-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathUST_Azure_Vilas
More file actions
4837 lines (3947 loc) · 280 KB
/
UST_Azure_Vilas
File metadata and controls
4837 lines (3947 loc) · 280 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
"Understanding Cloud Computing & Azures
https://github.com/MicrosoftLearning/AZ-104-MicrosoftAzureAdministrator/tree/master/Instructions/Labs
Cloud Service Models:
----------------------------------------------------------------
IaaS,
Infrastructure as a Service (IaaS): A Detailed Overview
Infrastructure as a Service (IaaS) is a cloud computing service model that provides virtualized computing resources over the internet. In 1 an IaaS model, organizations access and manage fundamental IT resources—such as virtual machines, storage, networks, and operating systems—on demand from a cloud provider. This eliminates the need for organizations to invest in and maintain their own physical IT infrastructure.
1.
Key Characteristics of IaaS:
Resources as a Service:
IaaS delivers computing resources as a service, allowing users to access and utilize them as needed.
Pay-as-you-go Pricing:
Users typically pay only for the resources they consume, offering cost efficiency and flexibility.
Scalability:
IaaS environments are highly scalable, enabling users to easily adjust resources up or down based on their changing demands.
Self-Service Provisioning:
Users can provision and manage their infrastructure resources through a web-based portal or API, giving them control and agility.
Virtualization:
Virtualization technology is the foundation of IaaS, allowing multiple virtual machines to run on a single physical server, optimizing resource utilization.
Multi-tenancy:
Physical hardware is often shared among multiple users, while ensuring logical isolation and security for each tenant.
How IaaS Works:
In an IaaS model, the cloud provider owns and maintains the physical infrastructure, including servers, storage, and networking hardware, in their data centers. They also manage the virtualization layer. Users, in turn, access these resources over the internet and are responsible for deploying and managing their own operating systems, applications, middleware, and data within the virtualized environment.
Benefits of IaaS:
Cost Reduction:
Eliminates the capital expenditure of purchasing and maintaining physical hardware, reducing overall IT costs. The pay-as-you-go model ensures you only pay for what you use.
Scalability and Flexibility:
Faster Deployment:
Provisioning of infrastructure resources is significantly faster compared to setting up physical hardware, enabling quicker deployment of applications and services.
Increased Reliability and Availability:
Cloud providers typically offer robust infrastructure with high availability and disaster recovery options, improving the reliability of applications.
Focus on Core Business:
By offloading infrastructure management, IT teams can focus on more strategic initiatives and innovation.
Global Reach:
Access to geographically distributed data centers allows for improved performance and reduced latency for global users.
Business Continuity and Disaster Recovery:
IaaS facilitates the implementation of effective backup and disaster recovery solutions at a potentially lower cost.
Challenges of IaaS:
Security:
While the cloud provider secures the underlying infrastructure, users are responsible for securing their applications, data, and operating systems within the IaaS environment.
Compliance:
Organizations must ensure their use of IaaS complies with relevant industry and governmental regulations.
Integration with Existing Systems:
Integrating cloud-based infrastructure with existing on-premises systems can present technical challenges.
Dependency on Provider:
Users are reliant on the cloud provider's infrastructure and services, and outages or changes in service can impact their operations.
Managing Costs:
While pay-as-you-go can be cost-effective, it requires careful monitoring and management to avoid unexpected expenses.
Limited Control:
Users have less direct control over the underlying physical infrastructure compared to on-premises setups.
Vendor Lock-in:
Migrating between IaaS providers can be complex and costly.
Common Use Cases for IaaS:
Web Hosting:
Hosting websites and web applications with the ability to easily scale resources based on traffic.
Test and Development Environments:
Quickly setting up and tearing down isolated environments for software development and testing.
Data Storage, Backup, and Recovery:
Utilizing scalable and cost-effective cloud storage for data and implementing robust backup and disaster recovery solutions.
High-Performance Computing (HPC):
Accessing significant computational power for complex tasks like simulations and data analysis.
Big Data Analytics:
Providing the infrastructure needed to store and process large volumes of data for business intelligence.
Virtual Data Centers:
Creating a virtualized extension of an organization's on-premises data center in the cloud.
Business Continuity and Disaster Recovery:
Replicating critical systems and data in the cloud for failover and recovery purposes.
Examples of IaaS Providers:
Amazon Web Services (AWS)
Microsoft Azure
Google Cloud Platform (GCP)
DigitalOcean
Linode
Rackspace
IBM Cloud
Alibaba Cloud
Oracle Cloud
----------------------------------------------------------------
Detailed overview of PaaS,
Platform as a Service (PaaS): A Detailed Overview
Platform as a Service (PaaS)
cloud computing service model
platform allowing customers to
develop,
run, and
manage
applications without
complexity of building and maintaining the infrastructure
associated with
developing and
launching app
PaaS providers
handle the underlying infrastructure,
including
servers,
storage,
networking,
operating systems, and
middleware,
enabling developers to focus solely on coding and deploying their applications
Key Characteristics of PaaS:
Complete Development and Deployment Environment:
ready-to-use environment
includes everything
to support the full lifecycle of web applications:
building,
testing,
deploying,
managing, and
updating.
Focus on Application Development:
Developers can concentrate on
writing code
innovating without worrying about infrastructure management.
Built-in Scalability and Availability:
PaaS platforms often provide automatic scaling and high availability features, ensuring applications can handle varying loads and remain accessible.
Support for Multiple Programming Languages and Frameworks:
Most PaaS offerings support a wide range of programming languages,
libraries,
frameworks, and
tools,
providing flexibility to developers.
Integrated Databases and Other Backend Services:
PaaS typically includes access to
databases,
messaging queues, and
other backend services that applications commonly require.
Simplified Deployment and Management:
PaaS streamlines the deployment process
provides tools for
monitoring,
managing, and
updating applications.
Pay-as-you-go Pricing:
Similar to IaaS, PaaS often employs a pay-as-you-go model based on the resources consumed by the application.
How PaaS Works:
PaaS providers maintain the entire infrastructure stack, from the physical servers and storage to the operating systems, middleware (like databases, web servers, and Java runtime environments), and development tools. Users access this platform through a web interface or APIs. Developers can then use the provided tools and services to build, deploy, and manage their applications without needing to configure or manage the underlying infrastructure.
Benefits of PaaS:
Accelerated Development Cycles:
PaaS provides pre-configured environments and tools, significantly reducing the time and effort required to set up development and deployment pipelines.
Reduced Complexity:
Developers are shielded from the complexities of infrastructure management, allowing them to focus on writing high-quality code.
Lower Costs:
Eliminates the need for upfront investment in hardware and software licenses, as well as the ongoing costs of infrastructure maintenance and operations.
Scalability and High Availability:
PaaS platforms are designed to automatically scale applications based on demand and often include built-in redundancy for high availability.
