6. Upgrade
• complexity made simple
• master template can be used to rollout upgrades
• imperative APIs, Client tools support to update the
resources
Manageability, Auditing
• operations can be tracked upto 90 days
• management Locks to lock down resources from deletion
7. Wide range of Quickstart Templates
Github Repo
Indexed on Azure.com
Community & Microsoft contributed
Integration of IaaS with Azure Services
24. BUILT-IN ROLE ACTIONS NOT ACTIONS
Owner (allow all actions) *
Contributor (allow all actions except writing
or deleting role assignments)
* Microsoft.Authorization/*/Write,
Microsoft.Authorization/*/Delete
Reader (allow all read actions) */Read
37.
Name element Examples
Environment or deployment role dev, stg, prd
Azure location usw (West US), use (East US 2)
Azure component, service, or product rg for resource group, vnet for virtual network, vm for virtual machine
Role sql, ora, sp, iis
Instance 01, 02, 03, etc.
43. An Azure virtual network (VNet) is a representation of your own network
in the cloud. It is a logical isolation of the Azure cloud dedicated to your
subscription. You can fully control the IP address blocks, DNS settings,
security policies, and route tables within this network. You can also further
segment your VNet into subnets and launch Azure IaaS virtual machines
(VMs) and/or Cloud services (PaaS role instances). Additionally you can
connect the virtual network to your on-premises network using one of the
connectivity options available in Azure
44.
45. Virtual Network Benefits;
Isolation. VNets are completely isolated from one another. That allows you to create disjoint
networks for development, testing, and production that use the same CIDR address blocks.
Access to the public Internet. All IaaS VMs and PaaS role instances in a VNet can access the
public Internet by default. You can control access by using Network Security Groups (NSGs).
Access to VMs within the VNet. PaaS role instances and IaaS VMs can be launched in the
same virtual network and they can connect to each other using private IP addresses even if
they are in different subnets without the need to configure a gateway or use public IP
addresses.
Name resolution. Azure provides internal name resolution for IaaS VMs and PaaS role
instances deployed in your VNet. You can also deploy your own DNS servers and configure the
VNet to use them.
Security. Traffic entering and exiting the virtual machines and PaaS role instances in a VNet can
be controlled using Network Security groups.
Connectivity. VNets can be connected to each other, and even to your on-premises datacenter,
by using a site-to-site VPN connection, or ExpressRoute connection.
49. Blob storage stores file data. A blob can be any type of text or binary data, such as a document, media file, or application installer.
Table storage stores structured datasets. Table storage is a NoSQL key-attribute data store, which allows for rapid development and
fast access to large quantities of data.
Queue storage provides reliable messaging for workflow processing and for communication between components of cloud
services.
File storage offers shared storage for legacy applications using the standard SMB 2.1 protocol. Azure virtual machines and cloud
services can share file data across application components via mounted shares, and on-premise applications can access file data in
a share via the File service REST AP
52. Standard Storage Capacity Planning
IOPS Per Disk
300 for Basic Tier
500 for Standard Tier (60 Mbps)
IOPS Per Storage Account: 20,000
Supports up to 40 data disks using maximum IOPS per disk
Group disks into striped sets to for more IOPS
• Example: 4-disk X 500 IOPS = 2000 IOPS
53. Azure Premium Storage
Consistent low latency SSD based with predictable IO throughput
Suitable for high-performance IO-intensive database workloads
Single digit milliseconds latencies
Supports up to 1 TB blob/disk size
Stripe up to 32 disks for a total of 32TB and more than 80,000 IOPS
Premium Storage Disks work in with DS and GS sizes
Disk Types P10 P20 P30
Disk Size 128 GB 512 GB 1024 GB
IOPS per Disk 500 2300 5000
Throughput per Disk 100 MB/sec 150 MB/sec 200 MB/sec
54. Azure Storage Capacity Planning
Standard Storage
300 IOPs per Disk with Basic Tier and Standard Storage
500 IOPs per Disk with Standard Tier and Standard Storage
Up to 20,000 IOPs per Azure Storage Account (Standard) ~40 disks
Premium Storage
Up to 5000 IOPs per disk with Standard Tier and Premium Storage
Up to 32 disks per Premium Storage Account
Note: On DS and GS instances you can mix standard and premium storage disks
55. #storageaccount
$stName = “workshopbin123"
$locName = "West Europe"
$rgName = “Azureworkshop“
$storageAcc = New-AzureRmStorageAccount -ResourceGroupName $rgName -Name
$stName -Type "Standard_GRS" -Location $locName
Note:
Storage account names must be between 3 and 24 characters in
length and may contain numbers and lowercase letters only.
