XML Elements

 

XSLT and XPath - W3Schools

• XSL (eXtensible Stylesheet Language) is a styling language for XML.
• XSLT stands for XSL Transformations.
• XSLT is a language for transforming XML documents.
• XPath is a language for navigating in XML documents.
• XQuery is a language for querying XML documents.

XSL

> Extensible Stylesheet Language

> CSS is the style sheet for HTML

> XLS is the stylesheet for XML (In fact it is more than a stylesheet)

XSL consists of four parts:

• XSLT - a language for transforming XML documents
• XPath - a language for navigating in XML documents
• XSL-FO - a language for formatting XML documents (discontinued in 2013)
• XQuery - a language for querying XML documents

XSLT

• XSLT stands for XSL Transformations
• XSLT transforms an XML document into another XML document
• XSLT uses XPath to navigate in XML documents

XSLT is used to transform an XML document into another XML document, or another type of document that is recognized by a browser, like HTML and XHTML. Normally XSLT does this by transforming each XML element into an (X)HTML element.

A common way to describe the transformation process is to say that XSLT transforms an XML source-tree into an XML result-tree.

With XSLT you can add/remove elements and attributes to or from the output file. You can also rearrange and sort elements, perform tests and make decisions about which elements to hide and display, and a lot more.

Maven - Introduction / Maven.apache.org

Maven is a build automation tool used primarily for Java projects. Maven can also be used to build and manage projects written in C#, Ruby, Scala, and other languages. The Maven project is hosted by the Apache Software Foundation, where it was formerly part of the Jakarta Project. Wikipedia

Maven is a Java tool, so you must have Java installed in order to proceed.

Running this on Ubuntu, shows mvn is already installed. [This was installed because we ran this command previously

curl -O https://repo1.maven.org/maven2/com/microsoft/sqlserver/mssql-jdbc/8.4.0.jre14/mssql-jdbc-8.4.0.jre14.jar

]

abc@ubuntu:~/src/connector$ mvn --version

Apache Maven 3.5.2 (138edd61fd100ec658bfa2d307c43b76940a5d7d; 2017-10-18T18:58:13+11:00)
Maven home: /home/abc/bin/apache-maven-3.5.2
Java version: 14.0.1, vendor: Oracle Corporation
Java home: /home/abc/bin/jdk-14.0.1
Default locale: en_US, platform encoding: UTF-8
OS name: "linux", version: "5.4.0-45-generic", arch: "amd64", family: "unix"

Git command reference (Launchschool)

CommandDescription

• git status Run this command any time and often to check on the status of the files in the git repository.
• git add This command stages changed files, readying them to be wrapped into the next commit.
• git commit This command commits staged files, wrapping them into a commit. A historical record of commits is what we refer to as a codebase's version or commit history.
• git log View the repository's commit history.

These are common Git commands used in various situations:

start a working area (see also: git help tutorial)

   clone             Clone a repository into a new directory

   init              Create an empty Git repository or reinitialize an existing one

work on the current change (see also: git help everyday)

   add               Add file contents to the index

   mv                Move or rename a file, a directory, or a symlink

   restore           Restore working tree files

   rm                Remove files from the working tree and from the index

   sparse-checkout   Initialize and modify the sparse-checkout

examine the history and state (see also: git help revisions)

   bisect            Use binary search to find the commit that introduced a bug

   diff              Show changes between commits, commit and working tree, etc

   grep              Print lines matching a pattern

   log               Show commit logs

   show              Show various types of objects

   status            Show the working tree status

grow, mark and tweak your common history

   branch            List, create, or delete branches

   commit            Record changes to the repository

   merge             Join two or more development histories together

   rebase            Reapply commits on top of another base tip

   reset             Reset current HEAD to the specified state

   switch            Switch branches

   tag               Create, list, delete or verify a tag object signed with GPG

collaborate (see also: git help workflows)

   fetch             Download objects and refs from another repository

   pull              Fetch from and integrate with another repository or a local branch

   push              Update remote refs along with associated objects

'git help -a' and 'git help -g' list available subcommands and some

concept guides. See 'git help <command>' or 'git help <concept>'

to read about a specific subcommand or concept.

See 'git help git' for an overview of the system.

================================

abc@ubuntu:~/src/git_basics/.git$ git remote

origin

abc@ubuntu:~/src/git_basics/.git$ git remote -v

origin https://github.com/nvijaysudhakar/my-test-repository.git (fetch)

origin https://github.com/nvijaysudhakar/my-test-repository.git (push)

abc@ubuntu:~/src/git_basics/.git$ git remote rm

usage: git remote remove <name>

abc@ubuntu:~/src/git_basics/.git$ git remote remove origin

abc@ubuntu:~/src/git_basics/.git$ 

==================================

Examples

========

abc@ubuntu:~/src$ 

abc@ubuntu:~/src$ 

abc@ubuntu:~/src$ mkdir git_basics

abc@ubuntu:~/src$ cd git_basics

abc@ubuntu:~/src/git_basics$ ll

total 8

drwxrwxr-x 2 abc abc 4096 Aug 31 21:10 ./

drwxrwxr-x 9 abc abc 4096 Aug 31 21:10 ../

abc@ubuntu:~/src/git_basics$ echo '# README #' > README.md

abc@ubuntu:~/src/git_basics$ ll

total 12

drwxrwxr-x 2 abc abc 4096 Aug 31 21:10 ./

drwxrwxr-x 9 abc abc 4096 Aug 31 21:10 ../

-rw-rw-r-- 1 abc abc   11 Aug 31 21:10 README.md

abc@ubuntu:~/src/git_basics$ echo '# LICENSE #' > LICENSE.md

abc@ubuntu:~/src/git_basics$ ll

total 16

drwxrwxr-x 2 abc abc 4096 Aug 31 21:10 ./

drwxrwxr-x 9 abc abc 4096 Aug 31 21:10 ../

-rw-rw-r-- 1 abc abc   12 Aug 31 21:10 LICENSE.md

-rw-rw-r-- 1 abc abc   11 Aug 31 21:10 README.md

abc@ubuntu:~/src/git_basics$ git init

Initialized empty Git repository in /home/abc/src/git_basics/.git/

abc@ubuntu:~/src/git_basics$ ll

total 20

drwxrwxr-x 3 abc abc 4096 Aug 31 21:10 ./

drwxrwxr-x 9 abc abc 4096 Aug 31 21:10 ../

drwxrwxr-x 7 abc abc 4096 Aug 31 21:10 .git/

-rw-rw-r-- 1 abc abc   12 Aug 31 21:10 LICENSE.md

-rw-rw-r-- 1 abc abc   11 Aug 31 21:10 README.md

abc@ubuntu:~/src/git_basics$ touch .gitignore

abc@ubuntu:~/src/git_basics$ ll

total 20

drwxrwxr-x 3 abc abc 4096 Aug 31 21:11 ./

drwxrwxr-x 9 abc abc 4096 Aug 31 21:10 ../

drwxrwxr-x 7 abc abc 4096 Aug 31 21:10 .git/

-rw-rw-r-- 1 abc abc    0 Aug 31 21:11 .gitignore

-rw-rw-r-- 1 abc abc   12 Aug 31 21:10 LICENSE.md

-rw-rw-r-- 1 abc abc   11 Aug 31 21:10 README.md

abc@ubuntu:~/src/git_basics$ ll

total 24

drwxrwxr-x 3 abc abc 4096 Aug 31 21:11 ./

drwxrwxr-x 9 abc abc 4096 Aug 31 21:10 ../

drwxrwxr-x 7 abc abc 4096 Aug 31 21:10 .git/

-rw-rw-r-- 1 abc abc   43 Aug 31 21:11 .gitignore

-rw-rw-r-- 1 abc abc   12 Aug 31 21:10 LICENSE.md

-rw-rw-r-- 1 abc abc   11 Aug 31 21:10 README.md

abc@ubuntu:~/src/git_basics$ git status

On branch master

No commits yet

Untracked files:

  (use "git add <file>..." to include in what will be committed)

.gitignore

LICENSE.md

README.md

nothing added to commit but untracked files present (use "git add" to track)

abc@ubuntu:~/src/git_basics$ git add .gitignore

abc@ubuntu:~/src/git_basics$ ll

total 24

drwxrwxr-x 3 abc abc 4096 Aug 31 21:11 ./

drwxrwxr-x 9 abc abc 4096 Aug 31 21:10 ../

drwxrwxr-x 7 abc abc 4096 Aug 31 21:12 .git/

-rw-rw-r-- 1 abc abc   43 Aug 31 21:11 .gitignore

-rw-rw-r-- 1 abc abc   12 Aug 31 21:10 LICENSE.md

-rw-rw-r-- 1 abc abc   11 Aug 31 21:10 README.md

abc@ubuntu:~/src/git_basics$ git status

On branch master

No commits yet

Changes to be committed:

  (use "git rm --cached <file>..." to unstage)

new file:   .gitignore

Untracked files:

  (use "git add <file>..." to include in what will be committed)

LICENSE.md

README.md

abc@ubuntu:~/src/git_basics$ git add LICENSE.md

abc@ubuntu:~/src/git_basics$ git status

On branch master

No commits yet

Changes to be committed:

  (use "git rm --cached <file>..." to unstage)

new file:   .gitignore

new file:   LICENSE.md

Untracked files:

  (use "git add <file>..." to include in what will be committed)

README.md

abc@ubuntu:~/src/git_basics$ git add README.md

abc@ubuntu:~/src/git_basics$ git status

On branch master

No commits yet

Changes to be committed:

  (use "git rm --cached <file>..." to unstage)

new file:   .gitignore

new file:   LICENSE.md

new file:   README.md

abc@ubuntu:~/src/git_basics$ git commit -m 'Add first project files'

[master (root-commit) 81bb26c] Add first project files

 3 files changed, 4 insertions(+)

 create mode 100644 .gitignore

 create mode 100644 LICENSE.md

 create mode 100644 README.md

abc@ubuntu:~/src/git_basics$ git status

On branch master

nothing to commit, working tree clean

abc@ubuntu:~/src/git_basics$ git log

commit 81bb26c447474fb8cba25e5fd91b0bb425822a79 (HEAD -> master)

Author: Maya Angelou <MayaAngelou@poets.com>

Date:   Mon Aug 31 21:13:52 2020 +1000

    Add first project files

abc@ubuntu:~/src/git_basics$ 

Git Cheat Sheet (Ruby Garage)

JRE Vs JVM Vs JDK

 

Java Refresher

• Byte = 8 bits
• Short - 16 bits
• Int - 32 bits
• Long - 64 bits
• Float - 32 bits (not precise, don't use for financials)
• Double - 64 bits - not very precise, don't use for financials.
• Char - 16 bits
• Boolean - True/ False
•  Control + L = Clear Screen

JVM VS JRE VS JDK

Rancher

 Rancher is a Kubernetes management platform. 

Webservices (Guru99.com)

What is a Webservice?

• A web service is a software module that is designed to perform a certain set of tasks.
• It can be searched over the network (on the server where it it hosted) and invoked accordingly. 

• The requests to the server are made thru REMOTE PROCEDURE CALLS (RPC).
• The main component of a web service is the data which is transferred between the client and server and is in XML format. 
• So when applications talk to each other, they do in XML. 
• Webservice uses a SOAP protocol for sending XML data in between the applications. 
• Data is sent over in HTTP. 

Why do you need a Webservice?

• Web services provide a common platform that allows multiple applications built on various programming languages (Java, .NET, Angular JS, Node.js, etc.) to have the ability to communicate with each other. (Don't have to bother in what language the front-end is written.)

Types of web services

• SOAP web services
• 
  
• RESTful web services

 

URI vs. URL vs. URN - Prateek Joshi

 

Inception meeting checklist

Inception Meeting Pre-Requisites 

• Completed Design Kit (UI/UX) -fair understanding of the UI / UX
• Completed Architectural Design - fair understanding of the solution architecture
• Completed scoping document - scope clarity

Meeting Invite Checklist

• Ensure all stakeholders have been invited to the INCEPTION - confirm with the Product Owner
• Ensure all teams that are impacted in any way are iincluded in the inception - to align timelines
• Include the proposed agenda (topic - duration - speaker)
• Include any confluence links in the meeting invite to allow for preparation.

Before Meeting

• Set-up Trello Board for story mapping session
• Set-up Ideaz Board to capture RAID/Parking Lot 
• Confirm all presenters  have accepted the invite and are aware they are to present

AGENDA

• Suggested inception agenda/format.  
• Each  Presentation should occur on a different day to allow time to absorb inception artefacts,  
• keep each inception check-in efficient and mindful of everyone's time.

Inception meeting Presentation (All to attend)

• Introductions
• Project Overview - Vision/Goals/Deliverables (Product Owner)
• Architectural Design Walk-thru (Project Architect)
• Design Kit Walk-thru (UI/UX Designer)
• RAID checkpoint (Risks, Assumptions, Issues, Decision, Parking Lot)
• Story Mapping Session

Kotter's 8-step change model

Software Architectures ( 1-tier, 2-tier, 3-tier and n-tier architecture)

1-tier - Monolith

2-tier - client-server architecture

Transformational leadership and performance (DevOps TV)

Serverless vs. PaaS vs. FaaS vs. BaaS (Blog.neap.co)

• Platform as a service
• Platform as a Service, allows you to focus on writing code without worrying about the underlying infrastructure. Beyond writing code, the only extra complexity might be around deployment and configuration (e.g., automatic scaling rules, geo-replication).
• Serverless
• Like PaaS, Serverless focuses on writing code without worrying about the underlying infrastructure, but it does it with even more deployment ease and less configuration. 
• Overlaps PaaS and falls into the following two categories
• Function as a service
• Function as a service is a serverless product that hosts a piece of business logic (with usually a small footprint like resizing an image or sending an email). FaaS is well suited to build event-driven architecture. 
• Backend as a service
• Backend as a service is a serverless backend ( e.g. DB hosting) that is a highly available backend that can be set up with barely any configuration and can scale almost infinitely. Once created, the developer focuses on deploying code or data only. 

Evolution of Serverless

On premise

Mix of Cloud and SAAS

Mix of Serverless and SaaS

Microservices vs. API (Edureka)

Microservices

Monolithic Architecture

• Front end, back end, business logic all reside in a single code base. 

Example Scenario is that of Amazon Market. 

In the case of Monolithic Architecture,

Microservices Architecture

In the case of Microservices Architecture,

• In case of a Microservice architecture, all the three functionalities - customer information, products available in cart and All the products available, can be put in three different services. 
• Service A - Customer information
• Service B - Products available in cart
• Service C - All products available
• Composite Microservice - will take data from all the three services above and display it to the customer. 
• 
  

Microservices or Microservices Architecture is an architectural style that structures an application as a collection of small autonomous services, modelled around a business domain. In a Microservices Architecture, each service is self-contained and implements a single business capability. 

APIs

Application Programming Interfaces most commonly known as APIs is a way to ensure two applications communicate with each other to process client requests. 