Support for Diverse Technologies:
PaaS typically supports a wide array of programming languages, frameworks, databases, and services, offering flexibility to development teams.
Improved Collaboration:
PaaS environments can facilitate collaboration among development teams by providing shared resources and tools.
Faster Time to Market:
By simplifying the development and deployment process, PaaS helps organizations bring their applications to market more quickly.
Automatic Updates and Patching:
The PaaS provider handles updates and patching of the underlying infrastructure and platform components, reducing the burden on IT teams.
Challenges of PaaS:
Vendor Lock-in: Migrating applications from one PaaS provider to another can be challenging due to proprietary technologies and configurations.
Limited Control: Developers have less control over the underlying infrastructure compared to IaaS, which might be a concern for applications with specific performance or security requirements.
Security Concerns: While the PaaS provider manages the security of the platform, users are still responsible for the security of their applications and data.
Integration with Existing Systems: Integrating PaaS-based applications with existing on-premises systems can sometimes be complex.
Customization Limitations: The level of customization available for the underlying infrastructure and platform components might be limited.
Performance Issues: Application performance can be affected by the shared nature of the PaaS environment and the provider's infrastructure.
Cost Management:
While pay-as-you-go offers flexibility, it's crucial to monitor resource consumption to avoid unexpected costs.
Common Use Cases for PaaS:
Web Application Development and Hosting: Providing a streamlined environment for building, deploying, and hosting web applications.
Mobile Application Development: Offering backend services and tools to support the development of mobile applications.
API Development and Management: Providing tools for building, deploying, and managing APIs.
Data Analytics and Business Intelligence: Offering platforms with integrated data processing and analysis tools.
Stream Processing: Providing infrastructure for real-time data ingestion and processing.
Internet of Things (IoT) Application Development: Offering platforms for managing and processing data from IoT devices.
Team Collaboration and Workflow Automation: Providing tools and services to support collaborative development and automate workflows.
Examples of PaaS Providers:
AWS Elastic Beanstalk
Google App Engine
Microsoft Azure App Service
Heroku
OpenShift
Cloud Foundry
Engine Yard
Mendix
OutSystems
----------------------------------------------------------------
Detailed overview of SaaS
Software as a Service (SaaS)
software distribution model in which a third-party provider hosts applications and makes them available to customers over the Internet. Instead of purchasing and installing software on their own devices, users access SaaS applications via a web browser, a dedicated desktop client, or a mobile app. The SaaS provider manages all aspects of the software, including the infrastructure, application software, and data
Key Characteristics of SaaS:
Web-Based Access:
Users access the software over the internet, typically through a web browser, eliminating the need for local installation and management.
Centralized Hosting:
The software and associated data are hosted on the provider's servers.
Subscription-Based Pricing:
Users typically pay a recurring fee (monthly or annually) to access the software, often based on usage, number of users, or features required.
No Infrastructure Management:
Users do not need to worry about managing or maintaining the underlying hardware, operating systems, or application software. The provider handles all of this.
Automatic Updates and Patching:
The SaaS provider is responsible for software updates, bug fixes, and security patching, ensuring users always have the latest version.
Scalability and Flexibility:
SaaS solutions can often be easily scaled up or down based on the organization's needs. Users can typically add or remove users and features as required.
Accessibility from Anywhere:
As long as there is an internet connection, users can access the SaaS application from any device and any location.
Multi-tenancy Architecture:
Typically, a single instance of the software serves multiple users or organizations, with each tenant's data being logically isolated and secure.
How SaaS Works:
The SaaS provider develops and maintains the application in their data centers. Customers subscribe to the service and access it through the internet. The provider handles all the underlying infrastructure, including servers, storage, networking, and the software itself. They are also responsible for data storage, security, availability, and performance. Users interact with the application through a user interface, usually a web browser.
Benefits of SaaS:
Lower Upfront Costs:
Eliminates the need for significant upfront investment in software licenses and hardware infrastructure.
Reduced IT Overhead:
Organizations don't need to hire IT staff to install, configure, manage, and maintain the software and its infrastructure.
Faster Implementation:
SaaS applications are typically ready to use almost immediately after subscribing, without lengthy installation processes.
Automatic Updates and Maintenance:
Users always have access to the latest features and security updates without any effort on their part.
Scalability and Flexibility:
Easily scale usage up or down based on business needs, and often pay only for the resources consumed.
Accessibility:
Users can access the software from any device with an internet connection, promoting collaboration and remote work.
Predictable Costs:
Subscription-based pricing allows for more predictable budgeting of software expenses.
Focus on Core Business:
By outsourcing software management, organizations can focus on their core business activities.
Challenges of SaaS:
Data Security and Privacy: Organizations entrust their data to a third-party provider, raising concerns about security breaches and data privacy. It's crucial to choose providers with robust security measures and clear data governance policies.
Vendor Lock-in: Switching SaaS providers can be complex and costly due to data migration challenges and potential differences in features and functionalities.
Limited Customization: SaaS applications often offer limited customization options compared to on-premises software, which might not meet the specific needs of all organizations.
Integration Issues: Integrating SaaS applications with existing on-premises systems or other SaaS solutions can sometimes be challenging.
Dependency on Internet Connectivity: Access to SaaS applications is entirely dependent on a stable internet connection.
Control Over Features and Updates: Users have limited control over the features offered and the timing of updates, which are determined by the provider.
Performance Issues: Application performance can be affected by the provider's infrastructure and network conditions.
Compliance Requirements: Organizations in regulated industries need to ensure that their SaaS provider meets specific compliance requirements.
Common Use Cases for SaaS:
Customer Relationship Management (CRM):
Salesforce, HubSpot CRM.
Enterprise Resource Planning (ERP):
NetSuite, SAP S/4HANA Cloud.
Email and Collaboration:
Gmail, Microsoft 365 (formerly Office 365), Google Workspace.
Office Productivity Suites:
Google Workspace, Microsoft 365.
Human Resources Management (HRM):
Workday, BambooHR.
Content Management Systems (CMS): WordPress.com, Shopify.
Project Management: Asana, Trello, Monday.com.
Accounting Software: QuickBooks Online, Xero.
Marketing Automation: Marketo, Pardot.
Video Conferencing: Zoom, Microsoft Teams, Google Meet.
Examples of SaaS Providers:
Salesforce
Microsoft
Google
Adobe
Zoom
Dropbox
Slack
ServiceNow
Atlassian (Jira, Confluence)
Oracle
----------------------------------------------------------------
Detailed overview of Shared responsibility
----------------------------------------------------------------
----------------------------------------------------------------
Deployment Models:
Detailed overview of Public,
Public Cloud: A Detailed Overview
The public cloud is a cloud computing model where a third-party provider makes computing resources – such as servers, storage, networks, software, and various services – available to the general public over the internet. These services are offered on a shared infrastructure, meaning multiple customers utilize the same pool of resources, although their data and applications are kept logically isolated and secure.
