop-up:

  2. Click to be brought to
    https://marketplace.visualstudio.com/items?itemName=ms.vss-code-search

  3. Click the green “Get it free” button.
  4. Select the organization and click “Install”.
  5. Click “Proceed to organization”.

QUESTION: How to automate the above installation on an org?

  1. https://docs.microsoft.com/en-us/azure/devops/project/search/overview?view=azure-devops
  2. https://docs.microsoft.com/en-us/azure/devops/project/search/work-item-search?view=azure-devops
  3. https://docs.microsoft.com/en-us/azure/devops/project/wiki/search-wiki?view=azure-devops

Operations:

Dev

Data:

Mobile:

More on DevOps

This is one of a series on DevOps:

  1. DevOps_2.0
  2. ci-cd (Continuous Integration and Continuous Delivery)
  3. User Stories for DevOps

  4. Git and GitHub vs File Archival
  5. Git Commands and Statuses
  6. Git Commit, Tag, Push
  7. Git Utilities
  8. Data Security GitHub
  9. GitHub API
  10. TFS vs. GitHub

  11. Choices for DevOps Technologies
  12. Java DevOps Workflow
  13. AWS DevOps (CodeCommit, CodePipeline, CodeDeploy)
  14. AWS server deployment options

  15. Cloud regions
  16. AWS Virtual Private Cloud
  17. Azure Cloud Onramp
  18. Azure Cloud
  19. Azure Cloud Powershell
  20. Bash Windows using Microsoft’s WSL (Windows Subystem for Linux)

  21. Digital Ocean
  22. Cloud Foundry

  23. Packer automation to build Vagrant images
  24. Terraform multi-cloud provisioning automation

  25. Powershell Ecosystem
  26. Powershell on MacOS
  27. Powershell Desired System Configuration

  28. Jenkins Server Setup
  29. Jenkins Plug-ins
  30. Jenkins Freestyle jobs
  31. Jenkins2 Pipeline jobs using Groovy code in Jenkinsfile

  32. Dockerize apps
  33. Docker Setup
  34. Docker Build

  35. Maven on MacOSX

  36. Ansible

  37. MySQL Setup

  38. SonarQube static code scan

  39. API Management Microsoft
  40. API Management Amazon

  41. Scenarios for load