Friday, February 4, 2022

Azure

PasswordHash Synchronization  This is an AD Connect function and would synchronize a password hash from on-premise AD to Azure AD (not the password, a 1000x hash of the password).  This is also a Microsoft Best Practice recommendation.  What this enables is that with a simple single line of PowerShell, we can divorce Azure AD from ADFS for authentication, user authentication for Office 365 services would take place against the hashed password in Azure AD.  Whether an issue occurs in the transition from ADFS 2 to 4 or just day to day issues with ADFS, this technique could be used as failover to minimize the enterprise impact.

Conditional access:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

AAD connect export threshold exceeded:

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-feature-prevent-accidental-deletes

Errors during synchronization:

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-troubleshoot-sync-errors#duplicate-attributes

Standards to follow while creating attributes:
https://support.office.com/en-us/article/Prepare-to-provision-users-through-directory-synchronization-to-Office-365-01920974-9e6f-4331-a370-13aea4e82b3e

AAD connect:
Azure AD Connect server - ADFS: (if ADFS is involved)
If MFA is enabled, the URL https://secure.aadcdn.microsoftonline-p.com must be added to the trusted sites list.
AAd Connect Health sync:
Dashboard: https://aka.ms/aadconnecthealth

Fresco:

Azure Services;
  • Compute and Networking Services
  • Storage and Backup Services
  • Identify and Access Management Services
  • Application Services
  • Data and Analytics Services
  • Media and Content Delivery Services
Compute and Networking Services
  • Virtual Machines
  • Azure RemoteApp
  • Azure Cloud Services
  • Azure Virtual Networks
  • Azure ExpressRoute
  • Traffic Manager
Storage and Backup Services
  • Azure Storage
  • Azure Import/Export Service
  • Azure Backup
  • Azure Site Recovery
Identify and Access Management Services
  • Azure Active Directory
  • Azure Multi-Factor Authentication
Application Services
  • Azure App Services
  • API Management
  • Notification Hubs
  • Event Hubs
Data and Analytics Services
  • SQL Database
  • HDInsight®
  • Azure Redis Cache
  • Azure Machine Learning
  • DocumentDB
  • Azure Search
Media and Content Delivery Services
  • Azure Media Services
  • Azure CDN
  • Azure Service Bus
Useful Resources:
  • Azure Marketplace
  • VM Depot
  • GitHub
  • Azure Trust Center
Azure Marketplace - an online applications and services marketplace that offers,
  • VM images and extensions
  • APIs and Applications
  • Machine Learning and Data services
VM Depot - a community-based catalog of open source virtual machine images that can be deployed directly from Azure.
GitHub - a web-based Git repository that is free to use for public and open source projects.
Azure Trust Center - offers guidelines for integrated security monitoring and policy management across Azure subscriptions. Also, it provides data security & data privacy guidelines essential to comply with regulatory controls.
Azure Deployment Models
  1. Azure Service Management Model (ASM) using Classic Portal. This was the first approach that was introduced by Microsoft. Here the resources are coupled and can be deployed using ASM PowerShell Module.
  2. Azure Resource Management Model (ARM) using New Portal. The resources are decoupled and hence can be configured independently. JSON templates provide simple orchestration and rollback functions. They have their own ARM PowerShell Module as well.
For example, while deploying a VM - compute, Vnet and storage resources are coupled in ASM, and hence can not be configured independently. Whereas with ARM, these resources are can be configured independently.
ARM is the recommended model of deployment.
Managing Resources
Azure offers a number tools that you can use to deploy, update or delete resources from your cloud solution. Resources can include virtual machines, storage accounts, virtual networks, services, or any component that you are managing.
Here are the tools at your disposal to manage resources,
  • Azure PowerShell
  • ARM and ASM Portals
  • Azure CLI
  • Azure Rest APIs
  • Azure SDKs
We will go in detail about these tools in this topic. 

Azure PowerShell Module can be installed in several different ways,
  • From PowerShell Gallery
  • Using MSI installer from the GitHub repository
  • Using Microsoft Web Platform Installer

Check if PowerShellGet is installed on your system using:
>Get-Module PowerShellGet -list | Select-Object Name,Version,Path
Once PowerShellGet is downloaded you are all set to Install PowerShell ARM or ASM modules. We will look into this, in next couple of cards.
Administrative Privilege is needed to install the Azure PowerShell and Scripting environment must be enabled.
Install ARM Module
  • You can install Azure Resource Manager (ARM) modules from the PowerShell Gallery using:
Install-Module AzureRM
  • PowerShell gallery is not configured as a Trusted repository. Hence you will be prompted to "Allow installing modules from PSGallery". Choose 'Yes' or 'Yes to All' to continue.
  • Once installed, load the module in the PowerShell session using:
Import-Module AzureRM
  • Validate the installation by Checking the version of Azure PowerShell using:
Get-Module AzureRM -list | Select-Object Name,Version,Path