Think of it like a public utility, such as electricity or water. You pay for the resources you consume without needing to own or manage the underlying infrastructure.
Key Characteristics of Public Cloud:
Shared Infrastructure:
Multiple customers share the same physical hardware and network resources owned and managed by the cloud provider.
On-Demand Availability:
Resources can be provisioned and accessed almost instantly as needed through a self-service portal or APIs.
Scalability and Elasticity:
Users can easily scale their resources up or down in response to changing demands, paying only for what they consume.
Pay-as-you-go Pricing: Typically follows a consumption-based pricing model, where users are billed based on the amount of resources they use (e.g., compute time, storage, bandwidth). Some providers also offer subscription-based or reserved instance pricing.
Managed Services: The cloud provider handles the maintenance, updates, security of the underlying infrastructure, and often the platform services.
Global Accessibility: Services are accessible from anywhere with an internet connection, facilitating remote work and global deployments.
Multi-Tenancy: The underlying infrastructure is shared among multiple tenants (customers), but each tenant's data and applications are logically isolated to ensure security and privacy.
Wide Range of Services: Public cloud providers offer a vast array of services, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), serverless computing, artificial intelligence (AI), machine learning (ML), data analytics, and more.
How Public Cloud Works:
Public cloud providers operate large data centers worldwide, housing massive amounts of computing resources. Through virtualization technologies, they divide these physical resources into virtualized components (like virtual machines, storage volumes, and virtual networks) that can be dynamically allocated to multiple customers.
Users interact with these services through web-based consoles, command-line interfaces (CLIs), or APIs. When a user requests resources, the cloud provider's orchestration system provisions and allocates the necessary virtualized infrastructure from the shared pool. Billing is then tracked based on the user's consumption of these resources.
Benefits of Public Cloud:
Cost Efficiency: Eliminates the need for significant upfront capital expenditure on hardware and reduces operational costs associated with maintenance, power, and cooling. The pay-as-you-go model ensures you only pay for what you use.
Scalability and Flexibility: Easily scale resources up or down to match fluctuating demands without the limitations of physical infrastructure. This agility allows businesses to respond quickly to market changes.
Faster Time to Market: Rapid provisioning of resources allows for quicker deployment of applications and services, accelerating innovation and time to market.
High Availability and Reliability: Public cloud providers invest heavily in robust infrastructure with built-in redundancy and disaster recovery capabilities, ensuring high uptime and data resilience.
Global Reach: Access to a global network of data centers allows businesses to deploy applications closer to their users worldwide, improving performance and reducing latency.
Focus on Core Business: By offloading infrastructure management, IT teams can focus on strategic initiatives and application development rather than routine maintenance tasks.
Access to Advanced Technologies: Public clouds provide access to cutting-edge technologies like AI, ML, big data analytics, and serverless computing without significant upfront investment.
Sustainability: Cloud providers often have economies of scale and invest in energy-efficient infrastructure and renewable energy sources, potentially reducing a company's carbon footprint.
Challenges of Public Cloud:
Security Concerns: While providers invest heavily in security, the shared nature of the infrastructure can raise concerns about data breaches and the "noisy neighbor" effect. Understanding the shared responsibility model is crucial, as users are responsible for securing their data and applications within the cloud.
Vendor Lock-in: Migrating applications and data between different public cloud providers can be complex and costly due to proprietary technologies and service models.
Limited Control: Users have less direct control over the underlying hardware and infrastructure compared to on-premises deployments.
Compliance: Organizations in highly regulated industries need to ensure that the public cloud provider meets specific compliance requirements and that their use of the cloud aligns with these regulations.
Integration with Existing Systems: Integrating public cloud services with existing on-premises infrastructure or private clouds can present technical challenges.
Cost Management: While pay-as-you-go can be cost-effective, unexpected costs can arise if resource consumption is not carefully monitored and managed.
Performance Variability: Performance can sometimes be affected by the shared nature of the infrastructure and network conditions, although major providers have measures in place to mitigate this.
Security in the Public Cloud:
Public cloud providers implement robust security measures, including physical security of data centers, network security, data encryption, identity and access management (IAM), and compliance certifications. However, security in the public cloud is a shared responsibility. The provider secures the underlying infrastructure, while the customer is responsible for securing their data, applications, configurations, and access controls within the cloud environment.
Common Use Cases for Public Cloud:
Web Hosting: Hosting websites and web applications with the ability to scale based on traffic demands.
Data Storage and Backup: Providing scalable and cost-effective storage solutions for data archiving, backup, and disaster recovery.
Software Development and Testing: Offering on-demand environments for development, testing, and deployment of applications.
Big Data Analytics: Providing the necessary compute power and storage for processing and analyzing large datasets.
Content Delivery Networks (CDNs): Distributing content globally for faster and more reliable delivery to end-users.
Disaster Recovery: Replicating critical systems and data in the cloud for business continuity.
SaaS Applications: Delivering software applications over the internet on a subscription basis.
AI and Machine Learning: Providing access to pre-built AI/ML services and infrastructure for building and deploying intelligent applications.
Major Public Cloud Providers:
Amazon Web Services (AWS)
Microsoft Azure
Google Cloud Platform (GCP)
Alibaba Cloud
IBM Cloud
Oracle Cloud Infrastructure (OCI)
Detailed overview of Private,
Private Cloud: A Detailed Overview
A private cloud is a cloud computing model where the infrastructure is provisioned for exclusive use by a single organization. This infrastructure can be located on-premises within the organization's own data center, or it can be hosted by a third-party provider in an off-site data center dedicated solely to that organization. The key differentiator is the dedicated nature of the resources and the enhanced control and customization it offers.
Think of it as having your own private data center, but with the characteristics of cloud computing like virtualization, self-service provisioning, and scalability.
Key Characteristics of Private Cloud:
Dedicated Infrastructure: The hardware, network, and storage resources are dedicated to a single organization and are not shared with others.
Single Tenancy: Only one organization utilizes the infrastructure, ensuring greater isolation and security.
Enhanced Control and Customization: Organizations have greater control over the infrastructure, allowing for customization to meet specific performance, security, and compliance requirements.
Self-Service and Automation: Private clouds often implement self-service portals and automation tools to allow users within the organization to provision and manage resources on demand.
Scalability and Elasticity: While the physical capacity might be limited by the organization's investment, private clouds can still offer scalability through virtualization and dynamic resource allocation within the dedicated infrastructure.
Potentially Higher Initial Investment: Setting up a private cloud, especially on-premises, can involve significant upfront capital expenditure on hardware, software, and personnel.