HTTP Methods used by APIs

APIs use the above methods to communicate between the client and the respective functionality / feature of the app (service).

Where are APIs used in Microservices?

API interfaces between the client and the Microservice. 

Summary

Microservice is an architectural style through which you can build applications in the form of small autonomous services.

APIs are set of procedures / functions which allow customers to use the underlying service of an application. 

AZ-900 - Azure Fundamentals - Microsoft

What is Azure

• Azure is Microsoft's cloud platform.
• It is a continually expanding set of cloud services.

How does Azure Work?

Hypervisor

A hypervisor, also known as a virtual machine monitor or VMM, is software that creates and runs virtual machines (VMs). A hypervisor allows one host computer to support multiple guest VMs by virtually sharing its resources, such as memory and processing. 

Type 1 – Bare metal hypervisor where virtualization s/w is directly installed on the h/w where the OS is normally installed. These are extremely secure because they are isolated from attack-prone operating systems. 

Type 2 Hypervisors runs on a software layer on an operating system, like the computer programs. 

A hypervisor reduces: 

• Space
• Energy
• Maintenance requirements

User Requests

Cane be: Create a Web App, Create a virtual machine, create a load balancer, create a web virtual machine, etc. 

Risks

• If resources are left running after they are no longer needed, or created unauthorized. 
• The solution is to use Azure's Resource Access Management. 

Azure Services

8 Main categories

1. Compute services: performing calculations, executing logic, and running applicatinos. 
1. Virtual machines
2. Containers
3. Serverless computing including Microservices
2. Cloud storage
1. Disks attached to VM
2. File shares
3. Databases
4. All these can expand or shrink as necessary
3. Networking
1. Let you set up private n/w conn to on-premise to Azure.
4. App hosting
1. Lets you run your entire web apps on a managed platform on Windows or Linux.
2. The azure marketplace has a range of products including SAP, SQL, etc. 
5. Artificial Intelligence
1. ML
2. Pre-built cognitive services
6. IOT
1. Enables Integrate sensors and devices and manage with IOT hub, create dashboards, etc. to monitor and control.
7. Integration
1. Logic Apps
2. Service Bus
3. Connect applications and services, allows workflows to orchestrate business processes.
8. Security
1. Integrated into Azure 

Most commonly used categories are:

1. Compute
2. Networking
3. Storage
4. Mobile
5. Databases
6. Web
7. IOT
8. Big Data
9. AI
10. DevOps

Compute

Service name	Service function
Azure Virtual Machines	Windows or Linux virtual machines (VMs) hosted in Azure
Azure Virtual Machine Scale Sets	Scaling for Windows or Linux VMs hosted in Azure
Azure Kubernetes Service	Enables management of a cluster of VMs that run containerized services
Azure Service Fabric	Distributed systems platform. Runs in Azure or on-premises
Azure Batch	Managed service for parallel and high-performance computing applications
Azure Container Instances	Run containerized apps on Azure without provisioning servers or VMs
Azure Functions	An event-driven, serverless compute service

Networking

TABLE 2
Service name	Service function
Azure Virtual Network	Connects VMs to incoming Virtual Private Network (VPN) connections
Azure Load Balancer	Balances inbound and outbound connections to applications or service endpoints
Azure Application Gateway	Optimizes app server farm delivery while increasing application security
Azure VPN Gateway	Accesses Azure Virtual Networks through high-performance VPN gateways
Azure DNS	Provides ultra-fast DNS responses and ultra-high domain availability
Azure Content Delivery Network	Delivers high-bandwidth content to customers globally
Azure DDoS Protection	Protects Azure-hosted applications from distributed denial of service (DDOS) attacks
Azure Traffic Manager	Distributes network traffic across Azure regions worldwide
Azure ExpressRoute	Connects to Azure over high-bandwidth dedicated secure connections
Azure Network Watcher	Monitors and diagnoses network issues using scenario-based analysis
Azure Firewall	Implements high-security, high-availability firewall with unlimited scalability
Azure Virtual WAN	Creates a unified wide area network (WAN), connecting local and remote sites

Storage

Service name	Service function
Azure Blob storage	Storage service for very large objects, such as video files or bitmaps
Azure File storage	File shares that you can access and manage like a file server
Azure Queue storage	A data store for queuing and reliably delivering messages between applications
Azure Table storage	A NoSQL store that hosts unstructured data independent of any schema

Mobile

• Azure enables devs to create mobile backend services for IOS, Android, and Windows. 
• E.g. corporate sign-in, connecting to on premise resources such as SAP, oracle, sql, etc. 
• Other features include
• Offline data sync
• Connectivity to on-premises data
• Broadcasting push notifications. 
• Autoscaling to match business needs.

Databases

Service name	Service function
Azure Cosmos DB	Globally distributed database that supports NoSQL options
Azure SQL Database	Fully managed relational database with auto-scale, integral intelligence, and robust security
Azure Database for MySQL	Fully managed and scalable MySQL relational database with high availability and security
Azure Database for PostgreSQL	Fully managed and scalable PostgreSQL relational database with high availability and security
SQL Server on VMs	Host enterprise SQL Server apps in the cloud
Azure Synapse Analytics	Fully managed data warehouse with integral security at every level of scale at no extra cost
Azure Database Migration Service	Migrates your databases to the cloud with no application code changes
Azure Cache for Redis	Caches frequently used and static data to reduce data and application latency
Azure Database for MariaDB	Fully managed and scalable MariaDB relational database with high availability and security

Web

• Build and host web apps, and HTTP-based web services

Service Name	Description
Azure App Service	Quickly create powerful cloud web-based apps
Azure Notification Hubs	Send push notifications to any platform from any back end.
Azure API Management	Publish APIs to developers, partners, and employees securely and at scale.
Azure Cognitive Search	Fully managed search as a service.
Web Apps feature of Azure App Service	Create and deploy mission-critical web apps at scale.
Azure SignalR Service	Add real-time web functionalities easily.

IOT

Service Name	Description
IoT Central	Fully-managed global IoT software as a service (SaaS) solution that makes it easy to connect, monitor, and manage your IoT assets at scale
Azure IoT Hub	Messaging hub that provides secure communications between and monitoring of millions of IoT devices
IoT Edge	Push your data analysis models directly onto your IoT devices, allowing them to react quickly to state changes without needing to consult cloud-based AI models.

Big Data

Service Name	Description
Azure Synapse Analytics	Run analytics at a massive scale using a cloud-based Enterprise Data Warehouse (EDW) that leverages massive parallel processing (MPP) to run complex queries quickly across petabytes of data
Azure HDInsight	Process massive amounts of data with managed clusters of Hadoop clusters in the cloud
Azure Databricks	Collaborative Apache Spark–based analytics service that can be integrated with other Big Data services in Azure.

AI

AI and Machine Learning services are:

Service Name	Description
Azure Machine Learning Service	Cloud-based environment you can use to develop, train, test, deploy, manage, and track machine learning models. It can auto-generate a model and auto-tune it for you. It will let you start training on your local machine, and then scale out to the cloud
Azure Machine Learning Studio	Collaborative, drag-and-drop visual workspace where you can build, test, and deploy machine learning solutions using pre-built machine learning algorithms and data-handling modules

Cognitive Services are:

Service Name	Description
Vision	Image-processing algorithms to smartly identify, caption, index, and moderate your pictures and videos.
Speech	Convert spoken audio into text, use voice for verification, or add speaker recognition to your app.
Knowledge mapping	Map complex information and data in order to solve tasks such as intelligent recommendations and semantic search.
Bing Search	Add Bing Search APIs to your apps and harness the ability to comb billions of webpages, images, videos, and news with a single API call.
Natural Language processing	Allow your apps to process natural language with pre-built scripts, evaluate sentiment and learn how to recognize what users want.