Install ASM module
  • For Classic mode use following command to install Azure PowerShell,
Install-Module Azure
and
Import-Module Azure
  • Validate the installation by Checking the version of Azure PowerShell using:
Get-Module Azure -list | Select-Object Name,Version,Path


Install using git repo:

Install msi installer and then launch azure power shell and run command

>add-azureaccount (press enter) to register online azure acct. It prompts login once authenticated it is added. It shows account and its subscriptions.
Test it by running command
>new-azurewebsite abcsite (press enter) to create a website in cloud
>get-azurewebsite -will list all the websites associated with that account including the one which we created.

ARM Templates
Advantages of ARM
  • Resource Group - ARM groups resources, making it much easier to manage them.
  • Smarter Provisioning - ARM refers ARM templates to figures out resource requirement, dependencies and provisions resources optimally.
  • Role-based Access control(RBAC) - gives greater control by configuring role-based access control at resource and resource group levels.
  • Tags - can be applied to resources to logically organize all of the resources in the same subscription.
  • Billing - In an organization, costs can be viewed for the entire group or for a group of resources sharing the same tag.

ARM templates are commonly used to automate deployment. Resource groups and resource properties like the size of DB, type of storage account are defined in these JSON documents.
ARM inspects requirements in ARM templates, figures out resource dependencies and provisions resources in an order or even simultaneously when there is no direct dependency between certain resources.
  • GitHub Resource Manager contains a number of Azure Quickstart Templates which can be used to build and deploy.
  • Another option is to create custom templates, using JSON EditorVisual Studio or Visual Studio Code a lightweight, open-source editor can be used to create these templates. Visual Studio Code can be downloaded from code.visualstudio.com.
Creating ARM templates:
Either u can do it by using Template section in Azure Portal or can use community templates
U can check the code that was written in these templates.

Azure CLI:


Azure CLI 2.0 is an open-source, cross-platform, shell-based command line interface for managing Azure resources.
You can use it in your browser with Azure Cloud Shell, or you can install it on macOS, Linux, and Windows and run it from the command line.
Commands are structured as:
>azure <topic> <verb> <options>
or
>az <topic> <verb> <options>
  • Example to list the virtual machines within an account
>azure vm list 
  • Example to create a resource group named "MyRG" in the centerus region of Azure
>az group create -n MyRG -l centerus 

Azure REST APIs
One of the most powerful ways to manage Azure is via the Azure REST APIs. Representational State Transfer (REST) APIs are service endpoints that support sets of HTTP operations (methods) to manage your resources.
It forms the connecting glue between your applications and Azure.
Test Drive Azure REST APIs
You can interact with the Azure REST APIs in a number of ways and methods, you can try out and experience interacting with the Azure REST APIs using https://azure.github.io/projects/apis/
REST APIs adhere to the OpenAPI Specification (also known as Swagger 2.0).
Azure SDKs
Azure SDKs provide a framework which you can use to build, deploy and manage various solutions and services you may need on Azure.
Some Azure SDKs currently available for download are
  • .NET
  • Java
  • Node.js
  • PHP
  • Python
  • Ruby
  • GO
Azure SDKs are downloadable from https://azure.microsoft.com/en-in/downloads/
A series of SDKs available tailored for specific workloads or services are
  • IoT SDKs
  • Media
  • WebJobs
Virtual Machines 

Key Concepts;

  • Resource Groups
  • Availability Set
  • Auto Scaling
  • VM creation Tools

Azure Virtual Machines provides Scalable Computing Environment to host wide range Infra services and Applications. They offer more control over the environment than other compute options like App Service or Cloud Services.
Azure Virtual Machines follow Infrastructure as a Service (IaaS) model and lets you create VMs in the cloud. VM's are provisioned with:
  • Compute
  • Storage
  • Networking capabilities
  • Operating system
When to use VMs
Azure VMs are best for workloads that:
  • Require High availability
  • Experience Unpredictable Growth
  • Experience Sudden Spikes
The first Step to creating VM is to choose the right VM size. Here are the various VM sizes that can cater to every kind of requirement.
  • General Purpose - ideal for Testing and Development.
  • Compute Optimized - recommended for medium traffic web servers and network appliances.
  • Memory Optimized - used for relational DB servers, medium to large caches, and for in-memory analytics.
  • Storage Optimized - used for Big Data, SQL, and NoSQL databases.
  • GPU - Ideal for heavy graphic rendering and video editing.
  • High Performance Compute - optimal for high-throughput network interfaces (RDMA).
Once the VM sizing is computed, OS images that are available in Azure Marketplace are used for provisioning a VM.
Azure Marketplace provides a large image gallery, which includes:
  • Recent operating system images of Windows Server, Linux, and SQL Server.
  • You can also store your own images in Azure, by capturing an existing virtual machine and uploading the image.
Finally, now to create Azure VMs any of the following tools can be leveraged,
  • Azure portal
  • ARM Template
  • Azure PowerShell
  • Azure CLI
Basic steps for deploying a virtual machine
  • Select an image or disk to use for the new virtual machine from Azure Market Place.
  • Provide Required information such as hostname, username, and password for the new virtual machine.
  • Provide Optional information like domain membership, virtual networks, storage account, cloud service, and availability set.
  • Go ahead and provision the machine.
VM creation using CLI : by Katcode
Fresco code to create azure account
if [ -f /opt/get-azure ]; then /opt/get-azure && source ~/.azureenv; else curl -O https://gist.githubusercontent.com/frescoplaylab/a06df129432f55ad14779cd75461e6c6/raw/82be68f978af82219bc67db65fbb3eeabbc799a2/get_azure_credentials; . get_azure_credentials && source ~/.azureenv; fi