Management Responsibility: The organization is typically responsible for managing and maintaining the private cloud infrastructure, unless it's hosted by a third-party provider under a dedicated arrangement.
Integration with Existing Systems: Private clouds can be designed to integrate more seamlessly with an organization's existing on-premises IT infrastructure.
How Private Cloud Works:
A private cloud typically involves implementing cloud computing technologies like virtualization, orchestration, and automation within an infrastructure dedicated to a single organization. This can be achieved in two main ways:
On-Premises Private Cloud: The organization builds and manages its own cloud infrastructure within its own data center. This requires investment in hardware, software, and skilled personnel to design, deploy, and maintain the environment.
Externally Hosted Private Cloud: A third-party provider hosts and manages a dedicated cloud infrastructure for the organization in their data center. The organization has exclusive access to these resources and can often customize them to their needs.
In both scenarios, users within the organization can typically access and manage resources through a self-service portal or APIs, similar to how they would interact with a public cloud. The underlying infrastructure, however, is solely dedicated to their use.
Benefits of Private Cloud:
Enhanced Security and Compliance: The dedicated nature of the infrastructure and single tenancy provide greater control over security measures and help meet stringent compliance requirements specific to the organization or industry.
Greater Control and Customization: Organizations have more control over the hardware, software, and configurations, allowing them to tailor the environment to meet specific performance, latency, and application requirements.
Integration with Legacy Systems: Private clouds can often be more easily integrated with existing on-premises IT infrastructure and legacy applications.
Data Sovereignty and Residency: Organizations with strict data sovereignty or residency requirements can ensure their data remains within their control and geographic boundaries.
Predictable Performance: With dedicated resources, organizations can often achieve more predictable and consistent performance for their applications.
Potential Cost Savings in the Long Run: For organizations with consistent and predictable high resource utilization, a private cloud might offer long-term cost savings compared to the variable costs of a public cloud.
Avoids "Noisy Neighbor" Effect: Dedicated resources eliminate the risk of performance being impacted by the activities of other tenants, as can sometimes occur in a public cloud.
Challenges of Private Cloud:
Higher Initial Investment: Building an on-premises private cloud requires significant upfront capital expenditure on hardware, software licenses, and implementation costs.
Ongoing Management and Maintenance: The organization is responsible for the ongoing management, maintenance, patching, and upgrades of the private cloud infrastructure, which can require specialized IT staff.
Limited Scalability Compared to Public Cloud: While private clouds offer scalability within their dedicated resources, they might not have the same virtually limitless scalability as public clouds. Scaling often requires additional hardware investment and lead times.
Lower Resource Utilization Potential: If resources are not efficiently utilized, a private cloud might lead to lower overall resource utilization compared to the shared infrastructure of a public cloud.
Responsibility for Security: While offering more control, the organization is also fully responsible for implementing and maintaining the security of its private cloud environment.
Potential for Underutilized Capacity: If the organization over-provisions for peak demands, a significant portion of the infrastructure might remain underutilized during normal operations.
Common Use Cases for Private Cloud:
Organizations with Strict Security and Compliance Requirements: Industries like finance, healthcare, and government often choose private clouds to meet stringent regulatory obligations.
Organizations with Specific Performance or Latency Requirements: Applications that demand low latency or consistent high performance might be better suited for a private cloud environment.
Organizations with Existing Significant IT Infrastructure: Companies that have already invested heavily in their own data centers might extend their infrastructure with private cloud capabilities.
Organizations with Data Sovereignty Concerns: Companies that need to keep their data within a specific geographic location for legal or regulatory reasons.
Organizations Running Legacy Applications: Private clouds can provide a more compatible environment for running older applications that might not be easily migrated to the public cloud.
Organizations with Predictable and High Resource Utilization: Workloads with consistent high demands might be more cost-effective in a private cloud over the long term.
Examples of Private Cloud Technologies and Vendors:
VMware vSphere and vCloud Director
OpenStack
Microsoft Azure Stack
Nutanix Enterprise Cloud
Red Hat OpenShift
Cisco ACI and UCS
Hewlett Packard Enterprise (HPE) GreenLake
Detailed overview of Hybrid
Hybrid Cloud: A Detailed Overview
Hybrid cloud is a cloud computing environment that combines on-premises infrastructure (private cloud or traditional IT) with one or more public clouds. This model allows organizations to leverage the strengths of each environment, choosing the most suitable option for specific workloads and requirements. The key aspect of a hybrid cloud is the integration and interoperability between these distinct environments, enabling data and applications to be shared and moved seamlessly.
Think of it as having your own private office space combined with access to shared co-working facilities. You use your private space for sensitive work and the co-working space for collaborative tasks and flexible resources.
Key Characteristics of Hybrid Cloud:
Combination of Environments: Integrates two or more distinct cloud infrastructures (public, private, or traditional IT).
Workload Portability: Enables the movement of applications and data between the different environments.
Unified Management: Aims for a consistent management framework across the hybrid environment, providing a single pane of glass for monitoring and control.
Orchestration and Automation: Relies on orchestration and automation tools to manage resources and workflows across the diverse infrastructure.
Policy-Based Governance: Utilizes consistent policies for security, compliance, and governance across the hybrid environment.
Flexibility and Choice: Offers organizations the flexibility to choose the optimal environment for each specific workload based on factors like cost, performance, security, and compliance.
Scalability and Bursting: Allows organizations to "burst" into the public cloud to handle temporary spikes in demand that exceed the capacity of their private infrastructure.
How Hybrid Cloud Works:
A hybrid cloud architecture relies on technologies and processes that enable seamless connectivity and data/application mobility between the different environments. This typically involves:
Networking Connectivity: Establishing secure and reliable network connections (e.g., VPNs, direct connects) between the on-premises infrastructure and the public cloud(s).
Identity and Access Management (IAM): Implementing a unified IAM system to manage user identities and access privileges consistently across all environments.
Data Integration and Migration Tools: Utilizing tools and services to facilitate the movement and synchronization of data between on-premises and cloud environments.
Application Programming Interfaces (APIs): Leveraging APIs to enable communication and integration between applications running in different environments.
Cloud Management Platforms: Employing management and orchestration platforms that provide a centralized view and control over resources and workloads across the hybrid infrastructure.
Virtualization and Containerization: Utilizing virtualization and container technologies (like Docker and Kubernetes) can enhance portability and consistency across different environments.
Benefits of Hybrid Cloud:
Flexibility and Agility: Organizations can choose the best environment for each workload, optimizing for cost, performance, security, and compliance.
Scalability and Bursting Capability: Handle peak demands by seamlessly extending capacity into the public cloud without over-provisioning on-premises infrastructure.
Cost Optimization: Run steady-state workloads on potentially more cost-effective private infrastructure and leverage the public cloud for variable or temporary needs.