DevOps

Service Name	Description
Azure DevOps	Azure DevOps Services (formerly known as Visual Studio Team Services, or VSTS), provides development collaboration tools including high-performance pipelines, free private Git repositories, configurable Kanban boards, and extensive automated and cloud-based load testing
Azure DevTest Labs	Quickly create on-demand Windows and Linux environments you can use to test or demo your applications directly from your deployment pipelines

Azure Data Centre and Regions

• Azure is made up of data centres around the world.
• When you are using a resource such as a SQL db or virtual machine, you are using an equipment at one of these locations. 
• Azure organizes these data centres into REGIONS.
• A region is a geographical area on the planet containing at least one, but potentially multiple datacenters that are nearby and networked together with a low-latency network. Azure intelligently assigns and controls the resources within each region to ensure workloads are appropriately balanced.
• Some resources are available in only some REGIONS.

• Azure regions give the flexibility of bringing applications closer to your users. 

Azure Geographies

An Azure geography is a discrete market typically containing two or more regions that preserve data residency and compliance boundaries.

• Americas
• Europe
• Asia Pacific
• Middle East and Africa

> To meet compliance needs

> Data residency, sovereignity, and resiliency needs.

> Fault tolerance needs

Availability Zones

• Availability Zones are physically separate datacenters within an Azure region.
• Each availability zone is made up of one ore more data centres.
• If one goes down, the other continues working. 

NOT EVERY REGION HAS SUPPORT FOR AVAILABILITY ZONES. 

The following regions have a minimum of three separate zones to ensure resiliency.

• Central US
• East US 2
• West US 2
• West Europe
• France Central
• North Europe
• Southeast Asia

Region Pairs

Each Azure region is always paired with another region within the same geography. at least 300 Miles away. 

> Allows replication of resources

> Helps reduce impact of natural disasters, civil unrests, power outages, physical n/w outages, etc.

If a region in a pair was affected by a natural disaster, for instance, services would automatically fail over to the other region in its region pair.

• If there is an extensive outage, on region out of every pair is prioritized for restoration. 
• Updates are planned one region at time (out of a pair) to minimize downtime and risk of application outage. 
• Data continues to reside in its pair for tax & law jurisdiction purposes.

Summary -- geography, region pairs

Azure Regional Pairs

AZURE REGIONAL PAIRS

Geography	Regional Pair A	Regional Pair B
Asia-Pacific	East Asia (Hong Kong)	Southeast Asia (Singapore)
Australia	Australia East	Australia Southeast
Australia	Australia Central	Australia Central 2

Azure SLAs

1. Performance Targets
• Are specific to each Azure product or service. 
2. Uptime and connectivity guarantees
• Ranges from 3 9's (99.9%) to 5 9's (99.999%) - first figure below.
3. Azure thru SLAs, describes how MS will respond to product or service fails by giving service credits. 
1. Cust may have a discount applied on their bill as a compensation for under performance. 
2. 
   

Composite SLAs

• The resultant SLA by combining SLAs is called a composite SLA.

Example below. 

Web App SLA is 99.95%, SQL DB SLA is 99.99%. However if either of these two fails, the application will fail. The composite SLA here is 99.95% X 99.99% = 99.94%.

NOTE: THE COMBINED PROBABILITY OF FAILURE IS HIGHER THAN INDIVIDUAL SLA VALUES.

• With this design, the application is still available even if DB fails. 
• The application fails only if both DB and Queue fail simultaneously. 
• Adding Queue to the web app, the composite SLA is
• Failure % for SQL DB is 100% - 99.99% = 0.01% which is 0.01/100 = 0.0001
• Failure % for Queue is 100% - 99.9% = 0.1% which is 0.1/100 = 0.001
• Joint probability of failure for SQL DB and Queue is 0.0001 X 0.001 = 0.0000001
• Probability of up time for Either SLQ DB OR Queue = 1- 0.0000001 = 99.99999%
• So, Either SQL DB OR Queue is 99.9999%.
• Composite SLA is therefore 99.95% X 99.99999 = 99.95%

Resiliency

Resiliency is the ability of a system to recover from failure as soon as possible. It's not about failure but about jumping back to normalcy with the least amount of downtime or data loss. 

AVAILABILITY and DISASTER RECOVERY are the two key components of resiliency. 

• Architecture needs to be designed for resiliency
• Perform FMEA - Failure Mode Effect Analysis for infra when designing. 
• If Application SLA is 4 9's, then the Azure solution must be self-diagnosing and self-healing (can't be manual to achieve the target). 
• SLA performance targets above 4 9's are difficult to achieve. 

Azure Management

• Azure portal - to interact with Azure via a GUI
• Azure PowerShell / Azure command line - command line, automation based interactions with Azure.
• Azure Cloud Shell - Web-based CLI
• Azure Mobile App - for monitoring and managing your resources from your mobile device.

Azure Portal

Azure Powershell

Is a module that can be installed for Windows Powershell or PowerShell Core - runs on Windows, Linux, Mac OS. Helps to connect to Azure to manage resources. 

Azure CLI

A cross-platform CLI that connects to Azure and executes admin commands. 

 

Azure Cloud Shell

Browser accessible interactive command prompt to manage Azure resources

You can switch between Bash or PowerShell.

Azure Mobile App

Access, manage, monitor all your Azure accounts, resources, etc. 

Azure Advisor

• Get proactive, actionable, and personalized best practice recommendations. 
• Improve the performance, security, and high availability of your resources as you identify opportunities to reduce your overall Azure costs.
• Get recommendations with proposed actions inline.

Azure Portal Dashboards

Azure New Features

• Azure New Features >> first available for beta testing and other pre-release features >> released to customers as part of Azure Default product set (called General Availability).
• Private preview - for specific customers
• Public preview - for all customers

Azure Compute

Virtual Machines - software emulations of physical computers

Containers - virtualization environment for running applications. Unlike VMs, containers don't include an OS; use the existing host OS running the container. 

Azure App Service - is a platform-as-a-service (PaaS) offering in Azure that is designed to host enterprise-grade web-oriented applications.

Serverless Computing

Serverless computing is a cloud-hosted execution environment that runs your code but completely abstracts the underlying hosting environment. You create an instance of the service, and you add your code; no infrastructure configuration or maintenance is required. 

Azure Virtual Machines

VMs provide an abstraction layer for CPU, Memory and Storage. 

Use VMs

• During testing and development
• When running applications in the cloud
• When extending your data centre to the cloud.
• During disaster recovery

-- You can run single VMs or can group together VMs to provide high availability, scalability and redundancy. 

Availability sets

• Is a logical grouping of two or more VMs
• VM pairs as part of the availability set are in different update domains so that there is least impact during planned maintenance. Update domains indicate groups of VMs and underlying physical hardware that can be rebooted at the same time. Update domains are a logical part of each data center and are implemented with software and logic.
• During unplanned events, VMs failover to a working physical server. 
• Fault Domain -- group of VMs that share common hardware are in the same fault domain. A fault domain is essential a rack of servers. 

Virtual Machine Sets

Azure Virtual Machine Scale Sets let you create and manage a group of identical, load balanced VMs

Scale sets allow you to centrally manage, configure, and update a large number of VMs in minutes to provide highly available applications. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule. 

Azure Batch

Azure Batch enables large-scale job scheduling and compute management with the ability to scale to tens, hundreds, or thousands of VMs.

