70-535: Architecting MS Azure Solutions
My MS Badge for Azure Architecture
First thing first some kool links for you:
1. Scott’s 70-535 review in 60 mins, worth a try.
2. There are a lot of blogs summarising this exam, I suggest you to go through them (it gave me a good idea of the topics I needed to focus on). Some of them (in no preferential order):
– GuruSkill Github
3. Following topics will give you a good breakdown on the subjects you would need to excel in 70-535:
A VM with Premium Storage has a 99.9% SLA which translates to 43 mins a month and over 8 hours a year downtime
A VM within Availability Set has a 99.95% SLA which translates to 21 min a month and over 4 hours a year downtime
A VM within Availability Set and Availability Zone has a 99.99% SLA which translates to 4 mons a month and 52 mins a year downtime.
Note: Only a handful of regions support Availability Zones
Marketplace image on azure managed disk supports upto 1000 VM’s
A user managed storage account supports upto 100 VMs
A custom image scaleset on Azure managed disks supports upto 300 VMs
A Custom image scale set on User managed storage supports upto 20 VMs (40 if over provisioning is turned off).
Instead of paying for and maintaining a server, you ONLY pay for its usage.
So everytime Azure runs your code, it costs you a micro fraction of a cent.
Its Event driven application (definitive start and definitive end)
Dont have to worry about OS, PnU, vNET, Subnets, Scaling etc
– Functions (create a webhook for everytime a url gets called we can define a function | Processing limit of 200 instances in parallel | 1million execution frre and then $.20 per million thereafter | First 400K GB free)
– Logic Apps (workflow services for cloud | event driven – trigger/time | series of tasks, logic branches | you need to run it 400 times to be charged 1 penny | logic in boxes and lines to trigger an action like send me an email when a keywork is posted on twitter)
– AKS – Azure Kubernetes/Container Services (Web Apps for Containers allows us to deploy container apps using Azure PaaS | AKS allows us to nodes, orchestration, create container as a service, not management of those containers | ACI azure container instances is not good for full on production big services and should be used for simple works such as demos, dev etc | AKS azure kubernetes service is good for long term heavy loads, needs scaling etc)
– CosmosDB (For relational DB Azure provides SQL Server but for non relational db / serverless aspects such as documents, key value pairs etc we should be looking for cosmoDB as the go to solution | API data retrieval via MongoDB/SQL/Graph etc | globally redundant mumtimodel db| 99.999% uptime SLA | non relational no-sql db no delays in retrieval | different model to store db)
– NoSQL = no relational database | Storing an object with no relations to tables
– API Mgmt (Middle layer between api/internal and public, so not using open to all public api which is a security threat | there are companies providing public api after that company approves the request for access | control like how many calls per min etc | )
– Event Grid (This connects a and b together | helps automation for devops | for ex – some event to occure on something | Application integration connects things together when they are not designed to work together)
– Stream Processing / Analystics = Input – Query – Output (endless real time messages | options like Azure Stream/IoT, HDInsight, Apache Spark, Azure Functions, and Webjobs | its like functions but at large scale so processing requests beyond 200 instances in parallel) – Passing messages from an IoT Hub to Stream Analytics which then passes it to Dashboard, Alerts, or Storage.
– Bot messaging = cognitive service (natural language to communicate with human for ex cognitive services | for ex – what are your opening hours etc or proactive alerting etc | Bot use connectors like skype, cortana, slack, your website, facebook etc)
– Cognitivie / platform services = image/speech/language/handwriting recognition
– IoT – devices like fitbits, balckbox in our cars, Smart washing machine, nest etc. Being able to take stream of data and never ends. Event Grid where new things happen such as create a new service within resource group and then an action is fired for ex – logic apps as soon as a vm is created etc.
Split an app into smaller pieces.
For ex – a monolithic app will have 3 tier app such as web/backend/db layers. althoug they are separate it still sometimes difficult to break it down further so make changes to just one component. This is where we break down this monolithic app into various different components called Microservices such as Security API, DB Services, Admin UI, Data, Event Log, Cost Estimation, Search API etc. So its easier and quicker to make changes to code. Easier to test and less risky and uses less resources.
MS uses Azure Service Fabric to auto scale and provide microservices.
Keep solution loosely couple within microservices
Azure Service Fabric (it is used to package, deploy and manage microservices and container based apps | ASF is an orchestration service similar to Kubernetes | CosmosDB uses ASF | Its opensource and in GITHub | ASF is a piece of software that can run on your server/aws/win server and does not involve Azure Cloud | If you are thinking to build microservices, ASF is the best tool for new builds | its a VM and not PaaS) – Traditional Azure Cloud Service can have 10 VM running 10 different apps with autoscale features etc but they may end up with one vm highly utilised and one being underutilised. However with Azure Service Fabric, you can deploy these same apps as microservices so you could use any vm’s and this evens the overall workload.
Determine when X (containers, AKS, ACI, Service Fabric etc etc) is appropriate for a solution type questions
– Containers (portability | azure to different cloud providers | better for new dev | not all legacy app/code supported | app tighly coupled with data or apps)
– Container orchestration (AKS, ASF, but ACI doesnt have | kubernetes as orchestration and docker as container model | multiple container application | deploy new version of container without downtime)
– Functions (Functions API results in a data format | Part of serverless model based on triggers and are event drivem | pay for consumption such as predictable costings | as its serverless, no infrastructure/no worry about scaling etc | upper limit of 200 for performance)
– API Mgmt (a middle layer which runs between Private Azure code and a public endpoint | $150 – $2700 per month for using the API management)
– Web API (Its like a WebApp except it returns a data that a web browser can interpret | VStudio contains a WebAPI template)
What are App Services (PaaS):
WebApps, API Apps, Logic Apps, Web Jobs, and Mobile Apps.
WebJob: No UI, Background Job, runs on a schedule like run every hour etc or on a trigger, monitor a table etc.
Web App vs. Web API (An API is a webapp that serve a data format such as json /xml, instead of html | )
How can you improve performance on Web App: Use tools such as CDN, CosmosDB, Queue, Redis Cache, etc.
SLA: Web Apps have a SLA of 99.95% which translates to 21 mins a month and 440 hrs a year (not in free or shared though). We can increase the SLA by having multiple instances of webapp and in multi regions (traffic manager) but still it can never reach 100%
AppService Plan (Standard get deployment slots, backup and autoscaling, Premium and Isolated are next level and cost more and gives more storage, instances and snapshot features) – which plan type questions.
Isolated App Service Plan (normal app service plan runs on multitennanted platform, they can affect each others performances, so MS offers a dedicate ASE calls isolated, dedicated hardware to support 100 instances in that App Service Environment | starts $216/month per instance + $1000 per month for that dedicated server/ASE)
Storing temp data in Memory to improve app performance
for ex – setting weather cache in your api to weather provider every 20 mins etc
Quickest way to retrieve a data we have already retrieved
– Azure allows you to add Cray as supercomputers for High Perf Computing tasks.
– Another option Azure provides for HPC is Azure Batch (This provides a set of tasks to be fired in batches for parallel executions such as firing new vm’s in parallel).
– Azure batch lets you take a piece of work/rpoject and subdivide in to 10’s/100’s of little tasks.
Spin up to 10K VM’s to run tasks in parallel for ex – for ex prediction of financial market / gene sequence.
– You can also get some large VM such as H16, A8 etc
– large job broken into millions of small tasks and run parallely
– Blob storage accessed via url or api
– Backup files, log files, etc can go to blob
– Storage acct secured with Access Keys and also Shared Access Signature for further restricting users if you do not want to share the access keys.
– Blob level Tiering:
Hot > Frequent Access (higher storage cost but lower access cost as its hot and frequently used)
Cool > Infrequent access (lower storage cost but higher access cost as its cool)
Archive > mainly for backups (lowest storage cost but highest access cost as it should be rarely accessed). Data is accesssible after hours as it gets converted into hot/cool after requesting access.
– Blob (for streaming, random access files, | 500TB maximum for single container and 4.75TB for single file in blob) has a flat structure for everything whereas FILE share (5TB total and 1TB per file) has a directory/subdirectory structures
– Maximum size od datadisk is 4TB
– Azure Data Box (like snowball in aws) = If a customer has a lot of data like TB or PB then Azure provides a physical storage box which they ship it to you and then you fill it and return it back (all tracked via ARM portal) and then use offline media import to import from that box. MUCH Better than using the public internet to upload all that data.
– StoreSimple = Hybrid Cloud Storage | Buy a StoreSimple 8000 Series and put it in your DC where you store HOT data on prem (storesimple) and Cold data on Azure Cloud (store simple will decide intelligently | a vm inside your DC that acts as storesimple device | upto 64TB per array ans 390GB to 6.4TB local capacity (so a 10:1 ratio /leverage between cloud:onpremlocal.
Azure Data Services:
Data Source (onprem/cloud) –> Data Factory –> DataLake –> SQL Data Warehouse –> HDInsight –> Reporting –> PowerBI and other reporting tools.
– Analysis, Analystics, Warehousing, DataLake, HDInsight etc
– not the actual stor of the data but to see how they are used etc.
– Azure Data Factory take data from different data sources such as Onprem SQl, Cloud data from Azure/AWS, and also SaaS such as Salesforce etc and turns them into a useable data format and monitor it > ETL (Extraction, Transformation and Load in the Cloud)
– SQL Data Warehouse – Organise large amt of data into relational db from different data sources (once it passed from azure data factory and then to a storage account) and run reports and run complex queries (its not for transactional data and only for reporting/read only purposes.
– Azure Data Lake Analystics = Ondemand analytics to analyze data, deep integration with visual studio as plugin, U-SQL to write Data Lake Anaylsis, Pay for consumption/serverless,
– measure of usage = DTU/eDTU/QPU = QPU (devlopers 20 QPU | Basic 40-80 | Std 40-640 QPU (sacling)
– HOInsight = It represents all the Big Data Tools within Azure (hadoop, sppark, hive, kafka, storm, R etc)
– Machine Learning = Anaylsis tons of data and build models to predict future.
General Purpose = A0-A7 | B and D Series
Compute Optimized (such as Web serves) = F Series
Memory Optimized (such as db servers) = DsV2 and E Series
Storage Optimized = LS Series
GPU Optimized = Nx Series
HPC Optimized = A8-A12 and H Series
Azure and Hybrid Identies:
– Azure AD = IAM
– AD Connect = replaces Dirsync and AD Sync = It syncs onprem ad to cloud azure ad (you can also set ou/group filters)
– AD FS = Turning over responsibility for something to a 3rd party = Keep all identities insude on prem
– AD Application Proxy = SSO for remote users to access web app hosted inside you network/onprem (like sharepoint etc) – but its not a vpn / no changes to ports etc. | authenticates through proxy via a connector.
– SAML = Usual over the internet when you dont have trust you use SAML tokens where you obtain token verified by the provider with proof keys
– Graph API = Pgrogrammatic access to Azure AD through REST API | Its a REST based API used to access Azure. | Create Web and Mobile API
– OAuth = Open Standard for authentication with untrusted clients (such as mobile phone). A trusted client would be a server where an user can not see the backend code or modify it.
NSG (each NSG can have multiple NICs or Subnet BUT each nic/Subnet can have only one NSG associated to them)
low number takes priority
Securing Data in transit = SSL/HTTPS | VPN (P2S, S2S, ExpressRoute)
Security Data at Rest = Encrypted Storage Account (SSE)
Shared Access Signature – temp access to storage as the access time has expiration
Shared access Policy = access can be revoked as needed
Storage: Top level storage account with 500TB limit
Blob storage are of 3 types:
– Bloack blobs = For Streaming and storing objects in cloud | ood for images, videos, and documents
– Page Blobs = Good for random writes, Like a HDD, Good for VHD
– Append Blobs = Similar to block but for appending such as log files where you will add data in sequence
– message of 64KB in size
– as soon as a service picks up the message it becomes invisible to other siervices (if its not deleted it reappears after some time)
– 500 TB limit on top level storage account
– 5TB limit on a single file share created from storage account
– 1TB limit on each file (these file can be put into the file share)
– Network share using SMB 3.0 (network drive and mount it)
– Call REST API to retrieve file storage
– Helps migrate from legacy systems that uses storage model
– address url for file storage: https://something.fole.core.windows.net
SQL Server in a VM (IaaS):
– User responsible for undelying hardware such as VM and othe rthings like scaling, reseliency etc
– Need to have a sql license
– Pre-installed templates of sql such as 2014 comes with built in license
– Part of Azure App Service
– Cross platform client support (by providing different SDK’s) such as android, ios, windows, apache, and xamarin etc
– create new mobile app in arm
– create a new sql db
– create server code for your app
– download the quick start app depending upon your chosen language
– Store data locally (on the mobile device) until the device is online.
– improve responsiveness (app does not need to contact internet all the time and work with local storage).
– saves the internet usage
– use APIs to read/write from local store
– sync table api such as IMobileServiceSyncTable (.NET) and MSSyncTable (iOS)
– push and pull to make changes from local to internet n vice versa
Extend Mobile Apps
– If we would like to use custom API/SDK etc.
– As its serverless/PaaS, the infra is secured/encrypted etc by MS
– However Security your App is your responsibility, (ddos, cross site scripting, sql injection, session hijack etc)
– Pen Testing
– phone notification about differen apps
– push notification model about imp events such as weather, gmail etc etc
– Azure provide Azure Notification Hub – one api call | target single or group of users | supports local format celcius/fahrenheit
– Supports Tagging – fo ex – tag a user saying this user stay in us and prefer this restaurant etc.
– .NET technology/Metaphore for 2 systems to communicate with each other over a network
– Host WebAPI inside Azure and let your backend system communicate with the front end where fron end/external system could be a mobile app, website etc
– Scale up or scale out like Web Apps in Azure
– Web Jobs:
– Its a long running code or a background task without a UI
– Runs continuously in the background and never ends or run on a predefined schedule or on demand
– file types (exe, bat, phython, ps1, and so on)
– Securing WebAPI:
– same as securing a website as they communicate over internet
– WebAPI to provide first access to your backend interface so more risk compare to website
– Use Azure AD, ADFS, Monitoring (which are frequent users of your API, which users have not loggedin for last 30 days etc)
– Existing on prem services and services running in Azure working together
– MS provides Service Bus Relay which runs in Azure, takes request (Win Comm Foundation WCF call) and passes that to your on prem WCF call. SO basically allows apps to connect to on prem service.
When there are questions on policy based routing, then they are talking about “Static routing VPNs” (mainly site to site) > Multisite VPN + vnet2vnet and point to site vpn do not support static routing vpn gateways.
Route based vpns are Dynamic routing vpns. More modern > dynamic routing is required for multisite, point to site and vnet to vnet vpns, and expressroute vpn.
Azure Media Services:
online streaming of videos (as PaaS). – no access to hardware
Design an advanced application:
jobs that can take days to run > monitoring + av set + caching + scale up / out
Machine learning is examining large amount of data to detect patterns
like you are shopping on netflix and netflix is recomminding you to watch certain series etc
Make you predict things better
storing and analyzing massive amounts of data
for ex – how to analyze billion of emails (traditional db wont / sql wont work – memory intensive etc)
Azure offers HDInsight (using apache hadoop clusters) for analyzing data
You can use FTP, Kudu and Web Deploy to upload or build your web app.
Basic = 10GB storage | no autoscale | no geo replication
Standard = 50GB | autoscale | active geo replication | 2 auto backs per day
Premium = 200 GB | autoscale | active geo replication | 50 auto backsups per day
system center components supported in azure > app controller | DPM | SCCM | Endpoitn AV | Orchestrator | VMM | Unified Installer
App Controller is similar to arm portal where you can create avnet etc.
DPM is a complete backup solution for servers (install dpm in physical or in a vm)
local DPM managed local servers and Azure DPM manages servers in azure (they do not cross)
config mgr (sccm) – manages vm in ur network, remote in computers and other IT management
Grab a cuppa!!!
Here is my acclaim badge for 535: https://www.youracclaim.com/badges/d899f20f-e224-47f4-b33f-15c26b599966