Gradual Cloud Adoption: Allows organizations to transition to the cloud at their own pace, migrating workloads incrementally while still utilizing existing on-premises investments.
Data Sovereignty and Compliance: Keep sensitive data and regulated workloads within the private cloud environment while leveraging the public cloud for less sensitive applications and data.
Innovation and Access to Advanced Services: Utilize the advanced services offered by public cloud providers (e.g., AI, ML, serverless) for specific projects while maintaining control over core systems.
Disaster Recovery: Leverage the public cloud as a cost-effective and scalable disaster recovery site for on-premises workloads.
Modernization of Legacy Applications: Gradually modernize legacy applications by integrating them with cloud-native services in the public cloud.
Challenges of Hybrid Cloud:
Complexity of Management: Managing a hybrid environment with diverse infrastructure and services can be complex, requiring specialized skills and tools.
Security Management: Maintaining consistent security policies and controls across different environments can be challenging and requires careful planning and implementation.
Integration Challenges: Ensuring seamless integration and interoperability between on-premises systems and public cloud services can be technically complex.
Data Migration and Consistency: Moving and synchronizing data between different environments can be time-consuming and may introduce latency or consistency issues.
Cost Management and Optimization: Tracking and optimizing costs across both private and public cloud resources requires robust monitoring and governance.
Skills Gap: Organizations may need to invest in training or hiring personnel with expertise in both on-premises and cloud technologies.
Vendor Lock-in (Public Cloud Component): While offering flexibility, reliance on specific public cloud services can still lead to vendor lock-in for certain workloads.
Network Latency and Performance: Connectivity between on-premises and public cloud environments can introduce latency that might impact the performance of certain applications.
Common Use Cases for Hybrid Cloud:
Workload Bursting: Running applications on private infrastructure during normal times and automatically scaling into the public cloud during peak demand (e.g., e-commerce during holidays).
DevOps and Testing: Utilizing the public cloud for agile development and testing environments while deploying production workloads on private infrastructure.
Big Data Analytics: Storing large datasets on-premises or in a private cloud and leveraging the public cloud's compute power for analysis.
Disaster Recovery as a Service (DRaaS): Replicating on-premises workloads and data to a public cloud environment for failover and recovery.
Cloud-Native Application Development: Building new, cloud-native applications in the public cloud that need to interact with existing on-premises systems.
Edge Computing: Processing data closer to the source (e.g., IoT devices) on-premises and then leveraging the public cloud for further analysis and storage.
Phased Migration to the Cloud: Gradually moving workloads to the public cloud over time while maintaining critical systems on-premises.
Regulatory Compliance: Keeping sensitive data and applications within a private cloud environment to meet specific compliance requirements while utilizing the public cloud for less regulated workloads.
Examples of Hybrid Cloud Technologies and Vendors:
VMware Hybrid Cloud Solutions (vSphere, vSAN, NSX with public cloud integrations)
Microsoft Azure Arc
Google Anthos
AWS Outposts
Red Hat OpenShift
IBM Cloud Satellite
Various hybrid cloud management platforms from vendors like Dell Technologies, HPE, and Cisco.
----------------------------------------------------------------
----------------------------------------------------------------
Azure Global Infrastructure
----------------------------------------------------------------
The Azure Global Infrastructure is the foundation that powers all of Microsoft's cloud services. It's a vast and ever-expanding network of data centers strategically located around the world, designed to provide:
Key Components:
Geographies:
These are defined by geopolitical boundaries or country borders and typically contain two or more Azure Regions. Geographies ensure data residency, sovereignty, and compliance requirements are met within specific countries or regions. Examples include Azure Germany, Azure China, and Azure US Government.
Regions:
A region is a geographical area containing one or more data centers, networked together with a low-latency network. Azure has more global regions than any other cloud provider, offering flexibility and scalability for deploying applications closer to users worldwide. Each region is independent, allowing for fault isolation and localized services. Examples include West US 2, East US, West Europe, Southeast Asia, and Central India (Bengaluru).
Availability Zones (AZs):
Within most Azure Regions, there are Availability Zones. These are physically separate data centers within a region, each with independent power, cooling, and networking. They are connected by a high-speed, low-latency network (typically with a latency of less than 2 milliseconds). Availability Zones provide high availability and fault tolerance to applications and data. If one zone experiences a failure, the others remain operational. A region typically has 2-3 Availability Zones.
Data Centers:
These are the physical buildings that house the servers, storage, networking equipment, and power and cooling infrastructure that run Azure services. Microsoft doesn't publicly disclose the exact locations of all its data centers for security reasons, but they are distributed across the Azure Regions and Availability Zones.
Region Pairs:
For business continuity and disaster recovery (BCDR), most Azure Regions are paired with another region within the same geography, typically over 300 miles away. This pairing allows for coordinated updates and replication of resources across regions to minimize downtime during planned outages or in the event of a disaster.
Azure Global Network:
This encompasses the physical and software-defined networking infrastructure that connects the Azure data centers worldwide. It includes a vast network of fiber optic cables, routers, and edge locations (Points of Presence - PoPs) to ensure high bandwidth, low latency, and reliable connectivity between Azure services and end-users. The Azure Edge Network, including services like Azure CDN and Azure Front Door, extends this reach closer to users for improved performance.
Key Characteristics and Benefits:
Global Reach:
Azure's extensive global footprint allows organizations to deploy applications and data closer to their users, reducing latency and improving performance.
High Availability and Resiliency:
Availability Zones and Region Pairs provide multiple layers of redundancy to protect against hardware failures, power outages, and even natural disasters, ensuring business continuity.
Scalability and Flexibility:
The massive infrastructure allows for easy scaling of resources up or down based on demand.
Compliance and Data Residency:
Azure's numerous regions and geographies help organizations meet local data residency and compliance requirements.
Security:
Microsoft invests heavily in the physical and logical security of its data centers.
Sustainability:
Microsoft is committed to sustainability and is continuously innovating to reduce the environmental impact of its data centers.
----------------------------------------------------------------
Regions, Availability Zones, and Data Centers
----------------------------------------------------------------
Cloud regions are geographical locations where cloud providers establish data centers to host their services. These regions are designed to be independent and isolated from each other to ensure fault tolerance and high availability.
Key aspects of cloud regions:
Geographic Location: Regions are situated in specific geographic areas worldwide, such as North America, Europe, Asia Pacific, etc.
Multiple Data Centers: Each region typically comprises multiple data centers, often referred to as Availability Zones (AZs) or simply zones.
Isolation: Regions are designed to be isolated to prevent failures in one region from affecting others. This isolation helps in disaster recovery and ensures business continuity.
Low Latency: Choosing a region closer to the users can reduce latency and improve application performance.
Compliance: Regions help organizations meet data sovereignty and compliance requirements by allowing them to host data within specific geographic boundaries.
