# Azure Fundamentals

This notebook includes my notes taken for preparing [Exam AZ-900: Microsoft Azure Fundamentals](https://docs.microsoft.com/en-us/learn/certifications/exams/az-900). The contents in this notebok is based on the [exam skills outline](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE3VwUY) downloaded on the same exam webpage.

Please note that all the notes taken are based on my personal understanding through studying the materials on Microsoft Learn. They are not official answers and not meant to be comprehensive for learning Azure.


## Concept of Cloud Computing

### What is cloud computing? 
Cloud computing is the delivery of computing services - including **servers, storage, databases, networking, software, analytics, and intelligence** over the internet ("the cloud") to offer faster innovation, flexible resources, and economies of scale.

### Services offered by cloud computing providers 
Typically, these services include:
- Compute power - such as Linux servers or web applications.
    - Computing choices: VM, containers such as Docker (without operating system), and serverless computing such as function (without server)
- Storage - such as files and databases.
- Networking - such as secure connections between the cloud provider and your company.
- Analytics - such as visualizing telemetry and performance data.

## PART 1:Describe Cloud Concepts (15-20%)

### Describe the benefits and considerations of using cloud services
- describe terms such as High Availability, Scalability, Elasticity, Agility, Fault Tolerance, and Disaster Recovery

    - High availability. The ability to **keep services up and running** for long periods of time, with very little downtime, depending on the service in question.

    - Scalability. The ability to **increase or decrease resources for any given workload**. You can add additional resources to service a workload (known as ***scaling out***), or add additional capabilities to manage an increase in demand to the existing resource (known as ***scaling up***). Scalability doesn't have to be done automatically.

    - Elasticity. The ability to ***automatically*** **or dynamically increase or decrease resources as needed**. Elastic resources match the current needs, and resources are added or removed automatically to meet future needs when it’s needed (and from the most advantageous geographic location). A distinction between scalability and elasticity is that elasticity is done ***automatically***.

    - Agility. The ability to **react quickly**. Cloud services can allocate and deallocate resources quickly. They are provided on-demand via self-service, so vast amounts of computing resources can be provisioned in minutes. There is no manual intervention in provisioning or deprovisioning services.

    - Fault tolerance. The ability to **remain up and running even in the event of a component (or service) no longer functioning**. Typically, **redundancy** is built into cloud services architecture, so if one component fails, a backup component takes its place. This type of service is said to be tolerant of faults.

    - Disaster recovery. The ability to **recover from an event which has taken down a cloud service**. Cloud services disaster recovery can happen very quickly, with automation and services being readily available to use.


- describe the principles of economies of scale
    The concept of economies of scale is the ability to **reduce costs** and **gain efficiency** when **operating at a larger scale** in comparison to operating at a smaller scale.
    

- describe the differences between Capital Expenditure (CapEx) and Operational Expenditure (OpEx)

    - Capital Expenditure (CapEx): This is the **up front spending of money on physical infrastructure**, and then **deducting that up front expense over time**. The up front cost from CapEx has a value that reduces over time.

    - Operational Expenditure (OpEx): This is **spending money on services or products now and being billed for them now**. You can **deduct this expense in the same year you spend it**. There is no up front cost, as you pay for a service or product as you use it.


- describe the consumption-based model: users only pay for the resources that they use.

### Describe the differences between Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS)

- describe Infrastructure-as-a-Service (IaaS)

    IaaS requires the most user management of all the cloud services. The user is responsible for managing the **operating systems, data, and applications**. With IaaS, you **rent IT infrastructure servers and virtual machines (VMs), storage, networks, and operating systems** from a cloud provider on a pay-as-you-go basis.

    When using IaaS, ensuring that a service is up and running is a shared responsibility: the cloud provider is responsible for ensuring the cloud infrastructure is functioning correctly; the cloud customer is responsible for ensuring the service they are using is configured correctly, is up to date, and is available to their customers.


- describe Platform-as-a-Service (PaaS)

    PaaS requires less user management. The cloud provider manages the operating systems, and the user is responsible for the **applications and data** they run and store. PaaS is a complete development and deployment environment in the cloud, with resources that enable organizations to deliver everything from simple cloud-based apps to sophisticated cloud-enabled enterprise applications. (Ex: web application, Excel macro, analytics, business intelligence)


- describe Software-as-a-Service (SaaS)

    SaaS requires the least amount of management. The cloud provider is responsible for managing everything, and the end user just **uses the software**. It allows users to connect to and use cloud-based apps over the internet. Common examples are email, calendars, and office tools such as Microsoft 365.



- compare and contrast the three different service types

    **IaaS** is the most flexible category of cloud services. It aims to give you complete control over the hardware that runs your application. Instead of buying hardware, with IaaS, you rent it. With **PaaS**, users can gain access to more cutting-edge development tools and toolsets. Users can also focus on application development only, as all platform management is handled by the cloud provider. **SaaS** is usually based on an architecture where one version of the application is used for all customers, and licensed through a monthly or annual subscription



### Describe the differences between Public, Private and Hybrid cloud models
- describe Public cloud

    A public cloud is **owned by the cloud services provider (also known as a hosting provider)**. It provides resources and services to multiple organizations and users, who connect to the cloud service via a secure network connection, typically over the internet.


- describe Private cloud

    A private cloud is **owned and operated by the organization that uses the resources from that cloud**. They create a cloud environment in their own datacenter and provide self-service access to compute resources to users within their organization. The organization remains the owner, entirely responsible for the operation of the services they provide.


- describe Hybrid cloud

    A hybrid cloud combines both public and private clouds, allowing you to run your applications in the most appropriate location. **Specific resources run or are used in a public cloud, and others run or are used in a private cloud.** An example of a hybrid cloud usage scenario would be **hosting a website in the public cloud and linking it to a highly secure database hosted in a private cloud**.


- compare and contrast the three different cloud models

## PART 2: Describe Core Azure Services (30-35%)
### Describe the core Azure architectural components
- Describe Regions

    A region is a geographical area on the planet **containing at least one, but potentially multiple datacenters** that are in close proximity and networked together with a low-latency network. Azure intelligently assigns and controls the resources within each region to ensure workloads are appropriately balanced. A few examples of regions are West US, Canada Central, West Europe, Australia East, and Japan West. At the time of writing this, Azure is generally available in 60 regions and available in 140 countries.

    Azure divides the world into geographies that are defined by geopolitical boundaries or country borders. An Azure geography  is a discrete market typically containing two or more regions that preserves data residency and compliance boundaries. Each region belongs to a single geography and has specific service availability, compliance, and data residency/sovereignty rules applied to it.


- Describe Availability Zones

    **Availability sets** are a way for you to ensure your application remains online if a high-impact maintenance event is required, or if a hardware failure occurs. **Availability zones** are physically separate locations within an **Azure region** that use availability sets to provide additional fault tolerance. **(Available sets are duplicated across available zones. Azure region consists of multiple availability zones, or data centers.)**

    Each availability zone is an isolation boundary containing one or more datacenters equipped with independent power, cooling, and networking. The availability zones are typically connected to each other through very fast, private fiber-optic networks.

    **Knowledge check: Microsoft Azure datacenters are organized and made available by regions.**
    

- Describe Resource Groups

    A resource group is a unit of management for your resources in Azure. You can think of your resource group as a container that allows you to aggregate and manage all the resources required for your application in a single manageable unit. This allows you to manage the application collectively over its lifecycle, rather than manage components individually. Before any resource can be provisioned, you need a resource group for it to be placed in.

    You can manage and apply the following resources at resource group level:

    - Metering and billing
    - Policies
    - Monitoring and alerts
    - Quotas
    - Access control

    Remember that when you delete a resource group you delete all resources contained within it.


