Security is a way of life.

We continue with the AZ-900 grades with module 2. If you have not read module 1 yet, you can read it by clicking here. The core content of Module 2 is Core Azure Services.

In this module, we will first examine the Core Azure Architectural Components, then go to the Core Azure Services and Products, Azure Solutions and Azure Management Tools section respectively.

Core Azure Architectural Components

In this section, we will talk about Region, Region Pairs, Geographies, Availability Options, Availability Sets, Availability zones, Resource Groups and Azure Resource Manager.

Region:

Azure has data centers around 60 regions in 140 countries around the world. We said Data Center, but this should not be understood as 1 region = 1 data center. Each region has an average of 2-3 data centers. The data centers in the same region are at an average distance of 5 to 10 km and are connected to each other with point to point fiber.

  • Azure is currently (May 2020) the cloud provider with the most regions among other cloud providers.
  • For minimum latency, we need to learn the region closest to ourselves and move forward by choosing these regions. For this, we can use Azure Speed ​​Test 2.0. By clicking this link, you can see the region with the lowest latency and closest to you.
  • Generally, we get the best performance from the top 3 regions closest to us. Therefore, region selection is important.
  • Azure data centers, but not yet established a POP Microsoft Gebze in order to reduce latency in Turkey. In this way, all connections to Azure regions first go to Gebze and then to the relevant place. This causes a decrease in latency.
  • Another issue to be aware of here is Private Regions. Azure currently has 3 Private Regions. These are Azure Government (North America), Azure China 21Vianet and Azure Germany. It is not possible to get service from them.

Region Pairs

Region Pairs is the pairing of two regions in the same geography. A region pair is created as a result of this pairing. All regions are properly mapped, except for Southern Brazil. You can see an example of Region Pairs below.

Azure Region Pairs

If you want to see the full list, you can click here.

Geographies

This term is briefly the evaluation of certain regions together as a single market. Geographies are divided into Americas, Europe, Asia Pacific, Middle East and Africa.

Availability Options

When you buy cloud service, perhaps one of the most important issues is availability. We have 4 different options in Azure for this, and each option has its own SLA percentage.

Single VM

When you run a single VM with premium storage, Microsoft guarantees a 99.9% SLA for it. It is one of the simplest service types.

Availability Sets

Availability Sets is a method used to avoid denial of service in situations that require maintenance or any hardware-driven failure. Microsoft carries out system maintenance and improvement works in only 1 cabinet at a time. There are two concepts to be known here. Update Domains (UD) and Fault Domains (FD).

Update Domain: As can be seen from the image, it is the redundancy of resources in more than one side-by-side cabinet. Since planned maintenance work or performance-security improvements will be made in only one cabinet at the same time, there is no disruption to the service. Update Domains are logical sections of the datacenter, implemented with software and logic. In the meantime, let's mention that we have the right to postpone the maintenance 3 times during the year.

Fault Domains: In case more than one cabinet fails to serve, it means to keep the system running smoothly by keeping spares in different rooms that are not side by side. Fault domains offers us physically separated cabinets. This physical separation means working not only on the basis of the cabinet, but also on the basis of power, cooling and network hardware, in different rooms within the same building and with backups taken in cabinets operating on completely different sources.

Availability Zones

Availability Zones are a working system by backing up in different datacenters within the same region.

  • Each availability zone includes one or more data centers equipped with independent power, cooling and networking.
  • If there is any availability zone down, service will continue with others.
    Availability zones are connected to each other with fiber-optic networks that are very fast and private.
  • Availability zones are often used to run critical applications with high availability and low-latency replication.
  • Availability zones is available as a service on Azure.

Resource Groups

The unit we use to manage our resources in Azure is Resource Groups. We can think of it as a container that allows us to collect all the resources required for our Resource groups application in a single manageable unit and to manage it over a single unit. Thanks to the Resource Group, we can manage the components of our application collectively from a single unit rather than individually.