Benefits of Cloud Regions:
Improved Performance: Selecting a region closer to the user base minimizes latency, resulting in faster application response times and a better user experience.
High Availability and Disaster Recovery: Distributing resources across multiple regions provides redundancy and enables failover mechanisms in case of regional outages.
Scalability: Regions offer the ability to scale resources globally, allowing businesses to expand their reach and handle increased demand in different geographic locations.
Data Sovereignty and Compliance: Regions enable organizations to comply with local data storage and privacy regulations by choosing regions within specific jurisdictions.
Cost Optimization: Different regions may have varying pricing models, allowing organizations to select cost-effective regions for their specific workloads.
Cloud Region Availability Zones:
Availability Zones (AZs) are distinct data centers within a cloud region. They are designed to be isolated from each other to provide fault tolerance within the same region.
Key characteristics of Availability Zones:
Isolation: AZs are physically separated within a region, with independent power, cooling, and networking infrastructure.
Redundancy: Distributing resources across multiple AZs within a region ensures high availability. If one AZ fails, resources in other AZs can continue to operate.
Low Latency Connectivity: AZs within the same region are interconnected by high-bandwidth, low-latency networks, enabling fast data transfer and synchronization.
Fault Domains: AZs act as fault domains, meaning that failures within one AZ are unlikely to impact other AZs in the same region.
A data center is a dedicated facility that houses computer systems and associated components, such as telecommunications and storage systems. It typically includes redundant or backup power supplies, redundant data communications connections, environmental controls (e.g., air conditioning, fire suppression), and security devices.
In the context of cloud computing, data centers are the physical locations where cloud providers build and operate the infrastructure that powers their services. These facilities are designed to be highly secure, reliable, and scalable to meet the demands of a large number of users and applications.
Key characteristics of cloud data centers:
Massive Scale: Cloud providers operate very large data centers, often containing hundreds of thousands of servers and storage devices.
Redundancy: Everything in a cloud data center is typically redundant, from power and cooling to network connectivity, to ensure high availability.
Security: They implement stringent physical and logical security measures to protect the hosted data and infrastructure.
Efficiency: Cloud data centers are designed for energy efficiency to reduce operational costs and environmental impact.
Connectivity: They have high-bandwidth and low-latency network connections to ensure fast and reliable access to cloud services.
Availability Zones (AZs)
Availability Zones (AZs) are physically separate and isolated data centers within a single cloud region. Each AZ is designed to be independent of other AZs in the same region, with its own power, cooling, and networking infrastructure.
Key characteristics of Availability Zones:
Isolation: AZs are designed to prevent failures in one zone from impacting other zones within the same region. This isolation extends to power grids, cooling systems, and network connectivity.
Redundancy within a Region: By deploying applications and data across multiple AZs within a region, users can achieve high availability and fault tolerance. If one AZ experiences an outage, the application can continue running in other AZs.
Low Latency Connectivity: AZs within the same region are interconnected by high-bandwidth, low-latency networks. This allows for fast and synchronous replication of data between zones, which is crucial for many highly available applications.
Fault Domains: AZs represent distinct fault domains. This means that a common failure affecting one AZ (e.g., a power outage in that specific location) should not impact other AZs.
Relationship between Regions and Availability Zones:
A Region is a geographical area where a cloud provider has a presence and hosts multiple AZs.
Each Availability Zone is one or more discrete data centers within that region.
Regions are designed to be isolated from each other, while AZs within a region are interconnected.
Benefits of using Availability Zones:
High Availability: Distributing resources across multiple AZs protects applications from single points of failure.
Fault Tolerance: If one AZ fails, resources in other AZs remain available.
Disaster Recovery: AZs can be used as part of a disaster recovery strategy within the same geographic region.
Improved Performance: Low-latency connections between AZs enable efficient data replication and synchronization for performance-sensitive applications.
----------------------------------------------------------------
Resource Groups & Resource Manager
----------------------------------------------------------------
Azure Resource Groups
Logical Containers:
Resource Groups are fundamental building blocks in Azure, acting as logical containers for related Azure resources. These resources could be virtual machines, storage accounts, databases, web apps, network interfaces, etc.
Management Unit:
They allow you to manage these related resources as a single entity. This means you can perform actions like deploying, managing, monitoring, and deleting all the resources within a group simultaneously.
Lifecycle Management:
Resources that share a similar lifecycle (e.g., all components of a specific application) are typically grouped together. This simplifies management as you can apply policies, access control, and billing tracking at the group level.
Metadata Storage:
Resource Groups store metadata about the resources within them. The location you specify for the resource group determines where this metadata is stored. Note that the resources within the group can reside in different Azure regions.
No Nesting:
Resource groups cannot be nested within other resource groups.
Global Uniqueness (within a subscription):
Resource group names must be unique within your Azure subscription.
Benefits of using Resource Groups:
Simplified Management:
Perform actions on multiple resources at once, reducing administrative overhead.
Logical Organization:
Group resources based on application, environment (dev, test, prod), department, or any other logical structure that suits your organization.
Cost Management:
Track costs associated with a specific project or application by grouping its resources in a dedicated resource group.
Access Control (RBAC):
Apply Role-Based Access Control (RBAC) at the resource group level to manage who has permissions to the resources within it. This simplifies permission management for related resources.
Deployment and Deletion:
Deploy and delete entire application stacks or environments as a single unit.
Policy Enforcement:
Apply Azure Policies at the resource group level to enforce compliance and configuration standards across all contained resources.
Tagging:
Apply tags to resource groups to categorize and organize resources for billing, monitoring, and automation purposes. Tags applied to a resource group are not automatically inherited by the resources within it.
How to manage Resource Groups:
Azure Portal:
Provides a graphical interface for creating, viewing, managing, and deleting resource groups.
Azure CLI:
Use command-line interface commands (e.g., az group create, az group list, az group delete) to manage resource groups.
Azure PowerShell:
Utilize PowerShell cmdlets (e.g., New-AzResourceGroup, Get-AzResourceGroup, Remove-AzResourceGroup) for programmatic management.
ARM Templates (Azure Resource Manager Templates) & Bicep:
Define the infrastructure, including resource groups and the resources within them, in a declarative JSON (ARM) or more concise (Bicep) format for automated and repeatable deployments.
Azure SDKs:
Use various SDKs (e.g., .NET, Python, Java) to manage resource groups programmatically.
Azure Resource Manager (ARM)
Deployment and Management Service:
Azure Resource Manager (ARM) is the underlying deployment and management service for Azure. It acts as the control plane for all Azure resources.
Unified Interface:
It provides a consistent management layer that enables you to create, update, and delete resources in your Azure account through various tools like the Azure Portal, Azure CLI, Azure PowerShell, and REST APIs. Regardless of the tool you use, all requests go through the ARM API.