Batch does the following:

• Starts a pool of compute VMs for you
• Installs applications and staging data
• Runs jobs with as many tasks as you have
• Identifies failures
• Requeues work
• Scales down the pool as work completes

AZURE Containers

• A container is a modified Runtime Environment built on top a host OS that executes your application.
• Run multiple instances of application on a single host machine. 
• Can run multiple OS.
• Container orchestrator can start, stop, and scale out application instances. 
• Containers are lighter than VMs.
• Can run multiple isolated application on a single container host. 
• Containerized apps are smaller in size.
• Apps are quicker to launch.
• Dev process is simplified cos dev is similar to prod.
• If you want complete control of the environment, choose VM, if you want portability, and performance go for containers.

VMs vs. Containers

• VMs provide an abstraction layer for CPU, MEM and storage.
• VMs run only one OS at a atime. 
• VMs virtualise the h/w while Containers virtualise OS. 

Azure containers

• Azure Container Instances (ACI) - is a PaaS offering that allows you to upload your containers and execute them directly with automatic elastic scale.
• Azure Kubernetes Service (AKS) - Azure Kubernetes Service (AKS) is a complete orchestration service for containers with distributed architectures with multiple containers.

Migrating Apps to Containers

1. You convert an existing application to one or more containers and then publish one or more container images to the Azure Container Registry.
2. By using the Azure portal or the command line, you deploy the containers to an AKS cluster.
3. Azure AD controls access to AKS resources.
4. You access SLA-backed Azure services, such as Azure Database for MySQL, via OSBA.
5. Optionally, AKS is deployed with a virtual network.

Azure App Service

Enables you to build and host web apps, background jobs, mobile backends, and RESTful APIs in the programming language of your choice without managing infrastructure. It offers automatic scaling and high availability.

Common App service styles include:

• Web Apps - full support for hosting web apps using ASP.NET, ASP.NET Core, Java, Ruby, Node.js, PHP, or Python. You can choose either Windows or Linux as the host operating system.
• API Apps - you can build REST-based Web APIs using your choice of language and framework. You get full Swagger support, and the ability to package and publish your API in the Azure Marketplace.
• WebJobs - WebJobs allows you to run a program (.exe, Java, PHP, Python, or Node.js) or script (.cmd, .bat, PowerShell, or Bash) in the same context as a web app, API app, or mobile app. They can be scheduled, or run by a trigger. WebJobs are often used to run background.
• Mobile Apps - You can use this to quickly build a back-end for iOS and Android apps. With just a few clicks in the Azure portal you can:
  • Store mobile app data in a cloud-based SQL database
  • Authenticate customers against common social providers such as MSA, Google, Twitter, and Facebook
  • Send push notifications
  • Execute custom back-end logic in C# or Node.js

Azure Serverless Computing

• Serverless computing is the abstraction of servers, infrastructure, and OSs.
• Azure takes care of managing the server infrastructure and allocation/deallocation of resources based on demand.

Serverless Computing encompasses three ideas:

1. Abstraction of servers
• Serverless computing abstracts the servers you run on. You never explicitly reserve server instances; the platform manages it for you. Each function execution can run on different compute instance and this execution is transparent to the code. With this arch, you worry only about deploying code which then runs with high availability. 
2. Event driven scale
• Instead of writing an entire application, the developer writes a function which contains both code and meta data about its triggers and bindings. 
• Serverless computing responds to incoming triggers / events (e.g. a function runs everyday at 10:00 am UTC, etc.). 
• The platform automatically schedules the function to run based on the trigger / event and scales the number of compute instances based on the rate of coming events. 
• Trigger defines how the function is invoked.
• Bindings provide ways to connect services from within the code.
3. Micro billing
• Even if a customer's website gets only one hit a day, they still pay for a full day's worth of availability. With serverless computing, they pay only for the time their code runs. 
• For example, if the code runs once a day for two minutes, they're charged for one execution and two minutes of computing time.

There are two flavours of Azure Serverless Computing

• Azure functions: 

When you're concerned only about the code running your service, and not the underlying platform or infrastructure, Azure Functions are ideal. They're commonly used when you need to perform work in response to an event, often via a REST request, timer, or message from another Azure service and when that work can be completed quickly, within seconds or less.

> They scale based on demand.

• Azure Logic Apps: 

Logic Apps execute workflows, whereas Azure Function execute code.

Both are triggered by logic based on an event. 

Many triggers include basic scheduling capabilities. 

You create Logic App workflows using a visual designer on the Azure portal or in Visual Studio. 

Example...

As an example, let's say a ticket arrives in ZenDesk. You could:

• Detect the intent of the message with cognitive services
• Create an item in SharePoint to track the issue
• If the customer isn't in your database, add them to your Dynamics 365 CRM system
• Send a follow-up email to acknowledge their request

Functions vs. Logic Apps

Azure Data Storage

Benefits

• Automated backup and recovery
• Replication across globe
• Support for data analytics
• Encryption capabilities
• Multiple data types (video, text, binary etc.)
• Data storage in virtual disks - 32TB in virtual disks. 
• Storage tiers prioritise access to data based on frequently used vs. rarely used information.

Types of Data

• Structure data
• Structured data is data that adheres to a schema, so all of the data has the same fields or properties. Structured data can be stored in a database table with rows and columns. 
• Semi structured data
• Semi structured data does not fit into tables, rows and columns. Use tags and keys. Semi structured data is also referred to as non-relational or NoSQL data.
• Unstructured data
• BLOB - PDF, JPG, JSON, video content, etc.

Azure SQL Database

• Azure SQL Database is a relational database as a service (DaaS) based on the latest stable version of the Microsoft SQL Server database engine. 

Azure Cosmos DB

Is a globally distributed database service. 

Azure BLOB Storage

Azure Blob Storage is unstructured, meaning that there are no restrictions on the kinds of data it can hold. Blobs are highly scalable and apps work with blobs in much the same way as they would work with files on a disk, such as reading and writing data. Blob Storage can manage thousands of simultaneous uploads, massive amounts of video data, constantly growing log files, and can be reached from anywhere with an internet connection.

Azure Datalake

Data Lake is a large repository that stores both structured and unstructured data and allows you to perform analytics on your data usage and prepare reports. 

Azure Files

Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol. 

Azure Queue

Azure Queue storage is a service for storing large numbers of messages that can be accessed from anywhere in the world.

Queue storage provides asynchronous message queueing for communication between application components, whether they are running in the cloud, on the desktop, on-premises, or on mobile devices.

Disk Storage

Disk storage provides disks for virtual machines, applications, and other services to access and use as they need, similar to how they would in on-premises scenarios. Disk storage allows data to be persistently stored and accessed from an attached virtual hard disk. The disks can be managed or unmanaged by Azure, and therefore managed and configured by the user. Typical scenarios for using disk storage are if you want to lift and shift applications that read and write data to persistent disks, or if you are storing data that is not required to be accessed from outside the virtual machine to which the disk is attached.

> SSD

> HDD

Storage Tiers

1. Hot Storage Tier
• Optimised for storing data that is accessed frequently.
2. Cool Storage Tier
• Optimised for data that is infrequently accessed and stored for at least 30 days.
3. Archive Storage Tier
• For data that is rarely accessed and stored for at least 180 days with flexible latency requirements. 

Encryption

1. SSE - Azure storage service encryption for data at rest.
• Secure data to meet org security and regulatory requirements. 
• Encrypts data before storing, de-crypts before returning. 
• Encryption and decryption transparent to user.
2. Client side encryption
• Data is already encrypted by client libraries. 
• Azure stores this data (encrypted state at rest).
• During retrieval, this data is decrypted

Replication

• Replication type is created when storage account is created. 
• Replication feature ensures data is durable and always available 
• Azure provides regional and geographic replication (protect against natural disasters, etc.). 