Login
az login -u $username -p $password

You can find the resource group by using echo $resource
Create VM:
$ az vm create --name myvm --admin-username chala --admin-password chalasuma@61 --image win2016datacenter --generate-ssh-keys --resource-group user-gtkgkclmsklr
 list of created virtual machines by using:
az vm list
delete VM:
$ az vm delete --name myvm --resource-group user-gtkgkclmsklr

Azure Virtual Network
Once you create a VM, you will need to place it in a virtual network to receive IP address configurations and to connect to other VMs or other resources that you create in Azure.
In this topic, you learn:
  • Vnet Creation
  • Multiple Network Interface Card(NIC) usage
  • Network Security Group(NSG) and NSG Rules
You can create Azure network resources by using either the ARM Portal, Classic Portal, Network Configuration File, Azure PowerShell module, Azure command-line interface (Azure CLI), or by using deployment templates.
Multiple NICs in VM
You can attach multiple network interface cards (NICs) to each of your VMs.
Multiple NICs are used for many network virtual appliances and WAN Optimization solutions, as it provides high network traffic management capability, including isolation of traffic between a front-end NIC and back-end NIC(s).
Example - Palo alto Firewall appliance which contains 4 NICs for,
  • DMZ
  • Trusted Zone
  • Untrusted Zone
  • Firewall Management
Limitations of Multiple NICs
  • All VMs in a Availability set need to use either multi-NIC or single NIC. There cannot be a mixture of multi-NIC VMs and single NIC VMs within an availability set.
  • Once deployed, a VM with single NIC cannot be configured with multi NICs (and vice-versa), without deleting and re-creating it.
Create VM with multiple NICs:

Already a Vnet with two subnets has been created.
1. Two NIC created as frontnic, backnic and assigned to each subnet.
2.Configure VM, add NICs to the VM,configure storage(vhd,osimage) and create the VM. 



Network Security Groups:
VMs can have connectivity to the Internet when public IP address is assigned to the VMs or to the cloud service. Under such scenarios, Network Security Group (NSG) provides advanced security protection for the VMs.
NSGs contain inbound and outbound rules that specify whether the traffic is approved or denied.
NSGs Rule can be applied at the following levels,
  • NIC (ARM deployment model)
  • VM (classic deployment)
  • All VMs in a Subnet (both deployment models)
NSG Rule Properties
  • Name - is a unique identifier for the rule.
  • Direction - specifies whether the traffic is inbound or outbound.
  • Priority - If multiple rules match the traffic, rules with higher priority apply.
  • Access - specifies whether the traffic is allowed or denied.
  • Source IP address prefix - identifies from where traffic originates.
  • Source port range - specifies source ports.
  • Destination IP address prefix - identifies the traffic destination IP range
  • Destination port range - specifies destination ports
  • Protocol - specifies a protocol that matches the rule.
NSG can be associated to network interfaces and subnets.
While deleteing a NSG first disassociate and then delete.
Priority starts from number 100 and goes in increment of 10. Higher the number higher the priority.
Things to Remember
  • By default 100 NSGs can be created per region per subscription. This can be extended to 400 by contacting Azure support.
  • A single NSG can have 200 rules which can be raised to 500 by contacting Azure support.
  • Only one NSG can be applied to a VM, subnet, or NIC. However, the same NSG can be applied to multiple resources.
You can find the resource group by using echo $resource
$ az network vnet create --name myVirtualNetwork --resource-group user-pnzyupgyjvwh --subnet-name default
$ az network vnet delete --name myVirtualNetwork --resource-group user-pnzyupgyjvwh

$ az network nsg create --name mynsg --resource-group user-jrozkqbwgmqv

Intersite Connectivity Options
It is very common to come across a scenario where you have an On-Premise data center that needs to connect to resources deployed on Azure. There are four different options to handle such scenarios.
Point to Site VPN and Site to Site VPN were covered in detail in the Azure Essential course, So, now we will concentrate on Vnet to Vnet Connectivity and Express Route
VPN Gateway:
All 4 types of VPN connections require a Virtual Network gateway in the virtual network, which routes traffic to the on-premises computers.
The following VPN connections requires VPN Gateway:
  • Point-to-site
  • Site-to-site
  • VNet-to-Vnet - Between different Azure Regions - Between different Azure Subscription
  • IaaS v1 VNet-to-IaaS v2 VNet
  • Multisite
  • ExpressRoute
Features of VPN Gateway
A VPN gateway is a type of virtual network gateway that sends encrypted traffic across Azure virtual networks and also from Azure virtual network to an on-premises location.
  • Each virtual network can have only one VPN gateway.
  • Multiple connections can be made with the same VPN gateway.
  • When multi VPNs connect to the same VPN gateway, all VPN tunnels share the bandwidth that is available for the gateway.
Vnet to Vnet Connectivity
VNet-to-VNet connectivity is similar to connecting a VNet to an on-premises site location, except that both ends of the connection are VNets.
VMs and cloud service components in each VNet can communicate as if they were on the same VNet.
In VNet-to-VNet model, the connected VNets can be in the:
  • same or different regions
  • same or different subscriptions
  • same or different deployment models
Express route-

It is a private network between Azure and sites (on-premises)

It uses BGP standard (Border Gateway Protocol (BGP) is a routing protocol used to transfer data and information between different host gateways, the Internet or autonomous systems. BGP is a Path Vector Protocol (PVP), which maintains paths to different hosts, networks and gateway routers and determines the routing decision based on that).

It uses MS edge routers (core router is a router that forwards packets to computer hosts within a network (but not between networks). A core router is sometimes contrasted with an edge router, which routes packets between a self-contained network and other outside networks along a network backbone.)


They do not go over the public Internet, they are
  • More Secure
  • Highly Reliability
  • Faster and Lower Latency
Considerations for Intersite Connections
VPN Tunnel
  • Azure supports a maximum of 30 VPN tunnels per VPN gateway.
  • Each point-to-site, site-to-site and VNet-to-VNet VPN counts as one of those VPN tunnels.
  • Redundant tunnels are not supported.
VPN Gateway
  • A single VPN gateway can support up to 128 connections from client computers.
  • All VPN tunnels to a virtual network share the available bandwidth on the Azure VPN gateway.
Address spaces
  • Address spaces must not overlap. Hence must be planned for virtual networks in Azure and on-premises networks.
Note: 256 are maximum number of private IP Addresses per network interface managed through Azure Resource Manager per region per subscription.

Azure Storage F5
Hybrid cloud storage solution StorSimple.
Also:
  • Performance tiers of Storage Accounts
  • Features of Premium Storage
  • Virtual Machine Storage
  • Azure Files storage
  • Azure Blob or Unstructured Storage
  • Storage Tools
To use any of the Azure Storage services like Blob storage, File storage, and Queue storage, you will first create a storage account, and then you can transfer data to/from a specific service in that storage account.
Once created, Azure Storage resources can be accessed by any language that can make HTTP/HTTPS requests. Additionally, Azure Storage offers programming libraries for several popular languages to simplify many aspects of working with Azure Storage.

Azure storage is broadly grouped into 3 categories:
  • Storage for Virtual Machines - Disks, Files
  • Unstructured Data storage - Blobs, Data Lake
  • Structured Data storage - Tables, DocumentDB, Azure SQLDB
Storage for Virtual Machines:
  • Disks - Persistent block storage for Azure VMs.
  • Files - Fully managed file share on the cloud.
Unstructured Data storage:
  • Blobs - Highly scalable, REST based Cloud Object Storage.
  • Data Lake Store - Hadoop Distributed File System (HDFS) as a Storage.
Structured Data storage:
  • Tables - Key Value, high scale, auto-scaling NoSQL store.
  • DocumentDB - NoSQL document database service.
  • Azure SQL DB - Fully managed Database-as-a-service built on SQL.
https://www.quora.com/What-is-a-REST-API

Disks:
Virtual machines in Azure use disks as a place to store Operating system, Applications, and Data.
  • VM's also can have one or more data disks
  • Standard Storage Account uses Hard Disk Drive(HDD) as VM disk.
  • Premium Storage Account uses Solid State Drive(SSD) as VM disk.
  • Temporary Disk is a Non Persistent storage and uses SSD storage.
  • All disks are stored as Virtual Hard Disk's (VHD), and the maximum capacity of the VHD is limited to 1023 GB.
It is not recommended to store any data on Temporary Disk.
Files:
File storage offers shared storage using the standard SMB 3.0 protocol.
  • It can be accessed as a mounted drive or Map network Drive as typical SMB share in Desktops.
  • On-premises applications can access file data in a share via the File storage API.
Common uses of File storage:
  • Applications that rely on file shares.
  • Files like Configuration files that need to be accessed from multiple VMs.
  • Diagnostic data like logs that can be written to a file share and processed later.
  • Tools and utilities used by multiple developers.