Declarative Model:
ARM allows you to define your infrastructure as code using ARM templates or Bicep files. These templates describe the desired state of your infrastructure, and ARM takes care of provisioning and configuring the resources accordingly. This is known as Infrastructure as Code (IaC).
Consistent State Management:
ARM ensures that your resources are deployed in a consistent state. If a deployment of multiple resources fails, ARM can automatically roll back the changes, preventing partially configured environments.
Integration with Azure AD:
ARM integrates with Azure Active Directory (Azure AD) for authentication and authorization, enabling you to manage access control and enforce policies consistently across your Azure resources.
Key Capabilities of Azure Resource Manager:
Template-Driven Deployment:
Deploy complex infrastructures consistently and repeatedly using ARM templates or Bicep files.
Resource Grouping:
Enforces the organization of resources into Resource Groups for logical management.
Role-Based Access Control (RBAC):
Provides granular control over who can perform actions on Azure resources at different scopes (management groups, subscriptions, resource groups, and individual resources).
Tagging:
Allows you to apply metadata (tags) to resources for organization, billing, and management.
Resource Locking:
Enables you to lock resources or resource groups to prevent accidental deletion or modification.
Deployment Sequencing:
Allows you to define the order in which resources are deployed and configure dependencies between them.
Parameterization:
ARM templates and Bicep files support parameters, allowing you to customize deployments for different environments.
Variables:
Define reusable values within your templates for consistency.
Extensibility:
Extension resources can be added to other resources to enhance their capabilities (e.g., VM extensions).
Auditing:
ARM logs all user actions, providing an audit trail for compliance and security purposes.
----------------------------------------------------------------
Understanding Subscriptions & Billing"
----------------------------------------------------------------
I. Azure Subscriptions
A. What is an Azure Subscription?
Logical Container:
An Azure subscription is a fundamental logical unit that provides you with access to Azure services. Think of it as a container that holds your Azure resources (virtual machines, storage accounts, databases, etc.).
Billing Boundary:
It serves as a primary billing boundary. All the resources you deploy within a specific subscription are billed together under that subscription.
Security and Policy Boundary:
Subscriptions also act as a security and policy boundary. You can manage access control (RBAC) and enforce Azure Policies at the subscription level, applying them to all resources within it.
Association with an Azure Account:
An Azure subscription is linked to an Azure account, which is the identity you use to sign in (Microsoft
Account or Work/School account).
e.g. vilasvarghese@outlook.com
Association with an Azure Tenant (Azure AD Tenant / Azure Entra ID Tenant):
Subscriptions are associated with an Azure Active Directory (Azure AD) tenant (now known as Microsoft Entra ID tenant). This tenant represents your organization in Azure and manages identities.
e.g. primary entra id
B. Why are Azure Subscriptions Necessary?
Billing Organization:
Allows you to separate billing for different projects, departments, or environments, making cost tracking and allocation easier.
Access Control Management:
Enables you to manage permissions to groups of related resources efficiently using Azure Role-Based Access Control (RBAC) at the subscription level.
Resource Limits:
Some Azure resources have service limits at the subscription level. Using multiple subscriptions can help you scale beyond these limits if necessary.
Environment Isolation:
Provides a way to logically isolate different environments (e.g., development, testing, production) to prevent accidental interference and enforce different policies.
Policy Enforcement:
Enables you to apply Azure Policies to ensure compliance and enforce organizational standards across a set of resources.
C. Types of Azure Subscriptions:
Azure offers various subscription types catering to different user needs and organizational structures:
Azure Free Account:
Provides a limited amount of free Azure services and credits for a specific introductory period (e.g., first 12 months) and some services that are always free. Ideal for learning and experimentation.
Pay-As-You-Go:
You are billed monthly for only the Azure resources you consume. Offers flexibility and is suitable for variable workloads or those without long-term commitments.
Enterprise Agreement (EA):
A volume licensing agreement for large organizations with significant Azure spending, offering discounts and centralized management. Requires a commitment to a certain level of spending over a multi-year period.
Microsoft Customer Agreement (MCA):
A newer agreement designed to provide a simplified and more flexible purchasing experience for Azure services.
Azure for Students:
Provides Azure credits and access to certain services for students to learn and build in the cloud.
Visual Studio Subscriptions (Dev/Test):
Offers discounted rates on Azure resources specifically used for development and testing purposes. Production workloads are typically not permitted.
Microsoft Partner Network (MPN):
Provides specific benefits and pricing for Microsoft partners.
Azure in Open:
A licensing program for commercial, government, and academic organizations.
Azure Stack:
For organizations running Azure services in their on-premises data centers (hybrid cloud). Billing models vary.
D. Managing Azure Subscriptions:
You can manage your Azure subscriptions through various tools:
Azure Portal:
A web-based graphical user interface for managing all Azure services, including subscriptions.
Azure CLI (Command-Line Interface):
A command-line tool for creating, managing, and interacting with Azure resources, including subscriptions.
Azure PowerShell:
A set of cmdlets (commands) for managing Azure resources using PowerShell scripting.
Azure SDKs (Software Development Kits):
Libraries for various programming languages (e.g., Python, .NET, Java) that allow you to programmatically manage Azure subscriptions and resources.
II. Azure Billing
A. Azure's Pricing Model:
Consumption-Based Pricing:
The primary pricing model for most Azure services. You pay only for the resources you actually use, with no upfront costs or termination fees for most services.
Resource-Specific Pricing:
The pricing details vary significantly depending on the specific Azure service and its configuration (e.g., VM size, storage tier, database throughput).
B. Key Billing Concepts:
Billing Account:
Created when you sign up for Azure. It contains one or more subscriptions and is used to manage invoices and payment methods.
Billing Profile:
Used to manage your invoice and payment methods. Each billing profile generates a monthly invoice.
Invoice Sections:
A way to organize costs within a billing profile's invoice, allowing you to group charges by department, team, or project.
Cost Management + Billing:
A suite of tools in the Azure portal designed to help you track, analyze, and manage your Azure costs.
Azure pricing calculator
choose a region with
good latency
all required services are available
data sovereignty / compliance requirements
Hybrid use benefit and Azure resercations
Azure cost managment monitoring
budgets
alerts and recommendations
Understand service lifecycle
automate environments
autoscaling
azure monitor
identify scale down underutilized resources
Use tags and policies for effective governance
Cost Analysis:
A feature within Cost Management + Billing that provides detailed breakdowns of your Azure spending by service, resource, location, tags, and more.
Budgets:
You can create budgets to monitor your spending against a defined threshold and receive alerts when your spending exceeds the budget.
Cost Alerts:
Configurable notifications that inform you when your Azure spending reaches a predefined level (e.g., 50%, 75%, 100% of your budget).
Tags:
Metadata that you assign to Azure resources. These tags can be used to categorize and organize costs in your billing reports, making cost allocation easier.