We can manage the following resources in a single resource group:

  • Metering and billing
  • Policies
  • Monitoring and Alerts
  • Quotas
  • Access Control

The most important point to note here is that when we delete a resource group, we will delete all resources in it. Things to know about Resource Groups are:

  • Each resource can only be in one resource group.
  • A resource group can contain resources located in different regions.
  • You can add or delete resources to a resource group at any time.
  • We can move a resource from one resource group to another.
  • All resources do not need to be in the same resource group in order for an application to work, but it is recommended that they be in the same group to make management easier.

Azure Resource Manager

Azure Resource Manager helps manage major resource groups under a single roof. If we look in more detail, we can say that it is a management layer that enables you to automate the distribution and configuration of resources by using different automation and scripting tools such as Azure PowerShell, Azure CLI, Azure Portal, REST API, Client SDK.

With Azure Resource Manager, we can manage infrastructure with declerative templates instead of scripts. We can also manage who can access what resources, roles, groups, resource groups and permissions.

Core Azure Services and Products

Azure Compute

Azure Compute is a service that is used to run cloud-based applications and includes computing resources. If we need to give an example to these computing resources, we can give disks, processors, memory, networking and operating systems.

Resources are offered according to your request and are available within minutes and often seconds. Only the resources used are paid. Azure's most used compute services are VMs and Containers. We will examine them in detail in the next section. You can see the compute services from the image below.

Azure Compute Services - 1
Azure Compute Services - 2

Azure Compute Services

Azure Compute Services works with Pay-As-You-Go system. So you only pay for the time you use it. For example, if you use 23 hours 59 minutes 47 seconds, you will pay 23 hours 59 minutes 47 seconds. No amount is rounded up.

Let's explain a few concepts that should be known before moving forward:

Cluster: Running a software on 2 or more servers at the same time.

Azure Spot Instance: You can use hardware products that have been manufactured by the manufacturer. This will give you the opportunity to bring the price to fairly affordable levels, while leaving the guarantee of availability at all times.

Azure Hybrid Benefit: If we have a license for a software, we can use it to reduce costs.

There is a Tag system in Azure and tagging them while creating VMs will be a great relief in terms of management in the future.

Virtual Machines (VM's)

Virtual Machine is a software emulation of physical computers. Virtual Machines include virtual processor, memory, storage and networking resources. There is an operating system, and you can install and run software on them just like you do with physical computers. You can use it like a physical machine by making a Remote Desktop connection.

Azure also offers some services that can combine many functions. Examples of these are Azure Virtual Machines, VM Scale Sets, App Services, and Functions.

Azure Virtual Machines

Azure Virtual Machines enables you to create and use virtual machines in the cloud. It works with IaaS logic. If you need complete control over the operating system and environment, Azure VM is there for it.

VM Scale Sets

Virtual Machine Sets are used to deploy and manage multiple VMs that are configured exactly the same (identical). When all VMs are configured the same, it becomes possible to auto-scale with VM Scale Sets. This way, you can automatically add extra VMs for larger loads or remove them when not needed.

App Services

With App Services, you can deploy a corporate website, web application, mobile application or API to run on any platform. Since App Services works with PaaS logic, you do not have to deal with operating system updates or infrastructure maintenance.

Functions

Azure Functions is used not only to address platform and infrastructure concerns, but also to alleviate concerns about running code.

Container Services

Containers are a virtualization environment.

  • Containers use the operating system of the host machine they are working on.
  • As with VMs, there is no obligation to manage the operating system.
  • Containers are lightweight and designed to be dynamically scaled or stopped.
  • Azure Supports Docker Container.

There are two ways to use both Docker and Microsoft-based containers in Azure:

Azure Container Instances

ACI is the easiest and fastest way to run Containers without having to manage any VM or use an extra service. It is a PaaS structure that allows you to load your containers.

Azure Kubernetes Service

AKS is a service used to orchestrate distributed architectures and large volume containers. It is possible to automate many things with AKS.

Azure Network Services

Azure Networking

Machines without network configurations in Azure cannot access the internet. For this reason, the network configurations must be done correctly before starting a server. The reason we did this before we started the server is that if we want to make a change in the future, we will not be able to make this change without interruption.