Storage Accounts
Types of General Purpose Storage Account
  • Standard storage - most widely used storage accounts that can be used for all types of data (tables, queues, files, blobs and VM disks).
  • Premium storage - high-performance storage for page blobs, which are primarily used for VHD files.
Performance tiers of Blob Storage Account
  • Hot access - for files that are accessed frequently. You pay a higher cost for storage, but the cost of accessing the files is much lower. Example: File Share.
  • Cool access - to store large amounts of rarely accessed data for lower cost. Example: Backup Data.
Storage Account Conversion
  • Standard storage accounts are backed by magnetic drives (HDD) and provide the lowest cost per GB.
  • Premium storage accounts are backed by solid state drives (SSD) and offer consistent low-latency performance.
Hence it is not possible to convert standard storage account to Premium Storage account or vice versa.
Premium Storage:
Microsoft recommends using Premium Storage for all VMs.
Premium storage has high bandwidth with extremely low latency and it offers less than 1ms read latency(cache). Also, premium storage disks for virtual machines support up to 64 TB of storage, 80,000 IOPS per VM and 50,000 IOPS per disk.
  • To improve total IOPS throughput we recommend striping across multiple disks and using SSD premium disks.
  • Premium Storage is only supported on Azure GS and DS series of virtual machines.
  • Premium Storage supports only Locally Redundant Storage (LRS) Replication.
  • In Premium (SSD), the size of the VM disk is restricted to 128, 512, and 1023 GB.
Disk striping is a technique in which multiple smaller disks act as a single largedisk. The process divides large data into data blocks and spreads them across multiple storage devices. Disk striping provides the advantage of extremely large databases or large single-table tablespace using only one logical device.

Locally Redundant. Your data is replicatedsynchronously, so that there are three copies within a single facility in a single region. Locally Redundant Storage (LRS) protects your data against server hardware failures but not against the failure of the facility itself.

Storage Access Tools:

Azure Storage tools, make the life of a storage administrator much easier. Here are few of the most commonly used tools.
  • Azure Portal and Azure PowerShell
  • Azure Storage Explorer - a useful GUI tool to inspect and alter data in Azure Storage. It can be used to upload, download, and manage blobs, files, queues, and tables from any platform, anywhere.
  • AZ Copy - a command-line utility to copy blob, and file data within a storage account or across accounts.
  • Azure Import/Export service - to import or export large amounts of blob data to or from a storage account.
In Azure portal we can create Storage Account under a Resource Group.
Configure the storage account to be anything like blob, files, queues,..
If blob is selected then in its sub a Container is created which has a URL link (link can be considered as path to that container) but u can't upload or download any data. For that we have storage tools. For example Azure Storage explorer- post install (u can use quick starter icon at the Container u created in azure portal to redirect to the documentation of these tools),login pops up to provide azure account and then all the storage accounts related to that will be visible and then you can upload data and also the properties of container like primary key, copy primary key,.. are available.   

Also can upload .vhd file to container using upload icon or using powershell as below where you can see destination path is the URL 'link' of the container.



Securing Storage
Azure Storage provides a comprehensive set of security capabilities which together enable developers to build secure applications.
Data Security:
  • Data in transit can be secured using client-side encryption, HTTPS or SMB 3.0 protocol.
  • Data at rest can be secured using Storage Service Encryption.
  • OS and Data disks used by VMs can be encrypted using Azure Disk Encryption.
Security Management:
  • Storage Access Policy: define policies to grant and revoke access at a granular level, with a time limit.
  • Role-Based access control: use default and custom defined roles to control access to the storage accounts
  • Audit and monitor authorization: using request information available in storage analytics logs.
Storage Account Access keys and Shared Access Signatures (SAS) can be used to secure data access.
following command to make the resource group default, so that you need not use the resource group in the commands.

az configure --defaults group=$resource

storage account create with https only
$ az storage account create --name chalastorage --https-only true
$ az storage account keys list --account-name chalastorage
File share create
$ az storage share create --name chalashare --account-name chalastorage
Create Directory
$ az storage directory create --name chaladir --account-name chalastorage --share-name chalashare
Upload file to share-
$ az storage file upload --share-name chalashare --account-name chalastorage --source /opt/az/lib/python3.6/site-packages/knack/cli.py
Find the resource group by using echo $resource

create a file with name index.php
Hint: touch index.php

Use the ls command to find the file.