Azure Pricing Calculator:
A web-based tool that allows you to estimate the cost of Azure services based on your anticipated usage before you deploy them.
Azure Advisor:
A personalized cloud consultant that provides recommendations to optimize your Azure resources, including cost optimization suggestions.
Azure Reservations:
Allow you to commit to using specific Azure resources (e.g., virtual machines, Azure SQL Database) for a fixed term (typically 1 or 3 years) in exchange for significant discounts compared to pay-as-you-go pricing.
Azure Hybrid Benefit:
Enables you to use your existing on-premises Windows Server and SQL Server licenses with Software Assurance to save on the cost of Azure virtual machines and Azure SQL Database.
C. How Azure Resources are Billed (Examples):
Compute (Virtual Machines):
Typically billed per hour or per second based on the VM size, operating system, and any premium features. You are usually charged even when the VM is stopped but still allocated.
Storage (Blob Storage, Azure Files):
Billed based on the amount of data stored (in GB), the storage tier (hot, cool, archive), and the number of read/write operations (transactions).
Networking (Bandwidth):
Inbound data transfer is usually free, but outbound data transfer is typically billed based on the amount of data transferred out of Azure regions. Specific networking services like VPN Gateways and ExpressRoute have their own pricing models.
Databases (Azure SQL Database, Azure Cosmos DB):
Billed based on factors like the provisioned throughput (e.g., DTUs, vCores, RUs), storage consumed, and the number of transactions.
Other Services:
Each Azure service has its own unique pricing structure. It's crucial to review the pricing page for each service you intend to use.
D. Managing and Monitoring Your Azure Billing:
You can manage and monitor your Azure billing information through the Azure portal under the "Cost Management + Billing" service. Key actions include:
Viewing Invoices:
Access and download your monthly Azure invoices.
Managing Payment Methods:
Update or change the payment methods associated with your billing profile.
Tracking Costs:
Monitor your current spending and identify trends.
Setting Up Budgets and Alerts:
Create budgets and configure alerts to stay informed about your spending.
Analyzing Cost Breakdowns:
Explore detailed cost breakdowns by resource, service, tag, and more.
Exporting Cost Data:
Export your cost data for further analysis or integration with other systems.
Managing Billing Roles:
Assign different levels of access to billing information for other users in your organization.
----------------------------------------------------------------
Lab1:
Setup budget
Cost management
Budget
D:\PraiseTheLord\HSBGInfotech\Azure\104
----------------------------------------------------------------
Azure overview of important services
----------------------------------------------------------------
Microservices
Service Fabric
A distributed systems platform for deploying and managing scalable microservices and containerized applications.
Azure Functions
A serverless compute service to run event-driven code without managing infrastructure.
Logic Apps
A cloud-based service for automating workflows and integrating apps, data, and services.
API Management
A fully managed service to publish, secure, and manage APIs.
AKS
A managed Kubernetes service for deploying, scaling, and managing containerized applications.
Networking Connectivity
VNet
A private network in Azure, providing isolated and secure communication for resources.
Virtual WAN
A global network service connecting on-premises, branch, and Azure resources through a unified management interface.
ExpressRoute
A dedicated private network connection to Azure for higher bandwidth and lower latency.
VPN Gateway
Enables secure cross-premises connectivity between your on-premises network and Azure VNets.
Azure DNS
A scalable and reliable DNS service for managing and resolving domain names.
Peering
Connects Azure Virtual Networks, enabling resources in different VNets to communicate privately.
Bastion
Provides secure RDP/SSH access to VMs directly in the Azure portal over SSL.
Networking Security
NSG
A virtual firewall controlling network traffic to and from Azure resources.
Azure Private Link
Provides private connectivity to Azure services from within your VNet, keeping traffic on the Microsoft backbone.
DDoS Protection
Safeguards Azure applications from distributed denial-of-service attacks.
Azure Firewall
A managed, cloud-based network security service that protects your Azure VNet resources.
WAF
Protects web applications from common web exploits.
Virtual Network Endpoints
Secure access to Azure service resources by limiting network access to specific VNets and subnets.
Networking Delivery
CDN
A distributed network for efficiently delivering content to users with low latency.
Azure Front Door
scalable and secure entry point for global web applications, offering load balancing and security.
Traffic Manager
A DNS-based load balancer distributing traffic to global Azure endpoints.
Application Gateway
A web traffic load balancer at layer 7, providing advanced routing and security features.
Load balancer
Distributes incoming network traffic across multiple backend servers for scalability and availability.
Networking Moniotoring
Network Watcher
Provides tools to monitor, diagnose, and gain insights into your Azure network performance and health.
Express Route Monitor
Specifically monitors the performance and availability of your Azure ExpressRoute connections.
Azure Monitor
A comprehensive monitoring service for collecting, analyzing, and acting on telemetry data from Azure and on-premises environments.
Vnet Terminal access point (TAP)
Allows mirroring of virtual machine network traffic for deep packet inspection and analysis.
----------------------------------------------------------------
"Azure Active Directory (Azure AD)/ Azure Entra ID Basics
----------------------------------------------------------------
https://azure.microsoft.com/en-us/pricing/free-services
https://www.apps4rent.com/microsoft-entra-id-free-vs-p1-vs-p2-vs-governance.html
https://www.microsoft.com/en-in/security/business/microsoft-entra-pricing
1. Account:
Account
entry point to Azure services.
identity you use to sign in and access Azure.
Like root level of your Azure presence.
associated with
username and password
(typically a Microsoft Account or a Work/School account managed by Azure Active Directory).
Can have
one or more subscriptions associated with it.
The Azure account
used for billing and
identifying the owner of the Azure services.
Analogy:
like your bank account.
You have a main account (your Azure Account),
within that,
different sub-accounts or
cards (Azure Subscriptions) for different purposes.
2. Tenant (Microsoft Entra ID tenant):
An Azure Tenant
(specifically, an Azure Active Directory (Azure AD) tenant or
Microsoft Entra ID tenant)
represents an organization in Azure.
Usually represents by a public domain name
e.g. example.com
will be assigned a domain (by default)
if not specified
e.g.
example.onmicrosoft.com
Dedicated and isolated instance of Azure Entra ID (AD) for your account
your organization receives
when it signs up for
Microsoft Azure,
Microsoft 365, or
Dynamics 365.
The tenant
identity and security boundary
for your organization in Azure.
It contains
users,
groups,
applications,
other directory objects
Azure Subscriptions are associated with Entra ID (AD) tenant.
A subscription can only belong to one tenant at a time.
You use your
organizational account (managed within the tenant) to access resources within the subscriptions
that tenant.
More than one account can be owner of a tenant
Analogy:
like your company's building.
The building (Azure Tenant)
houses all the employees (
users),
departments (