Your storage account name must be unique within Azure. The Azure
Portal will indicate if the storage account name you select is already
in use
56. Storage account endpoints
Every object that you store in Azure Storage has a unique URL address. The
storage account name forms the subdomain of that address. The combination
of subdomain and domain name, which is specific to each service, forms an
endpoint for your storage account.
For example, if your storage account is named mystorageaccount, then the
default endpoints for your storage account are:
Blob service: http://mystorageaccount.blob.core.windows.net
Table service: http://mystorageaccount.table.core.windows.net
Queue service: http://mystorageaccount.queue.core.windows.net
File service: http://mystorageaccount.file.core.windows.net
57.
58.
59. New-AzureStorageContainer -Context $StorageContext -Permission Container -Name media
-- Off, which restricts access to only the storage
account owner.
-- Blob, which provides read access to blob data
within a container through anonymous request, but
does not provide access to container data. Clients
cannot enumerate blobs within the container via
anonymous request.
-- Container, which provides full read access to a
container and its blobs. Clients can enumerate
blobs within the container through anonymous
request, but cannot enumerate containers within
the storage account.
64. Azure availability set
Fault Domains
Represent groups of resources anticipated to fail
together i.e. Same rack, same server
Fabric spreads instances across min 2 fault domains
Update Domains
Groups of resources that will be updated together
Host OS updates honour service update domains
Specified in service definition
Default of 5 (up to 20)
Availability Sets
VMs in separate Fault Domains
SLA 99.95 | HW SW | Windows & Linux
65. Virtual Machine
C:
OS Disk
E:, F:, etc.
Data Disks
D:
Temporary Disk
Dynamic VHDLocal Disk Cache
Azure
Blobs
On shared local disk
• Performance can be variable
• Contents can be lost
Azure
Blobs
78. Network security group (NSG) contains a list of Access Control List (ACL) rules
that allow or deny network traffic to your VM instances in a Virtual Network.
NSGs can be associated with either subnets or individual VM instances within
that subnet. When a NSG is associated with a subnet, the ACL rules apply to
all the VM instances in that subnet. In addition, traffic to an individual VM can
be restricted further by associating a NSG directly to that VM
Note:
Endpoint-based ACLs and network security groups are not supported on the
same VM instance. If you want to use an NSG and have an endpoint ACL
already in place, first remove the endpoint ACL. For information about how
to do this, see Managing Access Control Lists (ACLs) for Endpoints by using
PowerShell
90. Cloud principles
• Freedom of choice
• Marketplaces
• Cloud Inspired
Infrastructure
• Multi Vendor
• Hybrid
• Hyper scale
• Self-service
• Build in and on top
of Security
• Build in Compliancy
• Automation
Continuous Change
Shared
Software defined
Scalable
Pay per Use
Build to fail
Multi Vendor
Lock in Reduction
Open- and closed source
Build in Security
108. Get-AzureRmVMImageSku – get the SKUs for a publisher and offer
Get-AzureRmVMImagePublisher – get the available publishers
Get-AzureRmVMImageOffer – get the avalailable offers from a
publisher
Get-AzureRmVMImage – get the image for a specific SKU
The following ARM cmdlet get the details for a specific Windows
Server source image:
Get-AzureRmVMImage -Location “westus” `
-PublisherName “MicrosoftWindowsServer” `
-Offer “WindowsServer” -Skus “2012-R2-Datacenter” -Version “4.0.20150916”
In Azure there are two main Storage types Standard and Premium.
It is important to note that Premium is not available in all regions and also requires the use of Premier Storage accounts.
It is possible to mix and match premium and non premium storage on the same VM to save on costs.
Basic Tier Disks are limited to 300 IOPS while Standard are 500 IOPS.
There is a cap of the concurrent IOPS for each storage account at 20,000
You can use disks with different storage accounts on the same VM.
Azure Premium Storage works with DS and GS instance size of Azure virtual machines. When you provision a DS or GS series virtual machine, you can take advantage of high-throughput, low-latency storage.
When you stripe 32 disks together on a DS14 virtual machine, you can achieve more than 50,000 IOPS on a single volume.
This high performance disk configuration is ideal for IO-intensive applications, such as Microsoft SQL Server.
If throughput required is larger than the IOPs max per disk it is possible to get higher IOPS by combinging disks together. Using Software RAID technologies supported by the Operatining system. This is supported in both Windows and Linux. In Windows the preferred method would be to use Storage Spaces. Once could take two disks in standard that have a max of 500 IOPS and see performance of 1000 IOPS on that volume.