Azure Virtual Networking

Thanks to Azure Virtual Networking, we can communicate securely with the internet or on-premises networks. Virtual Network's scope is normally single region, but thanks to Virtual Network peering, we can match networks in different regions.

With Azure Virtual Networking, operations such as isolation, segmentation, communication, routing or filtering can be performed.

Azure Load Balancer

It is a load balancer named Load Balancer. Azure Load Balancer enables us to scale applications while providing high availability for our services. It also supports inbound and outbound scenarios.

VPN Gateway

VPN Gateway creates an encrypted virtual gateway between Azure Virtual Network and the corporate network. In this way, traffic becomes safer.

There is also a pricing page for VPN Gateway. If you wish, you can calculate the costs by using the calculation tool on this page.

Pricing Calculator

Azure Application Gateway

Azure Application Gateway is a load balancer that can be used for web traffic. You can distribute load with Azure Application Gateway while users are connecting to your application. If you wish, you can locate it here in a Web Application Firewall.

Content Delivery Network

CDN means Content Delivery Network. It is a server that serves to efficiently distribute the content of your web application to your users. The aim is to minimize the delay.

Azure Data Categories

We need to consider data in 3 main categories. Structured, semi-structured, and unstructured.

Structured Data

  • Structred Data are data that adhere to a schema. For this reason, all data have the same fields and properties.
  • It can be stored in a database table with rows and columns.
  • These data are based on keys, showing how a row in one table relates to another row in another table.
  • Structured Data are also known as "relational data". Data's Schema defines the data table, the fields in the data table, and the relationships between the two.
  • Data entry, queries and analysis are easy because all data are in the same format.
  • If we need to give an example of these data types, we can call various sensor data or financial data.

Semi-Structured Data

  • These data types are less organized than Structred Data.
  • They are not stored in a relational way, another thing is that fields do not fit properly in a table, row or column.
  • These data types use tags to make the organization and hierarchy of data more specific.
  • They are also known as NoSQL data, also known as "non-relational data".
  • To give an example to this category, we can give books, blogs and HTML documents.

Unstructured Data

  • These data do not have any specific structure.
  • Unstructured can hold any kind of data.
  • As new data sources emerge, unstructured data has become even more important.
  • If we need to give examples of this category, we can give PDF documents, JPEG images, JSON files and video content.

Azure Storage Services

Azure Storage

Azure Storage is a storage solution we know and can be used alone. For example, with Azure storage, you can share a file with someone else or share files, messages, etc. we can store information.

It is generally used as a kind of warehouse by developers. Azure storage can also be used by websites, mobile applications, IaaS virtual machines, PaaS cloud services.

If we need to give an example of the most common storage services in Azure, we can give disks, files, objects, queues and tables.

Disk Storage

Disk storage provides the disks needed for VM, Application and other services. We can use disk storage in Azure, just like the disks we use in on-premises systems. If we wish, we can leave the disk storages to the management of Azure or we can do the management and configuration ourselves.

Containers (Blobs)

Azure Blob storage is the object storage solution Microsoft created specifically for the cloud. It has also been specially optimized for storing unstructured data such as text or binaries.

Blob storage is ideal if we are going to serve documents or images directly to a browser, or if we are going to store files for distributed access. But are they only limited to these? Of course no. We can also use it for our video, audio streaming, data backup and restore, disaster recovery and archiving needs.

Files

Since each service is customized for your needs, its use in the area where it is needed will increase efficiency and reduce costs. If you want to share high available files using the SMB protocol, Azure Files has been developed for this job. In other words, thanks to Azure Files, you can enable multiple VMs to share a file by both writing and reading. You can also read files with REST interface or storage client libraries.

Azure Files offers both SMB and NFS support.

How is it different from corporate (Standard) file sharing? The biggest difference is the ease of accessing from anywhere in the world with a URL containing Shared Access Signature (SAS) tokens when sharing files.