Azure Data Storage vs. On-premises Data Storage

• Cost effective
• Reliable
• Various storage types
• Agility

Loosely coupled Architecture

Azure has a loosely coupled architecture and uses n-tier architecture. 

Example of an eCommerce website deployed on Azure

Azure Region

- One or two data centres within a specific geographic location is an Azure region. 

Azure Virtual Network

- A logically isolated network on Azure

Azure Network Security Group

- Allows or denies incoming traffic to Azure. 

Azure Load Balancer

Availability

• Availability refers to how long a service is up.
• High availability refers to a service that has been running for a long period of time. 

Resiliency

• Systems ability to stay operational during abnormal conditions

Load balancing

• Distribute traffic evenly among systems in a pool. 
• Load balancer helps achieve both high availability and resiliency.

Azure Load Balancer is a load balancer service that Microsoft provides that helps take care of the maintenance for you. Load Balancer supports inbound and outbound scenarios, provides low latency and high throughput, and scales up to millions of flows for all Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) applications. You can use Load Balancer with incoming internet traffic, internal traffic across Azure services, port forwarding for specific traffic, or outbound connectivity for VMs in your virtual network.

Azure load balancer in a multi-tier architecture

Azure Application Gateway

If all your traffic is HTTP, a potentially better option is to use Azure Application Gateway. Application Gateway is a load balancer designed for web applications. It uses Azure Load Balancer at the transport level (TCP) and applies sophisticated URL-based routing rules to support several advanced scenarios.

This type of routing is known as application layer (OSI layer 7) load balancing since it understands the structure of the HTTP message.

Using Azure application gateway has some benefits over a simple load balancer:

• Cookie affinity - store cookies on the same backend server. 
• SSL termination - manages SSL certificates and pass unencrypted traffic to backend servers to avoid encryption / decryption overhead.
• Web application firewall - Supports a sophisticated WAF firewall with detailed monitoring, logging etc.
• URL rule based routes - allows to route traffic based on URL patterns.
• Rewrite HTTP headers - You can add / remove information from inbound and outbound HTTP headers, for security scenarios.

Azure DNS

Azure DNS routes traffic to load balancer.

Azure Traffic Manager

Traffic Manager uses the DNS server that's closest to the user to direct user traffic to a globally distributed endpoint.

Reduces network latency

One way to reduce n/w latency is to provide exact copies of your service to more than one region. 

Use traffic manager to route users to the closest endpoint

Load Balancer vs. Traffic Manager

Azure Load Balancer distributes traffic within the same region to make your services more highly available and resilient. Traffic Manager works at the DNS level, and directs the client to a preferred endpoint. This endpoint can be to the region that's closest to your user.

Load Balancer and Traffic Manager both help make your services more resilient, but in slightly different ways. When Load Balancer detects an unresponsive VM, it directs traffic to other VMs in the pool. Traffic Manager monitors the health of your endpoints. When Traffic Manager finds an unresponsive endpoint, it directs traffic to the next closest endpoint that is responsive.

Security and Trust in Azure / Cloud Security

• IAAS - Microsoft provides VMs and virtual networks. However, it is
• Our responsibility for patch management and secure OS and s/w.
• Our responsibility to configure n/w and be secure. 
• PAAS - Azure is taking care of OS and foundational s/w like DB.
• Security patches etc. taken care by Azure.
• 
  
• SAAS
• With SAAS we outsource everything to Azure.

Note: regardless of the deployment type, we (and not Azure) will retain responsibility for the following items:

1. Data

2. End points

3. Accounts

4. Access Management

Layered approach to Security

MS has a layered approach to security for both its data centres and Azure platform.

Azure Security Centre

Security Center is a monitoring service that provides threat protection across all of your services both in Azure, and on-premises. It can:

• Provide security recommendations based on configurations, etc.
• Monitor security settings for unauthorised change.
• Apply new security settings for new resources as they come online.
• Continuous monitoring of all services
• Use machine learning to detect and block malware.
• Analyse and identify inbound attacks.
• Provide just in time access controls for ports.

Azure security centre is available in 2 tiers.

1. Free

2. Standard. Full suite of security services.

Identity and Access

Authentication

Establishing identity of a person or a service. 

Authorisation

Is the process of establishing what level of access an authenticated person or service has. It specifies what data they are allowed to access and what they can do with it.

Azure AD (Active Directory)

• Is a cloud-based identity service. 
• Built in support for synchronising with existing on-premise AD.
• Provides authentication.
• Provides SSO.
• Multi factor authentication - allows increased security of identity.
• Something you know (for example a password)
• Something you possess (for example a mobile - an SMS on mobile).
• Something you are (for example, biometry)
• Provides identities to services thru Service Principles

• Identity -- Identity is a thing like a person with password or a service / servers that can be authenticated.
• Principal is an Identity with a certain roles or claims. Identity and principal go together.
• User Principal -- an identity used by a person. 
• Service Principal -- is an identity that is used by a service or application. And like other identities, it can be assigned roles. 
• Managed Identities make the task of maintaining service principals easier. 
• There is a service that wants to authenticate.
• You create a managed identity on your org's active directory.
• Azure infra automatically takes care of authenticating this service and managing the account. 
• Use this account like any other Azure AD account including allowing the authenticated service secure access to resources. 
• close example document upload service uses an authentication to upload docs in SAP in Sony Basingstoke, 

Role based access control

Identities are mapped to roles (sets of permissions - read only, contributor etc.). 

Privileged Identity Management

Azure AD Privileged Identity Management (PIM) is an additional, paid-for offering that provides oversight of role assignments, self-service, and just-in-time role activation and Azure AD and Azure resource access reviews.

Encryption

Encryption is the process of making data unreadable to unauthorised viewers.

> Symmetric encryption - 

Uses same key to encrypt and decrypt the data.

> Asymmetric encryption - 

Uses a public key and a private key pair. 

Encryption at Rest

Data at rest is the data that has been stored on a physical medium. disk of a server, data stored in a DB, data stored in a storage account. 

Encryption in Transit

Data in transit is the data actively moving from one location to another - thru internet, thru private n/w. 

Encryption on Azure

• Encrypt raw storage

• Azure storage service encrypts data at rest
• Azure storage service encrypts virtual machine disks
• Azure disk encryption service is a capability that allows encryption of Windows, Linux IAAS VMs. (Uses Bitlocker)

• Encrypt databases

• Transcription Data Encryption (TDE) helps protect Azure SQL DB and Azure DW against malicious activities.
• TDE encrypts the storage of an entire database by using a symmetric key called the database encryption key.

• Encrypt secrets
• Azure Key Vault
• Azure Key Vault is a centralised cloud service for storing your application secrets. Key Vault helps you control your applications' secrets by keeping them in a single, central location and by providing secure access, permissions control, and access logging capabilities.
• Secrets management
• Key management (encryption of keys)
• Certificate management.
• Store secrets backed by hardware security modules (HSMs)

Azure Certificates

• Service Certificates
• Are used for cloud services and allow secure communication from and to the service. 
• Management Certificates
• Are used for authenticating with the management API
• Are used to authenticate with the classic deployment model. 
• Many programs and tools (such as Visual Studio or the Azure SDK) use these certificates to automate configuration and deployment of various Azure services. However, these types of certificates are not related to cloud services.

Azure Key Vault with Certificates

- Can store and manage certificates with key vault.

