Microsoft Azure Services and Concepts

View non-AMP version at androidpolice.com

Course Overview

Course Overview

[Autogenerated] Hi, everyone. My name is Neil Morsi and welcome to my course, Microsoft, Azure Services and Concepts. I'm a solutions architect, and I'm excited to teach you about the core products and platform solutions available in Azure. In this course, you're going to learn some foundational concepts about how azure works as well is learning about specific products that you can use to build solutions in the cloud. Some of the major topics were going to cover include concepts in azure like azure data centers, regions and azure resource manager tools for managing resources, and Asher, like the azure command line interface and resource manager templates. You learn about core products in azure for compute networking and storage, like azure virtual machines, virtual network gateways and as your storage accounts. And you learn about some of the platform solutions and Asher for solving big problems like the Internet of things, big Data analytics and artificial intelligence. By the end of this course, you'll understand the services and concepts portion of the A Z 900 exam. But even if you don't intend on taking the exam, you'll have a greater understanding of how azure works and what's available to help you design solutions before beginning this course, you should watch the first course in this learning path. Microsoft Azure Cloud Concepts. I hope you'll join me on this journey toe. Learn about azure with this course, Microsoft Asher Services and Concepts here at Plural site.

Understanding Azure Architecture and Management

Azure Data Centers

[Autogenerated] welcome to this course on Azure services and concepts. We're going to look at a lot of individual services throughout the course, but I'd like to start this module by attempting to de mystify azure a little bit. I'm sure you're already familiar with the concept of cloud computing. It's kind of an abstract concept, though, and that's because, well, it's intended to abstract away the underlying mechanics of hosting servers and applications. In a cloud environment like Asher, you upload your data to store it somewhere in the cloud, and then you and your clients can download that data, and it might come in the form of Web pages or some other format that's been generated. There's obviously a lot of services that you can configure to manipulate that data or to generate new data entirely, and the rest of this course will be focused on understanding what those services are. But you might be curious as to how and where all of this processing and storage is taking place. Well, as you can probably guess, the cloud isn't hosted on the international space station. It's hosted in data centers, which are just buildings that contain thousands and thousands of physical servers, along with the networking, electricity and cooling that those servers require. And despite being called the cloud, those data centers are grounded right here on Earth, although Microsoft is currently experimenting with putting data centers at the bottom of the ocean to and we'll talk more about that in a little bit, Microsoft data centers house thousands of physical servers, as well as networking components and other infrastructure, which they purchase from hardware vendors. So there's an economy of scale there that makes it more cost effective than any individual company like yours trying to manage all that infrastructure yourself. And because Microsoft and really any cloud vendor is focused on improving that scale, they look for ways to make it even more cost effective. Microsoft uses something called I Tea Packs, which stands for I T pre assembled components, thes airpods of servers with their own electricity, ventilation and cooling. Some Microsoft data centers have implemented these as shipping containers that contain many physical servers. A data center would then be made up of many shipping containers. So when hardware needs to be refreshed, or if there's a major technical issue, they can basically just unplug a container and replace it with another one. Microsoft has started moving away from that model, though, because there's such a demand for hosting that in addition to managing their own physical data centers, they also need the least data center space from other companies. And using shipping containers isn't really an industry standard hosting your data and applications on Microsoft. Asher isn't just about cost savings, though. Security is a big concern for organizations moving to the cloud, and it's something that Microsoft has devoted a lot of attention to. For starters, they don't publish the addresses of their data centers. You can't just show up and check on your data. Accessing a data center requires prior approval and needs to be justified. Even most Microsoft employees have never been to an azure data center, so there's physical security, security guards and also biometric identification is used all ______. The data center Asher also complies with many standards and regulations around security, like I s O standards, HIPPA fed ramp and eso sea levels one and two. There's also region specific standards for data centers in Australia, the U. K and elsewhere, and third party audits verify as yours adherence to the security controls that these standards mandate. Besides physical security, there's virtual security. Also, your data is encrypted and kept separate from the data of other customers, and there are various levels to that which will discuss later. There's also redundancy within a data center. For example, your data in azure storage is stored three times within a single data center, so it's safe in the event of a server failure. You can choose to expand that, destroy your data across data centers to to have true disaster recovery in the event of something catastrophic, like an earthquake or some other natural disaster. So well, it's understandable that organisations are concerned with security when moving their data from on premises to the cloud. I always like to remind them that Microsoft has teams of security professionals who are dedicated to keeping customer data and applications safe, and chances are that Microsoft has a lot more resources and capabilities available to do that than most organizations could afford to do with their own on premises servers. Now, as you can imagine, hosting millions of servers around the world requires the consumption of a lot of energy. Besides being something that could potentially drive up the cost of hosting that could have a huge impact on the environment. I know my choice of icons here implies that data centers are coal fired power plants, but nothing could be further from the truth. Microsoft says it's actually been carbon neutral since 2012. And while some of that may be due to the purchase of renewable energy certificates to offset consumption, Microsoft plans to shift to 100% supply of renewable energy for its data centers by 2025. They already have a lot of agreements in place to purchase green energy in the form of solar, wind and hydropower electricity, and they're actively involved in research and experiments in this area. They've begun experimenting with using fuel cells to power data centers, and they already use machine learning to control data center cooling by maximizing outside temperature changes. There's even something called Project Nateq, which is a 40 ft long underwater data center deployed off the coast of Scotland. Part of that project is intended to address cooling data centers, but it's also meant to bring smaller data centers closer to coastal areas that are near major centers But there are a lot of major data centers located all over the world. There are currently over 160 azure data centers, and there's also another 150 plus edge locations, which are smaller data centers that bring data even closer to users. For things like cashing within the azure content delivery network, these data centers are organized into regents, and there are often multiple data centers within a region help with fail over and high availability. But we're going to talk more about regions and availability in the next clip. So now that you understand that Azure is ultimately just a bunch of physical data centers full of physical servers, we'll talk next about how those physical locations are organized into regions and how that affects fault. Tolerance then will shift to a more logical view of how azure is organized by talking about resource groups, which are the logical containers that your servers applications, data and services are grouped into, which makes it easy to treat all those components as a group for the purposes of deployment and applying security. Then we'll begin discussing how you manage the resources you create an azure using an abstraction layer called Azure Resource Manager, which you may see in Microsoft documentation, referred to by its acronym ERM Arm is a common management layer that's accessed by a variety of tools, like the Azure portal as your power Shell, the Asher Command Line interface or azure CLI, as well as directly through the Web service rest interfaces. I'll show you some of those tools in action, including how Resource Manager Templates enables something called infrastructure as Code, which is a hot topic in Dev ups that allows you to script out repeatable deployments of your servers and application infrastructure. And finally, we'll look at Azure Adviser, which is a built in service within Azure that tells you how to optimize azure for security best practices as well as for cost savings. So even if your I T staff isn't experienced with azure, this gives you some confidence that you don't have to spend a long time stuck in analysis. Paralysis before you can get started in azure, you can start using azure and optimize it as you go with guided recommendations. Okay, next, let's step up a level from data centers and talk about how data centers are organized into azure regions.

Azure Regions and Availability Zones

[Autogenerated] so we've talked about some of the features of azure data centers. Now let's discuss how data centers are organized Geographically, we're going to discuss a few concepts in this clip azure regions, geography, ease, availability zones and region pairs. The choices you make when using these concepts will affect the performance and availability of your applications in data. So we're also gonna briefly talk about how these features confused for high availability and disaster recovery. When you create most azure services like this storage account, for example, you need to choose where you want your instance of the service created, in other words, where you want the data stored for the storage account. Now I said most services because there are some services that are considered global services, so you don't specify a region when you create them. An Asher active directory tenant is a good example, but for most things like the storage account, you need to choose the region you want. It created in a region is a physical location of a data center or multiple data centers, and there's a long list available when you're creating a new instance of an azure service. But if your service is available from anywhere over the Internet. Why choose one region over another? Well, first of all, there's performance. There are physical limitations to how fast data can travel around the world. If most of your users are located in Australia, for example, it doesn't make sense to host your website and database in a data center in the United States and have every request and response travel around the world. Unless, of course, there's another reason for choosing that data centre. One consideration that might come into play is that not all azure services are available in all regions, especially when they're first released. You can go to this page in the azure docks to see what services are available in which regions, so you can choose the specific regions that you're interested in. And then you can search for a specific service like machine learning. For example, it looks like this isn't available in the Canada East Data Center yet. You can also remove this filter and scroll through all the services to see what's available and notice how there are these services that are non regional. These air, the ones I mentioned that don't require you to choose a region when you create them. While we've got this regionalist handy notice, there are government regions listed here these air physically isolated instances of Asher for the U. S. Government and include additional compliance certifications. It's also possible that within a specific service, some features might not be available in the region closest to you. A good example of this are the different sizes available for virtual machines on the virtual machine pricing page. If I scroll down and select a class of the EMS, let's use high performance computer prices show up below for these h Siri's V EMS. It says they're used for financial risk modeling. So these air pretty compute intensive specs for these virtual machines. Let's change the region to central U. S. And now, it says pricing is not available in the selected region. If I change to the compute optimized class of the EMS, thes V EMS are available in the selected region. So before you design out a solution that relies on specific sized resources, you should check to make sure they're available in the region. You plan to use another reason you might choose one region over another is for regulatory and compliance reasons. With regards to data residency, I won't get too into data residency and sovereignty here. It's a pretty nuanced topic where you might need to look at the specific requirements for your company or industry, and you might be able to work around them by using encryption or distinguishing between classifications of data within your organization. If you work in an industry that's highly regulated or your company has policies around where data must reside, there's a white paper you can download from Microsoft that goes into a lot of detail about the considerations and how azure can be used to address them. This is actually a good time to talk about geography, ease and region pairs, because if you're concerned about keeping data within a specific country than these concepts will matter to you, an azure geography contains one or more regions. You can go to this page in the docks and see the groupings of regions into geography ease. If I choose Canada, for example, I can see there are two regions in this geography geography Zehr used to meet data residency and compliance requirements. I don't mean to keep bombarding you with the Microsoft docks. But if this is important to you, let's go. By the official statements from Microsoft on data residency. Let's scroll down to the additional information here. It says Microsoft may copy customer data between regions within a given geo for data, redundancy or other operational purposes. They give an example of geo redundant storage, which replicates blob data between two regions. In the same geography. You actually have to choose geo redundant as the option with azure storage, and I'll show you that later in the course. But the docks also say that when you put your data in certain regional services, it could end up being stored outside that geography. For example, if you're using Azure Sentinel to generate security data from azure monitor logs, that data could end up being stored in the US, regardless of what region you choose again. If this is important to you, you'll want to get into the fine print at the bottom. Here. It lists services that will only store data in the region you select when you create the service, as your storage and virtual machines are some examples, the geography could be a single country, or it could be a set of countries within a geography. There are often region pairs available region pairs air data centers that are usually located 300 miles apart or more to reduce the impact on availability that might be caused by a natural disaster or a major power outage to a data center region. Pairs allow you to configure automatic replication and fail over for certain azure services, like when you choose geo redundant storage for your azure storage account, Azure automatically makes copies of your data across the regions in the region. Pair. Besides, automatic fail over region pairs can help you plan high availability when updates to a service or required. Azure makes sure that only one region in the pair is updated at one time. And if an outage effects multiple regions, at least one region in each pair will be prioritized for disaster recovery. So even when using a service that doesn't provide a built in option for fail over, you might want to design your own solution for disaster recovery and high availability. By taking region pairs into account, for example, you might deploy Web servers to multiple regions within the same geography and load balance them. So in the event of a major outage within a region, your application is still available. Of course, you don't have to limit your solution to just regions within a region pair. You can deploy your resources into any azure region. But keeping in mind which regions are paired makes your solution designed more resilient to potential issues of availability. And by the way, you can't choose which regions are paired. That's something that's decided by Microsoft. So we've talked about how azure geography ease contain azure regions. The last thing I want to talk about is availability zones thes air unique physical locations within a single region. They're made up of one or more data centers equipped with independent power cooling and networking availability. Zones aren't available in every region. Some regions just contain a primary data center, but when availability zones are available, there's a minimum of three separate zones. Some services, like zone redundant storage, will replicate your data automatically across all the zones in the region. But for something like virtual machines, they're considered zonal but not zone redundant. You can specify which zone or data center you want to create the VM in but you need to create multiple V EMS in different zones, and then you can set up a load balanced solution in order to keep your data within a single region, but still protect yourself from an outage that could affect a single data center. Okay, now let's move away from the physical concepts of data centers and regions. And let's look at how you can organize your azure services logically by using resource groups.

