Spread the love

In Azure Tutorial from Scratch, I will give you the in and outs of Azure architecture and also more details on the following

  • DataCenter
  • Network (N/w) services
  • Computes/Virtual Machines/Hosts/Machines
  • PrivateNetwork (n/w)
  • Services

In this tutorial, I don’t want to write more and more words Instead I will add more concepts with short and sweet formula.

  • Azure DataCenters:

    • located world wide
    • More than 1million servers
    • support office 365, bing, live and azure (200other services)
    • managed by MCIO/GFS
    • available/accessible in/from 140 countries (not located in 140 bling infrastructure is available)
    • support 10langues and 19currencies
  • Availability Zones

    • Availability Zones help to protect you from datacenter-level failures. 
    • They are located inside an Azure region, and each one has its own independent power source, network, and cooling. To ensure resiliency, there’s a minimum of three separate zones in all enabled regions. 
    • The physical and logical separation of Availability Zones within a region protects applications and data from zone-level failures.
    • Regions that support Availability Zones: East US 2, West Europe, France Central
    • https://docs.microsoft.com/en-us/azure/availability-zones/az-overview
  • Azure regions:

  •     Azure speed test:

  • Azure services and regions:

  • Affinity group:

    • resources placed in AG are in proximity with each other in AZ DC.
    • minimize latency b/w resources —> Improves the performance
    • proximity with each other in Azure datacenter
  • Azure Server Structure:

    • Modular blade servers in either compute role or a storage role
    • 40-50 blades per rack
    • each rack will has a special switch on top which connects to aggregation switches —> ensure connectivity
    • some racks will have servers which works as fabric controllers
  • Fabric controllers:

    • provision VM’s
    • healing failed VM’s
    • rehydrating VM’s
    • managing life cycle of VM’s
  • Stamp/Cluster:

    • 20 rack group is a stamp/cluster (800 – 1000 servers)
    • all hardware in stamp uses a same processor generation
    • all resources in affinity group uses a same stamp
    • connected by switches
    • mastering ms azure infrastructure services -john savill
  • Physical security:

    • dc’s are physically secured
    • people subject to lots of security check before accessing physical dc
    • involves passing through multiple secure barriers
  • Regional availability:

    • Often multiple regions in a geographic location
    • In Aus we have (east and southeast) dc’s etc
    • A region can have more than one dc
    • dc’s will be close geographic proximity to each other
    • Add more with popularity and capacity
  • Service availability:

    • Not all services available in all regions
    • some regions have billing restrictions
    • Australia regions can be used by customer with billing address in Australia or New Zealand
  • Regional Datacenters:

    • DC’s are divided into clusters/stamps
    • 20racks per cluster/stamp
    • Each Rack functions as a fault domain
  • High Availability:

    • availability means having no downtime
    • Availability sets keep VM’s available during downtime.
    • downtime examples:
      • equipment failures
      • schedule maintanances
    • customers need to design for high availability
    • 99.95% HA SLA by MS Azure
    • An availability set should be configured for each tier of an application to qualify Azure HA SLA
  • AD DS on IaaS  (Active Directory domain services on Azure Infra as a service ):

    • create an Azure network
    • configure a site to Azure VPN
    • conf a static IP on Azure network
    • deploy a windows server VM on Azure
    • promote to domain controller
    • good for replicating into Azure
    • cloud is just another AD site
  • What is Azure AD:

    • Directory server for Azure services and applications
    • used to buy office 365 to store account data
    • used by MS Intune to store computer and user data
    • possible to join W10 computers to Azure AD
  • Azure AD or Azure AD premium

    • free edition

      • user a/c management
      • sync
      • SSO
    • basic edition

      • group based access
      • self service password
      • Azure AD application proxy
    • Azure AD(basic)

      • support multiple directories
        • resource, admin and sync independent
      • Global admins can delete directory if
        • no user or applications in directory
    • Azure AD Premium

      • ss groups
      • adv security reports and alerts
      • multi factor authentication
  • AD DS on IAAS

    • Active dir on VM
    • create azure n/w
    • configure a site to vpn
    • config static ip
    • deploy win server VM
    • promote to Domain controller
    • good way of replicating workloads in azure
    • cloud is just another AD site
  • What is Azure AD

    •  Directory Server for azure services and applications
    • used by 365 to store a/c data
    • possible to join win10 computers to Azure AD
  • Azure AD

    • User

      • directory —> users —> add user
      • provide info and role
      • create temp pass
    • Groups

      • groups —> create group —> you can add users
    • Applications

      • applications —> add —> application from MS —> Eg: dropbox
      • they can login with AD a/c
    • Domains

      • fqdn
    • Directory integration

      • sync or not
    • configure

      • notifications, domain services
      • multi factor etc
    • reports

      • all threat reports if you have premium subscription
    • New Azure AD instance

      • New —> app services —> active directory —> directory —> custom create —>name —> domain etc
    • Directory synchronization

      • sync users and groups from on premises AD to Azure AD
      • tool : Azure AD connect
      • before:
        • DirSync
        • Azure AD sync
      • AD connect:
        • sync multiple ad forests
        • supports:
          • self service pass reset in cloud
          • password write back
          • user/group/device write back
          • sync custom AD attributes to Azure AD
      • Demo:
        • AD —> download AD connect tools —> install —> login credentials (need global a/c  or create a  user with global admin role)
        • login with local AD credintials
    • Az AD domain services

      • Az hosted AD for applications and VM’s
      • replacement for Az IAAS DC VM
      • can function as DNS
      • works with AD connect
    • AD DS demo:

      • subscription —> enable DS —> specify subnet —> save
      • then an IP will be assigned
      • networks —> configure —> add dns server any name and above ip and save
      • create VM
        • new —> vm —> from gallery —> win server 2016 preview
        • connect to above VM
        • if you check ip address it won’t be updated then you need to go to this pc —> adv system —> computer name —> add new domain name and credentials then it will work.
    • IP address:

      • IP is internal to azure
      • assigned based on existing n/w config
      • Internal ip is assigned sequentially based on which will start up first
      • public ip address is based on region
      • allocated form region pool
    • Static IP addressing

  • N/w ACL

    • endpoint allow u to config port mapping
    • ACL allow u to configure allow or block rules based on ip source subnets
    • up to 50 ACL rules per VM endpoint
    • can function with IAAS or PAAS
    • No ACL’s by default
  • IAAS VM limits

  • Azure VM tiers

  • Azure Subscriptions

Thanks

Related Posts

blog

Apache Kafka Commands Cheat sheet

Spread the loveKafka Topics List existing topics bin/kafka-topics.sh –zookeeper localhost:2181 –list Purge a topic bin/kafka-topics.sh –zookeeper localhost:2181 –alter –topic mytopic –config retention.ms=1000 … wait a minute … bin/kafka-topics.sh –zookeeper localhost:2181 –alter –topic mytopic –delete-config retention.ms
Read more…

blog

What is Apache Maven | Apache Maven complete tutorial from scratch pdf

Spread the love In this post you will learn the complete tutorial of Apache Maven build tool What is Maven ? Apache Maven is a software project management and comprehension tool. Based on the concept
Read more…

blog

Practical Guide for Web Development in 2018

Spread the loveWelcome to my practical guide  for web development in 2018 in terms of  technology and career. Before we start I just want to  mention a few things, you don’t need to learn  everything that
Read more…