Adding value to variable
$ variable =$value

Blob storage overview:


Azure Blob storage is a service that stores Unstructured data in the cloud as blobs/objects. All blobs must be in a container and a container can store an unlimited number of blobs.
Common uses of Blob storage:
  • Serving images or documents directly to a browser.
  • Storing files for distributed access.
  • Streaming videos and audios.
  • Storing data for backup & restore, disaster recovery, and archiving.
  • Storing data for analysis by an on-premises or Azure-hosted service.

Blob storage is also referred to as Object storage.
Types of Blobs:
Azure Storage offers three types of blobs: Block blobs, Page blobs, and Append blobs.
Block blobs
  • Suitable for Sequential Read\Write operations.
  • Ideal for storing text or binary files, such as documents and media files.
Append blobs
  • Optimized for Append operations.
  • Can be used for logging scenarios.
Page blobs

  • Optimized for Random read/write operations.
  • Can be used for storing VHD files of Azure VM as OS and Data disks.
Managing Blob Storage

Blob storage typically requires transacting Huge amounts of data from On-Premises to Azure and vice-versa.
Examples of Huge Data:
  • Large Virtual Hard Disks (VHDs) - Using Upload and Download Commands
  • TBs of Backup Data - Using Export and Import services
Generally uploading and downloading VHD files is done through Azure PowerShell or Storage Explorer. Azure PowerShell provides a very efficient way for moving these large files through following cmdlets:
  • Add-AzureRmVHD - Uploads a VHD from an on-premises virtual machine to a blob storage in Azure.
  • Save-AzureRmVHD - Saves downloaded VHD images locally.

Import Export Service:


Import and Export is another service that is suitable for scenarios when several TBs of data needs to be transferred. Transferring such volume of data over the network is not feasible due to limited bandwidth and high network costs.
Example: Backup data to or from Azure.
  • Import Service - Securely transfers large amounts of data to Azure blob storage by shipping hard disk drives to an Azure DC.
  • Export Service - Transfers data from Azure blob storage to hard disk drives and ship to the on-premises site.
Usage Scenarios:

  • Migrating data to the cloud.
  • Content distribution to a different Datacenter.
  • Backup and Recovery data.
Which emulators are installed with the Azure SDK?
Compute and Storage emulator

Azure App services - F5


In Azure Essentials we briefly learned how Azure App Service enables us to easily create, Web, Mobile, Logic and API Apps.
  • Web apps: web based applications that can scale with business requirements
  • Mobile Apps: mobile applications that can run on any device
  • Logic apps: For automating business processes and integrating systems and data across clouds without writing code.
  • API apps: For hosting RESTful APIs that other services can leverage, such as in IoT scenarios
Hi
In this topic, we learn about Azure App Service Features, Plan and Environment.
Azure Momentum:
Global markets are now expecting:
  • Deeper engagement with customers
  • Faster times to market
  • Scalability
  • Availability
  • Lower Costs

Azure App Services is gaining popularity and growing rapidly, as it helps teams meet these expectations. It offers flexibility, supports open source technologies and multiple languages for you to build your applications.

App Service Plan:


App Service plans define the capabilities and boundaries of the environment in which application has to run.
There are five layers available: FreeSharedBasicStandard and Premium.
Note:

  • An application can only be associated with one service plan. However, a service plan can have, multiple applications associated with it.
  • The application must be in the same subscription and geographic location to share a plan.
  • Apps that share a plan can use all the capabilities and features that are defined by the plan's tier.
Managing Azure App Services
Management Tools

Like other Azure services, Azure App Service can also be managed by using the following tools,
  • Azure PowerShell
  • Azure Command Line Interface (CLI)
  • REST APIs
  • Templates
  • ARM and ASM portals
Locking Resources

Azure App Services protects the resources using Locks.
  • Locks can be applied to a subscription, resource group, or a resource such as a web application.
  • It prevents deleting or modification of resources by other users.
Lock Levels:
  • CanNotDelete: where authorized users can read and modify a resource, but they can't delete.
  • ReadOnly: where authorized users can read from a resource, but they can not perform any actions on it.
Locks are different from Role Based Access control(RBAC).
In Portal under AppServices under an app go to Tools and then select Locks and define whether it is for delete/ read only.
If delete selected in Locks then you can test by navigating to that app and trying to delete but which denies your action "cannot be deleted"
   
Custom Domain Name Configuration

When a Application is hosted on Azure, it can be accessed using a default domain name <app name>.azurewebsites.net.
However, it is preferred to access the application using our own URL, such as https://play.fresco.me
Custom Domain name can be directly purchased through the Azure App services portal or one can carry forward their own Domain Name.