- You can create certificates in key vault

- Create policies to direct key vault to manage certificate lifecycle

- Provide for notifications regarding certification expiry / renewal

- Automatically renew certificates with selected issuers

Network Security

• Azure has layered security approach to network ( see above sections)
• Azure firewall
• Is a managed, cloud based, network security service that protects Azure virtual network resources. 
• Protection for HTTPS, RDP ,SSH, FTP protocols
• Azure application gateway
• Is a load balancer that includes a Web application firewall (WAF) that provides protection from common, known vulnerabilities. 
• Network Virtual Appliances (NVA) are ideal options for non-HTTP services.

DDoS - Distributed Denial of Services Attacks

Azure has DDoS protection, and is offered in two basic service tiers

• Basic - Is automatically enabled as part of Azure platform. 
• Standard  - additional mitigation capabilities. 
• Volumetric attacks
• Protocol attacks
• Resource layer attacks

Protecting Shared Documents - AIP / Azure Information Protection

Microsoft Azure Information Protection (sometimes referred to as AIP) is a cloud-based solution that helps organizations classify and optionally protect documents and emails by applying labels.

You can also track and control how the content is used --- analyze data flows, detect risky behaviours, track access to documents, and prevent data leakage or misuse of confidential information.

Azure ATP - Advanced Threat Protection

Azure ATP has its own portal, through which you can monitor and respond to suspicious activity. The Azure ATP portal allows you to create your Azure ATP instance, and view the data received from Azure ATP sensors. You can also use the portal to monitor, manage, and investigate threats in your network environment. 

ATP Sensors

Installed on Domain Controllers - monitors domain traffic without requiring a dedicated server or configuring port mirror.

ATP cloud service

Azure ATP cloud service runs on Azure infrastructure and is currently deployed in the United States, Europe, and Asia. Azure ATP cloud service is connected to Microsoft's intelligent security graph.

Azure ATP is available as part of the Enterprise Mobility + Security E5 suite (EMS E5) and as a standalone license. 

Microsoft Security Development Lifecycle (SDL)

The Microsoft Security Development Lifecycle (Microsoft SDL) is a software development process based on the spiral model, which has been proposed by Microsoft to help developers create applications or software while reducing security issues, resolving security vulnerabilities and even reducing development and maintenance costs. The process is divided into seven phases: training, requirements, design, implementation, verification, release and response.

Infrastructure Standards with Azure Policy

• Azure lets you set up policies for cloud infra and these policies will enforce rules for the created resources thus ensuring compliance with corporate standards, SLAs, etc. 
• Azure Policy is an Azure service you use to create, assign and, manage policies. These policies enforce different rules and effects over your resources so that those resources stay compliant with your corporate standards and service level agreements. 
• Example -- Imagine we allow anyone in our organization to create virtual machines (VMs). We want to control costs, so the administrator of our Azure tenant defines a policy that prohibits the creation of any VM with more than 4 CPUs. Once the policy is implemented, Azure Policy will stop anyone from creating a new VM outside the list of allowed stock keeping units (SKUs). 
• Any VM you add will be checked by policy.
• Azure policy will audit all existing VMs.
• Azure Policy is DIFFERENT FROM RBAC (Role based access control).
• Both Azure policy and RBAC go hand in hand to ensure organisational business rules are applied. 
• RBAC
• Manages who has access to Azure resources, what areas they have access to, and what they can do with those resources. 
• Example, allow users to access and manage VMs, websites, etc.
• Azure Policy
• Focus on resource properties during deployment and for already existing resources. 
• Example, policy to ensure users can only deploy DS series of VMs.

Creating Policy

• Create policy definition -- 
• tells what to evaluate and what action to take.
• Represented by a .JSON file.
• Assign a definition to a scope of resources. (Apply policy)
• You can assign any of these policies through the Azure portal, PowerShell, or Azure CLI. When you assign a policy definition, you will need to supply any parameters that are defined.
• View policy evaluation results
• Use the Azure portal and the applied policies to identify non compliant resources. 

Policy Effects

What happens during the "evaluation process" by the policy?

Policy evaluation results

 You can find the Azure Policy section through the search field or All Services.

Azure policy portal...

Removing a policy

Finally, you can delete policy requirements through the portal, or through the PowerShell command Remove-AzPolicyAssignment. 

Azure Initiatives

Initiatives are helpful when managing / organising several azure policies.  An initiative definition is a set or group of policy definitions to help track your compliance state for a larger goal.

Like a policy assignment, an initiative assignment is an initiative definition assigned to a specific scope. 

Once defined, initiatives can be assigned just as policies can - and they apply all the associated policy definitions.

Example of defining an initiative

Policy definition	Purpose
Monitor unencrypted SQL Database in Security Center	For monitoring unencrypted SQL databases and servers.
Monitor OS vulnerabilities in Security Center	For monitoring servers that do not satisfy the configured baseline.
Monitor missing Endpoint Protection in Security Center	For monitoring servers without an installed endpoint protection agent.

Azure Management Group

Azure Management Groups are containers for managing access, policies, and compliance across multiple Azure subscriptions

Management groups allow you to order your Azure resources hierarchically into collections, which provide a further level of classification that is above the level of subscriptions. 

Governance hierarchy using management group

You can create management groups by using the Azure portal, Azure PowerShell, or Azure CLI.

After you select Save on your first management group, a root management group is created in the Azure Active Directory (Azure AD) organisation. By default, the root management group's display name is Tenant root group.

Azure Blueprints

Azure blueprint tools help in auditing, traceability, and compliance of deployments against organisational, govt, and industry standards.

The Azure Blueprints service is designed to help with environment setup. This setup often consists of a set of resource groups, policies, role assignments, and Resource Manager template deployments. A blueprint is a package to bring each of these artifact types together and allow you to compose and version that package—including through a CI/CD pipeline. Ultimately, each setup is assigned to a subscription in a single operation that can be audited and tracked.

1. Create Azure blueprint

2. Assign blueprint

3. Track blueprint assignments

Blueprint vs. Azure Resource Manager Template

Nearly everything that you want to include for deployment in Blueprints can be accomplished with a Resource Manager template. However, a Resource Manager template is a document that doesn't exist natively in Azure. Resource Manager templates are stored either locally or in source control. The template gets used for deployments of one or more Azure resources, but once those resources deploy there's no active connection or relationship to the template.

Blueprint vs. Azure Policy

A blueprint is a package or container for composing focus-specific sets of standards, patterns, and requirements related to the implementation of Azure cloud services, security, and design that can be reused to maintain consistency and compliance.

A policy is a default-allow and explicit-deny system focused on resource properties during deployment and for already existing resources. It supports cloud governance by validating that resources within a subscription adhere to requirements and standards.

A policy can be included as one of many artifacts in a blueprint definition. 

Azure Compliance Manager

• Compliance manager makes it easy to perform risk assessments of Microsoft's cloud services. 
• Use it to manage your organisation's compliance activities from implementation to reporting. 
• There are four sources as below:

1. Microsoft Privacy Statement
• The Microsoft privacy statement explains what personal data Microsoft processes, how Microsoft processes it, and for what purposes.
2. MS Trust Centre
• Trust Center is a website resource containing information and details about how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services. 
3. Service Trust Portal
• Is a companion feature of Trust Centre
• The Service Trust Portal (STP) hosts the Compliance Manager service, and is the Microsoft public site for publishing audit reports and other compliance-related information relevant to Microsoft's cloud services. STP users can download audit reports produced by external auditors and gain insight from Microsoft-authored reports that provide details on how Microsoft builds and operates its cloud services.
• These compliances
• ISO
• SOC
• NIST
• FedRAMP
• GDPR
• STP allows you to:
• Access audit reports on a single page
• Access compliance guides
• Access trust documents
4. Compliance Manager
• Compliance manager is a workflow-based risk assessment dashboard within Service Trust Portal that enables you to track, assign, and verify your organisation's regulatory compliance activities related to Microsoft professional services and Microsoft cloud services such as Office 365, Dynamics 365, and Azure.
• Enables to assign, track and record compliance assessment related activities. 
• Provides compliance score. 
• Provides a secure repository in which to upload and manage evidence and other artifacts related to compliance activities.
• Produces richly detailed reports in Microsoft Excel that document the compliance activities.
• Provides recommended actions you can take to improve regulatory compliance. 