Understanding Resource Groups

[Autogenerated] Now let's talk about resources and resource groups in azure resources, just a manageable item in Azure. So this includes things like virtual machines, storage accounts, Web, APS, databases, virtual networks, pretty much anything you can create as part of your application or solution. A resource group is a container that holds related resources. Resource groups contain a set of resources that share the same life cycle. In other words, you deploy update and delete them together. Of course, you can add and remove individual resources to and from resource groups as your solution evolves. But the general guidance is that if a resource needs to exist on a different deployment cycle, then it should be in another resource group. Each resource you provision can only exist in one resource group. You can move a resource to another resource group if you need to, but it won't exist in both resource groups. Resources in a resource group can communicate with resources in other resource groups. So, for example, you might have three different Web applications being maintained by three different teams, and each web APP is in its own individual resource group, along with other related resources. But they all share a common database. For whatever reason, that database could be in a completely different resource group, and those Web APS will still be able to use it. One of the main features of a resource group is that you can apply security controls to it for administrative actions so you can assign reader rolls to developers to be able to see what resources are in the resource group. But only administrators can make changes to the resource group. I mentioned that resource groups are meant to contain resources that are on the same deployment cycle, typically because they're part of the same solution when it comes to deployment. Resource groups allow you to leverage resource manager templates so you can deploy a set of resources using a Jason template. And you can also export a template from an existing resource group in order to deploy those resources in a repeatable way. This is great for moving a solution from a deaf environment into a production subscription. For example, I'll talk more about resource manager templates a little later in this module. When you create a resource group, you specify a region that it gets created in, but a resource group is just container. It's really just metadata about the resources that it contains, so the resource group can be created in a different region than the resources in the group. You can create a new resource group during the creation of most resources, like when you're in the process of creating a new virtual machine. In this case, the resource group will get created within the same region that you specify for the virtual machine. But you can also create the resource group by itself and then select it as the resource group to use when you're creating other resources. So next let's take a look at an existing resource group where I've already added some resources and then let's create a new resource group to be a container for other resources.

Creating a Resource Group Using the Azure Portal

[Autogenerated] Now let's look at an existing resource group in my azure subscription, and then we'll create a new one. I'm in the azure portal, which you can reach at portal dot after dot com. I'm logged in with my global administrator account. Also, let's look at the list of existing resource groups in this subscription. I have a shortcut created on the left menu, but let's search for them by going toe all services and typing in resource groups clicking That brings us to the list of resource groups that I've created. Each of these contains different resources, so this is a great way to organize resources within your subscription. You can add columns to this view also. And if you employ tagging on your resource groups, you could have a tag that shows the name of the project or the business group that owns it. Then you can filter the list using the information in these columns. When your organization has hundreds of resource groups containing thousands of resources, this is a really handy feature. Let's click on this resource group near the bottom that I created a little while ago. That brings us to the overview page. I'll hide the menu and hit F 11 to make this full screen. Okay, we've got a list of resources here. I've created a virtual machine in this resource group, and there are several other resources that got created along with the VM, like a storage account to store the desk and some networking components. If I click on any of these resources and brought to the overview page for the resource and we can just back up the breadcrumb menu at the top to return to the resource group at the top, you can add a new resource to this resource group, so we might want to add a database to the solution. Let's go back to the resource group, and you can choose to delete the resource group from here. This will delete all the resources inside the resource group to so remember, in the previous clip, I said, a resource group contains resources that follow the same deployment schedule. Let's cancel this, though, and you can move resources to another resource group or even to another azure subscription. You can select individual resources to move so you have options after you've added a resource to the resource group along the left menu are some of the same options you see in most resources within Azure. Because a resource group is also a resource in azure, there's the activity log where you can see what's been done to the resource. In this case, it shows all the resources that were deployed when I added a virtual machine to this resource group. There's the access control tab where we can assign roles to users in order to view and modify the resources in the resource group. There's a tab for maintaining tags on this resource. I mentioned adding tags to a resource group to define the project name and business owner. But you could also create tags related to business commitments like business criticality or data classification. Really, it's anything that makes sense for your I T operations. And you can leverage Asher policies to require that administrators add certain tags when creating a resource group or a policy that causes all resources in the resource group. To inherit a tag from this parent resource group as your policies air covered in the Security and Privacy concepts course in this path, you can view the deployments that have taken place within this resource group, and something that's relatively new is the integration with azure cost management. So you contract the costs of all the resources contained within this resource group, So the resource group is also a container for tracking costs. I just created these resources a few minutes ago, though, so there's no data here yet. The last thing I'll mention here is the ability to export a template that has a Jason representation of all the resources in this resource group. This allows you to create repeatable deployments using azure resource manager templates. I'll talk more about that a little later in this module. Now let's back out of this resource group and let's go back to the list of all resource groups in this subscription. Let's create a new resource group by clicking the add button. First, we need to give this resource group of name, and next we select a region. Remember, the resources themselves can be in different regions. This is just deciding where the metadata that defines this resource group is going to be stored. That may be important to you if you have data residency requirements for all the data you create, including metadata. I've selected the data center That's closest to me, and next we can assign tags to this resource group. But we'll just leave this for now, and let's go ahead and create this resource group. The new resource group has been added to the list. Let's open it up. It looks just like the resource group we examined earlier, but it has no resources attached to it. As we create new resources, we can choose to associate them with this new resource group. Next, let's talk about the underlying management layer that makes all this resource creation possible. It's called Azure Resource Manager.

Azure Resource Manager (ARM) and Management Tools

[Autogenerated] At this point, you've seen how to create a new resource in Azure using the azure portal. That resource was actually a resource group, but ultimately it's also just a resource in Azure. Now I want to talk about Azure Resource Manager, which goes by the acronym arm, and that's how you'll usually see it. Referred to in the Azure documentation arm is the deployment and management service for Azure and its central toe. All the creation, deletion and modification of resources that you do in azure When you're using the azure portal, you're really just using a website that sends requests to the arm. Endpoint arm handles authentication using azure active directory and authorizes that you can perform the action that you're attempting to perform. Armed then sends the request to the azure service that you're attempting to create or manipulate. That could be an APP service, a virtual machine, an azure sequel database, a machine learning workspace, anything in Asher. That's a resource, which is basically everything in azure. But what's really important about arm is that it's used by all the tools that you use to manage as your resources. The azure portal is the obvious tool You can also use power show to create and manage resources in Azure. It's actually done through a set of command. Let's that you install as the azure power Shell module, which lets power show authenticate to azure resource manager and request modifications to the different services in azure power. Shell works from a Windows Mac OS or Lennox computer, and it lets your rate scripts to automate a series of tasks. So it's a really powerful way to manage azure. There's also the Asher Command Line interface, or azure CLI. The azure sea ally is a set of commands used to create and manage azure resources, and it's also available for Windows, Mac OS and Lennox. You can download and install Power Shell or the azure cli onto your local workstation, But there's also something called the Cloud shell in the azure portal that lets you use the scripting tools right from within the browser. I'll show you that in the upcoming demo, there's also S T K's for different programming languages that allow you to call the Asher Resource Manager endpoint so you can build as your management into a custom solution. They're RST case for dot net Java, Python Go and ruby. They're really just in abstraction layer that makes calls to the rest endpoint exposed by the azure resource manager So you can actually call the Web services using any rest client it uses off 2.0 for authorization. So it's just a matter of getting a bearer token from Asher Active Directory. Since you've already seen how to create a resource using the azure portal, let's look at a different tool to interact with. Azure Resource Manager will use the Asher CLI next.

Using the Azure CLI to Manage Resources

[Autogenerated] Okay, let's see how to interact with azure Resource manager in a different way than using. The azure portal will use the azure command line interface. There are two ways you can use this tool to manage Asher. First, you can download it onto your local workstation. It's available for Windows, Mac and Lennox, and it's available through an installation file. I've already run the installer, though, so let's open up the Windows Command line interface. Unlike Power Shell, which has its own interface, the azure CLI integrates into the command prompt so we can check the version installed by typing a C and then two dashes and version. It says My Asher Seelye version is up to date, so let's connect to Azure now. In order to authenticate all the subsequent commands that we make against Azure resource manager. You do that with a Z log in a browser window, opens where you can log in, just like you would to the portal. Since I'm already signed into the portal with this administrator account, I'll just choose that now it says I'm logged in so I can return to the command prompt. It's showing my subscription information so that means I'm logged in now let's try some commands. First, let's list all the resource groups in the subscription using ese group list. The results come back in Jason format. Now let's look at the resources that are part of that resource group I showed you earlier, the one with the virtual machine AL type ese resource list than two dashes in the parameter resource group with the name of that resource group that gives us a list of resources. The storage account is the last one in the list. Let's grow up. At the top is the disc used by the virtual machine. Let's go back to the command, prompt and run that command again. But this time I'll add the parameter out with the value table. That gives us just a few of the properties from the list of resources, and we can customize the output further by adding this query parameter and using this syntax that specifies the columns we want returned so you can use these parameters to get as much or little information as you want about your azure resources. Okay, we could continue running commands here to create and modify resources in azure, but let me show you another way to use the Asher CLI that doesn't require installing it locally. I'll switch over to my browser and I'm logged into the azure portal. If I click on this icon at the top, it opens the azure cloud shell. This is a window inside the browser that lets you run commands using the azure CLI or as your power shell. Because I haven't used it with this subscription. I need to create a storage account to persist files, so I'll click this button to do that. Now the cloud shell opens at the top left. There's a drop down where you can choose the environment you want to use Power Shell is selected by default so we can run power shell commands or Asher CLI commands from this command prompt. Or you can switch to the Bash shell. If you're accustomed to using bash commands in Linux, across the top our _______ to restart the cloud shell, which you might need to do. If you have trouble connecting, you can upload and download files and open a file editor right inside the cloud shell. Let's run the same commanders before I'll type ese group list and I get the same results. I'll just make this window a little bigger. We can list the contents of that resource group again from here. Also. Same results. Okay, now let's create a new resource. I'm going to create an APP service Web App, which is a platform as a service offering for hosting a Web application. Before you can create the APP service, you need an APP service plan. An APP service plan defines the underlying infrastructure that the Web app runs on. It's how you choose the amount of processing power and storage, and it's also where the price is defined for the resources. So let's run ese app service plan create than the parameter resource group with the name of the empty resource group that we created earlier using the azure portal interface. Then I'll take the parameter name and give the SAP service plan a name, and finally, I'll choose the skew. This defines the size, price and features of the infrastructure that were provisioning. Okay, it looks like that was successful. Now let's create the APP service web app that will run on the APP service plan. In other words, this is the container. We can deploy a custom website, too. I'll run a Z Web app create and the Resource group name and the name of the APP service plan we just created and give this Web app name. This name needs to be unique across all of Azure, but you can add a custom domain name later if you've purchased one from a domain name registrar. Okay, it looks like that created successfully, so let's minimize the cloud shell and go to the list of resource groups in the azure portal. And let's open up the resource group that we just deployed. Two. There are two resources showing here, the APP service plan and the APP Service Web App. Let's click on the Web app even though we haven't deployed any website code yet. There's a test page that gets created by azure, so let's click this browse button at the top. That opens another tab where we can see the web App is running and in the address bar, the URL contains the name we gave it some fixed with azure websites dot net. So in just a couple of lines of code, we were able to create resources in azure by leveraging one of the management tools available, the Azure cli. Next, let's talk about a more repeatable way of deploying resources in Azure by using resource manager templates.

Infrastructure-as-Code Using Azure Resource Manager Templates

[Autogenerated] so far in this module you've seen a couple of ways you can deploy resources first using the azure portal and then by using commands with the Asher CLI. There's a certain amount of automation you can do in scripting. But many development teams are adopting agile methods with quick iterations, where they want to deploy rapidly and repeatedly and know that their infrastructure is in a reliable state. That's a big part of Dev Ops, where the traditional division between developers and I T operations rolls has disappeared. Teams are now managing infrastructure using code, so those definitions can be stored in code repositories alongside the source code. And they could be deployed in repeatable ways, sometimes using the same continuous integration. Continuous deployment process that's used to deploy Web applications and database code to implement infrastructure is code. Asher has azure resource manager templates, thes air files that are written using JavaScript object notation or Jason and the contents to find the infrastructure and configuration. For all the azure resources in your solution, it uses a declared of syntax, which means you state what you intend to deploy without having to write a series of programming commands to create the resources. Once you write the code in the template, you can deploy the template in a variety of ways. Later, in this course in the module on Dev, Ops Solutions and Azure, I'll be showing you Asher Pipelines, which is a part of a service called Asher Dev Ops. Using azure pipelines, you can deploy resource manager templates in an automated way. You can also deploy templates from within. Get Hub. It's also possible to deploy them using power show and the azure CLI, because both of those used the azure resource manager rest AP I. It's also possible to deploy resource manager templates directly using rest by uploading the files to the arm endpoint. And you can also deploy templates using features in the azure portal. So let's take a look at how to do that in a demo.