Well, if you ask how to use it, let's give an example. Have a configuration file you want to use on your multiple VMs. With Azure Files, you can give access to any VMs you want with this configuration file.

You can also keep diagnostic logs, metrics or crush dumps with Azure Files.

Queues

It is a service where we can perform queue operations on the name of Azure Queue service. This service allows us to receive and store messages (messages). Queue messages can be up to 64 KB in size, and there can be millions of messages in a Queue, and they are used to store mailing lists to be processed asynchronously.

If we need to go through an example, let's assume that we want our customers to be able to upload images and create thumbnails for each uploaded image. We can make sure that our customers wait for the thumbnails to appear when uploading images. Or alternatively we can use it in Queue. When the customer finishes uploading, a message is written to the Queue, and then we can pull the message from the queue and create a thumbnail.

Tables

Azure Tables exists exactly for storing large amounts of semi-structured data. This service is a NoSQL repository that accepts incoming calls (calls) authenticated from within the Azure Cloud or externally. Ideal for fully semi-structured data and non-relational data.

Let's give examples of usage areas.

  • Storing data in TB sizes that can serve web scale applications.
  • Querying data quickly using the Clustered index.

Azure Tables can be scaled according to demand.

Azure Database Services

Azure Database Service is literally PaaS. Developers can take advantage of features such as automatic monitoring and threat detection that come as built-in, while focusing only on database needs without installation and maintenance troubles.

Azure Cosmos DB

MS Azure Cosmos DB is a globally distributed database service that allows you to flexibly and independently scale production and storage across multiple geographic regions of Azure.

It is sensitive to ever-changing data and supports schemaless data for always-on applications. In particular, you can use Cosmos DB to store data updated and edited by users all over the world.

Azure SQL Database

Azure SQL Database is exactly a DaaS service. It is a relational database that hosts the latest stable version of Microsoft SQL Server Database Engine.

With Azure SQL Database, you can create data-driven applications and websites by focusing on any programming language without the need to manage the infrastructure.

Azure Data Migration

Azure Data Mitigation is a service built for seamless migration from multiple database sources to the Azure data platform with minimal downtime. With Azure Data Mitigation, you can easily move your data to Azure. Azure Data Migration service is free.

Azure Marketplace

Azure Marketplace is a marketplace that contains hundreds of services, software and solutions. You can find many paid and free applications in it.

Azure Marketplace

Azure Solutions

Internet of Things

Until 2004, if the rate of progress of technology was 1 unit, after 2004 the rate of progress exceeded 1 unit. With this pace of progress, we have now passed talking about IoT (Internet of Things) issues, and started using their products. Smart watches, smart thermostats, smart refrigerators or order drones...

It offers you many things you may need for Azure IoT as a service. Looking at the general distribution, we can say that one of the highest paid services is IoT services.

IoT Central

Azure IoT Central is a global SaaS solution where you can scale, monitor, and manage your IoT assets. Cloud expertise is not required to use IoT Central. You can directly start managing your IoT devices.

Azure IoT Hub

Azure IoT Hub allows you to communicate between the applications of all your IoT devices and the cloud. You can communicate millions of IoT devices with your solution in Azure using IoT Hub. This communication takes place bidirectionally.

Big Data and Analytics

Nowadays, Data can come in any form and form. As the name suggests, Big Data actually refers to "Big", ie large amounts of data. We can talk about large amounts of data in many scenarios, from weather systems, communication systems, monitoring platforms to traffic data of a country. It is getting harder and harder to understand, interpret, manage and decide according to those comments. Traditional processing and analysis processes are insufficient.

Over time, Open Source Cluster technologies have been developed to deal with this "Big Data". Azure supports a wide range of technologies and services for Big Data.

Azure SQL Data Warehouse

Azure SQL Data Warehouse is an EDW (Enterprise Data Warehouse) service that uses MPP to run complex queries on data of Petabyte size.

You can use SQL Data Warehouse with simple PolyBase T-SQL queries or with MPP to run high performance analytics. Once the data has been imported into SQL Data Warehouse, you can now run analytics for massive scale.