- Describe Azure Resource Manager

    Azure Resource Manager  is a management layer in which resource groups and all the resources within it are created, configured, managed, and deleted. It provides a consistent management layer which allows you automate the deployment and configuration of resources using different automation and scripting tools, such as Microsoft Azure PowerShell, Azure Command-Line Interface (Azure CLI), Azure portal, REST API, and client SDKs.
    
    **Knowledge check: Azure Resource Manager is sotred in JSON format.**


- Describe the benefits and usage of core Azure architectural components

### Describe some of the core products available in Azure

*Note 1: Categories of Azure core products:* ***Azure Compute, Azure Network, Azure Storage, Azure Databases, and Azure Marketplace.***

*Note 2: Storage and database are two different concepts in Azure.*



- Describe products available for Compute such as Virtual Machines, Virtual Machine Scale Sets, App Services, Azure Container Instances (ACI) and Azure Kubernetes Service (AKS)

    1. **Virtual machines (VMs)** are **software emulations of physical computers**. They include a virtual processor, memory, storage, and networking resources. VMs host an operating system, and you're able to install and run software just like a physical computer. *When using a remote desktop client, you can use and control the virtual machine as if you were sitting in front it.*

    2. **Virtual machine scale sets** are an Azure compute resource that you can use to **deploy and manage a set of identical VMs**. With all VMs configured the same, virtual machine scale sets are designed to support true autoscale; no pre-provisioning of VMs is required; and as such makes it easier to build large-scale services targeting big compute, big data, and containerized workloads.

    3. With **App services** , you can quickly build, deploy, and scale enterprise-grade web, mobile, and API apps running on any platform. App Services is a platform as a service ***(PaaS)*** offering.

    4. **Azure Functions** are ideal when you're concerned only about the code running your service and not the underlying platform or infrastructure. They're commonly used when you need to perform work in response to an event (often via a REST request), timer, or message from another Azure service, and when that work can be completed quickly, within seconds or less.

    5. ***If you wish to run multiple instances of an application on a single host machine, containers are an excellent choice. Containers are a virtualization environment.*** 
        - Containers reference the operating system of the host environment that runs the container.
        - Unlike virtual machines you do not manage the operating system.
        - Containers are lightweight and are designed to be created, scaled out, and stopped dynamically.
        - Containers allows you to respond to changes on demand and quickly restart in case of a crash or hardware interruption.
        - Azure supports Docker containers.

        There are two ways to manage both Docker and Microsoft-based containers in Azure.

            5.1 **Azure Container Instances** offers the fastest and simplest way to run a container in Azure without having to manage any virtual machines or adopt any additional services. It is a PaaS offering that allows you to upload your containers, which it will run for you.

            5.2 The task of **automating, managing, and interacting with a large number of containers** is known as ***orchestration***. **Azure Kubernetes Service (AKS)** is a complete orchestration service for containers with distributed architectures and large volumes of containers. Orchestration is the task of automating and managing a large number of containers and how they interact.

        **You can move existing applications to containers and run them within AKS.**

    **VM vs Containers**

    VM can only run one operating system at a time. VM emulates a full computer, so tasks are pretty slow. There's a lighter-weight solution that solves the issue: containers. A container ***bundles a single app and its dependancies***, referred to as containeizing the app, and deploys it as a unit to a *container host*.

    The container host provides a ***standardized runtime environment***, which ***abstracts away the operating system and infrastructure requirements***, allowing the containerized application to run side-by-side with other containerized apps.

    **VM virtulizes the hardware, while containers virtulize the operating system. The operating system level virtualization of containers allows you to run multiple lightweight containers on a single host without sacrificing the isolation that the virtual machine originally offered.**
    

- Describe products available for Networking such as Virtual Network, Load Balancer, VPN Gateway, Application Gateway and Content Delivery Network

    1. **Azure Virtual Network** enables **many types of Azure resources** such as Azure VMs to securely communicate with each other, the internet, and on-premises networks. A virtual network is **scoped to a single region**; however, multiple virtual networks from different regions can be connected using **virtual network peering**. With Azure Virtual Network you can provide isolation, segmentation, communication with on-premises and cloud resources, routing and filtering of network traffic.

    2. **Azure Load Balancer** can **provide scale** for your applications and create high availability for your services. Load Balancer **supports inbound and outbound scenarios**, provides low latency and high throughput, and scales up to millions of flows for all Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) applications.

    3. A **VPN gateway** is a specific type of virtual network gateway that is used to **send encrypted traffic between an Azure Virtual Network and an on-premises location** over the public internet. It provides a more secure connection from on-premises to Azure over the internet.

    4. **Azure Application Gateway** is a web traffic load balancer that enables you to **manage traffic to your web applications**. It is **the connection through which users connect to your application**.

    5. A **Content Delivery Network (CDN)** is a distributed network of servers that can efficiently **deliver web content to users**. Typical usage scenarios include web applications containing multimedia content, a product launch event in a region, or any event where you expect a high bandwidth requirement in a region.


- Describe products available for Storage such as Blob Storage, Disk Storage, File Storage, and Archive Storage

    1. **Disk storage** provides disks **for virtual machines, applications, and other services** to access and use as they need, similar to how they would in on-premises scenarios. Disk storage allows data to be persistently stored and accessed from an attached **virtual hard disk**.

    2. **Azure Blob storage** is Microsoft's object storage solution for the cloud. Blob storage is optimized for storing massive amounts of **unstructured data, such as text or binary data**.

    3. **Azure Files** enables you to set up highly available network **file shares** that can be accessed by using the standard Server Message Block (SMB) protocol. That means that multiple VMs can share the same files with both read and write access. You can also read the files using the REST interface or the storage client libraries. One thing that distinguishes Azure Files from files on a corporate file share is that **you can access the files from anywhere in the world using a URL** that points to the file and includes a **shared access signature (SAS) token**. You can generate SAS tokens; they allow specific access to a private asset for a specific amount of time.

    4. The **Azure Queue** service is used to store and retrieve messages. Queue messages can be up to 64 KB in size, and a queue can contain millions of messages. Queues are generally used to store lists of messages to be processed asynchronously.

    5. **Azure Table** storage stores large amounts of structured data. The service is a NoSQL datastore which accepts authenticated calls from inside and outside the Azure cloud. Azure tables are ideal for storing **structured, *non-relational* data**. Common uses of Table storage include:


- Describe products available for Databases such as Cosmos DB, Azure SQL Database, Azure Database for MySQL, Azure Database for PostgreSQL, Azure Database Migration service

    1. **Microsoft Azure Cosmos DB** is a **globally distributed database service** that enables you to elastically and independently scale throughput and storage across any number of Azure's geographic regions. It supports **schema-less data** that lets you build highly responsive and Always On applications to support constantly changing data

    2. **Azure SQL Database** is a relational database as a service (DaaS) based on the latest stable version of Microsoft SQL Server database engine.

    3. The **Azure Database Migration Service** is a fully managed service designed to enable seamless migrations from multiple database sources to Azure data platforms with minimal downtime (online migrations).


- Describe the Azure Marketplace and its usage scenarios

    **Azure Marketplace** is a service on Azure that helps connect end users with Microsoft partners, independent software vendors (ISVs), and start-ups that are offering their solutions and services, which are optimized to run on Azure.


### Describe some of the solutions available on Azure
- Describe Internet of Things (IoT) and products that are available for IoT on Azure such as IoT Hub and IoT Central

    The Internet of Things (IoT) is the ability for devices to garner and then relay information for data analysis. There are many services that can assist and drive end-to-end solutions for IoT on Azure. Two of the core Azure IoT service types are Azure IoT Central, and Azure IoT Hub.