Exporting and Deploying Resource Manager Templates

[Autogenerated] resource manager Templates are really just text files, so you can write them in any text editor, including um, or assisted way using visual studio. But the easiest way to get started with understanding syntax is by exporting a template from an existing deployment. Let's open up the list of resource groups and drill into the one we've been using in this module. We've got to resources in this resource group, an APP service and an APP service plan. Now there's a couple of ways you can export a resource manager template for these resources. From right here on the overview page of the Resource Group, you can check any of the resources you want included in the template. I'll check both resources and then in the top menu, there's a button to export template. This opens up the template with the resources to find encode all of the properties of the two resources air defined here, and some parameters have been broken out to make it easy to modify the parts that need to change before he can deploy this template to another resource group. The name of the Web app is here at the top, and below that is the name of the APP service plan. The Web app name is included in the URL for the APP service, so that needs to be unique across Azure. Before I explain any more about this screen, let's close this and let's click on export template from the menu on the left. That brings us to the same screen just a different way to get here. I mentioned that Azure will break out the parameters that you want or need to change. You can turn that off if you like, so the generated template doesn't use parameters. Then you'll need to modify it yourself or script variables to write more complicated expressions. Let's turn parameters back on, though, and let's download this template. We get a ZIP file containing the template and the parameters file. Let's unzip this, and I'll double click on the template file by default. It opens in visual studio because I have that installed here on my workstation. Here, you can modify the template ad code for more resources, and you can treat this like any other code in your project by checking it into a source control repository like Get hub or azure develops repose than other team members can access it, too. There's a separate file generated for the parameters here, too. Now let's go back to the azure portal and let's see what else is available here. There's a feature in preview here. This feature allows you to add this template to a library in your subscription so you can reuse it in the future. All you need to do is give this template a name and a description and click save. I'll show you how to find this library and a little bit. There's also a deploy button here. Atop this allows you to deploy this template to another resource group. Let's create a new resource group. I'll just give it a name and I leave the default region. Now we need to change the values of these parameters. These air the Web app name in the APP service plan name. We'll be creating new instances of these resources when we deploy the template so the names need to be unique. We'll be deploying resources that have costs associated with um, and this functionality is tied to the azure marketplace. So the button at the bottom says Purchase, Let's click this. It says at the top that deployment is in progress once the deployment completes, the notification shows that the deployment was successful. Let's go over to the list of resource groups and let's open up the resource group. We just deployed the template to There are the resources with the names we gave them. In the template parameters, let's click on the APP service. That brings us to the overview page, where you can click browse to open up the default page for the Web app. Now the last thing I'll show you is the template we exported to the library in our subscription. If I go to all services and search for templates, I'll open this. And there's the template we exported to the library. If I click on that, it has some information about the publisher and the date last modified. We can edit the template from the top toolbar or just view the template from this link at the bottom. So that's how to use resource manager templates for repeatable deployments and how they can be used to store your resource definitions as code

Azure Service Health and Azure Monitor

[Autogenerated] Now let's look at two services that can help keep you informed about the health of your resources and Azure and the overall health of the Azure regions that you've deployed them. Thio As your service health is available in the portal, let's search for IT. On the home page, you get a global view of the health of Azure across all regions. This actually comes from a service in Azure called Azure status. You can see a breakdown on this page, but Azure service health shows this information rolled up right inside the portal service. Health in the portal scopes the affected services to just the ones that you use so you might not be impacted by an outage inthe e Azure front door service. For example, If you're not using that service, Azure service health will trim those notifications to just what matters to you. You can find out about planned maintenance in Azure that might affect you, so you may want to notify clients of an upcoming event or reschedule in application release. Health advisories are changes in Azure services that require your attention. For example, if features in a service that you use are being deprecate ID or you need to upgrade your web applications because of framework version in Azure app, service is being updated and security advisories are notifications or violations that may affect the availability of your Azure services. The resource health tab lets you scope to just certain resource types in your subscriptions so you can get a quick summary of the overall health and drill into Seymour. If there were issues here, there would also be information on actions that Microsoft is taking to fix the problems, and it would also identify things that you may be able to do to address them. You can see a history of the health of the resource if you need to do some historical troubleshooting, and you can add an alert from here. Also, let's back out and go to health alerts. You can create alerts from here to be notified when there are any changes to the service or the status of your resources. You can filter the alerts to just service issues or health advisories, security alerts or planned maintenance, and you can filter the services and regions that you want to be notified about. The alerts gets sent to an action group. Let's open this up and let's create a new action group. Let's look at the notification type. You could just have an email sent to the people in the Resource Manager role. Or you can set up a custom notification type for email text message. And there's an option here for Azure app. Push notifications. You could get notified through the Azure mobile app, which I'll be showing you in the next clip. Let's close out of all this. The next thing I want to show you is Azure monitor. Have a shortcut created in my menu so we don't need to goto all services. Azure monitor is a solution within Azure for collecting and analyzing telemetry from your Azure services. You can even configure it to monitor on premises resources, too. Azure monitor basically collects metrics all the time. From your Azure resources. You can drill down into specific resources, but as you can see, you can't select an entire resource group. This is detailed monitoring that applies to a single resources. Let's look at the storage account in this resource group. We get this chart with some criteria we can use to scope. The metrics returned this is going to be different for each type of resource. Virtual machines will have certain metrics that are different from storage accounts. You can scope down to a particular service and select a metric. Let's select transactions. You can choose different chart types, and you can add filters and apply splitting to the metrics to. You can also change the time frame that you want a view metrics for from this button at the top, and you can set up alerts so you can get really specific here about getting alerts when a threshold is passed on. A particular metric Azure monitor also includes a link to Log Analytics. Log Analytics isn't mentioned on the A Z 900 objectives. But just be aware that this is a service in Azure that you can send log data to from your various resources logs air events that occur within a system so they're typically not regular observations. They get generated based on something happening. Whereas metrics are numerical values that describe an aspect of the system at a particular point in time, I won't go any deeper into Log analytics here under insights these air metrics that are organized in a way that's easier to understand. Applications ties into another service and Azure called application insights. App insights Does deep monitoring of applications like web, app, apps and you can understand a lot about the internal workings of your application as well as external things like user traffic. I don't have app insights configured on any applications, so there's nothing to show here. You can monitor the running processes on virtual machines in your subscriptions, but you'll need to install an agent on the VM in order to do that. This supports Windows and Linux CSV PM's as well as VM scale sets. You can even monitor on premises virtual machines. I don't have any agents installed, so let's look at the network tab. This gives you insights into the health and availability of network resources you have deployed. So it's a roll up of just those resource types, and the storage account insights gives you a quick view of the health of your storage accounts, including things like whether or not they may be near capacity. These views air actually workbooks in Azure monitor, and you can create your own personalized views. If you like Azure monitor and log analytics are huge topics and I go into them a lot more deeply in my course on creating and configuring Microsoft Azure storage accounts. If you'd like to know more next, let's look at the Azure mobile app.

Azure Mobile App

[Autogenerated] Let's take a look at the azure mobile app. This is a tool that lets you monitor the health and status of your azure resources, quickly diagnose and fix issues, and you can even run commands using the cloud shell. You can download the app from the Apple Store and from Google play. I've already installed the app on my iPhone, so let's open it up. I'm logged in, and I've already chosen a subscription on the home page here. Any alerts would show right away. I don't have any. So let's scroll down and I have access to service health from here. Let's open that there's being no notifications, so that's good for Azur, but not great for the demo. You can create shortcuts to resources you frequently check on, but let's open up all resource groups. I'm going to open up a resource group where I know there's a storage account. At the bottom are the resources, so I'll drill into this storage account. I can see some metrics here that show me the health of the storage account and these air coming from azure monitor the resource health tells me that storage account is available. There's some information about the resource and that the bottom is access control. So I could give someone access to the storage account from here, which could be handy if you're out of the office and there's an issue or a new client needs to upload files. Let's back out of this and go back to the list of resource groups. Now we'll choose a resource group that has a virtual machine in it. I'll open up this virtual machine. You can see the metrics for this virtual machine, and it's actually stopped so you can start the VM from here at the bottom and you can even connect to the VM. This button will launch another app called Microsoft Remote Desktop. I don't have this installed on my phone, so let's go back to the Azure Mobile app and let's stop this VM actually, and will back out of here and let's go back to the home screen. At the bottom. You can open up the cloud shell at the top. You can choose between the Bash show and power show, and from here you can type in power Shell and Azure Seelye commands to manage your resources. Let's close this and the last thing I'll show you is that from this menu at the top left, you can manage your log in and even change directories from the list of the ones you have access to. So the azure mobile app provides an easy, secure way to manage your azure resources, even when you're out of the office and nowhere near a computer.

Azure Advisor for Optimizing Your Azure Resources

[Autogenerated] Microsoft refers to as your advisor as a personalized cloud consultant that helps you follow best practices to optimize your azure deployments. It's actually a great tool to provide recommendations on how to improve performance, availability and security of your azure resources, as well as recommending ways that you can save costs in azure. I know it seems hard to believe that a cloud vendor would want you to spend less money on their services. But as your advisor is actually set up to help you do that, the best way to discuss the features is to just explore the azure adviser interface. It's pretty straightforward, but also very powerful. Let's go to all services and search for advisor and click on here to open up the azure adviser consul, it says at the top, refreshing recommendations for as your advisor, these air personalized recommendations, meaning that Azure is looking at the resources that you have deployed, along with the telemetry that's been collected with regards to those resources. So it's not just providing a list of generic recommendations thes air things that apply to your specific deployments. Okay, the recommendations have been refreshed, so let's take a look at this dashboard. This provides a summary of the recommendations broken down by the five categories of cost. Security, reliability, operational excellence and performance. Notice that you can download all the recommendations in a pdf or see SV file so you can share the recommendations with other I T team members or with management. You can choose the azure services that you want included in the recommendations. You can also show the active recommendations or filter by the recommendations that you've chosen to postpone or dismiss. I'll show you how to postpone or dismiss recommendations shortly. Let's look at each of these categories individually. I don't have any cost recommendations, but what's great here is that I can click this link to see a list of cost recommendations. This opens up a page in the Microsoft documentation that tells you all the things that Azure adviser will be looking for to alert you on how you could be saving money. You might not have certain resources deployed yet that would be affected by these recommendations, but you can still read through these and get some tips on how you can save costs when you're designing your solutions. A big cost in Azure is the compute charges for running virtual machines. So one of the recommendations as your advisor will make is to alert you when you're V EMS are being underutilized. Then you might want to consolidate VMS or change the VM size one that matches the actual usage. There's even some ability to configure the threshold that triggers this recommendation. If you really want to get aggressive about watching utilization, there are some more recommendations here about specific services like my SQL servers, express road circuits and other networking and database resources. Let's go back to ask your advisor and let's look at the next category. So for security, I have 13 recommendations. Let's see what some of these are. There's a recommendation that Asher MF A. Should be enabled on accounts with owner permissions recommendations about the virtual machine I have created in my subscription, and I have a key vote created in one of my resource groups. So there's a recommendation related to that. But there's also a recommendation here with an icon that says, Quick fix. Let's take a look at that. So this recommendation is actually coming from Asher Security Center, which is another service in azure that as your advisor leverages, it says I should enable https on my APP services when you create a new APP service for hosting Web applications. The http and https endpoints are enabled by default. This is telling me that I haven't turned off the http Port 80 endpoint on these APP services. If we look under remediation steps, it says there's a quick fix that we can do below. But then there's also a more detailed manual remediation, Depending on the type of issue identified, Asher adviser may be able to make the configuration change for you if you give it permissions to. So let's do that. I'll scroll down to the list of affected resources, and I'll just select one of these APP services and I'll click remediate in the window That opens. I'll click Re Mediate One resource, it says in the notification at the top. That was successful, So that was easy. Let's go back to the list of security issues and let's click on another one. I'll choose this one related to the management ports of my virtual machine. There are remediation steps here also, and it says there's a quick fix, so let's select the affected resource and click on remediated. That opens up another blade where we conduce a manual configuration that configure just in time vm access to these VM ports. So in this case, there's a manual work that we need to dio. But as your advisor was able to bring us right to the place where we can perform the actions, let's go back up to ask your advisor and look at the reliability tab. This has to do with high availability of your resources. So there are recommendations, like enabling virtual machine replication, and there's a recommendation farther down that's cut off here that has to do with enabling soft elite on my storage accounts. Soft elite lets you recover blobs that have been accidentally deleted by a user. Let's keep going down the list here and look at operational excellence. There's only one recommendation here, and that's to create an Asher service Health Alert toe. Let us know if any of the azure regions that we've deployed resources to are experiencing any outages or service disruptions. I don't have any performance recommendations, but again, I can click on a link to view the criteria that as your advisor uses for those recommendations, and I could educate myself on some best practices. You can view all the recommendations from this tab. Let's actually open another one of these up because I want to show you that you don't have to keep seeing these recommendations if you don't want to, there might be a recommendation that you don't plan to address right now or ever, and you no longer want to see it. Keep coming up on the lists you can click on, postpone or dismiss if you choose to postpone you. Comptel as your advisor, how long to snooze this recommendation for all the way up to three months? And that removes the recommendation from the list. For now, let's go back up and let's look at this configuration tab. This lets you filter the resource groups that you want recommendations for. Maybe you have some deaf groups that you don't plan to implement best practices on so you can remove those from the list and stop seeing the recommendations for those along with the more important production deployments. You can set up a periodic summary of all your active recommendations here, and you can choose whether you want it sent via email SMS or in other ways, like through a Web hook. And finally, you can set up alerts. Let's create a new Asher adviser alert. We can create the alert for a specific resource group or for all groups. We can choose one of the five categories to monitor, and we can choose to only send alerts in one of the impact level categories. Like only alerts with a high impact level, you decide how you want to receive the alerts by configuring an action group. I just want to show you the action type drop down here. There are options here that can get triggered when an alert is fired. You could run an automation run book, call an azure function email or send a text message. Send the alert to an I. T. S M tool that you've configured with Azure Call a logic cap or a Web hook. Let's look at the email SMS option. There are options here to send to specific email addresses and phone numbers for SMS messages and even for voice notifications on your phone. So as your advisor isn't just a tool you should review proactively, it can help you respond when resources were found to be configured in a way that's not optimal. If you're allowing other administrators or developers to spin up resources in your subscription, this could be a powerful way to monitor those configurations. Okay, let's quickly review everything we've discussed in this module. First you learned about Asher data centers there, not some esoteric concept. They're just buildings all over the world that contained physical servers that run virtual servers that you can leverage. Then we talked about Asher regions and availability zones, and you got an understanding of how you can use those to design high availability and disaster recovery for your solutions. Next, we talked about resource groups, which are the logical containers that provide a boundary around the resources in your project, and you can use them to manage security and the deployment lifecycle for an application next to you learned about azure resource manager and the different tools that interact with it to allow you to create update and delete resources in azure, you saw how to use the azure cli to do just that. Then you learned about a really powerful way to define Asher resources in code which makes for repeatable deployments. Resource manager templates are a powerful feature of azure that helps with reliability and enable step ups infrastructure as code scenarios. Next, you learned about some services and azure for monitoring the health and availability of your resources, as well as the health of the azure regions that your resources air deployed to. And then you saw the azure mobile app, which provides you some management capabilities from mobile devices. And finally we talked about Azure adviser. The rest of this course is about the specific services in Azure that you'll use to develop solutions to business problems. But I wanted to put all this content upfront in order to give you confidence on how you can manage and deploy those resources in Azure. And hopefully by seeing how Azure Advisor can help you correct and optimize your deployments as you go, you'll have some confidence to jump right in and start using azure without feeling like you need to know everything about the cloud. Before you do that in the next module, we're going to get into the core products in azure thes air, the ones that you've likely heard off like virtual machines and software defined networking. They solve problems in a way that you're probably familiar with in your on premises deployments, but you're going to learn how you can do similar things using Asher specific services.