According to traditional database systems, analysis queries can be created here in seconds instead of minutes and hours instead of days.

Azure HDInsight

Azure HDInsight is a fully-managed open source analysis service. It makes processing huge amounts of data easier, faster and more cost effective. HDInsight also allows you to use today's popular open source frameworks (Apache Spark, Apache Hadoop, Apache Kafka, Apache HBase, Apache Storm, Machine Learning etc.)

Also, thanks to this service, you can perform operations such as extraction, transformation or ETL.

Azure Data Lake Analytics

Azure Data Lake Analytics is a service that works on-demand and simplifies big data. Instead of dealing with tasks such as Deploying, Configuring, and tuning hardware, you can focus directly on your queries.

Artificial Intelligence

AI takes its basis in the Cloud concept from Machine Learning. ML is a data science technique based on computers using available data to predict future behavior, trends and outcomes. Thanks to ML (at a certain level) computers can learn without being programmed.

Predictions gained through ML can make apps and devices smarter. For example, let's say you are shopping from an e-commerce site. Thanks to ML, it can recommend the products you like according to the products you buy. Or, your robot vacuum cleaner can learn how to vacuum the room in the most efficient way as soon as possible after a certain period of time.

Azure Machine Learning Service

Azure Machine Learning Service is a cloud service that we can use to develop, train, test, deploy, manage and monitor ML models. It fully supports open source technologies, so you can use thousands of open-source Python packages such as TensorFlow and scikit-learn.

Azure ML Service can auto-generate and auto-tune for you.

Azure Machine Learning Studio

Azure Machine Learning Studio allows you to produce ML solutions without the need to write code. You can work by drag-and-drop, and you can easily prepare a visual work.

It works using pre-built and configured ML algorithms and data-handling modules.

Serverless Computing

Imagine your code is running but you don't have a specific server. Here is "Serverless Computing". You can run your code directly without needing anything about the infrastructure. It does not require or even allow for Infrastructure configuration or maintenance.

Serverless applications run only when an event is triggered. Scaling and performance issues are handled automatically, and only the resources used are billed. Resources do not need to be reserved. Now let's look at some of the services offered ready for Serverless Computing in Azure.

Azure Functions

Azure Functions will be the ideal choice if you are only interested in the code that runs your service, not the platform or infrastructure. They typically work by triggering a REST request, timer, or message from other Azure services. If you want a job to be done in a short time, you can easily use this service.

There is automatic scaling and charging only occurs when a function is triggered. For example, let's say you are doing a vehicle tracking job. You may be using an IoT solution monitoring a fleet of vehicles and receiving various messages from them. Probably, while more data comes in during working hours, the number of data received outside of working hours will be less. Azure Functions will automatically scale for this.

Finally, Azure Functions works as a stateless.

Azure Logic Apps

Azure Logic Apps allows you to design scalable solutions and simplify your processes for application integration, data integration, system integration, enterprise application integration (EAI) and B2B (business-to-business) integration, either on-premise or in the cloud or at the same time. provides.

You can take advantage of this service with web-based designs, usually without the need to write code. While integrating with Azure Logic Apps, you can perform your operations with more than 200 ready connectors. For example; Such as Salesforces, SAP, Oracle DB.

Azure Event Grid

Azure Event Grid enables us to easily build applications with Event-based architecture. It runs fully-managed and is in a publish-subscribe model. Grid provides built-in support for events coming from Azure Services. For example, you can make it work with a storage-blobs or resource group.

DevOps

Deployment and Operations. One of the most talked about topics of recent times is DevOps.

DevOps automates software deployments by bringing together users, processes, technologies, automating software delivery. The Azure DevOps service, on the other hand, allows you to create and build a release pipeline for your applications while providing continuous integration, delivery and deployment creation and build.

With Azure DevOps, you can integrate repositories, perform application tests, and monitor them. You can also automate infrastructure deployment and use third-party tools such as Jenkins and Chef.