    1. **IoT Central** is a fully managed global IoT software as a service (SaaS) solution that makes it easy to connect, monitor, and manage your IoT assets at scale. No cloud expertise is required to use IoT Central. As a result, you can bring your connected products to market faster while staying focused on your customers.
    
    2. **Azure IoT Hub** is a managed service hosted in the cloud that acts as a central message hub for bi-directional communication between your IoT application and the devices it manages. You can use Azure IoT Hub to build IoT solutions with reliable and secure communications between millions of IoT devices and a cloud-hosted solution backend. You can connect virtually any device to your IoT Hub.

- Describe Big Data and Analytics and products that are available for Big Data and Analytics such as Azure Synapse Analytics, HDInsight, and Azure Databricks
- Describe Artificial Intelligence (AI) and products that are available for AI such as Azure Machine Learning Service and Studio
- Describe Serverless computing and Azure products that are available for serverless computing such as Azure Functions, Logic Apps and Event Grid
- Describe DevOps solutions available on Azure such as Azure DevOps and Azure DevTest Labs
- Describe the benefits and outcomes of using Azure solutions

### Describe Azure management tools
- Describe Azure tools such as Azure Portal, Azure PowerShell, Azure CLI and Cloud Shell
- Describe Azure Advisor

## PART 3: Describe Security, Privacy, Compliance, and Trust (25-30%)
### Describe securing network connectivity in Azure
- Describe Network Security Groups (NSG)
- Describe Application Security Groups (ASG)
- Describe User Defined Rules (UDR)
- Describe Azure Firewall
- Describe Azure DDoS Protection
- Choose an appropriate Azure security solution

### Describe core Azure Identity services
- Describe the difference between authentication and authorization
- Describe Azure Active Directory
- Describe Azure Multi-Factor Authentication

### Describe security tools and features of Azure
- Describe Azure Security Center
- Describe Azure Security Center usage scenarios
- Describe Key Vault
- Describe Azure Information Protection (AIP)
- Describe Azure Advanced Threat Protection (ATP)

### Describe Azure governance methodologies
- Describe policies and initiatives with Azure Policy
- Describe Role-Based Access Control (RBAC)
- Describe Locks
- Describe Azure Advisor security assistance
- Describe Azure Blueprints
- scribe monitoring and reporting options in Azure
- Describe Azure Monitor
- Describe Azure Service Health
- Describe the use cases and benefits of Azure Monitor and Azure Service Health

### Describe privacy, compliance and data protection standards in Azure
- Describe industry compliance terms such as GDPR, ISO and NIST
- Describe the Microsoft Privacy Statement
- Describe the Trust center
- Describe the Service Trust Portal
- Describe Compliance Manager
- Determine if Azure is compliant for a business need
- Describe Azure Government cloud services
- Describe Azure China cloud services


## PART 4: Describe Azure Pricing, Service Level Agreements, and Lifecycles (20-25%)
### Describe Azure subscriptions
- Describe an Azure Subscription
- Describe the uses and options with Azure subscriptions such access control and offer types
- Describe subscription management using Management groups

### Describe planning and management of costs
- Describe options for purchasing Azure products and services
- Describe options around Azure Free account
- Describe the factors affecting costs such as resource types, services, locations, ingress and egress traffic
- Describe Zones for billing purposes
- Describe the Pricing calculator
- Describe the Total Cost of Ownership (TCO) calculator
- Describe best practices for minimizing Azure costs such as performing cost analysis, creating spending limits and quotas, using tags to identify cost owners, using Azure reservations and using Azure Advisor recommendations
- Describe Azure Cost Management

### Describe Azure Service Level Agreements (SLAs)
- Describe a Service Level Agreement (SLA)
- Describe Composite SLAs
- Describe how to determine an appropriate SLA for an application

### Describe service lifecycle in Azure
- Describe Public and Private Preview features
- Describe the term General Availability (GA)
- Describe how to monitor feature updates and product changes