Exploring Azure Core Products

Understanding Azure Compute Options

[Autogenerated] this module and the next are about the core products in azure thes air products that accomplished fundamental tasks like hosting applications, databases and storage. We're going to discuss azure, compute and networking products in this module and then discuss database and storage options in the next module. Let's start with an overview of the compute options in Azure Azure Compute is a set of services that provide on demand. Computing power Compute isn't really a service in itself. It's just kind of a logical grouping of several services in azure related to running application workloads. The first service is virtual machines, which is an infrastructure as a service offering that gives you full control over the V EMS. Next, there's containers, which are virtualized environments for running applications. But instead of having their own operating systems like the EMS, containers are more lightweight and allow you to just bundle the libraries and components needed to run the application. Asher APP Service is another core product that falls under compute, and it's a platform as a service offering, meaning that you can host web applications in a way that doesn't require you to manage the underlying infrastructure. APP service also allows hosting a P I, APS and Mobile APS. And even though there are dedicated services in Azure for running containers, you can also use azure APP service, the host Windows and Lennox containers, and the last product within this grouping that we call Azure Compute is actually another grouping called server Lis Computing Server Lis computing is a way to build applications without managing any underlying infrastructure. The main products in this grouping our azure functions, which allow you to run small blocks of code as your logic gaps, which allow you to configure work flows in the cloud. And as your event cred, which lets you build applications that respond to events, will go a lot deeper into all these products. In the demo, the various products and services that make up Asher compute can be spun up relatively easily, and depending on which service you choose, you may be ableto only pay for the computing power that you use and be able to either avoid being charged when your code is sitting idle, like in the case of azure functions, or realize cost savings by turning off the infrastructure when you're not using it, like in the case of virtual machines. Depending on which option you go with, You can minimize the need to manage the infrastructure, which offloads a lot of effort and expertise and frees up resources to focus on other tasks. And you can scale out a lot easier in the cloud, sometimes automatically, depending on the service. The point is that compute in Azure gives you options that you just don't have on premises not only in terms of cost savings but in terms of ease of development, deployment and hosting. So in this module, we're going to start by looking at each of the compute options individually, starting with virtual machines. Then we'll discuss containers, azure app service and then products that fall under the category of server lis Compute. Next, you'll learn about the core networking products in azure like virtual networks and load balancers, and finally will discuss the Asher Content Delivery network for speeding up the delivery of files and Web pages. Two locations around the world Let's get started with core products by looking at azure virtual machines

Virtual Machines in Azure

[Autogenerated] azure virtual machines are infrastructure as a service offering in Azure. That means that you get full control over the V EMS, including the operating system, just like you would with on premises servers. So you can install any software you want on the V EMS and configure them however you want, so you get the flexibility of virtual ization without having to buy and maintain the physical hardware that the virtual machines run on. The downside is that you have to maintain the VM image, including doing the operating system patching that's required. There are three big decisions you need to make when creating a new virtual machine the type of image you want to use, which determines the operating system. And any software that might come pre installed the size of the virtual machine, meaning the amount of RAM and number of processors, among other things. And you can also choose the options you want a leverage for high availability. Let's jump into the portal and explore VM features there. Let's go to create a resource, and the azure marketplace opens. The azure marketplace is the online store that offers applications and services either created by Microsoft or from technology partners. This is where you create instances of core azure products as well as third party products that have been certified for azure. Here you can see some examples of the different categories we talked about in the overview. There's Virtual Machines. The Coup Bernetti service for hosting containers. Web APP is azure app. Service and function. App is for serverless computing. Let's choose the virtual machine. First, I'll choose the resource Group. I'll actually create a new resource group for this V M. Of course, you can put many V EMS in a single resource group along with other azure resources related to your project. Then I'll give this PM a name. I'll just leave the region and we'll skip over availability options. For now, let's look at the image. There are some basic images here for Windows Server 2019 2016 and 2012 are, too, as well as a Windows 10 professional image. Then there are images for various Lennox distributions, and there's even an image with Oracle Database server installed running on Lenox. If I close this, there's a link for even Mawr image choices. The azure marketplace offers pre configured images with a variety of software already installed. You can filter the choices by category, but let's search for a few. You can do a general search on the images available for Windows Server 2019 and there are server images here with file zilla installed so you can set up a sftp server right away. And there's an image here containing WordPress pre configured on a VM. Let's search for Sequel Server 2019. There are a bunch of pre configured Windows server images here that already have sequel server installed. You'll see in the next module that there's a platform as a service offering called Azure Sequel that could host your database without the need to manage of'em. But if you intend to run sequel server on a virtual machine, you don't have to install it yourself on a base. VM. You can get up and running relatively quickly using one of these images. There are images with non Microsoft products to like our G, I s server and Citrix Nets Keylor. You can also create an image pre configured with developer tools like visual studio on various Windows operating systems. So if you have MSD and licenses, you can spin up in environment for new developers pretty easily using these images. You can even upload your own images to Azure and use those to create new VM instances. Okay, let's close out of this and go back to the VM creation screen. Let's just choose a Windows Server 2019 image, and the next big decision you need to make is the size of the image to provision. This decides how many processors are allocated to the VM and how much RAM it will come with. Those are the most basic specs. There's actually more involved than just that. In the drop down, there are some recommended sizes, along with their monthly cost, but let's click this select size link that brings up a list with more options. These air organized by codes for the VM size. If you look these up in the documentation, it gives you a lot more information on the actual types of processors, thes V, EMS use and typical use cases for the different classes of V EMS. Some are general Purpose V EMS for hosting production websites, and some have more beef, your specs to handle things like analytics and video rendering. If you click, see all sizes. You can see the list gets pretty huge. Let's try filtering the list on medium sized PM's. If I scroll down some of these V M zehr organized into different families like memory optimized PM's or compute optimized PM's. Depending on the type of workload you plan to host, you can select the VM type that's best suited. Let's close this and let's just select a standard sized BM. This would be fine for running Web applications. Now there's a drop down here for availability options. There's three options here. No redundancy required Availability zone and availability set. We talked about availability zones in the previous module and how they're physically separate data centers that are available in some regions around the world. So you can choose here to create your VM in an isolated data center and later create another VM in the same region but in a different availability zone so you can get fault tolerance. But you'll need to create a load balance or yourself to put in front of the V EMS and direct the traffic to the different availability zones. If that's the goal of your design, choosing the availability set option requires creating an availability set or choosing an existing one on availability. Set is a grouping that you can assign V EMs to, and what it does is ensure that those V EMS are organized within a single data center to reduce the potential for an outage. But we're still just creating a single VM here. We just have the option to add it to an availability set, which could contain another VM that's already been created. Let's jump back to the slides and talk about another option for high availability. If you want to create multiple VMS at once and have load balancing configured for you, you can create a virtual machine scale set. This is a group of V EMS, all with the same configuration, and the number of the EMS can be configured to increase or decrease in response, to load or on a schedule. You could also spread the VM Zod across fault domains and update domains. And again, the load balancing is all handled for you. In this case, there's no additional charge for the functionality of scale sets. You just pay for the underlying compute resources like the V EMS load balancer and the disk storage used by the PM's so you can see that scale sets are a feature of azure compute that builds on the core virtual machine offering. Now there's another product in Azure that leverages azure V EMS. It's not part of the A Z 900 outline, but I'll just mention it here briefly as your batch allows you to create a pool of virtual machines to do large scale, high performance computing jobs in parallel. As your batch can create and manage a pool of virtual machines, it can install applications on them and run compute intensive jobs like image and video rendering risk modeling E T. L operations or software test execution. Before we leave this clip on V EMS. Let's talk about a few more features of azure virtual machines. I mentioned already that you have total control over the operating system with virtual machines and the ability to install any custom software you want. You'll see when we look at other compute products like APP service and server lis computing that this isn't always an option. Virtual machines air easy to create, and you also have the ability to shut them down if you're not using them. You can do that manually or on a schedule. So if you're using VMS for development, you could save costs by shutting them down at night. The EMS allow you to extend your on premises data center out into azure and create a hybrid environment with fail over to the cloud if you choose using virtual machines. And Asher also allows you to leverage existing skills that your administrators already have. And there's even the possibility of migrating on premises v ems to the cloud in a lift and shift type of migration. Azure offers tools like azure site recovery to help you do just that and azure migrate to help you assess the compatibility of on premises V, EMS and databases for moving to the cloud. When you create a virtual machine, there are other resources that get created. We'll talk about some of these networking components later in the module, like the virtual network that a virtual machine needs to run on. There's also the disk that the VM runs on, and it gets stored in an azure storage account. Thes resources all have costs associated with him. So just be aware that when we saw the cost earlier While choosing the VM size. That's just for the compute charges. There are actually additional costs for all the other resources and estimating the total cost of running virtual machines relies on an understanding of all these components. Let's open up this VM from within the interface. You can attach additional disks to the VM. You can change the size of the VM. You can enable auto shutdown and you can configure backup. Remember, you're managing all the infrastructure here yourself, so that includes backing up the VM discs. There are also some additional tools to help with troubleshooting VM problems like boot diagnostics. And you can even redeploy the VM to a new underlying host in Azure. And you have the ability to remote into the virtual machine. For Lennox, you can use Ssh and for Windows. We can download an Rdp file from here, so I'll open that up and I need to enter credentials. If your VM is joined to a domain, you could enter domain credentials here. But this VM is brand new, so I'll just log in with the local administrator account that I set up when I created the VM that opens up a remote session to the virtual machine where he can manage the server, including setting up any rules that the server will use.