Under app got to Custom Domain and you can find 'Buy Domain' and post that .azurewebsites.net will become an alias. Ex u ahve bought like theaswesomeapp.net
There is also Hostname section where u can add hostname as www.theawesomeapp.net else when user browse www.theawesomeapp.net it will result page not found and only when he browse theaswesomeapp.net , webpage will display.

Managing Azure App Services:


Management Tools
Like other Azure services, Azure App Service can also be managed by using the following tools,
  • Azure PowerShell
  • Azure Command Line Interface (CLI)
  • REST APIs
  • Templates
  • ARM and ASM portals
In this topic, we will learn about Locking Resources, Custom Domain name configuration, Site Extensions, and app deployment options.


Locking Resources
Azure App Services protects the resources using Locks.
  • Locks can be applied to a subscription, resource group, or a resource such as a web application.
  • It prevents deleting or modification of resources by other users.
Lock Levels:
  • CanNotDelete: where authorized users can read and modify a resource, but they can't delete.
  • ReadOnly: where authorized users can read from a resource, but they can not perform any actions on it.
Locks are different from Role Based Access control(RBAC).
Custom Domain Name Configuration
When a Application is hosted on Azure, it can be accessed using a default domain name <app name>.azurewebsites.net.
However, it is preferred to access the application using our own URL, such as https://play.fresco.me
Custom Domain name can be directly purchased through the Azure App services portal or one can carry forward their own Domain Name. 

Site Extensions with apps:


Site Extensions are used to extend functionality and provides ease management of Web Applications.
  • A full list of available site extensions is available on the Site Exensions page, https://www.siteextensions.net/.
  • It also provides pointers to project sites, licenses, owner details etc for each extension.
Examples of Site Extensions:
  • Application insights: provides monitoring capabilities.
  • New Relic: provides monitoring capabilities.
  • Php Manager: tool for managing PHP installations.
  • Jekyll: Adds support for Jekyll on a Web App.
App Service Deployment Options
There are a number of different options available for deployment of web app services such as,
Basic
  • FTP
  • Web Deploy
Alternative
  • OneDrive/DropBox
  • Kudu
Source Control / Continuous Deployment
  • Visual Studio Online
  • Local Git
  • GitHub
  • BitBucket

Azurerocks.com also azurerocks youtube channel on how to publish a web app using FTP.


Kudu based Deployments
Kudu is the engine behind source control based deployments into Azure App Service. Every Azure website has an associated 'scm' service site, which runs both Kudu and other Site Extensions.
Accessing the Kudu service
If your website URL is http://mysite.azurewebsites.net/, the root URL of the Kudu service ishttps://mysite.scm.azurewebsites.net.


Command CLI:
Check the lock list by executing:
az lock list.

to delete lock: az lock delete https://docs.microsoft.com/en-us/cli/azure/lock?view=azure-cli-latest#az-lock-delete

Azure Data Services and Azure SQL:


Azure Database Services Intro
In Azure Essentials we learn about different types of Data services in Azure, such as,
  • SQL Database
  • SQL Data Warehouse
  • Document DB
  • Table Storage
  • Redis Cache
  • Data Factory
  • Data Lake
In this course, we will focus on:
  • Difference between Azure SQL and SQL on Azure VM
  • Architecture of Azure SQL and Service tiers
  • Planning and Provisioning of Azure SQL
  • Migrating SQL database to Azure
  • HDInsight
Database On Cloud
One of the key decision points about where and how you want to run your SQL databases is the administrative Vs Cost overheads.
There may be critical business requirements around data retention that must be adhered to in some scenarios. Sametime, there are instances where data is potentially suitable to be stored in the cloud either under a PaaS or an IaaS model.
Scenarios like these where there is a blend of answers, opting for a hybrid solution with some of the database needs to be met by using the cloud and other data being retained on-premises can help reduce management overhead and costs.

Azure SQL (PaaS) Vs SQL Server (IaaS)
Azure SQL Database (PaaS): is native to the cloud and is optimized for SaaS app development. It reduces overall costs to the minimum for provisioning and managing many databases as you do not have to manage any VMs, OS or DB software.
SQL Server on Azure Virtual Machines (IaaS): is optimized for migrating existing applications to Azure or in hybrid deployments. It is a perfect choice when an organization already has IT resources available to maintain the VMs.
In general, these two SQL options are optimized for different purposes and needs to be determined based on the requirement.
Azure SQL Database architecture:

Azure subscription
  Resource group
    SQL database server
       Master database, Isolated user databases

Database transaction Unit:


A DTU is a measure of the resources that are guaranteed to be available to a standalone Azure SQL database. It is a measure that combines CPU, memory and I/O values.
DTU is used to decide which Service Tier is suitable for your Database requirement.
Larger the number, better the performance. BTU provides a way to see the overall performance levels, need driving it and be able to relate that to cost.
An elastic DTU (eDTU) is a measure of the resources across a set of databases, called an elastic pool.