Monitor Service Health

Two primary sources to monitor health of Azure services:

1. Azure monitor

• Azure Monitor maximizes the availability and performance of your applications by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.

• Data sources: Azure monitor collects data from various sources...

• Diagnostics

-- As soon as you create a resource, Azure starts collecting data thru Activity Logs. 

-- Activity logs record when resources are created, modified

-- Metrics tell you how the resource is performing and the resources that it's consuming

-- You can extend the data you are collecting by enabling diagnostics.

        -- Enable guest level monitoring

        -- Performance counters

        -- Event logs

        -- Crash dumps

        -- Sinks

        -- Agent configurations

1. Getting Application Data

-- Application insights is a service that monitors the availability, performance and usage of web applications. 

-- Azure monitor for containers is a service designed to monitor the performance of container workloads

-- Azure monitor for VMs is a service that monitors your Azure VMs at scale.

Responding to Alert Conditions

Alerts

Azure Monitor proactively notifies you of critical conditions using alerts, and can potentially attempt to take corrective actions. 

Autoscale

 Azure Monitor uses Autoscale to ensure that you have the right amount of resources running to manage the load on your application effectively. 

Visualise monitoring data

Can be done thru

- Dashboards

- Views

- Power BI

Azure Service Health

Azure Service Health is a suite of experiences that provide personalized guidance and support when issues with Azure services affect you (outages, planned maintenance). So this is to know (when you are troubleshooting) where the platform itself has any issues that is causing issues for your application.

Azure Monitor on the other hand identifies issues "at my end" (when troubleshooting). 

Both Azure Monitor and Azure Service Health together help during troubleshooting.

Azure service health comprises:

1. Azure status - provides global view of health state of Azure services.

2. Service Health - provides customisable dashboards

that track the state of Azure services.

3. Resource Health - helps diagnose and obtain support when Azure service affects you.

Azure Resources Manager

1. Resource Groups -- are containers for resources you deploy on Azure

You place resources of similar usage, type, or location in the same resource group.

2. Tags - also provide a way to organise your Azure resources. They help to improve the organisation of resources. You can tag resource, or resource group, cost centre, billing dept, etc.

Tags are name/value pairs of text data that you can apply to resources and resource groups. Tags allow you to associate custom details about your resource, in addition to the standard Azure properties a resource has the following properties:

Department, environment, cost centre, lifecycle and automation...

A resource can have up to 50 tags

Tags and Resource Groups are a great way to organise existing resources. To ensure new resources that are created also follow the same rules, You can use Azure policies. 

RBAC provides fine grained access to ensure the rules you have created are protected.

Resource groups can be created via

> Azure portal

> Azure PowerShell

> Azure CLI

> Templates

> Azure SDKs

-- Create resource group

--Add existing resources to this group

>> Make sure you have a consistent naming convention

-- You can organise resources for billing

-- organise for authorisation

-- organise for lifecycle (for a particular project, for a test campaign, etc.)

(You delete a resource group, you delete all resources within it !!!!)

Create Policy

RBAC

Using RBAC, you can:

Allow one user to manage VMs in a subscription, and another user to manage virtual networks.

Allow a database administrator (DBA) group to manage SQL databases in a subscription.

Allow a user to manage all resources in a resource group, such as VMs, websites, and virtual subnets.

Allow an application to access all resources in a resource group.

Resource Locks

Resource locks are a setting that can be applied to any resource to block modification or deletion. Resource locks can set to either Delete or Read-only. Delete will allow all operations against the resource but block the ability to delete it. Read-only will only allow read activities to be performed against it, blocking any modification or deletion of the resource. 

Resource locks can be applied to 

• subscriptions, 
• resource groups, and 
• to individual resources, and are inherited when applied at higher levels.

Purchasing Azure Products and Services

• Azure products and services are arranged by category.

When you provision an Azure resource, Azure creates one or more meter instances for that resource. The meters track the resources' usage, and generate a usage record that is used to calculate your bill.

For a VM

- Compute hours
- IP address hours
- Data transfer in
- Data transfer out
- Standard managed disk
- Std managed disk operations
- Stadard IO disk
- Standard IO-Block Blob Read, Write, Delete

Factors Affecting Azure Products / Service Costs

1. Resource type - depends on the type of resource
2. Services - Rates differ between Enterprise, Web Direct, Cloud Service Provider, etc. types of subscription services.
3. Location - costs vary depending on location. 
1. Zone 1 - United States, US Government, Europe, Canada, UK, France, Switzerland
2. Zone 2 - East Asia, Southeast Asia, Japan, Australia, India, Korea
3. Zone 3 - Brazil, South Africa, UAE
4. DE Zone 1  - Germany

Azure Pricing Calculator

To make estimates easy for customers to create, Microsoft developed the Azure pricing calculator. The Azure pricing calculator is a free web-based tool that allows you to input Azure services and modify properties and options of the services. It outputs the costs per service and total cost for the full estimate.

- You do all calculations in the product tab

- The calculations can be exported into an Excel or calculations URL can be shared.

Azure Advisor

Azure Advisor is a free service built into Azure that provides recommendations on high availability, security, performance, operational excellence, and cost. Advisor analyzes your deployed services and looks for ways to improve your environment across each of these areas. We'll focus on the cost recommendations, but you'll want to take some time to review the other recommendations as well.

It makes recommendations in the following areas:

• Reduce costs by eliminating unprovisioned Azure ExpressRoute circuits.
• Buy reserved instances to save money over pay-as-you-go.
• Right-size or shutdown underutilized virtual machines. 

Azure Cost Management

Azure Cost Management is another free, built-in Azure tool that can be used to gain greater insights into where your cloud money is going. You can see historical breakdowns of what services you are spending your money on and how it is tracking against budgets that you have set. You can set budgets, schedule reports, and analyze your cost areas.

Ways to Save on Infra costs

• Use Azure Credits
• Use spending limits
• Use reserved instances
• Choose low cost locations and regions
• Research available cost-saving offers
• Right size un-utilised virtual machines
• Deallocate VMs in off hours
• Delete unused VMs
• Migrate to PaaS or SaaS services

Save on Licensing Costs

• Check whether on Linux or Windows - some products/ services cost diff based on OS
• If you already have purchased Widows Server, you can repurpose it on Azure.
• Azure Hybrid Benefit for SQL Server is an Azure-based benefit that enables you to use your SQL Server licenses with active Software Assurance to pay a reduced rate.
• The Enterprise Dev/Test and Pay-As-You-Go (PAYG) Dev/Test offers are a benefit you can take advantage of to save costs on your non-production environments. 
• If you are a customer on an Enterprise Agreement and already have an investment in SQL Server licenses, and they have freed up as part of moving resources to Azure, you can provision bring your own license (BYOL) images off the Azure Marketplace.
• SQL server developer edition is free product for non-production use. Use it for non-production workloads.
•