Container Options in Azure

[Autogenerated] Now let's talk about containers in azure containers air away to wrap up an application into its own isolated package. It's four server based applications and services, so Web Apsara Typical example. When an APP is deployed using a container, everything the application needs to run successfully is included in the container, like run times and library dependencies. This makes it easy to move the container around from your local workstation to V EMS in your on premises environment that have the container runtime installed or to a managed container hosting service in azure like azure container instances or the azure Kubernetes service. The main characteristic of a container is that it makes the environment the same across different deployments because the container comes with all it needs. So containers reduce problems with deploying applications. Let's talk about how containers air different from virtual machines. Virtual machines run on some sort of infrastructure, whether it's your laptop or it's a physical server in a data center in Azure, there's a host operating system that might be Windows Lennox or Mac OS. Then we have a hyper visor layer, and this is what runs the virtual machine and provides resources to it from the host operating system. Hyper V is Microsoft's hyper visor technology, but there are others like the M wear and K V M. And then there's the virtual machine. The virtual machine contains a full copy of an operating system, and it virtualized is the underlying hardware, meaning the CPU memory and storage. It also contains the application that you want to run. If you want true isolation of your applications, you'll have a copy of a VM for each application that you deploy and that GM will need to have all the run times and libraries installed that the application needs. If you want to run three applications in isolation, then you'd be running three virtual machines on this hardware, each with a guest operating system that might be 800 megabytes in size, and each PM would require a certain amount of CPU and memory allocated to it. Because again, virtual machines virtualized the hardware containers, on the other hand, virtualized the operating system. The host could be a physical or virtual server, and on top of the operating system, there's a runtime which, as will discuss shortly, is a process for a technology called Docker This is kind of like the hyper visor for virtual machines, but it's four containers, and on top of the runtime are the containers, which just contain the application, along with any dependencies for that application, like frameworks and libraries for connecting with storage. For example, these air the same types of things you would normally installing a VM to run your application. The containers emulate the underlying operating system rather than emulating the underlying hardware. This makes containers smaller in size than a virtual machine and quicker to spin up because you're only waiting for the APP to launch, not the operating system. Because containers air so late. Wait. You can host more containers on the host PM or physical server than using traditional virtual machines for each application. So there's obvious cost savings associated with that. A container is an instance of a container image. An image is a read only template with instructions on how to create the container, and the container is the run. A ble instance of the image. You can create your own container images by leveraging existing images and adding the frameworks, any dependencies and finally, the code for your application. Then you can deploy the container in a repeatable way. Across environments, container images get stored in a container registry. The Container registry is a service that stores and distributes container images. Docker Hub is a public container registry on the Web that serves as a general catalogue of images. Azure offers a similar service called Asher Container Registry, which provides users with direct control of their images integrated authentication with azure, E D and many other features that come along with its azure integration. A docker container is a standard that describes the format of containers and provides a runtime for docker containers. Docker is an open source project that automates the deployment of containers that can run in the cloud or on premises. Docker is also a company that promotes and evolves the technology, and they work in collaboration with cloud vendors. Like Microsoft. Doctor has a runtime process that you can install on any workstation or VM, and there are services and azure that provide that run time for you. So now let's talk about the different ways you can host containers. You can set up a local environment by installing the docker run time. Then you can develop your app locally and package up all its dependencies into the container image that you want to deploy. You could also host a container on premises on your own hardware or virtual servers by installing the doctor runtime there. You might want to do this as you prepare to move to the cloud. Or you might need to deploy on premises. If you're still tied to on premises authentication systems like active Directory, you can deploy containers on your own V, EMS and Azur. If you just need a small dev environment or you're not ready yet to move into container specific services, you can still package your application into containers and deploy those under VMS that you control. Of course, you'll need to maintain and patch those V EMS, but it can at least get you started with some of the benefits that containers offer in terms of deployment and agility. If you want an environment in azure that you can deploy containers to without needing to maintain or patch that environment than Asher Container Instances or a C, I is a service that provides that a C. I is intended for smaller applications like simple Web APS or Dev test scenarios and small scale batch processing with a C I. You only have a single container instance per container image so you won't get high availability, and you have limited scalability. But there are still benefits in comparison to deploying containers to VMS that you host because you get a managed environment with a C I where you only pay for the containers. And it makes deploying containers relatively easy. For more complex architectures involving containers, where you want more control around deploying and managing the health and performance of containers that make up your application, you can move to Asher Kubernetes Service or a ks. Kubernetes is also an open source project, and it's one tool in a class of tools called container orchestrators. You could also host containers and azure APP service, and I'll talk about that a little later in the module. Let's talk a little more about the Azure kubernetes service. It's a container management system that runs in the cloud, and it can scale your application to meet demands by adding and removing container instances, as well as monitoring the deployed containers and fixing any issues that might occur. Let's just quickly go over a little kubernetes terminology. Pods are a group of one or more containers with shared storage and network resources. Kubernetes runs your pods on nodes, which in a ks are virtual machines. If a pod crashes, a ks can create a new instance. If a note has issues, a ks can move the workloads to a different note. When you create an A K s instance, you choose the size of the EMS and the number of the EMS or nodes to run your containers on. You can also choose to use VM scale sets for automating scale out. You can connect your A K s cluster within Azure Container registry to pull your container images and build containers from those images. And a K S integrates with azure monitor in order to monitor the performance in health of your cluster. So Asher Kubernetes service pulls together many other azure services to provide a robust way of hosting your container based solutions so containers can help you reduce costs and improve agility by simplifying processes and reducing friction when your release and ship in application. Let's look at two of the main services and azure for hosting containers, azure container instances and azure kubernetes service

Containers Demo: ACI and AKS

[Autogenerated] Now let's look at two of the main services in Azure for hosting containers. First we'll look a Asher Container Instances and then azure goober Netease service. Let's search for container instances and click to create a new instance. I'll click create, and on the screen that opens, I'll choose an existing resource group to create this resource in. We're creating a single container here, so I'll give the container a name and leave the default region. Next. We need to choose the container image that the container will get created from. The default option is to choose a quick start image, which is what will actually be doing. You can also choose your own image. You could upload that image to the Azure Container registry, or he could get the image from Docker Hub or another registry on the Web. Within Dr Hub, there's a public registry with general images available, or you can have your own private registry with your images, in which case you'll need to provide authentication credentials. But let's just use a quick start image for the demo. Here at the bottom, you can change the size of the underlying infrastructure that your container will run on. If you think your app will require more resources, let's leave the defaults, though. On the networking tab, you can create a default public endpoint for the container. Instance, which will make it accessible from the Internet, where you can attach the container instance to a virtual network and azure so it can communicate with other resources on that network. Let's leave public now. We need to give the container a DNS label. This will be the prefix that's used in the URL to the no Js Web page that's running on the sample container. Notice the full You Earl is Suffolk. Sit with the region name, then azure container dot io. On the advanced tab, you can add some environment variables that the container can use. Let's just skip ahead and create the container. Once it's created, we can go ahead and navigate to the container. Instance. Page were brought to the overview tab. Let's just go down to containers in the menu. There's the container instance we provisioned and it says it's running. Let's go back to the overview page and copy the fully qualified domain name to this container. I'll open up another browser tab and paste this in. This is the page that's getting created by no Js on the container, so we're able to access the public endpoint over the Internet. Back in the portal, there are a few features of container instances that I want to show you, like the logs that are generated on the container. And there's also some monitoring that's generated with azure monitor. Let's contrast this with the Azure Kubernetes service. I've created a kubernetes cluster already, and there's a lot more available here in terms of configuration and management. There's networking information here because I had to choose a network during creation. And if we go to node pools, I have three notes running on DS two sized virtual machines. We can manage the Kubernetes version from here, and there's a tab for scaling the cluster to manage the number of underlying virtual machines. There's some control over networking features, integration with local development environments, configuration options for deploying containers from Asher repose and get up. And you can apply Asher policies to your cluster for security. And then there's some deep monitoring with insights and metrics. I won't go into a ks more than that, but you can see that it has many more management features thin azure container instances, but both are good options for hosting containers in azure, depending on your requirements. Another option for hosting containers is using azure APP service. Let's take a look at APP service next.

Azure App Service

[Autogenerated] Now let's talk about azure APP service. I mentioned that you can use APP service to host containers, but it's also the platform as a service offering for hosting code directly, meaning APP service is more like traditional Web hosting, where the frameworks are already installed on the servers like DOT net PHP or Java, and you deploy your code onto those servers. The difference with traditional Web hosting is that Asher App service handles the management and patching of the underlying servers for you, but you still have lots of configuration options. Azure APP service can host Web applications. It can also host a P I apse, which are Web services that use the rest protocol. And it can host the back end code for mobile applications, which are really just Web services. Anyways, you can deploy containers to azure app service to, but you don't have to. And there's also a feature of APP service called Web jobs that lets you run services on the underlying V ems of the APP service. Web jobs can run continuously or run on a schedule. Web jobs can run as execute herbal files, or they can run a scripts like power shell or bash scripts. So if you're running Windows services on your on premises Web servers now and wonder how you can do that in azure Web jobs offer that kind of functionality. There are other services and azure to accomplish these types of tasks to, and we'll look at some of them in the Serverless computing clip. But Web jobs give you a traditional way to do it. App Service started out as a service called azure websites, and when you create a new APP service, the default Earl is still Suffolk's, with azure websites dot net. It's evolved since then, but it's still fundamentally a platform, offering to make deploying and hosting websites easy. And yes, you can use your own custom domain name with APP service. This is just the default girl that gets first created, so in APP service is basically an individual website or an A P I Web service or mobile back end that you host. They're all really the same thing. Just code that's posted on a Web server before you can create an APP service, though, you need an APP service plan. The APP service plan defines the size of the underlying infrastructure, which are actually just virtual machines in azure. But you don't have to patch or maintain those v EMS, and you have limited access to them. You can run more than one app service on a single APP service plan. When you create an APP service plan, you choose the size of the VMS, meaning the CPU RAM and storage by selecting the plan type, also known as the pricing tier. Depending on the pricing tier, you also have access to different features of APP. Service plan. Let's take a quick look at the documentation to see what features are available if we scroll down a bit. First of all, you see that you can choose the underlying operating system for all the virtual machines that are running in the APP service plan. You can also choose the region that those V M zehr created in. Then you can see the different plans or tears that are available. On the left is the column for the features and limits that come with the free tier. You can Onley host 10 APP services on this tier, and things like custom domains and auto scaling are not included. Auto scaling means that you can configure the APP service. Plan to add VMS when there's increased load on your website from a lot of traffic. APP service will then remove those v EMS when traffic is lighter, which saves you money. You don't have to enable auto scaling, but you have a lot of control over configuring it, either based on demand or on a schedule. The number of instances you can scale up to is defined here. You can see that auto scaling isn't available until you get into the paid plans. The number of APP services. You can host increases, as does the amount of disk space available for hosting the files associated with your Web app or a P I up. This chart doesn't show all the features of APP service, so let's go into an actual APP service that have already created on the overview page. The URL for the actual website that's been deployed is displayed here, and we could copy and paste that into a new browser tab. But there's also this browse button that will take us to the site that's been deployed to this APP service. You can see the URL contains azure websites dot net because I haven't added a custom domain in DNS yet. I didn't design this great looking website, by the way. This was used for a course that I did on optimizing and deploying Web sites, which is part of the PATH building websites, with HTML, CSS and JavaScript back on the overview page, there's some telemetry being connected that shows the amount of data coming in and out of the site, as well as the number of requests and the average page response time. You can get a lot more metrics than this from Azure APP service, and you can also integrate with something called application insights to get deep monitoring of the usage of your APP service. Now notice that the top it says my APP services being hosted on a free tier APP service plan, so the features available to me are limited. Let's change that by going down to the scale up tab that allows you to change the underlying app service plan so you can start small and scale up as you need more features. I'll go with standard plan and click apply. Once you're on a tear that supports scaling out, you can add instances of the EMS to the underlying plan, either manually or using auto scaling. And there's the ability to configure various parameters for that. You can add custom domain names here, either ones you've purchased through an external domain name provider, or you can buy domain names right here within the interface. If you're pricing tier supports it. You can also upload SSL certificates for your custom domain from this tab. Azure APP service includes built in authentication so you can configure your APP service to have users authenticate with Azure active directory or with other third party authentication providers like Facebook, Google and Twitter. So you don't have to build a whole authentication subsystem into your app. You can just leverage whats offered by azure APP service. Let's take a look at the configuration tab. You can add application settings in connection strings here, just like you would normally put in a config file that gets deployed with your application. Setting them here will actually override any CONFIG files that you deploy, which is great for ADM ends. There are also general platform settings that let you choose the runtime stack for your APP service as well as configuring things like session affinity in case you need sticky sessions for state fel applications that need to user to return to the same underlying Web server each time. You could also set the default document for a site. So you've got the ability in the portal here to do a lot of the things that you can do when you host a Web server yourself. A couple more things here. Deployment slots let you have different deployments of the website like for development and production. And then you can swap the deployment slots when you want to promote the APP from Dev to production so you don't need to provisioned another app service just to have a testing environment. The deployment center here helps you with the different ways that you can deploy code toe app service like from Azure Dev ops and get hub, but also from one drive and over FTP. The networking tab lets you set up integration with a virtual network as well as being able to configure APP service to work with the Azure Content Delivery Network, which will talk about later in this module. Even though APP services a platform as a service offering where the underlying infrastructure is managed for you, you can still see server logs and even get a console window to the underlying the EMS. There's also this website that comes along with every APP service. It's called the Coup Do Portal, and it shows you things like all the environment variables affecting your website. You can get the log files and a console window. From here, you can view the running processes on the Web server, and there's even a window here where you can drag and drop in a zip file containing your website files in order to deploy them. AP services Really amazing and I'm only touching on the features here. I've got to entire courses in the plural site library on managing APP services and APP service plans. If you want to know more before we leave APP service, let's see how we can host containers on APP service to. I'll go back to all app services and let's create a new one. If I scroll down, we have the choice to publish code, which is what you've seen, or you can publish a docker container and you can publish containers onto Lennox or windows infrastructure. If I go to the next tab, the image source can be one of the quick starts if you're just learning. Or you can get a container image from the Azure Container Registry, Docker Hub or another private registry. So APP services a really flexible way to host a variety of application types, and it takes away the administrative burden from you while still providing a lot of flexibility. Next, let's look at the last category of compute options, which is serverless computing.

Serverless Compute in Azure

[Autogenerated] server list. Computing is about letting developers focus on the code and business logic they're developing and not on the underlying infrastructure you've seen already how app service and the services for containers can abstract away the underlying infrastructure. To a certain extent, those services could be called serverless computing, but it usually refers to a few other services in Azure. Those services are Asher Functions, Azure Logic, APS and Asher Event Grid. You can use these products individually, or combine them together to create a larger solution. Let's look at each technology individually as your functions allow you to run small pieces of code that you write yourself. Functions are initiated by triggers, and there are built in triggers. You can leverage to cause your code to run, or you can run the code based on a timer event. I'll show you examples of those triggers in a demo shortly after functions Air code that you write So these air targeted at developers you can write functions in C sharp, Java, JavaScript, python and even in power shell Azure Logic caps allow you to design work flows right in the azure portal so you don't need to write code with logic APS, but you can call azure functions from logic APS if you need to, and vice versa. Actually, logic caps are initiated from triggers. Also like functions. But logic APS have a huge library of connectors toe everything from SharePoint and Asher storage to Zendesk and S A P. And you can kick off a logic cap by calling its http endpoint or on a timer, which is also true for function. APS Event grid helps you build apse with event based architectures, resources and azure. Ray's events, like one of the M, is created or scaled up and down, or a key in azure key vault expires. Blobs or modified or a device is created in azure Iot. T event Creed connects data sources and event handlers. This lets you create subscriptions to events and create automation. This graphic on the Microsoft Documentation page is a great overview. It shows you the different services and Asher that can raise events, and the handlers that can react to those events through event grid notice that Asher functions and logic caps are two of the event handlers. And at the bottom of the event source, there's one here called custom events. You can publish events from your own applications, so event tub is perfect for publish, subscribe type architectures, you can use any combination of azure functions, logic caps and event cred to create some pretty complex applications, all without having to manage any underlying infrastructure. Let's take a look at an example of integrating logic, APS and azure functions. I've created a resource group with a function app and a logic app. Let's look at the function app first, a function app is a container for functions so you can store more than one function here as long as they all use the same runtime stack, which defines the coding language. Let's add a new function and take a look at the triggers that are available. There's an http trigger, so the function has an end point, and you can trigger the function by calling the endpoint from another application. We're going to be calling a function from a logic app. Using this trigger, there's a timer trigger so the function can run on a set schedule. There are triggers for azure que storage and blob storage service, bus Cosmos DB event hub, Io T hub and the scent grid email service. So there's a lot of built in triggers here, but I've already created a function. So let's take a look. Let's look at the code and test tab. There's a default function body, and I've added some code. This code will accept data in the incoming http request, and then the code strips out any HTML tags and returns to cleanse to text. This is actually from an example in the Microsoft documentation. We're going to be having a logic app, washing email, account for emails with attachments, then cleanse the body of the email using this function. And then the logic cap is going to create blobs in an azure storage account and store the email and attachments there. This function is just one part of the entire application, and like I said, this is right from the Microsoft docks if you want to build this yourself. Besides the code file, there's a Jason file that defines some of the connections, including the trigger, which is an http trigger. Let's change this back and on the integration tab, we can add connections to other azure services so we could add an output connection that could connect a blob storage event hubs send grid or cosmos TV. This lets you set up the connection details so you can then call the connection in code separating out configuration from code. Let's go back to the code and let's click. Test run. This is where you contest the code out with some test inputs and make sure it works. I've got some code in the body that has HTML tags in it. If I click, run the results, have the tags removed. Okay, good. Let's close all this and go back to the resource group and let's open up the logic app. Let's look at the designer. I've added actions here and we can expand each of them. There's an action that watches an email account in outlook dot com, and I've configured that connection and provided the log in information. The subject, Filter parameter, is looking for any emails with the word resume in the subject line. So this could be for an HR client that wants to automatically process incoming resumes when an email comes in. There's a condition here that checks to see if the email has an attachment. Then there's another condition. This is a true or false condition so you can build logic into your workflow based on the results of previous tasks. If there's an attachment, this is where I've added an action that calls the function app and passes in the body of the email. The function APP will return the email body with the tags stripped out. You can open the azure function from here and modify settings after it's being connected, and you can add parameters to send to the function. The next task will create a blob in a blob storage account that I've configured and the blood will contain. The email body and the blob will be given the name of the from field. In the email, I've configured a blob storage account to store a new blob. Then there's the for each loop. So for each attachment in the email, this task will run to create a blob for that attachment. Now you might be wondering about these field values. This is dynamic data that's coming from the data in the workflow. When you click on a field, you get access to all the variables in this current workflow. Because of the logic, Cap is working on an email. There are properties here for the email values and the attachments. Let's close this and we could add more actions from these links. There are literally hundreds of connectors in logic APS, the all sorts of different services inside and outside of Azure. We could send an email or even connect to another enterprise system. Okay, let's go back to the overview pidge. And at the bottom is the run history. I've already run this several times, as you can see, but let's trigger this by sending an email to the email account that's being monitored. And that's this outlook dot com account. I'll send an email for my Gmail account. I'll make sure I put the word resume in the subject line because the logic cap is filtering emails based on that. Then I'll add some text to the body, and this actually has a lot of HTML underneath as you'll see in a minute and I'll add an attachment from my local computer. Okay, I'll send this and pop over to my outlook dot com account, and there's the email with the attachment. Let's go back to the logic app, and I will refresh the run history, and it shows a new run that succeeded. Let's click on this now. This is really cool. You can go through each of the steps in the run and see the inputs and outputs. If there was a problem with the workflow execution, this is great for debugging in the email that arrived. The raw data is here. Then, in the call to the azure function, you can see the email body that was sent, which contains a whole lot of HTML tags. And at the bottom is the text that was returned from the function without the HTML tags. Then there's information about the blobs that were created and sent to azure blob storage. Let's go over to azure blob storage, and this is the blob storage container that I created. Let's open this up and there are two blobs, the one that's named after the email center, which contains the body of the email and the email attachment that was copied here as a new blob. So that's an example of server lis compute in Asher. It's a really powerful way to build work flows in azure without having to write a lot of code, if any

Core Networking Products in Azure

[Autogenerated] Azure has a number of products for networking that allow you to create secure networks for your virtual machines and other azure resources so those resources can communicate with each other and with the Internet. Of course, the underlying physical networking components are managed by Microsoft, and you configure everything you need in the azure portal or through the other tools we looked at in the earlier module. All this makes it very easy to create and modify network configurations. An azure virtual network is the fundamental building block in your private network. Avi Net enables many types of azure resources to communicate. A virtual network has an address space that you define an azure, which is a group of I P addresses that could be assigned to resources like virtual machines. Don't worry about the notation here. This is called cider notation, and it's just a way of defining a group of I P addresses that could be allocated to resources. A V Net is segmented into one or more sub networks called sub nets, which are allocated a portion of the V Nets I P. Address space. Then you deploy azure resources to a specific sub net. AVM is assigned to a sub NET and V EMS can communicate with other V EMS on the same network. Virtual machines air deployed into virtual networks. But you can also deploy other azure resources into a V net. You can deploy networking components like Azure Firewall Application, Gateway and VPN Gateway, and I'll talk about those shortly. Data related resources like Red is Cash and Azure. Sequel managed instances can be deployed to Avi Net, and you can even configure APP services toe. Have a private I ___ on your veena, which enables private connections. Toe app services, which have traditionally Onley been available over the Internet by default resources assigned toe. One virtual network cannot communicate with the resources in another virtual network, so there's some inherent security controls built in. But you can enable that communication between virtual networks using a feature called V Net appearing, you can enable Vinet peering between virtual networks in the same region as well as between V nets and different azure regions, and the traffic will flow privately through Microsoft's backbone network. Virtual machines on a V net can communicate out to the Internet by default, but in order for inbound communication to take place from the Internet. The virtual machines need to be assigned a public I p address. A public I. P address is a separate resource in Azure, with its own configuration settings apart from the virtual machine itself. And it gets assigned to azure resources like virtual machines in order to distribute traffic between virtual machines. For high availability, you can create a load balancer. There are public load balancers in Azure, which load balance Internet traffic to your VM. And there are also internal or private load balancers where traffic is coming from inside the network. So you might be load balancing the virtual machines that make up a business tear in an anterior application architecture, or that internal traffic could be coming from on premises networks. In a hybrid scenario, I'll talk more about that scenario shortly. A public load balancer can provide inbound connections to the EMS for traffic coming from the Internet. It can translate the public i p address to the private I P addresses of the PM's inside the Veena. It's a high performance solution that can handle a lot of traffic, but it's just a load balancing and port forwarding engine it doesn't interact with the traffic coming in. It just checks the health of the back end. Resources and roads. Incoming traffic Based on i p address in port. When you're exposing resources to the Internet, particularly servers on your internal virtual network, you want more control over that traffic. That's where Azure application Gateway can offer more features and security for publishing applications to the Internet application. Gateway is a Web traffic load balancer that exposes a public i p to the Internet, and it can do things like SSL termination. So traffic between the client and the APP Gateway is encrypted. But then the traffic between APP, Gateway and the back end virtual machines can flow unencrypted, which one burdens the PM's from costly encryption and decryption overhead. AP Gateway supports auto scaling so it can scale up and down depending on traffic load patterns. It supports session affinity for applications that require a user to return to the same Web server after they've started a session. It could do rewriting of http headers and can make routing decisions based on more than just the I P address in port that are requested. It can look at things like host headers or part of the path in the URL and app. Gateway also uses a service called Web Application Firewall, which protects your Web applications from common exploits and vulnerabilities like sequel injection attacks and cross site scripting. So Application Gateway is a lot more than just a load balancer. Now let's talk about connecting your Asher V nuts to your on premises network, so the resources in both networks can communicate with each other. This is known as having a hybrid network also referred to as the hybrid cloud. You can create a secure connection between your on premises network and Avi Net in azure in order to send encrypted traffic over the Internet. This makes the resources on your azure veena available toe on premises resources in a secure way. You may want to put your Web servers in azure, but they need to securely connect toe on premises systems to retrieve data or even directly to an on premises database where you might want to be able to leverage virtual machines in azure for fail over. If on premises servers were to fail for some reason, you create this connection by creating a virtual network gateway. The gateway is created on a virtual machine or machines that are deployed to their own sub net within your V. Net. A VPN gateway is one type of virtual network gateway, and it's the one that's mentioned in the A Z 900 objectives. The other type of gateway is an express road, Gateway Express wrote. Uses a private connection between your on premises data center and your azure Vina, and you have to set that up through a service provider. You can set up a VPN gateway yourself, but you'll need an approved VPN device on premises in order to set up what's called a site to site VPN. Vendors like Cisco Checkpoint F five and Juniper have approved products for this purpose, but you can check the azure docks for the complete list. You can also create a point to cite VPN from a single computer to an azure veena. A point to say VPN connection isn't intended to be used by all your clients, though it's more for a few clients like administrators who need a secure connection toe as your resources. Now let's briefly talk about security, but I won't spend a lot of time on this because this is all covered in the course in this path on security and privacy concepts. But I just want to leave you with some confidence that you can secure all of your resources. You control inbound and outbound communication to V EMS. Using network security groups or NSG s. You can attach a network security group to a sub net to protect access to and from all the resources on the subject. SGS contained security rules that allow or deny inbound network traffic to the resource or outbound network traffic from the resources that the N S U protects. SGS essentially act as firewalls but pretty simple ones. There's also a product in Azure called Azure firewall, which provides a more robust set of features. Okay, let's take a quick look at some of these networking resources in the azure portal.

Exploring Core Networking Products in the Azure Portal

[Autogenerated] Now let's see some of these networking resources in action. I have a resource group here that I lump it up. I'll just make this full screen. There's a V net here, a network security group, an application gateway and two V. EMS, along with the discs required by the V EMS, the storage account to store those disks and the network interfaces that associate VMS with the Veena. I've set up the Web server, roll on both of these V EMS and installed a Web page, then load balanced thumb using the application Gateway. I'll show you the results at the end of the demo. Let's look at the Vienna. At first, let's click on address space. This is the range of I P addresses that I set up for this peanut when I created it. Within that address space. I've broken it down into sub nets. There's a sub net for the V EMS, a sub net for the application gateway in a management sub net where we could put a jump PM for administration, for example. I haven't done that, though. The Veena it has a tab for DNS servers. You can use the default azure provided DNS server if you want, and this will give you access to the PM's in the network, as well as enabling those VMS to access the Internet. If you're setting up a set of the EMS where one of them is intended to be a domain controller, you want to use the custom option and type the I P of your domain controller VM. You'll also need to add the eyepiece for the azure DNS servers in order to reach the Internet from those v EMS. There's a tab here for Pierre ings, and this is how you can connect peanuts together so the resources can communicate. I won't get into this, but you can see there's some configuration that could be done with regards to peering. Okay, let's close this Vina and let's look at the network security group. All I want to show you here is that traffic from the Internet is only allowed to be EMS for RTP pork 3389 And that's just because I needed it to remote into one of the VMS. Traffic within the peanuts is allowed, and traffic is allowed from the azure load balancer to any of the PM's so we can't access the Web servers on the PM's from the Internet directly. Okay, next, let's look at the network interface for one of the V. EMS. The network interface only has a private I P address, and that's been attached to the V M sub net on the Veena. Okay, now let's open up the application Gateway. The first thing is that there's a front end public I p address. Let's click on that again. This is a separate resource that's been attached to the application Gateway. You could attach a public I P address directly to a virtual machine to on the configuration tab. You can see I've assigned a DNS name label, so we don't have to take the I. P address to reach the end point on the Internet. We can just use this girl application. Gateway has a static I p address, though, so you could always set up your own custom domain to point to it at Gateway lets you scale of the number of app Gateway servers to handle load either manually or using auto scaling. Depending on the price interior Jews, you could enable the Web application firewall features that I mentioned in the overview. I've already configured the back end pool. Let's take a look. I've added the two virtual machines to the back end pool. Actually, their network interfaces to be specific, but I could add more servers from here. There's a lot more configuration you can do with Application Gateway, but that's enough for now. Let's open up a new browser tab and let's paste in the URL that I copied to the clipboard, which is the address of the application gateways public endpoint on the Internet. This is a simple Web page that I added to the I s servers on the B m's. And if I hit F five to refresh the page, you can see that the APP Gateway is load balancing the traffic between the two, the EMS and serving up a different version of the page. So that's a quick tour of some of the core networking features. An azure

Windows Virtual Desktop

[Autogenerated] Windows Virtual Desktop is a desktop and app virtual ization service. In Azure, you can provide full desktops to users or direct access to an app running on a virtual machine. If you've used to remote desktop services within your enterprise, you're already familiar with this concept, and if you've had to set it up, you know how complex that could be. This service and Azure provides a way to give users a similar experience and more, and it's also a fully managed solution in the cloud. So administration is made easier for you. There's full native support for Windows, Mac, IOS and Android clients, as well as HTML five support, so you can access remote desktops and APS from any browser, so you don't have to worry about the type of device that the user is using to connect. In the past, if you wanted to provide client operating system PM's to users and remote desktop services, you had to have a single VM for each user to have multiple people use the same VM and conserve resources. You needed to use a server operating system. But Windows Virtual Desktop supports Windows 10 multi session, which means you don't have to over provision VMS. You gonna let users share the resources of a single VM? There's also something called host pools that can allocate users two sets of the EMS. Depending on criteria that you set up, you can choose any size VM and Azure and choose the number of total users that will have virtualized desktops so you can vary this depending on the types of workloads you plan to have. A Nen gin Earing group might require VMS with heavier processing power, but HR users might require VMS with lighter specs. You can scale the VM up and down so you only pay for what you use, just like with regular virtual machines. And you can use pre built VM images and Azure from the Azure marketplace, or bring your own pre built custom images. Users on a multi session environment still have a unique, secure experience, and they can use all their APS like office 3 65. Each user's data and files are persisted on a separate disc that gets attached when the user logs in so it feels like they're working on their local computer. You can leverage one drive for storing user files and you can leverage Azure file shares to provide enterprise file shares with data stored in the cloud. We'll talk about Azure file shares in the next module, and you'll also learn about the capabilities to sync files from on premises to the cloud To Azure. Aid provides a secure, consistent sign on experience that also allows users to Rome from device to device. And you can also leverage Azure multi factor authentication for another layer of security. Besides server operating systems like server 2019 2016 and 2012 are-two and modern client operating systems like Windows 10 Enterprise, you can also provisioned Windows seven Enterprise Virtual Desktops If you have APS that require that specific operating system, Windows seven virtual desktops include free extended security updates to If you're looking to virtualized your desktops in the cloud or you want to migrate and existing RDS infrastructure from on premises into the cloud, then you should definitely check out Windows Virtual Desktop in Azure for flexible managed solution

Azure Content Delivery Network (CDN)

[Autogenerated] cashing is the process of storing data locally so that it can be provided more quickly when it's requested again in the future. A content delivery network is a distributed network of servers all around the world that store cached data in order to minimize the latent seed by providing the data to a user from the closest source as well is offloading traffic from the source Web or storage servers where the data originates, The data is typically static data like images, fonts, videos, HTML pages, client side scripts, style sheets and really any kind of static data like a word document or a pdf with azure cdn. It's also possible to speed up the delivery of dynamic data using a feature called Dynamic Site Acceleration, which I'll talk about in a little bit. Azure Cdn can connect to several back end sources in order to cash their data in edge locations around the world. The server that Azure Cdn connects to in order to retrieve the content to be cashed is called the Origin server. Azure Cdn can connect to a number of azure services. It can cash Web pages, CSS and JavaScript files from APP services. It can cache files stored in azure blob storage. And there are optimization is available with azure cdn for certain file types, like streaming media files and very large files. Azure Cdn connects natively to other azure services to retrieve content, but it's also possible to cash data from any publicly accessible Web server using azure cdn. The Cdn servers that cash the content that's retrieved from the origin server and provided to users are called edge servers. The Edge servers air located in what are called point of presence locations. And those locations are grouped into cdn regions, which aren't the same regions that you're accustomed to choosing when creating things like an APP service. An example of a point of presence. Location is Santiago, Chile, which is in the South America Cdn region. There are a lot more point of presence locations than there are azure data centers, and Microsoft not only manages their own Cdn locations but has also partnered with Verizon and aka My to deliver more locations, and each provider has features that are unique to it. Now let's talk about how Azure Cdn works. A request for a webpage comes to an azure cdn endpoint which is your domain dot azure edge dot net, or you could configure a custom domain name on the endpoint. Azure cdn will route the request to the edge server that's geographically closest to the user. If no edge servers have the files in their cash, the Edge Server retreats the files from the origin server, which in this case is the APP service. The Edge server cashes the files and returns them to the user who requested them. The files remain on the edge server until the timeto live for the file expires. As long as the file hasn't expired on the edge server, meaning it hasn't outlasted it's time to live. It keeps getting served to users from the edge server, the default timeto livas seven days. But you can configure that or manually purged the data from the Cdn servers. If you know something has changed, then the next time the files air needed by the Cdn, they'll be refreshed from the origin server. Azure cdn is made up of profiles and endpoints. A Cdn endpoint is essentially a you earl that provides access to content and represents a specific configuration of content, delivery, behavior and access you can configure the cashing behavior on an endpoint. For example, by default, the host name of an endpoint is Suffolk. Sit with azure edge dot net, but you can configure a custom domain name for a cdn endpoint. A Cdn profile is a collection of endpoints, and Asher Cdn is priced at the profile level. It's kind of like APP service how you choose an APP service plan, which dictates the price. And then you can host multiple app services on the plan. There are a few different pricing tiers with azure cdn, and some of them involve the providers that Microsoft has partnered with. There's another interesting feature in azure cdn that I want to tell you about. Many Web applications serve up a lot of dynamic data in response to some user behavior. Obviously, you can't cash this type of content because it's always changing. But there are ways to speed up the delivery of this content by using a feature of Asher Cdn called Dynamic site Acceleration. Now you're probably wondering how it's possible to speed up the delivery of dynamic content. I won't go into too much technical detail here, but at a high level here are some of the ways that it works, Wrote optimization works by finding the fastest wrote from the edge servers to the origin servers. The Internet is a dynamic place where traffic and outages are constantly changing the best possible roads from A to B. Azure cdn compares various paths and does health checks to avoid Internet congestion points and long routes with TCP optimization, Azure Cdn can check the band with between edge servers and make some decisions so higher data packet transfers are possible and persistent connections can be created. Object pre fetch is a technique for by the Edge server, Parsons that requested HTML and serves the embedded images and scripts at the same time without object. Pre fetch the HTML is downloaded to the browser and then the embedded files. Air requested. And finally, adaptive image compression monitors network quality and uses JPEG compression methods so users can receive smaller sized images when network speeds are lower. This is especially helpful for mobile devices. If you'd like to know more about dynamic site acceleration, I've got a whole module on azure cdn in my course managing Microsoft Azure app service plan. And if you'd like to know more about configuring azure cdn toe work with azure storage. Please check out my course configuring and using Microsoft Azure Blob storage. Okay, let's quickly review what we learned in this module. First, I discussed the computer options available in Azure. Then we looked at each of them individually, starting with virtual machines. Next were the options and azure for hosting containers for compute. After that, we looked at Asher APP service for hosting Web, APS and AP eyes. And then you learned about some of the technologies that fall under server lis computing. Like azure functions, logic caps an event grid. Then we discussed Networking and Azure and some of the major core products involved. You saw a demo of Application Gateway being used to load balance to virtual machines on an azure V net. And then you learned about Azure Virtual desktop for managing virtual desktop PM's in the Cloud. And finally, in this clip, you learned about Asher Cdn in the next module. We're going to continue our look at core products in Azure, with a focus on services for storing and managing data

Data Storage in Azure

Understanding Data Storage in Azure

[Autogenerated] modern applications require data to be available quickly and stored securely and accessible from all over the world, And users expect to be able to access, share and update their data from different devices at any time. Organizations air creating more data than ever, so storing data in the cloud requires addressing new problems in a flexible way as well. A solving old problems in new ways Azure provides a variety of cloud storage services for different types of data that allows you to choose the storage service that's best optimized for your data and to include several strategies in the same solution if needed. But common to all the storage solutions and azure are important benefits like automated backup and recovery replication across the world to protect your data against unplanned events and failures, encryption capabilities and built in security through things like integration with azure Active directory for authentication and as your storage solutions also offer developer packages, libraries and well documented AP eyes that can make data accessible to a variety of application types and platforms. Data usually falls into one of three general categories. Structured data is data that adheres to a schema, typically data stored in a database with rows and columns. It's usually referred to as relational data. Asher lets you host databases on virtual machines just like you would on premises where you're responsible for managing and patching the database product. But it also has managed offerings which provide convenience and scalability For sequel server. There's Azure Sequel database, and there's also as your database for my SQL and as your database for Post Grad School, which are all managed. Platform is a service offerings. Unstructured data is data that doesn't adhere to a schema and is typically data stored in different file formats. Pdf documents, JPEG images, video files Jason files that sort of thing for that data. Azure Storage provides highly scalable solutions with azure blob storage and as your file storage file, storage can be attached to virtual machines similar to on premises file shares. But both types of storage also offer rest AP eyes, so data can be securely accessed over the Internet. Azure storage also stores large files like disk images and sequel databases, and there are services within azure storage optimized for different file types. Semi structured data doesn't fit neatly into tables, rows and columns. It's often called no SQL or non relational data, and it typically uses tags or keys that organized the data and provide a hierarchy For this type of data, Azure offers Cosmos DB, which is a globally distributed service to store data that's constantly being updated by users around the world. Being able to provision these different types of storage solutions quickly and in a cost effective way helps you respond to business change without the need to procure and manage the costly storage, media and networking components required to connect it all together. This makes data storage very strong. Value proposition for moving to azure in this module will start by looking at the products and services in Azure for managing structure data. Then we'll discuss semi structured data with azure cosmos DB. Next, you'll learn about the different services that fall under azure storage. For managing unstructured data, including disk storage, you'll get a tour of some of the features of azure blob storage, which is a service within azure storage accounts, and I'll show you a cost effective way to store data that's access to less often using the blob storage archived here. And finally we'll talk about how you can transfer data toe azure from your on premises storage, including a look at the Azure database Migration Service. Let's get started with looking at database solutions in Azure.