Premium (DTU and Cost high)
Standard
Basic

DB Service Tiers:


There are three different Service Tiers to accommodate a variety of workload requirements.
  • Basic - Suitable for small databases, and low volume needs
  • Standard - Suitable for most cloud based apps
  • Premium - Suitable for high transnational volumes with super critical workloads

All these options provide an uptime SLA of 99.99% and hourly billing. Also, it is possible to change service tiers and performance levels dynamically.
Migrating SQL DB:
Quite often SQL DBs are migrated from On-Premises to Azure SQL.
Pre-requisites of Migration
  • Test for compatibility of the DB with Azure SQL
  • Fix Compatability issues if found
  • Perform migration
Migration can be done in multiple waysAcceptable Downtime decides the type of Migration.

  • For minimal downtime, use SQL Server transactional replication and replicate your data over the Network.
  • When downtime is acceptable, use Export to DAC package and ImportDAC package in Azure SQL
Data Analytics with HDInsight

HDInsight is a Microsoft managed Hadoop service running in Azure that provides a range of open source data analytics cluster models.
Microsoft makes the Hadoop components available in a distributed model in Azure where it manages the cluster. Making it easy to provision and manage them with high availability and reliability.
It is available as a service under the Intelligence and Analytics grouping of services wihtin Azure.

HDInsight - Cluster Types

HDInsight currently provides several different optimized open source analytic cluster types:
  • Hadoop - Petabyte scale processing with Hadoop components like Hive, Pig, Sqoop.
  • HBase - Fast and scalable NoSQL Offering.
  • Storm - Allows processing of infinite streams of data in real-time.
  • Spark - Fast data analytics and cluster using in-memory processing.
  • Interactive Hive (preview) - Enterprise Data Warehouse with in-memory analytics using Hive and Long Live and Process (LLAP)
  • R Server - Terabyte scale, provides enterprise-grade R analytics used for machine learning models.
  • Kafka (preview): High throughput, low latency, real-time streaming platform, typically used in streaming and IoT scenarios

Bits:

Deploying and running web app:
1.Cloning the required web app
2.Creating app service plan
3.Creating a web app

4.Deploying and running the web app

Create azure web app
https://docs.microsoft.com/en-us/cli/azure/webapp?view=azure-cli-latest#az-webapp-create

Create app service plan
https://docs.microsoft.com/en-us/cli/azure/appservice/plan?view=azure-cli-latest#az-appservice-plan-create


Set-AzureRmVMSourceImage -version "latest"  to get most current image.
https://docs.microsoft.com/en-us/powershell/module/azurerm.compute/set-azurermvmsourceimage?view=azurermps-6.13.0

Azure Scale up and Scale Out
Scale-up – Upgrade the capacity of the host where the app is hosted (PAAS environment). Ex: Increase the RAM size from 1 cores to 4 cores.
Scale-out – Upgrade the capacity of the app by increasing the number of host instances (PAAS Environment). Ex: Having a Load Balancer where your app is hosted on multiple instances.

Hot and Cold performance tier available for general purpose storage accounts.

In addition to Production slot, 4 additional deployment slots can be craeted.

No OS upgrades are supported of an Azure VM

Azure data, by default, is replicated 3 times for data protection and writes are checked for consistency

Use Import and Export service to transfer several TBs of data to Azure Datacenter as uploading over network is not feasible due to limited bandwidth

Determining factor as to whether or not a VM can have multiple NICs connected to it - VM Size

What kind of NoSQL store are Azure Table Storage - Key-Value pair

MS uses industry standard BGP(Border Gateway Protocol) dynamic routing protocol to exchange routes between your on-premises network, your instances in Azure and MS public addresses.


Azure VMs are best for workloads that:
Require High availability
Experience Unpredictable Growth
Experience Sudden Spikes

A network configuration file is an XML file (when using PowerShell) or a json file (when using the Azure CLI)

Max no of VMs based on a custom VM image in a scale set is 600

HDInsight service gives MS Azure users to the open source framework Hadoop.

Storage Optimized VM series is ideal for Big Data, SQL and NoSql databases

Webjobs can be scheduled to run - on-demand, as scheduled, continuously.

az vm nic add - Add existing NICs to a VM
https://docs.microsoft.com/en-us/cli/azure/vm/nic?view=azure-cli-latest#az-vm-nic-add

VPN Gateway must be used to provide the connection between VNets of - Different region, Different subscription, same region.