A resource is a single service instance in Azure. A resource group is a logical grouping of resources. A ARM (Azure Resource Manager) template is a .json file that allows you to declaratively describe a set of resources.
The region of the resource group does not have to be the same as the region of the resource. Resource managers can be assigned resource manager locks (either Read-Only or Delete).
Resource groups can usually be moved between subscriptions.
IaaS -> Infrastructure as a Service. You look after the OS, libraries PaaS -> Platform as a Service.
Normally charged for egress of data, but not ingress.
Supported operating systems: Windows Server, Windows Client, Ubuntu, Red Hat Enterprise Linux, SUSE Linux
A resource is a primary primitive in Azure. Almost every thing you create in Azure is a particular type of resource.
Resources can be assigned Resource Tags. Resource tags can be used to logically organise resources. They are useful for the monitoring and billing of resources.
Storage account names have to be unique across all Azure storage accounts.
Storage explorer is a desktop application for browsing Azure storage accounts: https://azure.microsoft.com/en-ca/features/storage-explorer/
Blobs are a key/value object store (similar to AWS S3). Control user permissions with blob access policies. Block blobs are about 30x cheaper per GB than file blobs.
Azure Load Balancers
A traditional traffic manager that can balance traffic between VMs (or other Azure end points).
A traffic manager is a smart DNS form of load balancer can can resolve a
CNAME based on performance/geographic requirements.
Azure Active Directory
Azure Active Directory (Azure AD) is a cloud service that offers multi-tenant access and identity control.
Federation: Federation is a collection of domains that have established trust.
No management groups exists by default. Management groups can be used to group together subscriptions. Management groups exist in a tree-like hierarchy.
A subscription is a logical unit of Azure services that is linked to an account. An Azure account is either an identity in Azure AD or a directory within Azure AD.
Role-based Access Control (RBAC)
What can be assigned to a role?
- Service Principals
You can use Azure Policy to create, assign and manage policies. Policies are created from policy definitions. You can also determine the compliance for any policies.
Azure supports both import and export file sync job.
For really large files, you can use the data boxes (physical storage devices that get sent to your location and then shipped back to Azure).
Permissions in Azure tie in heavily with the Azure Active Directory.
Delegated: Used by apps the run with a signed-in user present Application: Used by apps that run without a signed-in user present
It is best practise to use delegated permissions wherever possible. Only use application permissions when the app is non-interactive or the app runs without requiring a user to login.
Legacy Windows-based Authentication
Users can login using Windows credentials with either Kerberos or NTLM.
Application insights can monitor request rates, response times, failure rates e.t.c. Exception stack traces from both the server and browser (client-side application code) are logged.
Application Insights can then provide it’s data via an API or through Visual Studio (for debugging). It can also create visualizations in the Azure dashboard.
Azure Search Service
The Azure Search Service is a managed search service provided by Azure. It allows you to import/connect to the underlying data and then easily create indexes.
- Active Directory
- resource groups
- storage accounts
- load balancers
- file sync