Azure DevOps Services

Azure DevOps Service provides some development collaboration tools. For example, high-performance pipelines, free private git repositories, kanban boards. Let's not forget that Azuer DevOps Service was previously known as Visual Studio Team Services (VSTS).

Azure Lab Services

Azure Lab Services give an opportunity to developers and testers to quickly create an environment in Azure, while minimizing costs and controlling costs. Users can prepare Windows and linux environments as quickly as possible using reusable templates and artifacts and test the latest versions of the applications.

You can easily integrate the deployment pipeline with DevTest Labs to provide on-demand environments. With DevTest Labs, you can set up multiple test agents and scale your load tests. Previously DevTest Labs was known as DevOps Test.

Azure App Service

Azure App Service allows you to quickly and easily create web and mobile applications for any platform or device. You can create any application, mobile back-ends, RESTful APIs in the programming language you want without the need to manage the infrastructure.

  • It supports both Windows and Linux.
  • Provides automatic deployment support from GitHub, Azure DevOps or any Git repository.
  • It offers automatic scaling and high availability.
  • It has support for many languages ​​and frameworks. For example ASP.NET, ASP.NET Core, Java, Ruby, Node.js, PHP or Python.
  • You can run PowerShell or executable background scripts.
  • Thanks to DevOps optimization, you can ensure continuous integration and deployment with Azure DevOps, Bitbucket, Docker Hub or Azure Container Registry.
  • You can connect directly to SaaS platforms or to your on-premises data. It also allows you to connect with more than 50 ready-made connectors. (For example SAP, Salesforce, Facebook)
  • App Service has ISO, SOC and PCI compliance. You can authenticate users with Azure
  • Active Directory or social media login options (Google, Facebook, Twitter, Microsoft).
  • You can create IP restrictions and manage Service Identities.
  • You can use ready-made application templates on Azure Marketplace. (Such as WordPress, Joomla and Drupal)
  • By integrating with Visual Studio, you can perform create, deploy and debug operations.

Azure Management Tools

Azure has many management tools. In this way, it allows us to choose the most suitable for our needs.

Azure Portal

Azure Portal is a website that we can access publicly via any web browser. After signing in with your Azure account, you can check all available Azure Services here. You can define a service you are looking for or get support from the help page to get help on a subject. You can distribute, manage or delete your resources through the Azure Portal.

Dashboard view lets you know about your overall Azure environment. You can make it more efficient by making changes on the dashboard according to your needs.

You cannot automate repetitive tasks through the Azure Portal. Whatever you want to do, you have to do it over and over again every time.

Azure PowerShell

Azure PowerShell is a module for managing your resources by connecting to your Azure subscription. Windows PowerShell is needed for Azure PowerShell to work. PowerShell also provides services such as shell windows and command parsing.

Also an important point to know is this: PowerShell Core is a version designed to run on Windows, Linux or macOS.

Azure Command Line Interface (CLI)

Azure CLI is a cross-platform command line tool that lets you manage your resources via the command line, just like Azure PowerShell. For example, to create a VM, you can open a command prompt window and create a VM with the relevant commands after logging in with the az login command.

Azure Cloud Shell

Azure Cloud Shell is a browser-based scripting environment on your portal. It allows you to work with the best shell for your needs. While you prefer bash for Linux, you can choose PowerShell for Windows.

To use Cloud Shell it is necessary to have a storage account, otherwise you cannot use it.

You can access Azure Cloud Shell on the portal.

Azure Mobile App

We can say that it is a slightly minimized mobile application of Azure Portal. You can access, manage and monitor all your Azure accounts and resources on iOS and Android. You can also use Azure Cloud Shell via the mobile application.

Azure REST API

Azure REST API allows us to send requests such as create, retrieve, update or delete via HTTP protocol to your service endpoints. At the same time, we can define some functions for the incoming responses.

Azure Advisor

Azure Advisor is a free service that includes recommendations for areas such as high availability, security, performance and cost. Azure Advisor analyzes your deployed services and provides customized recommendations.

We have come to the end of episode 2. See you in chapter 3.

Source: