1. understand terms such as High Availability, Scalability, Elasticity, Agility, Fault Tolerance, and Disaster Recovery 2. understand the principles of economies of scale 3. understand the differences between Capital Expenditure (CapEx) and Operational Expenditure (OpEx)
Capital Expenditure (CapEx): CapEx is the spending of money on physical infrastructure up front, and then deducting that expense from your tax bill over time. CapEx is an upfront cost, which has a value that reduces over time.
- Server costs
- Storage costs
- Network costs
- Backup and archive costs
- Organization continuity and disaster recovery costs
- Datacenter infrastructure costs
Benefits of CapEx: With capital expenditures, you plan your expenses at the start of a project or budget period. Your costs are fixed, meaning you know exactly how much is being spent. This is appealing when you need to predict the expenses before a project starts due to a limited budget.
Operational Expenditure (OpEx): OpEx is spending money on services or products now and being billed for them now. You can deduct this expense from your tax bill in the same year. There’s no upfront cost. You pay for a service or product as you use it.
- Leasing a cloud-based server
- Leasing software and customized features
- Scaling charges based on usage/demand instead of fixed hardware or capacity
Billing at the user or organization level
Benefits of OpEx: Demand and growth can be unpredictable and can outpace expectation, which is a challenge for the CapEx model as shown in the following graph.
- understand the consumption-based model
Describe the differences between Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS)
- describe Infrastructure-as-a-Service (IaaS) e.g. Virtual Machines
- describe Platform-as-a-Service (PaaS) e.g. App and DB services
- describe Software-as-a-Service (SaaS)
- compare and contrast the three different service types
| Traditional | IaaS | PaaS | SaaS |
| Application | Application | Application | Application |
| Data | Data | Data | Data |
| Runtime | Runtime | Runtime | Runtime |
| Middleware | Middleware | Middleware | Middleware |
| O/S | O/S | O/S | O/S |
| Virtualization | Virtualization | Virtualization | Virtualization |
| Servers | Servers | Servers | Servers |
| Storage | Storage | Storage | Storage |
| Networking | Networking | Networking | Networking |
legend: In bold font, what DevOps need to take care, in normal font, managed by vendor (Microsoft Azure)
A cloud deployment model defines where your data is stored and how your customers interact with it – how do they get to it,
and where do the applications run? It also depends on how much of your own infrastructure you want or need to manage. Three
versions: Public, Private versus Hybrid
- describe Public cloud
High scalability/agility – you don’t have to buy a new server in order to scale
Pay-as-you-go pricing – you pay only for what you use, no CapEx costs
You’re not responsible for maintenance or updates of the hardware
Minimal technical knowledge to set up and use - you can leverage the skills and expertise of the cloud provider to ensure workloads are secure, safe, and highly available
Not all scenarios fit the public cloud. Here are some disadvantages to think about:
There may be specific security requirements that cannot be met by using public cloud
There may be government policies, industry standards, or legal requirements which public clouds cannot meet
You don’t own the hardware or services and cannot manage them as you may want to
Unique business requirements, such as having to maintain a legacy application might be hard to meet
2. describe Private cloud
In a private cloud, you create a cloud environment in your own datacenter and provide self-service access to compute resources to users in your organization.
This approach has several advantages:
You have complete control over the resources and can ensure the configuration can support any scenario or legacy application
You have complete control (and responsibility) over security
Private clouds can meet strict security, compliance, or legal requirements in ways a public cloud might not be able to
Some reasons teams move away from the private cloud are:
You have upfront CapEx costs and must purchase the hardware for startup and maintenance
Owning the equipment limits the agility - to scale you must buy, install, and setup new hardware
Private clouds require IT skills and expertise that’s hard to come by
3. describe Hybrid cloud
A hybrid cloud combines public and private clouds, allowing you to run your applications in the most appropriate location. For example, you could host a website in the public cloud and link it to a highly secure database hosted in your private cloud (or on-premises datacenter).
Some advantages of a hybrid cloud are:
- compare and contrast the three different cloud models
1. describe Regions Azure region: It is one or more Azure data centers within a specific geographic location. 50 regions worldwide. Region Pairs: westus paring with eastus for failover reason 2. describe Availability Zones 3. describe Resource Groups 4. describe Azure Resource manager 5. describe the benefits and usage of core Azure architectural components
1. describe products available for Compute such as Virtual Machines, Virtual Machine Scale Sets, App Service and Functions 2. describe products available for Networking such as Virtual Network, Load Balancer, VPN Gateway, Application Gateway and Content Delivery Network 3. describe products available for Storage such as Blob Storage, Disk Storage, File Storage, and Archive Storage 4. describe products available for Databases such as CosmosDB, Azure SQL Database, Azure Database Migration service, and Azure SQL Data Warehouse 5. describe the Azure Marketplace and its usage scenarios
1.describe Internet of Things (IoT) and products that are available for IoT on Azure such as IoT Fundamentals, IoT Hub and IoT Central 2. describe Big Data and Analytics and products that are available for Big Data and Analytics such as SQL Data Warehouse, HDInsight and Data Lake Analytics 3. describe Artificial Intelligence (AI) and products that are available for AI such as Azure Machine Learning Service and Studio 4. describe Serverless computing and Azure products that are available for serverless computing such as Azure Functions, Logic Apps and App grid 5. describe the benefits and outcomes of using Azure solutions
1. understand Azure tools such as Azure CLI, PowerShell, and the Azure Portal 2. understand Azure Advisor
1. describe Azure Firewall 2. describe Azure DDoS Protection 3. describe Network Security Group (NSG) 4. choose an appropriate Azure security solution
1. understand the difference between authentication and authorization
Two fundamental concepts that need to be understood when talking about identity and access control are authentication
and authorization. They underpin everything else that happens and occur sequentially in any identity and access process:
Authentication is the process of establishing the identity of a person or service looking to access a resource. It
involves the act of challenging a party for legitimate credentials, and provides the basis for creating a security
principal for identity and access control use. It establishes if they are who they say they are.
Authorization is the process of establishing what level of access an authenticated person or service has. It
specifies what data they’re allowed to access and what they can do with it.
2. describe Azure Active Directory 3. describe Azure Multi-Factor Authentication
1. describe Azure Security 2. understand Azure Security center usage scenarios 3. describe Key Vault 4. describe Azure Information Protection (AIP) 5. describe Azure Advanced Threat Protection (ATP)
1. describe Azure Policies 2. describe Initiatives 3. describe Role-Based Access Control (RBAC) 4. describe Locks 5. describe Azure Advisor security assistance
1. describe Azure Monitor 2. describe Azure Service Health 3. understand the use cases and benefits of Azure Monitor and Azure Service Health
1. understand industry compliance terms such as GDPR, ISO and NIST 2. understand the Microsoft Privacy Statement 3. describe the Trust center 4. describe the Service Trust Portal 5. describe Compliance Manager 6. determine if Azure is compliant for a business need 7. understand Azure Government services 8. understand Azure Germany services
1. describe an Azure subscription 2. understand the uses and options with Azure subscriptions
1. understand options for purchasing Azure products and services 2. understand options around Azure Free account 3. understand the factors affecting costs such as resource types, services, locations, ingress and egress traffic 4. understand Zones for billing purposes 5. understand the Pricing calculator 6. understand the Total Cost of Ownership (TCO) calculator 7. understand best practices for minimizing Azure costs such as performing cost analysis, creating spending limits and quotas, and using tags to identify cost owners; use Azure reservations; use Azure Advisor recommendations 8. describe Azure Cost Management
1. understand support plans that are available such as Dev, Standard, Professional Direct and Premier 2. understand how to open a support ticket 3. understand available support channels outside of support plan channels 4. describe the Knowledge Center
1. describe a Service Level Agreement (SLA) 2. determine SLA for a particular Azure product or service
1. understand Public and Private Preview features 2. understand how to access Preview features 3. understand the term General Availability (GA) 4. monitor feature updates
Cloud computing is renting resources, like storage space or CPU cycles, on another company’s computers. The company providing these serices is referred to as a cloud provider. Some example providers are Microsoft, Amazon, and Google.
1. Computer power 2. Storage 3. Applications - such as NoSQL or SQL database applications 4. Networking - such as setting up virtual networks for virtual machines 5. Analytics - such as visualizing telemetry, and performance data
1. Computer power A. Containers: Containers provide a consistent, isolated execution environment for applications. The open-source project, Docker, is one of the leading platforms for managing containers B. Serverless Computing Serverless computing lets you run application code without creating, configuring, or maintaining a server. Serverless computing enables you to focus solely on how your application behaves. It's ideal for automation tasks. For example, you can build a serverless process that automatically sends an email confirmation after a customer makes an online purchase. 2. Storage Cloud providers typically offer services that can handle all of these types of data. For example, if you wanted to store text, you could use a file on disk or you could take a more structured approach like using a relational database.
1. It's cost-effective or pay-as-you-go 2. It's scalable + vertical scaling (scale up) e.g. adding a faster CPU + horizontal scaling (scale out) e.g. adding one more server 3. It's elastic As your workload changes due to a spike or drop in demand, a cloud computing system can compensate by automatically adding or removing resources 4. It's current When you use the cloud, you’re able to focus on what matters: building and deploying applications. You don't have to be caught up in the maintenance work of software patching, hardware setup, upgrades, and other IT management tasks. 5. It's reliable Cloud computing providers offer data backup, disaster recovery, and data replication services to make sure your data is always safe. 6. It's global Cloud providers have fully-redundant datacenters located in various regions all over the globe. This gives you a local presence close to your customers to give them the best response time possible no matter where in the world they are. You can replicate your services into multiple regions for redundancy and locality, or select a specific region to ensure you meet data-residency and compliance laws for your customers. 7. It's secure physical security to the cloud infrastructure digital security, only authorized users to use the resources
You can keep any systems running and accessible that use out-of-date hardware or an out-of-date operating system
You have flexibility with what you run locally versus in the cloud
You can take advantage of economies of scale from public cloud providers for services and resources where it’s cheaper, and then supplement with your own equipment when it’s not
You can use your own equipment to meet security, compliance, or legacy scenarios where you need to completely control the environment
Some concerns you’ll need to watch out for are:
It can be more expensive than selecting one deployment model since it involves some CapEx cost up front
It can be more complicated to set up and manage
- Infrastructure as a service (IaaS)
- Platform as a service (PaaS)
- Software as a service (SaaS)
Azure portal for interacting with Azure via a Graphical User Interface (GUI)
Azure PowerShell and Azure Command-Line Interface (CLI) for command line and automation-based interactions with Azure
- Azure Cloud Shell for a web-based command-line interface
- Azure mobile app for monitoring and managing your resources from your mobile device
There are four common techniques for performing compute in Azure:
- Virtual machines
- Containers – Containers are a virtualization environment for running applications
- Azure App Service
- Serverless computing
Azure offers three storage tiers for blob object storage:
Hot storage tier: optimized for storing data that is accessed frequently.
Cool storage tier: optimized for data that is infrequently accessed and stored for at least 30 days.
Archive storage tier: for data that is rarely accessed and stored for at least 180 days with flexible latency requirements.
A virtual network is a logically isolated network on Azure. A virtual network allows Azure resources to securely communicate with each other, the internet, and on-premises networks. A virtual network is scoped to a single region; however, multiple virtual networks from different regions can be connected together using virtual network peering.
You can also keep your service or data tiers in your on-premises network, placing your web tier into the cloud, but keeping tight control over other aspects of your application. A VPN gateway (or virtual network gateway), enables this scenario. It can provide a secure connection between an Azure Virtual Network and an on-premises location over the internet.
What’s a network security group?
A network security group, or NSG, allows or denies inbound network traffic to your Azure resources. Think of a network security group as a cloud-level firewall for your network.
To provide a dedicated, private connection between your network and Azure, you can use Azure ExpressRoute. ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection facilitated by a connectivity provider. With ExpressRoute, you can establish connections to Microsoft cloud services, such as Microsoft Azure, Office 365, and Dynamics 365. This improves the security of your on-premises communication by sending this traffic over the private circuit instead of over the public internet. You don’t need to allow access to these services for your end users over the public internet, and you can send this traffic through appliances for further traffic inspection.
Module 1: Cloud Concepts
In this module you will learn basic cloud concepts.
Why Cloud Services?
Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS)
Public, Private, and Hybrid cloud models
After completing this module, students will be able:
Understand general cloud computing concepts
Module 2: Core Azure Services
In this module you will learn the basics core services available with Microsoft Azure.
Core Azure architectural components
Core Azure Services and Products
Azure management tools
After completing this module, students will be able:
Understand core services available with Microsoft Azure
Module 3: Security, Privacy, Compliance and Trust
In this module, you learn about security, privacy, compliance, and trust with Microsoft Azure.
Securing network connectivity in Azure
Core Azure Identity services
Security tools and features
Azure governance methodologies
Monitoring and Reporting in Azure
Privacy, Compliance and Data Protection standards in Azure
After completing this module, students will be able:
Understand security, privacy, compliance and trust with Microsoft Azure
Module 4: Azure Pricing and Support
In this module, you will focus on pricing and support models available with Microsoft.
Planning and managing costs
Support options available with Azure
Service lifecycle in Azure
After completing this module, students will be able:
Understand pricing and support models available with Microsoft