Managed Database Products in Azure

[Autogenerated] Azure offers managed solutions for storing structure data in relational databases. Let's start by talking about Microsoft's own Relational Database Management System sequel server. There are three offerings for sequel server and Azure that make up the sequel server. Family of Products. You can host sequel server on virtual machines, which gives you full control over the product with all the features you're accustomed to when hosting sequel server in your own on Premises Data Center. But you can also provisional virtual machine with sequel server already installed by using the azure marketplace VM images as you saw in the previous module, and you can take advantage of pay as you go pricing so you don't have the costly upfront licensing fees. You even have the ability to configure a maintenance window for some automated patching, and you can configure backups using a managed backup service in Azure. Then there's a fully managed platform as a service version of Sequel Server available in the cloud called Azure Sequel Database. Most database management functions air handled for you like upgrading, patching backups and monitoring. Azure sequel database is always running the latest stable version of sequel server with high availability guarantees In fact, the newest capabilities of sequel server are released first toe Azure sequel database before being available in sequel server itself. There's also a flexible pricing model based on either the number of virtual course or using a unit of measurement called DT Use, which stands for database transaction units and is made up of a combination of CPU memory and data throughput has Your sequel. Database also has flexible deployment options. You can provision a single isolated database or what's called an elastic pool, which is a collection of databases with a shared set of resources. Elastic pools allow you to provisioned multiple databases with unpredictable usage patterns on the same underlying infrastructure so they can share resources efficiently. This helps prevent you from over provisioning resources based on peak usage or under provisioning. To save costs. You can get the best of both worlds with elastic pools. With single database, you can still harness the elasticity of the cloud by scaling database resources up and down when needed. There are different service tears available to like the general purpose standard here for common workloads. The business critical premium tier for applications with high transaction rates and the hyper scale tear for very large transactional databases with the ability to auto scale storage. Now running sequel server on a virtual machine gives you all the access to all the features of the product. So there are some limitations to using Azure sequel database. There are some built in functions that aren't available. The common language runtime isn't available in Azure Sequel database and some other features that I won't spend too much time on here. The majority of core features are available, though, in Asher Sequel Database. But if you're migrating from on premises and you have some specific requirements, you can verify compatibility with Azure sequel database by checking the Microsoft docks. If you have compatibility concerns. There's also a third offering in the sequel Server Family and Asher called Asher Sequel managed instance. It combines the broadest set of sequel server capabilities with the benefits of a fully managed platform. It allows you to deploy a managed to B M with sequel server onto your own virtual network. Some organizations have security concerns about deploying databases onto a managed public cloud platform, so sequel server managed instance lets you lift and shift your on premises data bases to the cloud with minimal changes and into an isolated environment with the network and controls you saw in the previous module. But you also get the advantages of automatic patching and version updates, automated backups and high availability. So those are some of the options for using sequel server in Asher. But there are other database options available in Azure. Using the azure marketplace, you can provisional variety of virtual machines with various relational database management systems preinstalled. But of course, you'll be managing those servers and databases yourself in terms of fully managed platform. As a service offerings Asher offers as your database for my sequel and as your database for post _____ Que El using the my sequel offering, you can develop applications, leveraging the open source tools and platforms of your choice. The service runs the my sequel community addition and offers pay as you go pricing to deliver features like high availability, dynamic scaling encryption for data at rest and in transit, automatic patching of the underlying hardware OS and database, automatic backup and point in time or store for up to 35 days. If you're already invested in developing applications for my sequel as your database for my sequel offers a powerful solution for hosting your databases. Azure offers another managed version of an open source database product with Azure database for Post Kresk. You well Post Rescue L is sometimes referred to as an object relational database because of its support for user defined objects and complex data structures. Its long supported geometric data types and has a variety of extensions available for things like G. I s Support with Azure database for Post _____ Que. Well, you get a managed version of the database in the cloud with similar characteristics of the other managed database offerings, like high availability, scaling back up in restore and pay as you go pricing. The Azure service comes in two categories. Single server deployment and an offering called hyper scale site. ISS. Hyper Scale paralyzes incoming sequel queries across multiple machines for faster responses on large data sets, so it provides greater scale and performance for data sets that are upwards of 100 gigabytes in size. Next, let's take a quick look at one of the managed database offerings in the Azure portal as your sequel database

Exploring Azure SQL Database

[Autogenerated] I'm in a resource group where have created an azure sequel database. Instance. Even though this is a managed platform as a service offering, there is an underlying database server created. Microsoft will maintain the server for you, but there's still some configuration you can do on the server, and I'll show you that in a minute. First, let's open up the database. If I scroll down under settings, you can get the connection string here for development against the database, and this syntax for different drivers is on the tabs at the top. You can manage geo replication of the database from here, which allows you to create a readable secondary database in another azure region. And this is a disaster recovery feature you can leverage. There's another feature here that allows you to synchronize data between this Azure sequel database and any other sequel endpoint, whether its on premises or in another azure region. This keeps data synchronized and improves response times for your application. He can also turn on auditing to track database events and understand database activity. There's also a feature here called dynamic data masking, which limits sensitive data exposure by masking it to non privileged users. Let's go to the overview tab and copied the server name. We're going to use this to connect remotely to the database from sequel Management studio. But before we do that, we have to enable my local I P address to access the sequel server. Let's close this and open up the sequel server and I'll go down to firewalls and virtual networks down here. There's a list of I P rules, and it says connections from the eyepiece specified below provides access to all the databases in this sequel server. I'll still need to authenticate, but this lets me white list my local VM for access to Azure. So I'll just click on Add client I p at the top because it's already picked up the I p of my computer. I'll just save this. Something else I want to mention is that you can check here to allow azure services and resources to access the server by default, as your sequel comes with a lot of security enabled. But you can relax that toe, let services like a Web app in azure APP service connected this database, the APP will still need to authenticate, but this is a different layer of security. While we're here in the server, I'll just show you that you can configure transparent data encryption. You turn this on and off at the database level, but at the database server level, you can choose whether to use a Microsoft managed key for encryption or use a customer managed key that you create and store in azure Key Vault Key vault is covered in the Security course in this path, so let's close out of this and I'll just hit F 11 toe exit full screen in the browser. I have sequel management, studio installed and running on my local machine. This is a free download for Microsoft that lets you manage sequel server databases remotely. I'll create a new connection and paste in the URL to the database endpoint that I copied in the portal. And now I need to authenticate. You can configure as your sequel teas identities stored in azure active directory, and you can sink those identities from your on premises Active directory to. But I set up a sequel, authentication, user name and password when I created the database. So I'll just use that for this demo. Okay, I was able to connect successfully. And if I expand the database, I have a table that I created here already. You can design the database schema from here and manipulate the data. So this is the way developers normally develop against sequel server. I just want to show you one more thing here If I go back into the portal and into the database again. There's this feature in preview called Query Editor. Log in again using my sequel Authentication Password, and we've got this interface here where we can do some of the same things as in Sequel Management studio. Sometimes you just need to run a quick sequel query to check some data, and this gives you an easy way to do that. Okay, next, let's talk about a different kind of database. Cosmos db

Azure Cosmos DB for Semi-structured Data

[Autogenerated] I mentioned in the overview that one of the benefits of data storage and Asher is that you have access to services that are specifically tailored to different requirements. It's not a one size fits all approach where everything needs to get stuffed into a relational database. A great example are the use cases for semi structured data and the solutions that Cosmos TV offers. Azure Cosmos TV is a globally distributed multimodal database, and we'll talk about what that means shortly. Cosmos TB Confused in a wide range of applications in use cases, it's a good choice for any surveillance application that needs millisecond response times and needs to scale rapidly and globally. Let's talk about some of the use cases for a solution like Cosmos DB. These aren't the only use cases, of course, but these are good examples of how futures could be. Leveraged retail applications need to store catalog data and create events for processing orders. The attributes that need to be queried in catalog data can vary and change over time. For example, there may be common attributes for all parts in a parts catalog, but each part can also have its own attributes in a relational database. There would be lots of joints and redundancy to create a common schema. But Cosmos DB supports a flexible schema and hierarchical data, which makes it perfect for this type of application. Cosmos DB is used as the back end for gaming applications like Halo five. In fact, Microsoft uses Cosmos DB two power, many of its mission critical services like Skype, Xbox Office 3 65 Azure and many others. The performance of a worldwide distributed database allows for millions of simultaneous updates and millisecond reads to support gameplay. Social media applications require the storing inquiry ing of user generated content that's accessible by Web and mobile platforms. Block posts, ratings, comments and tweets are often a blend of free form text, properties, tags and relationships that aren't bound by a rigid schema. These data items can be stored in Cosmos DB without requiring transformations or the complex object to relational mapping normally required with a traditional database. For APS that integrate with third party social networks, they may need to respond to changing schemers from these networks that the application can't control, which makes this a flexible solution. All of these applications may need to run at global scale and can have unpredictable usage patterns. Cosmos DB enables you to elastic lee and independently scale throughput and storage across any number of azure regions worldwide. It replicates your data around the world so users can interact with the data that's closest to them. You can add or remove azure regions from your account at any time with a few button clicks. Besides the performance offered by proximity to users, Cosmos TV is also backed by SSD storage with low latency response times and because of the databases, may be distributed around the world. Cosmos TV offers a few options on how to ensure those databases remain consistent when data is updated. I'll talk more about that in the demo. Besides the performance and scalability features, there's ease of use for developers because Cosmos DB supports several popular open source software. AP Eyes for working with your data, you can use the sequel, a P I for Korean Cosmos TV. But there's also support for popular AP Eyes like Cassandra Mongo, DB Gremlin and also the A P I for azure Table storage is supported. You'll learn later in this module that azure storage has a service called Table Storage that allows you to create a no sequel database within the same storage account is your blob file and Q storage that table storage is limited to the region's. You configure, though, so if you need to migrate to a more robust worldwide service like Cosmos DB, you could do so using the same familiar AP I. But these AP eyes actually support different types of data models. These technologies encompass document databases, key value data basis, graph databases and call him family databases. So this just highlights that Cosmos TV is really flexible and isn't a one size fits all solution. Let's look at some of the features of Cosmos DB in the azure portal. I have a resource group open here, and I've already created a Cosmos db using the default sequel AP I. Let's open up this database. The first thing I'll show you is the Data Explorer. You can create and manage data right from within here. I've already created a container here called items and some objects over here. Looking at the different items, you can see that they have different properties, but I've added this one property category teach so I can index. Based on that, you can run queries right here from within Data Explorer, which could be helpful during development and across the top. You can also create new queries, create stored procedures, user defined functions and triggers. These capabilities will differ depending on the A P I model you chose when setting up the database. You can also create new databases and containers right from within here. Let's scroll down the menu of it. There's the possibility to configure Cosmos DB toe work with another azure service for analytics called Azure Synapse Link. This feature basically formats a version of your data that's optimized for use in analytic queries so it could be leveraged for machine learning and Big Data Analytics I mentioned earlier you can configure a consistency model. There are basically two extremes when designing a solution where distributed data will be reconciled after its updated. Their strong consistency where users guaranteed to see the last update no matter which database